From 7ff286b00fc3e79d85d003b8f996896d981ea40c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Lesimple?=
 <stephane.lesimple+bastion@ovhcloud.com>
Date: Fri, 1 Jul 2022 14:09:40 +0000
Subject: [PATCH] v3.09.00-rc1

---
 doc/CHANGELOG.md                      | 24 +++++++++++++++++++
 doc/sphinx/installation/upgrading.rst | 34 +++++++++++++++++++++++++++
 lib/perl/OVH/Bastion.pm               |  2 +-
 3 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/doc/CHANGELOG.md b/doc/CHANGELOG.md
index 68459c1..50d6680 100644
--- a/doc/CHANGELOG.md
+++ b/doc/CHANGELOG.md
@@ -1,3 +1,27 @@
+## v3.09.00-rc1 - 2022/07/04
+- feat: ``osh-encrypt-rsync.pl``: handle sqlite and user logs along with ttyrec files
+- feat: add ``osh-cleanup-guest-key-access.pl`` script
+- feat: add NRPE probes in ``contrib/``
+- remove: ``compress-old-logs.sh`` script, as ``osh-encrypt-rsync.pl`` does the job now
+- chg: CentOS 8 no longer supported (EOL)
+- chg: Ubuntu 22.04 LTS now supported
+- enh: standardize snake_case for all system scripts json config files
+- enh: cron scripts: factorize common code and standardize logging & config
+- enh: ``osh-lingering-sessions-reaper.pl``: make it configurable
+- enh: ``osh-piv-grace-reaper.pl``: run only on master, standardize config reading
+- enh: add more info in syslog warnings for ``accountDelete``
+- fix: ``ping``: force a deadline, and restore default sighandlers
+- fix: ``accountInfo``: missing creation date on non-json output
+- fix: ``osh-remove-empty-folders.pl``: fix folders counting (logging only)
+- fix: ``osh-encrypt-rsync.pl``: delete +a source files properly
+- fix: ``osh-encrypt-rsync.pl``: ensure $verbose is always set & make it configurable
+- fix: ``install``: ensure that the healthcheck user can always connect from 127.0.0.1
+- fix: ``install``: avoid cases of sigpipe on `tr`
+- fix: don't emit a membership log when nothing changed
+- fix: ``{group,account}Delete``: move() would sometimes fail, replace by mv
+- fix: workaround for undocumented caching in ``getpw``/``getgr`` funcs
+- doc: better menu organization and more complete config files reference
+
 ## v3.08.01 - 2022/01/19
 - feat: add osh-remove-empty-folders.sh script
 - enh: better errror detection and logging in accountDelete & groupDelete
diff --git a/doc/sphinx/installation/upgrading.rst b/doc/sphinx/installation/upgrading.rst
index 90aa622..71ad181 100644
--- a/doc/sphinx/installation/upgrading.rst
+++ b/doc/sphinx/installation/upgrading.rst
@@ -27,6 +27,40 @@ See the ``--help`` for a more fine-grained upgrade path if needed.
 Version-specific upgrade instructions
 =====================================
 
+v3.09.00 - 2022/07/xx
+*********************
+
+This version has changes around the satellite system scripts that should be reviewed:
+
+- The ``osh-encrypt-rsync.pl`` script now also handles the account's access log and sql logs,
+  in addition to the ttyrec files.
+  A number of new options have been added to this script's config file, these options have sane defaults but you
+  might still want to review those, namely `encrypt_and_move_user_logs_delay_days <https://ovh.github.io/the-bastion/administration/configuration/osh-encrypt-rsync_conf.html#encrypt-and-move-user-logs-delay-days>`_
+  and `encrypt_and_move_user_sqlites_delay_days <https://ovh.github.io/the-bastion/administration/configuration/osh-encrypt-rsync_conf.html#encrypt-and-move-user-sqlites-delay-days>`_.
+
+- As a result of the previous feature, the ``compress-old-logs.sh`` script has been retired.
+
+- A new script, ``osh-cleanup-guest-key-access.pl``, has been added. It is enabled by default, though it can
+  be disabled if you have a good reason to do so. Please refer to its `documentation <https://ovh.github.io/thge-bastion/administration/configuration/osh-cleanup-guest-key-access_conf.html>`_ for more
+  information.
+
+- All scripts that are automatically run by cron and reside under the ``bin/cron`` subfolder now have their own
+  configuration file in ``/etc/bastion``, even for simple scripts that only have two configuration knobs: their
+  logging facility and whether they should be enabled or not. It is now recommended to use these configuration knobs
+  to disable the scripts you don't want to see running, instead of removing their corresponding file in the
+  ``/etc/cron.d`` folder, as any future update of the bastion would install them back.
+
+- The logging format has been standardized across these scripts, to ensure the newly included NRPE probes can detect
+  errors in the scripts more easily. By default the logs are going through syslog, using the ``local6`` facility,
+  which ends up in the ``/var/log/bastion/bastion-scripts.log`` folder if you're using our stock ``syslog-ng``
+  configuration. The NRPE probes are available in the ``contrib/nrpe`` directory.
+
+Additionally, NRPE probes have been added, and should be used to monitor your bastion instances / clusters.
+More information is available in the `NRPE probes readme file <https://github.com/ovh/the-bastion/blob/master/contrib/nrpe/README.md>`_.
+
+Last but not least, CentOS 8 support has been dropped (whereas RockyLinux 8 will remain supported),
+and Ubuntu 22.04 LTS support has been added.
+
 v3.08.01 - 2022/01/19
 *********************
 
diff --git a/lib/perl/OVH/Bastion.pm b/lib/perl/OVH/Bastion.pm
index 29b80f1..f0a7156 100644
--- a/lib/perl/OVH/Bastion.pm
+++ b/lib/perl/OVH/Bastion.pm
@@ -5,7 +5,7 @@ use common::sense;
 use Fcntl;
 use POSIX qw(strftime);
 
-our $VERSION = '3.08.01';
+our $VERSION = '3.09.00-rc1';
 
 BEGIN {
     # only used by the handler below