ovh/the-bastion
1
1
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2025-01-26 09:41:03 +08:00
Code Issues Projects Releases Packages Wiki Activity
the-bastion/doc/release-notes/v3.09.00-rc1.md
Stéphane Lesimple 4062b3e046 chore: add release notes to doc/
2024-12-10 14:21:30 +01:00

55 lines
4.3 KiB
Markdown
Raw Permalink Blame History

# :warning: This is a release candidate
Note that release candidates, due to the higher-than-usual amount of changes they contain, are statistically more likely to have a few quirks or bugs. Please refrain to use this version in critical production systems, unless it contains either a feature you really need, or a bugfix you've been waiting for, which may outweigh the potential drawbacks of using a release candidate.
This version will go stable in a few days if no regression is found.
# :zap: Security
- No security fixes since previous release
- Oldest release with no known security issues: `v3.00.00` (first public version)
# :bulb: Highlights
This version has quite a lot of commits. This includes a standardization of satellite scripts configuration format and standard parameters, hence some configuration review might need to be done after upgrading (detailed in the specific upgrades instructions below).
The 3 main changes of this version are:
- The ``osh-encrypt-rsync.pl`` script functionalities have been extended to not only cover the encryption/rotation/exporting of ``ttyrec`` files, but now also each user's local [access logs](https://ovh.github.io/the-bastion/administration/configuration/bastion_conf.html#enableaccountaccesslog) and [sql logs](https://ovh.github.io/the-bastion/administration/configuration/bastion_conf.html#enableaccountsqllog), where applicable. Previously, these logs where handled by the ``compress-old-logs.sh`` script, which was just compressing these files in-place. The latter script has now been removed in favor of the new features of ``osh-encrypt-rsync.pl``, which not only handles compression/encryption, but also export of these files to the same remote escrow filer than you may have configured for your ``ttyrec`` files.
- The NRPE probes we use to monitor our bastion clusters have been added to the ``contrib/`` folder, if you're using Nagios, Icinga or any other NRPE-compatible monitoring system, you might want to have a look to [said folder](contrib/nrpe).
- Ubuntu 22.04 LTS is now supported and part of the automated tests. CentOS 8 has been removed, as this distribution has been EOL for some time. The software might still work for the meantime, but any potential future incompatibility might go undetected, and is not guaranteed to be fixed. Note that however, RockyLinux 8 is supported and tested.
As a side note, an overhaul of the [left menu of the documentation](https://ovh.github.io/the-bastion) has been done, in an effort to enhance documentation navigation as the documentation book thickens.
A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.
# :pushpin: Changes
- feat: ``osh-encrypt-rsync.pl``: handle sqlite and user logs along with ttyrec files
- remove: ``compress-old-logs.sh`` script, as ``osh-encrypt-rsync.pl`` does the job now
- remove: delete CentOS 8 from tests (EOL)
- feat: add ``osh-cleanup-guest-key-access.pl`` script
- feat: add NRPE probes in ``contrib/``
- enh: standardize snake_case for all system scripts json config files
- enh: cron scripts: factorize common code and standardize logging & config
- enh: ``osh-lingering-sessions-reaper.pl``: make it configurable
- enh: ``osh-piv-grace-reaper.pl``: run only on master, standardize config reading
- enh: add more info in syslog warnings for ``accountDelete``
- fix: ``ping``: force a deadline, and restore default sighandlers
- fix: ``accountInfo``: missing creation date on non-json output
- fix: ``osh-remove-empty-folders.pl``: fix folders counting (logging only)
- fix: ``osh-encrypt-rsync.pl``: delete +a source files properly
- fix: ``osh-encrypt-rsync.pl``: ensure $verbose is always set & make it configurable
- fix: ``install``: ensure that the healthcheck user can always connect from 127.0.0.1
- fix: ``install``: avoid cases of sigpipe on `tr`
- fix: don't emit a membership log when nothing changed
- fix: ``{group,account}Delete``: move() would sometimes fail, replace by mv
- fix: workaround for undocumented caching in ``getpw``/``getgr`` funcs
- doc: better menu organization and more complete config files reference
# :fast_forward: Upgrading
- [General upgrade instructions](https://ovh.github.io/the-bastion/installation/upgrading.html)
- [Specific upgrade instructions for v3.09.00](https://ovh.github.io/the-bastion/installation/upgrading.html#v3-09-00-2022-07-xx)
Reference in a new issue View git blame Copy permalink