Known Issues

Table of Contents

CFEngine defects are managed in our bug tracker. Please report bugs or unexpected behavior there, following the documented guideline for new bug reports.

  • Core Issues affecting 3.11

The items below highlight issues that require additional awareness when starting with CFEngine or when upgrading from a previous version.

getvalues() crashes on double indexed classic arrays

getvalues() crashes when used with classic arrays that include multiple indexes. This issue is tracked in (CFE-2536)[https://tracker.mender.io/browse/CFE-2536].

HP-UX specific

  • Package promises do not have out-of-the-box support for the HP-UX specific package manager. The workaround is to call the package manager directly using commands promises.
  • Some important system information is missing from the HP-UX inventory report, as well as from CFEngine hard classes and system variables. The workaround is to use system tools to obtain the required information and set classes based on this. * Disk free * Memory size * Several OS and architecture specific attributes * System version * System serial number * System manufacturer * CPU model * BIOS version * BIOS vendor
  • Process promises depend on the ps native tool, which by default truncates lines at 128 columns on HP-UX. It is recommended to edit the file /etc/default/ps and increase the DEFAULT_CMD_LINE_WIDTH setting to 1024 to guarantee that process promises will work smoothly on the platform.
  • Upgrading CFEngine on HP-UX is not supported by the out-of-the-box policy. There is a support article with a workaround.

Enterprise emails sent for alert noticies come from 'admin@organization.com'.

There is currently no setting in Mission Portal to configure the sender email address. This issue is tracked in ENT-695 and will be addressed in a future release.

To change the setting you must edit the from email address in /var/cfengine/share/GUI/application/config/appsettings.php. Policy in the Masterfiles Policy Framework will take care of updating the running config during the next policy run.

// Default FROM email address
$config['appemail'] = 'admin@organisation.com';

Enterprise monitoring graphs

Monitoring graphs are disabled by default in CFEngine Enterprise 3.6 and later versions. To enable them, change monitoring_include in masterfiles/controls/reports.cf to e.g. ".*". Note that this can have significant impact on the resource consumption of your hub.

Monitoring graphs are not supported on all platforms, currently AIX, HP-UX and Windows do not have this data.

Enterprise inventory CSV report is empty (0 bytes)

Exporting a CSV-based inventory report can result in a 0-byte length file if the CFEngine Server is accessed over https and the certificate's CN mismatches with the URL you use to export the report. To verify this is the problem, check the Mission Portal application logs (currently at /var/cfengine/httpd/htdocs/application/logs) on the CFEngine Server. If you see lines like the following you affected by this issue.

ERROR - 2016-06-15 07:24:15 --> Severity: Warning --> readfile(): Peer certificate CN=`myhostname.example.com' did not match expected CN=`myhostname' /var/cfengine/httpd/htdocs/application/helpers/cf_util_helper.php 612
ERROR - 2016-06-15 07:24:15 --> Severity: Warning --> readfile(): Failed to enable crypto /var/cfengine/httpd/htdocs/application/helpers/cf_util_helper.php 612
ERROR - 2016-06-15 07:24:15 --> Severity: Warning --> readfile(https://myhostname/api/static/e39cfd50f95a853fb103a89477b46eb8.csv): failed to open stream: operation failed /var/cfengine/httpd/htdocs/application/helpers/cf_util_helper.php 612

The solution is to generate a new certificate with the correct CN, i.e. the one you use to access the CFEngine Server. To see how to do this, look at the documentation for using a Custom SSL certificate.

Enterprise software inventory is not out-of-the-box

Software inventory is not out-of-the-box for reporting from the hub on other platforms than Debian, Ubuntu and Red Hat/CentOS.

In order to add software inventory for other platforms, please contact support for a custom policy.