The CFEngine lab has been brewing on 3.6.4 over Christmas and is finally ready to release it to the world! With 3.6.4 being a patch release, it has a focus on stability and reliability of both the server and agent side. This is also the first release where user input has been incorporated in form of casting a vote for what to be improved - so make your voice heard!
Enterprise hub self-protection
A major stability enhancement for report collection in CFEngine Enterprise hubs has been added to 3.6.4. The Enterprise hub collects reports from clients every 5 minutes by default, but in cases where it can not collect a round of reports from a client it will try to get what is missed the next time from that client; after another 5 minutes. This could happen for several reasons, for example that the client is temporarily offline. The amount of data that needs to be collected once the report collection succeeds again is proportional to the amount of time has passed since the last success. However, if the hub as been unsuccessful at collecting reports from a large amount of clients over a longer period of time, this can cause a high load on the hub once it succeeds again; potentially making the hub unstable and unresponsive until the collection is done. CFEngine 3.6.4 addresses this potential stability problem by introducing a maximum threshold on how long history the hub will try to collect from clients that have been offline; through the body hub control attribute client_history_timeout. By default the hub will discard the missed history (known as issuing a “rebase” collection query) from clients if more than 6 hours have passed since last successful collection in order to protect itself. If a client comes back after 6 hours, the load on the hub for discarding these last 6 hours versus collecting them are about the same – thus the 6 hour default. However, you can adjust this threshold if you expect your clients to be offline for longer amounts of time during normal operations. Note that in either case, history that already exists about the client in the hub’s database is not discarded.
Enterprise host report maximum disk usage
The Enterprise clients have also gotten a self-protection mechanism in case the hub does not collect their accumulated reports over time. They will normally store the historic (diff) reports locally until the hub collects them, but with 3.6.4 a threshold on the maximum disk utilization on the client is introduced. If this threshold is hit, the client will merge the recent history so that only the current state is kept. The default maximum size for reports at the client side is 50MB, which should be more than enough for most environments, but it can be adjusted as part of the max_client_history_size variable located in masterfiles/def.cf if you have client agents running frequently while hub collection running very infrequently.
HP-UX reliability improvements
As CFEngine 3.6.3 officially added support for HP-UX, there were a few feature areas that needed some stabilization work to be 100% on par with the rest of the platforms. CFEngine 3.6.4 improves reliability of process promises and adds support for users promises and edit_xml bundles on HP-UX! Network inventory such as interfaces, IP-addresses and Ports listening has also been introduced as agent variables and classes, as well as CFEngine Enterprise reports. We provide a depot package for CFEngine Enterprise 3.6.4 that supports HP-UX 11.23 and later versions on the Itanium architecture. If you are using the Community Edition you can download the source code and compile it for HP-UX.
Mission Portal UI enhancements
The Mission Portal UI has gotten several usability improvements since
3.6.3! While looking at a report, it will now let you to refresh the
browser page (e.g. using F5) while still keeping the filters and columns
you have set. This is useful if you are waiting for some data to come
back from the agents and want to check the latest status. The monitoring
component of CFEngine Enterprise is disabled by default, but 3.6.4 adds
a note about this and a description on how to turn it on, directly in
the Mission Portal!
Finally, the Health indicator has gotten a clearer and more consistent
text describing what is wrong in case some of your agents are not
working as they should.
Other enhancements
The dependencies bundled with the the packages provided by CFEngine have been upgraded to incorporate the latest security and stability enhancements. OpenSSL is bundled with the host package on both Community and Enterprise editions and has been upgraded to version 0.9.8ze. Enterprise hubs now have Apache 2.2.29 and PHP 5.4.36. As for client-side fixes, CFEngine 3.6.4 works better in some Debian-based VMs, with very large lists and with chkconfig in services promises. Networking inventory such as interfaces, IP-addresses and Ports listening has been added on Solaris 9, 10, 11 and HP-UX, both as agent variables and classes as well as the inventory reports of CFEngine Enterprise.
As usual, you can find a more detailed list of changes in the Community Change Log and Enterprise Change Log.
Upgrading?
If you’re upgrading from a previous release, check out the upgrade documentation for guidelines to make the process is as smooth as possible.
Get it while it’s fresh!
The CFEngine Enterprise 3.6.4 packages can be found on the CFEngine Enterprise download page. Alternatively, if you just want to quickly test 3.6.4, you can use the CFEngine 3.6.4 vagrant environment. If you use the Community Edition we provide you with source code, packages, and package repositories - take your pick! Please make sure to leave any feedback in the CFEngine Google Group. We, the CFEngine team, really hope you enjoy 3.6.4 and wish you the best with your automation projects!
