A while back we released version 2 of cfbs, and even though we release versions of this tool quite frequently, without announcing it on the blog, we thought this was a good opportunity to talk a bit about the tool, what’s new and our direction with it in the future. The reason why we called this the “2.0” release is that we are trying to follow semantic versioning, and there were some big new features in the release which could be considered breaking changes.
In the upcoming CFEngine 3.20 release we are making a change in the behaviour of the create attribute for the files promises that manage the entire content of a file. This includes promises with the template methods mustache, inline_mustache and cfengine; as well as promises with the content attribute.
The motivation behind these new changes is two-fold; make it easier to learn CFEngine policy language and understand what policy is doing, and to prevent CFEngine from creating empty configuration files.
A recent change in the Masterfiles Policy Framework (MPF) is renaming bundle agent main to bundle agent mpf_main.
This change is intended to make it easier to run individual parts of your policy leveraging the library main bundle functionality (bundle agent __main__).
Library main bundles were first introduced in CFEngine 3.12.0. The functionality allows for the definition of bundle agent __main__. When this bundle definition is present in the policy entry (the first policy file that CFEngine reads) the bundle is understood to be used as the default bundlesequence.
The CFEngine team is pleased to announce a competition for students in Norway. We want you to write a module in Python, and submit it to CFEngine Build. Your module will be Open Source (MIT License), available for our community of users worldwide. CFEngine is a programming language, and modules can be added to do whatever the user needs, so the possibilities are endless. You can look at some examples for inspiration at the end of this blog post.
rxdirs has provided a convenient default when setting permissions recursively. When enabled (the default prior to version 3.20.0) a promise to grant read access on a directory is extended to also include execution since quite commonly if you want to read a directory you also want to be able to list the files in the directory. However, the convenience comes with the cost of complicating security reviews since the state requested on the surface is more strict than what is actually granted. This can both undermine the understanding of the desired state of the permissions as well as confidence that the policy accurately describes the resulting state and we have decided the convenience is not worth the cost.
Earlier this year, we hinted at what we were working on - a place for users to find and share reusable modules for CFEngine. Today, the CFEngine team is pleased to announce the launch of CFEngine Build:
The new website, build.cfengine.com, allows you to browse for modules, and gives you information about how to use each one of them. When you’ve found the module you were looking for, it can be downloaded and built using the command line tooling.
As we’ve hinted at before, 2021 will be a big year for CFEngine. In the summer, we will release CFEngine 3.18 LTS. This is the first LTS release with Compliance Reports, Custom Promise types, and all of the other improvements we’ve made over the past year.
Collaboration In addition to implementing valuable functionality for our users, we are focusing on better ways of interacting with them, and more opportunities for contribution, collaboration and sharing. The beginning of this was the introduction of GitHub Discussions - a platform where users can ask questions, submit ideas, or show off their CFEngine-related creations. One month later, in March, we launched our new website. The new website should make it easier for users to find what they’re looking for, and also has some sections with great content, such as videos, case studies, and white papers. Now, we are excited to share our plans for the rest of the year.
As an MSSP (Managed Security Service Provider), HIPAA Vault relies on CFEngine to automate & secure their infrastructure on behalf of their customers. HIPAA Vault has been a longtime CFEngine Community user since 2012 and recently upgraded to Enterprise in order to boost their infrastructure visibility through Mission Portal and features like Compliance Reporting that help them provide a more secure & compliant cloud hosting solution.
We chose CFEngine over others because it is the most trusted and reliable solution in the market. We are more interested in dependability than having the new shiny tool that just hit the market. says Gil Vidals, Founder & CEO of HIPAA Vault
New CFEngine Website Today we’re excited to announce the release of our new website. This has been several months in the making and just one of many big announcement we have planned for 2021. Our goal in redesigning the website is simply to enhance your experience when visiting.
Whether you’re an IT Manager evaluating our Enterprise feature set, a Systems Administrator interested in trying CFEngine for the first time or a long time community member, we hope our new website helps you find exactly what you’re looking for quickly and easily.
As we enter 2020 and reflect on the various contributions the project has received we want to take a moment to recognize one of the more prolific contributors as a CFEngine Champion.
It’s my honor to announce and welcome Dimitrios Apostolou as the latest CFEngine Champion. At the time of this writing, he is the fourth most prolific committer in cfengine/core with 1101 commits.
2584 Mikhail Gusarov 2045 Mark Burgess 1430 Sigurd Teigen 1101 Dimitrios Apostolou 825 Kristian Amlie Notably, as an employee of CFEngine AS and Northern.tech AS Dimitrios was responsible for introducing Protocol 2 (TLS), greatly improving the performance of cf-serverd, and refactoring the policy evaluation to improve the speed of iteration over large and complex lists and data structures. As a community member, Dimitrios worked in his spare time to open source cf-monitord bringing the ability to write custom measurement promises to the Community edition. Thank you, Jimis. You have significantly enhanced the CFEngine community through your individual efforts. Know someone that has significantly enhanced CFEngine through their contributions to the project itself or via their engagement with the community? Nominate them!
