CloudJiffy 7.0.2 – Release Notes

In this document, you will find all of the additional configurations, that can be performed by cluster admins due to new features, enhancements and visible changes included to the CloudJiffy PaaS 7.0.2 release.

New:

The account collaboration feature was massively reworked in the current 7.0.2 release, making it much more flexible with the new “roles and policies” permission allocation mechanism. Follow the account collaboration link for the general description and detailed overview of the changes.

Platform admins should take into consideration a few configuration changes to the feature settings due to rework:

  • A new collaboration.manage.policies.enabled quota provides accounts with the ability to add custom collaboration policies (the feature is currently in the Beta state, disabled by default)
  • A set of new email templates was prepared for the updated collaboration flow instead of the few existing ones (see more in the email template changes section below)
  • Dashboard localization changes due to updated UI (be sure to prepare correct localization for any custom language used for the dashboard)

Also, the Linked Users tab in JCA > Users section was renamed to Collaboration and adjusted to display the collaboration status:

 

A native solution to restrict access to the platform based on the end-user geolocation was implemented in the current 7.0.2 CloudJiffy release. Platform administrators can now configure the required restrictions via the new cloudjiffy.nginx.signup.access.deny.countries system setting. This parameter processes a provided list of semicolon-separated countries (in the code with name format, for example, RU;“Russian Federation”;VN;“Vietnam”) and restricts the appropriate signup attempts.

Additionally, you can customize the geolocation restriction by providing a custom redirect link via the cloudjiffy.nginx.signup.access.deny.countries.redirect.url setting. When trying to sign up from the blocked countries, the platform will redirect a user to this URL. If not defined, the default link to the CloudJiffy Cloud is provided.

The CloudJiffy Database server is one of the core platform components that stores all the relevant data required for the correct platform operability. However, after a prolonged period, the performance of the component can drop down significantly (especially on the larger installations) due to the amount of accumulated data. Also, efficient disk space utilization may become an issue.

In order to resolve these problems, the platform provides a dedicated dbcleaner.sh script that clears unused data to accelerate database performance. Starting with the 7.0 release, you can automate the execution of the script. The following new system settings were added to JCA to support the task:

  • cloudjiffy.dbcleaner.cron – enables/disables automatic call of the dbcleaner.sh script (DISABLED by default)
  • cloudjiffy.dbcleaner.cron.schedule – frequency in hours (1-24) of the dbcleaner.sh script execution (every 12 hours by default)
  • cloudjiffy.dbcleaner.leave.data.paid.user – retention period in days to keep statistics and billing history for billing users (last 90 days by default)
  • cloudjiffy.dbcleaner.leave.data.notpaid.user – retention period in days to keep statistics and billing history for trial users (last 30 days by default)
  • cloudjiffy.dbcleaner.leave.data.hardnode.stat – retention period in days to keep host nodes statistics (last 180 days by default)

Changed

In the current CloudJiffy 7.0.2 release, a few optimizations were implemented to improve the platform’s security and stability:

  • additional security measures were applied to all infrastructure components that utilize the Logback configuration due to the recently discovered vulnerability:
    • configuration files set to read-only
    • removed the scan=true option
  • the PowerDNS Recursor component on SLB was updated to the latest 4.6.0 version

In order to ensure the best performance of the platform, the settings of the Platform Database Server were reviewed and optimized for the MariaDB versions used in all the latest PaaS releases. The optimization significantly improves performance for the 10.4 and later versions of the MariaDB servers. In correlation with the platform versions:

  • CloudJiffy 6.2.2 and prior (MariaDB 10.3) – no changes
  • CloudJiffy 6.3 and later (MariaDB 10.4+) – database settings optimized

 

CloudJiffy PaaS uses Zabbix as a recommended component for monitoring and issue reporting. It ensures quick reaction time on the issues that may occur on the platform. Below, you can find a list of Zabbix improvements implemented in the 7.0.2 release:

  • Added a new alert that monitors value in the /proc/self/net/rpc/kill-tasks file. If it is changed to 1, the alert will appear notifying of the unavailability of the backup share. The issue can cause a high load on the host, inability to restart containers, generation of “D” processes, NFS mount stuck, backup failure, etc.
  • Switched the agent monitors from Zabbix active checks to Zabbix trappers (mostly presented as systemd daemons). The change was made due to trapper-based checks being more reliable under the high load.

Below, you can find a list of all new and changed email templates and placeholders in the 7.0.2 platform version.

Removed templates and placeholders for the old collaboration flow:

  • templates
    • user_relation_request
    • user_relation_confirm
    • user_relation_unlink_user
    • user_relation_unlink_owner
    • environment_access_granted
  • placeholders
    • ${LINKED_USER_NAME}
    • ${OWNER_USER_NAME}
    • ${AUTH_LINKED_USERS_SETTINGS}
    • ${AUTH_CONFIRM_RELATION}
    • ${AUTH_RELATIONS_SETTINGS}
    • ${CONFIRM_KEY_VALIDITY_DAYS}
    • ${ENVS_LIST}

Added templates and placeholders for the new collaboration flow:

  • templates
    • user_collaboration_accept – member has accepted your collaboration invite
    • user_collaboration_leave – member has left your collaboration
    • user_collaboration_regect – member has rejected your collaboration invite
    • user_collaboration_member_activate – your collaboration has been activated (after suspension)
    • user_collaboration_member_delete – your collaboration has been terminated
    • user_collaboration_member_invite – you have been invited to collaboration
    • user_collaboration_member_suspend – your collaboration has been suspended
  • placeholders
    • ${MEMBER_NAME} – collaboration member name
    • ${MEMBER_DISPLAY_NAME} – collaboration member display name
    • ${MEMBER_USER_NAME} – collaboration member email
    • ${AUTH_COLLABORATION_SETTINGS} – link that redirects to the Collaboration > Shared by Me tab in the dashboard
    • ${AUTH_COLLABORATION_MEMBERSHIP} – link that redirects to the Collaboration > Shared with Me tab in the dashboard
    • ${AUTH_ACCEPT_INVITATION} – link that redirects to the collaboration panel in the dashboard
    • ${COLLABORATION_NAME} – collaboration name
    • ${COLLABORATION_DISPLAY_NAME} – collaboration owner display name
    • ${COLLABORATION_OWNER_NAME} – collaboration owner email

The new default texts are automatically available after the CloudJiffy 7.0.2 upgrade. We recommend reviewing custom localization emails for the appropriate templates on the platform (if any).

Below, you can find a list of all changes to the private CloudJiffy API in the 7.0 platform version (compared to the preceding 6.3 ones):

  • added a new users > collaboration service
  • added new methods to the marketplace > admin service: UpdateAppVisibilityLevelsScheduleAppsSyncSetSettingSyncExternalAppsSyncSystemAppsEditAppGetJpsSamplesGetAppManifestPublishAppUnpublishAppUpdateAppRatingDeleteAppGetAppsAddApp
  • added new methods to the billing > account service: ExportEnvBillingHistoryByPeriodGetEnvBillingHistoryByPeriodGetCollaborationQuotas
  • added an optional ownerUid parameter to the methods:
    • administration > cluster > GetEnvs
    • billing > pricing > GetPricing
  • added an optional envGroups parameter to the CreateEnv method from the environment > control service
  • changed uid parameter to mandatory for the GetNodeSSHKey method from the environment > control service

Fixed

Below, you can find the fixes applied to the platform infrastructure and cluster admin panel, which were implemented in the CloudJiffy7.0.2 release and had also been integrated into installations with previous CloudJiffy versions by means of the appropriate patches.

#Compatible fromDescription
JE-60839anyThe JRUN_CMD and JSTOP_CMD variables from dockerfiles do not overwrite respective variables on infrastructure components
#Compatible fromDescription
K8S-245Incorrect account quotas are checked when installing the Kubernetes Cluster package as a collaborator

 

The software stack provisioning process is independent of the platform release, which allows new software solutions to be delivered as soon as they are ready. However, due to the necessity to adapt and test new stack versions, there is a small delay between software release by its respective upstream maintainer and integration into CloudJiffy PaaS.

The most accurate and up-to-date list of the certified software stack versions can be found on the dedicated documentation page.

 

In the table below, you can see the list of bug fixes applied to the platform infrastructure and cluster admin panel starting from CloudJiffy 7.0.2 release:

#Affected VersionsDescription
JE-48468The deprecated “–capability” option is used to create the alpine-based images
JE-525325.7Collaboration relation info remains after removing personal user data
JE-60632Failed password decryption operation should interrupt an action with a dedicated error
JE-60844Incorrect validation for the hcore.platform.path setting
JE-60878Insufficient details logged on the “Cannot enable SSL module!” error
JE-610206.3.2Error when executing the enable_all.sh script on the Gate container
JE-61038Custom SSH port is not added to the firewall rules during host addition via JCA
JE-611286.2The opt_cloudjiffy_hoster_zabbix_server setting is missing on the Zabbix container
JE-612106.3.2Temporary Backuper logs are not automatically erased
JE-612996.3.2An error occurs during container backups if the SEPARATE_PATH option is not defined
JE-61316anySome system-reserved domains can be used as environment names
JE-61339An error occurs when trying to change the template icon in JCA
JE-613446.1Timeout from the jem.ssh.default.execute.timeout setting is not applied on the CloudJiffy SSH client
JE-61348An error occurs when sending SMS with the sendsms script on HCore
JE-61374anyInsufficient threads number for statistics collection on the platforms with a lot of hosts
#Affected VersionsDescription
JE-61228The billing (stat2money) job should not be postponed when the currency update rate URL is unavailable
JE-61661Platform database performance degradation after upgrading MariaDB from the 10.2 to 10.5 version

 

Leave a Reply

Your email address will not be published. Required fields are marked *