The latest updates about everything CFEngine

CFEngine 3.12.2 LTS Released

We are happy to release the 2nd update to the CFEngine 3.12 LTS series. This update comes with many important stability and performance improvements and is thus well worth the upgrade from an older version of 3.12 LTS. CFEngine 3.12 LTS brings a lot of innovation, new features and improved performance to CFEngine, and allows you to make the most efficient use of your time. We are looking forward to your feedback on this release. Looking at the CFEngine release schedule, we can see that CFEngine 3.12 LTS is maintained and supported until June, 2021 3.12.2 LTS is a maintenance release (also known as a patch release), with the goal to increase the stability and reliability for CFEngine users and enable a safe upgrade path. As such, this release primarily includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases. Do you want to start contributing to CFEngine, but are unsure how? Please check out our contributing guide in addition to the following suggestions.

May 20, 2019

How can I execute a command that uses command substitution in CFEngine?

This was originally published here, it has been re-published with permission. How can I execute a command that uses command substitution in CFEngine? On the console I might execute something like this: Listing 1: Example command substitution touch /tmp/file-$(date --iso-8601) ls /tmp/file-* /tmp/file-2019-03-08 I recommend not executing commands using substitution. Instead, prepare all that you need up front. Get the result of the data command and put it into a CFEngine variable, then use the CFEngine variable directly.

Posted by Nick Anderson
May 13, 2019

CFEngine 3.10.6 LTS Released

We are now happy to release the 6th update to the CFEngine 3.10 LTS series. This update comes with many important stability and performance improvements and is thus well worth the upgrade from an older version of 3.10 LTS. Looking at the CFEngine release schedule, we can see that CFEngine 3.10 LTS is maintained and supported until December 27th, 2019.That is the end of this year, so you should start planning on upgrading to CFEngine 3.12 LTS, or the upcoming 3.15.0 LTS that is scheduled to be released around the same time as 3.10 reaches its end of life. 3.10.6 LTS is a maintenance release (also known as a patch release), with the goal to increase the stability and reliability for CFEngine users and enable a safe upgrade path. As such, this release primarily includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases. Do you want to start contributing to CFEngine, but are unsure how? Here are some nifty tricks.

May 10, 2019

Introducing cf-remote: Tooling to deploy CFEngine

About a year ago, I wrote a small python script to automate installing and bootstrapping CFEngine on virtual machines in AWS. It had some hard coded IP addresses that I needed to update when I spawned new hosts, but other than that, it worked well. During manual testing, it saved me a lot of time instead of having to do things manually. Deploying CFEngine normally consists of these steps: Determine what CFEngine package to use. Download appropriate package if you haven’t already - curl. Copy the package to the host - scp. Log into the host - ssh. Install the package - rpm / dpkg. Bootstrap CFEngine - cf-agent -B. At a company hackathon I decided to make my script into something better, something that would be useful to my colleagues, and maybe even CFEngine users in general. Enter cf-remote.

April 30, 2019

Using cf-runagent as non-root

cf-runagent is a component for triggering remote agent runs using the CFEngine network protocol. It does not allow for arbitrary commands to be executed, but rather asks the remote host to run the policy it already has. To trigger cf-runagent from other systems or web interfaces, you want to be able to run it as non-root. Install and bootstrap I will use cf-remote to set up a demo hub running CFEngine Enterprise 3.12.1:

April 12, 2019

Context-specific Security Settings

CFEngine is very simple to set up and use, especially if all of the clients and the hub are going to be using the same promises. But what if there are certain things you want to enforce on a hub and not a client? What if there are certain things you want to enforce on a client but not on a hub? For example, if you are using the Git Setup, you want the hub to pull from the Git repository, but you don’t want the clients to do this. You want the hub to make those changes available to the clients only after it’s verified them. So how do you have a promise that only enforces on the hub, and not on a client? A simple solution is to use the am_policy_hub class to conditionally pull from Git if the server is a hub:

Posted by Eli Taft
February 12, 2019

From black box magic to automation transparency

The CFEngine policy analyzer is an awesome new service introduced in CFEngine 3.13. The policy analyzer allows you to quickly debug policies and inspect what is going on under hood of CFEngine. A known challenge with CFEngine, and most DSL based automation tools, relates to understanding what is actually going on during live operations. Many users view it as “black-box magic”. Unfortunately, the amount of magic and the size of the black box increases with the level of automation. This is undesirable. Enter the policy analyzer.

Posted by Thomas Ryd
January 17, 2019

Hacking custom variables for additional augments in CFEngine

This post was syndicated with permission from the original source. CFEngine 3.12.0 introduced the augments key to the Augments file format. If you are not already familiar with Augments, check it out. It’s a very easy way to define classes and variables very early during agent execution, before policy. The new augments key allows you to merge additional data in the augments format on top of the base augments. I However, there is, I think, still a simple way to accomplish this. This can provide a flexible way of providing different data to different sets of machines.

Posted by Nick Anderson
December 17, 2018

CFEngine 3.12.1 LTS Released

CFEngine 3.12.1 LTS has now been released. This release brings many stability and performance improvements to the 3.12 LTS series. It is a stable and well-tested version of CFEngine. We wish to extend a big thanks to the ecosystem that helps make CFEngine great by reporting bugs, contributing fixes and suggesting new and improved functionality. Without you, CFEngine would not be the powerful, high performance, widely used product we all appreciate today! We hope and think this release meets the high standards we know all our users have. That is why you chose CFEngine in the first place! This is a good time to start thinking about updating to 3.12, as this is the best and most long-term solution available. You can read more about our supported versions here, but in short, we can highlight that:

November 30, 2018

CFEngine 3.13.0 released

Today we are very happy to announce the release of CFEngine 3.13.0. This is a non-LTS release, introducing new features and functionality. There is a lot happening with CFEngine these days! This release is closely following last weeks release of CFEngine 3.10.5 LTS, and soon we will also release the next patch version of our 3.12 LTS series. So keep following our updates! Contribute to CFEngine Did you know that CFEngine is a dual license open source project? And not only that, we are encouraging community contributions, and are always looking for ways to improve and grow our ecosystem. We encourage you to contribute and participate in the fun development of CFEngine! Do you want to start contributing but are unsure how?

November 23, 2018