CFEngine 3.10.7 LTS and 3.12.3 LTS released
Posted by: Nils Christian Roscher-Nielsen
We are now happy to release two new LTS versions of CFEngine, 3.10.7 LTS, and 3.12.3 LTS.
CFEngine 3.10.7 – end of life
From the CFEngine release schedule, we see that CFEngine 3.10 LTS is maintained and supported until December 28th, 2019. That is the end of this year, so you should start planning on upgrading to CFEngine 3.12 LTS, or the soon to be released CFEngine 3.15.0 LTS that is scheduled to be released in the next few weeks.
3.10.7 LTS is the last maintenance release (patch release) of the CFEngine 3.10 LTS series. The goal of this release is to make sure that the stability and reliability for CFEngine users that cannot immediately upgrade to 3.12, and enable a safe upgrade path. As such, this release includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases.
CFEngine 3.12.3 LTS
This update comes with many important stability and performance improvements and is thus well worth the upgrade from an older version of 3.12 LTS. CFEngine 3.12 LTS brings a lot of innovation, new features and improved performance to CFEngine, and allows you to make the most efficient use of your time. We are looking forward to your feedback on this release.
From the CFEngine release schedule, we can see that CFEngine 3.12 LTS is maintained and supported until June 2021
The goal of 3.12.3 LTS is to increase the stability and reliability of CFEngine for users and enable a safe upgrade path. As such, this release primarily includes bug fixes and low-risk changes that do not impact the compatibility with earlier patch releases.
Do you want to start contributing to CFEngine, but are unsure how? Please check out our contributing guide in addition to the following suggestions.
- Send documentation updates as pull requests to cfengine/documentation.
- Search for issues labeled easy or help_wanted that are OPEN or TODO that are good candidates for new contributors to cfengine/core or cfengine/masterfiles.
- Fix issues pointed out by code analysis: https://lgtm.com/projects/g/cfengine/core/alerts/ (We recently added some custom rules, so there are many alerts to fix)
Improvements to CFEngine 3.10.7
In 3.10.7 we have made a series of small improvements. This will be the last update to the 3.10 LTS series, so if you depend on further improvements, please consider upgrading.
We have fixed a bug in
ps parsing on OpenBSD / NetBSD causing bootstrap to fail.
A crash that was caused by Zero-bytes in class guards is no longer causing crashes.
Fixed promise results when using
process_stop in processes type promises.
The package modules now hit the network when the package cache is first initialized.
@ character is now allowed in the key of classic arrays defined by the module protocol.
Added derived-from-file tag on hard classes based on the content of
Version specific distro classes are now collected by default in Enterprise (ENT-4752)
We have set create permissions for
cf-monitord files in state directory to
0600. This now matches the permissions enforced by policy.
The affected files are:
Key rotation now waits for PostgreSQL to be available when starting or restarting the service.
We have added the ability to avoid limiting robot agents, added and transitioned to using the
master_software_updates shortcut, added continual checking for
policy_server state and added documentation on how to enable systemd unit management and disable agents on all hosts
Also, a new
snap packages has been added. We have made a change to always set
files_single_copy from augments if it is available, and fixed cleanup of future timestamps from the status table.
Changes in CFEngine 3.12.3
There are many improvements to CFEngine 3.12 in addition to the fixes made for 3.10. In addition to that, there are many other fixes details below. You can also see the documentation for the latest release of 3.12 LTS that includes changelogs for Core, Enterprise, and the MPF (Masterfiles Policy Framework).
We have implemented a change in how we build CFEngine packages from 3.12.3. We now build on all the platforms we support, as opposed to a single older platform. This means that there are now more packages to download, and while all the packages should work on the platform they are built on and newer, we now only test packages on the platform they are intended to work on.
To clarify this new policy as much as possible. While we officially support these platforms (and more):
- RHEL/CentOS 5,6,7
- Debian 7,8,9
- Ubuntu 14,16,18
To support these platforms we used to build only on:
- RHEL/CentOS 4 and 6
- Debian 4 and 7
Now we’re building on:
- RHEL/CentOS 5, 6, 7
- Debian 7, 8, 9
- Ubuntu 14, 16, 18
We have also improved the support for running CFEngine in a containerized environment. While we have for a long time supported running CFEngine in a CoreOS environment, we now provide a much better way of doing this. We have simplified the packaging and management of CFEngine for container hosts by packaging CFEngine as a file system image, you can easily install, and uninstall to upgrade.
You can download that image from our downloads page.
Abortclasses cause the agent to terminate when a matching class is defined. However, in the past it was terminating too fast, not saving the last recorded values properly. Agent runs that hit abortclasses now record the results.
We have add a
newline to API error responses, and changed response codes in the User API from
204 No Content to
202 Accepted in case of update or delete requests.
In this version of CFEngine, with the help of community member Joseph Holsten, we have added a snapcraft package module. Thank you very much for your contribution!
To make managing the utilization of licenses a bit easier, the Hub now properly logs an error if license counts are exceeded. Several issues around this have been fixed and improved.
We have made many improvements to the reporting capabilities. We have fixed a SQL schema error during the upgrade, improved logging of reporting patch failures, and turned on verbose logging to see more in-depth information when patch failure errors show up.
Improved database consistency
We have done a lot of work in CFEngine 3.12.3 to make LMDB behave better. We have added several capabilities that make it more self-healing. Corrupt databases will now automatically be backed up, deleted, and if the backup contains usable information, CFEngine will copy that back, to ensure that as much information is kept as possible. We have also changed some time dependant values that caused some databases to change state a lot, to no longer trigger a change. All in all, these changes will make CFEngien 3.13.3 more stable.
We have also improved the tool,
cf-check that does these operations. This tool has gotten a number of improvements in this version of CFEngine.
- directories can now be controlled from ENV vars
- Added the
--no-forkto diagnose command
- Added the
-Mmanpage option and other common options
dumpcommand now dumps DB contents to JSON5, and print structs as JSON objects
helpcommand can now take a topic as an argument
--dumpoption was added to the
repaircommand now preserves readable data in corrupted LMDB files
- Errors are now printed when there are no DB files in the state directory
In Mission Portal, we have added a lot of new features in 3.12.3.
In the Host Info page, we have added a lot more information out-of-the-box. You can now find all the details about the host in question in one place, such as the average agent execution interval, the average agent execution time for each policy entry, first report collection time, host bootstrapped time, last agent execution time, and inventory attributes and values on the Host page.
Here, you can also see a list of all the classes and variables that are defined on this host. You can also directly access measurements taken by CFEngine, such as CPU load or memory usage.
We have also made the list of Inventory attributes scrollable, so you don’t need to scroll the whole page to find a given value.
Admin users of Mission Portal are now allowed to delete hosts that have no classes currently reported. This fixes an issue that made non-reporting hosts difficult to manage.
We have also fixed several issues around Scheduled Reports, among others an issue where scheduled reports were not saved properly.
In order to search for specific package versions, we have added an exact match option to the
Software Update Alert type.
We have also added a number of new ways to customize Mission Portal. You can now add a company logo, and customize the text on the login page, as well as customize the color scheme of Mission Portal.
We have made changes to how the widgets on the Mission Portal Dashboard display information. That they are now quite a bit faster than they used to be.
We have added a 10 minutes threshold to “Agent not run recently” health diagnostics category to avoid showing false-positive warnings in case of manual cf-agent execution. We have also fixed another issue with the health diagnostics, where the “Hosts never collected from” was erroneously empty.
The Host count widget has been renamed to Newly bootstrapped hosts
Dependency updates – 3.10.7
In CFEngine 3.10.7 we have updated the following dependencies. As usual, we have updated dependencies in order to get the latest security, performance and reliability improvements.
Dependency updates – 3.12.3
In CFEngine 3.12.3 we have updated the following dependencies. As usual, we have updated dependencies in order to get the latest security, performance and reliability improvements.
If you’re upgrading an existing CFEngine Enterprise installation, check out the upgrade documentation for 3.12 for guidelines to make the process as smooth as possible.
We are always happy to assist our customers with upgrading! You can contact sales to receive a fixed-price quote for upgrading your CFEngine infrastructure, and get more out of CFEngine!
We hope you enjoy the new release, and we look forward to hearing about your experience in the CFEngine Google Group!
Brush up your CFEngine knowledge!
If you would like to refresh your CFEngine knowledge or are learning it from scratch, you can attend one of our training sessions. Check the event calendar on our website, or get in touch with us to see what the best option in your area is!
There is also an updated version of the Learning CFEngine book by Diego Zamboni now available on LeanPub.