We’re happy to announce maintenance releases for both supported CFEngine release branches today! Being maintenance (aka patch) releases, the goal is to increase stability and reliability for CFEngine users and enable a safe upgrade-path. As such, the releases primarily include bugfixes and low-risk changes that do not impact the compatibility between previous patch releases. Looking at the CFEngine release schedule, we can see that
- 3.6 and 3.8 are no longer maintained. If you are still on any of these versions, please consider upgrading.
- 3.7 LTS is maintained (and supported for Enterprise customers) until July 17th 2018
- 3.9 non-LTS is maintained until December 2016
For CFEngine Enterprise customers, the only supported release today is 3.7. The next supported release will be 3.10 LTS due end of 2016, which will be supported through the end of 2019. If you are planning to contribute improvements to 3.10 (thank you!), please note that we would need the pull requests ready for merging by mid-September in order to have time to incorporate them into 3.10.
Changes and improvements
The systemd units and System V init scripts to manage CFEngine’s daemons have received several enhancements. The systemd units now require network before starting CFEngine (because cf-serverd and cf-agent might use the network), have received more appropriate file permissions and are managed through CFEngine policy if systemd units should fail. The System V scripts will now exit with a failure and output an error if you try to “start” CFEngine when there is no promises.cf present. There is also ongoing work to make the systemd units more modular for CFEngine 3.10. The memory management of core components has been improved in several areas, fixing some memory leaks and ensuring two-dimensional “classic arrays” used by building bracketed strings and getindices() are properly expanded in 3.9.1. Package management on SUSE Linux has also gotten some enhancements, reducing the network traffic and making CFEngine upgrades more reliable.
Enterprise edition specific changes
The Enterprise edition has gotten a new out-of-the-box inventory attribute System product name. Its value corresponds to the output from dmidecode -s system-product-name, and it is a good complement to the existing System manufacturer inventory attribute. Also note that CFEngine Enterprise allows you to report any custom inventory from your policy. Several security hardening changes for the CFEngine Enterprise server has been implemented, such as disabling exposure of the running php version and using more restrictive permissions for backend services. Finally, the hub package dependency on libltdl has been removed; so you will no longer need to have that package installed on your CFEngine Enterprise servers.
Dependency upgrades
The bundled dependencies have been upgraded to bring in the latest security, performance and reliability improvements. Both 3.7.4 and 3.9.1 are bundled with PCRE 8.39 and OpenSSL 1.0.2h. On the Enterprise server, both releases come with PHP 5.6.24, while the Apache web server is at version 2.2.31 in CFEngine 3.7.4 and 2.4.23 in CFEngine 3.9.1. For more details on the improvements in the releases, please see the relevant ChangeLogs:
- 3.7.4 ChangeLog: core and enterprise
- 3.9.1 ChangeLog: core and enterprise
Test the new and faster variable iteration engine
An issue that have brought a lot of attention is the slow iteration through large variable sets. This is by no means a new issue, it has probably existed for around 10 years, but the introduction of enhanced external data support with functions like readjson() and readyaml() as well as enhanced data manipulation features makes this issue surface more frequently. We have recently produced a new experimental build that passes all acceptance tests, and packages are available for testing. Please help ensure that this improvement can be merged by testing your policy with these packages and let us know if everything works as expected or not by leaving an issue comment. Backward compatibility is very important, so we can not move forward without sufficient testing in real environments. Thank you for your assistance in improving CFEngine!
Upgrading?
If you’re upgrading an existing CFEngine Enterprise installation, check out the upgrade documentation for guidelines to make the process as smooth as possible. We are happy to assist CFEngine Enterprise customers with upgrading! Please contact CFEngine customer support to receive a fixed-price quote for upgrading your CFEngine infrastructure.
Get it!
CFEngine Enterprise packages can be downloaded here or you can give 3.7.4 a quick spin with the CFEngine Enterprise Vagrant environment. Community Edition is released as source code, packages and Linux package repositories – to make installation as easy as possible! We hope you enjoy the new releases, and we look forward to hearing about your experience in the CFEngine Google Group!
