Show notes: The agent is in - Episode 49 - Demo of CFEngine 3.26.0

Posted by Nick Anderson
May 29, 2025

No more default passwords! CFEngine 3.26.0 (“admin”) forces you to create an admin user from scratch.

Cody, Craig, and Nick take a look at the latest CFEngine release, 3.26.0, the “admin” release. After showing the new setup process to create an initial privileged user and highlighting cfbs and cf-remote updates and separate release schedule the majority of the conversation centered around new functions that were introduced.

  • findlocalusers()
    • Stop parsing /etc/passwd in policy, let the C do it.
  • getbundlemetatatags()
    • More introspection capabilities from within policy.
  • hostswithgroup()
    • Generate lists of hosts that are in a group from policy on the hub (Enterprise Hub only).
  • is_type()
    • Ensure the data you are looking at is what you expect it to be.
  • isconnectable()
    • Speed up policy by probing a port to see if it’s even connectable.
  • useringroup()
    • Stop parsing /etc/group in policy, let the C do it.

The audience chimed in with some ideas for new and existing functions:

  • A function like classfiltercsv() that operates on data containers.
  • The addition of a timeout option to readtcp().
  • Extend version_compare() to handle additional versioning information, perhaps leveraging version sorting in GNU Core utils. Citing inconsistencies in various versioning strategies making that potentially challenging, the team also highlighted dpkg --compare-versions and rpmvercmp (which ships in CFEngine Enterprise Linux packages) which can be used to compare versions for deb and rpm based systems.
  • A function to watch a file for change that could trigger execution of some promise(s). On this Nick mentioned potential of a new agent for “event driven policy”.

The episode wrapped up with some commentary on how to influence promise order with depends_on and how you can abort execution of a bundle or the entire agent using abortbundleclasses and abortclasses.

Video

The video recording is available on YouTube:

At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.