Release 2011-10-29¶
Packages¶
Security update for libxml2: GLSA 201110-26 (#9785).
Release 2011-10-26¶
Configuration¶
Improved Nagios notification options to separate infrastructure and service notifications (#8161).
Speed up Nagios startup to minimize monitoring “holes” (#9665).
Packages¶
Security update for ClamAV: GLSA 201110-16 (#9798).
Security update for PostgreSQL: GLSA 201110-20 (#9714). PostgreSQL restart required.
Release 2011-10-13¶
Configuration¶
Turn syslog-ng to back to listening on 514/udp after the developers misguidedly changed it to 610/udp.
Ensure that
dstat
is installed on all physical machines.Fix php warning about unconfigured timezone in Nagios UI by setting timezone explicitly to Europe/Berlin.
Enable HIGHMEM64 for virtual machines to allow more than 3.5GiB of memory. (#9531)
Add puppet class for installing dev-lang/erlang.
Improve GLSA notification mechanism (#8302)
Packages¶
Security fixes for phpmyadmin 3.4.4: Gentoo #383107
Security fixes for apache 2.2.20: CVE-2011-3348
Security fixes for dhcp: CVE-2011-{2748,2749}
Upgrade to ghostscript 9.04 (RT 79159)
Release 2011-09-19¶
Configuration¶
add fontconfig flag to gd on physical machines (in addition to virtual machines)
Packages¶
Security fixes for tiff 3.9.4: CVE-2009-5022,CVE-2010-{2595,3087},CVE-2011-{0192,1167}
Security fixes for librsvg 2.34.0: CVE-2011-3146
Security fixes for openssl 1.0.0e: CVE-2011-{3207,3210}
Release 2011-09-13¶
Configuration¶
Bring wvWare tools back which disappeared accidentally during the last update (RT 78747).
Remove superfluous old php configuration directories.
Bugfix for memcached Nagios check.
Restrict memcached to listen on SRV IPv4 only.
Increased number of allowed postgresql IDLE processes in Nagios check.
Packages¶
Security fixes for apache 2.2.20, apache-tools 2.2.20: CVE-2011-3192 (#9539).
Security fix for php 5.3.8: CVE-2011-2202 (#9548).
Security fix for libpng 1.4.8: CVE-2011-2501 (#9558).
Security fix for nagios 3.2.3: CVE-2011-2179 (#9522).
Security fix for phpmyadmin 3.4.3.2: CVE-2011-3181 (#9521).
Security fix for subversion 1.6.16: CVE-2011-1752 (#9523).
Security fix for ca-certificates 20090709: Gentoo #381169 (#9542).
Release 2011-09-07¶
Mainly a bugfix release for the major update.
Configuration¶
Resolve VM host race condition which impedes correct VM startup during booting.
Resolve VM host init script bug which causes all iSCSI connections to die under certain conditions.
Documentation¶
Expand examples in the userinit section.
Release 2011-08-29¶
Packages¶
A great deal of updated packages is available with the new release. Some highlights in no particular order (#8984):
PostgreSQL 9.0.4 with changed configuration layout (see below).
Python 2.5.4, 2.6.6, 2.7.1, and 3.1.3
nginx 1.0.4
ClamAV 0.97.1
Emacs 23.4
Poppler 0.16.7
OpenSSL 1.0.0d
NumPy 1.6.0
setuptools 0.6.14
virtualenv 1.6.1
OpenSSH 5.8
libjpeg-turbo 1.1.1
Gentoo baselayout 2.0.3
util-linux 2.19.1
autoconf 2.68
automake 1.11.1
GCC 4.4.5
Linux kernel version 2.6.38
Update all packages not mentioned here to current Gentoo upstream versions.
Configuration¶
PostgreSQL 9.0 configuration files (postgresql.conf etc.) reside now all in
/etc/postgresql-9.0
instead of/srv/postgresql/9.0/data/
.Small VMs get more swap. This should avoid memory pressure from more or less inactive system services.
Multi-Core VMs are available on request (#9101).
RAM upgrades during automatically scheduled maintenance windows.
Switch to OpenRC (#9087).
Fix bug where a missing use flag prevented the installation of graphviz (RT 78548).
Documentation¶
Another great deal of documentation updates, especially in the tutorials section.
Release 2011-08-05¶
Configuration¶
Automatic system maintenance scheduling. System activities that require downtime (kernel upgrades etc.) are automatically scheduled into the next available maintenance slot and e-mail notifications are sent out. System users may use list-maintenance to view upcoming maintenance activities (#8668, #9359).
Set default system Python version to 2.7. Scripts using a specific Python version (
#!/usr/bin/pythonX.Y
) are not affected (#9043).Increase the initial TCP congestion window to 10 segments (RT 78202).
Monitoring¶
Fix bug with false positives in the
sysstat log freshness
check (#9269).Relax swap rate checks to avoid false positives. The checks should only cause alerts when a machine is constantly swapping.
Documentation¶
Completely reworked Getting started section.
Added tutorial ssh-keygen (#6938).
Release 2011-07-21¶
Configuration¶
Support user-generated postgresql.conf Snippets in
/etc/postgresql-version
(#9164)Service users may register user-specific init scripts to start and stop applications during system boot/shutdown. This feature is documented in userinit (RT 77751).
Documentation¶
Revamped documentation, adding introductory material and better section overviews.
Release 2011-06-30¶
Configuration¶
Increase file size limits for ClamAV (RT 77694).
Further PostgreSQL performance tuning.
Integration of customers-specific storage servers for high-volume customers (#9219).
Monitoring¶
Add
sysstat memory
check to provide continuous graphs of memory usage.
Documentation¶
Improve service-deployment-checklist (#8371)
Further improvements to Data protection measures (#8370)
Release 2011-06-21¶
Configuration¶
Introduce facility to pin machines to fixed releases (#6820).
Mount filesystems with
relatime
option by default.Tune PostgreSQL shared_buffers and wal_buffers parameter defaults (RT 77605).
Tune kernel I/O scheduler settings.
Monitoring¶
Plot memory usage graph for all machines (sysstat_memory check).
Release 2011-06-09¶
Configuration¶
Add xlhtml, rtf2xml and xls2csv to document processing role. (#8783)
Add warning to auto-generated SSH
authorized_keys
files that they should not be edited manually. (#8867)Reduce default greylisting time on mail gateways so that delivery of greylisted mails usually succeeds with the first queue re-run on upstream MTAs.
Refine backup exclude lists to omit file that are easy to recreate in order to speed up backup and restore.
Monitoring¶
Relax swap activity checks to avoid false alerts when there is substantial swapping activity but no thrashing.
Improve reliability of sysstat checks.
Documentation¶
Greatly improve data protection documentation to provide a comprehensive overview of gocept.net data protection measures. (#8370)
Release 2011-05-26¶
Configuration¶
Refine user access control to selectively grant rights to service users.
Refine/debug global administrative control to selectively revoke super-admin rights of gocept’s administrators (see Access control) (#8365)
Hardware¶
New monitoring server to reduce monitoring latency.
Enhanced backup server performance.
Release 2011-05-18¶
Configuration¶
Improved functionality and performance of the gocept.directory (CMDB) server.
Fix bugs in Postfix/Mailman management code.
Release 2011-04-20¶
Hardware¶
Add new storage and application servers for improved performance and reliability.
Configuration¶
Improve network routing to unnecessary roundtrips in some cases.
Add Python 2.7 to the list of system Python installations (#8906)
Documentation¶
Rework emergency docs in Support.
Add check list for service setups in service-deployment-checklist (#8765).
Release 2011-04-06¶
Configuration¶
Introduce separate roles for PostgreSQL 8.2, 8.4, 9.0. At most one of these roles may be active on a node at a time.
Improve monitoring for data links. We have seen failed auto-negotiation, which results in links running at 100 Mb/s and are now able to detect and fix these cases fast.
Add support for TIFF graphics files to various utilities like convert etc.
Documentation¶
Describe support process.
Release 2011-02-22¶
Package updates¶
General snapshot update, upgrading most of the installed system packages. New versions of highlighted packages are:
python 2.6.6 and 3.1.2
nginx 0.8.53 with IPv6 support
haproxy 1.4.8
postgresql 8.2.20 and 8.4.7
and many more.
Configuration¶
Restart network services automatically after updates of the package or it’s libraries (#8304).
Allow different PostgreSQL versions (8.2, 8.4, or 9.0) (#7191).
Release 2011-01-28¶
Configuration¶
Fix permission bug which rendered crontab unusable for some users (#8392).
Add ClamAV role to install the ClamAV virus scanner.
Documentation¶
Add hint on how to use our mail server in mail.gocept.net.
Document screen-multiuser (#8366).
Release 2011-01-17¶
Configuration¶
Separate logging of system management changes (configuration, packages, users) to
/var/log/sysconfig.log
from other syslog output (#8475).Introduce restricted mode machines which get system management changes only on explicit request (#8368).
Send Nagios alert mails with Precendence: junk to circumvent auto responders.
Introduce option for multi-page vhost list in web statistics overview (#8416)
Documentation¶
nginx-ssl describes how to set up chained SSL certificates correctly.