We’re happy to announce maintenance releases for both supported CFEngine release branches today! Being maintenance (aka patch) releases, the goal is to increase stability and reliability for CFEngine users and enable a safe upgrade-path. As such, the releases primarily include bugfixes and low-risk changes that do not impact the compatibility between previous patch releases. Looking at the CFEngine release schedule, we can see that
- 3.7 LTS is maintained (and supported for Enterprise customers) until July 17th 2018
- 3.9 non-LTS is no longer maintained
- 3.10 LTS is maintained (and supported for Enterprise customers) until December 27th 2019
If you are planning to contribute features to the next feature release (thank you!), please note that we would need the pull requests ready for merging by early-April in order to have time to incorporate them into 3.11. If you are planning to contribute fixes to 3.10 LTS please note that we would need the pull requests ready for merging by early-May in order to have time to incorporate them into 3.10.2 LTS.
Changes and improvements
In 3.10.1 LTS detection of Amazon Linux and CoreOS has been added and cf-serverd now automatically adjusts the number of open files based on maxconnections. 3.7.5 LTS received a fix to cf-agent’s connection caching. This should greatly reduce the hub’s load, but all clients should be upgraded to the new version for the full benefit to take effect. cf-serverd has also been fixed so that it re-reads the augments file (def.json) when automatically re-loading policy. In masterfiles the resilience of the default update policy has been improved. Previously an agent would not re-scan for updates if a policy update was not fully completed, but did not result in invalid policy. Hosts would wait until the next policy update before scanning for changes. Now the cf_promises_validated flag is cleared if there is any error while updating inputs. In order to align the systemd and systemv init behavior in the standard_services bundle services are started if they were not already running when policy restart is requested. The apt_get package module now automatically detects the correct python version (so it works out of the box on newer Ubuntu hosts) and is now version aware and now only uses –force-yes for apt-get versions 1.1 and earlier so that all versions of debian or Ubuntu work, from as far back as debian 4 up to recent releases.
Enterprise edition specific changes
- Solaris 10 x86 has been added as a supported platform.
- Custom measurement promises no longer cause errors to be logged from cf-monitord and parallel plan execution is now enabled by default in the postgres config.
Dependency upgrades
The bundled dependencies have been upgraded to bring in the latest security, performance and reliability improvements. Noteably both 3.7.5 LTS and 3.10.1 LTS are bundled with PCRE 8.40 and OpenSSL 1.0.2k. On the Enterprise server, both releases come with PHP 5.6.30, while the Apache web server is at version 2.2.32 in CFEngine 3.7.5 LTS and 2.4.25 in CFEngine 3.10.1 LTS. For more details on the improvements in the releases, please see the relevant ChangeLogs:
- 3.7.5 LTS ChangeLog: core and enterprise
- 3.10.1 LTS ChangeLog: core, masterfiles, and enterprise
Upgrading?
If you’re upgrading an existing CFEngine Enterprise installation, check out the upgrade documentation for guidelines to make the process as smooth as possible. We are happy to assist CFEngine Enterprise customers with upgrading! Please contact CFEngine customer support to receive a fixed-price quote for upgrading your CFEngine infrastructure.
Get it!
CFEngine Enterprise packages can be downloaded here or you can take a quick spin with the CFEngine Enterprise 3.7 Vagrant environment or CFEngine Enterprise 3.10 Vagrant environment. Community Edition is released as source code, packages and Linux package repositories – to make installation as easy as possible! We hope you enjoy the new releases, and we look forward to hearing about your experience in the CFEngine Google Group!
