diff --git a/CHANGELOG.md b/CHANGELOG.md index 8dc5b0eec0..5d6b75bb03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,12 +14,12 @@ (ENT-13210) - Removed duplicate well known paths for ls and lsof on opensuse (ENT-12990) - - Use current process ID to investigate proc filesystem to workaround in-container non-root owned symlinks + - Switched to using current process ID to investigate proc filesystem to workaround in-container non-root owned symlinks (CFE-3429) 3.24.2: - Added paths for the dmsetup, fdisk, and lshw commands (ENT-12560) - - Allowed images from raw.github.com (ENT-12531) + - Fixed issue loading images from raw.github.com in Mission Portal Build application(ENT-12531) - Fixed issue with yum package module regarding packages with epoch not validating (ENT-12538) - Fixed location of Mission Portal application logs for log_dir cleanup @@ -239,7 +239,7 @@ - Fixed set_line_based() for case when edit_defaults.empty_before_use is true (ENT-5866) - Made proc inventory configurable via Augments (CFE-4056) - - Make device-tree inventory quieter in containers (ENT-9063) + - Made device-tree inventory quieter in containers (ENT-9063) - Stopped applying locks to masterfiles-stage (ENT-9625) - Stopped loading several Apache modules on Enterprise Hubs by default: mod_auth_basic, mod_authz_host, mod_authz_owner, mod_dbd, @@ -452,7 +452,7 @@ - Added ability to specify a list of bundles to run before autorun (for classification) (ENT-6603) - Update policy now moves obstructions (CFE-2984) - Use VBScript to enumerate installed packages (ENT-4669) - - add /usr/bin/yum to paths.cf for aix (CFE-3615) + - Added /usr/bin/yum to paths.cf for aix (CFE-3615) - service status on FreeBSD now uses onestatus (CFE-3515) - Guard again enforcing root ownership for CFEngine files on Windows (ENT-4628) @@ -672,11 +672,11 @@ - redhat_pure is no longer defined on Fedora hosts (CFE-3022) 3.13.0: - - Add Debian 9 to the self upgrade package map (ENT-4255) - - Add 'system-uuid' to default dmidecode inventory (CFE-2925) - - Add inventory of AWS EC2 linux instances (CFE-2924) - - Add ubuntu 18 to package map for self upgrade (ENT-4118) - - Allow dmidefs inventory to be overridden via augments (CFE-2927) + - Added Debian 9 to the self upgrade package map (ENT-4255) + - Added 'system-uuid' to default dmidecode inventory (CFE-2925) + - Added inventory of AWS EC2 linux instances (CFE-2924) + - Added ubuntu 18 to package map for self upgrade (ENT-4118) + - Allowed dmidefs inventory to be overridden via augments (CFE-2927) - Analyze yum return code before parsing its output (CFE-2868) - Fixed issue when promise to edit file that does not exist caused "promise not kept" condition (ENT-3965) @@ -692,31 +692,31 @@ - Create desired version tracking data when necessary (ENT-3937) - Cron based watchdog for cf-execd on AIX (ENT-3963) - Detect systemd service enablement for non native services (CFE-2932) - - Document how def.acl is used and how to configure it (CFE-2861) - - Fix augments control state paths to work on windows (ENT-3839) - - Fix package_latest detecting larger version in some cases (CFE-1743) - - Fix standalone self upgrade when path contains spaces (ENT-4117) - - Fix unattended self upgrade on AIX (ENT-3972) - - Fix services starting on windows (ENT-3883) + - Documented how def.acl is used and how to configure it (CFE-2861) + - Fixed augments control state paths to work on windows (ENT-3839) + - Fixed package_latest detecting larger version in some cases (CFE-1743) + - Fixed standalone self upgrade when path contains spaces (ENT-4117) + - Fixed unattended self upgrade on AIX (ENT-3972) + - Fixed services starting on windows (ENT-3883) - Improve performance of enterprise license utilization logging - Inventory Memory on HPUX (ENT-4188) - Inventory Physical Memory MB when dmidecode is found (CFE-2896) - Inventory Setuid Files (ENT-4158) - Inventory memory on Windows (ENT-4187) - - Make recommendations about postgresql.conf (ENT-3958) + - Made recommendations about postgresql.conf (ENT-3958) - Only consider files that exist for rotation (ENT-3946) - Prevent noise when a service that should be disabled is missing. (CFE-2690) - Prevent standalone self upgrade from triggering un-necessarily (ENT-4092) - - Remove Design Center related policies + - Removed Design Center related policies Design center never left beta and has been deprecated. Supporting policies have been removed. If you wish to continue using design center sketches you must incorporate them into inputs and the bundlesequence manually. (ENT-4050) - - Remove unicode characters (ENT-3823) - - Remove templates for deprecated components (ENT-3781) - - Remove un-necessary agent run during self upgrade (ENT-4116) + - Removed unicode characters (ENT-3823) + - Removed templates for deprecated components (ENT-3781) + - Removed un-necessary agent run during self upgrade (ENT-4116) - Slackware package module support (CFE-2827) - Specify scope => "namespace" when using persistent classes (CFE-2860) - Store the epoch of packages in cache db with zypper @@ -733,161 +733,161 @@ 3.12.0b1: - Avoid executing self upgrade policy unnecessarily (ENT-3592) - - Add amazon_linux class to yum package module + - Added amazon_linux class to yum package module - Introduce ability to set policy update bundle via augments (CFE-2687) - Localize delete tidy in ha update policy (ENT-3659) - Improve context notifying user of missing policy update bundle (ENT-3624) - Configure ignore_missing_inputs and ignore_missing_bundles via augments (CFE-2773) - - Change class identifying runagent initiated executions from cfruncommand to cf_runagent_initiated + - Changed class identifying runagent initiated executions from cfruncommand to cf_runagent_initiated - Support enablerepo and disablerepo options in yum package_module (CFE-2806) - - Fix cf-runagent during 3.7.x -> 3.10.x migration + - Fixed cf-runagent during 3.7.x -> 3.10.x migration (CFE-2776, CFE-2781, CFE-2782) - - Makes it possible to tune policy master_location via augments in update policy + - Made it possible to tune policy master_location via augments in update policy (ENT-3692) - - Fix inventory for total memory on AIX (CFE-2797) + - Fixed inventory for total memory on AIX (CFE-2797) - Do not manage redis since it's no longer used (ENT-2797) - Server control maxconnections can be configured via augments (CFE-2660) - - Allow configuration of allowlegacyconnects from augments (ENT-3375) - - Fix ability for zypper package_module to downgrade packages + - Allowed configuration of allowlegacyconnects from augments (ENT-3375) + - Fixed ability for zypper package_module to downgrade packages - Splaytime in body executor control can now be configured via augments (CFE-2699) - - Add maintenance policy to refresh events table on enterprise hubs + - Added maintenance policy to refresh events table on enterprise hubs (ENT-3537) - - Add apache config for new LDAP API (ENT-3265) + - Added apache config for new LDAP API (ENT-3265) - update.cf bundlesequence can be configured via augments (CFE-2521) - Update policy inputs can be extended via augments (CFE-2702) - - Add oracle linux support to standalone self upgrade - - Add bundle to track component variables to restart when necessary + - Added oracle linux support to standalone self upgrade + - Added bundle to track component variables to restart when necessary (CFE-2326) - Retention of files found in log directories can now be configured via augments (CFE-2539) - - Allow multiple sections in insert_ini_section (CFE-2721) - - Add lines_present edit_lines bundle + - Allowed multiple sections in insert_ini_section (CFE-2721) + - Added lines_present edit_lines bundle - Schedule in body executor control can now be configured via augments (CFE-2508) - - Include scheduled report assets in self maintenance (ENT-3558) - - Remove unused body action aggregator and body file_select folder - - Remove unused body process_count check_process + - Included scheduled report assets in self maintenance (ENT-3558) + - Removed unused body action aggregator and body file_select folder + - Removed unused body process_count check_process - Prevent yum from locking in package_methods when possible (CFE-2759) - Render variables tagged for inventory from agent host_info_report (CFE-2750) - - Make apt_get package module work with repositories containing spaces in the label + - Made apt_get package module work with repositories containing spaces in the label (ENT-3438) - - Allow hubs to collect from themselves over loopback (ENT-3329) + - Allowed hubs to collect from themselves over loopback (ENT-3329) - Log file max size and rotation limits can now be configured via augments (CFE-2538) - - Change: Do not silence Enterprise hub maintenance + - Changed: Do not silence Enterprise hub maintenance - Ensure HA standby hubs have am_policy_hub state marker (ENT-3328) - - Add support for 32bit rpms in standalone self upgrade (ENT-3377) - - Add enterprise maintenance bundles to host info report (ENT-3537) + - Added support for 32bit rpms in standalone self upgrade (ENT-3377) + - Added enterprise maintenance bundles to host info report (ENT-3537) - Removed unnecessary promises for OOTB package inventory - - Add external watchdog support for stuck cf-execd (ENT-3251) + - Added external watchdog support for stuck cf-execd (ENT-3251) - Be less noisy when a promised service is not found (CFE-2690) - Ignore empty options in apt_get module (CFE-2685) - - Add postgres.log to enterprise log file rotation (ENT-3191) + - Added postgres.log to enterprise log file rotation (ENT-3191) - Removed unnecessary support for including 3.6 controls - - Fix systemctl path detection + - Fixed systemctl path detection - Policy Release Id is now inventoried by default (CFE-2097) - - Fix to frequent logging of enterprise license utilization (ENT-3390) + - Fixed to frequent logging of enterprise license utilization (ENT-3390) - Maintain access to exported CSV reports in older versions (ENT-3572) - cf-execd service override template now only kills cf-execd on stop (ENT-3395) - - Fix self upgrade for hosts older than 3.7.4 (ENT-3368) + - Fixed self upgrade for hosts older than 3.7.4 (ENT-3368) - Avoid self upgrade from triggering during bootstrap (ENT-3394) - - Add json templates for rendering serial and multiline data (CFE-2713) + - Added json templates for rendering serial and multiline data (CFE-2713) - Removed unused libraries and controls - Fixed an error in the file_make_mustache_*, incorrect variable name used (CFE-2714) 3.11.0: - - Rename enable_client_initiated_reporting to client_initiated_reporting_enabled + - Renamed enable_client_initiated_reporting to client_initiated_reporting_enabled - Directories for ubuntu 16 and centos 7 should exist in master_software_updates (ENT-3136) - - Fix: Automatic client upgrades for deb hosts - - Add AIX OOTB oslevel inventory (ENT-3117) - - Disable package inventory via modules on redhat like systems with unsupported python versions + - Fixed: Automatic client upgrades for deb hosts + - Added AIX OOTB oslevel inventory (ENT-3117) + - Disabled package inventory via modules on redhat like systems with unsupported python versions (CFE-2602) - - Make stock policy update more resilient (CFE-2587) + - Made stock policy update more resilient (CFE-2587) - Configure networks allowed to initiate report collection (client initiated reporting) via augments (#910) (CFE-2624) - apt_get package module: Fix bug which prevented updates from being picked up if there was more than one source listed in the 'apt upgrade' output, without a comma in between (CFE-2605) - - Enable specification of monitoring_include via augments (CFE-2505) + - Enabled specification of monitoring_include via augments (CFE-2505) - Configure call_collect_interval from augments (enable_client_initiated_reporting) (#905) (CFE-2623) - - Add templates shortcut (CFE-2582) - - Behaviour change: when used with CFEngine 3.10.0 or greater, + - Added templates shortcut (CFE-2582) + - Behaviour changed: when used with CFEngine 3.10.0 or greater, bundles set_config_values() and set_line_based() are appending a trailing space when inserting a configuration option with empty value (CFE-2466) - - Add default report collection exclusion based on promise handle + - Added default report collection exclusion based on promise handle (ENT-3061) - - Fix ability to select INI region with metachars (CFE-2519) - - Change: Verify transferred files during policy update - - Change select_region INI_section to match end of section or end of file + - Fixed ability to select INI region with metachars (CFE-2519) + - Changed: Verify transferred files during policy update + - Changed select_region INI_section to match end of section or end of file (CFE-2519) - - Add class to enable post transfer verification during policy updates - - Add: prunetree bundle to stdlib + - Added class to enable post transfer verification during policy updates + - Added: prunetree bundle to stdlib The prunetree bundle allows you to delete files and directories up to a specified depth older than a specified number of days - Do not symlink agents to /usr/local/bin on CoreOS (ENT-3047) - - Add: Ability to set default_repository via augments - - Enable settig def.max_client_history_size via augments (CFE-2560) - - Change self upgrade now uses standalone policy (ENT-3155) - - Fix apt_get package module incorrectly using interactive mode - - Add ability to append to bundlesequnece with def.json (CFE-2460) - - Enable paths to POSIX tools by default instead of native tools - - Remove bundle agent cfe_internal_bins (CFE-2636) - - Include previous_state and untracked reports when client clear a buildup of unreported data + - Added: Ability to set default_repository via augments + - Enabled settig def.max_client_history_size via augments (CFE-2560) + - Changed self upgrade now uses standalone policy (ENT-3155) + - Fixed apt_get package module incorrectly using interactive mode + - Added ability to append to bundlesequnece with def.json (CFE-2460) + - Enabled paths to POSIX tools by default instead of native tools + - Removed bundle agent cfe_internal_bins (CFE-2636) + - Included previous_state and untracked reports when client clear a buildup of unreported data (ENT-3161) - - Fix command to restart apache on config change (ENT-3134) + - Fixed command to restart apache on config change (ENT-3134) - cf-serverd listens on ipv4 and ipv6 by default (CFE-528) - FixesMake apt_get module compatible with Ubuntu 16.04 (CFE-2445) - - Fix rare bug that would sometimes prevent redis-server from launching - - Add oslevel to well known paths (ENT-3121) - - Add policy to track CFEngine Enterprise license utilization + - Fixed rare bug that would sometimes prevent redis-server from launching + - Added oslevel to well known paths (ENT-3121) + - Added policy to track CFEngine Enterprise license utilization (ENT-3186) - Ensure MP SSL Cert is readable (ENT-3050) 3.10.0: - - Add: Classes body tailored for use with diff - - Change: Session Cookies use HTTPOnly and secure attributes (ENT-2781) - - Change: Verify transferred files during policy update - - Add: Inventory for system product name (model) (ENT-2780) - - Add: Ensure appropriate permissions for SSL files (ENT-760) - - Fix rare bug that would sometimes prevent redis-server from launching. - - Change: Enable strict transport security - - Add: Definition of from_cfexecd for cf-execd initiated runs + - Added: Classes body tailored for use with diff + - Changed: Session Cookies use HTTPOnly and secure attributes (ENT-2781) + - Changed: Verify transferred files during policy update + - Added: Inventory for system product name (model) (ENT-2780) + - Added: Ensure appropriate permissions for SSL files (ENT-760) + - Fixed rare bug that would sometimes prevent redis-server from launching. + - Changed: Enable strict transport security + - Added: Definition of from_cfexecd for cf-execd initiated runs (CFE-2386) - - Add testing jUnit and TAP bundles and include them in stdlib.cf - - Change: Rename duplicate bodies in ha_update.cf (ENT-2753) - - Change: Disable RC4 Cipher for ssl in Mission Portal + - Added testing jUnit and TAP bundles and include them in stdlib.cf + - Changed: Rename duplicate bodies in ha_update.cf (ENT-2753) + - Changed: Disable RC4 Cipher for ssl in Mission Portal - Pass package promise options to underlying apt-get call (#802) (CFE-2468) - - Change: Enable agent component management policy on systemd hosts + - Changed: Enable agent component management policy on systemd hosts (CFE-2429) - - Add: Enterprise appliaction log dir to rotation - - Change: re-enable hub process maintenance - - Add: edit_line contains_literal_string to stdlib - - Fix: Services starting or stopping unnecessarily (CFE-2421) - - Allow specifying agent maxconnections via def.json (CFE-2461) - - Change: Disable http TRACE method - - Change: Reduce Enteprise webserver info - - Change: cronjob bundle tolerates different spacing - - Fix: CFEngine choking on standard services (CFE-2806) - - Change select_region INI_section to match end of section or end of file + - Added: Enterprise appliaction log dir to rotation + - Changed: re-enable hub process maintenance + - Added: edit_line contains_literal_string to stdlib + - Fixed: Services starting or stopping unnecessarily (CFE-2421) + - Allowed specifying agent maxconnections via def.json (CFE-2461) + - Changed: Disable http TRACE method + - Changed: Reduce Enteprise webserver info + - Changed: cronjob bundle tolerates different spacing + - Fixed: CFEngine choking on standard services (CFE-2806) + - Changed select_region INI_section to match end of section or end of file (CFE-2519) - - Fix ability to manage INI sections with metachars for + - Fixed ability to manage INI sections with metachars for manage_variable_values_ini and set_variable_values_ini (CFE-2519) - - Fix apt_get package module incorrectly using interactive mode. - - Add ability to append to bundlesequnece with def.json (CFE-2460) - - Behaviour change: when used with CFEngine 3.10.0 or greater, + - Fixed apt_get package module incorrectly using interactive mode. + - Added ability to append to bundlesequnece with def.json (CFE-2460) + - Behaviour changed: when used with CFEngine 3.10.0 or greater, bundles set_config_values() and set_line_based() are appending a trailing space when inserting a configuration option with empty value. (CFE-2466) @@ -897,16 +897,16 @@ policy supplied by the framework itself (see example_def.json) - Support for def.json class augmentation in update policy - Run vacuum operation on PostgreSQL every night as a part of maintenance. - - Add measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8) + - Added measure_promise_time action body to lib (3.5, 3.6, 3.7, 3.8) - New negative class guard `cfengine_internal_disable_agent_email` so that agent email can be easily disabled by augmenting def.json - - Relocate def.cf to controls/VER/ - - Relocate update_def to controls/VER - - Relocate all controls to controls/VER + - Relocated def.cf to controls/VER/ + - Relocated update_def to controls/VER + - Relocated all controls to controls/VER - Only load cf_hub and reports.cf on CFEngine Enterprise installs - - Relocate acls related to report collection from bundle server access_rules + - Relocated acls related to report collection from bundle server access_rules to controls/VER/reports.cf into bundle server report_access_rules - - Re-organize cfe_internal splitting core from enterprise specific policies + - Re-organized cfe_internal splitting core from enterprise specific policies and loading the appropriate inputs only when necessary - Moved update directory into cfe_internal as it is not generally intended to be modified @@ -914,27 +914,27 @@ modified - To improve predictibility autorun bundles are activated in lexicographical order - - Relocate services/file_change.cf to cfe_internal/enterprise. This policy is + - Relocated services/file_change.cf to cfe_internal/enterprise. This policy is most useful for a good OOTB experience with CFEngine Enterprise Mission Portal. - - Relocate service_catalogue from promises.cf to services/main.cf. It is + - Relocated service_catalogue from promises.cf to services/main.cf. It is intended to be a user entry. This name change correlates with the main bundle being activated by default if there is no bundlesequence specified. - Reduce benchmarks sample history to 1 day. - Update policy no longer generates a keypair if one is not found. (Redmine: #7167) - - Relocate cfe_internal_postgresql_maintenance bundle to lib/VER/ + - Relocated cfe_internal_postgresql_maintenance bundle to lib/VER/ - Set postgresql_monitoring_maintenance only for versions 3.6.0 and 3.6.1 - Move hub specific bundles from lib/VER/cfe_internal.cf into lib/VER/cfe_internal_hub.cf and load them only if policy_server policy if set. - - Re-organize lib/VER/stdlib.cf from lists into classic array for use with getvalues + - Re-organized lib/VER/stdlib.cf from lists into classic array for use with getvalues - inform_mode classes changed to DEBUG|DEBUG_$(this.bundle):: (Redmine: #7191) - Enabled limit_robot_agents in order to work around multiple cf-execd processes after upgrade. (Redmine #7185) - - Remove Diff reporting on /etc/shadow (Enterprise) + - Removed Diff reporting on /etc/shadow (Enterprise) - Update policy from promise.cf inputs. There is no reason to include the update policy into promises.cf, update.cf is the entry for the update policy - _not_repaired outcome from classes_generic and scoped_classes generic (Redmine: # 7022) - standard_services now restarts the service if it was not already running when using service_policy => restart with chkconfig (Redmine #7258) - - Fix process_result logic to match the purpose of body process_select + - Fixed process_result logic to match the purpose of body process_select days_older_than (Redmine #3009)