This year we decided to provide security focused modules and content for the holiday season. These are parts of the security configuration we implement on our own infrastructure, based on OpenSCAP and other sources. By putting these into easy to use modules and writing about it, we hope to give our community of users something valuable: Educational and easy to understand security tips, along with configuration which can quickly be automated across your entire infrastructure, using CFEngine. Today, at the seventh day of the calendar, we will share a summary of the first week.
We are pleased to announce two new patch releases for CFEngine, version 3.15.5 and 3.18.1! These releases mainly contain bug fixes and dependency updates.
What’s new In addition to bug fixes, some smaller features and improvements were added to 3.18.1. These additions are focused on the Mission Portal UI and API, and were added due to user feedback.
Enterprise APIs The new API endpoint - /api/hosts/deleted can be used to list previously deleted hosts.
Earlier this year, we hinted at what we were working on - a place for users to find and share reusable modules for CFEngine. Today, the CFEngine team is pleased to announce the launch of CFEngine Build:
The new website, build.cfengine.com, allows you to browse for modules, and gives you information about how to use each one of them. When you’ve found the module you were looking for, it can be downloaded and built using the command line tooling.
Using modules, you can add custom promise types to CFEngine, to manage new resources. In this blog post, I’d like to introduce some of the first official modules, namely git and systemd promise types. They were both written by Fabio Tranchitella, who normally works on our other product, Mender.io. He decided to learn some CFEngine and within a couple of weeks he’s contributed 3 modules, showing just how easy it is to implement new promise types. Thanks, Fabio!
Today, we are pleased to announce the release of CFEngine 3.18.0! The focus of this new version has been extensibility. It also marks an important event, the beginning of the 3.18 LTS series, which will be supported for 3 years.
Several new features have been added since the release of CFEngine 3.15 LTS, in the form of non-LTS releases. In this blog post we’ll primarily focus on what is new in 3.18, but we will also highlight some things released in 3.16 and 3.17.
We are pleased to announce two new patch releases for CFEngine, version 3.12.7 and 3.15.4! These releases mainly contain bug fixes and dependency updates.
Changelogs As always, you can see a full list of changes and improvements in our changelogs:
3.12.7 Changelog for CFEngine Community 3.12.7 Changelog for CFEngine Enterprise 3.12.7 Changelog for Masterfiles Policy Framework 3.15.4 Changelog for CFEngine Community 3.15.4 Changelog for CFEngine Enterprise 3.15.4 Changelog for Masterfiles Policy Framework Please note that the Enterprise changelogs contain only changes specific to enterprise. To get a full overview of all changes in a version, read all 3 changelogs.
As we’ve hinted at before, 2021 will be a big year for CFEngine. In the summer, we will release CFEngine 3.18 LTS. This is the first LTS release with Compliance Reports, Custom Promise types, and all of the other improvements we’ve made over the past year.
Collaboration In addition to implementing valuable functionality for our users, we are focusing on better ways of interacting with them, and more opportunities for contribution, collaboration and sharing. The beginning of this was the introduction of GitHub Discussions - a platform where users can ask questions, submit ideas, or show off their CFEngine-related creations. One month later, in March, we launched our new website. The new website should make it easier for users to find what they’re looking for, and also has some sections with great content, such as videos, case studies, and white papers. Now, we are excited to share our plans for the rest of the year.
If you are debugging issues with a host, it is quite common to want to make changes to CFEngine policy, and speed up the process of fetching, evaluating and reporting for that host. You can do this by running cf-runagent and cf-hub from the command line, now we’ve brought this functionality into Mission Portal:
You can see the feature in action, here:
Generally speaking, CFEngine and Ansible can be used to solve the same problems, but their approaches are different. In this blog post I’d like to discuss the different approaches, their consequences, some advantages of each tool, and even using them together.
CFEngines autonomous agents CFEngine works by installing and running an agent on every host of your infrastructure. It is distributed, each CFEngine agent will evaluate its policy periodically and independently. They rely on a centralized hub for refreshing policy and reporting. Updating the policy, enforcing it, and reporting on the results are decoupled - each of these 3 steps can happen with different configurations / schedules.
cf-remote is a tool for downloading and installing/deploying CFEngine. It automates a lot of the things you have to do before CFEngine is actually installed on your infrastructure, such as provisioning cloud instances, downloading CFEngine installers, copying them to remote hosts and installing / bootstrapping. To make it as easy as possible to get started with cf-remote and CFEngine, it is now available on pypi.
Getting started Installing cf-remote is as easy as:
