Changelog
See also: Enterprise changelog, Masterfiles changelog
3.28.0
- Adapted date constraints to allow dates after Y2038 (CFE-4620)
- Added 2 most recent self upgrade log files to
cf-supportcollection (ENT-14144) - Added
GETPATCHprotocol command for serving leech2 patches (ENT-14104) - Added a new
smtpportbody executor controlattribute to specify on which port to send mail (ENT-4648) - Added
cancelattribute toclassespromises to undefine a class (CFE-4686) - Added
getdircommand tocf-net, recursively copies directory (CFE-2986) - Added
mpf_masterfiles_stage_build_alwaysflag file to enable legacy behavior ofmasterfiles-stageto always runcfbsbuild (ENT-13756) - Added
timer_policysupport forclassespromises and changed its default to"reset"(CFE-4681) - Enabled
expandrangeto output a single value - Enabled
select_regionto converge across multiple passes (CFE-3866) - Expanded syntax-description to include min/max argcount for func (ENT-13879)
- Fixed buffer overflow in the
filespromise - Fixed bug where isipinsubnet() fails to validate bogus IPv4 addresses when checking the 0.0.0.0/0 range (CFE-3081)
- Fixed
cf-agentSIGABRTonSIGTERMduring early policy validation (ENT-14139) - Fixed daemon hang on
SIGTERMduring child process wait (ENT-13720) - Fixed memory leak in isreadable() policy function
- Fixed out-of-bounds read in module protocol when a ‘%’ line has no ‘=’
- Fixed segfault when
cf-secretprint-headersis called without an encrypted file (CFE-4647) - Fixed unwanted syntax-error due to trailing commas in function/body calls (CFE-664)
- Fixed wording of premature error when changing into non-existent directory (CFE-4007)
- Improved persistent class logging in
EvalContextHeapPersistentSave(ENT-3868) - Made arguments in getgroups() and getusers() optional (ENT-9962)
cf-execdsystemctlstop now waits for in-flightcf-agentto finish (ENT-14108)
3.27.0
- Added evaluation order option in
body agent control(ENT-13295) - Added findlocalgroups() policy function (CFE-4550)
- Added getgroupinfo() policy function (CFE-4512)
- Added getgroups() policy function (ENT-12722)
- Added isnewerthantime() policy function (CFE-2815)
- Added missing recording of changes/failures when
cf-agentis flipping the immutable bit (ENT-13179) - Added policy function classfilterdata() (CFE-3421, ENT-6193)
- Added policy function getacls() (CFE-4529)
- Added
sys.policy_versionvariable (ENT-4043) - Added sysvinit
cf-php-fpmservice script for Mission Portal (ENT-13234) - Atomic permissions during file copy Temporary file is now set to promised permissions before replacing it with original during remote copy from (ENT-13163)
- Files promise can now modify immutable bit in file system attributes (CFE-1840, ENT-10961)
- Fixed assertion error in classfilterdata()
- Fixed bug in getacls() where no ACLs caused error
- Fixed a bug where a successful files content promise causes remaining
filespromise attribute handling to be skipped. (CFE-4569) - Remote file copy with the
copy_fromattribute now only preserves source file permissions if thepreserveattribute inbody copy_fromis true. Otherwise it will use the permissions of the destination file if it already exists and default permissions if it does not. (ENT-11988) - Fixed bug where rename fails to reset temporarily cleared immutable bit (ENT-13179)
- Fixed
cf-supportusage ofcoredumpctlmatching (ENT-13272) - Fixed crash in
readyamlwhen parsing an empty file (CFE-4595) - Fixed file descriptor leak in
sys.cpusockets(CFE-4536) - Fixed file descriptor leak when creating the
am_policy_hubfile - Fixed
move_obstructionssupport when using content andedit_templateattributes (CFE-4591) - Fixed bug causing rendered files can result in erroneously empty files as a result of promise locking (ENT-9980)
- Removed useless output from
cfengine3init script (ENT-13234) - The policy profiling logic is now implemented natively within the
cf-agent, replacing the previous reliance oncf-agentlogs and thecf-profile.plscript for faster execution (ENT-8096) - The
aclattribute of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - Classfilterdata() now supports
object_of_objectsandobject_of_arrays. The class expression can be stored in either the key to the object itself, or key/index inside object (CFE-4562) - The
contentattribute of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - The
copy_fromattribute of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - The
deleteattribute of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - The
edit_lineandedit_xmlattributes of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - The
permsattribute of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - The
renameattribute of thefilespromise can now override the immutable bit. The disabled file will inherit the immutable trait of the original file (CFE-1840, ENT-10961) - The
touchattribute of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - The
transformerattribute of thefilespromise can now override the immutable bit (CFE-1840, ENT-10961) - Added
default_directory_create_modetobody agent control(CFE-4590, ENT-13239) - Added
cf-profile.pyscript for processing profiling output - Added
evaluation_orderoption inbody file control(CFE-4598) - Added tag
derived-from-fileto Alpine, Amazon Linux, Arch, Debian, EOS, Fedora/Red Hat, Gentoo, Mandrake/Mandriva, Manjaro, OpenVZ, Oracle Linux, Oracle VM Server/Red Hat, Red Hat, Slackware, SuSE, Sun Cobalt, United Linux, VMware, Xen,have_aptitude, and other OS classes/variables (CFE-4531) - Fixed potential buffer overflow when creating tables using the databases promise type (ENT-13552)
- Fixed buffer overflow in build XPath for
edit_xml(ENT-13550) - Fixed buffer overflow in
cf-secretwhen using multiple keys of different sizes (ENT-13591) - Fixed heap buffer overflow in files
edit_line(ENT-13590) - Fixed json policy parsing by adding new field
evaluation_orderto the expected output - Fixed length checking in
StatFile(ENT-13542) - Fixed potential buffer overflow when computing chroot path (ENT-13551)
- Fixed potential buffer overflow when converting strings to GIDs/UIDs (ENT-13551)
- Packages promiser is now escaped when using shell commands (ENT-13535)
- Renamed changelog file to
CHANGELOG.md(ENT-13497)
Security fixes:
- CVE-2026-24712 - Injection in CFEngine Policy Language: https://cfengine.com/blog/2026/cve-2026-24710-and-cve-2026-24711-and-cve-2026-24712/
3.26.0
- Improved error message in
abortbundleclasses, for example when there are no matches due to using a space in the regular expression (CFE-4075) - Updated syntax description to include new
protocol_versionvalues (CFE-4483) - Switched to using current process ID to investigate proc filesystem to workaround in-container non-root owned symlinks (CFE-3429)
- Modified getindices() to return positional index from a list (CFE-2930)
- Changed
cf-net connectto return exit code 1 in case of error (CFE-4414) - Added
http_portandgetattrselinux permissions as needed for selinux policy on rhel-8 and rhel-9 (ENT-12954) - Added feature class for libpam (CFE-3371)
- Added hardclasses for log levels notice, warning and error (CFE-4126)
- Added
sys.cf_editionvariable that keeps track of whether cfengine is community or enterprise. (ENT-10078) - Added
sys.cpusocketsvariable (CFE-30) - Added
sys.moduledirvariable (CFE-1484) - Added
sys.keydirvariable (CFE-2822) - Added getbundlemetatags() policy function to get the list of metatags
of a bundle, in the same manner as
getclassmetatagsandgetvariablemetatags(CFE-4019) - Added is_type() policy function to check type of a variable (CFE-3641)
- Added useringroup() policy function that returns whether a user is a member of a group. (ENT-12721)
- Added findlocalusers() policy function that returns all the local users matching certain attributes (CFE-2318)
- Added hostswithgroup() policy function to get hosts from a group, selecting a specific field. This function is enterprise only (ENT-11325)
- Added isconnectable() policy function to check if a port is connectable within a time limit in seconds. (ENT-10666)
- Added an optional parameter strict for
validjsonandvaliddatapolicy functions. This makes the functions evaluate to false on json primitives. (CFE-4163) - Added missing “BEGIN meta promises” verbose logging (CFE-2829)
- Added option to print
rsyncperformance stats incf-net - Added php-fpm systemd service files to enable http2 in Mission Portal (ENT-11440)
- Fixed an issue where rhel >8 packages would not have correct openssl dependency version (ENT-12587)
- Fixed a bug causing a file to be closed twice in
CopyRegularFileDiskPerms()(CFE-4489) - Fixed a bug in parsing
process_selectfor Windows (ENT-12751) - Fixed a bug which removed performance benefits of
rsyncin file transfers (basis file was truncated on remote copy) - Fixed a bug where remotely copying large files consisting of random bytes would cause internal server error. (CFE-4507)
- Fixed incorrect handling of exit code in
cf-runagent(ENT-12712) - Fixed junk printed in case of internal server error (CFE-4507)
3.25.0
- Various SELinux fixes:
- Added create capability on
cfengine_var_lib_t:dirtocf-hub - Added filesystem and files unconfined access to
cf-monitordin cfengine-enterprise SELinux policy - Added
getattraccess forcf-serverdto socket file in CFEngine SELinux policy - Added
getattrcapability forcert_t:diras needed to CFEngine components in cfengine-enterprise SELinux policy - Added
sys_ptraceaccess forapachectlto runpsin CFEngine SELinux enterprise policy - Adjusted CFEngine SELinux policy to allow
cf-execdto runpscommand with policy version 33 - Adjusted SELinux policy to allow components which run
cf-promisestogetattreverywhere and read symlinks - Granted more access to certificates directory for CFEngine components in SELinux policy (ENT-12466)
- Added create capability on
- Adjusted
cf-supportfor exotic UNIX platforms (ENT-9786) - Adjusted
cf-supportto not fail if core dumps are available andgdbis missing (ENT-9786) - Agent now also ignores interfaces listed in
ignore_interfaces.rxwhen looking for IPv6 interface info. Variables such asdefault:sys.hardware_mac[<INTERFACE>]will no longer be defined for ignored interfaces. (ENT-11840) - Made
copy_frommore atomic infilespromises:- The new file (i.e.,
<FILENAME>.cfnew) is now created with correct permission during remote copy. Previously it would be created with default permissions. - The destination file (i.e.,
<FILENAME>) is no longer deleted on backup during file copy. Previously it would be renamed to<FILENAME>.cfsaved, causing the original file to disappear. Now an actual copy of the original file with the same permissions is created instead. As a result, there will no longer be a brief moment where the original file is inaccessible. (ENT-11988)
- The new file (i.e.,
- The file stream API now unlinks the destination file (i.e.,
<FILENAME>.cfnew) before opening it with theO_EXCLflag. Previously the agent would fail if the destination file already exists. Fortunately, the File Stream API unlinks this file afterwards, both on success and error, causing the agent to recover. Both thecf-net get <FILENAME>command and thecopy_fromattribute were affected. - The file stream API now writes sparse files (ENT-12414)
- Re-enabled DB migration support for LMDB
- Now creates backup before LMDB migration
- Handle LMDB migration failures
- In case of LMDB migration failures, the respective database file is moved to the side, and a fresh database is created.
- Changed
cf-net getto no longer unlink original file (ENT-12511) - SELinux: Allowed
cf-serverdto set its own limits (ENT-12446) commandspromises with exit codes not matching any_returncodesattributes fromclassesbody now log an error message not just an info message. (CFE-4429, ENT-12103)- Added acknowledged field to lastseen DB (ENT-11838)
- Added logging CFEngine component related SELinux denials in
cf-support(ENT-12137) - Added option to choose protocol version in
cf-net(ENT-12519) - Added a new network protocol version v4 - filestream (ENT-12414)
- Fixed bug causing LMDB database corruption
- Fixed possible segfault when backing up LMDB databases
3.24.0
- Added a sanity check to policy parser that checks for and warns in case of promise declarations with no actions. The motivation for this check is to aid policy writers in detecting semantic errors early. (ENT-11137)
- Added
sys.os_name_humanvariable for Alpine, postmarketOS, OpenBSD and NetBSD - Added warning log message when OS is not recognized (CFE-4342)
- Adjusted locale settings in masterfiles stage common script to handle more cases (ENT-11885)
- Adjusted package module inventory to include quotes around fields when needed (CFE-4341)
- Added
sys.os_name_humanandsys.os_version_majorvariables for Amazon. Additionally changed value ofsys.flavorfromAmazonLinuxtoamazon_linux_2, so that it is similar to other supported Linux distros. This change was necessary, due to the fact that thesys.os_version_majorvariable is derived from it. However, theAmazonLinuxclass previously derived fromsys.flavoris still defined for backwards compatibility. (ENT-10817) - CFEngine now uses PCRE2 for regular expressions (ENT-10629)
- CFEngine processes no longer suffer from the “Invalid argument” issues when working with LMDB (ENT-11543)
- Changed
cf-apachesystemd unit to reload configuration gracefully (ENT-11526) - Changed
cf-execd’s sleep behavior so it attempts to wake up at the beginning of every minute (ENT-11765) - File copying now uses more efficient implementation on Linux platforms (CFE-4380)
- Fixed bug in double expansion of foreign list variables with namespaces (ENT-11923)
- Fixed bug related to failing backwards directory traversal when using forward slashes in path argument of the findfiles_up() policy function on Windows.
- Fixed bug where
default:sys.fqhostcontained many spaces when domain is set inbody common control(CFE-4053) - Fixed
cf-supportcall tocf-promisesto collect all classes and vars (CFE-4300) - Fixed package promises with only promisers and no other attributes (CFE-4315, CFE-4398, CFE-4408)
- Modified package promise default. If
platform_defaultis present use that package module. (CFE-4315) - Ownership of symlinks is now handled properly (ENT-11235)
- SELinux no longer breaks exporting large reports as PDF (ENT-11154)
- The
arglistattribute in thecommandspromises now preserves whitespaces in the arguments. Whitespaces are currently not preserved on Windows, or if theuseshellattribute is set to anything other than"noshell". (CFE-2724, CFE-4294) - Trailing newline on
insert_treepromisers no longer removes ending tag forselect_xpath(CFE-3806) cf-agenthas two new options--no-augmentsand--no-host-specific-datato skip loading augments (def.jsonordef_preferred.json) and host-specific data (host_specific.json), respectively (ENT-10792)cf-agentnow has a new option--skip-bootstrap-service-startto skip starting CFEngine services during the bootstrap process (ENT-11932)cf-runalerts.serviceno longer exists, alerts are now periodically run bycf-reactor(ENT-11538)depth_searchacting on a non-directory promiser now handles such file as if the promise didn’t usedepth_search. A warning is issued in this case. (ENT-8996)masterfiles-stage.shnow supports a new--check-onlyoption (ENT-9386)- Added new policy variable
sys.cfengine_roles. This variable is a string list, containing “Reporting hub” ifcf-hubexists (hub package installed), “Policy server” if the host is bootstrapped to itself (policy_serverclass defined), and just “Client” if none of the other options are true. - Added 2 new classes correlating to the values in
sys.cfengine_roles:cfengine_reporting_hubandcfengine_client.
3.23.0
- Added selinux policy to allow
cf-hubto initiate scheduled reports (ENT-10696, ENT-9825) - Added version_compare() policy function (CFE-3991)
- Bodies can now inherit attributes containing global variables (CFE-4254)
- Cached policy function results now take into account number of arguments and function name (CFE-4244)
- Fixed infinite loop on error bug while reading interface exception file
- Fixed inventoried policy release id when
masterfiles-stage.shdeploys withcfbs(ENT-10832) - Improved locale override in masterfiles stage scripts (ENT-10753)
- Improved syntax description for validjson() (ENT-9759)
- Made
cf-supportusecoredumpctlfor core analysis only when configured inkernel.core_pattern(ENT-9985) - Modified classesmatching() function to search parent bundles with
inherit => true(ENT-5850) - Moved expected location of
ignore_interfaces.rxfrom$(sys.inputdir)to$(sys.workdir). If the file is found in$(sys.inputdir)but not in$(sys.workdir), we will still process it for backwards compatibility, but issue a warning prompting the user to move it to the appropriate location. (ENT-9402) - Only CFEngine processes are now killed as expired lock owners (CFE-3982)
- SELinux no longer blocks CFEngine daemons in reading security parameters from
/proc/sys/kernel(ENT-9684) cf-hubis now allowed to use the TLS kernel module on SELinux-enabled systems (ENT-9727)cf_lock.lmdbis no longer restored from backup on every boot (CFE-3982)- packagesmatching() and packageupdatesmatching() now look for the software
inventory databases in the state directory and use them if found. This
change enables the usage of these functions in standalone policy files
without the demand for specifying the default package inventory attribute
in
body common control. However, you still need the default package inventory attribute specified in the policy framework for the software inventory databases to exist in the first place and to be maintained. (ENT-9083) - CFEngine locks are now purged dynamically based on the local locks DB usage/size ranging from no purging (<=25% usage) (ENT-8201, CFE-2136, ENT-5898)
cf-check repairnow rotates DB files with high usage (>95%) (CFE-3374)- Full LMDB files are now handled gracefully by moving them aside and using new empty LMDB files (ENT-8201)
cf-check repairnow supports the--test-writeoption to check if DBs can be written to as part of identifying DBs that need repairing (CFE-3375)cf-check diagnosenow shows DB usage and a hint if rotation is required/usr/bin/getentis now attempted to be used if/bin/getentdoesn’t exist (CFE-4256)
3.22.0
- Added
--helpoption tocf-supportand aligned output with other components (ENT-9740) - Added classes and vars to
cf-support(CFE-4160) - Added condition to runalerts service to require stamp directory (ENT-9711)
- Added
mctp_socketclass to selinux policy (ENT-10206) - Added native core dump handling in
cf-supportfor Solaris (ENT-9786) - Added needed SELinux class lockdown for latest RHEL 9 hosts (ENT-9685)
- Adjusted
cf-supportfor exotic/legacy POSIX systems (ENT-9340) - Adjusted
cf-supportfor hpuxmktempcommand (ENT-9786) - Directories are now created with correct perms (CFE-4114)
- Variables & classes modules automatically tagged (ENT-7725)
- Changed bootstrap policy to preserve log level for debug, verbose, and info (CFE-4121)
- Created new policy function
isreadable(ENT-9380) - Enabled
expireafterattribute for custom promise types (CFE-4083) - Enabled install-time SELinux policy compiling (ENT-9685)
- Expired agents now terminate custom promise modules (CFE-4083)
- Fixed debug module expand logging for scalars (CFE-4122)
- Fixed syntax description of validjson() (ENT-9759)
- Prevented
cf-supportfrom searching more than 1 level for core files (ENT-9981) - Started checking status of all
cf-prefixed systemd services incf-support(ENT-9804) - validjson() no longer accepts trailing bogus data (CFE-4080)
3.21.0
- Added
cf-supportutility for generating support information (ENT-9037) - Adjusted
cf-checkand package module code for empty updates list (ENT-9050) $(this.promiser)can now be used infilespromise attributesif,ifvarclassandunless(CFE-2262, ENT-7008)- Fixed
storagepromise for nfs on MacOS (CFE-4093) - Fixed definition of
_low_ldtclass fromcf-monitord(CFE-4022) - Insertion of contents of a file with blank lines into another file with blank lines no longer results in mixed content (ENT-8788)
- Added suggestion to use a negative lookahead when non-convergent edits are attempted (CFE-192)
- Unresolved function calls that return scalar values are now considered OK for constraints expecting strings during syntax check (CFE-4094)
cf-monitordnow honorsmonitorfacilityinbody monitor control(ENT-4492)cf-serverdnow periodically reloads its policy if it contains unresolved variables (e.g.$(sys.policy_hub)inallowconnect). (ENT-8456)cf-serverdnow starts in thenetwork-online.targeton systemd-based systems (ENT-8456)edit_linebundles can now use the new$(edit.empty_before_use)variable mirroring the value ofedit_defaults=>empty_before_useof the relatedfilespromise (ENT-5866)- Package modules with unresolved variables in their names are now skipped in package queries (ENT-9377)
- Removed unsupported
name_connectcapability forudp_socketclass (ENT-8824) metaattribute can now be used in custom promises (CFE-3440)- Custom promise modules can now support the
action_policyfeature allowing promises of their custom types to be used in dry-run and simulation modes and in combination withaction_policy => "warn". (CFE-3433) - Use of custom promise modules that don’t fully specify protocol now results in warning (CFE-3433)
- Warnings are logged if levels of log messages from custom promise modules don’t match results of their related promises (CFE-3433)
- Adjusted SELinux policy for RHEL 9 (ENT-8824)
- Fixed SELinux policy to allow hub to send emails (ENT-9557, ENT-9473)
- SELinux no longer breaks SQL queries with large result sets on RHEL 8 hubs (ENT-9496)
- Added SELinux LDAP port access for Mission Portal (ENT-9694)
- Allowed ciphers are now properly split into TLS 1.3 cipher suites and ciphers used for TLS 1.2 and older (ENT-9018)
- Fixed
git_cfbs_deploy_refspecinmasterfiles_stageleaving temp dir (ENT-9039)
3.20.0
rxdirsnow defaults to"false". This means that the read permission bit no longer implies execute bit for directories, by default. Permission bits will be exactly as specified. To restore the old behavior you can still enablerxdirsexplicitly. (CFE-951)NorNssignal specs can now be used to sleep between signals sent byprocessespromises (CFE-2207, ENT-5899)- Directories named .no-distrib are no longer copied from policy server (in bootstrap/failsafe) (ENT-8079)
- Files promises using
contentattribute or template method now create files by default unlesscreate => "false"is specified. (CFE-3955, CFE-3916) template_methodmustache andinline_mustachenow create file in promiser, if template rendering was successful and file does not exist. (ENT-4792)- Added support for use of custom bodies in custom promise types (CFE-3574)
- Custom promise modules now never get promise data with unresolved variables (CFE-3434)
- Custom promises now use standard promise locking and support
ifelapsed(CFE-3434) - Enabled comment-attribute for custom promise types (CFE-3432)
cf-secretencrypt now encrypts for localhost if no key or host is specified (CFE-3874)- CFEngine now builds with OpenSSL 3 (ENT-8355)
- CFEngine now requires OpenSSL 1.0.0 or newer (ENT-8355)
- Moved Skipping loading of duplicate policy file messages from VERBOSE to DEBUG (CFE-3934)
- CFEngine processes now try to use
getentif the builtin user/group info lookup fails (CFE-3937) - No longer possible to undefine reserved hard classes (ENT-7718)
- Unspecified
rxdirsnow produces a warning (CFE-951) - Fixed wrong use of log level in
userspromises log messages (CFE-3906) - Fixed default for
ignore_missing_bundlesandignore_missing_inputsThe issue here was that these attributes should default to false, but when they are assigned with an unresolved variable, they would default to true. (ENT-8430) - Added protocol 3 (
cookie) to syntax description (ENT-8560) - Moved errors from
data_sysctlvaluesfrom inform to verbose (CFE-3818) - Fixed inconsistencies with
methodspromises and missing bundles Previously,methodspromises acted differently depending on if you specify the bundle withusebundleor in the promiser string. This change removes the inconsistent checking which was only happening on promises withusebundle. It also ensures that the agent will abort if trying to use an undefined bundle, regardless of whether it was using promiser string orusebundle. This change, combined with the fix forignore_missing_bundlesandignore_missing_inputs, allow you to use inputs and bundles conditionally (like we do for the enterprise federation policy) and still have the agent abort in the correct situations (when a bundle is actually missing and you haven’t enabledignore_missing_bundles). The downside is that there are some potential situations where undefined bundles would be detected earlier previously (both correctly and incorrectly). (ENT-8430)
3.19.0
-N/--negatenow prevents persistent classes from being defined (ENT-5886)nullJSON value is now handled as empty data in augments/host-specific data (ENT-7434)- Added a new common control attribute
system_log_levelFor specifying the minimum log level required for log messages to go to the system log. (ENT-7594) - Added support for
cfbsmanaged policy set to masterfiles staging script (ENT-7709) - Trailing commas can now be used in policy argument lists (CFE-3734)
- Changed
cf-keyoption--print-digestto take an optional argument.cf-keynow defaults to the public key file in workdir, if no argument is specified or an empty string is given as the argument. (CFE-3682) - Cached functions are now always called inside promises with
ifelapsed => "0"(CFE-3754) - Enabled
handleattribute for custom promise types (CFE-3439) - Enabled
depends_onattribute for custom promise types (CFE-3438) - Enabled
withattribute for custom promise types (CFE-3441) - Don’t fail on new file creation when backups are enabled (CFE-3640)
- Extended hostsseen() policy function to return host keys (CFE-2546)
- Moved
httpd.pidto root of httpd workdir (ENT-7966) - Only real changes in files now produce info messages (CFE-3708)
- Reports with unexpanded variable references are now attempted to be held off until the reference expands (CFE-3776)
- Set apache umask to 0177 (ENT-7948)
- The
--skip-bootstrap-policy-runoption now skips the update policy (ENT-7500, ENT-7511) - Added measurement names in
cf-checkdump (ENT-7452) - Value of
$(with)is now expanded even if it contains unresolved variable references (CFE-3776) cf-serverdnow binds to both IPV6 and IPV4 ifbindtointerfaceis unspecified (ENT-7362)cf-serverdnow reports if fails to bind to all possible addresses/interfaces (ENT-7362)- Fixed
dbm_quick.cDBPrivRead()argument type (CFE-3737) - Fixed
dbm_tokyocab.cDBPrivRead()argument type (CFE-3737) - Fixed crashes (Segfaults) in
VariableIsSecret()(ENT-7678) - Fixed crashes (Segfaults) in VariablesMatching() (ENT-7678)
3.18.0
- “No action for file” warning is no longer triggered when only
content => "something"is used (CFE-3507) source=promise_iterationvariables are no longer created in foreign bundles (ENT-7029)cf-remote installnow supports the--trust-keysoption for pre-establishing trust before bootstrap (CFE-3485)cf-remote spawnnow supports adding new VMs to an existing group (CFE-3502)rename => newname()now supports relative paths (CFE-3537)variablesandclassesin CMDB and augments data now supportcommentfields (CFE-3638)- Included custom promise type libraries in src tarball (CFE-3575, CFE-3576)
--ignore-preferred-augmentsnow sets a hard class;ignore_preferred_augmentsThis class makes it easy forcf-agent/cf-execdpolicy to propagate the option to other binaries (CFE-3656)- Added
classesbody support for custom promises (CFE-3437) - Added a new
--simulate=manifest-fullmode New simulation mode that manifests all changed files as well as all other files evaluated by the agent run which were not skipped (by file selection rules) (CFE-3506) - Added a new
runagent_socket_allow_usersbody executor controlattribute A new attribute that tellscf-execdto grant access to therunagent.socketto the specified users (ENT-6735) - Added checks to return value from
getpwuid&getgrgid(CFE-3521) - Added int() policy function (CFE-3616)
- Added new command line option:
--ignore-preferred-augmentsThis option causes the agent to ignoredef_preferred.jsonalways readingdef.json(old behavior) (CFE-3656) - Added policy function
type() - Added policy function
findfiles_up(CFE-3577) - Added policy variable
sys.os_name_human(CFE-3569) - Added policy variable
sys.os_version_major(CFE-3569) - Added shell library for custom promise types with cp example (CFE-3516)
- Added string() policy function (CFE-3476)
- Augments data now supports meta information for classes
and a new
variablesobject for variables with meta information (CFE-3633) - Fixed case where malformed input could trigger buffer overflow in policy function format (CFE-3525)
- Ability to report some number of lines from the END of a file by
specifying
number_of_linesas a negative number usingprintfile(CFE-3558) - CFEngine binaries now load host specific data
(
$(sys.workdir)/data/host_specific.json) before Augments relative to policy entry (def.json) (ENT-6789) - CFEngine processes are now properly identified in syslog on non-GNU/Linux systems (ENT-7100)
- CMDB data now supports meta information for classes
and a new
variablesobject for variables with meta information (CFE-3633) - Changed custom promise type
interpreterattribute to be optional (CFE-3562) - Changed
filespromise repaired log level to verbose (CFE-3631) - Changed log message about whitespace in class expressions to be error (CFE-3560)
- Changed sys var attribute names: “OS type” was changed to “Kernel”, “OS kernel” was changed to “Kernel Release” (ENT-6551)
- Clarified error log message about untrusted state directory not being private (CFE-3599)
- Classes from augments are now defined as soft classes
within the
namespacecontext instead of being hard classes. Policies using classes from augments in policy files using namespaces need to be updated to refer to the augments classes with thedefault:prefix (CFE-3632) - Custom promise modules using JSON protocol now support data attributes (CFE-3654)
- Custom promise modules using JSON protocol now support slist attributes (CFE-3444)
- Custom promise types can now be declared in separate files (CFE-3510)
- Custom promise types can now report back result classes (CFE-3515)
- Custom promises now support the
log_levelattribute (CFE-3436) - Each custom promise module is now only spawned once and handles all promises of its matching type(s) (CFE-3572)
- Early failing custom promises now properly set result classes (CFE-3645)
- Exit code from remote agent run is now sent to
cf-runagent(CFE-3594) - Fixed crash when attempting to put
methodspromises in bundles which are not agent bundles (CFE-3672) - Fixed memory leak in package module code (ENT-5752)
- Fixed memory leak in simulate mode (CFE-3498)
- Fixed some more sign-compare warnings (CFE-3415)
- Improved error handling / logging of data received from promise module
- Improved log messages for
commandspromise outcomes and return codes (CFE-3604) - Made errors about failed validation of custom promises less noisy
- Namespace and bundle can now be specified in augments and CMDB data (CFE-3633)
- New observations of root owned SETUID programs moved from WARN to NOTICE (ENT-6519)
- Policy function format() no longer truncates strings larger than 4KiB (CFE-2686)
- Policy function storejson() no longer truncates strings larger than 4096 bytes (CFE-2507)
- Promise type is now sent to custom promise modules (CFE-3563)
- Reduced the noise caused by
packagespromises being skipped in evaluation passes 2 and 3 (ENT-6553) - Set Filedescriptor Limit to a more practical Size (CFE-3625)
- Stopped emitting warning and recording result when observing new SETGID files (ENT-6750)
- Stopped updating
filespromise result with WARN (notkept) when setuid files are encountered (ENT-6519) - Unspecified
filesconstraints no longer cause_keptclasses to be defined (CFE-3578) - Updated
contrib/masterfiles-stagescripts and instructions to be accurate (ENT-6165) - Fixed using a custom promise module with two different
interpreters results in an error (CFE-3572) - Value of the
files_single_copybody control attribute is now logged in verbose logging mode (CFE-3622) - Variables and classes defined in cmdb cannot be re-defined in augments (ENT-7079)
- Verbose log now contains comments associated with
varsandclassespromises (CFE-2442, CFE-2443) cf-agentnow checks that promise module logs expected errorscf-agentnow sends correct information to promise module in headercf-execdnow executescf-agentforlocalhostrequests via therunagent.socket(ENT-7090)cf-execdnow handles requests to runcf-runagenton given hosts (ENT-6182)cf-execdnow runscf-agentfrom a child process instead of a thread on POSIX systems (ENT-6182)cf-runagentnow exits with a code reflecting remote agent run status(es) (CFE-3594)cf-serverdnow supports systemd-based socket activationdef_preferred.jsonis now used instead ofdef.jsonif it exists Old clients will ignore it, allowing you to have 2 versions of the augments file, 1 for compatibility with old clients, and 1 for utilizing the new features. (CFE-3656)files_single_copybody agent controlattribute can now be an empty list (CFE-3622)files_single_copyno longer treats paths of copied files as regular expressions (CFE-3621)log_levelis properly sent to promise modules in both validate and evaluate requests (CFE-3564)unlesscan now be used with custom promise types (CFE-3431)- CFEngine processes now reuse log facility from previous run for early logging before policy is loaded (ENT-6955)
3.17.0
cf-agentcan now simulate the changes done to files in a chroot, printing diff or manifest information about what it would do in a normal evaluation. Use the new command line option:--simulate=diffor--simulate=manifest. Please note that only files andpackagespromises are simulated currently.- Custom promise types can now be added using promise modules (CFE-3273)
cf-monitordnow uses/proc/net/*files to get network information if possible (CFE-2945)- Added new policy function execresult_as_data() (CFE-3315)
- Added optional argument to
execresultfor choosing between stdout and stderr (CFE-3108) - Outcome classes are now always defined for promiser in
filespromises (CFE-3369) - and(), or(), not() now return boolean and cannot be used directly in slist vars. They can now be used in other places where a boolean is expected. (Most notably and / or promise attributes). The return values can be converted to strings using concat(), if necessary (CFE-3470)
- Backgrounded commands are now correctly executed in the child process (CFE-3379)
- CFEngine policy bodies can now be completely empty
- Directory listings in files changes monitoring are now only updated when there is a change (CFE-3382)
- Promises with
action => bg()no longer break reporting data (ENT-6042) - Spaces inside square brackets (slist/data index) are now allowed in class expressions (CFE-3320)
- Variables specifying data/list names in
@()references are now expanded (CFE-2434) - Added warnings when trying to use
{{.}}to expand containers in mustache templates (CFE-3457, CFE-3489) - Limited unqualified host and domain name to 511 characters (CFE-3409)
- AVCs are no longer produced for CFEngine processes accessing
/proc/net(CFE-3240) - Fixed how we check for
--colsargument tops(ENT-6098) - Fixed a memory leak in
userspromises - Fixed a small memory leak in
cf-promises(CFE-3461) - Fixed expansion of variables in data/list references (CFE-3299)
3.16.0
- Added
cf-secretbinary for host-specific encryption (CFE-2613) cf-check diagnose --test-writecan now be used to test writing into LMDB files (ENT-4484)ifconstraint now works in combination with class contexts (CFE-2615)- Added
$(sys.cf_version_release)variable (ENT-5348) - Added new macros to parser: else,
maximum_version,between_versions,before_version,at_versionandafter_version. Version macros now accept single digits (CFE-3198) - Added
cf-postgresrequirement tocf-apacheandcf-hubsystemd units (ENT-5125) - Added
filespromisecontentattribute (CFE-3276) - Added string_trim() policy function (CFE-3074)
- Added warning if CSV parser parses nothing from non-empty file (CFE-3256)
- All changes made by
filespromises are now reported. Also, directory and file creations are now properly reported asinfomessages. And failures inedit_xmlresult in promises marked as failed not interrupted. Purged dirs and files are reported as repaired (ENT-5291, CFE-3260) - Bootstrap to loopback interface is now allowed, with a warning (CFE-3304)
- Client initiated reporting was fixed on RHEL 8.1 (ENT-5415)
- Fixed rare crashing bug when parsing zombie entries in
psoutput. The problem was only ever observed on AIX, but could theoretically happen on any platform depending on exact libc behavior. (ENT-5329) - Fixed an issue causing duplicate entries in
sys.interfaces, andsys.hardware. (CFE-3046) - Fixed ifelse() to return fallback in case of unresolved variables (ENT-4653)
- Fixed locking of promises using
log_repaired/log_stringwith timestamps (CFE-3376) - Fixed memory leak in handling of inline JSON in policy evaluation
- Fixed memory leak in readlist functions (CFE-3263)
- Fixed race condition when multiple agents are acquiring critical section locks simultaneously (CFE-3361)
- Fixed selection of
standard_serviceswhen used from non-default namespace (ENT-5406) - Fixed service status
cfengine3on systemd managed hosts (ENT-5528) - Fixed some memory leaks and crashes in policy evaluation (CFE-3263)
- Improved error message for invalid body attribute names (CFE-3273)
- Improved management of secondary groups to avoid intermediary state failures (ENT-3710)
- LMDB files are now created with correct permissions (ENT-5986)
- Log messages about broken Mustache templates are now errors (CFE-3263)
- Made classfiltercsv() fail properly on invalid class expression index
- Measurements promises with no match no longer produce errors (ENT-5171)
- Moved error reading file in countlinesmatching() from verbose to error (CFE-3234)
- Added new data validation policy functions validdata() and validjson() (CFE-2898)
- New version checking convenience policy functions (CFE-3197) Added the following policy functions to check against local CFEngine version:
- Removed (USE AT YOUR OWN RISK) from
cf-keyhelp menu for-x(ENT-5090) - Rewrote
helloworld.cfto usefilespromisescontentattribute (CFE-3276) - The outcome classes are now defined for the top-level directory when
include_basedirisfalse(ENT-5291) - Variable references with nested parentheses no longer cause errors (CFE-3242)
cf-check: Added a more user friendly message when trying to print unknown binary data (ENT-5234)cf-check: Added data validation forcf_lastseen.lmdb(CFE-2988)cf-check: Added nice printing fornova_agent_executions.lmdb(ENT-5234)cf-check: Added validation for timestamps incf_lock.lmdb(CFE-2988)cf-check: Added validation for timestamps inlastseen.lmdb(CFE-2988)cf-check: Fixed issue causing repair to target the wrong database file (ENT-5309)cf-check: Symlinked LMDB databases are now preserved in repair Performs diagnosis and repair on symlink target instead of symlink. Repaired files / copies are placed alongside symlink target. In some cases, the symlink target is deleted to repair a corrupt database, and the symlink is left as a broken symlink. This is handled gracefully by the agent, it will be recreated. Broken symlinks are now detected as an acceptable condition in diagnose, it won’t try to repair them or delete them. (ENT-5162)storagepromises managing nfs mounts should now correctly mount after editingfstabentries
3.15.0
- New policy function basename() added (CFE-3196)
- Added read_module_protocol() policy function This function reads module protocol from a file, and can be used for caching the results of commands modules. (CFE-2973)
- The @ character is now allowed in the key of classic arrays defined by the module protocol (CFE-3099)
- nth() policy function now supports negative indices (CFE-3194)
- Fixed .xy floating point numbers parsing in eval() (CFE-2762)
- Added
informconstraint tocommandspromises, to allow suppression of INFO log messages (CFE-2973) - Changed
unlessconstraint to be more consistent withifFor any situation whereifwould NOT skip a promise,unlesswill cause the promise to be skipped. When there are unresolved variables / function calls,ifwill skip,unlesswill NOT skip. (CFE-3160) - Default minimum allowed TLS version is now 1.1 (ENT-4616)
- Network protocol version 2 is now called
tlstlsor2can be used in places where you specify network protocol. Log messages were altered, to showtlsinstead oflatest. (ENT-4406) - Introduced protocol version 3 -
cookieThis protocol is identical to version 2 (tls), except it allows the enterprise reporting hub to send theCOOKIEcommand to enterprise hosts. This command is used for detecting hosts using duplicate identities. Protocol versionlatestnow points to version 3. For community installations, it should not make a difference, policy servers will not send this command. The only visible difference is the new version number (in logs and policy). (ENT-4406) - Package modules now hit network when package cache is first initialized (CFE-3094)
- Fixed promise skipping bug in
unless(CFE-2689) - Fixed error message for unexpanded variables in function calls in
unless(CFE-2689) - Prevented buffer overflow when policy variable names are longer than 1024 bytes
- Zero bytes in class guards no longer cause crashes (CFE-3028)
- Fixed bug in
psparsing on OpenBSD / NetBSD causing bootstrap to fail - Fixed crash in policy/JSON parsing of numbers with too many decimal points (CFE-3138)
copy_fromwithoutpreservenow respects destination mode (ENT-4016)- Removed
stime_rangeandttime_rangeconstraints from promise hash (ENT-4921) - Fixed promise result when using
process_stopinprocessestype promises (ENT-4988) cf-execdnow sendsSIGKILLto the agent process in case ofagent_expireafter, after attemptingSIGINTandSIGTERM(CFE-2664)cf-serverdnow tries to accept connection multiple times (CFE-3066)- Fixed multiple measurements tracking growth of same file (ENT-4814)
- Set create permissions of monitord files in state directory to 0600 0600 matches the permissions enforced by policy. Affected files:
state/cf_incoming.*state/cf_outgoing.*state/cf_usersstate/env_data(ENT-4863)
-
Clarified descriptions of
io_writtendataandio_readdata(ENT-5127) -
Clarified log message about
process_countandrestart_classbeing used concurrently (CFE-208) -
Agent runs that hit
abortclassesnow record results (ENT-2471) -
An ID of rhel in
os-releasefile will now define bothrhelandredhatclasses (CFE-3140) -
Version specific distro classes are now collected by default in Enterprise (ENT-4752)
-
redhat_8andredhat_8_0are now defined on RHEL 8 (CFE-3140) -
Added derived-from-file tag to hard classes based on
/etc/redhat-release(CFE-3140) -
Added
sys.bootstrap_idpolicy variable containing the ID from/var/cfengine/bootstrap_id.dat, if present (CFE-2977) -
sys.interfacesnow contains interfaces even when they only have IPv6 addresses (ENT-4858) -
IPv6-only interfaces added to
sys.hardware_(addresses,mac)(CFE-3164) -
IPv6 addresses are now added to policy variable
sys.ip_addresses(CFE-682) -
IPv6 addresses now respect
ignore_interfaces.rx(CFE-3156) -
Hostname now allowed in
bindtoaddress(CFE-3190) -
Fixed issue when removing comments from files in various policy functions This also fixes many erroneous occurrences of the error message mentioning:
[…] because it legally matches nothing
(A warning can still appear if a comment regex actually matches nothing). Also made this comment removing logic faster. Affected functions include:
- readstringlist()
- readintlist()
- readreallist()
- peers()
- peerleader()
- peerleaders()
- data_readstringarray()
- data_readstringarrayidx()
- data_expand()
- readstringarray()
- readstringarrayidx()
- readintarray()
- readrealarray()
- parsestringarray()
- parsestringarrayidx()
- parseintarray()
- parserealarray() (CFE-3188, ENT-5019)
-
Fixed memory leak in JSON / env file parsing (CFE-3210)
-
Fixed memory leak in string_replace() and
regex_replace()(CFE-3210) -
Fixed minor memory leak in policy evaluation (CFE-3210)
-
Fixed small memory leak in SQL database promises (CFE-3210)
-
Received
SIGBUSnow triggers a repair of local DBs (CFE-3127) -
Corrupted LMDB files are now automatically repaired (CFE-3127)
-
Keys in the lock database,
cf_lock.lmdb, are now human-readable (CFE-2596) -
Local databases now use synchronous access on AIX and Solaris (ENT-4002)
-
Report corrupted local database with a critical log message (CFE-2469)
-
Local DB errors are now logged with the particular DB file path (CFE-2469)
-
cf-check: repair now preserves readable data in corrupted LMDB files (CFE-3127) -
cf-check:--dumpoption was added to the backup command -
cf-check: Added-Mmanpage option and other common options (CFE-3082) -
cf-check: No DB files in state dir now causes errors -
cf-check: dump command now dumps DB contents to JSON5 (CFE-3126) -
cf-check: help command can now take a topic as argument
3.14.0
- A
bootstrap_id.datfile is now generated on every bootstrap (CFE-2977) - Added options to
cf-netto set minimum TLS version and ciphers (ENT-4617) - Added
--no-truncateoption tocf-keyThis option, when used with--show-hostschanges the formatting of the output. Instead of padding and truncating each of the fields, they are printed, in full, with no padding, and separated by a single tab character. The output is not as pretty, but should be more useful for parsing by other scripts / tooling. (CFE-3036) - Added a new option
--skip-db-checkto agent and execd This option allows you to enable/disable database (LMDB) consistency checks. Initially it is disabled by default, but this will likely change. (CFE-2893) - Added a new utility to contrib:
cf-remotecf-remoteis a python + fabric tool to log in to remote hosts you have ssh access to. It can be used to download, transfer, and install CFEngine packages as well as bootstrapping etc. At this point,cf-remoteis not packaged with CFEngine, but can be installed separately from: https://github.com/cfengine/cf-remote (CFE-2889) - Added derived-from-file tags to hard classes based on
/etc/debian_versionand/etc/issue - Added a function to filter CSV-files by classes (CFE-2768)
- Forward slash is now an allowed character in module protocol commands (CFE-2478)
- Augments files can now handle class expressions by appending
::A condition in an augments file is treated as a class expression if it ends in::. Otherwise it is treated as a regular expression. (CFE-2954) - Internal
pscommand can now handle longer usernames (CFE-2951) - Made
copylink_patternhonor/../in copy source (CFE-2960) - CSV parser now supports CRLF inside double quotes (ENT-4504)
- Added an error when a function defining a variables still fails at pass 3 (CFE-2983)
- Documented
cf-execdandcf-serverdresponse toSIGHUPin manpage (CFE-2853) - Stopped trimming leading zeroes in ubuntu minor version class
The old version detection logic (using
/etc/debian_version) was converting the minor version part to an integer, definingubuntu_18_4instead ofubuntu_18_04. The new platform detection (based on/etc/os-release) definesubuntu_18_04. Since both old and new methods are running to maximize compatibility, bothubuntu_18_04andubuntu_18_4were defined. This commit ensures that the old detection logic treats the minor version (the 04 part) as a string, not an integer. The change is specific to Ubuntu, and should affect Ubuntu 18.04, 16.04, 14.04, etc. (CFE-2882) - SUID log permissions are now properly enforced (CFE-2919)
- Agent log file names are now always lowercase
- Extended module with file protocol for data (CFE-3050)
- Fixed a segfault in
cf-promises -p json-full(CFE-3019) - Added
cf-keyhelp output to indicate ability to delete by key digest (CFE-2997) - Fixed disabling TLS 1.0 (CFE-3068)
- Fixed growing memory footprint of daemons (CFE-3032)
- Fixed the log message about setting
collect_window(ENT-4238) - Fixed the log message when parsing TIME in
psoutput fails - Fixed parsing of YAML values starting with numbers (CFE-2033)
- Fixed
sys.flavoron AIX (ENT-3970) - Fixed 6 cases where promises could get the wrong outcome
All cases were related to error handling and detected using
static code analysis (LGTM). They were limited to
cf-monitordandcf-agent(guest_environmentsandfilespromise types). Due to a programming mistake, promise results would sometimes be overwritten withskippedoutcome. Keeping the previous value or making the promisesnot keptis expected behavior. Added a query to our CI (LGTM) to make sure we catch this error on new contributions. - Fixed an issue while parsing
psoutput on AIX (ENT-4295) - Fixed a memory leak in filesexist function (ENT-4313)
- Fixed a memory leak in mustache rendering (ENT-4313)
- Fixed a memory leak in:
differences(), intersection(), unique() (ENT-4586) - Fixed a segfault in policy parser (ENT-4022)
- Connection cache is now global (CFE-2678)
- Increased verbosity of
AcquireLockpermission error (ENT-4395) - Message about invalid class characters from module protocol moved to VERBOSE (CFE-2887, CFE-3008)
- Prevented buffer overflows in
cf-monitorddata parsing - Private keys generated by
cf-keyare no longer encrypted Private key files encrypted with a broken cipher and default hard coded passphrase provide no real security, and is only an inconvenience. Maybe it was intended to add a password prompt later, but it’s been 10 years now, and the cipher and passphrase remain untouched. The function which reads keys still supports both encrypted and unencrypted keys, it will decrypt if necessary. - Reduce SSL/TLS shutdowns on bad networks (CFE-3023)
- Removed programming error in handling of
process_countbody Previously, having a failing function call insidein_range_defineorout_of_range_definewould cause a programming error when trying to define that as a class. Fixed it by detecting the case, printing a normal error, and skipping defining the class. (CFE-2067) - Set
policy->release_idtofailsafe/bootstrapwhen runningfailsafe.cf(CFE-3031) - Switched permissions of various temporary files in state to 0600
These files were created with 0644 permissions, and then
repaired in policy. However, since they are deleted / recreated
periodically, it causes INFO noise. Safer and better user
experience to create them with restricted permissions to
begin with.
Affected files:
$(sys.statedir)/cf_procs$(sys.statedir)/cf_rootprocs$(sys.statedir)/cf_otherprocs(ENT-4601)
string_splitsegments are now truncated to 1024 bytes instead of crashing (CFE-3047)- Unresolved function calls in
process_selectbody are now skipped Function calls which always fail, likegetuid("nosuchuser"), are never resolved. Previously this would cause a programming error, since the body is expected to have a list of strings, not unresolved function calls. The function calls are silently skipped (with a verbose message) as this matches the behavior of calling the functions in a vars promise, and using that as a body parameter. (CFE-1968) cf-checkdirectories can now be controlled from ENV vars (CFE-2994)cf-check: Added backup command This command copies lmdb files to a timestamped backup directory. (ENT-4064)cf-check: diagnose and backup now use state directory by default (ENT-4064)
3.13.0
- Added support for TLS 1.3 and its ciphersuites
- Added
featurehard classes for supported TLS versions Different versions of TLS are supported depending on what version of OpenSSL CFEngine was compiled and linked with. Newly added feature hard classes bring that information to the policy. Classes like these are now defined (for supported versions of TLS):feature_tls source=agent,hardclassfeature_tls_1source=agent,hardclassfeature_tls_1_0source=agent,hardclassfeature_tls_1_1source=agent,hardclassfeature_tls_1_2source=agent,hardclassfeature_tls_1_3source=agent,hardclass - Added a new variable
$(sys.default_policy_path)A new sys variable that provides the path of the default policy file evaluated when no file is specified with the-foption. - Added an option to skip the initial policy run on bootstrap
In some cases it may not be desired to run the policy as the last
step of the bootstrap. This can be done with the new
--skip-bootstrap-policy-runoption forcf-agent. (CFE-2826) - Trigger
promises.cfas the last step of bootstrap (CFE-2826) - Added support for overriding the package module’s path (CFE-2103)
- Added support for setting package module interpreter (CFE-2880)
- Added
--log-leveloption to all components This allows you to specify any log level (info, verbose, debug etc.). It is also less strict, allowing different spelling. As an example,--log-leveli,--log-levelINFO,--log-levelinform are all the same. - Added a new binary:
cf-checkCorrupt local databases (LMDB) continues to be a problem.cf-checkwill be used to diagnose and remediate problems with corrupt databases. It is a standalone binary, which doesn’t evaluate policy or use the local databases, thus it can be used in situations where the other binaries likecf-agentwould hang.cf-checkreplaces our lmdb database dumper,lmdump.cf-checklmdumpor symlinking / renaming it tolmdumpwill makecf-checkhave the exact same behavior aslmdump.cf-checkwill include much more functionality in the future and some of the code will be added to other binaries, for example to do health checks of databases on startup. (ENT-4064) - Added function
string_replace. (CFE-2850) - Allow dots in variable identifiers with no such bundle As described and discussed in CFE-1915, defining remote variables (injecting variables into remote bundles) is dangerous and must be blocked. However, using a dot-separated common prefix for variables raises no security concerns and can be considered valid. (CFE-1915)
- Allow requiring TLS 1.3 as the minimum version
- Apply augments after vars, classes and inputs in
def.json(CFE-2741, CFE-2844) - Bundle name is now part of the log message when aborting a bundle (CFE-2793)
- Class names set by module protocol are automatically canonified (CFE-2877, CFE-2887)
- Classes
failsafe_fallbackandbootstrap_modeare now reported by default - Correct log level for
data_readstringarray*(CFE-2922) - Do not iterate over JSON objects’ properties in mustache (CFE-2125)
- Do not render templates when passed invalid data (CFE-2194)
- Eliminated error messages caused by attempting to kill expired processes (CFE-2824)
- Fixed
cf-runalertssystemd unit conditions so the service will run (ENT-3929) - Fixed the off-by-one error in
cf-runagentbackground process spawning (CFE-2873) - Fixed OOB read / heap buffer overflow in evaluator (ENT-4136)
- Fixed a memory leak which occurred when reloading RSA keys from disk (CFE-2857)
- Fixed a memory leak which occurred while loading augments files (CFE-2913)
- Fixed an issue with splay time in
cf-execd(CFE-2931) - Fixed error handling and memory leak in
cf-key(CFE-2918) - Fixed memory leak in JSON to policy conversion (ENT-4136)
- Fixed memory leak in lmdb cleanup (CFE-2918)
- Fixed memory leaks in
cf-agentduring bootstrap (CFE-2918) - Fixed memory leaks in variablesmatching() and findfiles() (CFE-2918)
- Fixed missing class with mustache templates in
warn_onlymode (CFE-2600) - Fixed small memory leak in
cf-serverd(CFE-2918) - Fixed small memory leak in
cf-upgrade(ENT-4136) - Fixed small memory leaks of environment variable strings (CFE-2918)
- LMDB database dumper,
lmdump, no longer creates empty databases (ENT-4064) - Made
variablesmatchingfunctions treat args regexes more correctly variablesmatching() and variablesmatching_as_data() no longer use string comparison to find matches. The documentation is clear; arguments should be regexes (so you have to escape special characters). bundle agent main { vars: “myvar” string => “example”, meta => {“os[linux]”}; “matches” slist => variablesmatching(".*", “os[linux]”); reports: “Match: $(matches)”; } The above example is correct. If you don’t escape the brackets like above, it will no longer work. (You probably shouldn’t use brackets in tags anyway). - Prevent the init script from managing processes inside containers (ENT-3800)
- Read mustache-rendered files in text mode when comparing digest (ENT-2526)
- Reload persistent classes on config reload in
cf-execdandcf-serverd(CFE-2857) - Fixed issue with
@ifmacro failing when it is on the first line. (CFE-2817) - Fixed issue with
cf-agentintermittently hanging on windows sometimes (ENT-3756) - Change
GIT_BRANCHtoGIT_REFSPECand remove Design Center vars (ENT-4023) os-releasefile is now used for hard classes andsys.flavoron all linuxes This will improve platform detection on newer operating systems where/etc/os-release(or/usr/lib/os-release) is present. A hard class will be set for the value of theIDkey (canonified with underscores), if it exists. If bothIDandVERSION_IDexist, multiple hard classes will be set for all parts of the version number. The special variablesys.flavorwill also be set by determining major version fromVERSION_ID. Exampleos-releasefile:ID=coreosVERSION_ID=1185.3.0For the example above,sys.flavorwill becoreos_1185and 4 hard classes will be set;coreos_1185_3_0,coreos_1185_3,coreos_1185, andcoreos. For backwards compatibility, older distribution specific logic is still executed and may overwritesys.flavorand define hard classes as before.- Refactor use of
atexitto use custom cleanup function instead. On Windowsatexit()unloads DLLs before and/or duringatexitfunctions being called which causes bad behavior. (ENT-3756)
3.12.0b1
New Features:
- Added a
--key-typeoption to specify RSA key size tocf-key - New
hash_to_intpolicy function (CFE-2733) - Issue a warning on ignored locking attributes (CFE-2748)
- Added IPv6 hard classes with the
ipv6_prefix (CFE-2310) - Introduce
missing_okattribute inbody copy_fromThis allows to ignore missing sources in file copy operations (CFE-2365) - Enabled Xen hypervisor detection on all x86 platforms (CFE-2203)
- Added
sys.policy_entryvariables (CFE-2572) - Added
inline_mustachetemplate method (CFE-1846) - New component
cf-net(cf-netis a CLI for the CFEngine network protocol, useful for debugging, testing etc) and accompanying policy variablesys.cf_netcontaining path tocf-netbinary
Changes:
- Load augments at the end of context discovery
This means that classes defined as part of the context discovery
(e.g.
am_policy_hubandpolicy_server) can be used in the augments (CFE-2482) - Open
measurementspromise type from enterprisecf-monitord - Transform filesexist() into a collecting function (CFE-2744)
- Load process table when actually needed for a
processespromise (ENT-2536) - Ignore commented out entries in
fstabwhenedit_fstabis true (CFE-2198) - Do not move obstructions in warn policy mode (CFE-2740)
- Made the max bytes parameter to file reading functions optional (CFE-2656)
- Do not tag large volatile variables for inventory
sys.interfaces_data,sys.inetandsys.inet6are commonly larger than the maximum data size allowed to be collected bycf-hub. Data larger than 1k is truncated. Instead of reporting truncated data this change stops tagging the variable so that it will not be collected to the Enterprise hub and will not be available in Mission Portal. (ENT-3483) cf-execdnow re-parses augments on policy reload (CFE-2406)- Improved misleading verbose message
For constraints
if/ifvarclass/unless, we now print the whole rval of the constraint. Previously the message was just “skipping variable because ifvarclass is not defined” while the variable itself was defined. Old message example: verbose: Skipping promisemailtobecauseif/ifvarclassis not defined Changed to: verbose: Skipping promisemailtobecauseifvarclass => not(isvariable("mailto"))is not defined (CFE-2697) - Promise comments for file changes moved to verbose (ENT-3414)
- Suppress output from
systemctlbased restart of services in bootstrap/failsafe (CFE-1459) - Parser can now handle larger input buffers (CFE-1886)
- Improved logging of ACL errors (ENT-3455)
cf-execdsystemd service now only killscf-execditself (ENT-3395)- Load multiple augments from
augmentsstring array indef.json(CFE-2084) - Improved support for Alpine Linux
- Set the exit value when running
cf-keyWhen runningcf-keyto generate new keys, set the exit value of the program to be 0 on success and 1 on failure. This makes it easier to catch errors during setup of a new machine. Change the default behavior of the program to not write anything to stdout, opting to use theLog()function which can write to stdout and will also allow output to be sent to syslog. Add a--informoption to set the global log level toLOG_LEVEL_INFO. Change the permissions of the randseed file to 600 and catch the exception if the chmod call fails. - Properly reverse-resolve DNS names longer than 63 chars (ENT-3379)
- Properly redirect init script to systemd on debian systems (ENT-3326)
Bug fixes:
- Disallow modifications of variables from a remote bundle (CFE-1915)
- Speedup evaluation by not copying variables table when expanding a promise (CFE-2524)
- Resolve subkey conflicts when converting to JSON Whenever there is a conflict of array variable definitions prefer the container subkeys over simple values when converting to JSON (CFE-2536)
- Do not ignore meta promises in server bundles (CFE-2066)
- Added a debug log for computed class in
splayclass - Don’t error when calling
isexecutableon broken link (CFE-741) - Fixed segfault when no
show-evaluated-vars/classesis specified - Fixed memory leak in
cf-execd, triggered when sending email failed (CFE-2712) - Fixed IPv6 parsing to be un-reversed (CFE-2580)
- Fixed bug preventing permission changes on Unix sockets (CFE-1782)
- Fixed storage mount promise when existing mountpoint has a similar path (CFE-1960)
- Fixed segfault when
cf-promises-pis called against a file with syntax errors (CFE-2696) - Fixed rare
cf-execdhang (CFE-2719) - Fixed mergedata segfault when called on a non-container (CFE-2704)
- Do not segfault if
policy_server.datonly contains whitespaces and/or line breaks - Fixed segfault on JSON policy files with no bundles and bodies (CFE-2754)
3.11.0
New Features:
- Allow function calls in promiser using universal
withattribute (CFE-1092) - Added example of
withattribute (CFE-1092) - Detect Amazon Linux and set
AmazonLinuxhard class andsys.flavourvariable - New sysctlvalue() and data_sysctlvalues() functions from
/proc/sys(CFE-2513) - readdata() also auto-detects
.ymlfiles as YAML - Added support for ENV and CSV file parsing (CFE-1881)
- Added vars and classes for CoreOS (ENT-3043)
cf-agent: implement--show-evaluated-varsand--show-evaluated-classes- Support for custom ports and host names as policy hub (CFE-953)
cf-promises: allows--show-varsand--show-classesto take an optional filter- Added a new tool:
cf-net.cf-netis a CLI for the CFEngine network protocol, useful for debugging, testing etc (CFE-2493) - New policy variable:
sys.cf_netcontains path tocf-netbinary - Read
/etc/os-releaseintosys.os_release(CFE-1881)
Changes:
- readintlist() now prints an error if the file contains real numbers, not integers, and aborts; previously it was printing an info-level error message, was half-reading an integer out of the real, and was continuing successfully.
make tar-packageshould create a tarball with the contents ofmake install(ENT-3041)- Allow opening symlinks owned by root or by the current user (CFE-2516)
- Change warning message about
depth_searchon a non directory to DEBUG level - Ensure synchronous start and stop with
systemctl(ENT-2841) - Put logs in
/var/logand PID files in/var/runwhen using FHS layout (CFE-2449) - readstringlist(), readintlist(), readreallist(): Print verbose instead of error message if file can not be read
cf-serverd: Do not close connection when file does not exist (CFE-2532)policy_server.datnow appends a newline and supports host & port- Allow
string_headandstring_tailto take negative arguments getvalues(inexistent_var)returns an empty list. Restores 3.7.x and earlier behaviour. (CFE-2479)- Partially restore old
getvalues(array)behaviour Bugfix: getvalues() now behaves correctly for old CFEngine arrays of depth 1 Behaviour change: it always returns a list now. Even when v is a simple string (i.e. not an iterable) it will return an slist with one element: the value of the string variable. Known issues: getvalues() still misbehaves with double-indexed arrays (see CFE-2504, CFE-2536) - The source version of CFEngine now installs binaries into
binfolder instead ofsbinfolder (CFE-2448) - Don’t error during dry run for proposed execution (CFE-2561)
- Print verbose instead of error message when readfile() fails (CFE-2512)
cf-serverd: Auto configure max open files ulimit according tomaxconnections(CFE-2575)- Made the max bytes parameter to file reading functions optional. Affects readfile(), readenvfile(), readcsv()
Bug fixes:
- Fixed
insert_linesrelated memory corruption (CFE-2520) - Prevent LMDB assertion on AIX by ensuring nested DB calls are not occurring during signal handler cleanup (CFE-1996)
- Fixed a bug which could cause
cf-execdto believe there was an error when sending the email report, when there really wasn’t - zendesk#3204: Fix
lastseenexpireafter32-bit signed int overflow - Fixed
cf-execdnot exiting immediately withSIGTERMon AIX (ENT-3147) - Fixed automatic service stops based on runlevel (redhat/centos) (CFE-2611)
- Fixed
cf-serverdcrash when reporting corrupted data (ENT-3023) - Fixed rare output truncation on Solaris 10/11 (CFE-2527)
- Fixed crash on Solaris when
psucb variant is not available (CFE-2506) - Fixed logic to detect when running under a Xen Hypervisor (CFE-1563)
- Fixed
lastseenexpireafter32-bit signed int overflow (zendesk#3204) - Fixed IPv6 parsing to be un-reversed (CFE-2580)
3.10.0
New features/additions:
- All new features/additions for 3.8 and 3.9 are also included in 3.10.
- Add: Classes body tailored for use with diff
- New feature: Classes promise: allow classes without an expression to default to defined.
- Support for custom ports and host names as policy hub (CFE-953)
- Add: Definition of
from_cfexecdforcf-execdinitiated runs (CFE-2386) - Added < <= > >= operators to eval().
- Added testing jUnit and TAP bundles and include them in
stdlib.cf - New function isipinsubnet() (ENT-7949)
LogDebug(): implement module-based debug logging. Now most DEBUG messages are not printed even when-dis in use, but the specific debug module has to be enabled on the command line. For example to enable all log modules, run:cf-agent -d --log-modules=all- Add:
edit_linecontains_literal_stringto stdlib - Added variablesmatching_as_data() function paralleling variablesmatching() (Redmine #7885)
- Allow specifying agent
maxconnectionsviadef.json(CFE-2461) - Added getuserinfo() function
- Added
body agent controlselect_end_match_eofoption. (CFE-2390) - Added class to enable post transfer verification during policy updates
- Added ability to append to
bundlesequencewithdef.json(CFE-2460) policy_server.datnow appends a newline and supports host & port
Changes:
- Rewrite iteration engine to avoid combinatorial explosion with nested variable expansions.
This speeds up enormously the execution of policies that included long
slists or JSON containers, that in the past didn’t even terminate.
Change:
cf_nullstring literal was changed to not be something special, and it’s now a string that can be used anywhere, like in slists or part ofbundlesequenceetc. NOTE: Old policy should be grep’ed forcf_nulland in case such occurrences were handled specially, they should be reworked. Change:--empty-list--is now never printed by format(), an empty list is now printed as{ }. Change: Order of pre-evaluation was slightly changed, A newvarspass at the beginning of pre-evaluation was added. It used to be classes-vars, but it was changed to vars-classes-vars. As a result some classes or variables might be evaluated at a different time than before. As always try to write policy code that works no matter what the order of execution is. One way is to always guard the execution of functions to avoid bogus function results. For example the following will avoid running execresult() before the file has been created:execresult("cmd /path/to/filename") if => fileexists("/path/to/filename");C internals: NULL Rlist is now perfectly valid, in fact it is the only way to denote an empty Rlist. C internals: Since a slist variable can be NULL, API ofEvalContextVariableGet()changed: The way to detect if a variable is found, is not to check return value for NULL, but to check returned type forCF_DATA_TYPE_NONE. Fixed what I could find as wrong API uses. (CFE-2162) - Allow arbitrary service policies (CFE-2402)
- Behaviour change:
cf-execd: Do not append-Dfrom_cfexecdtoexec_command. (CFE-2386) - Failsafe/Bootstrap no longer copy files starting with
.git(like.gitignore) or.mailmap(CFE-2439) - Change: Enable strict transport security
- Change: Disable http TRACE method
- Change: Verify transferred files during policy update
- Allow getvariablemetatags() and getclassmetatags() to get a specific tag key
- Change: Use more restrictive unix socket perms (ENT-2705)
- Added
sys.user_datacontainer for user starting agent. - Pass package promise options to underlying
apt-getcall (#802) (CFE-2468) - Change: Enable agent component management policy on systemd hosts (CFE-2429)
- Change: Switch processes
restart_classlogging to verbose - Change: Log level for keeping verbatim JSON to DEBUG (CFE-2141)
- Change: Require network before CFEngine services (CFE-2435)
- Behaviour change:
getvalues(inexistent_var)returns an empty list. Restores 3.7.x and earlier behaviour. (CFE-2479) - Behaviour change: when used with CFEngine 3.10.0 or greater,
bundles
set_config_values()andset_line_based()are appending a trailing space when inserting a configuration option with empty value. (CFE-2466) - Behaviour change: getvalues() always returns a list now. Even when v is a simple string (i.e. not an iterable) it will return an slist with one element: the value of the string variable.
- Behaviour change: readintlist() now prints an error if the file contains real numbers, not integers, and aborts; previously it was printing an info-level error message, was half-reading an integer out of the real, and was continuing successfully.
- Ensure synchronous start and stop with
systemctl(ENT-2841) - Change
select_regionINI_sectionto match end of section or end of file (CFE-2519)
Bug fixes:
- Fixed
filespromise not setting ACL properly on directories. (CFE-616) - Upgrade CFEngine dependencies to the following versions:
- libxml2 2.9.4
- OpenSSL 1.0.2j
- LibYAML 0.1.7
- Curl 7.50.3
- Fixed
cumulative()to accept up to 1000 years, like it’s documented. - Fixed parsing of host name/IP and port number in
cf-runagent(CFE-546) - Fixed intermittent error message of type:
“error: Process table lacks space for last columns:
” (CFE-2371) - storage: Properly initialize the list of current mounts (CFE-1803)
- Fixed
containattributeno_outputhaving no effect when thecommandspromise is usingmodule => "true". (CFE-2412) - Fixed bug which caused empty emails to be sent from
cf-execdif there was no previous output log and the new log was fully filtered by email filters. (ENT-2739) - Allow
ifelse(FALSE, $(x), "something else")to work. (CFE-2260) - Fixed connection cache, reuse connections when possible. (CFE-2447)
- Fixed rare bug that would sometimes prevent redis-server from launching.
- Fixed bug in
filespromise when multiple owners are promised but first one doesn’t exist, and improve logging . (CFE-2432) - Define kept outcome with action warn if
edit_lineis as expected (CFE-2424) - Example using getvariablemetatags() and getclassmetatags() to get a specific tag key
- Remove 2k limit on strings length when writing JSON policies (CFE-2383)
- Fixed
ttime_rangeconstraint to go higher than 2G as number of seconds. - Change: cronjob bundle tolerates different spacing
- Allow editing fields in lines longer than 4k (CFE-2438)
- Don’t send empty emails for logs where everything is filtered. (ENT-2739)
- Allow maplist(), maparray(), and mapdata() to evaluate function calls during iteration (ARCHIVE-1619)
insert_linesis no longer implicitly matching EOF as end of the region ifselect_endpattern is not matched . (CFE-2263)- Change: Remove executable bit from systemd units (CFE-2436)
cf-serverdshould reloaddef.jsonwhen reloading policy (CFE-2406)- Fixed
cf-monitorddetection of usernames of the process table on AIX. - Speed up local and remote file copying and fix spurious errors. (ENT-2769)
- Fixed occasional segfault when running getindices() on a
variable that has indices of multiple depths (e.g. both
a[x]anda[x][y]). (CFE-2397) - When no file is provided when calling
cf-promiseswithcforjsonoutput, usepromises.cfby default. This restores the previous behavior. (CFE-2375) - Fix: Services starting or stopping unnecessarily (CFE-2421)
- Change: Split systemd units (CFE-2278)
- EOF is matched as an end of the region in
edit_linepromises only ifselect_end_match_eofparameter is true. (CFE-2263) - Fixed double logging of
output_prefix, and log process name forcf-agentsyslog messages. (CFE-2225) - Be less verbose if a network interface doesn’t have a MAC address. (CFE-1995)
- Fix: CFEngine choking on standard services (CFE-2806)
- Fixed
insert_linesrelated memory corruption (CFE-2520) - Fixed
cf-serverdcrash when reporting corrupted data. (ENT-3023) - Fixed ability to manage INI sections with metachars for
manage_variable_values_iniandset_variable_values_ini(CFE-2519) - Fixed
apt_getpackage module incorrectly using interactive mode. - Fixed crash on Solaris when
psucb variant is not available. (CFE-2506) cf-serverd: Do not close connection when file does not exist. (CFE-2532)- getvalues() now behaves correctly for old CFEngine arrays of depth 1. Known issues: getvalues() still misbehaves with double-indexed arrays (see (CFE-2504, CFE-2536)
3.9.0
New features/additions:
- Added optional interface parameter to iprange() to match only one interface.
- Allow
=in symbolic modes (Redmine #7826) - Add: FreeBSD ports package module
- New package module for FreeBSD
pkgpackage manager. - Added support for adding/removing fifos in policy
- Added Linux parsing of
/proc/net/data. sys.ip2iface: new reverse mapping variable from IP to interface name- Namespaced classes can now be specified on the command line.
- Namespaces can now be passed to
cf-runagent-Dand--remote-bundles(Redmine #7856) - Added
cf-fullandjson-fulltocf-promises-poption. They generate output based on the entire policy. The existingcfalready behaved this way, and it has now been changed to generate output only for a single file, which the existingjsonoption already does. - New language functions: processexists() and findprocesses() (Redmine #7633)
- Implement new
regex_replace()function. (Redmine #7346) - Added log rotation policy for
state/classes.jsonllog. (Redmine #7951) - Added
collect_varsutility bundle to stdlib - Introduce
report_class_logattribute tobody agent control. (Redmine #7951) - Added
standard_servicesservice_methodallowing for explicit usage cf-promises--show-varscan now show JSON variables.- Added
json_pipemode to mapdata(), which allows piping a JSON container to an external program for manipulation and receiving JSON back. Thejqtool is a good example where this mode can be useful. A corresponding$(def.jq)variable has also been added with a default path to this tool. See documentation for mapdata() for more information and examples. (Jira CFE-2071) - Behaviour change:
trueis always defined andfalseis never defined in a context expression. - Add:
nimclientpackage module for AIX This module provides basic functionality for usingnimclientas a means to ensure packages are either present or absent. It does not support listing package updates available or provide any special caching. - Added callstack_callers() and callstack_promisers() functions.
- Log variable definitions in debug output. (Redmine #7137)
- Add: Memory information to host info report (Jira CFE-1177)
- In Mustache templates, one can now use
{{#-top-}}and{{/-top-}}tags to iterate over the top level element in a container. (Redmine #6545) - Added network_connections() function that parses
/proc/net - Provide new
-wargument to override the workdir for testing - New feature: Emails sent by
cf-execdcan be filtered to get rid of emails for unwanted log messages. The attributesmailfilter_includeandmailfilter_excludein body executor control control what to include. See documentation forcf-execdfor more information. (Jira CFE-2283) - Add:
file_make_mustachebundle to render mustache templates - Added
-nflag tocf-keyto avoid host name lookups. cf-agent,cf-execd,cf-promises,cf-runagentandcf-serverdhonor multiple-D,-Nand-sarguments (Redmine #7191)- Added
canonifymode to mapdata(). - Add:
printfilebodies to stdlib - Add: New results classes body [] (Redmine #7418, #7481)
- Implement
cf-runagent--remote-bundlesandcf-serverdbundleaccesspromise. (Redmine #7581) - Added
commandspromisearglistattribute, augmentingargsattribute. - It’s now possible to reference variables in inline JSON,
for example: mergedata(
[ thing, { "mykey": otherthing[123] } ]).thingandotherthing[123]will be resolved as variables, since they are unquoted. See the documentation for more details. (Redmine #7871) - Allow inline JSON to be used in the following function
calls:
- data_expand()
- difference()
- every()
- filter()
- format()
- getindices()
- getvalues()
- grep()
- intersection()
- join()
- length()
- makerule()
- mapdata()
- maplist()
- mean()
- mergedata()
- none()
- nth()
- parsejson()
- product()
- regarray()
- reglist()
- reverse()
- shuffle()
- some()
- sort()
- storejson()
- string_mustache()
- sublist()
- sum()
- unique()
- url_get()
- variance()
For example: mergedata(
[ "thing", { "mykey": "myvalue" } ]) See the documentation for more details. (Jira CFE-2253)
- Add:
edit_linecontains_literal_stringto stdlib - Added
body agent controlselect_end_match_eofoption. (Jira CFE-2390)
Changes:
- Change: classesmatching(): order of classes changed
- Change: getindices(), getvalues(), variablesmatching(), maparray(): order of variables returned has changed
- Change:
set_quoted_valuesuses bundle scoped classes - Change:
set_config_valuesuses bundle scoped classes - Change:
set_variable_valuesuses bundle scoped classes - Change:
set_config_values_matchinguses bundle scoped classes - Change:
manage_variable_values_iniuses bundle scoped classes - Change:
set_line_basedshould use bundle scoped classes (Jira CFE-1959) - getvalues() will now return a list also for data containers, and will descend recursively into the containers. (Redmine #7116)
- Change: Improve git drop user support
- Use new package promise as default package promise implementation. (Jira CFE-2332)
- Don’t follow symbolic links when copying extended attributes.
- When a
bodydefault:<promise_type>_<body_type>body is defined, it will be used by all promises of type<promise_type>unless another body is explicitly used. cf-serverdno longer appends-I -Dcfruncommandtocfruncommand, this has to be done manually in masterfilesbody server control. (Redmine #7732)- eval() function arguments mode and options are now optional.
- sort() function argument mode is now optional.
- Change: returnszero() no longer outputs the output of a command.
The output can be seen by enabling info mode (
-I). cfruncommandis not executed under shell. (Redmine #7409)- Remove: Apache CGI module
- Change: Make maxbytes arg of readjson() and readyaml() optional
- Classes matching agent control’s
abortclassesare now printed before exit, even if they are defined in common bundles. Previously the regex (inabortclasses) that matched the class was printed if the class was defined in a common bundle, but the class itself was printed if it was defined in an agent bundle. With this change, the defined class that caused the abort is always printed. - Remove: Support for email settings from
augments_file(Redmine #7682) - Change:
set_variable_values_iniuses bundle scoped classes - findfiles() now skips relative paths. (Redmine #7981)
- Clients connections using non TLS protocol are rejected by default. . (Jira CFE-2339)
- Change: Policy files specified in the
inputssection ofdef.jsonwill no longer be auto-loaded. One has to refer to the which are using theinputsfield insidedef.json. (Redmine #7961) - Change: Separate binary details from policy update (Redmine #7662)
- Added guard for binary upgrade during bootstrap (Redmine #7861)
- Change: Modernize pkg module and
package_method - Remove: Userdir apache module
filestat(path, "linktarget")now follows non-absolute links and returns full path of target. This introduces a change in behaviour. Here is an example:$ ls -l /bin/shlrwxrwxrwx 1 root root 4 Jun 4 2015/bin/sh-> dash Previously thefilestatfunction would returndash, and would also log an error that the file can not be read. Now it will return/bin/dash(or the final destination if it happens that/bin/dashis also a symlink). You can still get the previous behaviour by usingfilestat(path, "linktarget_shallow"). (Redmine #7404)- Define
(bootstrap|failsafe)_modeduringupdate.cfwhen triggered fromfailsafe.cf(Redmine #7861) - Behavior change: The promise string of a processes
promise now matches just the command line of each process instead of
the line that is output by
ps. This was done to reduce fragmentation between platforms, sincepsis a very nonstandardized tool. (Jira CFE-2161) - Allowed namespace names made more strict, to disallow namespaces that cannot be reached. (Redmine #7903)
- Behavior change: When using readintlist(), readreallist() or readstringlist(), parsing an empty file will no longer result in a failed function call, but instead an empty list. Failure to open the file will still result in a failed function call.
insert_linesis no longer implicitly matching EOF as end of the region ifselect_endpattern is not matched . (Jira CFE-2263)- EOF is matched as an end of the region in
edit_linepromises only ifselect_end_match_eofparameter is true. (Jira CFE-2263)
Bug fixes:
- Upgrade CFEngine dependencies to the following versions:
- Curl 7.48.0
- libxml2 2.9.4
- LMDB 0.9.18
- OpenLDAP 2.4.44
- OpenSSL 1.0.2h
- PCRE 8.38 (Jira ENT-2720)
- Upgrade dependencies to latest minor versions. For Community / Enterprise: For Enterprise:
- Fixed bug which sometimes misparses user names in
psoutput. - Fix: Problem with git not dropping privileges soon enough
- Allow
def.jsonup to 5MB instead of 4K. - It is possible to edit the same value in multiple regions of one file. (Redmine #7460)
- CFEngine on Windows no longer truncates log messages if the program in question is killed halfway through.
- Fixed a bug which caused
def.jsonnot being able to define classes based on other hard classes. (Jira CFE-2333) - Change: Tighten Enterprise hub permissions (Jira ENT-2708)
- Fixed a regression which would sometimes cause “Permission denied” errors on files inside directories with very restricted permissions. (Redmine #7808)
- Fixed use-after-free in
ArrayMapandHashMap(Redmine #7952) - Package repositories are no more hit every time package promise is evaluated on SUSE.
- Fixed a bug which sometimes caused package promises to be
skipped with “XX Another
cf-agentseems to have done this since I started” messages in the log, most notably in long runningcf-agentruns (longer than one minute). (Redmine #7933) - TTY detection should be more reliable. (Redmine #7606)
cf-promises-pcf now produces valid CFEngine code (Redmine #7956)- Fixed
psoptions for FreeBSD to check processes only in current host and not in jails cf-runagentnow properly supports multiple-Dor-sarguments (Redmine #7191)- Fix: Work around impaired class definition from augments (Jira CFE-2333)
- Fixed “No such file or directory” LMDB error on heavily loaded hosts. (Jira CFE-2300)
- Check for empty server response in
RemoteDirListafter decryption (Redmine #7908) - Small performance optimization when
cf-execdscans emails before sending. - Fixed handling of closed connections during transactions (Redmine #7926)
- The core
psparsing engine used forprocessespromises has been rewritten from scratch, and should be more robust than before. (Jira CFE-2161) - Fixed the lexer which could not handle empty newline(s)
before a
@endif. - groupexists() no longer fails to detect a group name starting with a digit. (Jira CFE-2351)
- Fixed HP-UX specific bug that caused a lot of log output to disappear.
- Fixed unresolved variable (Redmine #7931)
- Change: Suppress standard services noise on SUSE (Redmine #6968)
- Reduce verbosity of
yumpackage module (Redmine #7485) cf-runagent: Allow connections to localhost instead of failing silently.- Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points.
- Fixed classes being set because of hash collision in the implementation. (Redmine #7912)
- Fixed build failure on FreeBSD 7.1 (Redmine #7415)
- Improved logging when managing setuid/setgid
- Reduce verbosity of
apt_getpackage module (Redmine #7485) - packagesmatching() and packageupdatesmatching() should work when new package promise is used. (Jira CFE-2246)
- Fixed bug which could render host unable to recover from a
syntax error, even if
failsafe.cfwas utilized. This could happen if the file containing the syntax error was specified in thedef.jsonspecial file. (Redmine #7961) - Prevent crash in
cf-execdemail code when policy server is not set. - In case of networking error, assume checksum is wrong
- Fixed two cases where
action_policywarn still produces errors (Redmine #7274) - Fixed bad option
nlwptovzpson Proxmox / OpenVZ. (Redmine #6961) @ifminimum_versionnow correctly ignores lines starting with@(Redmine #7862)- No longer hang when changing permissions/ownership on fifos (Redmine #7030)
- readfile() and
read*list()should print an error if they fail to read file. (Redmine #7702) - The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it. (Redmine #7088)
- Fixed file descriptor leak when there are network errors.
- Improved robustness of process table parsing on Solaris. (Jira CFE-2161)
- Installing packages containing version numbers using
yumnow works correctly. (Redmine #7825) - Parse
def.jsonvars, classes and inputs from the C code. This fixes a bug where certain entries in this file would be parsed too late to have any effect on the evaluation. (Redmine #7453, #7615) - Change package modules permissions on hub package so that hub can execute package promises. (Redmine #7602)
- Fix: CFEngine choking on standard services (Jira CFE-2086)
- Fix:
cf-upgradeon SUSE - Fix: Stop CFEngine choking on
systemctloutput (Jira CFE-2806) - storage: Properly initialize the list of current mounts (Jira CFE-1803)
- Fixed bug which caused empty emails to be sent from
cf-execdif there was no previous output log and the new log was fully filtered by email filters. (Jira ENT-2739) - Don’t send empty emails for logs where everything is filtered. (Jira ENT-2739)
- Fixed intermittent error message of type:
“error: Process table lacks space for last columns:
” (Jira CFE-2371) - Be less verbose if a network interface doesn’t have a MAC address. (Jira CFE-1995)
3.8.2
Fixes:
- Update library dependencies to latest version.
Libraries upgraded:
- curl 7.47.0
- LMDB 0.9.18
- MySQL 5.1.72
- OpenLDAP 2.4.44
- OpenSSL 1.0.2g
- PostgreSQL 9.3.11
- Redis 3.0.7
rsync3.1.2 PHP was kept at 5.6.17 because of problems with the 5.6.19 version.
- Reduce verbosity of
apt_getpackage module (Redmine #7485) - Reduce verbosity of
yumpackage module (Redmine #7485) - The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it. (Redmine #7088)
- Don’t follow symbolic links when copying extended attributes.
- Fixed a bug which sometimes caused package promises to be
skipped with “XX Another
cf-agentseems to have done this since I started” messages in the log, most notably in long runningcf-agentruns (longer than one minute). (Redmine #7933) - Fixed bug which could render host unable to recover from a
syntax error, even if
failsafe.cfwas utilized. This could happen if the file containing the syntax error was specified in thedef.jsonspecial file. (Redmine #7961) - Change: Policy files specified in the
inputssection ofdef.jsonwill no longer be auto-loaded. One has to refer to the$(def.augments_inputs)variable in the policy (the standard masterfiles policies include this by default). This only affects installations which are not based on the standard masterfiles, and which are using theinputsfield insidedef.json. (Redmine #7961) - Fixed file descriptor leak when there are network errors.
- Fixed
cf-serverderror messages with classic protocol clients (Redmine #7818) - Installing packages containing version numbers using
yumnow works correctly. (Redmine #7825) - Fixed
psoptions for FreeBSD to check processes only in current host and not in jails - Fixed build failure on FreeBSD 7.1 (Redmine #7415)
- Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points.
- Fixed classes being set because of hash collision in the implementation. (Redmine #7912)
- Allow
def.jsonup to 5MB instead of 4K. - Fixed a regression which would sometimes cause “Permission denied” errors on files inside directories with very restricted permissions. (Redmine #7808)
- Change: Suppress standard services noise on SUSE (Redmine #6968)
Changes:
- Change: classesmatching(): order of classes changed
3.8.1
Changes:
- Upgrade CFEngine dependencies to the following versions:
- OpenSSL 1.0.2e
- PCRE 8.38
- libxml2 2.9.3
- OpenLDAP 2.4.43
- libcurl 7.46.0
- Upgrade LMDB to version 0.9.17. (Redmine #7879)
Bug fixes:
@ifminimum_versionnow correctly ignores lines starting with@(Redmine #7862)- Added guard for binary upgrade during bootstrap (Redmine #7861)
- Namespaced classes can now be specified on the command line.
- Fixed bad option
nlwptovzpson Proxmox / OpenVZ. (Redmine #6961) - Fixed two cases where
action_policywarn still produces errors (Redmine #7274) - Parse
def.jsonvars, classes and inputs from the C code. This fixes a bug where certain entries in this file would be parsed too late to have any effect on the evaluation. (Redmine #7453, #7615) - Fixed HP-UX specific bug that caused a lot of log output to disappear.
- Check for empty server response in
RemoteDirListafter decryption (Redmine #7908) - getvalues() will now return a list also for data containers, and will descend recursively into the containers. (Redmine #7116)
- Define
(bootstrap|failsafe)_modeduringupdate.cfwhen triggered fromfailsafe.cf(Redmine #7861)
3.8.0
New features/additions:
- New feature: Bodies can now inherit attribute values from
other bodies by specifying
inherit_fromwith the name of the body to inherit from, plus any arguments it accepts. For example:body classes myclasses{inherit_from => classes_generic("myname");}(Redmine #4309) - Added url_get() function. (Redmine #6480)
- Added
@if feature()syntax@if featurework like@if minimum_versionbut allows distinguishing between features chosen at compile time. - Extend module protocol to create persistent classes.
To use it, have the module print a line with
^persistence=<minutes>before printing any class names.persistence=0goes back to non- persistent classes. (Redmine #7302) - Add: New results classes body (Redmine #7418)
- Add: Debug reports in
cfe_internal_cleanup_agent_reports - Add: Path to
svcpropin stdlib - Add:
masterfiles-stagescript to contrib - Whitespace is now allowed in class expressions for readability, between class names and operators. (Redmine #7152)
Changes:
- Change: Clarify bootstrap/failsafe reports
- Change: Improve in-line docs for internal log maintenance
- Change: Improve efficiency and debug reports (Redmine #7527)
- Remove: 3.5 support from masterfiles policy framework
- Long promiser strings with multiple lines are now abbreviated in logs. (Redmine #3964)
- Change: Reunify Version based policy split
- Change: Separate binary details from policy update (Redmine #7662)
- Remove
/var/cfengine/cf3.<host>.runlog. (Redmine #6957) - Change:
sys.libdirandsys.local_libdirto non version specific path sys.libdirnow resolves to$(sys.inputdir)/libsys.local_libdirnow resolves tolib(Redmine #7559)- Moved the following files to
/var/cfengine/log/: /var/cfengine/promise_summary.log/var/cfengine/cfagent.<host>.log- Change: Separate binary details from policy update (Redmine #7662)
- Remove: Support for email settings from
augments_file(Redmine #7682)
Bug fixes:
- It is possible to edit the same value in multiple regions of one file. (Redmine #7460)
- Change package modules permissions on hub package so that hub can execute package promises. (Redmine #7602) (Redmine #7602)
- Fixed exporting CSV reports through HTTPS. (Redmine #7267)
cf-agent,cf-execd,cf-promises,cf-runagentandcf-serverdhonor multiple-D,-Nand-sarguments (Redmine #7191)- readfile() and
read*list()should print an error if they fail to read file. (Redmine #7702) - No longer hang when changing permissions/ownership on fifos (Redmine #7030)
- Fixed broken HA policy for 3rd disaster-recovery node.
- Fix: Policy errors for 3.5 and 3.6
- Mustache templates: Fix
{{@}}key when value is not a primitive. The old behavior, when iterating across a map or array of maps, was to abort if the key was requested with{{@}}. The new behavior is to always replace{{@}}with either the key name or the iteration position in the array. An error is printed if{{@}}is used outside of a Mustache iteration section. - Fixed build with musl libc. (Redmine #7455)
- Fixed a bug which could cause daemons to not to be killed
correctly when upgrading or manually running
service cfengine3 stop. (Redmine #7193) - Fixed daemons not restarting correctly on upgrade on AIX.
- Package promise: Fix inability to install certain packages with numbers. (Redmine #7421)
- Redmine #6027 Directories should no more be changed randomly into files. (Redmine #6027)
- Improved
cf-serverd’s lock contention because ofgetpwnam()call. (Redmine #7643) (Redmine #7643) action_policy"warn"now correctly produces warnings instead of various other verbosity levels. (Redmine #7274)- If there is an error saving a mustache template file it is now logged with log-level error (was inform).
- The JSON parser now supports unquoted strings as keys.
- Reduce
malloc()thread contention on heavily loadedcf-serverd, by not exiting early in the logging function, if no message is to be printed. (Redmine #7624) (Redmine #7624) - Fixed a bug which caused daemons not to be restarted on upgrade. (Redmine #7528)
- Include latest security updates for dependencies.
- Fixed bug which would cause bff and depot packages not to run package scripts on removal. (Redmine #7193)
- Fixed upgrade causing error message under systemd because of open ports.
- Fixed several bugs which prevented CFEngine from loading libraries from the correct location. This affected several platforms. (Redmine #6708)
- Legacy package promise: Result classes are now defined if the package being promised is already up to date. (Redmine #7399)
failsafe.cfwill be created when needed. (Redmine #7634) (Redmine #7634)- If
file_select.file_typesis set to symlink and there are regular files in the scanned directory, CFEngine no longer produces an unnecessary error message. (Redmine #6996) - Fixed
AIX_PREINSTALL_ALREADY_DONE.txt: cannot createerror message on AIX. - Fixed package promise not removing dependent packages. (Redmine #7424)
- Fix: Solaris packages no longer contain duplicate library files, but instead symlinks to them. (Redmine #7591)
- Fixed
select_classnot setting class when used in common bundle with slist. (Redmine #7482) - Fixed
@endifkeyword sometimes being improperly processed by policy parser. (Redmine #7413) - Fixed noise from internal policy to upgrade windows agents (Redmine #7456)
cfruncommandnow works if it contains spaces, with the TLS protocol. (Redmine #7405)- Fixed warning “Failed to parse csv file entry” with certain very long
commandspromises. (Redmine #7400) - CFEngine no longer erroneously passes
-Mtouseraddon HP-UX. (Redmine #6734) cf-monitordno longer complains about missing thermal zone files. (Redmine #7238)- systemd is now detected correctly if it is a symlink (Redmine #7297)
- TTY detection should be more reliable. (Redmine #7606) (Redmine #7606)
3.7.3
Fixes:
- Reduce verbosity of
yumpackage module (Redmine #7485) - Reduce verbosity of
apt_getpackage module (Redmine #7485) - Upgrade dependencies to latest patch versions.
Upgraded libraries:
- curl 7.47.0
- libxml2 2.9.3
- LMDB 0.9.18
- MySQL 5.1.72
- OpenLDAP 2.4.44
- OpenSSL 1.0.2g
- PCRE 8.38
- PostgreSQL 9.3.11
- Redis 2.8.24
rsync3.1.2 PHP was kept at 5.6.17 because of problems with the 5.6.19 version.
- Parse
def.jsonvars, classes, and inputs in C (Redmine #7453) - Namespaced classes can now be specified on the command line.
- getvalues() will now return a list also for data containers, and will descend recursively into the containers. (Redmine #7116)
@ifminimum_versionnow correctly ignores lines starting with@(Redmine #7862)- Fixed definition of classes from augments file
- Don’t follow symbolic links when copying extended attributes.
- Fixed
psoptions for FreeBSD to check processes only in current host and not in jails - Fixed
cf-serverderror messages with classic protocol clients (Redmine #7818) - Change: Suppress standard services noise on SUSE (Redmine #6968)
- The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it. (Redmine #7088)
- Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points.
- Fixed bad option
nlwptovzpson Proxmox / OpenVZ. (Redmine #6961) - Fixed file descriptor leak when there are network errors.
- Fixed a regression which would sometimes cause “Permission denied” errors on files inside directories with very restricted permissions. (Redmine #7808)
- Check for empty server response in
RemoteDirListafter decryption (Redmine #7908) - Allow
def.jsonup to 5MB instead of 4K. - Added guard for binary upgrade during bootstrap (Redmine #7861)
- Fixed HP-UX specific bug that caused a lot of log output to disappear.
- Fixed a bug which sometimes caused package promises to be
skipped with “XX Another
cf-agentseems to have done this since I started” messages in the log, most notably in long runningcf-agentruns (longer than one minute). (Redmine #7933) - Define
(bootstrap|failsafe)_modeduringupdate.cfwhen triggered fromfailsafe.cf(Redmine #7861) - Fixed two cases where
action_policywarn still produces errors (Redmine #7274) - Fixed classes being set because of hash collision in the implementation. (Redmine #7912)
- Fixed build failure on FreeBSD 7.1 (Redmine #7415)
- Installing packages containing version numbers using
yumnow works correctly. (Redmine #7825)
Changes:
- Change: classesmatching(): order of classes changed
3.7.3 Fixes:
- Reduce verbosity of
yumpackage module (Redmine #7485) - Reduce verbosity of
apt_getpackage module (Redmine #7485) - Upgrade dependencies to latest patch versions.
Upgraded libraries:
- curl 7.47.0
- libxml2 2.9.3
- LMDB 0.9.18
- MySQL 5.1.72
- OpenLDAP 2.4.44
- OpenSSL 1.0.2g
- PCRE 8.38
- PostgreSQL 9.3.11
- Redis 2.8.24
rsync3.1.2 PHP was kept at 5.6.17 because of problems with the 5.6.19 version.
- Parse
def.jsonvars, classes, and inputs in C (Redmine #7453) - Namespaced classes can now be specified on the command line.
- getvalues() will now return a list also for data containers, and will descend recursively into the containers. (Redmine #7116)
@ifminimum_versionnow correctly ignores lines starting with@(Redmine #7862)- Fixed definition of classes from augments file
- Don’t follow symbolic links when copying extended attributes.
- Fixed
psoptions for FreeBSD to check processes only in current host and not in jails - Fixed
cf-serverderror messages with classic protocol clients (Redmine #7818) - Change: Suppress standard services noise on SUSE (Redmine #6968)
- The isvariable() function call now correctly accepts all array variables when specified inline. Previously it would not accept certain special characters, even though they could be specified indirectly by using a variable to hold it. (Redmine #7088)
- Show errors regarding failure to copy extended attributes when doing a local file copy. Errors could happen when copying across two different mount points where the support for extended attributes is different between the mount points.
- Fixed bad option
nlwptovzpson Proxmox / OpenVZ. (Redmine #6961) - Fixed file descriptor leak when there are network errors.
- Fixed a regression which would sometimes cause “Permission denied” errors on files inside directories with very restricted permissions. (Redmine #7808)
- Check for empty server response in
RemoteDirListafter decryption (Redmine #7908) - Allow
def.jsonup to 5MB instead of 4K. - Added guard for binary upgrade during bootstrap (Redmine #7861)
- Fixed HP-UX specific bug that caused a lot of log output to disappear.
- Fixed a bug which sometimes caused package promises to be
skipped with “XX Another
cf-agentseems to have done this since I started” messages in the log, most notably in long runningcf-agentruns (longer than one minute). (Redmine #7933) - Define
(bootstrap|failsafe)_modeduringupdate.cfwhen triggered fromfailsafe.cf(Redmine #7861) - Fixed two cases where
action_policywarn still produces errors (Redmine #7274) - Fixed classes being set because of hash collision in the implementation. (Redmine #7912)
- Fixed build failure on FreeBSD 7.1 (Redmine #7415)
- Installing packages containing version numbers using
yumnow works correctly. (Redmine #7825)
Changes:
- Change: classesmatching(): order of classes changed
3.7.2
Bug fixes:
- readfile() and
read*list()should print an error if they fail to read file. (Redmine #7702) - Fixed
AIX_PREINSTALL_ALREADY_DONE.txt: cannot createerror message on AIX. - If there is an error saving a mustache template file it is now logged with log-level error (was inform).
- Change: Clarify bootstrap/failsafe reports
- Fixed several bugs which prevented CFEngine from loading libraries from the correct location. This affected several platforms. (Redmine #6708)
- If
file_select.file_typesis set to symlink and there are regular files in the scanned directory, CFEngine no longer produces an unnecessary error message. (Redmine #6996) - Fix: Solaris packages no longer contain duplicate library files, but instead symlinks to them. (Redmine #7591)
cf-agent,cf-execd,cf-promises,cf-runagentandcf-serverdhonor multiple-D,-Nand-sarguments (Redmine #7191)- Fixed
@endifkeyword sometimes being improperly processed by policy parser. (Redmine #7413) - It is possible to edit the same value in multiple regions of one file. (Redmine #7460)
- Fixed
select_classnot setting class when used in common bundle with slist. (Redmine #7482) - Fixed broken HA policy for 3rd disaster-recovery node.
- Directories should no more be changed randomly into files. (Redmine #6027)
- Include latest security updates for 3.7.
- Reduce
malloc()thread contention on heavily loadedcf-serverd, by not exiting early in the logging function, if no message is to be printed. (Redmine #7624) - Improved
cf-serverd’s lock contention because ofgetpwnam()call. (Redmine #7643) action_policy"warn"now correctly produces warnings instead of various other verbosity levels. (Redmine #7274)- Change: Improve efficiency and debug reports (Redmine #7527)
- Change package modules permissions on hub package so that hub can execute package promises. (Redmine #7602)
- No longer hang when changing permissions/ownership on fifos (Redmine #7030)
- Fixed exporting CSV reports through HTTPS. (Redmine #7267)
failsafe.cfwill be created when needed. (Redmine #7634)- Mustache templates: Fix
{{@}}key when value is not a primitive. The old behavior, when iterating across a map or array of maps, was to abort if the key was requested with{{@}}. The new behavior is to always replace{{@}}with either the key name or the iteration position in the array. An error is printed if{{@}}is used outside of a Mustache iteration section. - Legacy package promise: Result classes are now defined if the package being promised is already up to date. (Redmine #7399)
- TTY detection should be more reliable. (Redmine #7606)
Masterfiles:
- Add: Path to
svcpropin stdlib - Add: New results classes body [] (Redmine #7418, #7481)
- Remove: Support for email settings from
augments_file(Redmine #7682)
3.7.1
Bug fixes:
- Fixed daemons not restarting correctly on upgrade on AIX. (Redmine #7550)
- Fixed upgrade causing error message under systemd because of open ports.
- Fixed build with musl libc. (Redmine #7455)
- Long promiser strings with multiple lines are now abbreviated in logs. (Redmine #3964)
- Fixed a bug which could cause daemons to not to be killed
correctly when upgrading or manually running
service cfengine3 stop. (Redmine #7193) - Package promise: Fix inability to install certain packages with numbers.
- Fixed package promise not removing dependent packages. (Redmine #7424)
- Fixed warning “Failed to parse csv file entry” with certain very long
commandspromises. (Redmine #7400) - Fixed misaligned help output in
cf-hub. (Redmine #7273) - Augmenting inputs from the
augments_file(Redmine #7420) - Added support for failover to 3rd HA node located outside cluster.
- Upgrade all dependencies for patch release.
- Fixed a bug which caused daemons not to be restarted on upgrade. (Redmine #7528)
3.7.0
New features:
- New package promise implementation. The syntax is much simpler, to try it out, check out the syntax:
packages:
"mypackage"
policy => "absent/present",
# Optional, default taken from common control
package_module => apt_get,
# Optional, will only match exact version. May be
# "latest".
version => "32.0",
# Optional.
architecture => "x86_64";
- Full systemd support for all relevant platforms
- New classes to determine whether certain features are enabled:
feature_yamlfeature_xmlFor the official CFEngine packages, these are always enabled, but packages from other sources may be built without the support.
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
- YAML support: new readyaml() function and in readdata()
- CSV support: new readcsv() function and in readdata()
- New string_mustache() function
- New data_regextract() function
- eval() can now be called with
classas themodeargument, which will cause it to return true (any) if the calculated result is non-zero, and false (!any) if it is zero. - New
list_ifelse()function - New mapdata() function as well as JSON support in maparray().
- filestat() function now supports
xattrargument for extended attributes. ifvarclassnow hasifas an alias, andunlessas an inverse alias.- Ability to expand JSON variables directory in Mustache templates:
Prefix the name with
%for multiline expansion,$for compact expansion. - Ability to expand the iteration key in Mustache templates with
@ - Canonical JSON output: JSON output has reliably sorted keys so the same data structure will produce the same JSON every time.
- New
@if minimum_version(x.x)syntax in order to hide future language improvements from versions that don’t understand them. - Compile time option (
--with-statedir) to override the defaultstate/directory path. - Fixed error messages/ handling in process signalling which no longer allowed any signals to fail silently
- Also enable shortcut keyword for
cf-serverdclassic protocol, eg to simplify the bootstrap process for clients that have differentsys.masterdirsettings (Redmine #3697) methodspromises now accepts the bundle name in the promiser string, as long as it doesn’t have any parameters.- In a
servicespromise, if theservice_methodbundle is not specified, it defaults to the promiser string (canonified) withservice_as a prefix. The bundle must be in the same namespace as the promise. - Inline JSON in policy files: surrounding with parsejson() is now optional when creating a new data container.
- New data_expand() function to interpolate variables in a data container.
- Added configurable network bandwidth limit for all outgoing
connections (
bwlimitattribute inbody common control) . To enforce it in both directions, make sure the attribute is set on both sides of the connection. - Secure bootstrap has been facilitated by use of
cf-agent --bootstrap HUB_ADDRESS --trust-server=no - Implement new TLS-relevant options (Redmine #6883):
body common control:tls_min_versionbody server control:allowtlsversionbody common control:tls_ciphersbody server control:allowciphers(preexisting)
Changes:
- Improved output format, less verbose, and messages are grouped.
cf-execd:agent_expireafterdefault was changed to 120 minutes (Redmine #7113)- All embedded databases are now rooted in the
state/directory. - TLS used as default for all outgoing connections.
- process promise now reports kept status instead of repaired if a
signal is not sent, even if the
restart_classis set. The old behavior was to set the repaired status whenever the process was not running. (Redmine#7216). - Bootstrapping requires keys to be generated in advance using
cf-key. - Disable class set on reverse lookup of interfaces IP addresses. (Redmine #3993, Redmine #6870)
- Define a hard class with just the OS major version on FreeBSD.
- Abort
cf-agentif OpenSSL’s random number generator can’t be seeded securely. - Masterfiles source tarball now installs using the usual commands
./configure; make install. - Updated Emacs syntax highlighting template to support the latest syntax enhancements in 3.7.
Deprecations:
- Arbitrary arguments to
cfruncommand(usingcf-runagent -o) are not acceptable any more. (Redmine #6978) - 3.4 is no longer supported in masterfiles.
Bug fixes:
- Fixed server common bundles evaluation order (Redmine#7211).
- Limit LMDB disk usage by preserving sparse areas in LMDB files (Redmine#7242).
- Fixed LMDB corruption on HP-UX 11.23. (Redmine #6994)
- Fixed
insert_linesfailing to converge ifpreserve_blockwas used. (Redmine #7094) - Fixed init script failing to stop/restart daemons on openvz/lxc hosts. (Redmine #3394)
rm_rf_depthnow deletes base directory as advertised. (Redmine #7009)- Refactored
cf-agent’s connection cache to properly differentiate hosts using all needed attributes like host and port. (Redmine #4646) - Refactored lastseen database handling to avoid inconsistencies. (Redmine #6660)
cf-key--trust-keynow supports new syntax to also update the lastseen database, so that clients using old protocol will trust the server correctly.- Fixed a bug which sometimes caused an agent or daemon to kill or stop itself. (Redmine #7075, #7244)
- Fixed a bug which made it difficult to kill CFEngine daemons,
particularly
cf-execd. (Redmine #6659, #7193) - Fixed a bug causing systemd not to be detected correctly on Debian. (Redmine #7297)
cf-promises -Twill now correctly report the checked out commit, even if you haven’t checked out a Git branch. (Redmine #7332)- Reduce verbosity of harmless errors related to socket timeouts and missing thermal zone files. (Redmine #6486 and #7238)
Masterfiles:
Added:
- Support for user specified overriding of framework defaults without
modifying policy supplied by the framework itself (see
example_def.json) - Support for
def.jsonclass augmentation in update policy - Run vacuum operation on postgresql every night as a part of maintenance.
- Added
measure_promise_timeaction body to lib (3.5, 3.6, 3.7, 3.8) - New negative class guard
cfengine_internal_disable_agent_emailso that agent email can be easily disabled by augmentingdef.json
Changed:
- Relocated
def.cftocontrols/VER/ - Relocated
update_deftocontrols/VER - Relocated all controls to
controls/VER - Only load
cf_hubandreports.cfon CFEngine Enterprise installs - Relocated acls related to report collection from bundle server
access_rulestocontrols/VER/reports.cfinto bundle serverreport_access_rules - Re-organize
cfe_internalsplitting core from enterprise specific policies and loading the appropriate inputs only when necessary - Moved update directory into
cfe_internalas it is not generally intended to be modified services/autorun.cfmoved tolib/VER/as it is not generally intended to be modified- To improve predictability autorun bundles are activated in lexicographical order
- Relocated
services/file_change.cftocfe_internal/enterprise. This policy is most useful for a good OOTB experience with CFEngine Enterprise Mission Portal. - Relocated
service_cataloguefrompromises.cftoservices/main.cf. It is intended to be a user entry. This name change correlates with the main bundle being activated by default if there is nobundlesequencespecified. - Reduce benchmarks sample history to 1 day.
- Update policy no longer generates a keypair if one is not found. (Redmine: #7167)
- Relocated
cfe_internal_postgresql_maintenancebundle tolib/VER/ - Set
postgresql_monitoring_maintenanceonly for versions 3.6.0 and 3.6.1 - Move hub specific bundles from
lib/VER/cfe_internal.cfintolib/VER/cfe_internal_hub.cfand load them only ifpolicy_serverpolicy if set. - Re-organize
lib/VER/stdlib.cffrom lists into classic array for use withgetvalues
Removed:
- Diff reporting on
/etc/shadow(Enterprise) - Update policy from
promises.cfinputs. There is no reason to include the update policy intopromises.cf,update.cfis the entry for the update policy _not_repairedoutcome fromclasses_genericandscoped_classes_generic(Redmine: # 7022)
Fixes:
standard_servicesnow restarts the service if it was not already running when usingservice_policy=> restart withchkconfig(Redmine #7258)
3.6.5
Features:
- Introduced
systemdhard class. (Redmine #6995) - Added paths to
dtrace,zfsandzpoolon FreeBSD in masterfiles.
Bug fixes:
- Fixed build error on certain RHEL5 and SLES10 setups. (Redmine #6841)
- Fixed a bug which caused dangling symlinks not to be removed. (Redmine #6582)
- Fixed
data_readstringarrayidxfunction not preserving the order of the array it’s producing. (Redmine #6920) - Fixed a bug which sometimes caused CFEngine to kill the wrong daemon if both the host and a container inside the host were running CFEngine. (Redmine #6906)
- Made sure the
rm_rf_depthbundle also deletes the base directory. (Redmine #7009) - Fixed monitord reporting wrongly on open ports. (Redmine #6926)
- Skip adding the class when its name is longer than 1024 characters. Fixed core dump when the name is too large. (Redmine #7013)
- Fixed detection of stopped process on Solaris. (Redmine #6946)
- Fixed infinite loop (Redmine #6992) plus a couple more minor
bugs in
edit_xmlpromises.
3.6.4
Features:
- Introduced
userspromises support on HP-UX platform. - Introduced process promises support on HP-UX platform.
Bug fixes:
- Fixed bug on FreeBSD which sometimes led to the wrong process being killed (Redmine #2330)
- Fixed package version comparison sometimes failing with rpm package manager (Redmine #6807)
- Fixed a bug in
userspromises which would sometimes set the wrong password hash if the user would also be unlocked at the same time. - Fixed a bug on AIX which would occasionally kill the wrong process.
- Improved error message for functions that require an absolute path. (Redmine #6877)
- Fixed some spelling errors in examples.
- Fixed error in out-of-tree builds when building
cf-upgrade. - Fixed a bug which would make
cf-agentexit with an error if it was built with a custom log directory, and that directory did not exist. - Fixed ordering of evaluating promises when
depends_onis used. (Redmine #6484, Redmine #5462) - Skip non-empty directories silently when recursively deleting. (Redmine #6331)
- Fixed memory exhaustion with list larger than 4994 items. (Redmine # 6672)
- Fixed
cf-execdsegfault on IP address detection (Redmine #6905). - Fixed hard class detection of RHEL6 ComputeNode (Redmine #3148).
3.6.3
New features:
- Support for HP-UX 11.23 and later
- Experimental support for Red Hat Enterprise Linux 7
Bug fixes:
- Fixed
getindiceson multi-dimensional arrays (Redmine #6779) - Fixed mustache template method to run in dryrun mode (Redmine #6739)
- Set
mailtoandmailfromsettings for execd indef.cf(Redmine #6702) - Fixed conflation of multi-index entries in arrays (Redmine #6674)
- Fixed promise locking when transferring using
update.cf(Redmine #6623) - Update JSON parser to return an error on truncation (Redmine #6608)
- Fixed
sys.hardware_addressesnot expanded (Redmine #6603) - Fixed opening database txn
/var/cfengine/cf_lastseen.lmdb:MDB_READERS_FULLwhen runningcf-key --show-hosts(Redmine #6602) - Fixed segfault (Null pointer dereference) when
select_endindelete_linesnever matches (Redmine #6589) - Fixed
max_file_size => "0"not disabling or allowing any size (Redmine #6588) - Fixed
ifvarclass, with iteration over list, failing when deleting files with time condition (Redmine #6577) - Fixed classes defined with
orconstraint are never set if any value doesn’t evaluate to a scalar (Redmine #6569) - Update
mailfromdefault in default policy (Redmine #6567) - Fixed logrotate ambiguity of filename (Redmine #6563)
- Fixed parsing JSON files (Redmine #6549)
- Reduce write count activity to
/varpartition (Redmine #6523) - Fixed files
deleteattribute incorrectly triggeringpromise_kept(Redmine #6509) - Update services bundle output related to
chkconfigwhen run in inform mode. (Redmine #6492) - Fixed Solaris serverd tests (Redmine #6406)
- Fixed broken behaviour of merging arrays with
readstringarray(Redmine #6369) - Fixed
ifelapsedbug with bundle nesting (Redmine #6334) - Fixed handling
cf_nullinbundlesequence(Redmine #6119) - Fixed
maparrayreading whole input array when using subarray (Redmine #6033) - Fixed directories being randomly changed to files (Redmine #6027)
- Update
defaultspromise type to work with classes (Redmine #5748) - systemd integration in
servicespromises (Redmine #5415) - Fixed
touchattribute ignoring action =warn_only(Redmine #3172) - Fixed 4KB string limit in functions
readfile,string_downcase,string_head,string_reverse,string_length,string_tail,string_upcase(Redmine #2912)
3.6.2
Bug fixes:
- Don’t regenerate
software_packages.csvevery time (Redmine #6441) - Improved verbose message for
package_list_command - Fixed missing log output on AIX (Redmine #6434)
- Assorted fixes to dirname() esp on Windows (Redmine #4716)
- Fixed package manager detection
- Fixed build issues on FreeBSD
- Allow copying of dead symbolic links (Redmine #6175)
- Preserve order in
readstringarrayidx(Redmine #6466) - Fixed passing of unexpanded variable references to arrays (Redmine #5893)
- Use entries for new
{admin,deny}_{ips,hostnames}constraints in the relevant legacy lists (Redmine #6542) - Cope with
ps’s numeric fields overflowing to the right - Interpret failing function calls in
ifvarclassas class not set (Redmine #6327) - Remove unexpanded lists when extending lists (Redmine #6541)
- Infer start-time of a process from elapsed when needed (Redmine #4094)
- Fixed input range definition for laterthan() function (Redmine #6530)
- Don’t add trailing delimiter when join()‘ing lists ending with a null-value (Redmine #6552)
- 9999999999 (ten 9s) or higher has been historically used as an upper
bound in CFEngine code and policy but because of overflow on 32-bit
platforms it caused problems with big numbers. Fixed in two ways:
first change all existing policy uses to 999999999 (nine 9s instead
of eleven 9s), second fix the C code to not wrap-around in case of
overflow, but use the
LONG_MAXvalue (Redmine #6531). cf-serverdand other daemons no longer reload their configuration every minute if CFEngine is built with an inputs directory outside of the work directory (not the default). (Redmine #6551)
3.6.1
New features:
- Introduced Solaris and AIX support into the 3.6 series, with many associated build and bug fixes.
Changes:
- Short-circuit evaluation of
classespromises if class is already set (Redmine #5241) - Fixed to assume all non-specified return codes are failed in
commandspromises (Redmine #5986) cf-serverdlogs reconfiguration message to NOTICE (was INFO) so that it’s always logged in syslog
Bug fixes:
- File monitoring has been completely rewritten (
changesattribute infilespromise), which eliminates many bugs, particularly regarding files that are deleted. Upgrading will keep all monitoring data, but downgrading again will reinitialize the DB, so all files will be reported as if they were new. (Redmine #2917) $(this.promiser)expands infilespromises fortransformer,edit_template,copy_from.source,file_select.exec_program,classesandactionbodies (Redmine #1554, #1496, #3530, #1563)body changesnotifies about disappeared files in file monitoring (Redmine #2917)- Fixed CFEngine template producing a zero sized file (Redmine #6088)
- Added 0-9 A-Z _ to allowed context of module protocol (Redmine #6063)
- Extend
pscommand column width and prepend zone name on Solaris - Fixed strftime() function on Solaris when called with certain specifiers.
- Fixed
userspromise bug regarding password hashes in a NIS/NSS setup. - Fixed
$(sys.uptime),$(sys.systime)and$(sys.sysday)in AIX. (Redmine #5148, #5206) - Fixed
processes_selectcomplaining about “Unacceptable model uncertainty examining processes” (Redmine #6337) pscommand for linux has been changed to cope with big rss values (Redmine #6337)- Address
ps-axoshift on FreeBSD 10 and later (Redmine #5667) methodsandservicespromises respectaction_policy => "warn"(Redmine #5924)- LMDB should no longer deadlock if an agent is killed on the hub while holding the DB lock. Note that the change only affects binary packages shipped by CFEngine, since the upstream LMDB project has not yet integrated the change. (Redmine #6013)
3.6.0
Changes:
- Changes to logging output
- Added process name and pid in syslog message (GitHub #789)
cf-serverdlogging levels are now more standardised:
- INFO logs only failures
- VERBOSE logs successful requests as well
- DEBUG logs actual protocol traffic.
cf-serverdnow logs the relevant client IP address on each message.- Logging contexts to local database (
cf_classes.tcdb) has been deprecated. usebundlepromisees are logged for all the bundle promises- output from
reportspromises has nothing prefixed exceptR: - a log line with stack path is generated when the promise type evaluated changes
- LMDB (symas.com/mdb) is the default database for local data storage : use version 0.9.9 or later
cf-agent--self-diagnostics(-x) is only implemented for TCDB, not for LMDB - port argument in readtcp() and selectservers() may be a
service name (e.g.
http,pop3). - Enabled source file in agent
copy_frompromises to be a relative path.- file
changesreporting now reports with log levelnotice, instead oferror.
- file
process_resultsdefault to AND’ing of set attributes if not specified (Redmine #3224)- interface is now canonified in
sys.hardware_mac[interface]to align withsys.ipv4[interface](Redmine #3418) cf-promisesno longer errors on missing bodies when run without--full-check(-c)- Linux flavor
SUSEnow correctly spelled with all uppercase in variables and class names (Redmine #3734). Thesuselowercase version is also provided for convenience (Redmine #5417). $(this.promise_filename)and$(..._dirname)variables are now absolute paths. (Redmine #3839)- Including the same file multiple times in
body control inputsis not an error - portnumber in
body copy_fromnow supports service names likecfengine,pop3etc, check/etc/servicesfor more. - The
failsafe.cfpolicy, run on bootstrap and in some other unusual cases, has been extracted from C code intolibpromises/failsafe.cf - masterfiles
cf_promises_validatedis now in JSON format- timestamp key is timestamp (sec since unix epoch) of last time validated
- the masterfiles now come from https://github.com/cfengine/masterfiles and are not in the core repository
cf-serverdcallscf-agentwith-Dcfruncommandwhen executingcf-runagentrequests- Mark as removed:
promise_notkept_log_include,promise_notkept_log_exclude,promise_repaired_log_include,promise_repaired_log_exclude,classes_include,classes_exclude,variables_include,variables_excludeattributes fromreport_data_selectbody (syntax is valid but not functional). They have been replaced by the following attributes:promise_handle_include,promise_handle_exclude,metatags_include,metatags_exclude.
New features:
- New promise type
usersfor managing local user accounts. - TLS authentication and fully encrypted network protocol.
Additions specific to the new type of connections:
- New attribute
allowlegacyconnectsinbody server control, which enables serving policy via non-latest CFEngine protocol, to the given list of hosts. If the option is absent, it defaults to allow all hosts. To refuse non-TLS connections, specify an empty list. - New attribute
protocol_versioninbody copy_from, and body common control, which defines the preferred protocol for outgoing connections.. Allowed values at the moment:"0"or"undefined","classic"or"1","latest"or"2". By leaving thecopy_fromoption as undefined the common control option is used, and if both are undefined then classic protocol is used by default. - The new networking protocol uses TLS for authentication,
after which all dialog is encrypted within the established
TLS session.
cf-serverdis still able to speak the legacy protocol with old agents. - The
skipverifyoption inbody server controlis deprecated and only left for compatibility; it does nothing cf-serverddoes not hang up the connection if some request fails, so that the client can add more requests.- For the connections using the new protocol, all of the
paths in
bundle server access_rulesnow differentiate between a directory and a file using the trailing slash. If the path exists then this is auto-detected and trailing slash appended automatically. You have to append a trailing slash manually to an inexistent or symbolic path (e.g./path/to/$(connection.ip)/) to force recursive access.
- New attribute
- New in
accesspromises forbundle server access_rules- Attributes
admit_ips,admit_hostnames,admit_keys,deny_ips,deny_hostnames,deny_keys admit_keysanddeny_keysadd the new functionality of controlling access according to host identity, regardless of the connecting IP.- For these new attributes, regular expressions
are not allowed, only CIDR notation for
admit/deny_ips, exactSHA=...strings foradmit/deny_keys, and exact hostnames (e.g.cfengine.com) or subdomains (starting with dot, e.g..cfengine.com) foradmit/deny_hostnames. Same rules apply todeny_*attributes. - These new constraints and the paths in
access_rules, can contain special variables$(connection.ip),$(connection.hostname),$(connection.key), which are expanded dynamically for every received connection. - For connections using the new protocol,
admitanddenyconstraints inbundle server access_rulesare being phased out, preferred attributes are nowadmit_ips,deny_ips,admit_hostnames,deny_hostnames,admit_keys,deny_keys. - New
shortcutattribute inbundle server access_rulesused to dynamically expand non-absolute request paths.
- Attributes
- masterfiles
- standard library split:
lib/3.5(compatibility) andlib/3.6(mainline) - many standard library bundles and bodies, especially packages- and file-related, were revised and fixed
- supports both Community and Enterprise
- new
inventory/structure to provide OS, dmidecode, LSB, etc. system inventory (configured mainly indef.cf) cf_promises_release_idcontains the policy release ID which is the GIT HEAD SHA if available or hash of tree- a bunch’o’bundles to make starting with CFEngine easier:
- file-related:
file_mustache,file_mustache_jsonstring,file_tidy,dir_sync,file_copy,file_link,file_hardlink,file_empty,file_make - packages-related:
package_absent,package_present,package_latest,package_specific_present,package_specific_absent,package_specific_latest,package_specific - XML-related:
xml_insert_tree_nopath,xml_insert_tree,xml_set_value,xml_set_attribute - VCS-related:
git_init,git_add,git_checkout,git_checkout_new_branch,git_clean,git_stash,git_stash_and_clean,git_commit,git - process-related:
process_kill - other:
cmerge,url_ping,logrotate,prunedir
- standard library split:
- New command line options for agent binaries
- New options to
cf-promises --show-classesand--show-vars--eval-functionscontrols whethercf-promisesshould evaluate functions- Colorized output for agent binaries with command line option
--color(auto-enabled if you setCFENGINE_COLOR=1)
- New options to
- New language features
- New variable type
datafor handling of structured data (ie JSON), including supporting functions:
- New variable type
data_readstringarray- read a delimited file into a data mapdata_readstringarrayidx- read a delimited file into a data arraydatastate- create a data variable with currently set classes and variablesdatatype- determine the type of the top element of a containerformat-%Scan be used to serializedatacontainers into a stringmergedata- merge two data containers, slists/ilists/rlists, or “classic” arrays into a data containerparsejson- create a data container from a JSON stringreadjson- create a data container from a file that contains JSONstorejson- serialize a data container into a string- Most functions operating on lists can also operate on data containers
- pass a data container to a bundle with the
@(container)notation - the module protocol accepts JSON for data containers with the
%sigil - Tagging of classes and variables allows annotating of language construct with meta data; supporting functionality:
- The module protocol in
commandspromises has been extended to allow setting of tags of created variables and classes, and the context of created variables getclassmetatags- returns list of meta tags for a classgetvariablemetatags- returns list of meta tags for a variablebody file controlhas aninputsattribute to include library files and other dependenciesbundlesequencescan be built with bundlesmatching() based on bundle name and tags- New attributes in existing promise types and bodies
- New option
preserve_all_linesforinsert_typeininsert_linespromises - Caching of expensive system functions to avoid multiple executions of
execresult() etc, can be controlled via
cache_system_functionsattribute inbody common control - New option
mailsubjectinbody executor controlallows defining the subject in emails sent by CFEngine - Support for Mustache templates in
filespromises; usetemplate_methodandtemplate_dataattributes. Withouttemplate_dataspecified, uses datastate().
- New option
- New and improved functions
bundlesmatching- returns list of defined bundles matching a regex and tagscanonifyuniquely- converts a string into a unique, legal class nameclassesmatching- returns list of set classes matching a regex and tagseval- evaluates mathematical expressions; knows SI k, m, g quantifiers, e.g.100kfindfiles- list files matching a search pattern; use**for recursive searchesmakerule- evaluates whether a target file needs to be rebuilt from sourcesmax,min- returns maximum and minimum of the numbers in a container or list (sorted by asortmethod)mean- returns the mean of the numbers in a container or listnth- learned to look up by key in a data container holding a mappackagesmatching- returns a filtered list of installed packages.readfile- learned to read system files of unknown size like those in/procsort- can sort lexicographically, numerically (int or real), by IP, or by MACstring_downcase,string_upcase- returns the lower-/upper-case version of a stringstring_head,string_tail- returns the beginning/end of a stringstring_length- returns the length of a stringstring_reverse- reverses a stringstring_split- improved implementation, deprecatessplitstringvariablesmatching- returns a list of variables matching a regex and tagsvariance- returns the variance of numbers in a list or container
- New hard classes
- Introduced alias
policy_serverfor contextam_policy_hub(the latter will be deprecated) - all the time-based classes have GMT equivalents
- Introduced alias
- New variables
sys.bindir- the location of the CFEngine binariessys.failsafe_policy_path- the location of the failsafe policy filesys.inputdir- the directory where CFEngine searches for policy filessys.key_digest- the digest of the host’s cryptographic keysys.libdir,sys.local_libdir- the location of the CFEngine librariessys.logdir- the directory where the CFEngine log files are savedsys.masterdir- the location of masterfiles on the policy serversys.piddir- the directory where the daemon pid files are savedsys.sysday- the number of days since the beginning of the UNIX epochsys.systime- the number of seconds since the beginning of the UNIX epochsys.update_policy_path- the name of the update policy filesys.uptime- the number of minutes the host has been onlinethis.promise_dirname- the name of the file in which the current promise is definedthis.promiser_uid- the ID of the user runningcf-agentthis.promiser_gid- the group ID of the user runningcf-agentthis.promiser_ppid- the ID of the parent process runningcf-agent
Deprecations:
splitstring- deprecated bystring_splittrack_valueskipverify
Bug fixes: for a complete list of fixed bugs, see Redmine at https://cfengine.com/dev
- Various fixes in evaluation and variable resolution
- Improved performance of list iteration (Redmine #1875)
- Removed limitation of input length to internal buffer sizes
- directories ending with
/are not ignored - lsdir() always return a list now, never a scalar
- directories ending with
abortclassesfixed to work in common bundles and other cases- Namespaced
edit_linebundles now work (Redmine#3781) - Lists are interpolated in correct order (Redmine#3122)
cf-serverdreloads policies properly when they change- Lots of leaks (memory and file descriptor) fixed
3.5.3
Changes:
- Improved security checks of symlink ownership. A symlink created by a user pointing to resources owned by a different user will no longer be followed.
- Changed the way package versions are compared in package promises. (Redmine #3314)
In previous versions the comparison was inconsistent. This has been fixed, but may
also lead to behavior changes in certain cases. In CFEngine 3.5.3, the comparison
works as follows:
<package-being-considered> <package_select> <package_version>For instance:apache-2.2.31 ">=" "2.2.0"will result in the package being installed.
Bug fixes:
- Fixed
cf-monitordcrash due to incorrect array initialization (Redmine #3180) - Fixed
cf-serverdstat()‘ing the file tree every second (Redmine #3479) - Correctly populate
sys.hardware_addressesvariable (Redmine #2936) - Added support for Debian’s GNU/kfreebsd to build system (Redmine #3500)
- Fixed possible stack corruption in
guest_environmentspromises (Redmine #3552) - Work-around hostname truncation in HP-UX’s
uname(Redmine #3517) - Fixed body copy purging of empty directories (Redmine #3429)
- Make discovery and loading of avahi libraries more robust
- Compile and packaging fixes for HP-UX, AIX and Solaris
- Fixed fatal error in lsdir() when directory doesn’t exist (Redmine #3273)
- Fixed epoch calculation for stime inrange calculation (Redmine #2921)
3.5.2
Bug fixes:
- Fixed delayed
abortclasseschecking (Redmine #2316, #3114, #3003) - Fixed
maplistarguments bug (Redmine #3256) - Fixed segfaults in
cf-promises(Redmine #3173, 3194) - Fixed build on Solaris 10/SmartOS (Redmine #3097)
- Sanitize characters from
/etc/issueinsys.flavorfor Debian (Redmine #2988) - Fixed segfault when dealing with files or data > 4K (Redmine #2912, 2698)
- Don’t truncate keys to 126 characters in
getindices(Redmine #2626) - Files created via
log_*actions now have mode 600 (Redmine #1578) - Fixed wrong log message when a promise is ignored due to
ifvarclassnot matching - Fixed lifetime of persistent classes (Redmine #3259)
- Fixed segfault when
process_selectbody had noprocess_resultattribute Default to AND’ed expression of all specified attributes (Redmine #3224) - Include system message in output when
aclpromises fail - Fixed invocation of
standard_servicesbundle and corresponding promise compliance (Redmine #2869)
3.5.1
Changes:
- File changes are logged with log level Notice, not Error
- The CFEngine Standard Library in
masterfiles/librariesis now split into promise-type specific policy files, and lives in a version-specific directory. This should have no impact on current code, but allows more granular include of needed stdlib elements (Redmine #3044)
Bug fixes:
- Fixed recursive copying of files (Redmine #2965)
- Respect classes in templates (Redmine #2928)
- Fixed timestamps on Windows (Redmine #2933)
- Fixed non-root
cf-agentflooding syslog (Redmine #2980) - Fixed email flood from
cf-execddue to timestamps in agent output (Redmine #3011) - Preserve security context when editing or copying local files (Redmine #2728)
- Fixed path for
sys.crontabon redhat systems (Redmine #2553) - Prevent incorrect “insert_lines promise uses the same select_line_matching anchor” warning (Redmine #2778)
- Fixed regression of setting
VIPADDRESSto 127.0.0.1 (Redmine #3010) - Fixed
changespromise not receiving status when file is missing (Redmine #2820) - Fixed symlinks being destroyed when editing them (Redmine #2363)
- Fixed missing “promise kept” status for the last line in a file (Redmine #2943)
3.5.0
New features:
classespromises now take an optionalscopeconstraint.- New built-in functions:
every,none,some,nth,sublist,uniq,filter cf-promisesflag--parse-treeis replaced by--policy-output-format=, requiring the user to specify the output format (none,cf,json)cf-promisesallows partial check of policy (withoutbody common control) without integrity check;--full-checkenforces integrity check- Agent binaries support JSON input format (
.jsonfile as generated bycf-promises) cf-key: new options--trust-key/-tand--print-digest/-p- Class
failsafe_fallbackis defined infailsafe.cfwhen main policy contains errors and failsafe is run because of this - Added
scopeattribute forbody classes(Redmine #2013) - Better diagnostics of parsing errors
- Error messages from parser now show the context of error
- New
cf-agentoption:--self-diagnostics - New output format, and
--legacy-output - Warnings for
cf-promises. - Enabled zeroconf-discovery of policy hubs for automatic bootstrapping if Avahi is present
- Support for
sys.cpuson more platforms than Linux & HPUX
Changes:
-
Parser no longer allows
,after promiser or promisee. must be either;or lval -
Make parser output in GCC compatible format the only supported format (remove
--gcc-brief-formatflag) -
Silence license warnings in Enterprise Free25 installations
-
action_policy => "warn"causesnot_keptclasses to be set on promise needing repair. -
Command line option version (
-V) now prints a shorter parsable version without graphic -
Implicit execution of server and common bundles taking arguments is skipped in
cf-serverd. -
WARNING: option
--policy-serverremoved, require option to--bootstrapinstead -
process promises don’t log if processes are out of range unless you run in verbose mode
-
reportspromises are now allowed in any context (Redmine #2005) -
cf-reporthas been removed -
cf-execd:--onceimplies--no-fork -
Version info removed from mail subject in the emails sent by
cf-execd. The subject will only contain[fqname/ipaddress]instead ofcommunity/nova [fqname/ipaddress]Please change your email filters accordingly if necessary. -
outputspromise type is retired. Their semantics was not clear, and the functionality is better suited for control body setting, not a promise. -
Tokyo Cabinet databases are now automatically checked for correctness during opening. It should prevent a number of issues with corrupted TC databases causing binaries to hang.
-
Improved ACL handling on Windows, which led to some syntax changes. We now consistently use the term “default” to describe ACLs that can be inherited by child objects. These keywords have received new names:
acl_directory_inherit->acl_defaultspecify_inherit_aces->specify_default_acesThe old keywords are deprecated, but still valid. In addition, a new keywordacl_inheritcontrols inheritance behavior on Windows. This feature does not exist on Unix platforms. (Redmine #1832) -
Networking code is moved from
libpromisesto its own library,libcfnet. Work has begun on making the API more sane and thread-safe. Lots of legacy code was removed. -
Added
getaddrinfo()replacement inlibcompat(borrowed from PostgreSQL). -
Replace old deprecated and non thread-safe resolver calls with
getaddrinfo()andgetnameinfo(). -
Hostname2IPString(),IPString2Hostname()are now thread-safe, and are returning error when resolution fails. -
Running
cf-execd--oncenow implies--no-fork, and also does not wait forsplaytimeto pass. -
execresult(), returnszero() and
commandspromises no longer requires the first word word to be an absolute path when using the shell. (Part of Redmine #2143) -
commandspromisesuseshellattribute now accepts"noshell"and"useshell"values. Boolean values are accepted but deprecated. (Part of Redmine #2143) -
returnszero() now correctly sets the class name in this scenario (Part of Redmine #2143):
classes:"commandfailed" not => returnszero("/bin/nosuchcommand", "noshell");
Bugfixes:
- Bundles are allowed to be empty (Redmine #2411)
- Fixed
.and-not being accepted by a commands module. (Redmine #2384) - Correct parsing of list variables by a command module. (Redmine #2239)
- Fixed issue with package management and warn. (Redmine #1831)
- Fixed JSON crash. (Redmine #2151)
- Improved error checking when using
fgets(). (Redmine #2451) - Fixed error message when deleting nonexistent files. (Redmine #2448)
- Honor warn-only when purging from local directory. (Redmine #2162)
- Make sure
restartandreloadare recognized keywords in packages. (Redmine #2468) - Allocate memory dynamically to avoid out-of-buffer or out-of-hash situations
- Fixed
edit_xmlupdate of existing attributes (Redmine #2034) - Use failsafe policy from compile-time specified workdir (Redmine #1991)
ifvarclasschecked fromclassespromises in common bundles- Do not wait for
splaytimewhen executing only once - Disable xml editing functionality when libxml2 doesn’t provide necessary APIs (Redmine #1937)
- Out-of-tree builds should work again, fixed a bunch of related bugs.
- Fixed race condition in file editing. (Redmine #2545)
- Fixed memory leak in
cf-serverdand others (Redmine #1758)
3.4.5
Bugfixes:
- Make qualified arrays expand correctly (Redmine #1998, Mantis #1128)
- Correct possible errors in
tcdbfiles when opening - Avoid possible db corruption when mixing read/write and cursor operations
- Allow umask value of 002 (Redmine #2496)
3.4.4
Bugfixes:
- Prevent possible crash when archiving files (GitHub #316)
- Don’t create symlinks to
cf-knowin update policy - Don’t enable xml support if libxml2 is too old (Redmine #1937)
3.4.3
Bugfixes:
- Don’t flood error messages when processes are out of defined range
- Prevent segmentation fault in
cf-monitord-x(Redmine #2021) - When copying files, use same file mode as source file, rather than 0600 (Redmine #1804)
- Include xpath in messages generated by
edit_xmloperations (Redmine #2057)
3.4.2
Bugfixes:
- Fixes to policies in masterfiles (see
masterfiles/Changelogfor details) - Fixes for OpenBSD (GitHub #278)
- Do not canonify values specified in
abortbundleclasses/abortclasses(Redmine #1786) - Fixed build issues on NetBSD, SLES 12.2
- Improved error message when libxml2 support is not compiled (Redmine #1799)
- Fixed potential segmentation fault when trimming network socket data (GitHub #233)
- Fixed potential segmentation fault when address-lookups in lastseen db failed (GitHub #233)
- Execute background promise serially when
max_childrenwas reached, rather than skipping them (GitHub #233) - Fixed segmentation fault in
cf-promiseswhen invoked with--reports(Redmine #1931) - Fixed compilation with Sun Studio 12 (Redmine #1901)
- Silence type-pun warning when building on HP-UX (GitHub #287)
3.4.1
New feature/behavior:
cf-execdterminates agent processes that are not responsive for a configurable amount of time (seeagent_expireafterin body executor control), defaulting to 1 week
Bugfixes:
- Fixed regression of classmatch() failing with hard classes (Redmine #1834)
- Create promise-defined and persistent classes in correct namespace (Redmine #1836)
- Several fixes to namespace support
- Fixed several crash bugs caused by buffer overflow and race
conditions in
cf-serverd - Regenerate time classes in
cf-execdfor each run (Redmine #1838) edit_xml: fixselect_xpathimplementation and update documentation NOTE: code that usesselect_xpath_regionneeds to be changed toselect_xpathedit_xml: make sure that text-modification functions don’t overwrite child nodesedit_xml: improve error logging
3.4.0
New features:
-
Added
rpmvercmputility to compare versions of RPM packages for accurate sorting of RPM packages forpackagespromises. -
Implement network timeout on server side to avoid keeping stale connections for hours.
-
XML editing capabilities. See the documentation for
edit_xmlbody. Note the new dependency: libxml2. -
Implement inheritance of local classes by bundles called using
usebundle. By default classes are not inherited. See theexamples/unit_inherit.cffor an example. -
Moved from Nova/Enterprise:
- POSIX ACL support,
outputspromise type,- remote syslog support.
-
packages_default_arch_commandhook inpackagespromises, to specify default architecture of the packages on the system. -
packages_version_less_command/packages_version_equal_commandhooks inpackagespromises, to specify external command for native package manager versions comparison -
agent_expireafterinbody executor controlallows you to set a timeout on allcf-agentruns, to enforce a threshold on the number of concurrent agents -
Running in Solaris zone is now detected and classes
zoneandzone_<name>are created in this case. -
VirtualBox support added to
guest_environmentpromises. -
guest_environmentpromises are supported under OS X. -
The
depends_onattribute is now active, for the partial ordering of promises. If a promise depends on another (referred by handle) it will only be considered if thedepends_onlist is either kept or repaired already.** WARNING: When upgrading, make sure that any existing use of
depends_ondoes not make some promises being unintentionally ignored. This can happen if you are currently referring to non-existent or never-run handles independs_onattributes. -
methods return values, initial implementation
-
New format for
cf-key-s, includes timestamp of last connection -
cf-promises--parse-treeoption to parse policy file and dump it in JSON format -
Namespaces support for bundles and bodies. See the
examples/unit_namespace*.cffor the usage. -
Default arguments for bundles. See the
examples/unit_defaults.cf -
Metadata promise type. See the
examples/unit_meta.cf
New semantics:
- Methods promises now return the status of promises kept within them. If any promise was not kept, the method is not kept, else if any promise is repaired, the method was repaired else it was kept.
- Remote variable access in namespaces by
$(namespace:bundle.variable)
Changed functionality:
cf-execd-Fswitch no longer impliesrun once. New-O/--onceoption is added to achieve this behaviour. This makescf-execdeasier to run from systemd, launchd and other supervision systems.
Misc:
-
Support for the following outdated platforms and corresponding classes has been removed. De facto those platforms were unsupported for a long time, as CFEngine codebase uses C99 language features unavailable on old platforms:
-
SunOS 3.x (
sun3) -
SunOS 4.x (
sun4) -
Ultrix (
ultrix) -
DEC OSF/1 AXP (
osf) -
Digital UNIX (
digital) -
Sony NEWS (
newsos) -
4.3BSD (
bsd4_3) -
IRIX (
irix,irix4,irix64) -
IBM Academic Operating System (
aos) -
BSD/OS / BSDi / BSD/386 (
bsdos) -
NeXTSTEP (
nextstep) -
GNU Hurd (
gnu) -
NEC UX/4800 (
ux4800) -
(Old news) Since 3.3.0 the layout of CFEngine Community packages has changed slightly.
cf-*binaries have been moved to/var/cfengine/bin, due to the following reasons:cf-*binaries are linked to libraries installed to/var/cfengine/lib, so placing binaries in/usr/local/sbindoes not increase reliability of the CFEngine,- keeping whole CFEngine under single prefix (
/var/cfengine) makes packaging simpler, - it matches the layout of CFEngine Enterprise packages.
Please adjust your policies (the recommended ways to deal with the move are either to adjust
$PATHto include/var/cfengineor to create symlinks in/usr/local/sbinin case you are relying on binaries to be available in$PATH). -
Workdir location is properly changed if
--prefixor--enable-fhsoptions are supplied to configure (Mantis #1195). -
Added check for broken libmysqlclient implementations (Mantis #1217).
-
Standard library is updated from COPBL repository.
-
cf-knowis no longer built in Community releases. The only functionality useful in Community, namely the reference manual generation, is provided by new compile-timecf-gendoctool. -
Filename (for storing filechanges) changed from
file_change.log->file_changes.log(in/var/cfengine/state)New format for storing file changes introduced:
[timestamp,filename,<N/C/S/R>,Message]N = New file found C = Content Changed S = Stats changed R = File removed
-
Acceptance test suite passes on Mac OS X.
-
Changed some port numbers to replace old services with imap(s)
-
archlinuxhard class on Arch Linux. -
Detect BSD Make and automatically switch to GNU Make during build.
Bugfixes:
cfruncommandforcf-execdis an arbitrary shell command now (Mantis #1268).- Fixed broken
dailysplayclasses(Mantis #1307). - Allow filenames up to 4096 bytes in network transfers (Redmine #1199).
- Fixed stale state preserved during
cf-serverdreload (Redmine #1487). - Free disk space calculation is fixed (Mantis #1120).
- Numerous portability bugfixes (especially OpenBSD, Solaris, AIX-related).
- Compatibility fixes for AIX, HP-UX, Solaris (Mantis #1185, Mantis #1177, Mantis #1109).
- Fixed broken
socklen_tconfigure check under OpenBSD (Mantis #1168). - Fixed hang in
cf-promisesunder OpenBSD (Mantis #1113). - Fixed endless loop in evaluating
$()construct (Mantis #1023). - Fixed check for old PCRE versions (Mantis #1262).
- Fixed insertion of multi-line blocks at the start of file (Mantis #809).
- Fixed numerous memory leaks.
- Fixes for metadata that were not resolvable
- Fixes for namespaces that would not support metadata and variable expansion
- Point-to-point network interfaces are detected and reported by CFEngine (Mantis #1246)
- Partial non-GNU userspace support in acceptance testsuite (Mantis #1255)
Full list of issues fixed is available on https://cfengine.com/bugtracker/changelog_page.php (old bug tracker) and https://cfengine.com/dev/projects/core/versions/34 (new bug tracker)
3.3.9
Bugfixes:
- Do not lose hard classes in
cf-serverdduring policy reload (Mantis #1218). - Implement receive network timeout in
cf-serverd. Prevents overloadingcf-serverdwith stale connections.
3.3.8
Versions 3.3.6, 3.3.7 were internal and weren’t released.
Bugfixes:
- Properly set
sys.domainvariable if hostname is fully-qualified. - Fixed several small memory leaks.
- Make network timeout for network reads configurable. Previously
it was hardcoded to be 30 seconds, which was not enough for
cf-runagentinvokingcf-agenton big policies (Mantis #1028).
3.3.5
Bugfixes:
- Fixed
cf-execdmemory leak on hosts withcf-monitordrunning. - Robustify against wrongly-sized entries in embedded databases.
Standard library:
- Bugfixes from upstream COPBL repository.
standard_servicesbundle from upstream COPBL repository.
3.3.4
Evaluation of policies:
- Fixed wrong classes set after installation of several packages
using
packagespromises (Mantis #829). - Fixed segfault using
edit_templateon existing file (Mantis #1155).
Misc:
- Fixed memory leak during re-read of network interfaces’
information in
cf-execd/cf-serverd.
3.3.3
Evaluation of policies:
- Zero-length files are valid for readfile() and similar functions (Mantis #1136).
- Unchoke agent in case it encounters symlinks in form
./foo(Similar to Mantis #1117).
Misc:
- Fixed generation of reference manual on machines with umask more relaxed than 022.
- Use
statvfs(3)on OpenBSD to obtain filesystem information (Mantis #1135).
3.3.2
Evaluation of policies:
- Do not segfault if file copy was interrupted due to network connectivity or server going away (Mantis #1089).
- Do not segfault if
log_failedattribute is present in body, butlog_keptis not (Mantis #1107). - Do not mangle relative paths in symlinks during file copy
Previously symlink
a -> bwas mangled toa -> ./b. (Mantis #1117) - Properly compare 1.0 and 1.0.1 in
packagespromises. Previously only versions with equal amount of “segments” were comparable (Mantis #890, #1066).
Base policy:
- Properly set permissions on files for
/var/cfengine/libon HP-UX (Mantis #1114). - Standard library (
cfengine_stdlib.cf) is synced with COPBL repository.
Misc:
- Do not create huge file in case corrupted TokyoCabinet database is detected (Mantis #1106).
- Fixed file descriptor leak on error paths, may have caused crashes
of
cf-execdandcf-serverd(Issue #1096). - Fixed intermittent segfault in
cf-execd(Mantis #1116). - Impose an upper limit on amount of listening sockets reported by
cf-monitord. Huge amounts of listening sockets causedcf-agentto segfault on next run (Mantis #1098). - Added missing function prototypes caused errors during compilation on HP-UX (Mantis #1109).
- Fixed compilation on Solaris 11 (Mantis #1091).
3.3.1
Evaluation of policies:
- Do not cut off name of bundle in variables interpolation (Mantis #975).
- Do not segfault in function evaluation guarded by
ifvarclassclause (Mantis #1084, #864). - Do not segfault if
classespromise does not declare any value to be evaluated (Mantis #1074). - Do not segfault in database promises if there is no
database_operationprovided (Mantis #1046).
Built-in functions:
- Fixed countclassesmatching() function which was misbehaving trying to match classes starting with alphanumeric symbol (Mantis #1073).
- Fixed diskfree() to return kilobytes, as described in documentation (Mantis #980, #955).
- Fixed hostsseen() function to avoid treating all hosts as not being seen since 1970 (Mantis #886).
- Do not output misleading error message if readtcp() is unable to connect (Mantis #1085).
Command-line interface:
-doption previously required an argument, though help message disagreed (Mantis #1053).- Disable
--parse-treeoption, not ready for the release (Mantis #1063). - Accept
-has a--helpoption. - Ensure that
cf-execdmight be started right after being shut down.
Misc:
- Plug file descriptor leak after failed file copy (Mantis #990).
- Fixed unsafe admit rules in default
promises.cf(Mantis #1040). - Fixed
splaytimeto match documentation: it is specified in minutes, not seconds (Mantis #1099).
Packaging:
- Fixed owner/group of initscript and profile.d snippet in RPM builds (Mantis #1061, #1058).
- Fixed location of libvirt socket CFEngine uses to connect to libvirtd (Mantis #1072).
- Install CoreBase to
/var/cfengine/masterfilesduring installation (Mantis #1075). - Do not leave old
cf-twinaround after upgrade (Mantis #1068) - Do not leave
rcS.dsymlinks after purging.debpackage (Mantis #1092).
3.3.0
New promise types:
- Guest environments promises, which allow to manipulate virtual machines using libvirt.
- Database promises, which allow to maintain schema of MySQL and PostgreSQL databases. Database promises are in “technical preview” status: this promise type is subject to change in future.
- Services promises for Unix, allows abstraction of details on managing any service
New built-in functions:
- dirname() to complement lastnode()
- lsdir()
- maplist() to apply functions over lists
New features:
- Allow defining arrays from modules.
- Allow both
process_stopandsignalsconstraints inprocessespromises at the same time. cf-promises--gcc-brief-formatoption to output warnings and errors in gcc-compatible syntax which to ease use “go to next error” feature of text editors.- Iteration over lists is now allowed for qualified (non-local) lists.
New built-in variables and classes (Linux):
- Number of CPUs:
$(sys.cpus),1_cpu,2_cpusetc
New built-in variables and classes (Unices):
$(sys.last_policy_update)- timestamp when last policy change was seen by host$(sys.hardware_addresses)- list of MAC addresses$(sys.ip_addresses)- list of IP addresses$(sys.interfaces)- list of network interfaces$(sys.hardware_mac[$iface])- MAC address for network interfacemac_<mac_address>::- discovered MAC addresses
Changes:
-
Major cleanup of database handling code. Should radically decrease amount of database issues experienced under heavy load.
WARNING: Berkeley DB and SQLite backends are removed, use Tokyo Cabinet or QDBM instead. Both Tokyo Cabinet and QDBM are faster than Berkeley DB in typical CFEngine workloads.
Tokyo Cabinet requires C99 environment, so it should be available on every contemporary operating system.
For the older systems QDBM, which relies only on C89, is a better replacement, and deemed to be as portable, as Berkeley DB.
-
Change of lastseen database schema. Should radically decrease I/O contention on lastseen database.
-
Automatic reload of policies by
cf-execd. -
Documentation is generated during build, PDF and HTML files are retired from repository.
-
Rarely used feature retired: peer connectivity intermittency calculation.
-
Memory and CPU usage improvements.
-
Testsuite now uses
make checkconvention and does not need root privileges anymore. -
cf_promises_validatednow filled with timestamp, allows digest-copy for policy instead of mtime copy which is safer when clocks are unsynchronised -
The bundled
failsafe.cfpolicy now hastrustkey=falseto avoid IP spoofing attacks in default policy -
See the full list of bugfixes at https://cfengine.com/bugtracker/changelog_page.php
3.2.4
- Fixed failure in network transfer in case of misbehaving peer
- A few tiny memory leaks on error paths fixed
3.2.3
- A few tiny memory leaks fixed
- Improved performance of
cf-serverdunder heavy load with TokyoCabinet database - Full list of issues fixed is available on https://cfengine.com/bugtracker/changelog_page.php
3.2.2
- Enabled compilation in “large files” mode under AIX
- Alleviated problem with broken file transfers over unstable internet links.
- Full list of issues fixed is available on https://cfengine.com/bugtracker/changelog_page.php
3.2.1
- Fixed compilation under HP-UX and Solaris
- Enabled compilation using HP ANSI C compiler
- Full list of issues fixed is available on
- https://cfengine.com/bugtracker/changelog_page.php
3.2.0
New bootstrap method with single-command bootstrapping:
cf-agent--bootstrap--policy-server123.456.789.123- Associated policy template files are added, partially maintained by CFEngine
- Bug fixes for file-editing, package versioning, and embedded database corruption (We recommend using TokyoCabinet instead of BerkeleyDB if building from source).
- Improved upgrade path for Nova.
- Patches for improved run-agent concurrency
- Reorganization of documentation and community resources
- 100% on regression test suite on 3 operating systems (Ubuntu, Debian, SuSE on x86-64 hardware)
- Support for multiple release environments
package_policyupdate andaddupdatenow check if user-supplied version is larger than currently installed - updates only if so- Help text of
cf-report-rcorrected - a list of key hashes is required, not ip addresses. - New Emacs mode for CFEngine policy files (thanks to Ted Zlatanov!)
- Warnings are on
edit_linechanges can now give greater degree of information without spamming promise logs - Class expressions parser accepts
||as an alias for|again. - Invalidation of package list cache on installation/removal of packages.
- New option
cf-key-rto remove host key by IP or hostname. - Added detection of network interfaces which belong to BSD jails.
- Improved robustness of multi-threaded code, in particular fix problems with spurious access denials in server and losing of authentication rules after policy reload.
cf-promisesaccepts option-bmatchingcf-agent, which causes it to do not complain about missingbundlesequence.- New functions and(), not(), or() and concat() to ease use of
ifvarclass()clause. - Full list of issues fixed is available on https://cfengine.com/bugtracker/changelog_page.php
3.1.5
- New class parser,
||is no longer allowed in expressions (use|). - Class setting in the promise types
insert_lines,delete_lines,replace_patterns,field_edits, vars, classes is restored. suspiciousnamesimplemented.- New function getvalues().
- New functions
parse{read,int,string}arrayto matchread{read,int,string}array. - Testsuite added to check for core functionality.
- Syslog prefix is fixed to say
cf3instead ofcommunity.
3.1.4
- Some urgent patches to 3.1.3.
- Class validation parse bug fixed.
- Global zone handling error for solaris fixed.
- Package architectures handled correctly (bug #456).
- Reading and writing of key name
root-.pubeliminated (bug #442, #453). cf-serverdcrash because of race condition onSERVER_KEYSEENfixed.- Lock purging to avoid remnant complexity explosion (bug #430).
- Some copyright notices added that got lost.
3.1.3
- Major memory leaks in
cf-monitord,cf-execd,cf-serverdfixed (bug #427). The daemons now show no growth even with very complex policies. cf-serverdcrash due to race condition inDeleteScope()fixed (bug #406).- Added 30 second timeout on
recv()on Linux. package_noverify_returncodeimplemented (bug #256).- A flexible mechanism for setting classes based on return codes of
commands has been introduced. Allows for setting promise kept,
repaired or failed based on any return codes. This is currently
implemented for commands-promises, package-manager commands and
transformer in files. In classes body, see attributes
kept_returncodes,repaired_returncodes,failed_returncodes(bug #248, #329). - New function
ip2host- reverse DNS lookup (bug #146).
3.1.2
- Big efficiency improvements by caching output from
cf-promises. Can also be used for much more efficient policy deployment (only pull if changed). - Caching state of
pscommand for greater efficiency. Reloaded for each bundle. - Index class lookup improves efficiency of class evaluation for huge configurations.
- Fixed issue where certain promiser strings got corrupted.
- Minor memory access issues fixed.
- Iterator bug introduced in 3.1.0 fixed
3.1.1
- Memory leaks in server tracked down and fixed.
- List expansion bug (one list items not executed) fixed.
- Security issue introduced by change of runcommand shell policy fixed. If users defined a runcommand for
cf-runagent/cf-serverdcommunication, possible to execute commands. cf-key-scommand for showing key hash/IP address identity pairs
3.1.0
- Change in storage of public keys. Cfengine now hashes the public key and uses this as the keyname. Keys will be converted automatically.
- The old dynamic addresses lists are deprecated. Caching of dns and key information for greater server speed. Change in last-seen format reflects the public key usage.
- New package policy
addupdate- installs package if not there and updates it otherwise. - Support for
package_changes => "bulk"in file repository as well. - New special function
readstringarrayidx, similar toreadstringarray, but uses integer indices. Very useful if first row elements are not good identifiers (e.g. contains spaces, non-unique, etc.). - Change two log formats to use
time()instead ofdate()- filechanges
- total compliance
- Change from using md5 to sha256 as default digest for commercial version, community retains md5 for compat.
- Commands not returning 0 in commands-promises are flagged
as
repair_failed. - Adjustable timeout on
connect(). Defaults to 10 seconds, adjustable withdefault_timeoutin agent control. - Redesign of the knowledge map infrastructure.
- Now possible to use variables to call methods, e.g
methods:"name $(list)" usebundle => $(list)("abc");See reference manual notes - Changes to normal ordering to optimize execution.
- Increased stability by always initializing Attribute and Promise structures.
- When running
cf-promisesin dry-run mode (-n), the user does not need to put binaries inWORKDIR/bin. For example, non-privileged users can verify root policies. - Source control revision added in version string if run in verbose mode
(e.g.
cf-promises -vV). This needs some refining, uses revision of a header now. - New semantics in return values of list functions. Null values are now allowed
and there is no iteration over empty lists. The value
cf_nullis reserved for use as a null iterator.
3.0.5p1
- Showing paths allowed/denied access to when
cf-serverdis run in verbose mode. - Bug in server fixed for dynamic addresses.
- File handle closure bugfix - too many open databases.
- Seg fault in mount files fix.
- Twin used in
cf-execdwithout checking. Check_rootset wrong directory permissions at source not destination.- Error message degraded in body definition.
- Undefined body not warned as error.
- Various build enhancements.
Package_list_updatecalled only once per manager, and fixed crash.- Version number bug in packages.
3.0.5
- Encryption problems fixed - client key buffer was uninitialized.
- Classes-promisers are now automatically canonified when class strings are defined, to simplifying the use of variables in classes.
- New scalars
sys.cf_versionandsys.nova_versionthat hold Cfengine version information. - Attribute
package_delete_conventionadded, to allow customizable package name in delete command during update. package_list_update_ifelapsedlimit added.- Private variable
$(firstrepo)is available inpackage_name_conventionandpackage_delete_conventionin order to expand the full path to a package, which is required by some managers. - Some of the threading code is rewritten and made more robust. This includes synchronizing access to the lastseen database from the server.
- Bad initialization of BSD flags fixed
- Multiple variable expansion issues in control fixed for server and agent
- Allow
ignore_missing_bundlesto affect methods: bundles too - Run agent trust dialogue fixed
- Bug in CPU monitoring, increasing time scale caused linear decay of CPU measurement.
- Bug in Setuid log storage, fix.
- Hooks added for new Nova virtualization promises.
- Multithreading mutex failed to collide during cfservd leading to dropped authentication under heavy load.
3.0.4
- Class cancellation in promises to create better class feedback, allows emulation of switch/case semantics etc
- Value of SA measurement promises
- Special function getenv() which returns the contents of an environment variable (on all platforms).
- New function
translatepathfor generic Windows - New function escape() to escape literals as regular expressions (like SQL)
- New function
host2ipfor caching IP address lookup - New function
regextractfor setting variables with backreferences - New variables for the components
$(sys.cf_agent),$(sys.cf_know)etc pointing to the binaries. - More robust integrated database implementation; closing all handles when receiving signals, self-healing on corruption.
- Package installation on localhost without a manager like
yumcompleted, multiple repositories searched, and universal methods. - Numerous bugfixes
3.0.3
- sha256 .. new hashes in openssl included in syntax tree.
- End of line autocropping in
readfile(hopefully intelligent) hashmatchfunction incorrectly implemented - old debugging code left behind. Fix.sys.crontabvariable- Unknown user is now interpreted as “same user”, so that we give CFEngine a chance to fix
- Unregistered addresses no longer report “(Non registered IP)”, but return as the address itself when doing reverse lookups.
3.0.2
- IMPORTANT: Change in normal ordering of editing. replace comes after insert lines Much testing and minor bug fixing
- Memory leaks fixed
- Many hooks added for Nova enterprise extensions.
promise_outputreports now placed inWORKDIR/reportsdirectory- Initialization correction and self-correx in monitord
- Many new body constraints added.
- Code readied for enterprise version Nova.
-boption can override thebundlesequence(must not contain parameters yet)collapse_destination_diroption added to copy so that files can be aggregated from subdirectories into a single destination.
3.0.1
- First standalone release, independent of CFEngine 2 Purge old definitions and check consistency.
- NB: changed
search_modeto be a list of matching values - Reporting rationalized in
cf-promiseswith-ronly to avoid leaving output files everywhere. - Hooks added for upcoming commercial additions to CFEngine.
- Added classify() and hostinnetgroup() functions
- Added additional change management options for change detection
- Package management added - generic mechanisms.
- Limits on backgrounding added to avoid resource contention during CFEngine runs.
- Image type added to
cf-know. - New classes for quarterly shifts: Morning,Afternoon,Evening,Night
- Bug fixes in
editfiles- line insertion for multiple line objects - Change the name of the variables and context from the monitord for
better separation of data, and shorter names.
sys->monaverage->av,stddev->dev - Canonical name for windows changed from
nttowindows, also version names addedvista,xpetc.. - License notices updated for dual license editions.
3.0.0
- First release of CFEngine 3. Known omissions:
- no support for ACLs
- no support for packages
- no support for interface configuration
- These will be added in the next release.