As someone responsible for IT operations, you have probably spent most of your time thinking of ways to improve your team’s effectiveness and efficiency to make it more competitive. At CFEngine, we have witnessed the management of IT infrastructure and organizations operating across the spectrum of the performance scale. Where are you on that scale and how can you improve? In the world of IT operations, a negatively skewed distribution seems to exist. The majority of companies, despite their admirable DevOps initiatives, struggle. The great minority who are masters of execution continuously increase their relative competitiveness leaving the others behind. In my previous post, “The painful road to the digital economy,” I pointed out some ideas as to why becoming more competitive seems so hard for Fortune 2000 companies and suggested ways to improve. It might be worth a read if you find yourself too far on the left side in the illustration below. The characteristics of a poor and reactive versus proactive and high-performing IT organization can be many. Below you will find some of the most common observed with our own users. Have a look and compare them with your own state of operations.
We’re happy to announce that CFEngine 3.9.0 non-LTS beta is now ready for testing! The established CFEngine release schedule shows that the 3.9.0 final version is due in June 2016, so it’s time to test and fix any remaining issues. Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers, but packages are available for testing.
By now you have probably heard about the Badlock vulnerability (CVE-2016-2118)in DCE/RPC-based SAMR and LSA protocols used in the Microsoft Windows ActiveDirectory infrastructure as well as other critical security flows in Samba. With CFEngine Enterprise you can simply tag any variable or class and MissionPortals Inventory reporting interface will be automatically extended with the new attributes. This makes it easy to identify vulnerable hosts. Dashboard alerts can be created to alert on vulnerable hosts for specific subsets of infrastructure. Dashboard alerts can be integrated with other systems. For example you could automatically open an issue in Jira when vulnerable hosts are found. If you would like to use CFEngine to detect, repair and report on Badlock in your infrastructure, we have prepared some policies you can use: - Badlock reporting and remediation policy - Implementation Tutorial
We’re happy to announce maintenance releases for all supported CFEngine release branches today! Being maintenance (aka patch) releases, the goal is to increase stability and reliability for CFEngine users and enable a safe upgrade-path. As such, the releases primarily include bugfixes and low-risk changes that do not impact the compatibility between previous patch releases. Looking at the CFEngine release schedule, we can see that
3.7 LTS is maintained until July 17th 2018 3.6 is maintained until July 17th 2016 (released before CFEngine incorporated the LTS model) 3.8 (being a non-LTS release) is maintained until 3.9.0 is released For CFEngine Enterprise customers, the supported releases as of today are 3.7 and 3.6. If you are on 3.6, it is a good time to prepare for an upgrade to 3.7, as the next supported minor release will be 3.10 LTS due end of 2016. If you are planning to contribute improvements to 3.9 (thank you!), please note that we would need the pull requests by beginning of April in order to have time to incorporate them into 3.9.
CFEngine is one of the most widely used infrastructure automation solutions in the world, being leveraged by some of the biggest organizations in the world for infrastructure management. eZuce is an Enterprise provider of Unified Communications, Voice and Video Conferencing solutions and is being used by many of their customers to improve business processes. eZuce has been shipping CFEngine inside of UniteMe since 2012 and have benefited from the following by using the popular configuration management solution:
Update Mar 23, 2016: We are happy to announce that the transition to JIRA has been successful. The new URL is https://northerntech.atlassian.net/projects/CFE. All existing issues from Redmine have been transferred to JIRA. Redirects are in place for the old URLs. All users have been migrated, however please be aware you must request a new password the first time you login. As you can read from the URL, CFEngine is now a project under Mender Software AS. Mender Software is the name of the Norwegian holding company that is the owner of CFEngine. For several years we had been using Redmine to track CFEngine issues and bugs. Redmine served us well, but after thorough evaluation we found that time has come to move on to JIRA. The main benefits for this shift are:
CFEngine AS was present in the Configuration Management Camp that took place in Gent, Belgium the 1st and 2nd February of 2016. This is the event on open source configuration management tools, scheduled immediately following FOSDEM and is located close to Brussels, so it usually has thousands of attendants. This year’s main track topics mostly revolved around security, orchestration, and application containers. We had a separate room for CFEngine and Rudder related topics with an exciting schedule:
We’re happy to announce that CFEngine 3.8.1 non-LTS now is released! Please note that this is a non-LTS release, which means that it is maintained for 6 months from the minor version’s (3.8.0 in this case) release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
Changes and improvements The def.json feature for overriding CFEngine default configuration was introduced in 3.7 and has since seen significant adoption. The main goal of this feature is to make upgrades easier, as it makes the difference between vanilla masterfiles and user masterfiles much easier to manage. However, several users have reported unexpected behaviour with the feature, because some of the variables in def.json were not parsed early enough to be taken into account by CFEngine. This triggered several discussions, also by the CFEngine Community Advisory Board. A new design has been introduced to parse def.json natively in C, which should resolve this issue. If you had this problem, please let us know if it is resolved in 3.8.1! All bundled dependencies have been upgraded to their latest version to bring in the latest security, performance and reliability improvements. All 3.8.1 CFEngine installations include these key dependencies, among others: OpenSSL 1.0.2e, PCRE 8.38, libxml2 2.9.3, OpenLDAP 2.4.43, libcurl 7.46.0, LMDB 0.9.17. CFEngine Enterprise Policy Servers also have upgraded dependencies and include PHP 5.6.17, Redis 3.0.6, git 2.6.5. OpenSSL recently published a security advisory, but CFEngine is not affected because neither DH nor DHE key exchange can be used by CFEngine. It is probably a good idea to check other products you use, though. Please see the Community Change Log and Enterprise Change Log for a detailed list of new features and changes. We highly appreciate community contributors for pull requests that made it in time for 3.8.1!
UPDATE, 2016-02-22: After feedback from CFEngine users and several discussions around a variable expansion performance issue, we decided to put this expansion issue higher on the priority list for 3.9. We still plan to address some high-impact logging issues for 3.9, most notably adding a line-level email-filtering feature. With CFEngine 3.8 released on target in December, and we’ve entered 2016 it’s time to look ahead to CFEngine 3.9! According to the CFEngine release schedule, 3.9 will be a non-LTS release and is due for June 2016. If you’re considering to contribute a major change or feature to CFEngine (thank you!) and would like to see it in 3.9, please note that we have a beta period for one month, so your pull request should be ready (i.e. reviewed and any adjustments made) in early April in order to make it. We’d also like to share that logging will be the release theme for 3.9!
Each year we like to take a moment to recognize outstanding community members for their contributions. Contributions come in the form of code contributions to core, organizing community meet-ups, giving talks about CFEngine at conferences, sharing policy, to helping other users on the mailing list and on IRC. This year the Community Advisory Board was responsible for selecting champions from the nominations, and it is my honor to announce the 2015 CFEngine Champion Hall of Fame inductees. Congratulations, and thanks for all of your efforts!
