We’re happy to announce that CFEngine 3.7.0 is now ready! The 3.7.0 release contains a brand new packages promise, expanded platform support, enhanced network security, improved Enterprise reporting capabilities and much more!
New packages promise A new packages promise has been developed in collaboration the CFEngine community and users. It is designed to be reliable, simple and easy to use. We hope you enjoy the experience! It reuses the same promise type as the previous packages promise (packages:), but CFEngine will determine which one to use based on the attributes that are used in the promise type. The packages: promise type is fully backward-compatible, so any packages promises that you have from 3.6 or earlier versions should still work with 3.7. Currently supported platforms for the new packages promise include those based on yum/rpm (using package_module => yum) and apt/deb (using package_module => apt_get), but it can easily be extended by adding new package modules. Package modules are essentially wrappers for the package managers that implement the CFEngine package module protocol. As an example, you can use the following promise in 3.7 to track the latest package of apache on Red Hat systems: packages: "httpd" policy => "present", version => "latest", package_module => yum; You can read more about the new packages promise type in the packages reference documentation.
There has been a lot of discussions lately about changing how the CFEngine releases work, and what we want is to have something that is more systematic and predictable. There are many points that need to be considered, for instance:
How often should we release a new feature release?
How often will people actually upgrade? How often would contributors like to see new releases (with their fixes in)? How long should feature releases be supported?
We’re happy to announce that CFEngine 3.7.0 beta is now ready for testing! The 3.7.0 beta contains a brand new packages promise, enhanced network security, improved Enterprise reporting capabilities and much more!
New packages promise A new packages promise has been developed; it reuses the same promise type as the previous packages promise (packages:), but CFEngine will determine which one to use based on the attributes that are used in the promise type. The packages: promise type is fully backward-compatible, so any packages promises that you have from 3.6 or earlier versions should still work with 3.7. Currently supported platforms for the new packages promise include those based on yum/rpm (using package_module => yum) and apt/deb (using package_module => apt_get), but it can easily be extended by adding a new package_module. As an example, you can use the following promise to track the latest package of apache on Red Hat systems: packages: "httpd" policy => "present", version => "latest", package_module => yum; The development ticket for the new package promise contains more details about the promise and how to extend it.
We’re happy to announce that CFEngine 3.6.5 is now ready! The new release has improved support for Red Hat Enterprise Linux 7 and CentOS 7, as well as other distributions using systemd. In addition, performance of the agent in the Enterprise edition has been greatly improved.
Red Hat Enterprise Linux 7 support As CFEngine 3.6.3 introduced experimental support for Red Hat Enterprise Linux 7, the main outstanding issue was proper management of CFEngine processes with systemd. Systemd support is now integrated into the packages and a systemd class is defined on systemd-enabled platforms. Also note that services promises already detects and supports systemd. For 3.6 there are new packages for Red Hat 7, so make sure you pick those for this OS family version (only). These packages will only work properly on Red Hat 7, CentOS 7 and similar, but not on previous versions of the operating systems. The Enterprise hub does not yet support Red Hat 7, but the Enterprise agent and the community edition does. We plan to unify these packages in 3.7, so that there is one package for each OS type. If you’re interested in the details, you can find the CFEngine buildscripts on on GitHub. Also see the Known issues documentation page for platform-specific sections and please report any other issues you find in the issue tracker.
The CFEngine lab has been brewing on 3.6.4 over Christmas and is finally ready to release it to the world! With 3.6.4 being a patch release, it has a focus on stability and reliability of both the server and agent side. This is also the first release where user input has been incorporated in form of casting a vote for what to be improved - so make your voice heard!
Enterprise hub self-protection A major stability enhancement for report collection in CFEngine Enterprise hubs has been added to 3.6.4. The Enterprise hub collects reports from clients every 5 minutes by default, but in cases where it can not collect a round of reports from a client it will try to get what is missed the next time from that client; after another 5 minutes. This could happen for several reasons, for example that the client is temporarily offline. The amount of data that needs to be collected once the report collection succeeds again is proportional to the amount of time has passed since the last success. However, if the hub as been unsuccessful at collecting reports from a large amount of clients over a longer period of time, this can cause a high load on the hub once it succeeds again; potentially making the hub unstable and unresponsive until the collection is done. CFEngine 3.6.4 addresses this potential stability problem by introducing a maximum threshold on how long history the hub will try to collect from clients that have been offline; through the body hub control attribute client_history_timeout. By default the hub will discard the missed history (known as issuing a “rebase” collection query) from clients if more than 6 hours have passed since last successful collection in order to protect itself. If a client comes back after 6 hours, the load on the hub for discarding these last 6 hours versus collecting them are about the same – thus the 6 hour default. However, you can adjust this threshold if you expect your clients to be offline for longer amounts of time during normal operations. Note that in either case, history that already exists about the client in the hub’s database is not discarded.
CFEngine 3.6.3 is released! The new version brings broader platform support, UI performance and usability enhancements as well as bugfixes. It has again been about 8 weeks since the last release, and we are planning to further shorten the release intervals going forward to bring you enhancements faster. What you will also notice is that the focus is on stability and performance for 3.6.x releases, in order to make upgrades as safe as possible. Features and larger changes will be provided in the 3.7 branch.
CFEngine 3.6.2 is now available - in both Community and Enterprise editions! There are major new features in the Enterprise hub; High Availability and Custom actions. In addition, we have resolved numerous issues to provide you with a very stable release. It has been about 8 weeks since the 3.6.1 release, and we plan to continue on a 6-8 week schedule for maintenance releases going forward.
High availability for the hub A common requirement for most enterprises is that key processes and mission critical applications are highly available - in essence to ensure there is no single point of failure. Although CFEngine is a distributed system, with decisions made by autonomous agents running on each node, the hub can be viewed as a single point of failure. Essentially, the hub has two responsibilities:
We recently announced the general availability of CFEngine Enterprise 3.6.1. One of the key capabilities added to this maintenance release is a supported upgrade process. In today’s post, I’ll walk you through an outline of the upgrade procedure, which will hopefully provide a good starting point for you to map out the entire process for your CFEngine deployment. Note that the examples here assume starting the upgrade from a CFEngine 3.5.x install, but the same steps are applicable to version 3.0 as well. Don’t forget to refer to our online documentation for the complete set of steps.
If you’ve seen what we have delivered with CFEngine Enterprise 3.6.0 earlier this summer, I’m sure you realized what a feature-rich release this turned out to be. But we didn’t stop there. The CFEngine team has spent the past few weeks validating additional platforms, building a simplified upgrade process, and in the process, even added a few small enhancements to the mix! Today, we’re announcing CFEngine Enterprise 3.6.1 - a maintenance release with a number of goodies that I’m sure you will appreciate. Expanded Platform Coverage CFEngine Enterprise 3.6.1 now supports the following host platforms to provide you with comprehensive coverage within your IT infrastructure.
Thanks to all of you who tuned in for our ‘Introduction to CFEngine Enterprise 3.6.0’ Webinars last week. For those of you who could not attend, the recording is now available below - please be sure to watch and learn about CFEngine Enterprise 3.6.0 can help you:
Proactively alert on policy drifts in your environment through a simple-to-use, configurable dashboard Gain comprehensive visibility into your IT infrastructure with enhanced compliance and extensible inventory reporting Leverage new language abstractions to improve administration productivity Achieve painless integration with other IT systems using native JSON support
