We’re happy to announce that CFEngine 3.9.0 non-LTS now is released! A big thanks to everyone testing the 3.9.0 beta release! Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
Running remote bundles CFEngine 3.9 introduces a simple way to trigger bundles to run remotely by using cf-runagent –remote-bundles to ask a remote cf-serverd to run a given set of bundles. For example:
We’re happy to announce that CFEngine 3.9.0 non-LTS beta is now ready for testing! The established CFEngine release schedule shows that the 3.9.0 final version is due in June 2016, so it’s time to test and fix any remaining issues. Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers, but packages are available for testing.
We’re happy to announce maintenance releases for all supported CFEngine release branches today! Being maintenance (aka patch) releases, the goal is to increase stability and reliability for CFEngine users and enable a safe upgrade-path. As such, the releases primarily include bugfixes and low-risk changes that do not impact the compatibility between previous patch releases. Looking at the CFEngine release schedule, we can see that
3.7 LTS is maintained until July 17th 2018 3.6 is maintained until July 17th 2016 (released before CFEngine incorporated the LTS model) 3.8 (being a non-LTS release) is maintained until 3.9.0 is released For CFEngine Enterprise customers, the supported releases as of today are 3.7 and 3.6. If you are on 3.6, it is a good time to prepare for an upgrade to 3.7, as the next supported minor release will be 3.10 LTS due end of 2016. If you are planning to contribute improvements to 3.9 (thank you!), please note that we would need the pull requests by beginning of April in order to have time to incorporate them into 3.9.
We’re happy to announce that CFEngine 3.8.1 non-LTS now is released! Please note that this is a non-LTS release, which means that it is maintained for 6 months from the minor version’s (3.8.0 in this case) release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
Changes and improvements The def.json feature for overriding CFEngine default configuration was introduced in 3.7 and has since seen significant adoption. The main goal of this feature is to make upgrades easier, as it makes the difference between vanilla masterfiles and user masterfiles much easier to manage. However, several users have reported unexpected behaviour with the feature, because some of the variables in def.json were not parsed early enough to be taken into account by CFEngine. This triggered several discussions, also by the CFEngine Community Advisory Board. A new design has been introduced to parse def.json natively in C, which should resolve this issue. If you had this problem, please let us know if it is resolved in 3.8.1! All bundled dependencies have been upgraded to their latest version to bring in the latest security, performance and reliability improvements. All 3.8.1 CFEngine installations include these key dependencies, among others: OpenSSL 1.0.2e, PCRE 8.38, libxml2 2.9.3, OpenLDAP 2.4.43, libcurl 7.46.0, LMDB 0.9.17. CFEngine Enterprise Policy Servers also have upgraded dependencies and include PHP 5.6.17, Redis 3.0.6, git 2.6.5. OpenSSL recently published a security advisory, but CFEngine is not affected because neither DH nor DHE key exchange can be used by CFEngine. It is probably a good idea to check other products you use, though. Please see the Community Change Log and Enterprise Change Log for a detailed list of new features and changes. We highly appreciate community contributors for pull requests that made it in time for 3.8.1!
UPDATE, 2016-02-22: After feedback from CFEngine users and several discussions around a variable expansion performance issue, we decided to put this expansion issue higher on the priority list for 3.9. We still plan to address some high-impact logging issues for 3.9, most notably adding a line-level email-filtering feature. With CFEngine 3.8 released on target in December, and we’ve entered 2016 it’s time to look ahead to CFEngine 3.9! According to the CFEngine release schedule, 3.9 will be a non-LTS release and is due for June 2016. If you’re considering to contribute a major change or feature to CFEngine (thank you!) and would like to see it in 3.9, please note that we have a beta period for one month, so your pull request should be ready (i.e. reviewed and any adjustments made) in early April in order to make it. We’d also like to share that logging will be the release theme for 3.9!
We’re happy to announce that CFEngine 3.8.0 non-LTS now is released! A big thanks to everyone testing the 3.8.0 beta release! During the month it has been available, the 3.8.0 beta has seen hundreds of downloads widely distributed across platforms, both in Community and Enterprise editions. This testing helps ensure high quality of the final release. Of course, bugfixes in recently released 3.7.2 are also incorporated into 3.8.0. Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers (but packages are available for testing). The established CFEngine release schedule gives an overview over the release timelines for all releases.
We’re happy to announce that CFEngine 3.7.2 is released! With 3.7 being a stable LTS branch, 3.7.2 brings numerous stability enhancements and bugfixes to the CFEngine customers and community. The main focus area for 3.7.2 is to improve fault-tolerance and performance of policy distribution in unreliable networks.
Enhanced reliability of policy distribution The ability to distribute policy from the Policy Server to clients is a critical function of CFEngine, which also must work well in unreliable networks. CFEngine already has protection against corruption of the main policy (promises.cf) with the separate update policy (update.cf). In turn, if the update policy fails validation, failsafe.cf is run. In 3.7.2 failsafe.cf is also re-generated if it does not exist (but not overwritten since users may have a custom failsafe.cf in some cases) – basically simulating a fresh bootstrap. So this means that CFEngine will now be able to recover from corruption of any policy and wipe of the entire inputs directory! In addition, we have been chasing an intermittent issue that in some extremely rare cases results in a directory be turned into a file for some time, and we now have evidence that this is completely fixed in 3.7.2! Performance of policy distribution with cf-serverd at scale (4000+ clients) has been significantly improved by reducing lock contention of malloc() as well as lock contention of getpwnam(). Finally, for CFEngine Enterprise installations using call collect (client-initiated reporting), the default collect_window has been increased from 10 to 30 seconds. This ensures call-collect works reliably in scaled environments (thousands of clients) with default configuration. In sum these changes will lead to much more reliable policy distribution – and hopefully provide users with some additional peace of mind!
We’re happy to announce that CFEngine 3.8.0 non-LTS beta is now ready for testing! The established CFEngine release schedule shows that the 3.8.0 final version is due before January 2016, so it’s time to test and fix any remaining issues. Please note that this is a non-LTS release, which means that it is maintained for 6 months from the release date and not supported for CFEngine Enterprise customers, but packages are available for testing.
We’re happy to announce that CFEngine 3.7.1 is now ready! Given that this is the first maintenance release in the 3.7 branch, the focus is primarily on stability and reliability of new features added in 3.7.0. For improved resiliency of Enterprise High Availability in environments that need it, we also added support for an offsite replication node.
Offsite replication support for Enterprise High Availability The High Availability cluster has until now consisted of 2 nodes; an active and passive. If the active goes down, the clients would fail over to the passive. However, some environments require the CFEngine Server to continue to operate even during a complete datacenter failure. In 3.7.1, support for a third HA node has been added: an offisite replication node. This node will replicate data from the active node, and can be manually promoted to an active node in case both the two other nodes goes down. You can read more in the new section of the High Availability installation documentation.
We’re happy to announce that CFEngine 3.6.6 is now ready! The new release has improved performance and reliability, especially on the CFEngine Enterprise backend, as well a stability and performance improvements across Unix and Windows agent platforms! Given that this is the sixth maintenance release in the 3.6 branch, the focus is primarily on stability and performance enhancements.
Enterprise report collection enhancements CFEngine 3.6.6 significantly improves the performance and reliability of the Enterprise reporting backend in several ways. A known issue causing higher CPU usage of PostgreSQL has been resolved. Secondly, the PostgreSQL maintenance settings (known as “vacuuming”) have been optimized to reduce the disk fragmentation and thus supporting policies with frequently changing promises much better. For example, if there are frequent uses of if_elapsed in the policy, this optimization will make a significant difference. In some instances, the Enterprise hub would log errors about “status_pkey” to syslog, due to duplicate reports coming from clients. This has also been resolved in 3.6.6. Finally, environments where client-initiated reporting is enabled (known as “call collect”) will see big scalability enhancements. Call collect has been scale tested to several thousand clients over a long period of time.
