CFEngine 3.21 LTS released - Unification

December 21, 2022

Today, we are pleased to announce the release of CFEngine 3.21.0! The focus of this new version has been unification. Across our websites and UI, you should see that it’s a much more modern and unified experience, whether you’re reading this blog post on cfengine.com, browsing the new documentation site, looking for modules on the CFEngine Build website, or adding input to modules within Build in Mission Portal.

This release also marks an important event, the beginning of the 3.21 LTS series, which will be supported for 3 years.

Several new features have been added since the release of CFEngine 3.18 LTS, in the form of non-LTS releases. In this blog post we’ll primarily focus on what is new in 3.21, but we’ll also highlight some things released in 3.19 and 3.20.

What’s new

CFEngine Build in Mission Portal

Screenshot of the Build in MP application

With CFEngine Build in Mission Portal, you can use modules to make changes to your infrastructure as well as add reports and reporting data all from within Mission Portal. Since it was introduced in 3.20 several features have been added, including adding input for modules, managing multiple projects, and deploying your policy locally.

Module input

CFEngine Build modules can now accept input. This allows module authors to write modules which prompt the user about what to do. Examples of this could be allowing the users to specify files to delete, packages to install, processes to kill, etc.

The delete-files module let’s you specify a list of files to delete:

Module input UI showing 3 files the user wants to delete

When you have this module in your project and add the input as above, it means the module will check if those files exist on your hosts, and delete them if they do.

Another example of a module accepting input is file-permissions, which allows you to enforce the permission bits of files. In the coming months, we will publish more modules like this, allowing you to easily make changes to your hosts and enforce security requirements from within Mission Portal.

Local deploy and new deploy button

The new deploy button has 3 options:

Button with dropdown of 3 options, Push & Deploy, Push, Deploy locally

Push and deploy let’s you push your changes to the remote git repository (for example GitHub or GitLab), and ensures your version control settings are correct, so the policy set is deployed on this hub. (The policy set will also be deployed to other hubs set up to use the same repository).

Push allows you to push your changes to the remote git repository without affecting what policy is deployed on this hub. (If you have other hubs configured to pull policy from that git repository, the policy changes will be deployed there).

The third option, Deploy locally enables deploying projects without syncing with a remote git repo. This is great for testing out CFEngine 3.21.0 and modules together. You can just install CFEngine, go to the Build application, skip entering git settings and start adding modules and deploying to your hub. (Previously you had to set up a remote repository on github.com or similar).

Multiple projects

Within the Build application, you can now create multiple projects:

Dropdown for selecting between projects or adding new ones

When combined with the new deploy button shown above, this means you can easily switch between projects and test out modules. If you already have one project being deployed to your test hub, you can create another project, add the modules you want to test, and use Deploy locally to see how they work, then switch back to your main project and deploy that again.

Video

If you haven’t seen it yet, we showed a lot of the CFEngine Build related functionality in the last episode of our webinar series:

New report page

The new report pages allows you to more easily organize and browse your reports:

Screenshot of new report page UI

The ones you care most about show up in My reports, meaning the ones you created, or added with the star buttons. Reports which come with CFEngine by default show up in Default reports, while the reports made by other Mission Portal users show up in Reports made by others. Finally, reports imported from CFEngine Build modules show up in CFEngine Build. All reports from CFEngine Build and Default reports now have special icons instead of authors, indicating that they were not made by Mission Portal users.

New compliance report PDFs

One feature which was already released in 3.18.3, a few weeks ago, is the new compliance report design:

New documentation site

Although not strictly a part of the release packages, we’d like to highlight that our documentation was revamped this fall:

docs.cfengine.com

The documentation site has a new design, with improved navigation and search. To learn more about the changes done to the documentation site, see this blog post.

Policy language changes

A couple of new attributes have been introduced:

Additionally, several attributes were implemented for custom promise types:

  • action_policy - for telling modules to produce warnings instead of fixing (repairing) promises.
  • comment - for documenting the reasons and context around a promise.
  • handle and depends_on - for controlling evaluation order of promises.
  • ifelapsed - to delay repeated evaluations of a promise until some amount of time has elapsed.
  • meta - for attaching metadata / tags about a promise.
  • with - gives you an easy way to expand results of function calls into a temporary variable.

For a complete list of changes in policy language, see the changelogs linked in the section below.

New tooling

A new tool cf-support has been introduced. This tool is intended to streamline data collection when reporting issues.

Other changes

There are other big changes introduced in the past 1.5 years, but not shown here. We encourage you to read our previous release blog posts to see more of these changes:

Changelogs

As always, you can see a full list of changes and improvements in our changelogs:

If you are upgrading from the 3.18 LTS series, scroll down in the changelog to find changes made in 3.19 and 3.20 to see the older changes. Please note that the Enterprise changelogs contain only changes specific to enterprise. To get a full overview of all changes in a version, read all 3 changelogs.

Dependency updates

Compared to the recently released 3.18.3, these dependencies have been updated:

CFEngine 3.18.3 3.21.0
libxml2 2.9.14 2.10.3
OpenSSL 1.1.1q 3.0.6
PHP 8.0.24 8.1.12
PostgreSQL 13.8 15.1

Thank you to all the developers and maintainers of Open Source Software which make CFEngine possible!

Python

Our hub packages now require Python (3.5 or newer), to enable the CFEngine Build in MP functionality. If you use cf-remote, or apt, or yum, to install the package, this should not be a problem, in most cases Python is already installed, and if not, it will be installed as it’s declared as a dependency.

Platform support

We now support Ubuntu 22, Debian 11, and RHEL 9. And Ubuntu and Debian are now packaged for aarch64, bringing CFEngine Enterprise to Raspberry Pis near you! Our general policy is that we support platforms as long as they are under regular support by the OS vendor. Due to this, we are dropping support for AIX 6, Solaris 10, SLES 11, and Windows Server 2008.

Downloads

CFEngine Enterprise is free for up to 25 hosts, click here to go to the download pages with new packages. If you are using cf-remote, it will now default to 3.21.0, since this is the latest LTS release available.

Contributions

We encourage all of our users to get involved in the community and contribute. Feel free to use one of the following avenues: