We’re happy to announce that CFEngine 3.7.0 beta is now ready for testing! The 3.7.0 beta contains a brand new packages promise, enhanced network security, improved Enterprise reporting capabilities and much more!
New packages promise
A new packages promise has been developed; it reuses the same promise
type as the previous packages promise (packages:), but CFEngine will
determine which one to use based on the attributes that are used in the
promise type. The packages: promise type is fully backward-compatible,
so any packages promises that you have from 3.6 or earlier versions
should still work with 3.7. Currently supported platforms for the new
packages promise include those based on yum/rpm (using package_module
=> yum) and apt/deb (using package_module => apt_get), but it can
easily be extended by adding a new package_module. As an example, you
can use the following promise to track the latest package of apache on
Red Hat systems: packages: "httpd" policy => "present", version => "latest", package_module => yum; The development ticket for the new
package promise contains more
details about the promise and how to extend it.
Network security enhancements
In untrusted networks it is now easier to bootstrap securely, by pre-establishing trust with cf-key –trust-key and then run cf-agent –bootstrap <server> –trust-server=no. The default security protocol for outgoing connections in 3.7 is changed to TLS. Note that this has the implication that 3.7 agents cannot bootstrap to servers with version 3.5 or earlier (3.6 supports both TLS and the legacy security protocol). Which security protocol that is allowed can be controlled on the server side with allowlegacyconnects in body server control. On the client side you may use the protocol_version attribute found in body common control and body copy_from. To control which TLS version and ciphers used, new attributes have been added. On the client side, body common control has the attributes tls_min_version and tls_ciphers. The siblings for the server side are found in body server control; allowtlsversion and allowciphers.
Enterprise reporting improvements
The Enterprise edition has new features for creating and managing
multiple dashboards and sharing them with your colleagues.
You will also see the new Changes reporting feature; both the widget and
reporting interface for displaying which changes CFEngine has made to
the infrastructure.
Other changes
Dependencies have been upgraded in the pre-compiled agent and hub packages; most notably OpenSSL 1.0.2c, PHP 5.6.9, LMDB 0.9.14, PCRE 8.37, PostgreSQL 9.3.7, Redis 2.8.20 and Codeigniter 2.2.2. Please see the Community Edition Changelog for a more detailed list of new features and changes.
How to provide feedback
The main goal of releasing the beta is to make sure that 3.7.0 works to your expectations in your environment. So if you get the chance to test out some of the features or perhaps the compatibility with your existing policy, please let us know how it went! Enterprise customers can submit support tickets with a subject that includes 3.7 beta. The most effective way to provide feedback for community edition users is through the 3.7.0 community beta survey, as it also contains hints on what to test and how to test the beta. If you submit issues relating to the beta in the issue tracker, please make sure to set the “Found in version” field to “3.7.0 beta”. For general questions and discussions, you can also use the CFEngine Google Group.
Get it!
You can download the CFEngine community 3.7.0 beta packages and source code. If you are an Enterprise customer, you should have received an invitation to participate in the beta program some time ago. If you would like to participate in the beta program access now, please open a support request. The Enterprise beta packages can be downloaded here. Please note that this is a beta release, so we do not recommend installing it in a production environment. We hope you enjoy the new features, and we look forward to hearing about your experience!
Known issues
The following notable issues have been found during testing of the beta; so please note that there is no need to resubmit them if you come across them.
- On Ubuntu 10 and Debian 7 Enterprise hubs, libltdl7 needs to be installed prior to installing the hub package.
- AIX does not support alphabetic versions, so 3.7.0 Enterprise beta has version “3.7.99X” (where X is beta build number) on AIX. Final AIX release will have version “3.7.0” like all other platforms.
- Upgrading to Enterprise 3.7 beta will result in old alert widgets being made ‘dashboardless’ until migration is fixed - as a result they won’t be available through Mission Portal.
- New package promise must be enabled explicitly, both for inventory and promises (uncomment in promises.cf and packages.cf).
- New package promise needs improved diagnostics logging on errors.
