CFEngine 3.10.2 LTS and 3.11.0 non-LTS released!

Posted by:

11 Aug 2017

We’re happy to announce the maintenance release 3.10.2 LTS and the new 3.11.0 non-LTS release today!

3.10.2 LTS, being a maintenance (aka patch) release, the goal is to increase stability and reliability for CFEngine users and enable a safe upgrade-path. As such, the release primarily includes bugfixes and low-risk changes that do not impact the compatibility between previous patch releases.

3.11.0 non-LTS includes new features and is not covered under the CFEngine Enterprise support contract.

Looking at the CFEngine release schedule, we can see that

  • 3.10 LTS is maintained (and supported for Enterprise customers) until December 27th 2019
  • 3.11 non-LTS is maintained (but unsupported for Enterprise customers) until December 2017

If you are planning to contribute features to the next feature release (thank you!), please note that we would need the pull requests ready for merging by early September in order to have time to incorporate them into 3.12.

 

Improvements in 3.10.2 LTS

zypper is supported as a new package module for the package promise implementation introduced in 3.7, making package management with Zypper much more reliable. If you are currently using the zypper package_method (old package promise implementation), you might consider switching to this new package module instead.

Several issues around CFEngine start (init/systemd) scripts on multiple platforms have been fixed.

In CFEngine Enterprise Mission Portal, there was an issue exporting csv files in some environments, which is now resolved. The inventory report also correctly parses lists in all cases, not displaying any curly braces in the report itself.

As always, dependencies have been upgraded. Most notably, the CFEngine Enterprise 3.10.2 hub is shipped with Apache 2.4.27, PostgreSQL 9.6.3, PHP 5.6.31 and Redis 3.2.9.

For more details please see the CFEngine 3.10.2 LTS ChangeLog for core, masterfiles, and enterprise.

 

New functionality in 3.11.0 non-LTS

Simplifying policy

Several features have been introduced that makes it faster and easier to write CFEngine policy.
Most notably, the with attribute helps eliminate intermediate variables when looping. Here is an example:

bundle agent main
{
  vars:
      "todo" slist => { "a 1", "b 2", "c 3" };
      # Here, `with` is the canonified version of $(todo), letting us avoid an

      # intermediate canonification array.
      "$(with)" string => "$(todo)", with => canonify($(todo));

      "complex" data => '
{
  "x": 200,
  "y": [ 1, 2, null, true, false ]
}
';

  reports:
      "For iterable '$(todo)' we created variable '$(with)' and its value is '$(todo)'"
        with => canonify($(todo));

      "We can print a data container compactly without creating a temporary variable: $(with)"
        with => format("%S", complex);

      "We can print a data container fully without creating a temporary variable: $(with)"
        with => storejson(complex);
}
R: For iterable 'a 1' we created variable 'a_1' and its value is 'a 1'
R: For iterable 'b 2' we created variable 'b_2' and its value is 'b 2'
R: For iterable 'c 3' we created variable 'c_3' and its value is 'c 3'
R: We can print a data container compactly without creating a temporary variable: {"x":200,"y":[1,2,null,true,false]}
R: We can print a data container fully without creating a temporary variable: {
  "x": 200,
  "y": [
    1,
    2,
    null,
    true,
    false
  ]
}

Expanded system discovery

CFEngine now leverages the standardized file /etc/os-release to do operating system discovery. This enables much broader OS disovery, for example the Amazon Linux and CoreOS platforms are now detected as classes and variables. You can use the cf-promises options --show-classes and --show-vars to see the new classes and variables on your favorite platform!

Environment files can now be read in natively into CFEngine, with the support of the new readenvfile() function, as well as ENV support in the readdata() function.

 

Other changes

Also in 3.11.0, zypper is supported as a new package module for the package promise implementation introduced in 3.7, making package management with Zypper much more reliable. If you are currently using the zypper package_method (old package promise implementation), you might consider switching to this new package module instead.

Previously, heavily loaded hubs that were handling multiple concurrent connections would occasionally reach the system resource limit of max open files, and manual tweaking was needed ( nofile limit in /etc/security/limits.conf ). In 3.11.0 (and 3.10.1) cf-serverd auto-configures this limit according to the maxconnections policy setting, so manual tweaking of the system limit should never be needed again.

CFEngine Enterprise now has a global search box, allowing for hosts to be directly located by hostname or IP address from anywhere in the UI.

Mission Portal’s application logs have been relocated from /var/cfengine/httpd/htdocs/application/logs to /var/cfengine/httpd/logs/application.

As usual, dependencies have been upgraded in order to get the latest security, performance and reliability improvements.

For more details please see the CFEngine 3.11.0 non-LTS ChangeLog for core, masterfiles, and enterprise

 

Upgrading?

If you’re upgrading an existing CFEngine Enterprise installation, check out the 3.10 upgrade documentation for guidelines to make the process as smooth as possible.

We are happy to assist CFEngine Enterprise customers with upgrading! Please contact CFEngine customer support to receive a fixed-price quote for upgrading your CFEngine infrastructure.

 

Get it!

CFEngine Enterprise packages can be downloaded here or you can take a quick spin with the CFEngine Enterprise 3.10 Vagrant environment.

Community Edition is released as source code, packages and Linux package repositories — to make installation as easy as possible!

We hope you enjoy the new releases, and we look forward to hearing about your experience in the CFEngine Google Group!

 

 

Eystein Maloy Stenberg