Update Mar 23, 2016: We are happy to announce that the transition to JIRA has been successful. The new URL is https://northerntech.atlassian.net/projects/CFE. All existing issues from Redmine have been transferred to JIRA. Redirects are in place for the old URLs. All users have been migrated, however please be aware you must request a new password the first time you login. As you can read from the URL, CFEngine is now a project under Mender Software AS. Mender Software is the name of the Norwegian holding company that is the owner of CFEngine. For several years we had been using Redmine to track CFEngine issues and bugs. Redmine served us well, but after thorough evaluation we found that time has come to move on to JIRA. The main benefits for this shift are:
CFEngine AS was present in the Configuration Management Camp that took place in Gent, Belgium the 1st and 2nd February of 2016. This is the event on open source configuration management tools, scheduled immediately following FOSDEM and is located close to Brussels, so it usually has thousands of attendants. This year’s main track topics mostly revolved around security, orchestration, and application containers. We had a separate room for CFEngine and Rudder related topics with an exciting schedule:
We’re happy to announce that CFEngine 3.8.1 non-LTS now is released! Please note that this is a non-LTS release, which means that it is maintained for 6 months from the minor version’s (3.8.0 in this case) release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
Changes and improvements The def.json feature for overriding CFEngine default configuration was introduced in 3.7 and has since seen significant adoption. The main goal of this feature is to make upgrades easier, as it makes the difference between vanilla masterfiles and user masterfiles much easier to manage. However, several users have reported unexpected behaviour with the feature, because some of the variables in def.json were not parsed early enough to be taken into account by CFEngine. This triggered several discussions, also by the CFEngine Community Advisory Board. A new design has been introduced to parse def.json natively in C, which should resolve this issue. If you had this problem, please let us know if it is resolved in 3.8.1! All bundled dependencies have been upgraded to their latest version to bring in the latest security, performance and reliability improvements. All 3.8.1 CFEngine installations include these key dependencies, among others: OpenSSL 1.0.2e, PCRE 8.38, libxml2 2.9.3, OpenLDAP 2.4.43, libcurl 7.46.0, LMDB 0.9.17. CFEngine Enterprise Policy Servers also have upgraded dependencies and include PHP 5.6.17, Redis 3.0.6, git 2.6.5. OpenSSL recently published a security advisory, but CFEngine is not affected because neither DH nor DHE key exchange can be used by CFEngine. It is probably a good idea to check other products you use, though. Please see the Community Change Log and Enterprise Change Log for a detailed list of new features and changes. We highly appreciate community contributors for pull requests that made it in time for 3.8.1!
UPDATE, 2016-02-22: After feedback from CFEngine users and several discussions around a variable expansion performance issue, we decided to put this expansion issue higher on the priority list for 3.9. We still plan to address some high-impact logging issues for 3.9, most notably adding a line-level email-filtering feature. With CFEngine 3.8 released on target in December, and we’ve entered 2016 it’s time to look ahead to CFEngine 3.9! According to the CFEngine release schedule, 3.9 will be a non-LTS release and is due for June 2016. If you’re considering to contribute a major change or feature to CFEngine (thank you!) and would like to see it in 3.9, please note that we have a beta period for one month, so your pull request should be ready (i.e. reviewed and any adjustments made) in early April in order to make it. We’d also like to share that logging will be the release theme for 3.9!
Each year we like to take a moment to recognize outstanding community members for their contributions. Contributions come in the form of code contributions to core, organizing community meet-ups, giving talks about CFEngine at conferences, sharing policy, to helping other users on the mailing list and on IRC. This year the Community Advisory Board was responsible for selecting champions from the nominations, and it is my honor to announce the 2015 CFEngine Champion Hall of Fame inductees. Congratulations, and thanks for all of your efforts!
We’re happy to announce that CFEngine 3.8.0 non-LTS now is released! A big thanks to everyone testing the 3.8.0 beta release! During the month it has been available, the 3.8.0 beta has seen hundreds of downloads widely distributed across platforms, both in Community and Enterprise editions. This testing helps ensure high quality of the final release. Of course, bugfixes in recently released 3.7.2 are also incorporated into 3.8.0. Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
We’re happy to announce that CFEngine 3.7.2 is released! With 3.7 being a stable LTS branch, 3.7.2 brings numerous stability enhancements and bugfixes to the CFEngine customers and community. The main focus area for 3.7.2 is to improve fault-tolerance and performance of policy distribution in unreliable networks.
Enhanced reliability of policy distribution The ability to distribute policy from the Policy Server to clients is a critical function of CFEngine, which also must work well in unreliable networks. CFEngine already has protection against corruption of the main policy (promises.cf) with the separate update policy (update.cf). In turn, if the update policy fails validation, failsafe.cf is run. In 3.7.2 failsafe.cf is also re-generated if it does not exist (but not overwritten since users may have a custom failsafe.cf in some cases) – basically simulating a fresh bootstrap. So this means that CFEngine will now be able to recover from corruption of any policy and wipe of the entire inputs directory! In addition, we have been chasing an intermittent issue that in some extremely rare cases results in a directory be turned into a file for some time, and we now have evidence that this is completely fixed in 3.7.2! Performance of policy distribution with cf-serverd at scale (4000+ clients) has been significantly improved by reducing lock contention of malloc() as well as lock contention of getpwnam(). Finally, for CFEngine Enterprise installations using call collect (client-initiated reporting), the default collect_window has been increased from 10 to 30 seconds. This ensures call-collect works reliably in scaled environments (thousands of clients) with default configuration. In sum these changes will lead to much more reliable policy distribution – and hopefully provide users with some additional peace of mind!
We’re happy to announce that CFEngine 3.8.0 non-LTS beta is now ready for testing! The established CFEngine release schedule shows that the 3.8.0 final version is due before January 2016, so it’s time to test and fix any remaining issues. Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers, but packages are available for testing.
There is a lot of value to be gained from CFEngine’s reporting features, so we’ve put together a slideshow to showcase 15 of the top reports that give you the best information and control over your infrastructure. If you like what you see, please contact us for any assistance in creating these reports yourself.
https://www.slideshare.net/slideshow/embed_code/key/NEiaPxUfGWdsdw
15 most valuable reports with CFEngine from CFEngine
We’re happy to announce that CFEngine 3.7.1 is now ready! Given that this is the first maintenance release in the 3.7 branch, the focus is primarily on stability and reliability of new features added in 3.7.0. For improved resiliency of Enterprise High Availability in environments that need it, we also added support for an offsite replication node.
Offsite replication support for Enterprise High Availability The High Availability cluster has until now consisted of 2 nodes; an active and passive. If the active goes down, the clients would fail over to the passive. However, some environments require the CFEngine Server to continue to operate even during a complete datacenter failure. In 3.7.1, support for a third HA node has been added: an offisite replication node. This node will replicate data from the active node, and can be manually promoted to an active node in case both the two other nodes goes down. You can read more in the new section of the High Availability installation documentation.
