We are now happy to release two new LTS versions of CFEngine, 3.10.7 LTS, and 3.12.3 LTS.
CFEngine 3.10.7 - end of life
This will be the last release of the CFEngine 3.10 LTS series. Standard Support of CFEngine 3.10 LTS ends end of this year. If you would like extended support, please contact us. From the CFEngine release schedule, we see that CFEngine 3.10 LTS is maintained and supported until December 28th, 2019. That is the end of this year, so you should start planning on upgrading to CFEngine 3.12 LTS, or the soon to be released CFEngine 3.15.0 LTS that is scheduled to be released in the next few weeks. 3.10.7 LTS is the last maintenance release (patch release) of the CFEngine 3.10 LTS series. The goal of this release is to make sure that the stability and reliability for CFEngine users that cannot immediately upgrade to 3.12, and enable a safe upgrade path. As such, this release includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases.
CFEngine 3.12.3 LTS
This update comes with many important stability and performance improvements and is thus well worth the upgrade from an older version of 3.12 LTS. CFEngine 3.12 LTS brings a lot of innovation, new features and improved performance to CFEngine, and allows you to make the most efficient use of your time. We are looking forward to your feedback on this release. From the CFEngine release schedule, we can see that CFEngine 3.12 LTS is maintained and supported until June 2021 The goal of 3.12.3 LTS is to increase the stability and reliability of CFEngine for users and enable a safe upgrade path. As such, this release primarily includes bug fixes and low-risk changes that do not impact the compatibility with earlier patch releases. Do you want to start contributing to CFEngine, but are unsure how? Please check out our contributing guide in addition to the following suggestions.
- Send documentation updates as pull requests to cfengine/documentation.
- Search for issues labeled easy or help_wanted that are OPEN or TODO that are good candidates for new contributors to cfengine/core or cfengine/masterfiles.
- Fix issues pointed out by code analysis: https://lgtm.com/projects/g/cfengine/core/alerts/ (We recently added some custom rules, so there are many alerts to fix)
Improvements to CFEngine 3.10.7
In 3.10.7 we have made a series of small improvements. This will be the last update to the 3.10 LTS series, so if you depend on further improvements, please consider upgrading.
Core
We have fixed a bug in ps parsing on OpenBSD / NetBSD causing
bootstrap to fail. A crash that was caused by Zero-bytes in class guards
is no longer causing crashes. Fixed promise results when using
process_stop in processes type promises. The package modules now hit
the network when the package cache is first initialized. The @
character is now allowed in the key of classic arrays defined by the
module protocol. Added derived-from-file tag on hard classes based on
the content of /etc/redhat-release.
Enterprise
Version specific distro classes are now collected by default in
Enterprise (ENT-4752) We have set create permissions for cf-monitord
files in state directory to 0600. This now matches the permissions
enforced by policy. The affected files are:
state/cf_incoming.*state/cf_outgoing.*state/cf_usersstate/env_data
Key rotation now waits for PostgreSQL to be available when starting or restarting the service.
Masterfiles
We have added the ability to avoid limiting robot agents, added and
transitioned to using themaster_software_updates shortcut, added
continual checking for policy_server state and added documentation on
how to enable systemd unit management and disable agents on all hosts
Also, a new package_module for snap packages has been added. We have
made a change to always set files_single_copy from augments if it is
available, and fixed cleanup of future timestamps from the status table.
There are also many other fixes and improvements. You can see the full
changelogs for
Core,
Masterfiles,
and
Enterprise
here.
Changes in CFEngine 3.12.3
There are many improvements to CFEngine 3.12 in addition to the fixes made for 3.10. In addition to that, there are many other fixes details below. You can also see the documentation for the latest release of 3.12 LTS that includes changelogs for Core, Enterprise, and the MPF (Masterfiles Policy Framework).
Platform Support
We have implemented a change in how we build CFEngine packages from 3.12.3. We now build on all the platforms we support, as opposed to a single older platform. This means that there are now more packages to download, and while all the packages should work on the platform they are built on and newer, we now only test packages on the platform they are intended to work on. To clarify this new policy as much as possible. While we officially support these platforms (and more):
- RHEL/CentOS 5,6,7
- Debian 7,8,9
- Ubuntu 14,16,18
To support these platforms we used to build only on:
- RHEL/CentOS 4 and 6
- Debian 4 and 7
Now we’re building on:
- RHEL/CentOS 5, 6, 7
- Debian 7, 8, 9
- Ubuntu 14, 16, 18
Containers
We have also improved the support for running CFEngine in a containerized environment. While we have for a long time supported running CFEngine in a CoreOS environment, we now provide a much better way of doing this. We have simplified the packaging and management of CFEngine for container hosts by packaging CFEngine as a file system image, you can easily install, and uninstall to upgrade. You can download that image from our downloads page.
Core
Abortclasses cause the agent to terminate when a matching class is
defined. However, in the past it was terminating too fast, not saving
the last recorded values properly. Agent runs that hit abortclasses now
record the results. We have add a newline to API error responses, and
changed response codes in the User API from 204 No Content to 202 Accepted in case of update or delete requests.
In this version of CFEngine, with the help of community member
Joseph Holsten, we have added a snapcraft package
module.
Thank you very much for your contribution!
Enterprise
To make managing the utilization of licenses a bit easier, the Hub now properly logs an error if license counts are exceeded. Several issues around this have been fixed and improved. We have made many improvements to the reporting capabilities. We have fixed a SQL schema error during the upgrade, improved logging of reporting patch failures, and turned on verbose logging to see more in-depth information when patch failure errors show up.
Improved database consistency
We have done a lot of work in CFEngine 3.12.3 to make LMDB behave
better. We have added several capabilities that make it more
self-healing. Corrupt databases will now automatically be backed up,
deleted, and if the backup contains usable information, CFEngine will
copy that back, to ensure that as much information is kept as possible.
We have also changed some time dependant values that caused some
databases to change state a lot, to no longer trigger a change. All in
all, these changes will make CFEngine 3.13.3 more stable. We have also
improved the tool,cf-check that does these operations. This tool has
gotten a number of improvements in this version of CFEngine.
- directories can now be controlled from ENV vars
- Added the
--no-forkto diagnose command - Added the
-Mmanpage option and other common options - The
dumpcommand now dumps DB contents to JSON5, and print structs as JSON objects - The
helpcommand can now take a topic as an argument --dumpoption was added to thebackupcommand- The
repaircommand now preserves readable data in corrupted LMDB files - Errors are now printed when there are no DB files in the state directory
Mission Portal
In Mission Portal, we have added a lot of new features in 3.12.3. In the Host Info page, we have added a lot more information out-of-the-box. You can now find all the details about the host in question in one place, such as the average agent execution interval, the average agent execution time for each policy entry, first report collection time, host bootstrapped time, last agent execution time, and inventory attributes and values on the Host page.
New improved Host Info page.
Here, you can also see a list
of all the classes and variables that are defined on this host. You can
also directly access measurements taken by CFEngine, such as CPU load or
memory usage. We have also made the list of Inventory attributes
scrollable, so you don’t need to scroll the whole page to find a given
value. Admin users of Mission Portal are now allowed to delete hosts
that have no classes currently reported. This fixes an issue that made
non-reporting hosts difficult to manage. We have also fixed several
issues around Scheduled Reports, among others an issue where scheduled
reports were not saved properly. In order to search for specific package
versions, we have added an exact match option to the Software Update
Alert type. We have also added a number of new ways to customize Mission
Portal. You can now add a company logo, and customize the text on the
login page, as well as customize the color scheme of Mission Portal. We
have made changes to how the widgets on the Mission Portal Dashboard
display information. That they are now quite a bit faster than they used
to be. We have added a 10 minutes threshold to “Agent not run recently”
health diagnostics category to avoid showing false-positive warnings in
case of manual cf-agent execution. We have also fixed another issue with
the health diagnostics, where the “Hosts never collected from” was
erroneously empty. The Host count widget has been renamed to Newly
bootstrapped hosts
Dependency updates - 3.10.7
In CFEngine 3.10.7 we have updated the following dependencies. As usual, we have updated dependencies in order to get the latest security, performance and reliability improvements.
| LMDB | 0.9.23 | 0.9.24 |
| openSSL | 1.0.2r | 1.0.2t |
| sasl2 | 2.1.26 | 2.1.27 |
| libiconv | 1.15 | 1.16 |
| libxml2 | 2.9.8 | 2.9.10 |
| openLDAP | 2.4.47 | 2.4.48 |
| libcurl | 7.64.1 | 7.66.0 |
| libcurl-hub | 7.64.1 | 7.66.0 |
| apache | 2.4.39 | 2.4.41 |
| postgresql-hub | 9.6.12 | 9.6.15 |
Dependency updates - 3.12.3
In CFEngine 3.12.3 we have updated the following dependencies. As usual, we have updated dependencies in order to get the latest security, performance and reliability improvements.
| LMDB | 0.9.23 | 0.9.24 |
| openSSL | 1.1.1b | 1.1.1d |
| sasl2 | 2.1.26 | 2.1.27 |
| libiconv | 1.15 | 1.16 |
| libxml2 | 2.9.9 | 2.9.10 |
| openLDAP | 2.4.47 | 2.4.48 |
| libcurl | 7.64.1 | 7.67.0 |
| libcurl-hub | 7.64.1 | 7.67.0 |
| apache | 2.4.39 | 2.4.41 |
| postgresql | 10.7 | 10.11 |
| php | 7.2.18 | 7.2.24 |
| git | 2.21.0 | 2.24.0 |
Upgrading? If you’re upgrading an existing CFEngine Enterprise installation, check out the upgrade documentation for 3.12 for guidelines to make the process as smooth as possible. We are always happy to assist our customers with upgrading! You can contact sales to receive a fixed-price quote for upgrading your CFEngine infrastructure, and get more out of CFEngine!
Get it!
CFEngine Enterprise packages can be downloaded here or you can take a quick spin with the CFEngine Enterprise Vagrant environment for CFEngine 3.12. Community Edition is released as source code, packages, and Linux package repositories - to make installation as easy as possible! We hope you enjoy the new release, and we look forward to hearing about your experience in the CFEngine Google Group!
Brush up your CFEngine knowledge!
If you would like to refresh your CFEngine knowledge or are learning it from scratch, you can attend one of our training sessions. Check the event calendar on our website, or get in touch with us to see what the best option in your area is! There is also an updated version of the Learning CFEngine book by Diego Zamboni now available on LeanPub.
