ports/167083: [new port] sysutils/cfengine33: Automated network administration framework

Glen Barber gjb at FreeBSD.org
Thu Apr 19 01:40:02 UTC 2012 

>Number:         167083
>Category:       ports
>Synopsis:       [new port] sysutils/cfengine33: Automated network administration framework
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Thu Apr 19 01:40:01 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator:     Glen Barber
>Release:        FreeBSD 10.0-CURRENT r233750M
>Organization:
>Environment:
n/a
>Description:
CFEngine 3.3.0 is the latest milestone release of the 3.x series.

As this release introduces many significant changes over the 3.2.x series,
such as the removal of the Berkeley DB backed, and backend changes in the 
way in which policies are written, this should be a new port, and not an
update of the current sysutils/cfengine3 port for administrative reasons.

For FreeBSD users, the big three changes are:

 - devel/pcre is no longer optional
 - backend support for MySQL and PostgreSQL
 - Support for libvirt integration


The offical release announcement follows:

New promise types:
- Guest environments promises, which allow to manipulate virtual
machines using libvirt.
- Database promises, which allow to maintain schema of MySQL and
PostgreSQL databases. Database promises are in "technical preview"
status: this promise type is subject to change in future.
- Services promises for Unix, allows abstraction of details
on managing any service.

New built-in functions:
- dirname() to complement lastnode().
- lsdir().
- maplist() to apply functions over lists.

New features:
- Allow defining arrays from modules.
- Allow both `process_stop' and `signals' constraints in
`processes' promises at the same time.
- cf-promises --gcc-brief-format option to output warnings and
errors in gcc-compatible syntax which to ease use "go to next
error" feature of text editors.
- Iteration over lists is now allowed for qualified (non-local) lists.

New built-in variables and classes (Linux):
- Number of CPUs: $(sys.cpus), 1_cpu, 2_cpus etc.

New built-in variables and classes (Unices):
- $(sys.last_policy_update) - timestamp when last policy change was
seen by host.
- $(sys.hardware_addresses) - list of MAC adresses.
- $(sys.ip_addresses) - list of IP addresses.
- $(sys.interfaces) - list of network interfaces.
- $(sys.hardware_mac[$iface]) - MAC address for network interface.
- mac_<mac_address>:: - discovered MAC addresses.

Changes:

- Major cleanup of database handling code. Should radically decrease
amount of database issues experienced under heavy load.

*WARNING*: Berkeley DB and SQLite backends are *removed*, use
Tokyo Cabinet or QDBM instead. Both Tokyo Cabinet and QDBM are
faster than Berkeley DB in typical CFEngine workloads.

Tokyo Cabinet requires C99 environment, so it should be
available on every contemporary operating system.

For the older systems QDBM, which relies only on C89, is a
better replacement, and deemed to be as portable, as Berkeley DB.

- Change of lastseen database schema. Should radically decrease
I/O contention on lasteen database.

- Automatic reload of policies by cf-execd.
- Documentation is generated during build, PDF and HTML files are
retired from repository.
- Rarely used feature retired: peer connectivity intermittency
calculation.
- Memory and CPU usage improvements.
- Testsuite now uses 'make check' convention and does not need root
privileges anymore.
- cf_promises_validated now filled with timestamp, allows digest-copy
for policy instead of mtime copy which is safer when clocks are
unsynchronised.
- The bundled failsafe.cf policy now has trustkey=false to avoid IP
spoofing attacks in default policy.

>How-To-Repeat:

>Fix:
Shell archive is attached.

Tinderbox logs can be found here:

http://builder.glenbarber.us/tb/logs/10-32-FreeBSD/cfengine-3.3.0.log
http://builder.glenbarber.us/tb/logs/10-64-FreeBSD/cfengine-3.3.0.log
http://builder.glenbarber.us/tb/logs/9-32-FreeBSD/cfengine-3.3.0.log
http://builder.glenbarber.us/tb/logs/9-64-FreeBSD/cfengine-3.3.0.log
http://builder.glenbarber.us/tb/logs/8-32-FreeBSD/cfengine-3.3.0.log
http://builder.glenbarber.us/tb/logs/8-64-FreeBSD/cfengine-3.3.0.log
http://builder.glenbarber.us/tb/logs/7-32-FreeBSD/cfengine-3.3.0.log
http://builder.glenbarber.us/tb/logs/7-64-FreeBSD/cfengine-3.3.0.log



>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list