We’re happy to announce that CFEngine 3.7.1 is now ready! Given that this is the first maintenance release in the 3.7 branch, the focus is primarily on stability and reliability of new features added in 3.7.0. For improved resiliency of Enterprise High Availability in environments that need it, we also added support for an offsite replication node.
Offsite replication support for Enterprise High Availability The High Availability cluster has until now consisted of 2 nodes; an active and passive. If the active goes down, the clients would fail over to the passive. However, some environments require the CFEngine Server to continue to operate even during a complete datacenter failure. In 3.7.1, support for a third HA node has been added: an offisite replication node. This node will replicate data from the active node, and can be manually promoted to an active node in case both the two other nodes goes down. You can read more in the new section of the High Availability installation documentation.
We’re happy to announce that CFEngine 3.6.6 is now ready! The new release has improved performance and reliability, especially on the CFEngine Enterprise backend, as well a stability and performance improvements across Unix and Windows agent platforms! Given that this is the sixth maintenance release in the 3.6 branch, the focus is primarily on stability and performance enhancements.
Enterprise report collection enhancements CFEngine 3.6.6 significantly improves the performance and reliability of the Enterprise reporting backend in several ways. A known issue causing higher CPU usage of PostgreSQL has been resolved. Secondly, the PostgreSQL maintenance settings (known as “vacuuming”) have been optimized to reduce the disk fragmentation and thus supporting policies with frequently changing promises much better. For example, if there are frequent uses of if_elapsed in the policy, this optimization will make a significant difference. In some instances, the Enterprise hub would log errors about “status_pkey” to syslog, due to duplicate reports coming from clients. This has also been resolved in 3.6.6. Finally, environments where client-initiated reporting is enabled (known as “call collect”) will see big scalability enhancements. Call collect has been scale tested to several thousand clients over a long period of time.
We’re happy to announce that CFEngine 3.7.0 is now ready! The 3.7.0 release contains a brand new packages promise, expanded platform support, enhanced network security, improved Enterprise reporting capabilities and much more!
New packages promise A new packages promise has been developed in collaboration the CFEngine community and users. It is designed to be reliable, simple and easy to use. We hope you enjoy the experience! It reuses the same promise type as the previous packages promise (packages:), but CFEngine will determine which one to use based on the attributes that are used in the promise type. The packages: promise type is fully backward-compatible, so any packages promises that you have from 3.6 or earlier versions should still work with 3.7. Currently supported platforms for the new packages promise include those based on yum/rpm (using package_module => yum) and apt/deb (using package_module => apt_get), but it can easily be extended by adding new package modules. Package modules are essentially wrappers for the package managers that implement the CFEngine package module protocol. As an example, you can use the following promise in 3.7 to track the latest package of apache on Red Hat systems: packages: "httpd" policy => "present", version => "latest", package_module => yum; You can read more about the new packages promise type in the packages reference documentation.
There has been a lot of discussions lately about changing how the CFEngine releases work, and what we want is to have something that is more systematic and predictable. There are many points that need to be considered, for instance:
How often should we release a new feature release?
How often will people actually upgrade? How often would contributors like to see new releases (with their fixes in)? How long should feature releases be supported?
We’re happy to announce that CFEngine 3.7.0 beta is now ready for testing! The 3.7.0 beta contains a brand new packages promise, enhanced network security, improved Enterprise reporting capabilities and much more!
New packages promise A new packages promise has been developed; it reuses the same promise type as the previous packages promise (packages:), but CFEngine will determine which one to use based on the attributes that are used in the promise type. The packages: promise type is fully backward-compatible, so any packages promises that you have from 3.6 or earlier versions should still work with 3.7. Currently supported platforms for the new packages promise include those based on yum/rpm (using package_module => yum) and apt/deb (using package_module => apt_get), but it can easily be extended by adding a new package_module. As an example, you can use the following promise to track the latest package of apache on Red Hat systems: packages: "httpd" policy => "present", version => "latest", package_module => yum; The development ticket for the new package promise contains more details about the promise and how to extend it.
We’re happy to announce that CFEngine 3.6.5 is now ready! The new release has improved support for Red Hat Enterprise Linux 7 and CentOS 7, as well as other distributions using systemd. In addition, performance of the agent in the Enterprise edition has been greatly improved.
Red Hat Enterprise Linux 7 support As CFEngine 3.6.3 introduced experimental support for Red Hat Enterprise Linux 7, the main outstanding issue was proper management of CFEngine processes with systemd. Systemd support is now integrated into the packages and a systemd class is defined on systemd-enabled platforms. Also note that services promises already detects and supports systemd. For 3.6 there are new packages for Red Hat 7, so make sure you pick those for this OS family version (only). These packages will only work properly on Red Hat 7, CentOS 7 and similar, but not on previous versions of the operating systems. The Enterprise hub does not yet support Red Hat 7, but the Enterprise agent and the community edition does. We plan to unify these packages in 3.7, so that there is one package for each OS type. If you’re interested in the details, you can find the CFEngine buildscripts on on GitHub. Also see the Known issues documentation page for platform-specific sections and please report any other issues you find in the issue tracker.
The CFEngine lab has been brewing on 3.6.4 over Christmas and is finally ready to release it to the world! With 3.6.4 being a patch release, it has a focus on stability and reliability of both the server and agent side. This is also the first release where user input has been incorporated in form of casting a vote for what to be improved - so make your voice heard!
Enterprise hub self-protection A major stability enhancement for report collection in CFEngine Enterprise hubs has been added to 3.6.4. The Enterprise hub collects reports from clients every 5 minutes by default, but in cases where it can not collect a round of reports from a client it will try to get what is missed the next time from that client; after another 5 minutes. This could happen for several reasons, for example that the client is temporarily offline. The amount of data that needs to be collected once the report collection succeeds again is proportional to the amount of time has passed since the last success. However, if the hub as been unsuccessful at collecting reports from a large amount of clients over a longer period of time, this can cause a high load on the hub once it succeeds again; potentially making the hub unstable and unresponsive until the collection is done. CFEngine 3.6.4 addresses this potential stability problem by introducing a maximum threshold on how long history the hub will try to collect from clients that have been offline; through the body hub control attribute client_history_timeout. By default the hub will discard the missed history (known as issuing a “rebase” collection query) from clients if more than 6 hours have passed since last successful collection in order to protect itself. If a client comes back after 6 hours, the load on the hub for discarding these last 6 hours versus collecting them are about the same – thus the 6 hour default. However, you can adjust this threshold if you expect your clients to be offline for longer amounts of time during normal operations. Note that in either case, history that already exists about the client in the hub’s database is not discarded.
CFEngine 3.6.3 is released! The new version brings broader platform support, UI performance and usability enhancements as well as bugfixes. It has again been about 8 weeks since the last release, and we are planning to further shorten the release intervals going forward to bring you enhancements faster. What you will also notice is that the focus is on stability and performance for 3.6.x releases, in order to make upgrades as safe as possible. Features and larger changes will be provided in the 3.7 branch.
CFEngine 3.6.2 is now available - in both Community and Enterprise editions! There are major new features in the Enterprise hub; High Availability and Custom actions. In addition, we have resolved numerous issues to provide you with a very stable release. It has been about 8 weeks since the 3.6.1 release, and we plan to continue on a 6-8 week schedule for maintenance releases going forward.
High availability for the hub A common requirement for most enterprises is that key processes and mission critical applications are highly available - in essence to ensure there is no single point of failure. Although CFEngine is a distributed system, with decisions made by autonomous agents running on each node, the hub can be viewed as a single point of failure. Essentially, the hub has two responsibilities:
We recently announced the general availability of CFEngine Enterprise 3.6.1. One of the key capabilities added to this maintenance release is a supported upgrade process. In today’s post, I’ll walk you through an outline of the upgrade procedure, which will hopefully provide a good starting point for you to map out the entire process for your CFEngine deployment. Note that the examples here assume starting the upgrade from a CFEngine 3.5.x install, but the same steps are applicable to version 3.0 as well. Don’t forget to refer to our online documentation for the complete set of steps.
