CFEngine 3.10.0 LTS beta ready for testing!

November 8, 2016

We’re happy to announce that CFEngine 3.10.0 LTS beta is now ready for testing! The established CFEngine release schedule shows that the 3.10.0 final version is due in December 2016, so it is time to test and fix any remaining issues! Being an LTS release, 3.10 will be supported until December 2019.

New variable expansion engine

A high-demand improvement included in the 3.10 beta relates to speeding up variable expansion over large data structures. This means that working with large JSON-files or nested “classic” arrays is now much more efficient. We can let the numbers speak for themselves. In this simple test, we are using a JSON file with about 2 KB of size (locations.json

  • placed in /tmp), together with a policy that deeply iterates over it in order to define classes based on subnets (ipranges.cf). To test the performance we wrap cf-agent in time: /usr/bin/time -f "Elapsed (sec) %e\nMaxRSS (KB) %M" cf-agent -K ipranges.cf The run with CFEngine 3.7.4 yields the following: R: CFEngine Version 3.7.4 Elapsed (sec) 59.34 MaxRSS (KB) 32960 While CFEngine 3.10.0 beta gives: R: CFEngine Version 3.10.0b1 Elapsed (sec) 0.08 MaxRSS (KB) 32224 The difference is almost hard to believe; in this case CFEngine 3.10 is 750 times faster than 3.7, while the consumed memory is about the same. What is more, the performance improvement in 3.10 will be even larger as the size of the data grows! Please note that in order to make this vast improvement possible, it was necessary to replace the variable expansion engine in CFEngine. We have been very careful to ensure that policy is backward-compatible in 3.10, including running our some 1500 policy-based acceptance tests (which all pass). However, only you can test with your policy, so please make sure that your policy still works to expectations in 3.10 beta, emphasising on areas where you might depend on the ordering or nested expansion. One notable change in order of operations is that an additional pass resolving classes was added in pre-evaluation. Now pre-evaluation does vars, classes, vars; previously it was only classes, vars.

Expanded Ubuntu and Solaris support

We are happy to announce that 3.10 will have official support for the latest LTS releases from Canonical: Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. This includes both host and Enterprise hub support on these platforms! If you are interested in using CFEngine on Ubuntu, now is a great time to make sure it works according to your expectations! In addition, CFEngine Enterprise customers can expect official support for Solaris 10 x86 in 3.10. There is no beta package for Solaris 10 x86, but we will make a package available as soon as it has passed internal testing. You can find the list of currently supported platforms here.

systemd unit improvements

The systemd support has received a major overhaul in CFEngine 3.10. All CFEngine services, like cf-serverd, cf-hub, cf-execd, now have their own independent systemd unit. This means that systemd will manage them independently, including monitor and restart them immediately if they stop for any reason. Please note currently systemctl stop cfengine3 will stop all other CFEngine services. It returns immediately and systemd takes care of bringing down the other services.

Boostrap to hostname and alternative port

3.10 also introduces the experimental ability to bootstrap to a hostname and specify the port used by cf-agent to fetch policy (e.g. cf-agent --bootstrap myhub.cfengine.com:5309). This information is written to $(sys.workdir)/policy_server.dat. sys.policy_hub will contain the hostname and the new variable sys.policy_hub_port will contain the port to use. Be-ware the Masterfiles Policy Framework does not account for the new bootstrap semantics out of the box. You must ensure that your ACL is configured appropriately as the default acl will not work with hostnames and the port used for bootstrap is not currently used to configure cf-serverd.

Other improvements

These were some of the highlights in 3.10 that should be tested to ensure the final production release meets your expectations. However, as always, there are a vast number of improvements in this new CFEngine release. Thank you to the community contributors who keep making CFEngine better for everyone! For a full list of the improvements in 3.10.0 beta, please see the Community ChangeLog and Enterprise ChangeLog.

Provide feedback

The main goal of releasing the beta is to make sure that 3.10.0 works to your expectations in your environment. So if you get the chance to test out some of the features or perhaps the compatibility with your existing policy, please let us know how it went! The best way to provide feedback is to submit issues relating to the beta in the issue tracker. Please make sure to set the “Affects Version/s” field to “3.10.0 beta”. For general questions and discussions, you can also use the CFEngine Google Group or the #cfengine and #cfengine-dev chat rooms on libera.chat.

Get it!

You can download the CFEngine community 3.10.0 beta packages and source code. If you are an Enterprise customer, the Enterprise beta packages can be downloaded here. Please note that this is a beta release, so we do not recommend installing it in a production environment. We hope you enjoy the new features, and we look forward to hearing about your experience!

Known issues

The following issues have been found during testing and not fixed in the beta release as they are not considered impeding to testing the beta. They will all be resolved in the final production release of 3.10.0.

  • CFE-2466 Can’t insert_lines if referencing a variable that contains an empty string
  • ENT-2841 “systemctl stop cfengine” doesn’t stop all services immediately
  • ENT-2846 Upgrading CFEngine Enterprise from 3.7.4 to 3.10.0beta does not allow logging into Mission Portal
  • ENT-2845 CFEngine 3.10.0beta on Ubuntu 12 is attempting to use systemd when it should not.
  • CFE-2495 cf-serverd ACLs should work with hostname or hostname/xx entries
  • AIX does not support alphabetic versions, so 3.10.0 Enterprise beta has version “3.10.99X” (where X is beta build number) on AIX. Final AIX release will have version “3.10.0” like all other platforms.