Show posts tagged:

Change in behavior: The arglist attribute now preserves spaces

When executing commands in a shell, the program and its arguments are typically separated by spaces. This command reads the content of two files and prints it out (concatenating it): command cat one.txt two.txt In the example above, cat is the command / program, while one.txt is the first argument, and two.txt is the second argument. This is great because it makes commands really easy to read and type, however there is one obvious drawback: When a space has a special meaning (separating arguments), what do you do when you actually need a space?

Posted by Lars Erik Wik
January 17, 2024

Change in behavior: ignore_interfaces.rx prefers a new location

ignore_interfaces.rx can be populated with regular expressions that match network interface names. When an interface matches CFEngine will ignore the interface. In the upcoming release of 3.23.0, and in the future release of 3.21.4 there is a change in behavior with respect to the preferred location of ignore_interfaces.rx from $(sys.inputdir) (typically /var/cfengine/inputs) to $(sys.workdir) (typically /var/cfengine). The change from $(sys.inputdir) to $(sys.workdir) makes it easier to ignore different interfaces on different hosts.

Posted by Nick Anderson
November 16, 2023

Change in behavior: self upgrade now defaults to hub binary version

In the upcoming release of 3.23.0, there is a change in behavior with respect to the self upgrade policy. Beginning with 3.23.0 the self upgrade policy will default to the binary version that is running on the hub instead of the version of the policy framework that is executing. When upgrading CFEngine1 there are three major steps: Upgrade the Masterfiles Policy Framework (MPF) Upgrade the hub binaries Upgrade the client binaries Generally it’s desirable that the MPF version is equal to or greater than the hub binary version and the hub binary version is equal to or greater than the client binary version.

Posted by Nick Anderson
November 15, 2023

Change in behavior: Directories are now created with 700 instead of 755

In the upcoming release of CFEngine 3.21.0 there is a change in behavior with respect to default permissions of created directories. From 3.21.0 and later directories will be created with read, write, execute permissions only for the file owner. No permissions are granted for group or other. This change improves the default security posture to make sure that only the user executing CFEngine (typically root) will have access to content in newly created directories.

Posted by Nick Anderson
December 16, 2022

CFEngine Build System version 3

Our beloved cfbs CLI tool for working with CFEngine Build is rapidly evolving. At the time of writing, we are currently at version 3.2.1. Thus I would like to take this opportunity to talk a bit about the latest and greatest features; including support for users to manipulate input parameters in modules, as well as a couple of new build steps. If you haven’t yet got a hold of the latest version of cfbs, you can update it with pip using the following command:

Posted by Lars Erik Wik
November 15, 2022

Debian 11 and Ubuntu 22 aarch64 (arm64) packages available!

As a person who tries to work with as few resources as possible, whether it’s editing everything with ed(1) or using old laptops without screens for servers or turning off computers as much as possible I am happy to announce nightly packages are available for the aarch64 (ARM 64-bit) architecture. This enables low-power, low-cost devices such as the Raspberry Pi and many others to run CFEngine Enterprise. Why run CFEngine? It is lean on resources and rich in features!

Posted by Craig Comstock
August 18, 2022

Change in behavior: multiple cf-execd processes

Recently we introduced new feature where you can trigger agent runs and report collection from the Mission Portal UI. This required our daemon cf-execd to behave a bit differently when periodic agent runs occur. Previously the daemon would create a new thread in which to run cf-agent, capture output, wait for completion and move on. We changed the behavior so that the daemon forks itself and then fork/execs cf-agent as before, with the forked cf-execd processing agent run output.

Posted by Craig Comstock
June 15, 2022

CFEngine Build System version 2

A while back we released version 2 of cfbs, and even though we release versions of this tool quite frequently, without announcing it on the blog, we thought this was a good opportunity to talk a bit about the tool, what’s new and our direction with it in the future. The reason why we called this the “2.0” release is that we are trying to follow semantic versioning, and there were some big new features in the release which could be considered breaking changes.

June 14, 2022

Change in behavior: Creating files by default

In the upcoming CFEngine 3.20 release we are making a change in the behaviour of the create attribute for the files promises that manage the entire content of a file. This includes promises with the template methods mustache, inline_mustache and cfengine; as well as promises with the content attribute. The motivation behind these new changes is two-fold; make it easier to learn CFEngine policy language and understand what policy is doing, and to prevent CFEngine from creating empty configuration files.

Posted by Lars Erik Wik
April 22, 2022