No more default passwords! CFEngine 3.26.0 (“admin”) forces you to create an admin user from scratch.
Cody, Craig, and Nick take a look at the latest CFEngine release, 3.26.0, the “admin” release. After showing the new setup process to create an initial privileged user and highlighting cfbs
and cf-remote
updates and separate release schedule the majority of the conversation centered around new functions that were introduced.
- findlocalusers()
- Stop parsing
/etc/passwd
in policy, let the C do it.
- Stop parsing
- getbundlemetatatags()
- More introspection capabilities from within policy.
- hostswithgroup()
- Generate lists of hosts that are in a group from policy on the hub (Enterprise Hub only).
- is_type()
- Ensure the data you are looking at is what you expect it to be.
- isconnectable()
- Speed up policy by probing a port to see if it’s even connectable.
- useringroup()
- Stop parsing
/etc/group
in policy, let the C do it.
- Stop parsing
The audience chimed in with some ideas for new and existing functions:
- A function like classfiltercsv() that operates on data containers.
- The addition of a
timeout
option to readtcp(). - Extend version_compare() to handle additional versioning information, perhaps leveraging version sorting in GNU Core utils. Citing inconsistencies in various versioning strategies making that potentially challenging, the team also highlighted
dpkg --compare-versions
andrpmvercmp
(which ships in CFEngine Enterprise Linux packages) which can be used to compare versions for deb and rpm based systems. - A function to watch a file for change that could trigger execution of some promise(s). On this Nick mentioned potential of a new agent for “event driven policy”.
The episode wrapped up with some commentary on how to influence promise order with depends_on and how you can abort execution of a bundle or the entire agent using abortbundleclasses and abortclasses.
Video
The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.