We’re happy to announce that CFEngine 3.7.2 is released! With 3.7 being a stable LTS branch, 3.7.2 brings numerous stability enhancements and bugfixes to the CFEngine customers and community. The main focus area for 3.7.2 is to improve fault-tolerance and performance of policy distribution in unreliable networks.
Enhanced reliability of policy distribution
The ability to distribute policy from the Policy Server to clients is a critical function of CFEngine, which also must work well in unreliable networks. CFEngine already has protection against corruption of the main policy (promises.cf) with the separate update policy (update.cf). In turn, if the update policy fails validation, failsafe.cf is run. In 3.7.2 failsafe.cf is also re-generated if it does not exist (but not overwritten since users may have a custom failsafe.cf in some cases) – basically simulating a fresh bootstrap. So this means that CFEngine will now be able to recover from corruption of any policy and wipe of the entire inputs directory! In addition, we have been chasing an intermittent issue that in some extremely rare cases results in a directory be turned into a file for some time, and we now have evidence that this is completely fixed in 3.7.2! Performance of policy distribution with cf-serverd at scale (4000+ clients) has been significantly improved by reducing lock contention of malloc() as well as lock contention of getpwnam(). Finally, for CFEngine Enterprise installations using call collect (client-initiated reporting), the default collect_window has been increased from 10 to 30 seconds. This ensures call-collect works reliably in scaled environments (thousands of clients) with default configuration. In sum these changes will lead to much more reliable policy distribution – and hopefully provide users with some additional peace of mind!
Other improvements
File management features have gotten numerous enhancements. File-editing now allows editing the same value in multiple regions. The log level of several important messages has been changed to error, including readfile() on files not found as well as errors saving mustache templates. Also, unnecessary errors messages when using file_select.file_types => “symlink” have been removed. CFEngine Enterprise 3.7.2 has gotten several reporting-related fixes. Emailing of CSV-only reports has been fixed and the CSV-only reports are now saved in the same directory as the PDF reports (/var/cfengine/httpd/htdocs/tmp). Exporting CSV reports over https did not work in 3.7.0 and 3.7.1, but this has also been fixed. Finally, CFEngine Enterprise no longer produces an error message if software inventory is not available on a platform, which commonly occurs on Solaris and AIX. CFEngine packages have been made more robust. To ensure reliable operation, CFEngine packages include all library dependencies. In cases where there are system libraries installed as well, 3.7.2 have improvements to make sure that only the bundled libraries are loaded by CFEngine - not the system libraries. Solaris installations now use significantly less space because library symlinks are used instead of copies and a (harmless) installation error message has been fixed on AIX. Library dependencies have been upgraded in the agent and hub packages in order to improve security and reliability. On the Policy Server side CFEngine Enterprise 3.7.2 comes with Apache 2.2.29, PHP 5.6.14, PostgreSQL 9.3.9 and Redis 2.8.23, while community and agents have OpenSSL 1.0.2d and LMDB 0.9.14 as key library versions.
As usual, you can find a more detailed list of changes in the Community Change Log and Enterprise Change Log.
Upgrading?
If you’re upgrading an existing CFEngine Enterprise installation, check out the upgrade documentation for guidelines to make the process as smooth as possible.
Get it!
As always, you can download CFEngine Enterprise 3.7.2 packages for the supported platforms, or give it a quick spin with the CFEngine 3.7.2 vagrant environment. If you are using the Community Edition, we provide you with source code, packages, and package repositories - to make sure we cover the distribution channel of your choice! We hope you enjoy 3.7.2, and we look forward to hearing about your experience in the CFEngine Google Group!
