CFEngine 3.12.4 and 3.15.1 released

Posted by:

26 Mar 2020

We are today very excited to bring you new updates to CFEngine.

This is a set of patch releases for the CFEngine 3.12 LTS and 3.15 LTS series. We usually release new patch releases every 6 months, but we want to bring new features and all improvements and bug fixes to our users as soon as possible. Hence these early releases.

In CFEngine 3.15 LTS we introduced Federated Reporting, our single pane of glass reporting architecture. This is a great new feature that allows you to set up a dedicated Hub that collects all reporting data from your entire infrastructure to really provide a single pane of glass into all your operations. In this patch release, we have included several performance improvements and bug fixes.

There are no new features or larger changes in these patch releases. We focus on stability, improving performance, fixing bugs and are actively listening to open source users and customers alike when planning what to fix.

We hope you enjoy the faster release this time and benefit from some of the improvements we have made.

New language macros

We have now introduced a new set of binary macros to the policy language. This greatly simplifies the process of being in control of what policy is executed in what parts of your infrastructure. You can more safely introduce new features and control how they are used. The versions macros now also accept single-digit input.

The new macros are the following

  • @if maximum_version(x)
  • @else
  • @if between_versions(x, y)
  • @if before_version(x)
  • @if at_version(x)
  • @if after_version(x)

They are available in both 3.12.4 as well as 3.15.1. These new macros are specifically intended to further improve forward and backward compatibility. Usually, we do not introduce features in a patch release. However, we evaluated the risk of introducing these new features in a patch release to be very small compared to the value they bring.

Improvements and valuable changes in CFEngine

We have fixed over 20 different issues relating to the open-source part of CFEngine in these releases, and more than 50 bugs in total.

Community member Aleksey Tsalolikhin has made a contribution to inventory NFS servers, that we have included in both CFEngine 3.12.4 and 3.15.1, after a great discussion about this on the mailing list.

We have also fixed several issues, making CFEngine more stable, and faster. Such as an issue causing duplicate entries in sys.interfaces, and sys.hardware, both a crash, as well as memory leaks in JSON and mustache code, we have made classfiltercsv() fail properly on an invalid class expression index, using variable references with nested parentheses no longer cause errors. As well as many more improvements.

We have improved the SUSE and OpenSUSE platform support, by for example adding Zypper as the default package manager on OpenSUSE, added the correct symlink to Python in SUSE, made sure that OpenSUSE uses the same paths as SUSE.

Red Hat Enterprise Linux 8 support

CFEngine 3.15.0 already supported RHEL 8, but we have now also added RHEL 8 support to CFEngine 3.12.4.

Both versions only support RHEL 8.1 and higher, as there are incompatible changes in SELinux implementation between RHEL 8.0 and 8.1.

Federated Reporting

Federated reporting comes with a lot of benefits. We have focused a lot on the very large scale customers, that needed several CFEngine Hubs to manage their massive infrastructure. However, Federated Reporting also makes it easy for smaller organizations to now use multiple Hubs to create different infrastructure segments, while still maintaining all reporting data in a unified place.

In CFEngine 3.15.1 we have only made small improvements to Federated Reporting. Mainly, after seeing more heavy use we have fixed some corner-case bugs and sped up the import process.

Mission Portal

In Mission Portal, we have made some very useful improvements in these releases. Most of them are backported to 3.12.4 as well, but we recommend upgrading to 3.15 LTS series soon, in order to get all the benefits.

Time zone management

We have now introduced much improved time zone management so that users can control what time zone reports should be sent out or schedules in. This greatly improves user experience in global infrastructures where Hubs can be located in multiple time zones, or when you are traveling the world for work.

Changing the timezone settings of each Mission Portal user is now simple and can be done automatically as you travel.

 

License management

We have now introduced easier to use and understand license overview in Mission Portal. There is a simple warning as you approach your license allocation.

Now, there is also a new inventory report on license allocation, to make this easier to track. This provides great value for the user of Mission Portal, but also makes it simple to schedule a report to the correct authority whenever license usage is running high, so you can give us a call!

Dashboard sharing

We have made it simpler to share Dashboards in Mission Portal. You can now share a Dashboard, either with a specific user, or set of users, or also a set of roles. Anyone you share a Dashboard with will now see who created it. Any user can now also clone a shared Dashboard in order to make their own modifications to it.

Dashboards are now no longer required to have a unique screen name, so this makes Dashboard creation much more flexible, especially on systems with multiple users.

Improved Usability

The Inventory attributes list you see when adding a new Widget to a Dashboard was improved to be a scrollable view, include a search box, and is now alphabetized as well.

We have fixed a bug in the Host Search, where it returned a “500 – Internal Server Error”, a bug that caused false positives in the “Last agent run unsuccessful” Health Check.

High Availability support

We have enabled High Availability support in CFEngine 3.15.1. This was not supported in 3.15.0 after we moved to use PostgreSQL 12 in CFEngine 3.15 series. We have now made it work, and continue to support it on RHEL 6. If you are interested in upgrading your HA setup to a later version of RHEL or a different OS, please get in touch with us.

You can watch a short video about our High Availability functionality here.

Other improvements

We have improved the logging of users, so each login to the Hub will now be registered in the logs with more details, including the username.

We have fixed a number of smaller issues. If you upgraded from 3.12.1 to 3.12.2 a bug in our database management code would make a subsequent upgrade to 3.15.0 break. This now works as expected when you upgrade to 3.15.1 instead.

In 3.12.3 we made a small change that broke the Mission Portal Host Search functionality, this has been fixed.

As always, you can see a full list of changes and improvements in our changelogs

3.12.4: Changelogs for Core, Masterfiles, and Enterprise.
3.15.1: Changelogs for Core, Masterfiles, and Enterprise.

Dependency updates

We have now updated the following dependencies, in order to get the latest security, performance and reliability improvements.

3.12.4

pcre 8.43 8.44
openLDAP 2.4.48 2.4.49
libcurl-hub 7.67.0 7.69.0
git 2.24.0 2.25.1
PostgreSQL 10.11 10.12
PHP 7.2.24 7.2.28
libcurl 7.67.0 7.69.0

3.15.1

pcre 8.43 8.44
openLDAP 2.4.48 2.4.49
libcurl-hub 7.67.0 7.69.0
git 2.24.0 2.25.1
PostgreSQL 12.1 12.2
PHP 7.4.0 7.4.3
libcurl 7.67.0 7.69.0

Contributions

We highly encourage you to start contributing to CFEngine!  We appreciate all new members of the community. Please check out our contributing guide in addition to the following suggestions.

And if there is anything, in particular, you want us to fix then please shout out! Sharing your priorities is also a way of contributing.

Nils Christian Roscher-Nielsen