CFEngine 3.12.0 LTS Released

June 28, 2018

Today we are happy to announce the general availability of CFEngine 3.12.0 LTS! This release has a lot of new features, and we are very excited about all the new possibilities you get with CFEngine 3.12.0 LTS. If you are using the previous LTS, 3.10 you will also benefit from all the new features, improvements and testing of the 3.11 release, which you can read more about in the CFEngine 3.11 release post.

New Features in Core

We have introduced a wide set of new features in CFEngine 3.12, making it an up to date and modern version.

Supported platforms

Based on the results from a wide platform survey, download statistics of CFEngine, and the feedback during the beta period of this release, we have ended up with a slight modification of our supported platforms compared to the previous LTS release of CFEngine. We want to support as many platforms as possible, and try to keep all changes and new features compatible with all both supported and unsupported platforms. Maintaining support involves both a long-term commitment as well as investments in hardware, software and time. For 3.12 LTS series have dropped the support for the following platforms.

  • Solaris 9
  • AIX 5.3

In addition, we have added support for Ubuntu 18.04 in CFEngine 3.12 LTS series. If you have any questions or comments about this, please reach out to us. If you still need support for an older version of CFEngine or an unsupported platform, please look at our Extended Lifetime Support pages, and get in touch with us for more information.

Improved structure of augments files.

In CFEngine we are working hard to make policy execution more robust, and make it simpler to upgrade from one version of CFEngine to the next. To this end, we have now expanded the use of augments files, that allow you to define policy sets so that you can make fewer changes directly to the masterfiles. This is an important step in improving how policy is implemented, and it is now easier than ever to maintain a large policy set in a simple and robust way. The support for multiple augments files is a much more robust way to organize your policy, and can make it a lot simpler to keep your policy in place, when upgrading from one version of CFEngine to another. You can learn all about it in our documentation.

Improved classification for new Linux distributions

Most new Linux distributions have standardized encoding release information in /etc/os-release per the freedesktop.org standard. As of 3.12 CFEngine uses this information for operating system classification.

Improved support for inline templates

In CFEngine we have implemented support for rendering inline Mustache templates. This is an important feature for the many CFEngine users that heavily rely on small templates. A quick example of this is shown here:

bundle agent main
{
  vars:
    "d" data => '{ "hello": "world", "feature": [ "render", "inline", "mustache" ] }';

  files:

    "/tmp/example.txt"
      create => "true",
      template_method => "inline_mustache",
      edit_template_string => "{{%-top-}}
",
      template_data => @(d);

}

Results in /tmp/example.txt having this content.

{
  "feature": [
    "render",
    "inline",
    "mustache"
  ],
  "hello": "world"
}

We hope this can improve your workflow and your policy.

New Enterprise Features

Mission Portal makes using CFEngine easier and makes understanding the state of your system a lot easier. And with the CFEngine 3.12.0 LTS release, we bring a wide set of large and small improvements to Mission Portal to make it even more powerful and easier to use.

Improved Mission Portal UI responsiveness at large scale

With this release we have focused a lot on usability, and user experience. In a response to the request of several customers with large-scale environments, Mission Portal and APIs now support up to 50,000 hosts in a single hub, and the most common queries will respond within 10 seconds at this scale! Note that these improvements are intended to be used with a dedicated “query hub” where the data sets from multiple hubs have been coalesced.

New Inventory API

In CFEngine 3.12 we have introduced a new Inventory REST API to augment the powerful Mission Portal Inventory reporting feature. This Mission Portal feature allows users to sort hosts on Operating System, or other attributes. You can now also use this powerful REST API to do the same.

New LDAP settings API

As most of the CFEngine users are using LDAP for authentication we have made this easier and more powerful to use. CFEngine Enterprise 3.12.0 LTS introduces a new LDAP settings implementation with accompanying API supporting new highly requested features, including custom LDAP ports and default roles. By using a default role you can create a role that new users of Mission Portal (and APIs) will get, both if they are created in the local database or come from the LDAP integration. This enables you to decide which hosts all new users will see upfront before they log in to their account for the first time.

New email settings

In mission portal, you can easily set up email notifications on report conditions, or warnings. In 3.12 we have improved the email settings, and you can now choose how you send emails from Mission Portal. CFEngine Enterprise 3.12.0 LTS beta brings new email settings that can easily be configured in Mission Portal. Authenticated SMTP support is added, and exported reports (CSV/PDF) can now be attached to outbound emails. There is also a configurable maximum attachment size to give you control over the attachments that are sent. The default max size is set to10MB.

New Host count dashboard widget

We are making it simpler to manage your dashboard in Mission Portal, and have introduced many new features. One of them is a new Host count widget. This widget allows you to quickly see the volume of managed hosts over time.

Better Health Diagnostics in Mission Portal

In 3.12 we have put a lot of effort into making it easier to understand the overall health of your entire system. When there are reports with an unclear origin, this has caused some confusion in the past. To solve this we have had a Health indicator, however in 3.12.0 LTS we have now extended this, and clarified its usage and meaning. The current report categories that are available are

  • Hosts Never collected from
  • Hosts not recently collected from
  • Hosts likely using the same identity, and
  • Agents not recently run.

Two of these have been renamed since their usage in the Health Indicator.

  • “Hosts not reporting” has been renamed to “Hosts not recently collected from” and
  • “Agents not running” has been renamed to “Agents not recently run”

The categories are in priority order and non-overlapping, so any host can maximum be in one of these categories. For each category, there is a report of hosts in it, together with diagnostics information about what exactly it means and probable root causes with remediation recommendations. This should make reporting more reliable, and issues that arise should be simpler to fix.

Improved Reporting Pipeline

The reporting feature in CFEngine is one of the components that adds the most value for end users. Therefore it is also one of the components we care deeply about. We have removed the Redis database dependency we used to cache reports before committing them to the database, and simplified our architecture to use PostgreSQL only, instead of the two-stage approach we used to have. This will improve the stability of the reporting pipeline, decrease the overall complexity of the software, and decrease the load on the Hub.

Other bug fixes

Based on customer and community feedback, and with a lot of help from the community we have fixed a lot of small and large issues in the CFEngine codebase, making it a better, more productive tool for all our users. We appreciate the effort of those that contribute, and want to extend a big thank you to everyone who reported, contributed or even fixed bugs in CFEngine to help us make 3.12.0 LTS the best version of CFEngine so far. You can read through the whole list of issues fixed in this version of CFEngine in the Change Logs.

Dependencies

As can be seen from the lists below, we have spent a lot of time on updating the dependencies in CFEngine 3.12.0 LTS. The largest changes since 3.10 LTS are that we have moved from PHP 5 to PHP 7, OpenSSL 1.0 to OpenSSL 1.1, as mentioned above we have removed Redis and have moved from Postgres 9 to Postgres 10. This makes CFEngine a better, more stable product, and we have updated to newer versions of packages with a significant number of CVE’s fixed.

Core Agent Dependencies

Package CFEngine 3.12.x
cyrus-sasl 2.1.26
lcov 1.13
libacl 2.2.52
libattr 2.4.47
libcurl 7.59.0
libgnurx 2.5.1
libiconv 1.15
libxml2 2.9.8
libyaml 0.1.7
libvirt removed in 3.11
LMDB 0.9.22
OpenSSL 1.1.0h
OpenLDAP 2.4.46
PCRE 8.42
pthreads-w32 2.9.1
zlib 1.2.11
PostgreSQL removed in 3.11

Enterprise Hub Dependencies

Package CFEngine 3.12.x
Apache 2.4.33
APR 1.6.3
apr-util 1.6.1
Git 2.17.1
libmcrypt removed
OpenLDAP 2.4.46
PHP 7.2.6
PostgreSQL 10.4
Redis removed
rsync 3.1.3

Get it!

CFEngine Enterprise packages can be downloaded here or you can take a quick spin with the CFEngine Enterprise 3.12 Vagrant environment. Community Edition is released as source code, packages, and Linux package repositories – to make installation as easy as possible! We hope you enjoy the new releases, and we look forward to hearing about your experience in the CFEngine Google Group!