The latest updates about everything CFEngine

CFEngine 2023 retrospective

As we bid farewell to 2023, it’s once again time to reflect on the milestones and progress we’ve made throughout the year. This year is especially significant because it marks 30 years since CFEngine’s birth. From its humble beginnings at the University of Oslo to the thousands of implementations across the world and counting, CFEngine has not only weathered the twists and turns of life, but has thrived in an industry where many have come and gone.

Posted by Cody Valle
December 31, 2023

Show notes: The agent is in - Episode 32 - Fireside chat w/ Mike Weilgart

Curious about how users feel about using CFEngine? Cody and Nick are joined by Mike Weilgart, a long time CFEngine user about his history and how CFEngine compares to other tools he has been using recently. Video The video recording is available on YouTube: At the end of every webinar, we stop the recording for a nice and relaxed, off-the-record chat with attendees. Join the next webinar to not miss this discussion.

Posted by Nick Anderson
December 28, 2023

CFEngine 3.23 released - Anniversary

Today, we are pleased to announce the release of CFEngine 3.23.0! This is a non-LTS (non-supported) release, where we introduce new features for users to test and give feedback on, allowing us to polish before the next LTS. (CFEngine 3.24 LTS is scheduled to release summer 2024). The codename for this release is anniversary, as this year is CFEngine’s 30th anniversary. CFEngine was initially released in 1993, and to mark this special occasion we’ve created a limited edition anniversary coin:

December 6, 2023

Show notes: The agent is in - Episode 31 - Sneak peek of CFEngine 3.23

Join the team for a sneak peek of what’s coming in 3.23.0. Herman joins Cody, Craig and Nick to discuss what’s new in the upcoming release of CFEngine 3.23.0. We look at improvements to Groups in Mission Portal with easier ways to specify specific hosts that should or should not be part of the group based on reported attributes. This new functionality makes it much easier to affect change across a set of hosts without touching policy.

Posted by Nick Anderson
November 30, 2023

Change in behavior: ignore_interfaces.rx prefers a new location

ignore_interfaces.rx can be populated with regular expressions that match network interface names. When an interface matches CFEngine will ignore the interface. In the upcoming release of 3.23.0, and in the future release of 3.21.4 there is a change in behavior with respect to the preferred location of ignore_interfaces.rx from $(sys.inputdir) (typically /var/cfengine/inputs) to $(sys.workdir) (typically /var/cfengine). The change from $(sys.inputdir) to $(sys.workdir) makes it easier to ignore different interfaces on different hosts.

Posted by Nick Anderson
November 16, 2023

Change in behavior: self upgrade now defaults to hub binary version

In the upcoming release of 3.23.0, there is a change in behavior with respect to the self upgrade policy. Beginning with 3.23.0 the self upgrade policy will default to the binary version that is running on the hub instead of the version of the policy framework that is executing. When upgrading CFEngine1 there are three major steps: Upgrade the Masterfiles Policy Framework (MPF) Upgrade the hub binaries Upgrade the client binaries Generally it’s desirable that the MPF version is equal to or greater than the hub binary version and the hub binary version is equal to or greater than the client binary version.

Posted by Nick Anderson
November 15, 2023

Efficient synchronization of tabular data white paper

To manage large infrastructures, efficient solutions for both making changes and observing the current state are necessary. As most information (inventory) about hosts is quite predictable and static, there are many opportunities for optimizations in terms of compression and avoiding re-transmission of the same data. In the CFEngine team, we are improving our reporting systems with a focus on correctness and low bandwidth consumption. This will benefit many users, both large data centers where bandwidth (networking equipment) is costly, as well as small IoT devices with limited connectivity.

Posted by Lars Erik Wik
November 14, 2023

CVE-2023-45684 - Mission Portal SQL injection vulnerability

We want to bring to your attention a critical security matter recently identified in CFEngine Enterprise version 3.6.0 and subsequent releases. This vulnerability pertains to a A03:2021 - Injection flaw within the CFEngine Enterprise web UI, Mission Portal, which can lead to unauthorized access to the underlying database. The CVE identifier CVE-2023-45684 has been assigned to this issue. At present, there is no evidence to suggest that this vulnerability has been exploited or that it was known beyond the CFEngine development team and the customer who brought it to our attention.

Posted by Lars Erik Wik
November 13, 2023

Migrating from Travis to Github Actions

For CFEngine we manage several public and private repositories of code in GitHub for our Open Source and Enterprise products. In order to ensure quality we run many checks on the code both with nightly builds as well as on each pull request. We use a Jenkins server for nightlies which also includes more extensive deployment tests on all of the platforms we support. Previously we had used Travis for many of these checks but that system started to show its age and limitations.

Posted by Craig Comstock
October 30, 2023

Show notes: The agent is in - Episode 30 - Profiling CFEngine policy

Imagine having the power to identify the exact lines of your CFEngine policy that are slowing down your executions. In this episode, we’ll guide you through the art of profiling CFEngine policy for improved performance. In Episode 30 of “The agent is in,” Nick and team dives into the topic of profiling CFEngine policy. We explore tools and techniques to identify performance bottlenecks and optimize CFEngine deployments. The episode covers the following main points:

Posted by Nick Anderson
October 19, 2023