We’re happy to announce maintenance releases for both supported CFEngine release branches today! Being maintenance (aka patch) releases, the goal is to increase stability and reliability for CFEngine users and enable a safe upgrade-path. As such, the releases primarily include bugfixes and low-risk changes that do not impact the compatibility between previous patch releases. Looking at the CFEngine release schedule, we can see that
3.6 and 3.8 are no longer maintained. If you are still on any of these versions, please consider upgrading. 3.7 LTS is maintained (and supported for Enterprise customers) until July 17th 2018 3.9 non-LTS is maintained until December 2016 For CFEngine Enterprise customers, the only supported release today is 3.7. The next supported release will be 3.10 LTS due end of 2016, which will be supported through the end of 2019. If you are planning to contribute improvements to 3.10 (thank you!), please note that we would need the pull requests ready for merging by mid-September in order to have time to incorporate them into 3.10.
We’re happy to announce that CFEngine 3.9.0 non-LTS now is released! A big thanks to everyone testing the 3.9.0 beta release! Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
Running remote bundles CFEngine 3.9 introduces a simple way to trigger bundles to run remotely by using cf-runagent –remote-bundles to ask a remote cf-serverd to run a given set of bundles. For example:
As someone responsible for IT operations, you have probably spent most of your time thinking of ways to improve your team’s effectiveness and efficiency to make it more competitive. At CFEngine, we have witnessed the management of IT infrastructure and organizations operating across the spectrum of the performance scale. Where are you on that scale and how can you improve? In the world of IT operations, a negatively skewed distribution seems to exist. The majority of companies, despite their admirable DevOps initiatives, struggle. The great minority who are masters of execution continuously increase their relative competitiveness leaving the others behind. In my previous post, “The painful road to the digital economy,” I pointed out some ideas as to why becoming more competitive seems so hard for Fortune 2000 companies and suggested ways to improve. It might be worth a read if you find yourself too far on the left side in the illustration below. The characteristics of a poor and reactive versus proactive and high-performing IT organization can be many. Below you will find some of the most common observed with our own users. Have a look and compare them with your own state of operations.
We’re happy to announce that CFEngine 3.9.0 non-LTS beta is now ready for testing! The established CFEngine release schedule shows that the 3.9.0 final version is due in June 2016, so it’s time to test and fix any remaining issues. Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers, but packages are available for testing.
By now you have probably heard about the Badlock vulnerability (CVE-2016-2118)in DCE/RPC-based SAMR and LSA protocols used in the Microsoft Windows ActiveDirectory infrastructure as well as other critical security flows in Samba. With CFEngine Enterprise you can simply tag any variable or class and MissionPortals Inventory reporting interface will be automatically extended with the new attributes. This makes it easy to identify vulnerable hosts. Dashboard alerts can be created to alert on vulnerable hosts for specific subsets of infrastructure. Dashboard alerts can be integrated with other systems. For example you could automatically open an issue in Jira when vulnerable hosts are found. If you would like to use CFEngine to detect, repair and report on Badlock in your infrastructure, we have prepared some policies you can use: - Badlock reporting and remediation policy - Implementation Tutorial
We’re happy to announce maintenance releases for all supported CFEngine release branches today! Being maintenance (aka patch) releases, the goal is to increase stability and reliability for CFEngine users and enable a safe upgrade-path. As such, the releases primarily include bugfixes and low-risk changes that do not impact the compatibility between previous patch releases. Looking at the CFEngine release schedule, we can see that
3.7 LTS is maintained until July 17th 2018 3.6 is maintained until July 17th 2016 (released before CFEngine incorporated the LTS model) 3.8 (being a non-LTS release) is maintained until 3.9.0 is released For CFEngine Enterprise customers, the supported releases as of today are 3.7 and 3.6. If you are on 3.6, it is a good time to prepare for an upgrade to 3.7, as the next supported minor release will be 3.10 LTS due end of 2016. If you are planning to contribute improvements to 3.9 (thank you!), please note that we would need the pull requests by beginning of April in order to have time to incorporate them into 3.9.
CFEngine is one of the most widely used infrastructure automation solutions in the world, being leveraged by some of the biggest organizations in the world for infrastructure management. eZuce is an Enterprise provider of Unified Communications, Voice and Video Conferencing solutions and is being used by many of their customers to improve business processes. eZuce has been shipping CFEngine inside of UniteMe since 2012 and have benefited from the following by using the popular configuration management solution:
Update Mar 23, 2016: We are happy to announce that the transition to JIRA has been successful. The new URL is https://northerntech.atlassian.net/projects/CFE. All existing issues from Redmine have been transferred to JIRA. Redirects are in place for the old URLs. All users have been migrated, however please be aware you must request a new password the first time you login. As you can read from the URL, CFEngine is now a project under Mender Software AS. Mender Software is the name of the Norwegian holding company that is the owner of CFEngine. For several years we had been using Redmine to track CFEngine issues and bugs. Redmine served us well, but after thorough evaluation we found that time has come to move on to JIRA. The main benefits for this shift are:
CFEngine AS was present in the Configuration Management Camp that took place in Gent, Belgium the 1st and 2nd February of 2016. This is the event on open source configuration management tools, scheduled immediately following FOSDEM and is located close to Brussels, so it usually has thousands of attendants. This year’s main track topics mostly revolved around security, orchestration, and application containers. We had a separate room for CFEngine and Rudder related topics with an exciting schedule:
We’re happy to announce that CFEngine 3.8.1 non-LTS now is released! Please note that this is a non-LTS release, which means that it is maintained for 6 months from the minor version’s (3.8.0 in this case) release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
Changes and improvements The def.json feature for overriding CFEngine default configuration was introduced in 3.7 and has since seen significant adoption. The main goal of this feature is to make upgrades easier, as it makes the difference between vanilla masterfiles and user masterfiles much easier to manage. However, several users have reported unexpected behaviour with the feature, because some of the variables in def.json were not parsed early enough to be taken into account by CFEngine. This triggered several discussions, also by the CFEngine Community Advisory Board. A new design has been introduced to parse def.json natively in C, which should resolve this issue. If you had this problem, please let us know if it is resolved in 3.8.1! All bundled dependencies have been upgraded to their latest version to bring in the latest security, performance and reliability improvements. All 3.8.1 CFEngine installations include these key dependencies, among others: OpenSSL 1.0.2e, PCRE 8.38, libxml2 2.9.3, OpenLDAP 2.4.43, libcurl 7.46.0, LMDB 0.9.17. CFEngine Enterprise Policy Servers also have upgraded dependencies and include PHP 5.6.17, Redis 3.0.6, git 2.6.5. OpenSSL recently published a security advisory, but CFEngine is not affected because neither DH nor DHE key exchange can be used by CFEngine. It is probably a good idea to check other products you use, though. Please see the Community Change Log and Enterprise Change Log for a detailed list of new features and changes. We highly appreciate community contributors for pull requests that made it in time for 3.8.1!
