Interested in seeing promise results (KEPT, REPAIRED, NOTKEPT) overlaid on top of the policy itself?
Craig (Digger) and Nick (Doer of Things) kick off the new series, “The agent is in” and take a look at the policy analyzer in CFEngine Enterprise Mission Portal.
Video The video recording is available on YouTube:
At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees.
I have a setup at home where I keep a local git server running on a Raspberry Pi 3 which contains personal/work journal, dotfiles and a personal policy repository. It was set up manually so before adding a new git repository for a family password store I set about retrofiting the configuration in CFEngine. The goal in this blog is to ensure that what I have already is managed by CFEngine and that what I want to add, /srv/git/passwords.
CFEngine 3.17.0 introduced custom promise types, which enable CFEngine users to extend core functionality and policy language in a simple way. As an example of the power and simplicity of this new feature, I will show a promise type that helps to observe a website’s status. The module which implements this promise type was written in a couple of hours.
Creating a promise type for whether a site is up We will use Python and the CFEngine library to implement a promise module.
Several months ago I started the practice of using CFEngine Enterprise and its Mission Portal UI on a daily basis to manage the connected devices in my home. To start, I brought up an old desktop machine, cfengine-hub, to use as my hub and downloaded Enterprise, which is free for use up to 25 hosts. The next step in using best practices is to deploy policy from a version control repository.
In CFEngine 3.17, custom promise types were introduced. This allows you to extend policy language, managing resources which don’t have built in promise types. The implementation of custom promise types is open source, and available in both CFEngine Enterprise and CFEngine Community. To implement a new custom promise type, you need a promise module. (The promise type is what you use in policy language (the concept), while the module is the underlying implementation - can be a python script, compiled executable or similar).
We are pleased to announce the release of CFEngine 3.17.0, with the theme Flexibility! This is a non-LTS release and allows the CFEngine community to test the features which will be in CFEngine 3.18.0 LTS (Summer 2021).
What’s new? A new look - Mission Portal Dark Mode Mission portal now gives you the option of switching to an alternate color theme, dark mode:
Trigger report collection from Host Info Page You no longer have to wait for the next reporting interval, or use the command line to get updated reports.
My laptop was getting staleā¦ I’ve been using it every work day for about 2.5 years now and so much software is installed it just boggles my mind. I really love it otherwise, open source, trying to be transparent, generally has worked amazingly! I have a Librem 15v3 from Purism. My home dir is a maze of old and new directories, odd files, tons of ~/Downloads junk. And the real kicker?
Today we announce the newest additions to CFEngine. CFEngine 3.16 brings several improvements, bug fixes, and new features. The theme for this release has been compliance, and it notably includes a new category of reports for proving compliance to regulation and other compliance frameworks in high level, easy to read reports. If you are interested to learn more about CFEngine, schedule training, or hear about pricing options, feel free to reach out to us!
We are today very excited to bring you new updates to CFEngine. This is a set of patch releases for the CFEngine 3.12 LTS and 3.15 LTS series. We usually release new patch releases every 6 months, but we want to bring new features and all improvements and bug fixes to our users as soon as possible. Hence these early releases. In CFEngine 3.15 LTS we introduced Federated Reporting, our single pane of glass reporting architecture.
CFEngine 2 network communication is insecure by today’s standards.
CFEngine 2 CVE-2016-6329: CFEngine 2 uses Blowfish cipher (1993) which today is considered: Weak Deprecated Subject to key recovery attack No security fixes since 2008. Protocol communications not encrypted; only data transfer (which facilitates attack). Encryption is off by default. CFEngine 3 All communication is encrypted Uses TLS 1.3 (current state of the art) Up to date, maintained, secure from the software vendor Full Enterprise support, with SLA.
