We are pleased to announce the release of CFEngine 3.17.0, with the theme Flexibility! This is a non-LTS release and allows the CFEngine community to test the features which will be in CFEngine 3.18.0 LTS (Summer 2021).
What’s new?
A new look - Mission Portal Dark Mode
Mission portal now gives you the option of switching to an alternate color theme, dark mode:
Trigger report collection from Host Info Page
You no longer have to wait for the next reporting interval, or use the command line to get updated reports. Click the button on the host info page to trigger a report collection:
(cf-hub will collect new reports from the host and the host info page will be refreshed in a few seconds).
Simulate changes made by CFEngine before performing them
The new --simulate option allows you to test your policy and see what changes it would make.
Here is a basic example policy:
bundle agent main
{
files:
"/tmp/hello-world"
content => "Hello, world!$(const.n)";
}Running this with --simulate=diff we can see the differences, before and after the files promise changed the file:
$ echo "Some data" > /tmp/hello-world
$ /var/cfengine/bin/cf-agent -KI test.cf --simulate=diff
warning: All changes in files will be made in the '/var/cfengine/state/29830.changes' chroot
info: Updated content of '/tmp/hello-world' with content 'Hello, world!
'
info: files promise '/tmp/hello-world' repaired
info: Showing diff for changed files (in the changes chroot)
===========================================================================
--- original /tmp/hello-world
+++ changed /tmp/hello-world
@@ -1 +1 @@
-Some data
+Hello, world!The files promise was simulated in a change-root which is cleaned up afterwards, so no changes were made to the system. This allows you to easily audit the impact of a new CFEngine policy or upgrade.
Manage new types of resources with custom promise types
The CFEngine agent can now interact with promise modules, allowing users to implement and share new promise types.
You add a promise type using a promise block, giving paths to the module and interpreter to run it.
Once added, custom promises are straight forward to use, there is no special syntax:
promise agent git
{
path => "/var/cfengine/modules/promises/git_using_lib.py";
interpreter => "/usr/bin/python3";
}
bundle agent __main__
{
git:
"/opt/cfengine/masterfiles"
repository => "https://github.com/cfengine/masterfiles";
}Modules can be implemented in any programming language, for example bash or python. You can get started adding your own promise types now, see the specification for more information. We will soon share more examples and details in a separate blog post.
Expressive new conditions using regular expressions
We’ve introduced new conditions which utilize regular expressions. As an example, filtering a few different versions of an OS becomes much easier:
Additionally, we’ve introduced conditions for whether inventory attributes are reported or not:
All of the new conditions can be used in alerts, host filters, and compliance reports.
Features already released in 3.15.3
3.17.0 also includes the improvements mentioned in the 3.15.3 release announcement:
- Synchronizing roles between Mission Portal and Active Directory
- Ansible compatible hosts API
- Pinning inventory and reporting data to customize the host info page
- Copy-to-clipboard buttons
- Host-specific end-to-end encryption of files using cf-secret
Changelogs
As always, you can see a full list of changes and improvements in our changelogs:
- 3.17.0 Changelog for CFEngine Community
- 3.17.0 Changelog for CFEngine Enterprise
- 3.17.0 Changelog for Masterfiles Policy Framework
Please note that the Enterprise changelogs contain only changes specific to enterprise. To get a full overview of all changes in a version, read all 3 changelogs.
Dependencies
The table below shows versions of dependencies used in 3.17.0, compared to the latest LTS releases:
| CFEngine version | 3.12.6 | 3.15.3 | 3.17.0 | Notes |
|---|---|---|---|---|
| Apache | 2.4.43 | 2.4.46 | 2.4.46 | Hub only |
| apr-util | 1.6.1 | 1.6.1 | 1.6.1 | Hub only |
| APR | 1.7.0 | 1.7.0 | 1.7.0 | Hub only |
| diffutils | 3.7 | Introduced in 3.17.0 | ||
| Git | 2.28.0 | 2.28.0 | 2.29.2 | Hub only |
| libacl | 2.2.53 | 2.2.53 | 2.2.53 | |
| libattr | 2.4.48 | 2.4.48 | 2.4.48 | |
| libcurl | 7.72.0 | 7.72.0 | 7.73.0 | |
| libgnurx | 2.5.1 | 2.5.1 | 2.5.1 | Windows only |
| libiconv | 1.16 | 1.16 | 1.16 | |
| libxml2 | 2.9.10 | 2.9.10 | 2.9.10 | |
| libyaml | 0.2.5 | 0.2.5 | 0.2.5 | |
| LMDB | 0.9.26 | 0.9.26 | 0.9.27 | |
| OpenLDAP | 2.4.53 | 2.4.53 | 2.4.56 | |
| OpenSSL | 1.1.1g | 1.1.1g | 1.1.1h | |
| PCRE | 8.44 | 8.44 | 8.44 | |
| PHP | 7.2.34 | 7.4.10 | 7.4.12 | Hub only |
| PostgreSQL | 10.14 | 12.4 | 13.0 | Hub only |
| pthreads-w32 | 2-9-1 | 2-9-1 | 2-9-1 | Windows only |
| rsync | 3.2.3 | 3.2.3 | 3.2.3 | Hub only |
| SASL2 | 2.1.27 | 2.1.27 | 2.1.27 | Solaris only |
| zlib | 1.2.11 | 1.2.11 | 1.2.11 |
Thank you to all the developers and maintainers of Open Source Software which make CFEngine possible!
Contributions
We encourage all of our users to get involved in the community and contribute. Feel free to use one of the following channels:
- Submit a bug report or feature request in our issue tracker
- Look through our curated list of issues for new contributors
- Browse the code or submit a pull request through GitHub
- Improve the documentation by fixing typos, adding examples, or explaining things you found difficult
- Chat with the developers and other users on IRC
- Ask for help or start a discussion on the mailing list
