CFEngine 3.17 – Flexibility

Posted by:

19 Nov 2020

We are pleased to announce the release of CFEngine 3.17.0, with the theme Flexibility! This is a non-LTS release and allows the CFEngine community to test the features which will be in CFEngine 3.18.0 LTS (Summer 2021).

What’s new

A new look – Mission Portal Dark Mode

Mission portal now gives you the option of switching to an alternate color theme, dark mode:

Trigger report collection from Host Info Page

You no longer have to wait for the next reporting interval, or use the command line to get updated reports. Click the button on the host info page to trigger a report collection:

(cf-hub will collect new reports from the host and the host info page will be refreshed in a few seconds).

Simulate changes made by CFEngine before performing them

The new --simulate option allows you to test your policy and see what changes it would make. Here is a basic example policy:

bundle agent main
{
  files:
    "/tmp/hello-world"
      content => "Hello, world!$(const.n)";
}

Running this with --simulate=diff we can see the differences, before and after the files promise changed the file:

$ echo "Some data" > /tmp/hello-world
$ /var/cfengine/bin/cf-agent -KI test.cf --simulate=diff
 warning: All changes in files will be made in the '/var/cfengine/state/29830.changes' chroot
    info: Updated content of '/tmp/hello-world' with content 'Hello, world!
'
 warning: No action was requested for file '/tmp/hello-world'. Maybe a typo in the policy?
    info: files promise '/tmp/hello-world' repaired
    info: Showing diff for changed files (in the changes chroot)
===========================================================================
--- original /tmp/hello-world
+++ changed  /tmp/hello-world
@@ -1 +1 @@
-Some data
+Hello, world!

The files promise was simulated in a change-root which is cleaned up afterwards, so no changes were made to the system. This allows you to easily audit the impact of a new CFEngine policy or upgrade.

Manage new types of resources with custom promise types

The CFEngine agent can now interact with promise modules, allowing users to implement and share new promise types. You add a promise type using a promise block, giving paths to the module and interpreter to run it. Once added, custom promises are straight forward to use, there is no special syntax:

promise agent git
{
    path => "/var/cfengine/modules/promises/git_using_lib.py";
    interpreter => "/usr/bin/python3";
}

bundle agent __main__
{
    git:
        "/opt/cfengine/masterfiles"
          repo => "https://github.com/cfengine/masterfiles";
}

Modules can be implemented in any programming language, for example bash or python. You can get started adding your own promise types now, see the specification for more information. We will soon share more examples and details in a separate blog post.

Expressive new conditions using regular expressions

We’ve introduced new conditions which utilize regular expressions. As an example, filtering a few different versions of an OS becomes much easier:

Additionally, we’ve introduced conditions for whether inventory attributes are reported or not:

All of the new conditions can be used in alerts, host filters, and compliance reports.

Features already released in 3.15.3

3.17.0 also includes the improvements mentioned in the 3.15.3 release announcement:

Changelogs

As always, you can see a full list of changes and improvements in our changelogs:

Please note that the Enterprise changelogs contain only changes specific to enterprise. To get a full overview of all changes in a version, read all 3 changelogs.

Dependencies

The table below shows versions of dependencies used in 3.17.0, compared to the latest LTS releases:

CFEngine version 3.12.6 3.15.3 3.17.0 Notes
Apache 2.4.43 2.4.46 2.4.46 Hub only
apr-util 1.6.1 1.6.1 1.6.1 Hub only
APR 1.7.0 1.7.0 1.7.0 Hub only
diffutils 3.7 Introduced in 3.17.0
Git 2.28.0 2.28.0 2.29.2 Hub only
libacl 2.2.53 2.2.53 2.2.53
libattr 2.4.48 2.4.48 2.4.48
libcurl 7.72.0 7.72.0 7.73.0
libgnurx 2.5.1 2.5.1 2.5.1 Windows only
libiconv 1.16 1.16 1.16
libxml2 2.9.10 2.9.10 2.9.10
libyaml 0.2.5 0.2.5 0.2.5
LMDB 0.9.26 0.9.26 0.9.27
OpenLDAP 2.4.53 2.4.53 2.4.56
OpenSSL 1.1.1g 1.1.1g 1.1.1h
PCRE 8.44 8.44 8.44
PHP 7.2.34 7.4.10 7.4.12 Hub only
PostgreSQL 10.14 12.4 13.0 Hub only
pthreads-w32 2-9-1 2-9-1 2-9-1 Windows only
rsync 3.2.3 3.2.3 3.2.3 Hub only
SASL2 2.1.27 2.1.27 2.1.27 Solaris only
zlib 1.2.11 1.2.11 1.2.11

Thank you to all the developers and maintainers of Open Source Software which make CFEngine possible!

Contributions

We encourage all of our users to get involved in the community and contribute. Feel free to use one of the following channels:

Ole Herman Elgesem

CFEngine Product Manager