As we enter 2020 and reflect on the various contributions the project has received we want to take a moment to recognize one of the more prolific contributors as a CFEngine Champion.
It’s my honor to announce and welcome Dimitrios Apostolou as the latest CFEngine Champion. At the time of this writing, he is the fourth most prolific committer in cfengine/core with 1101 commits.
2584 Mikhail Gusarov 2045 Mark Burgess 1430 Sigurd Teigen 1101 Dimitrios Apostolou 825 Kristian Amlie Notably, as an employee of CFEngine AS and Northern.tech AS Dimitrios was responsible for introducing Protocol 2 (TLS), greatly improving the performance of cf-serverd, and refactoring the policy evaluation to improve the speed of iteration over large and complex lists and data structures. As a community member, Dimitrios worked in his spare time to open source cf-monitord bringing the ability to write custom measurement promises to the Community edition. Thank you, Jimis. You have significantly enhanced the CFEngine community through your individual efforts. Know someone that has significantly enhanced CFEngine through their contributions to the project itself or via their engagement with the community? Nominate them!
Today marks a new milestone for CFEngine, with the release of the new CFEngine 3.15.0 LTS. This is the newest Long Term Supported CFEngine series, introducing a lot of great stuff. The biggest new feature in CFEngine 3.15 is Federated Reporting, which we will cover later in this blog post, but there are many other new improvements as well. If you are interested to learn more, schedule training, or hear about pricing options, feel free to reach out to us! Last week, we launched the last release of the CFEngine 3.10 LTS series, and support for 3.10 is coming to an end at the end of this year. CFEngine 3.12 LTS is still under standard support for another 18 months, and CFEngine 3.15 will receive standard support for the next 3 years. This is all described in the CFEngine release schedule. We are always looking for new contributions to CFEngine! Are you unsure how to get started? Please check out our contributing guide in addition to the following suggestions.
We are now happy to release two new LTS versions of CFEngine, 3.10.7 LTS, and 3.12.3 LTS.
CFEngine 3.10.7 - end of life This will be the last release of the CFEngine 3.10 LTS series. Standard Support of CFEngine 3.10 LTS ends end of this year. If you would like extended support, please contact us. From the CFEngine release schedule, we see that CFEngine 3.10 LTS is maintained and supported until December 28th, 2019. That is the end of this year, so you should start planning on upgrading to CFEngine 3.12 LTS, or the soon to be released CFEngine 3.15.0 LTS that is scheduled to be released in the next few weeks. 3.10.7 LTS is the last maintenance release (patch release) of the CFEngine 3.10 LTS series. The goal of this release is to make sure that the stability and reliability for CFEngine users that cannot immediately upgrade to 3.12, and enable a safe upgrade path. As such, this release includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases.
Problem to solve When working on the new Federated Reporting feature for CFEngine we had to solve the problem of collecting data from multiple CFEngine hubs (feeders) on a single hub (superhub). CFEngine hubs are using PostgreSQL to store data, so, more specifically, the problem was how to collect data from multiple PostgreSQL databases in one PostgreSQL database. And because we are talking about ~1 GiB of SQL data per feeder hub and for example 10 feeders connected to a superhub here, the initial and trivial solution using basically this ETL (Extract Transform Load) pipeline - pg_dump | gz | ssh | gunzip | psql - provided really poor performance. The problem was in the last part of the pipeline - importing data using psql. Reading and writing 10 GiB of data of course takes a while, but we soon realized that I/O speed was not the bottleneck in this case.
Today we are happy to announce the general availability of CFEngine 3.15.0 beta. CFEngine 3.15 is our upcoming LTS (Long Term Support) release. The main focus of this release has been the new Federated Reporting feature. It also contains a lot of performance work and stability improvements. You can download CFEngine 3.15 LTS beta here.
Beta program CFEngine 3.15 is a beta release that is not generally supported, however, the quality is good and interesting new features are available. So, in order for all the new features to be of the best quality, we make it available to you to test already now. We appreciate all the feedback we can get on this beta release. If you test it, you can provide any and all feedback through a quick survey here. We are eagerly awaiting your feedback. You can also email us, or contact us through our webpage.
On [2019-07-29 Mon] we released new builds of our Enterprise Hub packages for 3.12.2 and 3.14.0. This release addresses CVE-2019-10164.
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user’s own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
CFEngine Enterprise LTS versions 3.12.0, 3.12.1, 3.12.2-1, 3.12.2-2, and non-LTS version 3.14.0 vendor PostgreSQL versions affected by this vulnerability. In the default configuration as access to root or cfpostgres local users must be achieved first.
Today we are very proud and happy to launch our latest non-supported release, CFEngine 3.14.0. 3.14 is a great number, being the closest we will get to π, we also wanted to introduce something very special this time around, and we did!
New features Let’s start with an overview of some new changes debuting in CFEngine 3.14.
Improved Role Based Access Control (RBAC) In CFEngine 3.14 we have introduced a new backend for managing RBAC settings, as well as a whole new UI in the Mission Portal to manage this. This allows for more granular RBAC settings and makes it simple to set up roles with very limited and specific access. This new Mission Portal & API RBAC is based on existing roles. RBAC is a tricky topic, and we advise to create specific roles when users should have specific access. The permissions are purely additive, i.e. they give permission to access something. Every role has a set of permissions, and in the case where a user has more than one role, she has access to all the permissions of those roles.
We are happy to release the 2nd update to the CFEngine 3.12 LTS series. This update comes with many important stability and performance improvements and is thus well worth the upgrade from an older version of 3.12 LTS. CFEngine 3.12 LTS brings a lot of innovation, new features and improved performance to CFEngine, and allows you to make the most efficient use of your time. We are looking forward to your feedback on this release. Looking at the CFEngine release schedule, we can see that CFEngine 3.12 LTS is maintained and supported until June, 2021 3.12.2 LTS is a maintenance release (also known as a patch release), with the goal to increase the stability and reliability for CFEngine users and enable a safe upgrade path. As such, this release primarily includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases. Do you want to start contributing to CFEngine, but are unsure how? Please check out our contributing guide in addition to the following suggestions.
We are now happy to release the 6th update to the CFEngine 3.10 LTS series. This update comes with many important stability and performance improvements and is thus well worth the upgrade from an older version of 3.10 LTS. Looking at the CFEngine release schedule, we can see that CFEngine 3.10 LTS is maintained and supported until December 27th, 2019.That is the end of this year, so you should start planning on upgrading to CFEngine 3.12 LTS, or the upcoming 3.15.0 LTS that is scheduled to be released around the same time as 3.10 reaches its end of life. 3.10.6 LTS is a maintenance release (also known as a patch release), with the goal to increase the stability and reliability for CFEngine users and enable a safe upgrade path. As such, this release primarily includes bug fixes and low-risk changes that do not impact the compatibility between previous patch releases. Do you want to start contributing to CFEngine, but are unsure how? Here are some nifty tricks.
About a year ago, I wrote a small python script to automate installing and bootstrapping CFEngine on virtual machines in AWS. It had some hard coded IP addresses that I needed to update when I spawned new hosts, but other than that, it worked well. During manual testing, it saved me a lot of time instead of having to do things manually. Deploying CFEngine normally consists of these steps:
Determine what CFEngine package to use. Download appropriate package if you haven’t already - curl. Copy the package to the host - scp. Log into the host - ssh. Install the package - rpm / dpkg. Bootstrap CFEngine - cf-agent -B. At a company hackathon I decided to make my script into something better, something that would be useful to my colleagues, and maybe even CFEngine users in general. Enter cf-remote.
