Table of Contents
Masterfiles ChangeLog
Table of Contents
See Also: Core Changelog, Enterprise Changelog
# Changelog
Notable changes to the framework should be documented here
3.12.7:
- Added .ps1 to list of file patterns considered during policy update
(CFE-3425, ENT-4094)
- Added apk package module support for alpinelinux (CFE-3451)
- Added default cf_version_release of 1 when sys var missing (ENT-6219)
- Added missing packages modules scripts in makefile (ENT-6814)
- Added standalone self upgrade capability for Windows agents
(ENT-6219, ENT-6823, ENT-4094)
- Added verbose logfile for msiexec package module file installs
(ENT-6220, ENT-6824)
- Adjust modules/packages/Makefile.am for lack of msiexec packages module
(CFE-3607)
- Disabled TLSv1 by default for Mission Portal's web server (ENT-6783)
- Fixed ability to define users authorized for using cf-runagent on policy servers
(CFE-3546)
- Fixed alpine apk packages module to parse names properly (CFE-3585)
- Fixed docs describing xdev behavior in depth_search bodies (CFE-3541)
- Fixed loading of platform specific inventory on AIX (CFE-3614)
- Suppressed output from watchdog on AIX to prevent the mail spool from filling up
(CFE-3630)
- Use VBScript to enumerate installed packages on Windows (ENT-4669)
- service status on FreeBSD now uses onestatus (CFE-3515)
3.12.6:
- Added inventory for Timezone and GMT Offset (ENT-6161)
- Added inventory for policy servers (ENT-6212)
- Aligned systemd services behavior for service_policy => "enable|enabled|disable|disabled"
(ENT-6073)
- Changed group for state dir files promise to match defaults per OS (CFE-3362)
- Replaced @ignore with useful doc strings (CFE-3378)
- Stopped disabling disabled systemd unit each run when disabled state requested
(CFE-3367)
- Stopped trying to edit fields in manage_variable_values_ini (CFE-3372)
- Fixed converge edit_line bundle not deleting lines containing marker (CFE-3482)
- Added bundle edit_line converge_prepend with same behavior as bundle edit_line converge,
but inserting at start of content. (CFE-3483)
3.12.5:
- Admitted ::1 as a query source on Enterprise hubs (ENT-5531)
- Changed m_inventory dumping behavior to exclude when values are null
(ENT-5562)
- Fixed typo preventing recommendation bundles from running (CFE-3305)
- Made python symlink fall back to platform-python (CFE-3291)
- Modified cftransport cleanup to avoid errors (ENT-5555)
- Release number was added to MPF tarballs (ENT-5429)
- Stopped continual repair of ha_enabled semaphore (ENT-4715)
- The zypper module is now fully compatible with Python 3 (CFE-3364)
3.12.4:
- Added 'data' shortcut to cf-serverd, defaults to sys.workdir/data
- Added inventory of NFS servers in use (from /proc/mounts, on linux)
(CFE-3259)
- Added paths support for opensuse (CFE-3283)
- Added zypper as default package manager for opensuse (CFE-3284)
- Corrected application/logs path to outside of docroot (ENT-5255)
- Enabled SUSE 12 for self upgrade (ENT-5152)
- Fixed Python 3 incompatibility in yum package module
- Improved resliliance of cron watchdog for linux (CFE-3258)
- Modified federated reporting's import_file.sh to catch errors in psql run (ENT-5040)
- Move 'selinux_enabled' class to config bundle and namespace scope it
- Prevented inventory of unresolved variables for diskfree and loadavg
(ENT-5190)
- Setup our own symlink for Python interpreter and use it
(ENT-4668, ENT-4682)
- Standard services now considers systemd services in ActiveState=activating active
(CFE-3238)
- Fixed selection of standard_services when used explicitly from non-default namespace (ENT-5406)
3.12.3:
- Extended watchdog for AIX (ENT-4995)
- Added AIX support to body perms system_owned (ENT-4773)
- Added ability to avoid limiting robot agents (CFE-3161)
- Added and transitioned to using master_software_updates shortcut
(ENT-4953)
- Added continual checking for policy_server state (CFE-3073)
- Added documentation how to enable systemd unit management and disable
agents on all hosts (CFE-3416)
- Added package_module for snap (CFE-2811)
- Added scripts and templates for Federated Reporting (ENT-4473)
- Added support for 'awk' filters in the FR dump-import process (ENT-4839)
- Added support for configuring abortclasses and abortbundleclasses via
augments (ENT-4823)
- Added support for filtering in both dump and import phases of the FR
ETL process (ENT-4839)
- Added support for ordering FR awk and sed scripts (ENT-4839)
- Added support for setting periodic package inventory refresh interval
via augments (CFE-2771)
- Always set files_single_copy from augments if available (CFE-3064)
- Changed FR policy to honor target_state properly (ENT-4874)
- Copy .awk and .sed files from masterfiles to inputs (ENT-4839)
- Do not run DB maintenance tasks on a passive HA hub (ENT-4706)
- Fixed agent disabling on systemd systems (CFE-2429, CFE-3416)
- Fixed cleanup of future timestamps from status table (ENT-4331,
ENT-4992)
- Fixed pkgsrc in case where multiple Prefix paths are returned for
pkg_install (CFE-3153)
- Fixed pkgsrc module on Solaris/NetBSD (CFE-3151)
- Fixed re-spawning of cf-execd or cf-monitord after remediating
duplicate concurrent processes (CFE-3150)
- Fixed state ownership on aix (ENT-4773)
- Fixed synchronization of important configuration files from active to
passive hub (ENT-4944)
- Fixed the CFEngine 3.7.x class guard in standalone_self_upgrade.cf
(CFE-3182)
- Made keys of all types from feeder hubs trusted on a superhub
(ENT-4917)
- Set default access promises for directories to only share if directory
exists (CFE-3060)
- Speeded-up FR import process by merging INSERT INTO statements
(ENT-4839)
- Suppressed stderr output from lldpctl when using path defined by
def.lldpctl_json (CFE-3109)
- added SQL to update feeder update timestamp during import (ENT-4776)
- added ssh_home_t type to cftransport .ssh dir (ENT-4906)
- fix use of _stdlib_path_exists_ in FR transport_user policy
bundle (ENT-4906)
- lib/paths.cf: Add usermod path for redhat systems
- modules/packages/zypper.in: Moved zypper package module errors to the
cf-agent output (CFE-3154)
- partitioned __inventory table for federated reporting (ENT-4842)
- psql_wrapper needed full path to psql binary (ENT-4912)
- yum package_module gets updates available from online repos if local
cache fails (CFE-3094)
3.12.2:
- Fixed isvariable() syntax error in update_def.cf (CFE-2953)
- Fixed maintenance policy for promise log cleanup to respect history_length_days (ENT-4588)
- Added setfacl to paths
- Added path support for timedatectl and journalctl (CFE-3013)
- Added trailing slash to access promises expecting directories (CFE-3024)
- Conditioned use of curl for ec2 metadata cache on curl binary being executable (CFE-3049)
- Instrumented cf-hub pull schedule for augments (ENT-4269)
- Stopped suppressing repair outcome for starting cf-monitord or cf-execd (CFE-2964)
- Enforced restrictive permissions on hub install log (ENT-4506)
- Ensured that asynchronous query API semaphores are writable (ENT-4551)
- Fixed standalone_self_upgrade not triggering because of stale data (ENT-4317)
- Improved efficiency and error handling of user specified policy update bundle
- Improved performance of enterprise license utilization logging
- Added version logging for Enterprise agent outside of state (ENT-4352)
- Added package_module for managing windows packages using msiexec (ENT-3719)
- Prevented inventorying un-expanded free memory from cf-monitord
- Prevented mon.value_mem_total from being inventoried if not defined (ENT-4522)
- Prevented performance overhead on hubs that don't enable license utilization logging (ENT-4333)
- Added purging of future status records (ENT-4362)
- Reduced cost of knowing when setopt is available in yum (CFE-2993)
- Added restart of runalerts if modified (ENT-4273)
- Separated kill signals from restart class to avoid warning (CFE-2974)
- Separated termination and observation promises for cf-monitord (CFE-2963)
- Set default value for purge_scheduled_reports_older_than_days (ENT-4404)
- Changed internal class name to describes daemon state instead of desired action
- Changed internal class names to be more descriptive when identifying concurrent daemons
- Implemented augments support for collect_window in body server control (ENT-4283)
- Added guard for vars promises in cfe_internal_enterprise_mission_portal_apache
Constrain vars promises in cfe_internal_enterprise_mission_portal_apache
to policy_server.enterprise_edition::, otherwise "cf-promises --show-vars"
includes a dump of the entire datastate from the "data" variable in
cfe_internal_enterprise_mission_portal_apache (line over 100K long).
(CFE-3011)
- Stopped defining redhat_pure on Fedora hosts (CFE-3022)
3.12.1:
- Add 'system-uuid' to default dmidecode inventory (CFE-2925)
- Add inventory of AWS EC2 linux instances (CFE-2924)
- Add ubuntu 18 to package map for self upgrade (ENT-4118)
- Allow dmidefs inventory to be overridden via augments (CFE-2927)
- Also list packages updates for hold packages: (CFE-2855)
- Analyze yum return code before parsing its output (CFE-2868)
- Fixed an issue when Promise to edit file that does not exist caused
"promise not kept" condition (ENT-3965)
- Avoid trying to read /proc/meminfo when it doesn't exist (CFE-2922)
- Avoid use of $(version) for package_version in legacy implementation
(ENT-3963)
- Cleanup old report data relative to the most recent changetimestamp
(ENT-4807)
- Configure agent_expireafter from augments (ENT-4308)
- Consider sles when considering suse (CFE-2897)
- Fixed an issue when standalone self upgrade policy did not create
desired-cfengine-package-version.json file (ENT-3937)
- Cron based watchdog for cf-execd on AIX (ENT-3963)
- Detect systemd service enablement for non native services (CFE-2932)
- Document how def.acl is used and how to configure it (CFE-2861)
- Fix name of tunable to control max client side report history
(CFE-2926)
- Fix package_latest detecting larger version in some cases (CFE-1743)
- Fix standalone self upgrade when path contains spaces (ENT-4117)
- Fix unattended self upgrade on AIX (ENT-3972)
- Inventory Memory on HPUX (ENT-4188)
- Inventory Physical Memory MB when dmidecode is found (CFE-2896)
- Inventory memory on Windows (ENT-4187)
- Make recommendations about postgresql.conf (ENT-3958)
- Only consider files that exist for rotation (ENT-3946)
- Prevent noise when a service that should be disabled is missing.
(CFE-2690)
- Prevent standalone self upgrade from triggering un-necessarily
(ENT-4092)
- Remove un-necessary agent run during self upgrade (ENT-4116)
- Specify scope => "namespace" when using persistent classes (CFE-2860)
- Store timestamp for packages managed by zypper module (CFE-2875)
- Store timestamp of packages in cache db with zypper
- Sync cf-runalerts override unit template with package (ENT-3923)
- Updated yum package module to take arbitrary options (ENT-4177)
- Use default for package arch on aix (ENT-3963)
- Use rpmvercmp for version comparison on AIX (ENT-3963)
- Users allowed to request execution via cf-runagent can be configured
via augments (ENT-4054)
- apt_get package module includes held packages when listing updates
(CFE-2855)
3.12.0:
- Avoid executing self upgrade policy unnecessarily (ENT-3592)
- Add amazon_linux class to yum package module
- Introduce ability to set policy update bundle via augments (CFE-2687)
- Localize delete tidy in ha update policy (ENT-3659)
- Improve context notifying user of missing policy update bundle
(ENT-3624)
- Configure ignore_missing_inputs and ignore_missing_bundles via augments
(CFE-2773)
- Change class identifying runagent initiated executions from cfruncommand to cf_runagent_initated
- Support enablerepo and disablerepo options in yum package_module
(CFE-2806)
- Fix cf-runagent during 3.7.x -> 3.10.x migration
(CFE-2776, CFE-2781, CFE-2782)
- Makes it possible to tune policy master_location via augments in update policy
(ENT-3692)
- Fix inventory for total memory on AIX (CFE-2797)
- Do not manage redis since it's no longer used (ENT-2797)
- Server control maxconnections can be configured via augments
(CFE-2660)
- Allow configuration of allowlegacyconnects from augments (ENT-3375)
- Fix ability for zypper package_module to downgrade packages
- Splaytime in body executor control can now be configured via augments
(CFE-2699)
- Add maintenance policy to refresh events table on enterprise hubs
(ENT-3537)
- Add apache config for new LDAP API (ENT-3265)
- update.cf bundlesequence can be configured via augments (CFE-2521)
- Update policy inputs can be extended via augments (CFE-2702)
- Add oracle linux support to standalone self upgrade
- Add bundle to track component variables to restart when necessary
(CFE-2326)
- Retention of files found in log directories can now be configured via augments
(CFE-2539)
- Allow multiple sections in insert_ini_section (CFE-2721)
- Add lines_present edit_lines bundle
- Schedule in body executor control can now be configured via augments
(CFE-2508)
- Include scheduled report assets in self maintenance (ENT-3558)
- Remove unused body action aggregator and body file_select folder
- Remove unused body process_count check_process
- Prevent yum from locking in package_methods when possible
(CFE-2759)
- Render variables tagged for inventory from agent host_info_report
(CFE-2750)
- Make apt_get package module work with repositories containing spaces in the label
(ENT-3438)
- Allow hubs to collect from themselves over loopback (ENT-3329)
- Log file max size and rotation limits can now be configured via augments
(CFE-2538)
- Change: Do not silence Enterprise hub maintenance
- Ensure HA standby hubs have am_policy_hub state marker (ENT-3328)
- Add support for 32bit rpms in standalone self upgrade (ENT-3377)
- Add enterprise maintenance bundles to host info report (ENT-3537)
- Removed unnecessary promises for OOTB package inventory
- Add external watchdog support for stuck cf-execd (ENT-3251)
- Be less noisy when a promised service is not found (CFE-2690)
- Ignore empty options in apt_get module (CFE-2685)
- Add postgres.log to enterprise log file rotation (ENT-3191)
- Removed unnecessary support for including 3.6 controls
- Fix systemctl path detection
- Policy Release Id is now inventoried by default (CFE-2097)
- Fix to frequent logging of enterprise license utilization (ENT-3390)
- Maintain access to exported CSV reports in older versions (ENT-3572)
- cf-execd service override template now only kills cf-execd on stop
(ENT-3395)
- Fix self upgrade for hosts older than 3.7.4 (ENT-3368)
- Avoid self upgrade from triggering during bootstrap (ENT-3394)
- Add json templates for rendering serial and multiline data (CFE-2713)
- Removed unused libraries and controls
- Fixed an error in the file_make_mustache_*, incorrect variable name used
(CFE-2714)
- Fix augments control state paths to work on windows (ENT-3839)
- Remove templates for deprecated components (ENT-3781)
- Replace unicode smartquotes with apostrophe (ENT-3823)
- Configure Enterprise hub pull collection schedule via augments
(ENT-3834)
3.11.0:
- Rename enable_client_initiated_reporting to client_initiated_reporting_enabled
- Directories for ubuntu 16 and centos 7 should exist in master_software_updates
(ENT-3136)
- Fix: Automatic client upgrades for deb hosts
- Add AIX OOTB oslevel inventory (ENT-3117)
- Disable package inventory via modules on redhat like systems with unsupported python versions
(CFE-2602)
- Make stock policy update more resiliant (CFE-2587)
- Configure networks allowed to initiate report collection (client initiated reporting) via augments (#910)
(CFE-2624)
- apt_get package module: Fix bug which prevented updates
from being picked up if there was more than one source listed in the
'apt upgrade' output, without a comma in between (CFE-2605)
- Enable specification of monitoring_include via augments (CFE-2505)
- Configure call_collect_interval from augments (enable_client_initiated_reporting) (#905)
(CFE-2623)
- Add templates shortcut (CFE-2582)
- Behaviour change: when used with CFEngine 3.10.0 or greater,
bundles set_config_values() and set_line_based() are appending a
trailing space when inserting a configuration option with empty value
(CFE-2466)
- Add default report collection exclusion based on promise handle
(ENT-3061)
- Fix ability to select INI region with metachars (CFE-2519)
- Change: Verify transfered files during policy update
- Change select_region INI_section to match end of section or end of file
(CFE-2519)
- Add class to enable post transfer verrification during policy updates
- Add: prunetree bundle to stdlib
The prunetree bundle allws you to delete files and directories up to a
sepcified depth older than a specified number of days
- Do not symlink agents to /usr/local/bin on coreos (ENT-3047)
- Add: Ability to set default_repository via augments
- Enable settig def.max_client_history_size via augments (CFE-2560)
- Change self upgrade now uses standalone policy (ENT-3155)
- Fix apt_get package module incorrectly using interactive mode
- Add ability to append to bundlesequnece with def.json (CFE-2460)
- Enable paths to POSIX tools by default instead of native tools
- Remove bundle agent cfe_internal_bins (CFE-2636)
- Include previous_state and untracked reports when client clear a buildup of unreported data
(ENT-3161)
- Fix command to restart apache on config change (ENT-3134)
- cf-serverd listens on ipv4 and ipv6 by default (CFE-528)
- FixesMake apt_get module compatible with Ubuntu 16.04 (CFE-2445)
- Fix rare bug that would sometimes prevent redis-server from launching
- Add oslevel to well known paths (ENT-3121)
- Add policy to track CFEngine Enterprise license utilization
(ENT-3186)
- Ensure MP SSL Cert is readable (ENT-3050)
3.10.0:
- Add: Classes body tailored for use with diff
- Change: Session Cookies use HTTPOnly and secure attribtues (ENT-2781)
- Change: Verify transfered files during policy update
- Add: Inventory for system product name (model) (ENT-2780)
- Add: Ensure appropriate permissions for SSL files (ENT-760)
- Fix rare bug that would sometimes prevent redis-server from launching.
- Change: Enable strict transport security
- Add: Definition of from_cfexecd for cf-execd initiated runs
(CFE-2386)
- Add testing jUnit and TAP bundles and include them in stdlib.cf
- Change: Rename duplicate bodies in ha_update.cf (ENT-2753)
- Change: Disable RC4 Cipher for ssl in Mission Portal
- Pass package promise options to underlying apt-get call (#802)
(CFE-2468)
- Change: Enable agent component management policy on systemd hosts
(CFE-2429)
- Add: Enterprise appliaction log dir to rotation
- Change: re-enable hub process maintainance
- Add: edit_line contains_literal_string to stdlib
- Fix: Services starting or stopping unnecessarily (CFE-2421)
- Allow specifying agent maxconnections via def.json (CFE-2461)
- Change: Disable http TRACE method
- Change: Reduce Enteprise webserver info
- Change: cronjob bundle tolerates different spacing
- Fix: CFEngine choking on standard services (CFE-2806)
- Change select_region INI_section to match end of section or end of file
(CFE-2519)
- Fix ability to manage INI sections with metachars for
manage_variable_values_ini and set_variable_values_ini (CFE-2519)
- Fix apt_get package module incorrectly using interactive mode.
- Add ability to append to bundlesequnece with def.json (CFE-2460)
- Behaviour change: when used with CFEngine 3.10.0 or greater,
bundles set_config_values() and set_line_based() are appending a
trailing space when inserting a configuration option with empty value.
(CFE-2466)
3.7.0:
- Support for user specified overring of framework defaults without modifying
policy supplied by the framework itself (see example_def.json)
- Support for def.json class augmentation in update policy
- Run vacuum operation on postgresql every night as a part of maintenance.
- Add measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8)
- New negative class guard `cfengine_internal_disable_agent_email` so that
agent email can be easily disabled by augmenting def.json
- Relocate def.cf to controls/VER/
- Relocate update_def to controls/VER
- Relocate all controls to controls/VER
- Only load cf_hub and reports.cf on CFEngine Enterprise installs
- Relocate acls related to report collection from bundle server access_rules
to controls/VER/reports.cf into bundle server report_access_rules
- Re-organize cfe_internal splitting core from enterprise specific policies
and loading the appropriate inputs only when necessary
- Moved update directory into cfe_internal as it is not generally intended to
be modified
- services/autorun.cf moved to lib/VER/ as it is not generally intended to be
modified
- To improve predictibility autorun bundles are activated in lexicographical
order
- Relocate services/file_change.cf to cfe_internal/enterprise. This policy is
most useful for a good OOTB experience with CFEngine Enterprise Mission
Portal.
- Relocate service_catalogue from promsies.cf to services/main.cf. It is
intended to be a user entry. This name change correlates with the main
bundle being activated by default if there is no bundlesequence specified.
- Reduce benchmarks sample history to 1 day.
- Update policy no longer generates a keypair if one is not found. (Redmine: #7167)
- Relocate cfe_internal_postgresql_maintenance bundle to lib/VER/
- Set postgresql_monitoring_maintenance only for versions 3.6.0 and 3.6.1
- Move hub specific bundles from lib/VER/cfe_internal.cf into lib/VER/cfe_internal_hub.cf
and load them only if policy_server policy if set.
- Re-organize lib/VER/stdlib.cf from lists into classic array for use with getvalues
- inform_mode classes changed to DEBUG|DEBUG_$(this.bundle):: (Redmine: #7191)
- Enabled limit_robot_agents in order to work around multiple cf-execd
processes after upgrade. (Redmine #7185)
- Remove Diff reporting on /etc/shadow (Enterprise)
- Update policy from promise.cf inputs. There is no reason to include the
update policy into promsies.cf, update.cf is the entry for the update policy
- _not_repaired outcome from classes_generic and scoped_classes generic (Redmine: # 7022)
- standard_services now restarts the service if it was not already running
when using service_policy => restart with chkconfig (Redmine #7258)
- Fix process_result logic to match the purpose of body process_select
days_older_than (Redmine #3009)