Today, we are pleased to announce the release of CFEngine 3.22.0! The focus of this new version has been coordination. This is a non-LTS (non-supported) release, where we introduce new features for users to test and give feedback on, allowing us to polish before the next LTS. (CFEngine 3.24 LTS is scheduled to release summer 2024).
What’s new
New host filters
The host filter from inventory reports have been upgraded.
You can now add rules based on classes, such as linux, windows, redhat, ubuntu, xen, policy_server, cfengine_3_21, ipv4_172_31, etc:
Below the rules, which are dynamic conditions, there are lists of hosts to include and exclude in a more static manner. The new filters allow you to view a dynamically changing list of hosts, a static selection, or a mix of both. When used together, the list of hosts to include is added in addition to the condition based rules. You can easily add some hosts to your results which were not captured by the rules.
Groups in Mission Portal
You can now create groups of your hosts in Mission Portal. They are based on the same host filter system shown above.
A group is a saved host filter with a name.
Each group has a name and a filter, and allows you to see details about the hosts in it:
With groups, you can split up your infrastructure into logically distinct groups, based on operating system, function, environment, CFEngine version, etc.
Personal and shared groups
2 types of groups are available: personal and shared.
Personal groups allow individual users to organize hosts on their own, without the affecting what others see or the behavior of the hosts. Shared groups are available to the entire organization, and can be used to set data for the hosts in that group, controlling what the hosts in that group are doing.
The RBAC (Role Based Access Control) system specifies who can do what with groups. By default users are able to create personal groups, but only see shared groups (not create, delete, or edit).
Group data (CMDB)
Through the Data tab of a shared group, you can assign variables and classes to the hosts, in a similar manner to Host specific data in the host’s info page:
In case of conflicts, users should be aware of the merging behavior:
- As before, data from the CMDB will be preferred over data from the augments file (
def.json).- This allows you to completely overwrite the values set in this JSON file which is commonly kept together with the policy set, with data from your (per-hub) database.
- CMDB data is merged:
- Shared groups with data are sorted by their priority, with host specific data at the end. (Host specific data is treated as more specific and thus preferred over group data).
- Values (strings) are overwritten, lists and data containers are extended.
We plan to expand the possibilities of the CMDB, allowing different merging behavior and enabling users to add CFEngine Build module input per group.
Adding columns in inventory reports
As shown in the release blog post for 3.21.2, there is a new UI to modify columns in an inventory report:
The new window allows you to easily find columns you want to add (among a large collection of inventory attributes), and also enables adding multiple columns and deleting columns at the same time.
Policy language function: isreadable()
In some situations, reading a file can be slow, especially if it’s an NFS drive over a slow network. Blindly attempting to read a large file over a slow network can cause the agent to block for an extended period of time. To try to mitigate this, we’ve added a function which allows you to try reading a file, with some timeout, and then letting you react based on the result;
bundle agent __main__
{
vars:
"filename"
string => "/tmp/foo.txt";
"timeout"
int => "3";
reports:
"File '$(filename)' is readable"
if => isreadable("$(filename)", "$(timeout)");
}This function attempts to read 1 byte from the specified file, and times out in the specified number of seconds. Thus, if the file is not readable within x seconds you can choose to not read it and print an error message, for example.
It should be noted that this is very much a best-effort approach, there is no guarantee about that file. After having checked that the file is readable, it can still become unreadable, or very slow to read before you actually try to read the contents of the file.
Changelogs
As always, you can see a full list of changes and improvements in our changelogs:
- 3.22.0 Changelog for CFEngine Community
- 3.22.0 Changelog for CFEngine Enterprise
- 3.22.0 Changelog for Masterfiles Policy Framework
Please note that the Enterprise changelogs contain only changes specific to enterprise. To get a full overview of all changes in a version, read all 3 changelogs.
Dependency updates
Compared to the recently released 3.21.2, these dependencies have been updated:
| CFEngine version | 3.21.2 | 3.22.0 |
|---|---|---|
| Apache | 2.4.55 | 2.4.57 |
| diffutils | 3.9 | 3.10 |
| Git | 2.40.1 | 2.41.0 |
| libcurl | 8.0.1 | 8.1.2 |
| libexpat | - | 2.5.0 |
| libxml2 | 2.11.2 | 2.11.4 |
| OpenSSL | 3.0.8 | 3.1.1 |
| PHP | 8.1.12 | 8.2.7 |
| PostgreSQL | 15.2 | 15.3 |
Thank you to all the developers and maintainers of Open Source Software which make CFEngine possible!
Downloads
CFEngine Enterprise is free for up to 25 hosts, click here to go to the download pages with new packages.
If you are using cf-remote, you have to specify this release explicitly:
cf-remote --version 3.22.0 download(cf-remote defaults to the latest LTS release, which is currently 3.21.2).
Contributions
We encourage all of our users to get involved in the community and contribute. Feel free to use one of the following avenues:
- Ask for help, share an idea, or start a discussion on GitHub Discussions
- Contribute modules to CFEngine Build
- Look through our curated list of issues for new contributors
- Improve the documentation by fixing typos, adding examples, or explaining things you found difficult
- Browse the code or submit a pull request through GitHub
- Submit a bug report or feature request in our issue tracker
