Dear CFEngine Community,
we are proud to announce today a major new release: CFEngine 3.7.0 LTS
(see [1] about our new LTS release schedule that guarantees a lifetime
of 3 years).
[1]
http://cfengine.com/company/blog-detail/releases-after-3-7-0/
CFEngine 3.7.0 brings a number of features and improvements that have
been in development for more than a year. New packages promise, YAML
support, TLS encrypted network traffic as default, new switch
--trust-server=no for easily bootstrapping over untrusted networks,
new "@if minimum_version(x.x)" syntax for backwards compatible
policy, configurable bandwidth limiting, many new
functions, and much more! As usual a vast number of bug fixes have been
applied as well.
A big "thank you" goes to the numerous volunteers that contributed new
features, bugfixes, and have tested the Beta, this release wouldn't have
been possible without you!
Read more details on the features of the release in the blog post:
[2]
http://cfengine.com/company/blog-detail/cfengine-3-7-0-released-new-package-promise-and-change-reporting/
Please take special care regarding some backwards-incompatible
changes. In particular:
* Arbitrary arguments to cfruncommand (using "cf-runagent -o") are
not acceptable any more. (Redmine #6978)
* Bootstrapping 3.7 agents to 3.5 or earlier hubs no longer works
by default, as TLS is being used to secure the session
* 3.4 is no longer supported in masterfiles.
* Masterfiles source tarball now installs in the usual UNIX way, for
example to install in "/path/to/masterfiles", run:
./configure --prefix=/path/to && make install
* If you are installing from our RPM or APT repositories, make sure you
import our new GPG key from [3]. Detailed instructions are at [4].
[3]
https://cfengine.com/pub/gpg.key
[4]
http://cfengine.com/product/community/cfengine-linux-distros/
You can download the packages from [5], and as always verify the
correctness of you download by comparing the SHA1 hashes.
[5]
http://cfengine.com/product/community/
c9d6b5c1c890b6dbf875cd18b2805cf93848ba78 cfengine-3.7.0.tar.gz
45b009e132b475f71f1dab60928afbbff87b0c14 cfengine-masterfiles-3.7.0.tar.gz
d643a26cec139f28f61e041efdbd9b9cca9d6f72 cfengine-community_3.7.0-1_amd64.deb
34d320b748c58e2a3d3cfd58a194bb91f2856631 cfengine-community_3.7.0-1_i386.deb
855efe6451e8dfa72030ef6e10edb64797927f46 cfengine-community-3.7.0-1.x86_64.rpm
58442b23cb55793c03302fbf99f38bbaeb533936 cfengine-community-3.7.0-1.el6.x86_64.rpm
ea3c4624935a8daaccc08a281707e9f956162d25 cfengine-community-3.7.0-1.i386.rpm
For completeness, I'm appending the list of new features. Even more
details about changes and bugfixes you can find in our changelog:
[6]
https://github.com/cfengine/core/blob/3.7.0/ChangeLog
3.7.0:
New features:
- New package promise implementation.
The syntax is much simpler, to try it out, check out the syntax:
packages:
"mypackage"
policy => "absent/present",
# Optional, default taken from common control
package_module => apt_get,
# Optional, will only match exact version. May be
# "latest".
version => "32.0",
# Optional.
architecture => "x86_64";
- Full systemd support for all relevant platforms
- New classes to determine whether certain features are enabled:
* feature_yaml
* feature_xml
For the official CFEngine packages, these are always enabled, but
packages from other sources may be built without the support.
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
- YAML support: new readyaml() function and in readdata()
- CSV support: new readcsv() function and in readdata()
- New string_mustache() function
- New data_regextract() function
- eval() can now be called with "class" as the "mode" argument, which
will cause it to return true ("any") if the calculated result is
non-zero, and false ("!any") if it is zero.
- New list_ifelse() function
- New mapjson() function as well as JSON support in maparray().
- filestat() function now supports "xattr" argument for extended
attributes.
- "ifvarclass" now has "if" as an alias, and "unless" as an inverse
alias.
- Ability to expand JSON variables directory in Mustache templates:
Prefix the name with '%' for multiline expansion, '$' for compact
expansion.
- Ability to expand the iteration *key* in Mustache templates with @
- Canonical JSON output: JSON output has reliably sorted keys so the
same data structure will produce the same JSON every time.
- New "@if minimum_version(x.x)" syntax in order to hide future language
improvements from versions that don't understand them.
- compile time option (--with-statedir) to
override the default state/ directory path.
- Fix error messages/ handling in process signalling which no longer
allowed any signals to fail silently
- Also enable shortcut keyword for cf-serverd classic protocol, eg to
simplify the bootstrap process for clients that have different
sys.masterdir settings (Redmine #3697)
- methods promises now accepts the bundle name in the promiser string,
as long as it doesn't have any parameters.
- In a services promise, if the service_method bundle is not specified,
it defaults to the promiser string (canonified) with "service_" as a
prefix. The bundle must be in the same namespace as the promise.
- inline JSON in policy files: surrounding with parsejson() is now
optional *when creating a new data container*.
- New data_expand() function to interpolate variables in a data container.
- Add configurable network bandwidth limit for all outgoing
connections ("bwlimit" attribute in "body common control") . To
enforce it in both directions, make sure the attribute is set on both
sides of the connection.
- Secure bootstrap has been facilitated by use of
"cf-agent --boostrap HUB_ADDRESS --trust-server=no"
- Implement new TLS-relevant options (Redmine #6883):
- body common control: tls_min_version
- body server control: allowtlsversion
- body common control: tls_ciphers
- body server control: allowciphers (preexisting)
As always, your feedback is much appreciated.
Enjoy!
Dimitrios Apostolou
CFEngine AS