./sysutils/cfengine3, Tool for automating system administration

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 3.7.3nb1, Package name: cfengine-3.7.3nb1, Maintainer: pettai

Cfengine, or the "configuration engine" is a very high level language
for building expert systems which administrate and configure large
computer networks. Cfengine uses the idea of classes and a primitive
form of intelligence to define and automate the configuration of
large systems in the most economical way possible. Cfengine is
designed to be a part of computer immune system.

Cfengine 3 is operationally backwards compatible with Cfengine 2, but the
language is not. Cfengine 3 is not a drop-in replacement for Cfengine 2.

Required to run:
[textproc/libxml2] [devel/pcre] [databases/tokyocabinet]

Required to build:

Package options: tokyocabinet

Master sites:

SHA1: a732d0ef60213b352602cb7d690fc06376b7ae02
RMD160: 6d482b17916e4ddaaa32dee914865cedec3b3231
Filesize: 2074.87 KB

Version history: (Expand)

CVS history: (Expand)

   2017-08-16 22:26:36 by Thomas Klausner | Files touched by this commit (1)
Log message:
Follow HTTP redirect in HOMEPAGE.
   2016-10-09 23:42:04 by Thomas Klausner | Files touched by this commit (110)
Log message:
Recursive bump for all users of pgsql now that the default is 95.
   2016-06-08 12:16:57 by Jonathan Perkin | Files touched by this commit (89)
Log message:
Remove the stability entity, it has no meaning outside of an official context.
   2016-06-08 11:46:05 by Jonathan Perkin | Files touched by this commit (47)
Log message:
Change the service_bundle name to "export" to reduce diffs between the
original manifest.xml file and the output from "svccfg export".
   2016-04-11 14:48:37 by Filip Hajny | Files touched by this commit (2) | Package updated
Log message:
Update cfengine3 to 3.7.3.

Behaviour changes:
- classesmatching(): order of classes changed
- Suppress standard services noise on SUSE

- Reduce verbosity of yum package module
- Reduce verbosity of apt_get package module
- Upgrade dependencies to latest patch versions.
  Upgraded libraries:
  - curl 7.47.0
  - libxml2 2.9.3
  - LMDB 0.9.18
  - MySQL 5.1.72
  - OpenLDAP 2.4.44
  - OpenSSL 1.0.2g
  - PCRE 8.38
  - PostgreSQL 9.3.11
  - Redis 2.8.24
  - rsync 3.1.2
  PHP was kept at 5.6.17 because of problems with the 5.6.19 version.
- parse def.json vars, classes in C
- Namespaced classes can now be specified on the command line.
- getvalues() will now return a list also for data containers,
  and will descend recursively into the containers.
- @if minimum_version now correctly ignores lines starting with '@'
- Fix definition of classes from augments file
- Don't follow symbolic links when copying extended attributes.
- Fix ps options for FreeBSD to check processes only in current
  host and not in jails
- Fix cf-serverd error messages with classic protocol clients
- The isvariable() function call now correctly accepts all
  array variables when specified inline. Previously it would not
  accept certain special characters, even though they could be
  specified indirectly by using a variable to hold it.
- Show errors regarding failure to copy extended attributes
  when doing a local file copy. Errors could happen when copying
  across two different mount points where the support for extended
  attributes is different between the mount points.
- Fix bad option nlwp to vzps on Proxmox / OpenVZ.
- Fix file descriptor leak when there are network errors.
- Fix a regression which would sometimes cause "Permission
  denied" errors on files inside directories with very restricted
- Check for empty server response in RemoteDirList after
- Allow def.json up to 5MB instead of 4K.
- Add guard for binary upgrade during bootstrap
- Fix HP-UX specific bug that caused a lot of log output to
- Fix a bug which sometimes caused package promises to be
  skipped with "XX Another cf-agent seems to have done this since
  I started" messages in the log, most notably in long running
  cf-agent runs (longer than one minute).
- Define (bootstrap|failsafe)_mode during update.cf when triggerd
  from failsafe.cf
- Fix two cases where action_policy warn still produces errors
- Fix classes being set because of hash collision in the
- fix build failure on FreeBSD 7.1
- Installing packages containing version numbers using yum
  now works correctly.
   2016-03-05 12:29:49 by Jonathan Perkin | Files touched by this commit (1813) | Package updated
Log message:
Bump PKGREVISION for security/openssl ABI bump.
   2015-12-08 18:15:21 by Filip Hajny | Files touched by this commit (8) | Package updated
Log message:
Update sysutils/cfengine3 to 3.7.2.

Patch based largely on a pull request by bahamat@:



Bug fixes:
- readfile() and read*list() should print an error if they fail to read file.
  (Redmine #7702)
- Fix 'AIX_PREINSTALL_ALREADY_DONE.txt: cannot create' error
  message on AIX.
- If there is an error saving a mustache template file
  it is now logged with log-level error (was inform).
- Change: Clarify bootstrap/failsafe reports
- Fixed several bugs which prevented CFEngine from loading
  libraries from the correct location. This affected several platforms.
  (Redmine #6708)
- If file_select.file_types is set to symlink and there
  are regular files in the scanned directory, CFEngine no longer
  produces an unneccessary error message. (Redmine #6996)
- Fix: Solaris packages no longer contain duplicate library
  files, but instead symlinks to them. (Redmine #7591)
- cf-agent, cf-execd, cf-promises, cf-runagent and cf-serverd honor
  multiple -D, -N and -s arguments (Redmine #7191)
- Fix "@endif" keyword sometimes being improperly processed
  by policy parser. (Redmine #7413)
- It is possible to edit the same value in multiple regions
  of one file. (Redmine #7460)
- Fix select_class not setting class when used in common bundle with slist.
  (Redmine #7482)
- Fix broken HA policy for 3rd disaster-recovery node.
- Directories should no more be changed randomly
  into files. (Redmine #6027)
- Include latest security updates for 3.7.
- Reduce malloc() thread contention on heavily loaded
  cf-serverd, by not exiting early in the logging function, if no message
  is to be printed. (Redmine #7624)
- Improve cf-serverd's lock contention because of getpwnam()
  call. (Redmine #7643)
- action_policy "warn" now correctly produces warnings instead
  of various other verbosity levels. (Redmine #7274)
- Change: Improve efficiency and debug reports (Redmine #7527)
- Change package modules permissions on hub package so that
  hub can execute package promises. (Redmine #7602)
- No longer hang when changing permissions/ownership on fifos
  (Redmine #7030)
- Fix exporting CSV reports through HTTPS. (Redmine #7267)
- failsafe.cf will be created when needed. (Redmine #7634)
- Mustache templates: Fix  key when value is not a
  primitive. The old behavior, when iterating across a map or array of
  maps, was to abort if the key was requested with . The new
  behavior is to always replace  with either the key name or the
  iteration position in the array. An error is printed if  is used
  outside of a Mustache iteration section.
- Legacy package promise: Result classes are now defined if
  the package being promised is already up to date. (Redmine #7399)
- TTY detection should be more reliable. (Redmine #7606)

- Add: Path to svcprop in stdlib
- Add: New `results` classes body [] (Redmine #7418, #7481)
- Remove: Support for email settings from augments_file (Redmine #7682)


Bug fixes:
- Fix daemons not restarting correctly on upgrade on AIX. (Redmine #7550)
- Fix upgrade causing error message under systemd because of open ports.
- Fix build with musl libc. (Redmine #7455)
- Long promiser strings with multiple lines are now
  abbreviated in logs. (Redmine #3964)
- Fixed a bug which could cause daemons to not to be killed
  correctly when upgrading or manually running "service cfengine3 stop".
  (Redmine #7193)
- Package promise: Fix inability to install certain packages
  with numbers.
- Fix package promise not removing dependant packages. (Redmine #7424)
- Fix warning "Failed to parse csv file entry" with certain very long
  commands promises. (Redmine #7400)
- Fix misaligned help output in cf-hub. (Redmine #7273)
- Augmenting inputs from the augments_file (Redmine #7420)
- Add support for failover to 3rd HA node located outside cluster.
- Upgrade all dependencies for patch release.
- Fix a bug which caused daemons not to be restarted on
  upgrade. (Redmine #7528)


New features:
- New package promise implementation.
- Full systemd support for all relevant platforms
- New classes to determine whether certain features are enabled:
    * feature_yaml
    * feature_xml
  For the official CFEngine packages, these are always enabled, but
  packages from other sources may be built without the support.
- New readdata() support for generic data input (CSV, YAML, JSON, or auto)
- YAML support: new readyaml() function and in readdata()
- CSV support: new readcsv() function and in readdata()
- New string_mustache() function
- New data_regextract() function
- eval() can now be called with "class" as the "mode" \ 
argument, which
  will cause it to return true ("any") if the calculated result is
  non-zero, and false ("!any") if it is zero.
- New list_ifelse() function
- New mapjson() function as well as JSON support in maparray().
- filestat() function now supports "xattr" argument for extended
- "ifvarclass" now has "if" as an alias, and \ 
"unless" as an inverse
- Ability to expand JSON variables directory in Mustache templates:
  Prefix the name with '%' for multiline expansion, '$' for compact
- Ability to expand the iteration *key* in Mustache templates with @
- Canonical JSON output: JSON output has reliably sorted keys so the
  same data structure will produce the same JSON every time.
- New "@if minimum_version(x.x)" syntax in order to hide future language
  improvements from versions that don't understand them.
- compile time option (--with-statedir) to
  override the default state/ directory path.
- Fix error messages/ handling in process signalling which no longer
  allowed any signals to fail silently
- Also enable shortcut keyword for cf-serverd classic protocol, eg to
  simplify the bootstrap process for clients that have different
  sys.masterdir settings (Redmine #3697)
- methods promises now accepts the bundle name in the promiser string,
  as long as it doesn't have any parameters.
- In a services promise, if the service_method bundle is not specified,
  it defaults to the promiser string (canonified) with "service_" as a
  prefix. The bundle must be in the same namespace as the promise.
- inline JSON in policy files: surrounding with parsejson() is now
  optional *when creating a new data container*.
- New data_expand() function to interpolate variables in a data container.
- Add configurable network bandwidth limit for all outgoing
  connections ("bwlimit" attribute in "body common control") . To
  enforce it in both directions, make sure the attribute is set on both
  sides of the connection.
- Secure bootstrap has been facilitated by use of
  "cf-agent --boostrap HUB_ADDRESS --trust-server=no"
- Implement new TLS-relevant options (Redmine #6883):
  - body common control: tls_min_version
  - body server control: allowtlsversion
  - body common control: tls_ciphers
  - body server control: allowciphers (preexisting)

- Improved output format, less verbose, and messages are grouped.
- cf-execd: agent_expireafter default was changed to 120 minutes
  (Redmine #7113)
- All embedded databases are now rooted in the state/ directory.
- TLS used as default for all outgoing connections.
- process promise now reports kept status instead of repaired if a
  signal is not sent, even if the restart_class is set. The old
  behavior was to set the repaired status whenever the process was not
  running. (Redmine#7216).
- Bootstrapping requires keys to be generated in advance using cf-key.
- Disable class set on reverse lookup of interfaces IP addresses.
  (Redmine #3993, Redmine #6870)
- Define a hard class with just the OS major version on FreeBSD.
- Abort cf-agent if OpenSSL's random number generator can't
  be seeded securely.
- Masterfiles source tarball now installs using the usual commands
  "./configure; make install".
- Updated Emacs syntax highlighting template to support the latest
  syntax enhancements in 3.7.

- Arbitrary arguments to cfruncommand (using "cf-runagent -o") are
  not acceptable any more. (Redmine #6978)
- 3.4 is no longer supported in masterfiles.

Bug fixes:
- Fix server common bundles evaluation order (Redmine#7211).
- Limit LMDB disk usage by preserving sparse areas in LMDB files
- Fixed LMDB corruption on HP-UX 11.23. (Redmine #6994)
- Fixed insert_lines failing to converge if preserve_block was used.
  (Redmine #7094)
- Fixed init script failing to stop/restart daemons on openvz/lxc
  hosts. (Redmine #3394)
- rm_rf_depth now deletes base directory as advertised. (Redmine #7009)
- Refactored cf-agent's connection cache to properly differentiate
  hosts using all needed attributes like host and port.
  (Redmine #4646)
- Refactored lastseen database handling to avoid inconsistencies.
  (Redmine #6660)
- cf-key --trust-key now supports new syntax to also update the
  lastseen database, so that clients using old protocol will trust
  the server correctly.
- Fixed a bug which sometimes caused an agent or daemon to kill or stop
  itself. (Redmine #7075, #7244)
- Fixed a bug which made it difficult to kill CFEngine daemons,
  particularly cf-execd. (Redmine #6659, #7193)
- Fixed a bug causing systemd not to be detected correctly on Debian.
  (Redmine #7297)
- "cf-promises -T" will now correctly report the checked out commit,
  even if you haven't checked out a Git branch. (Redmine #7332)
- Reduce verbosity of harmless errors related to socket timeouts and
  missing thermal zone files. (Redmine #6486 and #7238)
- Fix process_result logic to match the purpose of body process_select
  days_older_than (Redmine #3009)


- Support for user specified overring of framework defaults without
  modifying policy supplied by the framework itself (see
- Support for def.json class augmentation in update policy
- Run vacuum operation on postgresql every night as a part of
- Add measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8)
- New negative class guard `cfengine_internal_disable_agent_email` so
  that agent email can be easily disabled by augmenting def.json

- Relocate def.cf to controls/VER/
- Relocate update_def to controls/VER
- Relocate all controls to controls/VER
- Only load cf_hub and reports.cf on CFEngine Enterprise installs
- Relocate acls related to report collection from bundle server
  access_rules to controls/VER/reports.cf into bundle server
- Re-organize cfe_internal splitting core from enterprise specific
  policies and loading the appropriate inputs only when necessary
- Moved update directory into cfe_internal as it is not generally
  intended to be modified
- services/autorun.cf moved to lib/VER/ as it is not generally intended
  to be modified
- To improve predictibility autorun bundles are activated in
  lexicographical order
- Relocate services/file_change.cf to cfe_internal/enterprise. This
  policy is most useful for a good OOTB experience with CFEngine
  Enterprise Mission Portal.
- Relocate service_catalogue from promsies.cf to services/main.cf. It is
  intended to be a user entry. This name change correlates with the main
  bundle being activated by default if there is no bundlesequence
- Reduce benchmarks sample history to 1 day.
- Update policy no longer generates a keypair if one is not found.
  (Redmine: #7167)
- Relocate cfe_internal_postgresql_maintenance bundle to lib/VER/
- Set postgresql_monitoring_maintenance only for versions 3.6.0 and
- Move hub specific bundles from lib/VER/cfe_internal.cf into
  lib/VER/cfe_internal_hub.cf and load them only if policy_server policy
  if set.
- Re-organize lib/VER/stdlib.cf from lists into classic array for use
  with getvalues

- Diff reporting on /etc/shadow (Enterprise)
- Update policy from promise.cf inputs. There is no reason to include
  the update policy into promsies.cf, update.cf is the entry for the
  update policy
- _not_repaired outcome from classes_generic and scoped_classes generic
  (Redmine: # 7022)

- standard_services now restarts the service if it was not already
  running when using service_policy => restart with chkconfig (Redmine
   2015-11-04 02:32:42 by Alistair G. Crooks | Files touched by this commit (499)
Log message:
Add SHA512 digests for distfiles for sysutils category

Problems found with existing digests:
	Package memconf distfile memconf-2.16/memconf.gz
	b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
	95748686a5ad8144232f4d4abc9bf052721a196f [calculated]

Problems found locating distfiles:
	Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
	Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
	Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
	Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
	Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz

Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden).  All existing
SHA1 digests retained for now as an audit trail.