Changelog for RightLink10 ========================= Unreleased changes ------------------ - Fix rightlink.init to work with '/bin/sh' and handle older versions of 'start-stop-daemon' Changes for 10.6.1 ------------------ - Updated backoff retries for network timeouts Changes for 10.6.0 ------------------ - Refresh the managed login policy when reconnecting to RightScale after being offline so that missed updates are reflected. - Add -Proxy flag for rightlink.install.ps1. - The built-in df monitor now works correctly even if it can't read stats about some of the mounted filesystems such as happens with Docker. - Support for Ubuntu 16.04 - Print out list of inputs at the top of individual audit entries in addition to the main log. Try and print name of cred when possible. - Display script revision for individual audit entries - Fix boot bundle always being re-run if we manually restart the RightLink service after a reboot on Windows. - Actually pass inputs from the command line in the enable script when using UCA. - Fix issue with state file being recreated with the same timestamp on Windows. - Increase retries on API calls during bootup to help guard against short term API unavailability. - Fix enable script for UCA to not create a new Server if run again on an already enabled instance. - Support install-at-boot for Windows by setting rs_agent:powershell_url tag. Changes for 10.5.3 ------------------ - Fix systemd SIGPIPE issue (https://bugs.freedesktop.org/show_bug.cgi?id=84923) by restarting rightlink once process is idle and no longer executing scripts. - Bump rightscale networking scripts to v1.0.4. Raise error if NetworkManager is installed. Changes for 10.5.2 ------------------ - Do not mark the state or secret file for deletion on Windows any more since it interferes with installers. RightLink was already checking if the files were created before system boot time so it will just use that to determine the booting state on Windows. - RightScale network configuration scripts for RCA-V installation can be disabled by passing the '-n' option to rightlink.install.sh or the -NoNetworkingScripts option to rightlink.install.ps1. Do not install these scripts for enablement and install-at-boot scenarios. - Bump rightscale networking scripts to v1.0.3. Generates error if selinux labels are incorrect. - Support passing open_stack_v3 as a cloud_type for enablement (Openstack Liberty) - Fixed bug in which instance would fail to post audit entry updates > 5 MB in size. - Rightlink service restart will no longer change state from stranded to operational. - Fix race condition where server would sometimes run the boot bundle a second time when enabling docker support. - Update RightLink to be built with Go 1.7 - Add ability to get/set /rll/proc/log_level variable. - Add support for a shebang on Windows to specify extra command line flags for PowerShell such as `-Version 2.0`, the shebang must be the first line of the RightScript, for example `#!powershell -Version 2.0` - If we get a reboot during the boot bundle, we now stop execution of further scripts and do not enter a stranded or operational state until the subsequent boot. - Avoid exit code 143 (sigterm) for RightScripts on upstart-based systems by putting them in their own process group. Changes for 10.5.1 ------------------ - Update enable scripts to support Azure Resource Manager - User data fetcher for Windows to ignore proxy settings - Remove extra STDERR sometimes found in audit entries Changes for 10.5.0 ------------------ - Fix corner-case bugs with Docker image tagging (import, multiple tags, etc) - Expose RS_PACKAGES to RightScripts, which contains the union of all "packages" entries listed by any RightScript in the sequence. This allows ServerTemplate authors to install all packages during an early-stage boot script and avoid repeated, slow invocations of the package manager. - Do not exit RightLink if the OS shutdown command failed since the init system would restart RightLink and the instance would go back to the operational state which negates any hard shutdown that could be done from RightScale. - Remove the creation of the 'rightscale' user and the policy updates of the '/home/rightscale/.ssh/authorized_keys' file. - Create and manage the policy file to be used by NSS plugin and PAM for managed login Changes for 10.4.0 ------------------ - Fix docker 1.10 incompatibilities - Update Windows install and enable scripts to fix slow ActiveDirectory account lookup - Fix bug to remove docker image machine tag if image is removed - Enabling docker support may restart the 'rightlink' service to add it to the 'docker' group so that it can talk to the docker socket. This restart will not run the decommission process. - Fix bug where enable scripts on vSphere where wrong instance could be found during enablement if that instance's IP was a subset of a longer IP. Changes for 10.3.1 ------------------ - Tested support for Windows images on GCE Changes for 10.3.0 ------------------ - Add custom monitoring script support that is compatible with collectd exec style plugin scripts. - Improve userdata fetcher service bundled with Windows to skip scraping userdata if we already have valid credentials - Fix memory leak in which goroutine would be left behind after running an operational script - Fix agent not starting up if localhost is not defined or incorrect. - Bump rightscale networking scripts to v1.0.1. Fixes installation on CentOS/vSphere if selinux is disabled. - Update install and enable scripts to handle CoreOS filesystem setup - Remember the level of built-in monitoring across RightLink service restarts. - Add in doppelganger detection for EC2 by killing duplicate launches - Add support for UCA on Windows - Update service configs to use current format of /var/lib/rightscale-identity - Add Docker monitoring and tagging - Only add BOM on Powershell scripts that do not have one already - Fix service failing to start when disabling then enabling an instance on CentOS/RHEL 7 - Fix final audit entries being cut short for upgrade script on occasion. - Added numerous metrics to "all" category for built-in monitoring: df-MOUNT/(df_complex-free,df_complex-used), disk-DEVICE/(disk_merged,disk_octets,disk_ops,disk_time), swap/(swap-free,swap-used), swap_io/(swap_io-in,swap_io-out), processes/(fork_rate, ps_state-blocked, ps_state-paging, ps_state-running, ps_state-sleeping, ps_state-stopped, ps_state-zombies), interface-NAME/(if_octets, if_errors, if_packets). memory/(memory-used, memory-free). Fixed cpu-N/cpu-irq fixed to be cpu-N/cpu-interrupt. - Do not turn on utilization monitoring by default. - Fixed boot bundle sometimes not running after stop/start due to stale state file on Windows 2008R2. Changes for 10.2.1 ------------------ - Streamline tester code - RSC version changed to v4.0.0 - Fix RightNet websocket message expiration to better deal with clock skew - Bundle RightScale networking scripts with RightLink. Install scripts on vSphere cloud. Scripts configure networking for RightScale Cloud Appliance for vSphere (RCA-V). - Added retry logic when local proxy errors are encounted, mostly due to network issues. Linux specific: - Creating rightlink user home dir in script/install.sh (added -m -d /home/rightlink to useradd). - Environment is now passed through in sudo commands for rightlink user. - Built-in utilization monitoring (cpu, memory, disk I/O utilization), tags for the core are automatically set (rs_monitoring:state and rs_monitoring:util) - Built-in cpu, df monitoring, plus metrics beyond std collectd, this can be enabled via the RLL API. - Managed login fix for GCE - Fix zombie sudo process when running RightScripts - Added support for Universal Cloud Appliance, specificaly making keep-alive requests to the appliance and supporting the "resurrection" case (instance stop-start transition while RL10 is running). - Improved enable script so cloud-init is not required. - Remove rightlink user if uninstalling RL10 Windows specific: - Testing for Windows - Added rightlink.install.ps1 to perform RightLink installation on a custom image for Windows. RightLink now ships with userdata-fetcher.ps1 which runs at startup. This script grabs RightScale authentication tokens from each cloud's userdata service at startup, enabling RightLink to boot for custom images. - Built-in monitoring for Windows - Windows decommission bundle is executed before sending OS shutdown - Proxy support added for Windows. Changes for 10.1.4 ------------------ - Fix managed login not working for newly invited users to a RightScale account. - Fix bug in which instance may reboot twice. - Any user-defined keys in /home/rightscale/.ssh/authorized_keys will now be overwritten. - Fixed managed login not working on GCE. Changes for 10.1.3 ------------------ - Set Host: field correctly for API requests proxied through RightLink - Add /rll/proc/shutdown_kind. During decommission, shutdown_kind will be "reboot", "stop", or "terminate" if one of those actions was initiated from the RightScale dashboard or API. It will be an empty string if any of those actions was initiated from the Server's command line or the cloud's api/console. Changes for 10.1.2 ------------------ - Improvements added in rightlink.enable.ps1 and rightlink.enable.sh. - Deployment name or href argument now a requirement. - Exact match is used when searching for deployment name. - Exact match is used when searching for ServerTemplate name. - Set rightlink service account home dir to /var/spool/rightlink instead of /root - Update disable script to disable 10.0.rc(0|1|2) - Added rightlink.install.sh to perform RightLink installation on a custom image. Changes for 10.1.rc1 ------------------ - TSS: Added support for proxying collectd data via RightLink. - Add PUT /rll/tss/hostname?hostname=TSS_server_hostname and GET /rll/tss/hostname - Add /rll/tss/collectdv5 and /rll/tss/collectdv4 to accept data from collectd write_http plugin - If RightLink is restarted, it will attempt to keep the same port. - Add waiting on missing inputs values. Changes for 10.1.rc0 -------------------- - Fix decommission scripts being terminated by upstart and systemd prematurely. - Force flushing of all unsent audit entries to the core on agent terminate. - Fixed a bug in which script/recipe output may go to main log if it exits quickly - Log API requests sent through proxy correctly if they are gzip encoded - Add the RightLink version to oauth so that we know what RightLink versions we have in the field. - Add the packaging of RSC to the Makefile so that RSC is included. RSC will now be included in every RightLink install. - Update enable.sh and disable.sh to use RSC command line API tool. - Update RightLink to use Go 1.4 - Add support for proxying all RightLink's Websocket and HTTPS traffic. Added option to specify (-x proxy_url) and to (-y no_proxy_list) to enable.sh script. For install at boot, RightLink also supports adding rs_agent:http_proxy= and rs_agent:http_no_proxy= tags to the RightScale Server before boot. Only Basic authentication is currently supported. http_proxy and no_proxy also are set as environment variables for scripts/recipes. - RS_client_id, RS_api_hostname, RS_account variables renamed to client_id, api_hostname, and account. These variables are populated as environment variables for scripts/recipes. - Update enable.ps1, install.ps1, and boot.ps1 and create disable.ps1 to mirror functionality and have feature parity with the linux .sh equivalents - RightLink now runs as the "rightlink" user instead of the root user. In order to run commands as root, sudo in your scripts/recipes, or change the script header to sudo your entire script: "#! /usr/bin/sudo /bin/bash". Changes for 10.0.rc4 -------------------- - No changes from 10.0.3 but the ST has images to make it easy for users to use the install-at-boot use-case. Changes for 10.0.3 (GA release) ------------------------------- - Fixed a bug in which "rightlink -selfcheck" overwrote /var/run/rightlink/secret - Removed option to run as non-root (-u) for enable.sh script - Changed product name to RightLink from RightLinkLite. Service names for upstart, systemd, and sysvinit were changed from rightlinklite to rightlink. Changed location of product pathnames as follows: - /var/run/rll-secret -> /var/run/rightlink/secret - /var/run/rightlink.state -> /var/run/rightlink/state - /var/run/rightlinklite.pid -> /var/run/rightlink.pid - /var/spool/rll -> /var/spool/rightlink - /usr/local/bin/rightlinklite -> /usr/local/bin/rightlink - /var/log/rightlinklite.log -> /var/log/rightlink.log - Added rightlink.rc-replacement.sh for upgrading for 10.0.rc0, 10.0.rc1, and 10.0.rc2 to 10.0.3. This updates filename paths as mentioned above - Bumped right_net protocol version used to 24 - Updated enable.sh to error out if RightLink 5 or 6 are installed. Previous versions of RightLink must be uninstalled prior to installation of RightLink 10. - /rll/proc added to display process variables, such as the executable path (bin_path) version (version, full_version), uptime, protocol_version - Fixed array inputs not showing up for Git based RightScripts - Updated enable.sh to allow deployment href input, check for cloud-init on clouds that support stop/start, notify user if multiple revisions are found based on ServerTemplate name, allow user to move the instance to another deployment upon wrap - Added disable.sh to allow previously enabled instance to be returned to the state they were in before they were enabled. The script reverts all changes made by enable.sh, including deleting RL10, init scripts, and credentials. Changes for 10.0.rc2 -------------------- - Fixed RightNet communication issue that was causing errors when running operational scripts on servers reporting to an island other than the account's home shard island - /rll/run/recipe now executes the recipe immediately instead of enqueuing it on the main thread. It no longer supports the thread parameter, use the appropriate RightApi call instead to schedule the recipe/rightscript - Script env parameters set via /rll/env are saved if rightlinklite is stopped and started. - Tighten permissions on /var/lib/rightscale-identity - Updated enable.sh to safeguard against mistakenly wrapping the wrong instance - Fix unpacking of cookbook subdirectories - Updated enable.sh to allow managed login to be enabled / disabled - Added /rll/run/right_script to execute RightScripts interactively Changes for 10.0.rc1 -------------------- - fix attachments bug for std RightScripts - fix problem with 'service restart rightlinklite' disabling operational script running - improvements in rightlink.enable.ps1 powershell script, bringing it in-line with the linux script in terms of functionality, some testing still outstanding Changes for 10.0.rc0 -------------------- - allow RightScripts to begin with "#!" instead of the canonical "#! " - RightAPI 1.5 proxy now requires X-RLL-SECRET for auth, and stores that info in /var/run/rll-secret instead of passing it in the ENV to RightScripts - preliminary support for Windows using nssm - new ruby test script to exercises install-at-boot and install-at-launch - improvements for debian and sles - support -version and -selfcheck cmdline flags - support self-upgrade HTTP request: /rll/upgrade?exec=/path/to/executable - check time skew WRT RS platform and print warning if it's off by >5 minutes - fix issue with websocket request acks and add full duplicate request detection, also fix duplicate websocket connections at start-up - add sending of stats to RightNet as well as ping&stats request handlers - ensure RightScripts on one thread are executed sequentially - support remote rightscript execution - use godep during build process - enable scripts numerous additions and fixes, including ability to specify inputs and ServerTemplate href, updated various clouds, added cloudstack Changes for 0.2-alpha --------------------- - add enable script to install RLL on a running instance, and support the wrap_instance functionality - enable script supports amazon, open_stack, and softlayer - make stop&start and reboot work - make decommission scripts work - ensure boot sequence runs only once per OS boot, not once per RLL start-up - fix #54: terminated server is actually stopped - fix #35: RightScript completion audit entries don't show up in user notifications - improve Ci speed, now takes 25-35 seconds, incl upload to S3 - fix #27: stop retrying if managed login cannot work - it now checks the file periodically - add support for local pro Features for 0.1-alpha ---------------------- - simple install script that works on many linux distros - executable works on windows, but no "scripts" to make it work, it's just a PoC - support for rightscripts, audit entries, credentials - support for managed login for root access - local right_api proxy to enable setting tags and other things