The CFEngine lab has been brewing on 3.6.4 over Christmas and is finally ready to release it to the world! With 3.6.4 being a patch release, it has a focus on stability and reliability of both the server and agent side. This is also the first release where user input has been incorporated in form of casting a vote for what to be improved - so make your voice heard!
Enterprise hub self-protection A major stability enhancement for report collection in CFEngine Enterprise hubs has been added to 3.6.4. The Enterprise hub collects reports from clients every 5 minutes by default, but in cases where it can not collect a round of reports from a client it will try to get what is missed the next time from that client; after another 5 minutes. This could happen for several reasons, for example that the client is temporarily offline. The amount of data that needs to be collected once the report collection succeeds again is proportional to the amount of time has passed since the last success. However, if the hub as been unsuccessful at collecting reports from a large amount of clients over a longer period of time, this can cause a high load on the hub once it succeeds again; potentially making the hub unstable and unresponsive until the collection is done. CFEngine 3.6.4 addresses this potential stability problem by introducing a maximum threshold on how long history the hub will try to collect from clients that have been offline; through the body hub control attribute client_history_timeout. By default the hub will discard the missed history (known as issuing a “rebase” collection query) from clients if more than 6 hours have passed since last successful collection in order to protect itself. If a client comes back after 6 hours, the load on the hub for discarding these last 6 hours versus collecting them are about the same – thus the 6 hour default. However, you can adjust this threshold if you expect your clients to be offline for longer amounts of time during normal operations. Note that in either case, history that already exists about the client in the hub’s database is not discarded.
CFEngine 3.6.3 is released! The new version brings broader platform support, UI performance and usability enhancements as well as bugfixes. It has again been about 8 weeks since the last release, and we are planning to further shorten the release intervals going forward to bring you enhancements faster. What you will also notice is that the focus is on stability and performance for 3.6.x releases, in order to make upgrades as safe as possible. Features and larger changes will be provided in the 3.7 branch.
CFEngine 3.6.2 is now available - in both Community and Enterprise editions! There are major new features in the Enterprise hub; High Availability and Custom actions. In addition, we have resolved numerous issues to provide you with a very stable release. It has been about 8 weeks since the 3.6.1 release, and we plan to continue on a 6-8 week schedule for maintenance releases going forward.
High availability for the hub A common requirement for most enterprises is that key processes and mission critical applications are highly available - in essence to ensure there is no single point of failure. Although CFEngine is a distributed system, with decisions made by autonomous agents running on each node, the hub can be viewed as a single point of failure. Essentially, the hub has two responsibilities:
We recently announced the general availability of CFEngine Enterprise 3.6.1. One of the key capabilities added to this maintenance release is a supported upgrade process. In today’s post, I’ll walk you through an outline of the upgrade procedure, which will hopefully provide a good starting point for you to map out the entire process for your CFEngine deployment. Note that the examples here assume starting the upgrade from a CFEngine 3.5.x install, but the same steps are applicable to version 3.0 as well. Don’t forget to refer to our online documentation for the complete set of steps.
If you’ve seen what we have delivered with CFEngine Enterprise 3.6.0 earlier this summer, I’m sure you realized what a feature-rich release this turned out to be. But we didn’t stop there. The CFEngine team has spent the past few weeks validating additional platforms, building a simplified upgrade process, and in the process, even added a few small enhancements to the mix! Today, we’re announcing CFEngine Enterprise 3.6.1 - a maintenance release with a number of goodies that I’m sure you will appreciate. Expanded Platform Coverage CFEngine Enterprise 3.6.1 now supports the following host platforms to provide you with comprehensive coverage within your IT infrastructure.
Thanks to all of you who tuned in for our ‘Introduction to CFEngine Enterprise 3.6.0’ Webinars last week. For those of you who could not attend, the recording is now available below - please be sure to watch and learn about CFEngine Enterprise 3.6.0 can help you:
Proactively alert on policy drifts in your environment through a simple-to-use, configurable dashboard Gain comprehensive visibility into your IT infrastructure with enhanced compliance and extensible inventory reporting Leverage new language abstractions to improve administration productivity Achieve painless integration with other IT systems using native JSON support
Inventory management in 3.6, part 1 - Showing variables and classes CFEngine 3.6 introduces a set of features for inventory management, and we’ll have a closer look at one of them today. This feature is part of both the Community and Enterprise editions. It essentially outputs the inventory in terms of classes and variables at a local node. Have a quick look at cf-promises -h of 3.6:
cf-promises -h Usage: cf-promises [OPTION]… [FILE] Options: –eval-functions, - value - Evaluate functions during syntax checking (may catch more run-time errors). Possible values: ‘yes’, ’no’. Default is ‘yes’ –show-classes, - - Show discovered classes, including those defined in common bundles in policy –show-vars , - - Show discovered variables, including those defined anywhere in policy –help , -h - Print the help message … You might see the two new options –show-classes and –show-vars. Let’s test them out.
Over the next few months we’ll be blogging about some of the great features, enhancements and bug fixes coming in CFEngine 3.6. All too often new software is released without anyone taking the time to tell you what’s been done and why it matters.
To start the series we have a blog post by Nick Anderson on the new Host Info Report in the community edition.
Check back each week to learn more about CFEngine 3.6.
We’re proud to release the first Beta package of CFEngine 3.6 to the Community for testing. The new version of CFEngine introduces a huge number of new features to the CFEngine language and a lot of improvements behind the scene. Some highlights from the ChangeLog file: - New promise type “users” for managing local user accounts. - TLS authentication and fully encrypted network protocol - New attributes in ‘bundle server access_rules’ - New variable type ‘data’ for handling of structured data - Tagging of classes and variables with meta data - Many new built-in variables - Many new functions You can download the beta packages for Debian and RedHat based Linux distributions from https://cfengine.com/inside/myspace. The documentation for CFEngine 3.6 lives at https://cfengine.com/docs/master/index.html and is work in progress. We’d like to invite everybody to help us improve CFEngine 3.6 by giving this first beta a trial run. However, this version of CFEngine is not yet ready for production environments, so do not upgrade your existing installation to these packages. Due to the network protocol and authentication changes, compatibility between 3.6 and previous CFEngine versions is limited at this point, and will be improved over the coming weeks as we get closer to the release. To report bugs, use our bug tracker at https://cfengine.com/dev. Contributions in form of pull requests can be made on GitHub at https://github.com/cfengine/core. A big shout-out to all the contributors in the community that have supported our work with feedback, bug reports, input to design discussions and code contributions!
CFEngine 3.5.3 is now available for download. This is a maintenance release of CFEngine 3.5, and introduces a number of fixes and improvements to both Community and Enterprise editions.
Changes in the CFEngine Core: Improved security checks of symlink ownership. A symlink created by a user pointing to resources owned by a different user will no longer be followed.
Changed the way package versions are compared in package promises. (Redmine #3314) In previous versions the comparison was inconsistent. This has been fixed, but may also lead to behavior changes in certain cases. In CFEngine 3.5.3, the comparison works as follows: <package-being-considered> <package_select> <package_version> For instance: apache-2.2.31 “>=” “2.2.0” will result in the package being installed. Bug fixes:
