### ### Stable BOA-5.4.0-lts - Full Edition ### Date: Wed 14 Aug 2024 06:24:03 AM AEST in Sydney ### @=> New BOA PRO Release & Comparison with LTS and DEV Branches We are excited to announce the release of BOA-5.4.0 PRO and BOA-5.4.0 LTS, marking the second release under our new branch structure and dual licensing model, which began with BOA-5.2.0. These new PRO and LTS versions bring the project fully up to date with the DEV branch, which has been actively developed over the past several months. As always, this announcement highlights only the most significant new features, critical fixes, and improvements. For a detailed list of all changes, please refer to the commit history. @=> New Features * Simplify and speed up BOA install/upgrades -- please check all details in the updated and greatly improved documentation: docs/INSTALL.md docs/UPGRADE.md docs/SELFUPGRADE.md docs/MAJORUPGRADE.md * AppArmor BOA integration for more strict system protection (needs docs) * Barracuda install without Octopus is now possible -- docs/INSTALL.md * Enable instant php-cli version switch for Aegir backend -- docs/DRUSH.md * Improve Ruby Gems and Node/NPM security and speed x3 -- docs/GEM.md * Let's Encrypt for Aegir Hostmaster installed automatically -- docs/SSL.md * Let's Encrypt Live Mode is enabled by default -- docs/SSL.md * Add three manual backup modes in Aegir (incomplete feature at the moment) * New Relic support with Octopus/Platform/Site Config -- docs/NEWRELIC.md * Restore _AEGIR_UPGRADE_ONLY {aegir} as supported barracuda upgrade mode * Restore {aegir|platforms|both} as supported octopus upgrade modes * Security Considerations for Multi-Ægir Systems -- docs/SECURITY.md * Use /root/.deny.clamav.cnf to auto-disable clamav if installed * Use /root/.deny.java.cnf to auto-disable Solr and Jetty if not used * Drush 12 in Aegir Tasks: Dynamically Utilize Site-Local Drush for the updatedb Operations on Drupal 10+ (needs docs). For now here is a brief explanation on how it works: # Both Migrate and Clone tasks in Aegir by default run the updatedb with Aegir own Drush 8 in the final deploy internal procedure. # This may cause unexpected issues in Drupal 10 and newer versions, so we have added a switch which allows you to tell Aegir to skip running `updatedb` on Drupal 10+ -- either globally with empty control file ~/static/control/DisAutoUpDb.info or per site with empty control file ~/static/control/sitename_DisAutoUpDb.info where `sitename` is the site main domain name used in its Drush alias. You could then unlock the Site-Local Drush and run it manually with `vdrush` in the platform app root (not web root) to better control what happens on `updatedb` using command: `vdrush @site-alias updatedb` # Automatic mode does it even better for Drupal 10+ Here's how it works, given no control file listed above exists: 1. Platform Verify task locks Site-Local Drush and patches Drupal core. 2. If the site is migrated to different platform or cloned to different platform, Aegir will check if **both old and new** platforms have the Site-Local Drush in their codebases. 3. If Site-Local Drush is detected in both platforms Aegir will unlock Drush in both platforms, will also revert the Drupal core patch it normally needs to use its own Drush 8. 4. Now Aegir will run the Site-Local Drush for `updatedb` command and will report all details in the task log in the admin interface. 5. Once the `updatedb` is complete, Aegir will automatically apply the Drupal core patch again and will lock Site-Local Drush, so you could run any other tasks in the control panel as usual. Magic! @=> Drupal platforms available for installation -- docs/PLATFORMS.md * Drupal 10.4.x-dev * Drupal 10.3.1 * Drupal 10.2.7 * Drupal 10.1.8 * Drupal 10.0.11 * Social 12.4.2 (10.2.6) * Thunder 7.3.0 (10.3.1) * Varbase 10.0.0 (10.3.1) * Varbase 9.1.3 (10.2.6) * Drupal 9.5.11 * OpenLucius 2.0.0 (9.5.11) * Opigno LMS 3.1.0 (9.5.11) * Commerce 1.72 * Commerce 2.77 * Drupal 7.101.1 * Ubercart 3.13 * Pressflow 6.60.1 * Ubercart 2.15 @=> Improvements * Add better protection from duplicate sql tasks * Improve Aegir tasks messages to identify new improvements in the backend * Update Drush 10+ aliases on the fly within Aegir deploy procedure * Add BOA Roadmap & Progress Update in ROADMAP.md * Add bring_all_ram_cpu_online * Add CSF self-update debugging log in /var/backups/csf/water/ * Add Dual License and BOA Branches Explained in DUALLICENSE.md * Add INI (platform level) docs in docs/ini/platform/INI.md * Add INI (site level) docs in docs/ini/site/INI.md * Add killer script for hanging apt-get update * Add support for /root/.force.queue.runner.cnf * Add switch_to_bash_in_octopus * Detect and remove stale pid faster * Display also system-manufacturer in the welcome messages and reports * Do not lower proc nice on init and major OS upgrades * Do not restart slow starting services during major OS upgrade * Execute post-install octopus auto-upgrade on boa and octopus install * Explain how upgrades affect BOA special shell wrapper * Improve and simplify is_logged_in early check in global.inc * Improve rsyslog to use separate log files for cron, mail, lfd, iptables * Limit noise printed in the console * Protect csf.allow from removing custom entries * Rewrite and improve all BOA project docs to use Markdown * Rewrite and improve the main README.md * Simplify upgrade docs * Turn Off AppArmor while running octopus * Update tests for Amazon EC2 environment detection * Use `drush11 aliases` or `drush11 sa` for Drupal 8+ core and PHP 8.2+ * Use new `fancynow` welcome screen only for interactive root sessions * Nginx: Sync js/css aggregation support * Nginx: Sync static files regex @=> Changes and Upgrades * Add compatibility with Redis 8.x-1.7.1 * Add igbinary support to PHP 5.6 * Add recommended security and privacy HTTP headers in Nginx config * Add required now $settings['state_cache'] = TRUE; in global.inc * Adjust patches and PHP versions * AdvAgg is no longer added to D8+ o_contrib * Barracuda upgrade after boa install is now automated * Build OpenSSH from sources by default * cURL 8.9.1 * Disable man-db/auto-update to speed up also autoinit and boa install * Duplicity 3.0.0 * Force mysql root password update on barracuda upgrade * Git 2.45.2 * Image Optimize toolkit binaries are now included by default * Install Python 3.12.4 for Duplicity * ionCube 13.0.4 * Launch daily.sh automatically after barracuda upgrade * Lshell 0.9.18.10 * MySecureShell master-29-06-2024 * New Relic 11.0.0.13 * New Relic no longer supports PHP 5.6 * Nginx 1.27.0 * Nginx: http2 is now a separate directive * OpenSSL 3.0.14 LTS * Re-enable cleanup for GHOST distros revisions * Remove /etc/apt/preferences * Remove cloud-utils if detected * Remove legacy i386/x32 support * Remove no longer supported MariaDB code * Remove not used mysql_hourly.sh * Removing old boa-init no longer needed after introducing fast autoinit * Removing systemd cleanup from boa, now handled by the fast autoinit * Replace mail with s-nail * Replace pdnsd with unbound * Restrict also find/scp to prevent lshell escape * Upgrade to openjdk 11.0.24 * Use /etc/ssh for OpenSSH built from sources (no new server keys, finally) * Use maximum compatible PhpRedis versions for legacy PHP * Use PermitRootLogin prohibit-password * We no longer allow to install BOA on Debian to avoid confusion * We no longer override server sshd keys to avoid confusion * Nginx: Remove the legacy X-XSS-Protection header * Nginx: block bytedance and PetalBot aggressive crawlers @=> Important Fixes * Add python3.5 compatibility for Stretch * Add second cron entry for critically important /var/xdrago/clear.sh * Add support for legacy python3.4 * Always copy hostmaster LE cert to /etc/ssl/private/ if just updated * Avoid any AppArmor code on legacy Debian systems * Bash 5.2 compatibility * Detect broken GIT early and reinstall from sources * Do not install PHP 8.2 8.3 with _OPENSSL_EOL_VRN and _OPENSSL_LEGACY_VRN * Do not use --with-http_v3_module for Nginx on legacy systems * Do not use --with-imap for PHP on Jessie * Do not use --with-imap for PHP on major upgrade on any OS * Do not use --with-sodium for PHP on Jessie * Fix confusing ICU logic * Fix for ignored nofile limits * Fix for iptables paths backward compatibility * Fix for non-blocking ntpdate * Fix New Relic APT config * Fix Percona apt config logic * Fix platforms symlinking in the limited shell account * Fix Pure-FTPD install and config * Force crontab update on major OS upgrade * Improve resolvconf auto-config * Let's Encrypt actually supports wildcard names already * Make sure that _PHP_SINGLE_INSTALL exists before disabling other versions * Modernize Percona keys logic * Nginx: Sync http2 in legacy tpl * Remove blocking cnf file if php-max is used * Show PHP patch results on _DEBUG_MODE=YES * Sync for python3.11 * Sync PHP extensions existence check directly, not just via ctrl files * Sync PhpRedis build options with versions compatibility * Sync with python3.9 * Update wkhtmltopdf versions logic * Use cURL 7.71.1 on Jessie * Use cURL 8.2.1 on Stretch * Use OpenSSH 8.3p1 on Jessie * Use OpenSSH 9.3p1 on Stretch * Use OpenSSL 1.0.2u on Jessie * Use OpenSSL 1.1.1w on Stretch * Fix for composer.json and composer.lock protection ### ### Stable BOA-5.3.0-pro - Full Edition ### Date: Mon 12 Aug 2024 05:33:46 AM AEST in Sydney ### @=> New BOA LTS Release & Comparison with PRO and DEV Branches We are excited to announce the release of the latest BOA LTS version, marking the first LTS release since the introduction of our new branch structure and dual licensing model, which began with the BOA-5.2.0 release. This LTS version brings the project up to date with BOA-5.3.0-pro, which has been available for several months. Both BOA-5.3.0-pro and BOA-5.3.0-lts are officially released today. Looking ahead, BOA-5.4.0-pro will be released within the next 48 hours, incorporating all recent developments from the DEV branch. Please note that the project README and documentation displayed on GitHub by default apply primarily to the BOA DEV branch, and shortly to BOA PRO. These do not cover BOA LTS. If you are working with the LTS version, ensure you switch to the appropriate branch to access legacy documentation relevant to BOA LTS. As always, we highlight only the most critical fixes and improvements in this announcement. For a comprehensive list of changes, please refer to the commit history. @=> New Features * PHP 8.3 Support * Update sFTP password and password expiration date with temporary pid file ~/static/control/run-sftp-password-update.pid Now the main Octopus limited shell user can easily self-update password based access if still has working SSH keys but lost working password. New password will be written to ~/static/control/new-USER-password.txt * Add boa cleanup {detect|purge} {user|batch} to automate Octopus instances cleanup. Requires existence of /data/disk/USER/log/CANCELLED file and no vhosts existing in /data/disk/USER/config/server_master/nginx/vhost.d/ It will archive only config files and delete everything else, but will not delete any databases nor db users (yet). @=> Improvements * Add ltd-shell account client access to moved sites files in static/files * Always install legacy OpenSSL first and force new on upgrade * Disable man-db/auto-update to speed up barracuda upgrades * MySQL: Disable performance_schema by default * MySQL: Do not run mysql_cleanup.sh on servers with >100 dbs * Nginx DoS-Guard: Add ignore_admin to protect site admin activity * Nginx DoS-Guard: Catch typical hack probe requests early * Nginx DoS-Guard: Detect and block ‘unknown’ IPs requests * Nginx DoS-Guard: Track and block 500/403/404 flood * Prepare for but do not enable http3/quic yet * Use cold solr7 restart only on barracuda upgrade @=> Changes and Upgrades * Build PHP --with-bz2 * Build Redis with --enable-redis-lzf --enable-redis-igbinary * Composer 2.7.7 * cURL 8.7.1 * Drupal 7.101.1 * Enable ClassicTrack for Aegir tasks by default * ionCube 13.0.2 * Nginx 1.26.0 * OpenSSH 9.8p1 * OpenSSL LTS with 3.0.13 (new default version) * PHP 8.1.29 * PHP 8.2.22 * PHP 8.3.10 * PHP APCu 5.1.23 * PHP igbinary 3.2.15 * PHP imagick 3.7.0 * Ruby 3.3.4 * Use _USE_FPM=1024 as minimum * Use phpredis 6.0.2 for 7.2 and newer @=> Important Fixes * Add clamd/freshclam to auto-healing * Add cleanup for ctrl files blocking PHP upgrade * Always check if all /var/xdrago/* scripts are present or force update * Always install openjdk-11-jre-headless * Fix for vdrush @site updb in Drush 12 * Fix protection from duplicate sql backups * Legacy PHP versions require legacy OpenSSL version * More protection from race conditions in auto-healing * Remove old auto-healing pids if detected * Restore ULIMIT in nginx init.d * Sync autoupboa cron to not collide with sql backups * The adduser no longer automates —home * Use only php-fpm reload instead of start on upgrade * Use PHP 7.4 in run_drush8_cmd if available ### ### Stable BOA-5.2.0 - Full Edition ### Date: Wed 03 Apr 2024 02:11:56 PM CEST in Warsaw ### @=> Notes on new available BOA branches and licenses BOA is available in three main branches, but only LTS for installation: * LTS which remains completely free to use without any kind of license as it was from the beginning (previously named HEAD or STABLE). This branch should be considered as BOA LTS with slow updates, focused on both security and bug fixes, but very limited new features additions. * DEV which requires paid license for both install and upgrade and includes the latest features, security and bug fixes and installed services versions. This branch shouldn't be used in production without extensive testing. * PRO which requires paid license and is available only as an upgrade from either LTS or DEV (or previous HEAD/STABLE) is the branch with regular monthly or bi-monthly releases, closely following tested DEV branch. Once you install BOA LTS and want to upgrade to PRO with license obtained from https://omega8.cc/licenses you will need to use up-pro command. Once you install BOA LTS or PRO and want to upgrade to DEV with license from https://omega8.cc/licenses you will need to use up-dev command. Old commands using in-head, in-stable, up-head and up-stable no longer work to avoid confusion and have been replaced with in-lts and up-lts in all installation and upgrade scripts. Please make sure to read updated docs/INSTALL.txt and docs/UPGRADE.txt @=> New Features * Add autodaedalus tool for easy automated major system upgrades * Add Linux Containers (LXC) guest as supported (tested only by others) * Add mysql_cleanup running hourly to keep known caches overhead at minimum * Add OpenVZ Containers guest as supported (tested only by others) * Add support for ~/static/control/disable_user_register_protection.info * Add support for du command in limited shell with /root/.allow.du.cnf * Debian Bookworm and Devuan Daedalus support (needs further testing) * Full Drupal 10.2 support for install and upgrades from Drupal 9 and 10 @=> Improvements * Add control/enable-drush-sa.info for native drush sa command * Add hyperv qemu and kvm aws as supported * Add ltd-shell alias vdrush:vendor/bin/drush * Do not enforce newrelic_background_job(FALSE) * Document BOA planned features in the ROADMAP.txt * Document Drush usage in docs/DRUSH.txt * Make it clear that only Devuan Chimaera should be used in production * New Relic: Separate Web and Drush stats * Purge firewall deny rules before reboot for faster system restart * README rewrite and improvements @=> Changes and Upgrades * Aegir D10 Platforms: 3x Drupal core 10.0.11 * Aegir D10 Platforms: 3x Drupal core 10.1.8 * Aegir D10 Platforms: 3x Drupal core 10.2.4 * Aegir D10 Platforms: Social 12.2.2 with core 10.2.4 * Aegir D10 Platforms: Thunder 7.2.0 with core 10.2.4 * Aegir D10 Platforms: Varbase 9.1.1 with core 10.2.4 * Disable support for several built-in legacy D7 distros * Do not enable /root/.fast.cron.cnf by default * Drush 8.4.12.9 * Nginx 1.24.0 * Nginx: update ssl_ciphers remove 4 weak but leave 2 to support Safari 6-8 * OpenSSH 9.7p1 * OpenSSL LTS with 3.0.13 (prepare, optional) * PHP 8.1.27 * PHP 8.2.17 * Redis 7.0.15 * Remove legacy Ubuntu support @=> Important Fixes * Always revert to iptables-legacy from nf_tables * Fix for broken cURL self-healing * Fix for cURL/libcurl version conflict * Force Nginx cold restart if status is locked * Improve auto-healing for duplicate move_sql and mysql_backup * Improve downgrade_protection * Revert "Sync /etc/security/limits.conf" * Update Drush yml sites aliases also for Aegir system user ### ### Stable BOA-5.1.0 - Full Edition ### Date: Sat 04 Nov 2023 03:26:41 PM CET in Warsaw ### ### Documenting details in progress... ### @=> New Features * Automatically detect and add known web-root dir names on Add New Platform * Lock Drush in any platform with Aegir task: Verify + Lock Drush * Manage pid files in platforms web-root for Drush Lock/Unlock status * Unlock Drush in any platform with new Aegir task: Unlock Local Drush @=> Improvements * Document ~/static/control/FastTrack.info in docs/FASTTRACK.txt * Improve BOA forks compatibility with standalone Aegir paths * Improve tasks labels in the Aegir control panel * Use Aegir backend built-in chmod for Unlock Drush w/o external scripts @=> Changes and Upgrades * Aegir D10 Platforms: 3x Drupal core 10.1.6 * Aegir D10 Platforms: Social 12.0.0-rc3 with core 10.0.11 * Aegir D10 Platforms: Thunder 7.1.2 with core 10.1.6 * Aegir D10 Platforms: Varbase 9.0.16 with core 10.1.6 * Enable hosting_site_backup_manager Aegir extension by default again * Fix permissions and ownership on every Platform Verify for Drupal 8/9/10 * OpenSSL 3.1.4 * PHP 8.1.25 * PHP 8.2.12 @=> Important Fixes * Added missing web-root paths in built-in platforms for Drupal 9/10 * Fix the ability to rename existing platforms in the Aegir control panel * Multiple fixes for built-in permissions and ownership Aegir scripts ### ### Stable BOA-5.0.0 - Full Edition ### Date: Thu 26 Oct 2023 09:55:22 PM CEST in Warsaw ### ### Documenting details in progress... ### @=> New Features * Add support for verbose Drush like 'drush -vvv @site status' * Aegir in BOA is now fully compatible with PHP 8.1 and 8.2 * Do not purge cache tables listed in /root/.my.cache.exceptions.cnf * Drupal 10 is fully supported (needs docs) * Drupal 10 platforms available: Thunder, Varbase, Drupal 10.1 and 10.0 * Make system reboot much faster, also with 'boa reboot' command * OpenSSL 3.x optional/test support with /root/.install.modern.openssl.cnf @=> Improvements * Always install latest Composer on barracuda upgrade * Enable ~/static/control/FastTrack.info by default (needs docs) * Minimize services downtime on upgrade using soft reload only if possible * Site Local Drush is no longer removed on platform Verify (only locked) * Use 'barracuda php-idle disable' to speed up major upgrades @=> Changes and Upgrades * Aegir D10 Platforms: 3x Drupal core 10.0.11 * Aegir D10 Platforms: 3x Drupal core 10.1.5 * Aegir D10 Platforms: Thunder 7.1.2 with core 10.1.5 * Aegir D10 Platforms: Varbase 9.0.16 with core 10.1.5 * Aegir D7 Platforms: Commerce 1.72 with core 7.98.1 * Aegir D7 Platforms: Commerce 2.77 with core 7.98.1 * Aegir D7 Platforms: Guardr 2.57 with core 7.98.1 * Aegir D7 Platforms: OpenOutreach 1.69 with core 7.98.1 * Aegir D7 Platforms: Opigno LMS 1.59 with core 7.98.1 * Aegir D7 Platforms: Panopoly 1.92 with core 7.98.1 * Aegir D7 Platforms: Ubercart 3.13 with core 7.98.1 * Aegir D9 Platforms: 3x Drupal 9.5.11 * Aegir D9 Platforms: OpenLucius 2.0.0 with core 9.5.11 * Aegir D9 Platforms: Opigno LMS 3.1.0 with core 9.5.11 * Aegir D9 Platforms: Social 11.9.14 with core 9.5.11 * BOA requires at least PHP 7.4 or newer as default version * Change redis_perm_ttl from 6h to 24h * Do not inlcude advagg/cdn in o_contrib_eight * Drupal 10: add minimum patch for core * Drupal 10: disable not working yet welcome email on install * Drupal 10: fix compatibility and add missing code in Drush 8 * Drupal 10: lock vendor/drush * Drupal 10: lock vendor/symfony/console/Input * Drupal 10: replace psr/log in core with Drush 8 version * Drush Launcher is not supported anymore so removed * Enable /root/.fast.cron.cnf by default (needs docs) * Remove confusing -bin suffix from Drush 10+ (needs docs) * Set _PURGE_BACKUPS default to 14 or 7 on hosted BOA * Set Composer Install Support in Aegir Backend as disabled by default * The redis_use_modern is no longer optional in the INI files * Update vendor code in the Aegir backend / Provision * Use _STRONG_PASSWORDS=YES by default * Use _USE_MYSQLTUNER=NO by default @=> Important Fixes * Do not enable redis on D7/D6 automatically, it works anyway * Fast DNS Cache Server (pdnsd) install is no longer optional since 2014 (!) * Fix for hosting_cron_queue() with ADV_CRON_MAX_PLL logic * Make sure that expired password will not hang backend task * Nginx: Add missing no-cache checks from @cache to @drupal * Nginx: Move exceptions to the /index.php location * Nginx: The css/js aggregation logic has changed in Drupal 10.1 ### ### Cutting Edge BOA-5.0.0-dev - Initial Edition ### Date: Sat 06 May 2023 08:42:31 AM EEST in Kyiv ### Слава Україні! ### ### Documenting details in progress... ### @=> New Features * Add 'barracuda php-idle disable/enable' (needs docs) * Automatic BOA System Major Upgrade Tool -- see docs/UPGRADE.txt * Debian Bullseye and Buster support * Devuan Chimaera and Beowulf support (systemd-free Debian alternative) * Make Composer running with PHP defined in ~/static/control/cli.info * Make PHP-CLI for Composer and Drush configurable on the fly (needs docs) * New multi-step BOA install procedure -- see docs/INSTALL.txt * PHP 8.2 support @=> Major Improvements * Barracuda first upgrade after boa install no longer requires reboot * Use all available CPU cores for much faster PHP, Nginx, OpenSSL etc builds @=> Important Changes * BOA requires the classic network interface naming convention (needs docs) * Disable all nightly codebase cleanup procedures * Nginx: Add PATCH to allowed $request_method list * Nginx: Remove deprecated upload_progress support * Remove AdvAgg and CDN from D9+ o_contrib * Rewrite the _PHP_MULTI_INSTALL cleanup to make it optional (needs docs) * Stop running any Drush operations on Drupal 8+ in daily.sh * Switch to Redis Server 7.x by default * The php-all should no longer include 7.3 and older versions (needs docs) * Ubuntu support is deprecated * Use php-max to install ALL nine (9) PHP versions (needs docs) @=> Important Fixes * Discover the system IPv4 once and store in a file * Fix several issues with ~/static/control/MyQuick.info logic * Maintain csf.allow/ignore backup on serial update in /var/backups/csf/ * Nginx: Fix protected access to /update.php * Nginx: Protect composer.json if exists in the Drupal web-root ### ### NEW BOA-4.2.0-stable - Full Edition ### Date: Sat 06 May 2023 07:42:19 AM EEST in Ivano-Frankivsk ### Слава Україні! ### ### Documenting details in progress... ### @=> New Features * Add 'barracuda php-idle disable/enable' (needs docs) * Automatic BOA System Major Upgrade Tool -- see docs/UPGRADE.txt * Debian Bullseye and Buster support * Devuan Chimaera and Beowulf support (systemd-free Debian alternative) * Make Composer running with PHP defined in ~/static/control/cli.info * Make PHP-CLI for Composer and Drush configurable on the fly (needs docs) * New multi-step BOA install procedure -- see docs/INSTALL.txt * PHP 8.2 support @=> Major Improvements * Barracuda first upgrade after boa install no longer requires reboot * Use all available CPU cores for much faster PHP, Nginx, OpenSSL etc builds @=> Important Changes * BOA requires the classic network interface naming convention (needs docs) * Disable all nightly codebase cleanup procedures * Remove AdvAgg and CDN from D9+ o_contrib * Rewrite the _PHP_MULTI_INSTALL cleanup to make it optional (needs docs) * Stop running any Drush operations on Drupal 8+ in daily.sh * Switch to Redis Server 7.x by default * The php-all should no longer include 7.3 and older versions (needs docs) * Ubuntu support is deprecated * Use php-max to install ALL nine (9) PHP versions (needs docs) @=> Important Fixes * Discover the system IPv4 once and store in a file * Maintain csf.allow/ignore backup on serial update in /var/backups/csf/ ### ### Stable BOA-4.1.4-rel - Full Edition ### Date: Fri Dec 10 22:30:49 CET 2021 in Warsaw ### ### Documenting details in progress... ### @=> New Features * * * @=> Major Improvements * * * @=> Important Changes * * * @=> Important Fixes * * * ### Stable BOA-4.1.3 Release - Full Edition ### Date: Thu Sep 24 18:51:49 CEST 2020 ### Milestone URL: https://github.com/omega8cc/boa/milestones/4.1.3 # Release Notes: This BOA release is a second transitional release before switching to rolling release policy. Detailed changelog will follow. This BOA update provides latest PHP versions, system updates, including security fixes, many bug fixes, latest Aegir version ..but no Aegir platforms are installed by default anymore, unless their keywords are listed in the file ~/static/control/platforms.info (please read further below for details) TL;DR * Yes, blazing fast site clone/migrate mode is available even for giant sites! * Yes, BOA still supports Pressflow 6 (LTS version only!) * No, we no longer install any supported distros as platforms by default. @=> Super fast site cloning and migration mode (NEW!) It is now possible to enable blazing fast migrations and cloning even sites with complex and giant databases with this empty control file: ~/static/control/MyQuick.info By the way, how fast is the super-fast? It's faster than you would expect! We have seen it speeding up the clone and migrate tasks normally taking 1-2 hours to... even 3-6 minutes! Yes, that's how fast it's! This file, if exists, will enable a super fast per table and parallel DB dump and import, although without leaving a conventional complete database dump file in the site archive normally created by Aegir when you run not only the backup task, but also clone, migrate and delete tasks, hence also restore task will not work anymore. We need to emphasise this again: with this control file present all normally super slow tasks will become blazing fast, but at the cost of not keeping an archived complete database dump file in the archive of the site directory where it would be otherwise included. Of course the system still maintains nightly backups of all your sites using the new split sql dump archives, but with this control file present you won't be able to use restore task in Aegir, because the site archive won't include the database dump -- you can still find that sql dump split into per table files in the backups directory, though, in the subdirectory with timestamp added, so you can still access it manually, if needed. @=> Drupal platforms and Composer support We no longer install any supported Drupal distros as platforms by default, but you can customize Octopus platform list via control file, which will be used on the next Octopus upgrade (you can request it individually if you are on hosted Aegir service): ~/static/control/platforms.info This file, if exists and contains a list of symbols used to define supported platforms, allows to control/override the value of _PLATFORMS_LIST variable normally defined in the /root/.${_USER}.octopus.cnf file, which can't be modified by the Aegir instance owner with no system root access. IMPORTANT: If used, it will replace/override the value defined on initial instance install and all previous upgrades. It takes effect on every future Octopus instance upgrade, which means that you will miss all newly added distributions, if they will not be listed also in this control file. Supported values which can be written in this file, listed in a single line or one per line: Drupal 9 based THR ----------- Thunder Drupal 8 based LHG ----------- Lightning OPG ----------- Opigno LMS SOC ----------- Social VBE ----------- Varbase Drupal 7 based D7P D7S D7D --- Drupal 7 prod/stage/dev AGV ----------- aGov CME ----------- Commerce v.2 CS7 ----------- Commons DCE ----------- Commerce v.1 GDR ----------- Guardr OA7 ----------- OpenAtrium OAD ----------- OpenAid OLS ----------- OpenLucius OOH ----------- OpenOutreach OPC ----------- OpenPublic OPO ----------- Opigno LMS PPY ----------- Panopoly RST ----------- Restaurant UC7 ----------- Ubercart Drupal 6 based D6P D6S D6D --- Pressflow (LTS) prod/stage/dev DCS ----------- Commons UCT ----------- Ubercart You can also use special keyword 'ALL' instead of any other symbols to have all available platforms installed, including newly added in all future BOA system releases. Examples: ALL LHG VBE D7P D7S D7D Composer will now use PHP 7.3 by default, and you can find many useful hints at: https://github.com/omega8cc/boa/blob/master/docs/COMPOSER.txt IMPORTANT: You must switch your ~/static/control/cli.info to 7.2 or newer PHP version (BOA hosted on Omega8.cc comes with 7.4, 7.3 and 7.2), because D8 based distros require at least PHP 7.2 -- this also means that to run the sites installed after switching cli.info to 7.2 or newer, you will also need to either switch your ~/static/control/fpm.info to 7.2 or newer, or more probably, to not break any existing sites not compatible with PHP 7.2+ you will need to list these D8 sites names in ~/static/control/multi-fpm.info Please check for more information: https://learn.omega8.cc/how-to-quickly-switch-php-to-newer-version-330 BOA supports Drupal 8 codebases both with classic directory structure like in Drupal 7 and also Drupal 8 distros you can download from Drupal.org, but if you use Composer based codebase with different structure, the platform path is not the codebase root directory, but the subdirectory where you see the Drupal own index.php and "core" subdirectory. It can be platform-name/web or platform-name/docroot or something similar depending on the distro design. ### Stable BOA-4.1.2 Release - Full Edition ### Date: Tue Sep 22 05:30:08 CEST 2020 ### Milestone URL: https://github.com/omega8cc/boa/milestones/4.1.2 # Release Notes: This BOA release is a transitional release before switching to rolling release policy. Detailed changelog will follow. ### Stable BOA-4.0.1 Release - Full Edition ### Date: Mon May 6 01:14:59 CEST 2019 ### Milestone URL: https://github.com/omega8cc/boa/milestones/4.0.1 # Release Notes: This BOA release provides three new PHP versions, system updates, including security fixes, many bug fixes, latest Aegir version, plus all included Drupal distributions updated to latest versions, and supplied with latest Drupal 7 or Drupal 8 core, if possible. Yes, BOA still supports Pressflow 6. Yes, Debian Stretch is supported. No newer Ubuntu releases are supported yet. Yes, we have added Solr 7 support and every 5 minutes updates! Four Drupal 8 based popular distributions have been included by default, plus much improved Composer support and automatic permissions-fix-magic on Platform and Site Verify tasks. No more manual fixes! By the way, Composer will now use PHP 7.3 by default, and you can find many useful hints at: https://github.com/omega8cc/boa/blob/master/docs/COMPOSER.txt Big improvements and changes are coming to (auto)managing Solr cores too! Solr cores are are now created every 5 minutes if needed, instead of during the nightly procedure only, and Solr 7 is used by default. Existing Solr 4 cores will continue to work as before, but the system will create new Solr 7 cores for all compatible sites, and will update the sites/foo.com/solr.php accordingly. For existing Solr 4 cores there can be namespace conflicts, so please make sure to check the updated sites/foo.com/solr.php file and adjust your site configuration if needed. Note: If you are using WinSCP and/or Putty on Windows, or Transmit/Coda by Panic on a Mac, please check the Known Issues section at the bottom of this BOA-4.0.1 release notes. @=> Solr 7 and Solr 4 support changes and improvements Both Solr 7 and Solr 4 powered by Jetty 9 server are available. Supported integration modules are limited to latest versions of either search_api_solr (D8/Solr7 and D7/Solr7 ) or apachesolr (D7/Solr4 and D6/Solr4). Currently supported versions are listed below: https://ftp.drupal.org/files/projects/search_api_solr-8.x-2.7.tar.gz https://ftp.drupal.org/files/projects/search_api_solr-7.x-1.14.tar.gz https://ftp.drupal.org/files/projects/apachesolr-7.x-1.11.tar.gz https://ftp.drupal.org/files/projects/apachesolr-6.x-3.1.tar.gz Note that you still need to add preferred integration module along with any its dependencies in your codebase since this feature doesn't modify your platform or site - it only creates Solr core with configuration files provided by integration module: schema.xml and solrconfig.xml etc. Important: search_api_solr-8.x-2.x is different from all previous versions, as it requires Composer to install the module and its dependencies, then you will need to configure it, and only then you will be able to generate customized Solr core config files, which you should upload in the path: sites/foo.com/files/solr/ and wait 5-10 minutes to have them activated on the Solr 7 core the system will create for you. This will affect the running every 5 minutes auto-installer, hence no need to wait until next morning to be able to use new Solr core. Win! Once the Solr core is ready to use, you will find a special file in your site directory: sites/foo.com/solr.php with details on how to access your new Solr core with correct credentials. Side note: the sites/foo.com/solr.php will be automatically deleted on every site Verify task in Aegir, to prevent copying it across with incorrect access credentials when you clone the site. As soon as the site is verified, its sites/foo.com/solr.php will get re-created automatically within 5-10 min. and the cloned site will also get its own Solr core created. For more details please check the docs at: https://github.com/omega8cc/boa/blob/master/docs/SOLR.txt @=> Drupal 8.7.0 platforms and Composer support Since BOA-4.0.1 new Drupal 8.7.0 based platforms are included: Lightning 3.3.0 -------------- https://drupal.org/project/lightning Thunder 8.2.39 --------------- https://drupal.org/project/thunder Varbase 8.6.8 ---------------- https://drupal.org/project/varbase Social 8.5.1 (8.6.15 core) --- https://drupal.org/project/social IMPORTANT: You must switch your ~/static/control/cli.info to 7.1 or newer PHP version (BOA hosted on Omega8.cc comes with 7,1, 7.2 and 7.3), because D8 based distros require at least PHP 7.1 -- this also means that to run the sites installed after switching cli.info to 7.1 or newer, you will also need to either switch your ~/static/control/fpm.info to 7.1 or newer, or more probably, to not break any existing sites not compatible with PHP 7.1+ you will need to list these D8 sites names in ~/static/control/multi-fpm.info Please check for more information: https://learn.omega8.cc/how-to-quickly-switch-php-to-newer-version-330 BOA supports Drupal 8 codebases both with classic directory structure like in Drupal 7 and also Drupal 8 distros you can download from Drupal.org, but if you use Composer based codebase with different structure, the platform path is not the codebase root directory, but the subdirectory where you see the Drupal own index.php and "core" subdirectory. It can be platform-name/web or platform-name/docroot or something similar depending on the distro design. As you have discovered if you have already tried, the path you should use in Aegir when adding Composer based codebase as a platform is the directory where index.php resides, so effectively anything above that directory is not available for web requests and thus safely protected. The information from Aegir project docs saying "When verifying a platform, Aegir runs composer install if a composer.json file is found." doesn't apply to BOA. We have disabled this. There are several reasons, most importantly: a/ having this feature enabled is actually against the codebase management workflow in Aegir, because it may modify codebase on a live site, b/ some tasks launch verify many times during clone and migrate, which results with giant overhead and conflicts if we allowed it to run composer install many times in parallel, c/ from our experience, having this poorly implemented feature enabled breaks clone and migration tasks between platforms when both have the composer.json file. It just doesn't make any sense in our opinion. The implementation should be improved to make it actually work similarly to Drush Makefiles. You should think about Composer like it was Drush Make replacement, and you should not re-build nor upgrade the codebase on a platform with sites already hosted. Just use it to build new codebases and then add them as platforms when the build works without errors. @=> Important PHP versions availability changes Still on PHP 5.6? You should switch to PHP 7.3 — It’s twice as fast as 5.6! But don't switch blindly -- even sites already running on PHP 7.0 before are most probably not ready for PHP 7.2 or 7.3 without proper fixes. Note: BOA-4.0.1 release removes PHP 5.3, 5.4 and 5.5, if installed. In addition to still supported, even if officially deprecated 5.6 and 7.0 versions, this release adds support for PHP 7.3, 7.2 and 7.1 Please check the PHP officially supported versions list at: http://php.net/supported-versions.php In our limited testing Drupal 7 core version included in this release works without noticeable issues with both PHP 7.2 and 7.3, although many contrib modules may not be ready to switch your instance to 7.3 or 7.2 just yet, especially if you have not used PHP 7.0 already. We recommend to test your sites clones with newer PHP versions using BOA multi-PHP-version support via ~/static/control/multi-fpm.info before switching your instance to use 7.3 or 7.2 by default. Please check for more information: https://learn.omega8.cc/how-to-quickly-switch-php-to-newer-version-330 We still include Pressflow 6 platforms, because in the meantime the LTS community support made the latest Pressflow 6 version compatible with PHP 7.2 If you still have a reason to use Drupal 6 core, we recommend to use our version: https://github.com/omega8cc/pressflow6/tree/pressflow-plus @=> BOA release policy changes In over 15 months since BOA-3.2.2 release we have tested a more agile approach with Rolling Release policy for BOA system part known as Barracuda. We have implemented many changes and updates only in BOA HEAD and used carefully tested HEAD in production. This worked flawlessly and allowed us to keep all BOA hosted and maintained systems continuosly updated without waiting for stable release. BOA project is very complex, build atop of many packages and individually built from sources components, plus other projects like Aegir, Drush and Drupal core and distributions -- each of them with their own release policy. After years of efforts to keep healthy balance between providing necessary upgrades and avoiding BOA users maintenance fatigue due to frequent releases, which usually results with skipping releases which has many adverse effects, including requirement to keep new versions backward compatible with 2-3 years old releases, we have decided that it's time to introduce Rolling Release policy for Barracuda while still using standard point releases policy for Octopus installer, which covers Aegir, Drush and Drupal platforms updates. We will still use point releases for Barracuda when there will be major changes introduced, like deprecating old PHP versions or changing components like Let's Encrypt integration agents or methods. BOA project docs will be updated to reflect these changes once another standard point release is made either for Octopus, Barracuda or both. The docs will explain how to run Barracuda system continuous updates properly. # New features: * Add auto-cleanup for empty old platforms in /var/aegir * Add experimental support for autoslave and cache_consistent * Add initial Composer docs * Add jsmin support for PHP7 #1250 * Add mongodb extension for PHP 7 and Drupal 8.2.x support #1127 * Add redis_oom_check() to monitoring * Add set_composer_manager_vendor_dir INI variable * Add support for include/exclude filelist for duplicity. #1159 * Add support for Percona 5.7 and use MariaDB 10.1 by default * Add UTF8MB4 Convert Drush extension #1047 * Automatically check and remove drush from codebase * Debian Stretch support #1176 * Do not run Verify daily if ~/static/control/noverify.info exists * Install ClamAV daemon by default * PHP 7.3, 7.2 and 7.1 Support #1126 * Run manage_solr_config.sh every 5 minutes * Update Solr with BOA #1305 * Use _DB_BACKUPS_TTL variable for local and cluster db backups rotation # Changes: * Add innodb_default_row_format = dynamic — fixes #1366 * Advanced Nginx microcaching to improve cache HITs #1271 * Change to dashes in bucket names and upgrade boto/duplicity #1247 * Create fpm.info and cli.info ctrl files on Octopus install * Deprecate MariaDB 5.5 and force 10.1 instead * Enable uploadprogress.so for testing on PHP 7+ * Force Composer to use PHP 7.2 if available #1213 * Higher PHP CLI limits to make Composer happy * Increase default TTLs to make BOA more friendly for big sites * Make DNS Cache Server pdnsd optional -- needs DCS keyword in _XTRAS_LIST * Minimum 4 GB RAM and 2 CPU (with Solr minimum 8 GB RAM and 4+ CPU rec.) * Re-verify LE enabled sites daily * Refresh the tasks list more frequently * Remove deprecated PHP versions #801 * Remove problematic opcache.fast_shutdown * Remove ultimate_cron and background_process from the blacklist * Replace Google DNS servers for Cloudflare DNS servers #1317 * Replace the complex public IP detection with an external API #1089 * Set PHP CLI to FPM version if only FPM is defined * SQL: disable innodb_adaptive_hash_index by default * Upgrade imagick to 3.4.3 for PHP7 support #1253 * Use /root/.backboa.autoupdate by default * Use utf8mb4/utf8mb4_general_ci by default # System upgrades: * Adminer 4.7.0 * CSF/LFD 12.10 * Drush 8.2.3.1 * Galera 10.0.37 * Lshell 0.9.18.9 * MariaDB Server 10.1.39 * MariaDB Server 10.2.19 * MariaDB Server 10.3.14 * MySQLTuner 1.7.15 * Nginx 1.16.0 * Node.js v10.x LTS * OpenSSH Server 8.0p1 * OpenSSL 1.0.2r for Nginx * PHP 7.3.5, 7.2.18, 7.1.29, 7.0.33, 5.6.40 * PHP Redis extension 4.2.0 * Pure-FTPd 1.0.49 * Redis Module 8.x mod-05-02-2019 * Redis Server 4.0.14 * Ruby 2.6.0 * Use latest Duplicity and dependencies # Fixes: * Add fix_ping_perms() * Add libzip-dev to satisfy PHP 7.3 requirements * Add nginx config to mitigate SA-CORE-2018-002 * Add patches for CORE-2018-004 and SA-CORE-2018-002 * Add procedure satellite_fix_broken_entity_module() * Add re_set_default_php_cli() procedure * Add redis_slow_check() * Ajax 200 parsererror on every Drupal site #1344 * Avoid potentially problematic --force-yes for apt-get * Backboa AWS S3 backup integration no longer working #1138 * Backboa not installed #1310 * Backboa: Certificate error #1141 * Cannot switch php-cli, cannot create varbase composer project. #1308 * Check sshd not ssh version * CiviCRM 4.7 not working under BOA #1223 * Crawlers see 403 on public path #1329 * Debian 9 (Stretch) _apt user + _STRICT_BIN_PERMISSIONS errors #1352 * Do not lock old/all hostmaster platforms automatically * Downgrade MySecureShell until we can figure out compatibility issues * Errors using site with CiviCRM #1304 * Extra cleanup for any codebase level drush copy * Fix for empty old hostmaster platforms cleanup * Fix for incomplete logic in multi-fpm mode * Fix for jessie-backports * Fix SA-CORE-2018-006 for D8 and D7 * Fix the site specific composer_manager dir also for D8 * Fix to include gitlab.com in ~/.ssh/known_hosts * Improve gpg keys handling * Improve pdnsd self-repair procedures * Infinite loop on INFO: Retrieving F1656F24C74CD1D8 key.. #1323 * Known issues with contrib module Redirect in Drupal 8 and BOA #1239 * Make sure redis-server is up immediately after upgrade * Make sure that ~/.rvmrc is fixed * Make sure that composer permissions are fixed * Make sure that the ownership on static/control is correct * Make sure to fix Redis permissions * Nginx: the "ssl" directive is deprecated since 1.15.0 * No live certificates from Let's Encrypt #1255 * No Web Server is added when BOA is installed locally #1306 * PSA-2018-003: Drupal core security release #1283 * Remove deprecated option UsePrivilegeSeparation if exists * Restore Jessie default apt mode on Stretch+ * Solr dir is not defined in in setup_solr() #1370 * SSHD - use without-password for backward compatibility * Switching out DNS servers caused breakage #1318 * Sync permissions fix on platform verify for D8, D7, D6 * Sync Solr 7 memory management logic * The _PERMISSIONS_FIX var gets overridden to YES daily basis #1311 * The innodb_lazy_drop_table has been deprecated in Percona * Update ~/static/control/README.txt if needed * Update boa info [more] for current years #1248 * Update lshell.config to not break valid D8 specific Drush commands * Update, sync and de-duplicate Zend OPcache config directives * Updated default robots.txt #1172 * Use gpg2 directly instead of deprecated apt-key * Use IP directly as a last fallback * xboa migrate Solr 7 data #1376 # Known issues: * SSH/SFTP WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! In short, nothing to worry about, but please read on how to fix this: https://learn.omega8.cc/2019-remote-host-identification-ssh-388 * PHP 7.1+ can't be installed w/ MariaDB 10.2+ until compatibility is fixed: https://jira.mariadb.org/browse/MDEV-14555 * Existing Solr 4 cores may experience namespace conflicts. Please make sure to check the updated sites/foo.com/solr.php file and adjust your site configuration if needed. * Error decoding SFTP packet -- affects WinSCP/Putty We recommend to use CybderDuck for reliable SFTP access. For known fix please check https://bit.ly/2HMGd6u -- quote below: >>>>> Basically we need to set the ‘Preferred SFTP protocol version’ to 3. How to do this: Edit the connection in WinSCP Open the Advanced menu Choose Advanced This will bring up a new popup. Under Environment click on SFTP Change ‘Preferred SFTP protocol version’ to 3 Save the changes. >>>>> * SFTP connection doesn't work with Transmit nor Coda by Panic software. We have not figured out the workaround yet, so we recommend using working alternatives on a Mac, like Cyberduck or ForkLift. * The filefield_nginx_progress module, which is deprecated for years, no longer works and breaks upload fields. The module has been removed from the supported modules list, and will be automatically disabled if active in any D7 site daily, so we recommend to use the current similar alternative (even if not so fancy) included now by default: https://www.drupal.org/project/file_resup ### Stable BOA-3.2.2 Release - Full Edition ### Date: Sat Jan 20 11:03:34 PST 2018 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.2.2 # Release Notes: This BOA release provides system security upgrades, many bug fixes, latest Aegir version, plus all supported Drupal distributions updated to latest versions, and supplied with latest Drupal 7 core, if possible. Thanks to Drush 8.1.15-dev we support also the newest Drupal 8.4.4 core. @=> Important changes planned in the next BOA feature release BOA-3.2.2 is the last release still supporting PHP 5.3, 5.4 and 5.5 versions. These versions will be *removed* in the next release, and instead there will be support for PHP 7.1 and 7.2 added. Future releases will no longer include Pressflow 6 platforms, but Pressflow 6 will be fully supported, and can still use PHP 5.6 -- We recommend to use our version: https://github.com/omega8cc/pressflow6/tree/pressflow-plus # Changes: * Add support for WOFF 2.0 * Commerce 2.51 * Guardr 2.40 * OpenAtrium 2.624 * Panopoly 1.49 # System upgrades: * Adminer 4.3.1 * Galera 10.0.33 * MariaDB 10.1.30 * MariaDB 10.2.12 * MariaDB 5.5.59 * Nginx 1.13.8 * OpenSSL 1.0.2n (used only in Nginx) * PHP 5.6.33 * PHP 7.0.27 * PHP extension for Redis 3.1.6 * Pure-FTPd 1.0.49 * Redis Server 4.0.6 * Ruby 2.4.2 * Use Redis integration mod-30-12-2017 (D7) # Fixes: * Add mongo to the list of permissions exceptions, if installed * Do not delete empty platforms if ~/static/control/platforms.info is used * Do not restart Redis daily if /root/.high_traffic.cnf exists * Fix Drupal 8 detection for distros with vendor dir moved out of docroot * Fix requirements for the latest compass version * Hints config update * LE not renewing expired certificates due to IPv6 DNS entries -- #1179 * Notifications about new BOA editions are sent to notify@omega8.cc -- #1219 * Override fastcgi_params to make geoip headers work again * Redirect module conflict with manual cron execution in D8 -- #1215 * Remove hmac-ripemd160 MAC, deprecated in OpenSSH 7.6 -- #1217 * The _SSH_ARMOUR=YES not compatible with OpenSSH 7.6 -- #1218 * Update keys for rvm.io * Update LE License to LE-SA-v1.2-November-15-2017.pdf * Use advagg-7.x-2.30 * Use modified rvm-installer.sh for user-level installations * Use reroute_email-7.x-1.3 * Use rvm_silence_path_mismatch_check_flag=1 ### Stable BOA-3.2.1 Release - Full Edition ### Date: Sat Oct 7 19:58:53 PDT 2017 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.2.1 # Release Notes: This BOA release provides system security upgrades, many bug fixes, latest Aegir version, plus all supported Drupal distributions updated to latest versions, and supplied with latest Drupal 7 core, if possible. Thanks to Drush 8.1.15-dev we support also the newest Drupal 8.4 core. @=> Important changes planned in the next BOA release BOA-3.2.1 is the last release still supporting PHP 5.3, 5.4 and 5.5 versions. These versions will be *removed* in the next release, and instead there will be support for PHP 7.1 and 7.2 added. Future releases will no longer include Pressflow 6 platforms, but Pressflow 6 will be fully supported, and can still use PHP 5.6 -- We recommend to use our version: https://github.com/omega8cc/pressflow6/tree/pressflow-plus @=> Drupal 6 vanilla core is deprecated starting with BOA-3.2.1 Drupal 6 vanilla core is no longer supported. It was never really supported, but could still work. Those running Drupal 6 instead of supported Pressflow 6 will notice that their site displays only the homepage and all links/menus no longer display expected content. This change is a result of new rewrite in the Nginx configuration, required to properly support both Drupal 8 and Drupal 7. Time to migrate to latest, included in this release, Pressflow 6! # Changes: * Add chained commands to forbidden list in lshell * Add Nginx Headers More module support * Add support for --include/exclude-filelist for duplicity -- #1158 * Add support for upcoming MariaDB 10.2 * Auto-update duplicity if installed * Deny bots on non-prod domains, not only on aliases -- #1178 * Do not pause the tasks queue during mysql backup * Do not truncate queue and accesslog tables by default * Enable New Relic integration for PHP 7.0 * Install ipset to improve CSF performance * mongodb.so for D8.2 and PHP7.0 -- #1128 * Run 3 queue tasks in parallel by default * Use redis_scan_enable = FALSE by default # System upgrades: * CSF 10.22 * Drush micro-8-07-10-2017 * Galera 10.0.32 * MariaDB 10.1.28 * MariaDB 10.2.9 * MariaDB 5.5.57 * Nginx 1.13.5 * Node 6.x version bump -- #1129 * OpenSSH 7.6p1 * OpenSSL 1.0.2l (used only in Nginx) * PHP 5.6.31 * PHP 7.0.24 * PHP extension for Redis 3.1.4 * Pure-FTPd 1.0.46 * Redis Server 4.0.2 * Update Redis module for Drupal 8 * Upgrade drush to support Drupal 8.4 -- #1206 * Upgrade wkhtmltopdf and wkhtmltoimage to 0.12.4 # Fixes: * Add SSH (RSA) keys how-to * Add support for tar.xz archives * Add symlink suggested in #999 * Allow a bit higher load limits for queue runner * Barracuda is not installing ipset so csf doesn't work -- #1203 * Deprecate no longer working distros * Disable innodb_corrupt_table_action in 10.2 * Do not enable entitycache in the Commons distro * Exclude special https.* proxy vhosts from daily cleanup * Fix permissions on password files for HTTP Basic Auth -- #1187 * Fix syntax and race conditions in fire/water * Galera compatibility: do not edit mysql.user directly * Improve CSF race conditions protection * Improve default system cron queue * Improve repo.psand.net/pubkey update * Improved PHP OPCache default configuration * Linux kernel CVE-2017-2636 hotfix * Linux kernel CVE-2017-6074 hotfix * Make sure that not supported tools are not re-installed on VServer * Move excludes first as they are more specific than includes -- #1168 * PHP not installed after Wheezy to Jessie upgrade -- #999 * Redirect module breaks Drupal 8 sites in BOA if present -- #1061 * Remove --numeric-ids option from xboa -- #1146 * Restart DB server on upgrade only if config has changed * Run fast enough fire.sh again * Silence mysql cleanup output -- #1180 * Site in subdirectory cookie is not set correctly -- #1211 * Sync PHP disable_functions across all versions * Update default robots.txt -- #1172 * Use --skip-add-locks — Galera Cluster compatibility * Use absolutely graceful MySQLD restart procedure * VServer 4.1.42-vs2.3.8.6-beng compatibility * Wait for MySQLD availability before running DB backup * Whitelist known search engines bots IPs ### Stable BOA-3.2.0 Release - Full Edition ### Date: Sun Feb 26 09:11:39 PST 2017 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.2.0 # Release Notes: This BOA release provides many new features, system security upgrades, many improvements and bug fixes, latest Aegir version, plus all supported Drupal platforms updated to latest versions, and supplied with latest Drupal 7 core, if possible. The reason we list here also new features and changes already listed in previous BOA-3.1.4 version is that they were supposed to be included in this (3.2.0) release, since we normally don't include new features in bugfix releases, but we had to publish more bugfix/security releases in the 3.1.x series than initially expected, while new features were already pushed to HEAD in anticipation of delayed 3.2.0 release. We have also moved some new features originally intended to be included in the (3.2.0) release to the next 3.3.0 milestone, which is expected in about one month after 3.2.0 release. @=> Magic permissions fix now happens on-the-fly The most interesting new Aegir feature is probably the ability to fix files permissions and ownership on any site and platform, without waiting for the running daily magic fix. Now it happens on-the-fly, when you run normal platform and site Verify tasks. @=> MariaDB 10.1 is now the new default version If you are already running 10.0, BOA will upgrade it to _DB_SERIES=10.1 but if you still run _DB_SERIES=5.5 it will continue to use MariaDB 5.5 on your system (not recommended). # New features and enhancements: * Add Microsoft Hyper-V to supported virtualization systems * Add support for _HOURLY_DB_BACKUPS=YES via Percona XtraBackup * Add support for ‘boa version’ command * Add support for /root/.my.batch_innodb.cnf weekly procedure * Add support for /root/.my.restart_after_optimize.cnf procedure * Add support for fix_ownership and fix_permissions on-the-fly * Add support for latest 3.18.44-vs2.3.7.5-beng VS kernel * Add support for latest 4.1.33-vs2.3.8.5.2-beng VS kernel * Add support for the Open Lucius Distribution to Aegir —- #888 * Add support for the Opigno LMS Distribution to Aegir —- #953 * Automatically whitelist CloudFlare and Sucuri IPs (faster version) * Bundle Opigno LMS dependencies: TinCanPHP and pdf.js * Configure _INNODB_LOG_FILE_SIZE automatically * Docs for Twig Debbuging in Drupal 8.2.x and BOA #1085 * Improve InnoDB performance * Improve Let's Encrypt docs * Include advagg, cdn, and robotstxt in o_contrib_eight -- #1096 * Install ClamAV and RKhunter by default —- #1019 * Make boost cache clearing configurable via _CLEAR_BOOST variable -- #1115 * MariaDB 10.1 support (new default version) -- #866 * Open LDAP ports 389 and 3268 for outgoing TCP connections * Speed up mysql stop/start * Update S3 regions list for backboa backups * Use blazing fast Redis (SCAN) method on wildcard cache delete * Use Redis_CacheCompressed mode, if available (saves a ton of RAM) # Changes: * Allow to run global OPTIMIZE only once per month, on the last Sunday * Always update barracuda, boa and octopus wrappers, ignore _SKYNET_MODE=OFF * Enable ARCHIVE Storage Engine in MariaDB 10.1 * Force _CUSTOM_CONFIG_SQL=NO on MariaDB major upgrade/reinstall * Remove exception for cache_form bin in Redis configuration * Remove no longer supported textile module * Run db OPTIMIZE only weekly, if configured * Use bzip2 also for standard db backups * Use lower system load limit for queue runner * Use MySQLTuner to configure SQL limits — enabled by default # System upgrades: * CSF/LFD 9.30 * Drupal 7.54.2 * Drush micro-8-07-02-2017 * Duplicity 0.7.11 (please run 'backboa install' to upgrade) * MariaDB 10.1.21 * MariaDB 5.5.54 * MariaDB Galera Cluster 10.0.29 * Nginx 1.11.10 * OpenSSL 1.0.2k (used only in Nginx) * PHP 5.6.30 * PHP 7.0.16 * Pure-FTPd 1.0.45 * Redis 3.2.8 * Redis D8/D7 integration mod-09-02-2017 * Use ImageMagick 7.0.4-6 if built from sources * Use Redis integration mod-14-02-2017 (D7) # Fixes: * Can't add clients on BOA3 -- #926 * Do not add newer InnoDB settings when old server version is in use -- #1122 * Do not disable site_readonly daily on migrated instances * Fix the not working hostmaster LE cert auto-update (typo) * Force vnstat restart on version upgrade * Improve disable_chattr() and enable_chattr() logic * Improve docs/FAQ.txt as suggested in #1119 * Improve userprotect initial-only setup -- #926 * MariaDB server not running properly alert -- #1122 * Migration should re-use Let's Encrypt certs in HTTPS proxy vhosts -- #1106 * Randomize SQL backup schedule * Rebuild hosting_custom_settings feature after enabling Redis on install * Sync db server (optional) restart with optimize * Sync max_execution_time for PHP-FPM * Sync max_input_time for PHP-FPM * Update docs/SSL.txt -- #1109 * Whitelist /dev/urandom in open_basedir ### Stable BOA-3.1.4 Release - Full Edition ### Date: Tue Dec 20 14:09:21 PST 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.1.4 ### Latest hotfix added on: Wed Dec 21 12:44:58 PST 2016 # Release Notes: This BOA release provides system security upgrades, many improvements and bug fixes, latest Aegir version, plus all supported Drupal platforms updated to latest versions, and supplied with latest Drupal 7 core, if possible. @=> Magic permissions fix now happens on-the-fly The most interesting new Aegir feature included in this release is probably the ability to fix files permissions and ownership on any site and platform, without waiting for the running daily magic fix. Now it happens on-the-fly, when you run normal platform and site Verify tasks. @=> MariaDB 10.1 is now the new default version If you are already running _DB_SERIES=10.0, this BOA release will upgrade it to _DB_SERIES=10.1 -- but if you still run _DB_SERIES=5.5 it will continue to use MariaDB 5.5 on your system. # New features and enhancements: * Add Microsoft Hyper-V to supported virtualization systems * Add support for ‘boa version’ command * Add support for fix_ownership and fix_permissions on-the-fly * Add support for latest 3.18.44-vs2.3.7.5-beng VS kernel * Add support for latest 4.1.33-vs2.3.8.5.2-beng VS kernel * Automatically whitelist CloudFlare and Sucuri IPs (faster version) * Configure _INNODB_LOG_FILE_SIZE automatically * MariaDB 10.1 support (new default version) -- #866 * Use Redis_CacheCompressed mode, if available (saves a ton of RAM) # Changes: * Always update barracuda, boa and octopus wrappers, ignore _SKYNET_MODE=OFF * Enable ARCHIVE Storage Engine in MariaDB 10.1 * Force _CUSTOM_CONFIG_SQL=NO on MariaDB major upgrade/reinstall * Remove no longer supported textile module * Run db OPTIMIZE only weekly, if configured * Use MySQLTuner to configure SQL limits — enabled by default # System upgrades: * CSF 9.28 * Drush micro-8-17-12-2016 * MariaDB 10.1.20 * MariaDB Galera Cluster 10.0.28 * Nginx 1.11.7 * OpenSSH 7.4p1 (if installed from sources) * OpenSSL 1.0.2j (used only in Nginx) * PHP 5.6.29 * PHP 7.0.14 * PHPRedis 3.1.0 * Redis 3.2.6 * Use mydropwizard-6.x-1.6 * Use Redis module mod-20-12-2016 # Fixes: * Allow to run downgrade to _DB_SERIES 5.5 (experimental, not recommended!) * Always reinstall cURL from packages if broken * AMP support -- #948 * Archive PHP logs in /var/backups/php-logs/ * Check if bind should be installed early enough * Do not enable innodb-defragment — it may crash the server * Fix for check_root_keys_pwd() * Fix for disable_chattr() * Fix for missing PHP config regression -- #1105 * Fix for VnStat sysconfdir * Fix the check in detect_deprecated_php() * Ignore search lines to avoid breaking pdnsd config -- #1069 * Improve SQL defaults * Make sure innodb_buffer_pool_instances is always defined * Migration between installation profiles -- #1076 * Monitor more lines when /root/.hr.monitor.cnf exists * Multiply already high opcache.max_accelerated_files * Nginx: Set Access-Control-Allow-Origin header only for static files * Remove duplicate config updates and restarts * Remove various tmp/dot files breaking du command * Sync the new on-the-fly permissions magic with BOA daily.sh logic * The .git/* files are downloadable -- #1091 * Triple check that all sql tables are upgraded * Update JS module to 7.x-2.1 -- #586 * Update migrate docs to avoid issues with already migrated instances * Use long enough wait times for big SQL servers restarts * Use Open Atrium own patched Drupal core -- #1083 ### Stable BOA-3.1.3 Release - Barracuda Edition ### Date: Mon Sep 12 17:54:50 PDT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.1.3 # Release Notes: This BOA release provides important security upgrades and bug fixes. You should upgrade via 'barracuda up-stable system' immediately. Note: Octopus upgrade is **not** included in this BOA release. Technically, even by running normal system update with previous BOA release you would apply all security upgrades, since they are provided by MariaDB packages, and thus enforced no matter if we release new BOA version, or not, so we are doing this purely to make sure that all users have been alerted about the situation affecting their systems. # Changes: * Move Nginx cache cleanup to daily cleanup procedure * Use standard hourly schedule for self-update in clear.sh # System upgrades: * Add all Tika versions from 1.1 to 1.13 in /opt/tika9/ * MariaDB 10.0.27 (critical security upgrade) * MariaDB Galera Cluster 10.0.27 (critical security upgrade) * MongoDB database driver 1.6.14 for all PHP versions < 7 -- fixes #981 * Pure-FTPd 1.0.43 # Fixes: * Check if curl works and re-install if needed before running auto-update * Log LE renewal attempts * Log out all users after lshell em upgrade * Make sure that cURL is always listed in packages * Move permissions fix overrides check to the correct place * Nginx: default FastCGI cache levels value may exhaust all inodes -- #2791885 # Known problems: https://github.com/omega8cc/boa/milestones/3.1.x ### Stable BOA-3.1.2 Release - Full Edition ### Date: Sat Aug 20 14:43:43 PDT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.1.2 ### Latest hotfix added on: Thu Aug 25 09:17:59 PDT 2016 # Release Notes: This BOA release provides system security upgrades, improvements and bug fixes, plus all supported Drupal platforms updated to latest versions, and supplied with latest Drupal 7 core. @=> You can use NPM to install Grunt/Gulp/Bower -- #1028 by @pricejn2 (thanks!) Now the same ~/static/control/compass.info file will activate not only RVM, which can be used to install Compass Tools, but also NPM, which can be used to install Grunt/Gulp/Bower. You will need to re-initialize your account to have it added, by deleting the control file, and adding it again after ~10 minutes. More details: https://github.com/omega8cc/boa/blob/master/docs/RVM.txt @=> Redis integration works with Drupal 8 -- with no effort on your side We have added a smart activation procedure, to meet the D8 Redis module requirements. The system will add Redis integration to your Drupal 8 sites automatically, but will keep it inactive, until the module will be installed properly, during nightly system autonomous maintenance. This means that Redis will start working in every existing and newly installed Drupal 8 site with some initial delay, to get things installed in the correct order, and still without any effort on your side. # Other enhancements: * Add mydropwizard to Drush extensions for Drush Make D6 support * Add support for Drupal 8 specific development.services.yml file * Allow to configure stable/head BOA auto-upgrades via _AUTO_VER variable * Compatibility with Multi-byte UTF-8 support in Drupal 7 # Changes: * Add Adminer database manager and deprecate Chive manager -- #1036 * Enable Let's Encrypt LIVE mode via ~/static/control/ssl-live-mode.info * Force /root/.use.curl.from.packages.cnf to install cURL from packages * Run db sqlmagic auto conversion also on test/dev sites, if activated # System upgrades: * CSF 9.11 * Drush micro-8-23-07-2016 * Lshell 0.9.18.8 (security update for shell escalation issues) * MariaDB 10.0.26 * MariaDB 5.5.51 * Mysqltuner v1.6.15 * Nginx 1.11.3 * OpenSSH 7.3p1 (if installed from sources) * PHP 5.5.38 * PHP 5.6.25 * PHP 7.0.10 * PHPRedis dev5-11-08-2016 * PHPRedis dev7-11-08-2016 * Redis 3.2.3 * Redis D8 integration mod-12-08-2016 * vnStat 1.15 # Fixes: * Avoid race conditions on web system user update * Debian Jessie 8.3+ needs grub update -- fixes #912 * Detection of Amazon AWS / EC2 instance -- fixes #930 * Disable Redis integration until module is installed (D8 only) * Do not force --default-character-set=utf8 -- see #1020 * Don’t set $MANPATH when npm support is enabled * Fix for openssh-sftp-server status on Jessie * FMG installation hangs on keyring install -- fixes #1050 * Force InnoDB in sqlmagic for Drupal 7+ -- see #1020 * Ignore ~/control/multi-fpm.info on too old Octopus (2.4) instances * Linux Kernel CVE-2016-5696 mitigation * Mitigate httpoxy vulnerability * Nginx: Fix for not working autodiscover flood protection * Nginx: Fix for the add_header inheritance * Nginx: Improve fastcgi_cache_valid TTL settings * Octopus auto-upgrade should set _AUTOPILOT=YES on the fly -- fixes #1041 * Remove deprecated MyISAM exceptions in sqlmagic command * Run detect_cdorked_malware() only if /usr/sbin/nginx exists * Run registry-rebuild directly after hostmaster upgrade * Single _tmp_ dir is enough to require forced cleanup (Drush cache) * Sync keyring install command with BOA standard -- #1052 * Sync modules auto en/dis for Drupal 8 * Update check_boa_php_compatibility() * Upgrade to panels-7.x-3.7 (security) in all distros using the module * Whitelist elFinder requests * Workaround for aegir_backup_export_path # Known problems: https://github.com/omega8cc/boa/milestones/3.1.x ### Stable BOA-3.1.1 Release - Full Edition ### Date: Wed Jun 22 12:24:17 PDT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.1.1 ### Latest hotfix added on: Fri Jun 24 06:01:07 PDT 2016 # Release Notes: This BOA release provides system security upgrades, improvements and bug fixes, plus all supported Drupal platforms updated to latest versions, and supplied with latest Drupal 7 core (security release). # New features and enhancements: * Add _SSH_ARMOUR feature * Add strict check for supported virtualization systems * Allow to install ImageMagick from sources when _MAGICK_FROM_SOURCES=YES # Changes: * Deprecate support for old Solr versions <4 * Switch cluster support to 3.x # System upgrades: * Drush micro-8-15-06-2016 * MariaDB 5.5.50 * Nginx 1.11.1 * PHP 5.5.37 * PHP 5.6.23 * PHP 7.0.8 * Redis 3.2.1 # Fixes: * Add compatibility with magick src * Add ToC (Table of Contents) for the Let's Encrypt section in docs/SSL.txt * Downgrade JSmin from 2.0.1 to 2.0.0 -- fixes #993 * Fix for legacy cluster support * Fix for virtualbox detection -- see #972 * Fix permissions on sites directories * Fix sites/all/drush permissions compatibility with Drush 8.2 * Improve protection for custom solrconfig.xml and schema.xml -- fixes #969 * Migration: xboa supports only Aegir 2.x -- #960 * Reinstall default-jre on major OS upgrade, if needed -- fixes #986 * Remote Drush support regression -- fixes #984 * The ~/static/control/README.txt is not updated on octopus upgrade #965 * Update docs/SOLR.txt to match currently supported procedures -- fixes #963 * Use st_runner() wrapper only for apt-get/aptitude # Known problems: https://github.com/omega8cc/boa/milestones/3.1.x ### Stable BOA-3.1.0 Release - Full Edition ### Date: Thu May 26 16:41:40 PDT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.1.0 ### Latest hotfix added on: Mon May 30 08:55:03 PDT 2016 @=> Includes Aegir Hostmaster 3.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 8 customized for BOA # Release Notes: This BOA release includes new features, system upgrades, improvements and bug fixes, with most notable features and changes listed below. All supported Drupal platforms have been updated to latest versions. @=> Let's Encrypt free SSL certificates are supported directly in Aegir @=> PHP-FPM version can be switched per site hosted on the same instance @=> Both Aegir control panel and its backend are compatible with PHP 7.0.7 @=> Support for forced Drush cache clear in the Aegir backend @=> BOA can run Debian Wheezy to Debian Jessie upgrades easily More details on new features, enhancements and changes can be found below. ### #-### Let's Encrypt free SSL certificates are supported directly in Aegir ### You can find these important Let's Encrypt topics discussed below: # Introduction # How it works? # How to add Letsencrypt.org SSL certificate to hosted site? # How to add Letsencrypt.org SSL certificate to the Aegir Hostmaster site? # How to modify/renew Letsencrypt.org SSL certificate for SSL enabled site? # Are there any requirements, limitations or exceptions? # How to enable live mode? # How to replace Let's Encrypt certificate with custom certificate? [ Available also at: https://omega8.cc/node/381 ] This BOA release opens a new era in SSL support for all hosted Drupal sites. The old method of creating SSL proxy vhosts is officially deprecated, as explained in the docs/SSL.txt how-to: NOTE ###===>>> The old how-to is still useful if you prefer to use SSL termination separated from your Aegir system, or if you don't want to use built-in Letsencrypt.org SSL certificates support (available since BOA-3.1.0). But if you can use Letsencrypt.org SSL certificates, or you are willing to use also built-in BOA feature which allows you to replace Letsencrypt.org SSL certificate with any third-party certificate per site, while still managing SSL via Aegir control panel (for redirects, forced/required SSL mode), we highly recommend to use Aegir built-in SSL support, which is enabled and ready to use in all Octopus instances since BOA-3.1.0 release. NOTE ###===>>> * How it works? BOA leverages letsencrypt.sh utility to talk to Letsencrypt.org servers, and on the Aegir side it's using new `hosting_le` extension, which replaces self-signed SSL certificates generated by Aegir with Let's Encrypt ones. You can find more information on both at these URLs: https://github.com/lukas2511/letsencrypt.sh https://github.com/omega8cc/hosting_le * How to add Letsencrypt.org SSL certificate to hosted site? In your Aegir control panel please go to the site's node Edit tab, then under `SSL Settings > Encryption` choose either `Enabled` or `Required`, if you want to enable HTTP->HTTPS redirection on the fly. Now click `Save` and wait until you will see the Verify task completed. Done! NOTE: SSL Settings are not available in the Add Site form, only in Edit. * How to add Letsencrypt.org SSL certificate to the Aegir Hostmaster site? !!! WARNING !!! ###===>>> Don't enable SSL option for the Hostmaster site in Aegir !!! WARNING Let's Encrypt SSL for Aegir control panel is handled in BOA outside of the control panel, and you should never enable it within control panel. During octopus upgrade you will see this message, explaining what to do: BOA [02:44:59] ==> UPGRADE B: Letsencrypt SSL initial mode: DEMO BOA [02:44:59] ==> UPGRADE B: LE -- No real SSL certs will be generated BOA [02:44:59] ==> UPGRADE B: LE -- To enable live SSL mode, please delete file: BOA [02:44:59] ==> UPGRADE B: LE -- /data/disk/o1/tools/le/.ctrl/ssl-demo-mode.pid BOA [02:44:59] ==> UPGRADE B: LE -- Then run octopus forced upgrade * How to modify/renew Letsencrypt.org SSL certificate for SSL enabled site? When you modify aliases or redirections, Aegir will re-create the SSL certificate on the fly, to match current settings and aliases to list. BOA runs auto-renewal checks for you weekly, and forces renewal if there is less than 30 days to the certificate expiration date (Let's Encrypt certs are valid for up to 90 days before they have to be renewed). Also every Verify task against SSL enabled site runs this check on the fly. * Are there any requirements, limitations or exceptions? Yes, there are some: * All aliases must have valid DNS names pointing to your server IP address * Even with aliases redirection enabled all aliases are listed as SAN names * Avoid renaming SSL-enabled sites; move aliases between site's clones instead * Before you rename a site, disable SSL first; then re-enable once it's renamed NOTE: The Subject Alternative Names (SAN) is a feature which allows to issue multi-domain / multi-subdomain SSL certificates -- it is automated in BOA. Let's Encrypt API for live, real certificates has its own requirements and limits you should be aware of. Please visit their website for details: https://letsencrypt.org/docs/rate-limits/ To make this new BOA feature easy to test before you will be ready to generate real, live SSL certificates, BOA comes with Let's Encrypt demo mode enabled by default, so it will not hit limits enforced for live, real Let's Encrypt SSL certificates. It allows to generate "fake" certs, similar to self-signed certificate used in BOA by default. NOTE: All sites with one or more keywords (listed below) in the site's main name (this exception rule doesn't apply to aliases) will be ignored, and they will receive only self-signed SSL certificates generated by Aegir, once you will switch their SSL settings to `Enabled` or `Required`. `.(dev|devel|temp|tmp|temporary|test|testing|stage|staging).` Examples: `foo.temp.bar.org`, `foo.test.bar.org`, `foo.dev.bar.org` NOTE: This exception rule doesn't apply to aliases which are not used as a redirection target. Even aliases with listed special keywords in their names will be listed as SAN entries, as long as they are valid DNS names. * How to enable live mode? It is enough to delete the `[aegir_root]/tools/le/.ctrl/ssl-demo-mode.pid` control file and run Verify task on any SSL enabled site again. NOTE: If you are on hosted BOA, you don't have an access to this location on your system, so please open a ticket at: https://omega8.cc/support You could switch it back and forth to demo/live mode by adding and deleting the control file, and it will re-register your system via Let's Encrypt API, but we have not tested how it may affect already generated live certificates once you will run the switch many times, so please try not to abuse this feature. It is important to remember that once you will switch the Let's Encrypt mode to demo from live, or from live to demo, by adding or removing the `[aegir_root]/tools/le/.ctrl/ssl-demo-mode.pid` control file, it will not replace all previously issued certificates instantly, because certificates are updated, if needed, only when you (or the BOA system for you during its daily maintenance, if used) will run Verify tasks on SSL enabled sites. These BOA specific Verify tasks are normally scheduled to run weekly, between Monday and Sunday, depending on the first character in the site's main name, so both live and demo certificates may still work in parallel for SSL enabled sites until it will be their turn to run Verify and update the certificate according to currently set Let's Encrypt mode. NOTE: You may find some helpful details in the Verify task log -- look for lines with `[hosting_le]` prefix. * How to replace Let's Encrypt certificate with custom certificate? 1. Create an empty control file (replace `example.com` with your site name): `[aegir_root]/tools/le/.ctrl/dont-overwrite-example.com.pid` 2. Replace `privkey.pem` symlink with single file containing your custom certificate key -- use `privkey.pem` as a filename in the directory: `[aegir_root]/tools/le/certs/example.com/` 3. Replace `fullchain.pem` symlink with single file containing your custom certificate and all intermediate certificates beneath it -- use `fullchain.pem` as a filename in the same directory: `[aegir_root]/tools/le/certs/example.com/` 4. Run Verify task for your site in the Aegir control panel. Done! NOTE: If you are on hosted BOA, you don't have an access to this location on your system, so please open a ticket at: https://omega8.cc/support ### #-### Support for PHP-FPM version switch per Octopus instance (also per site) ### ### ~/static/control/fpm.info ### ### This file, if exists and contains supported and installed PHP-FPM version, ### will be used by running every 2-3 minutes system agent to switch PHP-FPM ### version used for serving web requests by this Octopus instance. ### ### IMPORTANT: If used, it will switch PHP-FPM for all Drupal sites ### hosted on the instance, unless multi-fpm.info control file also exists. ### ### Supported values for single PHP-FPM mode which can be written in this file: ### ### 7.0 ### 5.6 ### 5.5 ### 5.4 ### 5.3 ### ### NOTE: There must be only one line and one value (like: 7.0) in this file. ### Otherwise it will be ignored. ### ### It is now possible to make all installed PHP-FPM versions available ### simultaneously for sites on the Octopus instance with additional ### control file: ### ### ~/static/control/multi-fpm.info ### ### This file, if exists, will switch all hosted sites to highest ### available PHP-FPM version within the 5.3-5.6 range, with ability ### to override PHP-FPM version per site, if the site's name is listed ### in this additional control file, as shown below: ### ### foo.com 7.0 ### bar.com 5.5 ### old.com 5.3 ### ### NOTE: Each line in the multi-fpm.info file must start with main site name, ### followed by single space, and then the PHP-FPM version to use. ### ### #-### Support for PHP-CLI version switch per Octopus instance (all sites) ### ### ~/static/control/cli.info ### ### This file, while similar to fpm.info, if exists and contains supported ### and installed PHP version, will be used by running every 2-3 minutes ### system agent to switch PHP-CLI version for this Octopus instance, but ### it will do this for all hosted sites. There is no option to switch this ### or override per site hosted. ### ### NOTE: While current Aegir version 3.x included in BOA works fine with ### latest PHP 7.0, many hosted sites, especially using Pressflow 6 core or ### older Drupal 7 core without required patch we have included since 7.43.2, ### will not work properly and Aegir tasks run against those sites may fail, ### so it's recommended to use PHP-CLI 5.6, unless you have verified that all ### sites on the instance support PHP 7.0 without issues. ### ### Supported values which can be written in this file: ### ### 7.0 ### 5.6 ### 5.5 ### 5.4 ### 5.3 ### ### There must be only one line and one value (like: 5.6) in this control file. ### Otherwise it will be ignored. ### ### #-### Support for forced Drush cache clear in the Aegir backend ### ### ~/static/control/clear-drush-cache.info ### ### Octopus instance will pause all scheduled tasks in its queue, if it will ### detect a platform build from the makefile in progress, to make sure ### that no other running task could break the build. ### ### This is great, until there will be a broken build, and Drush will fail ### to clean up all leftovers from its .tmp/cache directory, which in turn ### will pause all tasks in the queue for up to 24-48 hours, until the cache ### directory will be automatically purged by running daily cleanup tasks, ### designed to not touch anything not old enough (24 hours at minimum) ### to not break any running builds. ### ### If you need to unlock the tasks queue by forcefully removing everything ### from the Aegir backend Drush cache, you can create an empty control file: ### ~/static/control/clear-drush-cache.info ### ### #-### BOA can run Debian Wheezy to Debian Jessie upgrades easily ### This feature works like it worked before for `_LENNY_TO_SQUEEZE=YES` and then for `_SQUEEZE_TO_WHEEZY=YES`. But make sure you follow all the steps exactly as listed below: 1. Upgrade both barracuda and octopus to current stable: $ cd;wget -q -U iCab http://files.aegir.cc/BOA.sh.txt;bash BOA.sh.txt $ barracuda up-stable $ octopus up-stable all both NOTE: You can upgrade octopus selectively, if you still need one running the old stable BOA-2.4.9 version, example: $ octopus up-2.4 o1 force $ octopus up-stable o2 force $ octopus up-stable o3 force 2. Add to your /root/.barracuda.cnf this line: _WHEEZY_TO_JESSIE=YES 3. Run another barracuda upgrade with command: $ barracuda up-stable 4. If there are no errors reported, try to run manual update: $ aptitude update $ aptitude full-upgrade It should tell you that there are no packages to upgrade left. 5. Reboot your system (preferably via remote console) $ reboot 6. Run barracuda upgrade again: $ barracuda up-stable 7. Try to run manual update: $ aptitude update $ aptitude full-upgrade It should tell you that there are no packages to upgrade left. 8. Congrats! You are running BOA stable on Debian Jessie. # New features and enhancements: * Add all aliases as Subject Alternative Names in Let's encrypt certs -- #941 * Add auto-renewal procedure for Let's encrypt certs -- #942 * Add option to exclude *.tar.gz Drush archives in backboa -- #936 * Add Restaurant 1.11 * Add support for arbitrarily selected redirection targets as valid SSL names * Allow to define PHP-FPM version per site hosted -- #935 * Allow to use drush7 and drush8 on command line directly * Even with redirection enabled all aliases are listed as SAN names -- #964 * Feature: _WHEEZY_TO_JESSIE major upgrade procedure -- #870 * Let's encrypt support -- #500 * New Relic integration compatibility with multi-FPM mode * Support for forced Drush cache clear in the Aegir backend * Use Let's encrypt for Hostmaster site (after Octopus upgrade) -- #940 # Changes: * Do not allow XtraDB to crash the server due to single broken cache table * Nginx: Use faster 301/302 redirects * Nginx: Use only TLSv1.1 TLSv1.2 * Redis: Exclude cache_form bin again to avoid rare issues with contrib * Use dynamic httpredir.debian.org mirrors # System upgrades: * cURL 7.49.0 (if installed from sources) * Jetty 9.2.16.v20160414 * Nginx 1.11.0 * PHP 5.5.36 * PHP 5.6.22 * PHP 7.0.7 * Redis 3.2.0 * SLF4J 1.7.21 # Fixes: * Add compatibility with "config.sh" renamed to "config" in letsencrypt.sh * Add ssl_trusted_certificate directive required by ssl_stapling * Add warning: "Don't enable SSL option for the Hostmaster site in Aegir" -- #962 * Check if parent dir exists before touching ctrl file -- #945 * Do not clear drush cache on every hosting-dispatch -- #943 * Do not create Letsencrypt cert for Hostmaster if still in demo mode * Do not force PHP rebuild on new cURL install from sources * Drush is broken error -- clear drush cache before testing it -- #946 * Fix for backward compatibility with FPM pool tpl in 2.4 * Fix for Chive auth (via SSH) access filtering * Fix for conflicting Jetty libs * Fix ownership and attr on usr home dirs / subdirs * Improve sub-accounts zombie cleanup * Let's Encrypt SSL - switching from demo to live -- #959 * Make backboa sub-tasks delays optional and disable them by default -- #919 * Nginx: Fix for ssl_dhparam if/else logic * Remove deprecated wildcard HTTPS warning * Run registry-rebuild before updatedb with --no-cache-clear -- #938 * Set LE mode to DEMO on initial setup -- both on octopus install and upgrade * Skynet upgrades for limited shell configuration -- #950 * Something is stuck after BOA upgrade to 3.0.2 -- #951 * The makefile based platform creation fails with permissions error -- #943 * The site's files should have Aegir backend user as an owner * Use strict paths checks to avoid running chown/chmod on parent dirs # Known problems: https://github.com/omega8cc/boa/milestones/3.1.x ### Stable BOA-3.0.2 Release - Full Edition ### Date: Tue May 3 22:26:09 PDT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.0.2 ### Latest hotfix added on: Fri May 6 08:42:13 PDT 2016 @=> Includes Aegir Hostmaster 3.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 8 customized for BOA # Release Notes: This BOA release includes several important system upgrades, improvements and bug fixes. All supported platforms have been updated to latest versions. @=> Latest Drupal 7 core version used in BOA in all built-in platforms is compatible with latest PHP 7.0.6 -- you can switch your Octopus instance easily via fpm.info control file: https://omega8.cc/node/330 but please don't use 7.0 in cli.info, because it is not supported in the Aegir backend yet. PHP 7.0 can't be used if you have any Pressflow 6 site. # New features and enhancements: * Add idna_convert to hostmaster for IDN domain names auto-conversion -- #916 * Allow to disable redis.path.inc feature via INI variable -- #815 * Drupal 7.43.2 (with PHP 7 compatibility patch) * PHP 7 compatibility improvements -- #716 * Pressflow 6.38.2 (only version update) * Truncate giant watchdog tables # Changes: * Disable (temporarily) support for outdated ERPAL distro * Disable auto-upgrade for legacy Octopus instances * Disable page cache only in hostmaster * Disable PAMAuthentication in pure-ftpd * Force PHP 5.6 or 5.5 cli.info in Octopus 2.4.9 * Force Redis SOCKET mode if PORT was used before * Redis module mod-03-05-2016 * Redis: Limit methods to define site prefix * Redis: Use maxmemory-policy volatile-ttl * Set redis_client_base * Use Redis in hostmaster * Use standard profile by default # System upgrades: * Drush micro-8-24-04-2016 * MariaDB 10.0.25 * MariaDB 5.5.49 * MariaDB Galera Cluster 10.0.25 * Nginx 1.9.15 * OpenSSL 1.0.2h (used only in custom built Nginx) * PHP 5.5.35 * PHP 5.6.21 * PHP 7.0.6 # Fixes: * Add check_boa_php_compatibility() procedure -- fixes #906 * Add patch for registration error (Commons) * Avoid duplicate entries in hosting_cron on hostmaster install -- #928 * Cron not running on cloned sites -- fixes #922 * Disable hosting-pause / Provision -- not needed in BOA, may hang upgrade * Do not force TERM * Do not set $conf['redis_eval_enabled'] = TRUE; * Enable _DEBUG_MODE=YES on Octopus upgrade from BOA-2.4.9 * Experimental hosting_git error, platform not installed -- fixes #904 * Improve the provision_autoload_register_prefix check * Make sure that auto-generated robots.txt is OK -- fixes #925 * Make sure that hostmaster cron is never disabled * Make sure to not set PHP 7 as system default * Restart php-fpm on upgrade as soon as possible * Run registry-rebuild directly after hostmaster-migrate * Run update_php_cli_cron() twice * Use inetutils-syslogd on VZ systems -- fixes #905 * Use syncpass during hostmaster upgrade * Workaround for hostmaster upgrade from 2.x # Known problems: https://github.com/omega8cc/boa/milestones/3.1.1 ### Stable BOA-3.0.1 Release - Full Edition ### Date: Mon Apr 11 18:49:43 PDT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.0.1 @=> Includes Aegir Hostmaster 3.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 8 customized for BOA # Release Notes: This BOA release includes important fixes and improvements in the upgrade procedure from BOA-2.4.9 and in the initial install procedures, along with support for latest Drupal 8.0.x and 8.1.x as custom platforms you can create in the ~/static directory tree. We list here also all hot-fixes applied after initial BOA-3.0.1 release. @=> BOA will not include built-in Drupal 8 platforms until Drupal 8 will support symlinks in the codebase, like all previous core versions. @=> Octopus Aegir instances hosted on Power Engine option will *not* receive upgrade to BOA-3.x unless requested via https://omega8.cc/support to prevent issues with (often) customized Hostmaster modules not ready for Drupal 7 based Aegir control panel. All hosted BOA systems will still continue to receive the Barracuda system upgrades. @=> It is possible to host previous stable BOA-2.4.9 Octopus instances on systems with Barracuda upgraded to BOA-3.0.1 # Known problems: https://github.com/omega8cc/boa/milestones/3.0.2 # New features and enhancements: * Allow boa in-octopus to specify version {stable|head|2.4} # Changes: * Allow to execute compass over SSH * Allow to upload dot-files via SFTP * Remove/don't install not used blocks in Hostmaster # System upgrades: * Add mydropwizard-6.x-1.4 to all existing D6 platforms * Drush micro-8-08-04-2016 * Lshell 0.9.18.3 -- #895 * Nginx 1.9.14 * PHP 5.5.34 * PHP 5.6.20 * PHP 7.0.5 (for testing only) * Redis module 7.x-3.12 # Fixes: * 3.0.0 clean install is broken -- #899 * boa in-2.4 fails to install on Debian Jessie -- #898 * Can't git pull -- #890 * CiviCRM error on verification D6 site -- #897 * D7 API compatibility fix for node_save() in Hostmaster * Do not switch default PHP to 7.0 if installed * Drush issues: no aliases available -- #887 * Fix for 3.x to 3.x upgrades * Fix for FPM master proc monitor * Fix for input filters upgrade path * Fix for series test to avoid downgrade attempts * Fix the legacy install mode -- #898 * Less and more no longer allowed -- #896 * Limit the list of allowed_shell_escape commands * Missing VBO options -- #892 * Overlay header title not showing -- #889 * Problems installing rvm / compass -- #895 * Remove deprecated sftp restriction * Require BOA-2.4.9 before upgrade to BOA-3.x also in barracuda -- #886 * Switch octopus upgrade mode automatically to legacy if needed * tar and gunzip fails because of permission denied -- #894 * Use Drush 8 on command line -- #887 * vi and vim both open nano instead of vim -- #893 ### Stable BOA-3.0.0 Release - Full Edition ### Date: Wed Mar 30 10:48:54 PDT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/3.0.0 ### Latest hotfix added on: Wed Apr 6 17:40:12 PDT 2016 @=> Includes Aegir Hostmaster 3.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 8 customized for BOA # Release Notes: This BOA release includes complete Aegir 3 with Drush 8, and introduces full support for latest Drupal 8.0.5 and Drupal 8.1.0-beta2 as custom platforms you can create in the ~/static directory tree. @=> BOA will not include built-in Drupal 8 platforms until Drupal 8 will support symlinks in the codebase, like all previous core versions. @=> All supported Aegir platforms have been updated to their latest releases @=> Octopus Aegir instances hosted on Power Engine option will *not* receive upgrade to BOA-3.x unless requested via https://omega8.cc/support to prevent issues with (often) customized Hostmaster modules not ready for Drupal 7 based Aegir control panel. All hosted BOA systems will still continue to receive the Barracuda system upgrades. @=> It is possible to host previous stable BOA-2.4.9 Octopus instances on systems with Barracuda upgraded to BOA-3.0.0 # Known problems: https://github.com/omega8cc/boa/milestones/3.0.1 While clean 3.0.0 install worked in our tests before the release, it doesn't work for others. Until this problem is fixed properly without regressions, we are switching boa installer back to 2.4.9, which makes getting 3.0.0 on initial installation a two step operation: first 'boa in-stable' install to get 2.4.9, and then 'barracuda up-stable' plus 'octopus up-stable' upgrade to get 3.0.0, because upgrades for barracuda and octopus from 2.4.9 to 3.0.0 work fine. This also means that 'boa in-octopus' will still install the legacy 2.4.9 octopus extra instances, and you can upgrade them to 3.0.0 with standard 'octopus up-stable' mode. It is still possible to test/debug boa 3.0.0 clean installs -- just create an empty /root/.debug-boa-installer.cnf file before running the installer. # New features and enhancements: * Add Hosting Git optional feature -- fixes #753 * Add mydropwizard module to D6 o_contrib by default * Add support for ap-northeast-2 Asia Pacific (Seoul) S3 * Add support for PHP 7.0 -- experimental ! -- fixes #716 * Add support for VServer kernel 4.1.19-vs2.3.8.4-beng * BOA with Aegir Hostmaster 3.x -- fixes #715 * Switch to Drush 8 for Drupal 8 -- fixes #729 * Allow to randomize duplicity full backup schedule * Monitor and block SSH connections flood * Run registry-rebuild in drush_provision_drupal_post_provision_deploy() # Changes: * Add linkchecker module to Contrib [F]orce[D]isabled * Deny sudo/su switch if used for root access - fixes #879 * Do not install / remove auditd on VServer systems * Do not install / remove udev on VServer systems * Merge hosting_advanced_cron into Aegir core cron * Use Redis 7.x-3.x integration module # System upgrades: * Boto 2.39.0-fix-python-2.7.9 (please run 'backboa install' to upgrade) * CSF 8.16 * Drush mini-8-08-03-2016 * Duplicity 0.7.06 (please run 'backboa install' to upgrade) * Lshell 0.9.18.3 * MongoDB database driver 1.6.13 for all PHP versions < 7 -- fixes #521 * Nginx 1.9.14 * OpenSSH 7.2p2 (if installed from sources) * OpenSSL 1.0.2g (used only in custom built Nginx) * PHP 5.5.34 * PHP 5.6.20 * PHP 7.0.5 (for testing only) * Twig C extension for PHP - v.1.24.0 * Use PHP jsmin 2.0.1 ext with newer PHP versions - fixes #878 # Fixes: * [system] sync fix_locales for root -- fixes #880 * Add mydropwizard-6.x-1.4 to all existing D6 platforms * Auto-Update lshell.conf on all systems * Fix for 3.x to 3.x upgrades * Fix for entitycache 1.2 to 1.5 upgrade problem #868 * Fix for FPM master proc monitor * Fix for series test to avoid downgrade attempts * Numerous lshell problems -- fixes #896 #895 #894 #893 #890 * Problems installing rvm / compass -- fixes #895 * Require 2.4.9 before upgrade to 3.0.0 also in barracuda -- fixes #886 * Restart rsyslog/sysklogd aggressively enough * Switch boa meta installer to 2.4.9 until #899 is fixed * Switch octopus upgrade mode automatically to legacy if needed * Sync max_user_connections * Update map $http_user_agent $is_crawler * Use Drush 7 on command line until #887 is fixed ### Stable BOA-2.4.9 Release - Full Edition ### Date: Sat Feb 27 15:22:11 GMT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.9 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release includes latest Drupal 7 and Pressflow 6 security updates, along with bug fixes and other system software updates. @=> All supported Aegir platforms have been updated to their latest releases @=> What are BOA plans for Drupal 6 support after February 24th, 2016? We will support Drupal/Pressflow 6 in all new releases, as long as available PHP versions will allow to use it (we run our own Pressflow 6 based site on PHP 5.6 for many months with zero issues). For more details please check: https://github.com/omega8cc/boa/issues/824 @=> Even if deprecated PHP versions are still included in this release, any Octopus instance running PHP older than 5.5 will not be able to receive upgrade to BOA-2.4.9, as announced before -- Please switch your Octopus to PHP 5.6 or at least 5.5 to be able to upgrade not only the Barracuda system part of BOA, but also Octopus Satellite -- The how-to can be found at: https://omega8.cc/node/330 @=> Drupal 8 support for custom platforms in the ~/static directory tree will be included, along with Drush 8 and Hostmaster 3.x in the upcoming BOA-3.0.0 release: https://github.com/omega8cc/boa/milestones/3.0.0 Note: BOA will not include built-in Drupal 8 platforms until Drupal 8 will support symlinks in the codebase, like all previous core versions # System upgrades: * MariaDB Galera Cluster 10.0.24 * Nginx 1.9.12 # Fixes: * Do not force Ruby with RVM for root on every upgrade * SQL max_user_connections autoconf value can be too low -- fixes #873 ### Stable BOA-2.4.8 Release - Full Edition ### Date: Sat Feb 20 11:28:05 GMT 2016 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.8 ### Latest hotfix added on: Mon Feb 22 18:28:51 GMT 2016 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release includes several important system upgrades and bug fixes, with most notable features and changes listed below. @=> Debian 8 Jessie is fully supported, but includes only PHP 5.5 and 5.6 @=> All supported Aegir platforms have been updated with latest Drupal cores @=> Even if deprecated PHP versions are still included in this release, any Octopus instance running PHP older than 5.5 will not be able to receive upgrade to BOA-2.4.8, as announced before -- Please switch your Octopus to PHP 5.6 or at least 5.5 to be able to upgrade not only the Barracuda system part of BOA, but also Octopus Satellite -- The how-to can be found at: https://omega8.cc/node/330 @=> Drupal 8 support for custom platforms in the ~/static directory tree will be included, along with Drush 8 and PHP 7 in the *upcoming* BOA-3.0.0 release: https://github.com/omega8cc/boa/milestones/3.0.0 Note: BOA will not include built-in Drupal 8 platforms until Drupal 8 will support symlinks in the codebase, like all previous core versions @=> What are BOA plans for Drupal 6 support after February 24th, 2016? We will support Drupal/Pressflow 6 in all new releases, as long as available PHP versions will allow to use it (we run our own Pressflow 6 based site on PHP 5.6 for many months with zero issues). For more details please check: https://github.com/omega8cc/boa/issues/824 # Changes: * Add "boa info" and 'boa info more' helper command * Add branch support in the boa wrapper * Allow to force re-install with /root/.force.reinstall.cnf present * Allow to run existing Octopus 2.4 on the upcoming Barracuda 3.0 * Deny Octopus upgrade unless it is running on a compatible PHP version 5.5+ * Full backboa backups are scheduled on Sunday, unless custom _AWS_FLC is set * Full duobackboa backups will run on Saturday, unless custom _AWS_FLC is set * Make base nice configurable via _B_NICE variable * Nginx: Sync htaccess level protection with Drupal core * Nginx: Update map $http_user_agent $is_crawler * Only instance already running 2.4.8 can upgrade to upcoming 3.0.0 * Remove no longer supported T1lib in PHP * Remove support for deprecated OS versions -- fixes #802 * Replace in-legacy and up-legacy with version specific commands * Revert "Issue #2377819: Gzipping backups suppresses file permissions errors" * Run minimal modules en/dis procedure on Wednesday and full on Saturday * Skip legacy PHP 5.3 and 5.4 on Jessie * Support for Debian 8 Jessie -- fixes #702 * The _MODULES_FIX variable is set to YES by default * The _PERMISSIONS_FIX variable is set to YES by default -- fixes #593 # System upgrades: * Git 2.7.0 (if installed from sources) * MariaDB 10.0.24 * MariaDB 5.5.48 * Nginx 1.9.11 * OpenSSH 7.1p2 (if installed from sources) * OpenSSL 1.0.2f (used only in custom built Nginx) * PHP 5.5.32 * PHP 5.6.18 * PHP: Imagick 3.3.0 * Redis 3.0.7 * Ruby 2.3.0 # Fixes: * Add duobackboa docs * Add missing libs in Jessie * Allow to install a specific PHP version on a local install -- fixes #848 * Allow to run upgrade from not really 3.x HEAD to 2.4.8 * Automate /root/.force.reinstall.cnf and improve docs * Disable Octopus 3.x specific version check (tmp) for 2.4.8 * Disable spinner on Jessie * Do not force rebuild on systems installed with 2.4.8 * Do not kill long running php-fpm childs * Do not run the old D7 core fix on newer BOA versions -- fixes #842 * Do not wait for simple sed replacements -- fixes #838 * Fix a typo in some locCnf variable calls -- fixes #854 * Fix for ignored boa_platform_control.ini * Fix for MariaDB version check * Fix for not working S3 bucket connection test * Fix for process.max and pm.max_children * Fix for undefined locCnf variable in BOND - fixes #748 * Fix the logic in mysql_proc_kill() * Fix too aggressive Jetty monitoring * Force clean rsyslog/sysklogd restart if required * Force rebuild for affected services built from sources -- CVE-2015-7547 * Improve backup sub-tasks randomized schedule * Improve initial install how-to with screen * Locales check should not be used with screen session -- fixes #871 * Nginx: Remove duplicate $args on redirects * Nginx: Workaround for broken autocomplete * Remove dependency on _MODULES_FIX=YES -- fixes #592 * Remove no longer used _SSL_FROM_SOURCES logic * Remove systemd on Debian Jessie -- fixes #840 * Restart syslog hourly * Run drush cache cleanup only once per account * Speed up backup tasks by removing extra conn_test * Speed up backup tasks by running extended cleanup and reporting weekly * Speed up initial setup procedure * Sync wait randomizer max value * Upgrade wkhtmltopdf and wkhtmltoimage to 0.12.3 - fixes #858 * Use date %u day of week (1..7); 1 is Monday * Whitelist missing upload progress path ### Stable BOA-2.4.7 Release - Full Edition ### Date: Fri Dec 4 08:09:21 PST 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.7 ### Latest hotfix added on: Thu Dec 10 10:10:26 PST 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release includes several important system upgrades and bug fixes, with most notable features and changes listed below. @=> All supported Aegir platforms have been updated with latest Drupal cores @=> Drupal 8 support for custom platforms in the ~/static directory tree will be included, along with Drush 8 and PHP 7 in the *upcoming* BOA-3.0.0 release: https://github.com/omega8cc/boa/milestones/3.0.0 @=> This BOA release (2.4.7) is the last release which still supports deprecated PHP versions: 5.3 and 5.4 -- You should switch to PHP 5.6 or at least 5.5 as soon as possible, or you will not be able to upgrade to newer BOA versions after 2.4.7 -- https://omega8.cc/node/330 @=> What are BOA plans for Drupal 6 support after February 24th, 2016? We will support Drupal/Pressflow 6 in all new releases, as long as available PHP versions will allow to use it (we run our own Pressflow 6 based site on PHP 5.6 for many months with zero issues). For more details please check: https://github.com/omega8cc/boa/issues/824 @=> SSH (RSA) keys for root are required by newer OpenSSH versions used in BOA BOA installs SSH from sources by default (Debian only). This means that password based access for root will not work once BOA is installed or upgraded to current stable version. It is a result of OpenSSH changes in recent releases and not BOA specific change. BOA will deny the initial install and Barracuda will refuse to run upgrade if it detects that system root has no SSH (RSA) keys added and only password based access is available. You can still modify this behaviour in /usr/etc/sshd_config but future OpenSSH versions may still revert such changes, so it is not recommended. @=> BOA switched from SPDY to HTTP/2 + PFS on all supported OS versions # Changes: * Allow to disable SQL monitoring with /root/.no.sql.cpu.limit.cnf -- #799 * Disable page caching on the fly where needed * Disable temporarily support for broken Restaurant distro * Do not rebuild features and entities on cache clear * Document new requirement: SSH (RSA) keys for root -- fixes #786 #833 * Make ioncube_loader optional and disable by default with _PHP_IONCUBE=NO * Nginx SSL: enable OCSP stapling by default * Nginx SSL: enable OCSP stapling for existing HTTPS vhosts * Nginx: Add ssl_dhparam to existing vhosts, if needed * Nginx: HTTP/2 replaces SPDY -- fixes #624 * PHP: Add YAML extension with LibYAML * Preserve customized /etc/sysctl.conf -- fixes #789 * Run modules ON/OFF only weekly -- requires _MODULES_FIX=YES (default is NO) * Run most of crontab, install and upgrade tasks with low priority using nice and ionice -- fixes #780 # System upgrades: * cURL 7.45.0 (if installed from sources) * GEOS 3.5.0 (requires _PHP_GEOS=YES) * Git 2.6.1 (if installed from sources) * MariaDB 10.0.22 * MariaDB 5.5.47 * MariaDB Galera Cluster 10.0.22 * Nginx 1.9.7 * OpenSSL 1.0.2e (used only in custom built Nginx) * PHP 5.5.30 * PHP 5.6.16 * Redis 3.0.5 # Fixes: * Add /root/.skip_cleanup.cnf support * Add feature branch testing in HEAD * Avoid load spikes caused by long running tasks * Avoid race conditions on multi-line sed replacement -- fixes #806 * Clean up any remaining procs zombies * Clean up postfix queue to get rid of bounced emails * Disable ioncube and opcache for HHVM * Disable Redis for Hostmaster in the backend * Do not allow to install non-standard OpenSSH on Ubuntu * Do not break /data/all/cpuinfo permissions on Octopus upgrade * Do not run 'apt-get autoremove' automatically * Do not use wrapper for dot-files cleanup * Document better BOA aggressive installation behavior -- fixes #811 * Document boa in-octopus command -- fixes #817 * Don't strip $args from $request_uri in redirects * Fix cron schedule for upgrades * Fix for /etc/sudoers on _SQUEEZE_TO_WHEEZY * Fix for broken Git on Ubuntu * Fix for DNS on _SQUEEZE_TO_WHEEZY * Fix for not working PHP rebuild check * Fix for not working syncpass tool * Fix for Ruby rebuild on _SQUEEZE_TO_WHEEZY * Fix PHP deprecated warning in D8 -- fixes #804 * Ignore 'env COLUMNS' sent by Drush remotely -- fixes #373 * Ignore daily.sh in clear.sh * Improve _SQUEEZE_TO_WHEEZY procedure -- #627 * Improve cron tasks schedule * Improve daily cleanup performance + support for /root/.giant_traffic.cnf * Improve devpts check -- fixes #788 * Improve docs/MIGRATE.txt * Improve resolv.conf auto-recovery procedure * Improve system check -- fixes #811 * Move Redis restart procedure to correct script * PHP: Add missing path to open_basedir for CLI * Remove debug code to not kill the initial install * Remove not working /etc/logrotate.d/lshell -- fixes #823 * Update advagg auto configuration variables -- fixes #792 * Update boa/lib/functions/helper.sh.inc with current OS -- fixes #787 * Update FPM workers autoconf logic * Update the cache cleanup logic * Use better placeholder for solr_integration_module variable * Use correct DPkg::Options for dist-upgrade -- fixes #627 * Use known MySQLTuner version -- fixes #827 * Use LibYAML 0.1.6 * Use opcache.restrict_api * Use sha256 for self-signed certs ### Stable BOA-2.4.6 Release - Full Edition ### Date: Sat Sep 19 11:09:09 PDT 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.6 ### Latest hotfix added on: Mon Sep 21 05:18:33 PDT 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release includes several important system upgrades and bug fixes. All supported Aegir platforms have been updated with latest Drupal cores. # Changes: * Add Twig C extension to PHP - v.1.22.1 * Allow to customize auto-upgrades mode * Disable support for broken OpenScholar and Recruiter * Open default Postgres port for outgoing connections * Remove support for deprecated Feature Server distro * Remove support for deprecated OpenAcademy distro * Remove support for deprecated OpenBlog distro * Remove support for deprecated OpenChurch v.1 distro * Remove support for deprecated OpenDeals distro * Use distro specific Drupal core for problematic distros # System upgrades: * cURL 7.44.0 (if installed from sources) * Duplicity 0.7.05 (please run 'backboa install' to upgrade) * Jetty 7.6.17.v20150415 * Jetty 8.1.17.v20150415 * MariaDB 10.0.21 * MariaDB 5.5.45 * MariaDB Galera Cluster 10.0.21 * Nginx 1.9.4 * OpenSSH 7.1p1 (if installed from sources) * PHP 5.6.13, 5.5.29, 5.4.45 * PHP: ionCube loader 5.0.18 * Pure-FTPd 1.0.42 * Redis 3.0.4 * Ruby 2.2.3, 2.0.0-p647 * Use pecl-jsmin-1.1.0 # Fixes: * Allow to re-install deleted D7/D6 platforms when dev doesn't exist * Do not install phpunit -- it adds many PHP tools we don't need * Drush requires php-eval to run drush_find_tmp() in sql-sync * Fix apache cleanup * Fix invalid regex in the INI docs * Improve auto-healing for SSHd * Improve Nginx DoS an DDoS protection * Improve pdnsd auto-healing * Improve SSL Docs to add more detail about multidomain certificates #757 * Issue #766 - Fix for broken boa in-octopus procedure * Nginx: Fix support for s3/files/styles (s3fs) * Restart PHP-FPM if too many running childs are detected * Sync .htaccess with D7 core * Sync keywords for exceptions in daily.sh with global.inc * Use short sleep on firewall temp blocks cleanup ### Stable BOA-2.4.5 Release - Full Edition ### Date: Fri Jul 10 11:25:43 PDT 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.5 ### Latest hotfix added on: Fri Jul 10 14:49:11 PDT 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release includes PHP security upgrade for versions 5.6, 5.5 and 5.4 plus security upgrade for Redis server and four updated Octopus platforms. Support for Drupal 8 is temporarily removed, because now it would require an upgrade to Drush 8, which in turn completely removes support for PHP 5.3, while it's still more important to support legacy Pressflow 6 sites, if they are not ready to move beyond PHP 5.3 yet, than trying to support some (too fast) moving targets like Drupal 8 beta, and Drush 8 head. # Updated Octopus platforms: Commerce 2.26 ---------------- https://drupal.org/project/commerce_kickstart Commons 3.28 ----------------- https://drupal.org/project/commons OpenAtrium 2.43 -------------- https://drupal.org/project/openatrium Panopoly 1.25 ---------------- https://drupal.org/project/panopoly # Changes: * Drupal 8 is not supported until we can switch to Drush 8 and remove PHP 5.3 # System upgrades: * Nginx 1.9.2 * PHP 5.4.43 * PHP 5.5.27 * PHP 5.6.11 * Redis 3.0.2 ### Stable BOA-2.4.4 Release - Full Edition ### Date: Fri Jul 3 12:08:29 PDT 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.4 ### Latest hotfix added on: Thu Jul 9 10:28:42 PDT 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release includes several important system upgrades and bug fixes. All supported Aegir platforms have been updated with latest Drupal cores. This version automatically switches all hosted sites to PHP 5.5 on systems hosted and managed remotely by Omega8.cc support team, unless you have explicitly switched your Octopus instance to use PHP version you prefer. Using PHP older than 5.5 is strongly discouraged, for security, stability and performance reasons. # Changes: * Do not change mysql root password by default -- workaround for #642 * Enable advagg_async_generation by default * Logic update for /root/.high_traffic.cnf * Redis Integration Module: Update to version mod-26-06-2015 * Use modern ssl_ciphers in all templates by default # System upgrades: * cURL 7.43.0 (if installed from sources) * Drush mini-7-30-06-2015 -- fixes #734 * MariaDB 5.5.44 * MariaDB Galera Cluster 10.0.20 * Nginx 1.9.1 * OpenSSH 6.9p1 (if installed from sources) * OpenSSL 1.0.1p (if installed from sources) * PHP 5.4.42 * PHP 5.5.26 * PHP 5.6.10 * PHPRedis master-27-06-2015 * Pure-FTPd 1.0.41 * vnStat 1.14 # Fixes: * Add 'grep' to overssh -- a list of commands allowed to execute over SSH * Broken pdnsd configuration breaks DNS resolver -- fixes #701 * Do not force update_agents() * Do not modify rkey/debug args in barracuda log/system upgrade mode * Don't remove Drupal 6 core themes -- fixes #738 * Fix for legacy vnStat config * Fixed backboa/duobackboa retrieve from remote host -- fixes #741 * Improve system cron tasks queue * Incorrect permissions on /usr/bin/optipng - fixes #722 * Mitigate LOGJAM - fixes #723 * Restart Postfix after system DNS update -- #701 * Skip daily reload on high traffic instances * Sync SQL connection limits with _PHP_FPM_WORKERS variable - fixes #699 * Use _AWS_URL to properly handle us-east-1 exception * Use 2048 bit where possible - see #723 * Use better default value for advagg_cache_level - fixes #726 ### Stable BOA-2.4.3 Release - Full Edition ### Date: Tue May 19 13:40:40 PDT 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.3 ### Latest hotfix added on: Fri Jun 5 04:43:50 PDT 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release is focused on Aegir platforms update with latest Drupal core included. There are also a few system updates and bug fixes, as listed below. # Changes: * Redis Integration Module: Update to version mod-08-05-2015 * Use HTTPS intermediate mode to support legacy systems like XP/IE8 - see #718 # System upgrades: * Drush mini-7-08-05-2015 * MariaDB 10.0.19 * MariaDB Galera Cluster 10.0.19 * PHP 5.4.41 * PHP 5.5.25 * PHP 5.6.9 * Redis 3.0.1 # Fixes: * CiviCRM known bugs and regressions fixed * Improve drush aliases cleanup * Redis: sync net.core.somaxconn with tcp-backlog * sqlmagic: do not escape backslashes and EOL character - fixes #672 * SQL dump definer regexp causes invalid SQL during migrate/clone - #2497091 * Fix for backward compatibility with old Galera versions ### Stable BOA-2.4.2 Release - Full Edition ### Date: Mon Apr 27 11:12:09 PDT 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.2 ### Latest hotfix added on: Fri May 1 02:07:54 PDT 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7 customized for BOA # Release Notes: This BOA release includes 15 updated Aegir platforms with latest Drupal core, 2 new features and enhancements, 13 new software versions, 3 other changes, plus over 20 bug fixes. # Updated Octopus platforms: aGov 1.7 --------------------- https://drupal.org/project/agov Commerce 1.36 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.23 ---------------- https://drupal.org/project/commerce_kickstart Commons 2.24 ----------------- https://drupal.org/project/commons Commons 3.25 ----------------- https://drupal.org/project/commons Guardr 2.11 ------------------ https://drupal.org/project/guardr OpenAid 2.1 ------------------ https://drupal.org/project/openaid OpenAtrium 2.33 -------------- https://drupal.org/project/openatrium OpenChurch 1.17-b2 ----------- https://drupal.org/project/openchurch OpenChurch 2.1-b7 ------------ https://drupal.org/project/openchurch OpenOutreach 1.19 ------------ https://drupal.org/project/openoutreach OpenPublic 1.5 --------------- https://drupal.org/project/openpublic Panopoly 1.21 ---------------- https://drupal.org/project/panopoly Recruiter 1.6 ---------------- https://drupal.org/project/recruiter Restaurant 1.0-b12 ----------- https://drupal.org/project/restaurant @=> NOTE: Drupal 8 support is broken in this release, because latest Drush doesn't support older Drupal 8 beta versions, while new D8 beta is not released and tested yet, and we really need latest Drush to fix broken D6->D7 upgrade path, so we could prepare for full Aegir 3, which comes with D7 in the frontend. # New features and enhancements: * Re-create files/robots.txt if older than 7 days * Restore default DNS when /root/.use.default.nameservers.cnf exists # Changes: * Enable SPDY and PFS by default - fixes #545 * Use GitLab as a secondary mirror * Whitelist drush pm-updatestatus # System upgrades: * cURL 7.42.1 (if installed from sources) * Drush mini-7-25-04-2015 * Duplicity 0.7.02 (please run 'backboa install' to upgrade) * MariaDB 5.5.43 * MariaDB Galera Cluster 10.0.17 * MySecureShell master-20-03-2015 * Nginx 1.8.0 * OpenSSH 6.8p1 (if installed from sources) * OpenSSL 1.0.2a (if installed from sources) * PHP 5.6.8, 5.5.24, 5.4.40 * PHPRedis master-18-03-2015 * Redis 3.0.0 * Ruby 2.2.2 # Fixes: * Add service cron start to migrate docs - fixes #654 * BOA.sh.txt should update installers when invoked interactively - fixes #644 * Do not add Google DNS when custom DNS is expected * Do not count requests for images derivatives if private files mode is used * Do not create conflicting plain HTTP proxy for single IP mode - fixes #465 * Force csf/lfd update before and after running barracuda upgrade - fixes #685 * How to enable permanent redirect to HTTPS with single IP - #465 * Improve DNS self-healing magic - see #674 * Improve FPM auto-healing to properly detect conflicting instances * Make sure that dl mirrors never get blocked * Nginx: Stop the POST flood to /autodiscover/autodiscover.xml * Nginx: Use dummy db fastcgi_param placeholders if any of them is empty * Remove aggresive firewall cleanup - fixes #688 * Remove onetime fix intended to sync new defaults - fixes #678 * Update absolute URLs to files for sites cloned/migrated/renamed * Update composer on barracuda upgrade * Use _TOMCAT_TO_JETTY=NO in cnf template to avoid confusion - see #676 * Use correct placeholder in the xboa proxy - fixes #655 * Use MAIN_SITE_NAME instead of possibly fake SERVER_NAME - see #385 * Where to add the SSL redirect configuration snippet - fixes #681 ### Stable BOA-2.4.1 Release - Full Edition ### Date: Sun Mar 8 14:56:51 PDT 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.1 ### Latest hotfix added on: Wed Mar 11 11:58:52 PDT 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7.0.0-alpha9 customized for BOA # Release Notes: This new BOA release includes one new and 12 updated Aegir platforms, 8 new features and enhancements, 15 new software versions, 10 other changes, plus over 38 bug fixes, with most notable features and changes listed below: @=> Add duobackboa with /root/.duobackboa.cnf file to run duplicate backups @=> Add SSL with TLS/SNI on server with one IP, multiple certificates support @=> Add support for Octopus batch migration - see docs/MIGRATE.txt for details @=> Allow to use _PHP_GEOS=YES with all PHP versions # New Octopus platforms: OpenAid 2.0 ------------------ https://drupal.org/project/openaid # Updated Octopus platforms: Commerce 1.33 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.21 ---------------- https://drupal.org/project/commerce_kickstart Commons 2.22 ----------------- https://drupal.org/project/commons Commons 3.22 ----------------- https://drupal.org/project/commons Drupal 8.0.0-b7 -------------- https://drupal.org/drupal-8.0 Guardr 2.8 ------------------- https://drupal.org/project/guardr OpenAtrium 2.32 -------------- https://drupal.org/project/openatrium OpenChurch 2.1-b5 ------------ https://drupal.org/project/openchurch OpenOutreach 1.16 ------------ https://drupal.org/project/openoutreach OpenScholar 3.20.0 ----------- http://theopenscholar.org Panopoly 1.18 ---------------- https://drupal.org/project/panopoly Recruiter 1.5 ---------------- https://drupal.org/project/recruiter # New features and enhancements: * Add compatibility with latest VS beng kernel * Add duobackboa with /root/.duobackboa.cnf file to run duplicate backups * Add support for multivalued fields in SOLR 4 - pull request #626 * Add support for mysqladmin proc logging * Add support for Octopus batch migration - see docs/MIGRATE.txt for details * Add support for scout/mysql monitoring * CSF: Add popular ports 222 and 2222 to TCP_OUT by default * SSL with TLS/SNI on server with one IP, multiple certificates - fixes #465 # Changes: * Allow to run automated SQL conversion only weekly * Allow to use _PHP_GEOS=YES with all PHP versions * Do not send extra nocache cookie on GET requests * Drush mini-7-07-03-2015 * Make barracuda wrapper available on initial install to avoid confusion * Nginx: Update for crawlers exceptions list * Redis Integration Module: Update to version mod-05-03-2015 * Remove dependency on legacy Drush 4 * Use latest Apache Solr Search 6.x-3.x config * Use latest Apache Solr Search 7.x-1.x config # System upgrades: * Apache Solr 4.9.1 * cURL 7.41.0 (if installed from sources) * Git 2.3.0 (if installed from sources) * Jetty 9.2.7.v20150116 * MariaDB 10.0.17 * MariaDB 5.5.42 * MariaDB Galera Cluster 10.0.17 * Nginx 1.7.10 * OpenSSL 1.0.2 (if installed from sources) * PHP 5.4.38 * PHP 5.5.22 * PHP 5.6.6 * PHP: ionCube loader 4.7.4 * Pure-FTPd 1.0.37 * Ruby 2.2.1 * Use duplicity 0.7.01 and boto 2.36.0 - fixes #630 * Vnstat 1.13 # Fixes: * [provision] False "load on system too heavy" messages - fixes #619 * [provision] Issue #2350695 - Profile is registered twice, also as a module * [provision] Nginx: Remove webform keyword from regex locations - fixes #599 * Add also manage_ltd_users to the list - fixes #616 * Avoid installing New Relic with no valid license key provided - fixes #608 * Do not add no longer used symlink * Do not create conflicting plain HTTP proxy for single IP mode - fixes #465 * Do not delete backboa while duplicity is running * Do not replace any contrib in latest OA - fixes #2420131 * Do not run D7 core hotfix on already fixed instances * Fix for legacy systems autoupdate logic * Fix for missing chattr -i on web user update * Fix for missing datestamp * Fix for too dangerous pdnsd auto-config logic * Fix pdnsd restarts procedures - fixes #610 * Fix permissions for pdnsd if needed * Fix variable in autoupboa - pull request #629 * Force php.ini update * Hotfix for cluster instances * Hotfix for OpenSSL/cURL versions out of sync * How to enable permanent redirect to HTTPS with single IP - #465 * Issue #2425963 - Broken slider in Commerce Kickstart 2.21 * Make sure that @hostmaster alias works after migration * Provide a patch for older civicrm versions to make them Drush 7 compatible * Randomize backups schedule to avoid issues with AWS limits * Reload nginx service automatically - #465 * Remove conflicting pdnsd restarts to avoid race conditions - fixes #610 * Remove deprecated sysctl options * Remove post-install leftovers if needed * Single PHP-version installation fails - fixes #598 * Typo - fixes #539 * Unable to connect to SOLR on latest head - fixes #623 * Update installers as expected, also with _SKYNET_MODE=OFF - fixes #644 * Update meta-installers for new stable * Update the upgrade procedure how-to - fixes ##616 * Use civicrm-4.5.6 compatible with Drush 7 * Use correct AWS Endpoint when us-east-1 Region is specified * Use correct open_basedir for lshell user - fixes #603 * Use separate loops for symlinks and ghost cleanup * Workaround for EntityMalformedException in Open Outreach - fixes #229 * Workaround for missing interface/lo.pdnsd on legacy systems * Workaround for SA-CONTRIB-2015-063 - Webform - Cross Site Scripting ### Stable BOA-2.4.0 Release - Full Edition ### Date: Wed Feb 4 20:30:04 CET 2015 ### Milestone URL: https://github.com/omega8cc/boa/milestones/2.4.0 ### Latest hotfix added on: Sat Feb 21 10:18:15 UTC 2015 @=> Includes Aegir Hostmaster 2.x-head with improvements @=> Includes Aegir Provision 3.x-head with improvements @=> Includes Drush 7.0.0-alpha8 customized for BOA # Release Notes: This new BOA release includes 7 updated Aegir platforms, over 28 new features and enhancements, 12 new software versions, over 36 important changes, plus over 100 bug fixes, with most notable features and changes listed below: @=> Added Support for latest Drupal 8.0.0-beta with D8B platform keyword @=> Added Support for latest Drupal 8.0.0-dev with D8D platform keyword @=> Added Support for latest PHP 5.6 @=> BOA can auto-detect its fastest download mirror on install, upgrade etc. @=> BOA Code Refactoring to make it modular and easier to read (in progress) @=> BOA Skynet auto-updates can be turned off with _SKYNET_MODE=OFF @=> Cron is run only for live sites with no tmp, temp, dev, test etc keywords @=> Force single PHP version with command keyword on install and upgrade @=> Introducing Support for HHVM -- see docs/HHVM.txt for details. @=> PHP 5.5 is used by default on new installs instead of old 5.3 @=> PHP-FPM (and HHVM) runs now as a separate, very limited system user @=> Removed Support for legacy PHP 5.2 @=> Sites Names Exceptions and Special Keywords have changed @=> The _MODULES_FIX variable is set to NO by default @=> The _PERMISSIONS_FIX variable is set to NO by default @=> The built-in registry-rebuild on every Verify task is not run by default @=> The Dev-Mode works only for site aliases, no longer for main site name Please read further below for more details. # Caveats for self-hosted BOA: We recommend to proceed with major upgrade procedure as follows: $ cd;wget -q -U iCab http://files.aegir.cc/BOA.sh.txt;bash BOA.sh.txt $ barracuda up-stable $ barracuda up-stable system $ octopus up-stable all both $ bash /var/xdrago/manage_ltd_users.sh $ bash /var/xdrago/daily.sh # Updated Octopus platforms: aGov 1.6 --------------------- https://drupal.org/project/agov Commerce 1.32 (with 1.11) ---- https://drupal.org/project/commerce_kickstart Guardr 2.7 ------------------- https://drupal.org/project/guardr OpenAtrium 2.26 -------------- https://drupal.org/project/openatrium OpenChurch 1.17-b1 ----------- https://drupal.org/project/openchurch OpenPublic 1.4 --------------- https://drupal.org/project/openpublic Panopoly 1.15 ---------------- https://drupal.org/project/panopoly # New features and enhancements: * Add backboa variables to configure full backup cycle and log verbosity. * Add Backdrop CMS compatibility in global.inc (experimental) * Add Drupal 8 compatibility in global.inc * Add Drush Make Local - fixes #332 * Add safe_cache_form_clear Drush extension by default - fixes #568 * Add support for writable .aws directory in the web user home. * Allow to set _PHP_SINGLE_INSTALL on command line - on install and upgrade. * Allow to use both platform specific and ALL keyword in _PLATFORMS_LIST. * BOA auto-selects the fastest download mirror on install, upgrade and update. * Detect critically low free RAM and forcefully restart services if needed. * Detect OOM incidents and forcefully restart services if needed. * Improve backboa with AWS connection testing. * Install latest D8-dev with D8D keyword specified. * Monitor and rotate PHP error logs if too big (over 1 GB). * Monitor the number of master PHP-FPM processes and force restart if needed. * New 'nodns' option to skip DNS and SMTP checks on the fly. * Nginx: Add support for images derivatives with URI shortcuts - fixes #481 * Nginx: Add support for URI shortcuts for sites in subdirectories. * PHP: Add HHVMinfo. * PHP: Add support for latest 5.6 * PHP: Allow to define version to install and use on command line - fixes #536 * PHP: Disable not used CLI versions if _PHP_SINGLE_INSTALL is defined. * PHP: Disable not used FPM and CLI versions. * PHP: HHVM experimental support - fixes #443 * Provide default value for composer_manager_vendor_dir variable - fixes #385 * Redis: Allow to configure remote IP via _REDIS_LISTEN_MODE /cluster support. * Use cron scheduler fast mode (every 10 sec) if /root/.fast.cron.cnf exists. * Use Drush Make Local for Hostmaster with download mirrors auto-detection. # Changes: * Alter the cron_interval for existing sites to match Aegir default. * Change required exceptions keywords to .temporary. and .testing. * Dev mode detection and URLs protection - now works only for aliases. * Do not display .cnf files contents if _DEBUG_MODE is not set to YES. * Do not restart Redis daily if /root/.high_traffic.cnf exists - fixes #533 * Drush 7 is now used by default instead of Drush 6. * Drush: Upgrade to mini-7-02-02-2015 * Force _TOMCAT_TO_JETTY=YES - fixes #570 * Hostmaster: Use Drush Make Local instead of downloading contrib with Drush * Limit status messages verbosity if _DEBUG_MODE is not set to YES * Make it possible to opt-out from BOA Skynet auto-updates - fixes #557 * Nginx: Block SEOkicks crawler. * PHP: Always use by default version 5.5 * PHP: Disable legacy 5.2 version if installed. * PHP: Ignore --with-curlwrappers defined in _PHP_EXTRA_CONF for 5.5 and 5.6 * PHP: Rebuild to remove --with-curlwrappers unless added in _PHP_EXTRA_CONF * PHP: Remove no longer working custom config protection - see #559 * PHP: Tune FPM defaults for speed and RAM optimization. * PHP: Use built-in Zend OPcache in 5.5 * PHP: Use built-in Zend OPcache in 5.6 * Redis Integration Module: Update to version mod-14-12-2014 * Reload system cron hourly. * Remove deprecated RC4 from ssl_protocols. * Remove the _O_CONTRIB_UP variable/feature. * Run cron for 3 sites at once max. * Set _MODULES_FIX=NO by default * Set _PERMISSIONS_FIX=NO by default * Site mode detection and cron protection - cron works only for live sites * Split huge BARRACUDA script into lib includes. * Switch to special limited system user also in PHP-FPM mode - fixes #551 * There is no need to update drupalgeddon every 5 minutes. * Use 86400 as a default cron_interval to sync with Drupal default. * Use MySQLTuner only if _USE_MYSQLTUNER=YES is set in .barracuda.cnf * Use provision_civicrm 6.x-2.x directly. * Use separate versioning for Aegir extensions download URLs. * Run built-in registry-rebuild on Verify only if empty ctrl file sites/all/modules/registry-rebuild.ini exists. # System upgrades: * cURL 7.40.0 (if installed from sources) * Git 2.2.1 (if installed from sources) * MariaDB 10.0.16 * MariaDB 5.5.42 * MariaDB Galera Cluster 10.0.16 * Nginx 1.7.9 * PHP 5.4.37 * PHP 5.5.21 * PHP 5.6.5 * PHP: ionCube loader 4.7.3 * Redis 2.8.19 * Ruby 2.2.0 # Fixes: * Add CONTRIBUTING.txt guidelines. * Add in docs/HINTS.txt Helper locations to avoid 404 on legacy images paths. * Add still missing updates for migrated instances. * Add warning about vCloud Air incompatibility with Drupal. * Aliases are wiped out after site rename - fixes #542 * Allow slower DNS response. * Always disable spinner when running boa in-octopus. * Avoid broken install on D8 core where sites/all doesn't exist by default. * Avoid confusing EXIT: You must specify already installed PHP version. * Avoid sed warnings in old stable and legacy modes. * Backward compatibility with Drush 6. * Block attempts to lookup /etc/passwd via web shell. * Check only LANG environment variable in locale test - fixes #584 * Compare $new_uri with d()->name and not d()->uri in the Site Rename Check. * Delete duplicity ghost pid file if older than 2 days. * Do not confuse D7 with D8 or Backdrop CMS. * Do not force cURL reinstall from packages - fixes #565 * Do not try to add platforms nodes if no new platform has been installed. * Do not update backboa if duplicity is running. * Document when to use /root/.fast.cron.cnf * Drupal 8 removed drupal_mail() * Drupal 8 requires container_yamls defined. * Drupal 8 requires read permissions in sites/all * Drupal 8 requires trusted_host_patterns defined in settings.php * Drupal 8 with $clean_urls=1 should use /cron/ URI. * Drush 7 requires composer. * Fix and Improve Squeeze to Wheezy upgrade procedure. * Fix for $HOME detection if not set for some reason. * Fix for Drush aliases protection. * Fix for octopus batch upgrade mode. * Fix for octopus single upgrade mode. * Fix for pdnsd install/update logic. * Fix missing symlinks after broken openjdk-6 upgrade. * Fix path to PHP-CLI if needed. * Fix public IP auto-detection on AWS in Octopus. * Fix the logic for aegir/platforms upgrade mode. * Fix the logic for TMPDIR set on the fly - fixes #552 * Fix: LANGUAGE (en_US.UTF-8) is not compatible with LC_ALL (). Disabling it. * Force _PHP_MULTI_INSTALL to match defined _PHP_FPM_VERSION on cluster nodes. * Force _THIS_DB_HOST=localhost on AWS. * HHVM: Add /home/ to open_basedir so access to the .tmp works - fixes #569 * HHVM: Add workarounds for potential security issues - fixes #443 * Improve Aegir tasks scheduling and load spikes protection. * Improve docs for backboa. * Improve pdnsd configuration update by removing non-IP lines early enough. * Improve procs monitor. * Improve web wrapper. * Increase inotify defaults to improve lsyncd support. * Issue #2372653: Add --no-autocommit when dumping MySQL tables. * Jetty: Detect if running as zombie and force restart if needed. * Make sure that AcceptEnv is set in sshd_config. * Make sure to never run cron on just cloned site. * MariaDB patch is no longer needed. * Monitor lsyncd and xinetd if installed and expected to run. * Never delete tmp dirs to avoid Drush/PHP segfaults and race conditions. * Nginx: Add missing variables in subdirectory config template. * Nginx: Fix for D8-specific /cron/ location regex. * Nginx: Force clean URLs for Drupal 8. * Nginx: Helper locations to avoid 404 on legacy images paths (subdir only) * Nginx: Hide X-Drupal-Cache-Tags header. * Nginx: Use safe fallback for mysteriously empty $db_port * PHP: Avoid version guessing for Octopus when _PHP_SINGLE_INSTALL is used. * PHP: Make sure that _PHP_SINGLE_INSTALL takes precedence. * PHP: OPcache configuration for Drupal 8 - fixes #419 * PHP: Re-install libmagickwand-dev to avoid broken extension build. * PHP: The fallback version should be detected and not hardcoded. * Prevent 'Could not change permissions' warnings with CiviCRM - fixes #523 * Remove Drupal 8 specific code from settings template used in older Drupal. * Remove known sensitive credentials from barracuda upgrade log. * Revert "Issue #2313327: Fixed Unknown options for provision-verify." * Run agents update on cluster nodes. * Run single mirror check - fixes #565 * RVM: Install also eventmachine-1.0.3 * Set files paths on D8 install to avoid using system default /tmp. * Silence confusing noise - fixes #589 * Skip auto-update for agents not compatible with older versions. * Skip extra SQL connection test on AWS. * Standardize platforms version and naming convention. * Support for _NGINX_NAXSI is experimental (don't use) * Symlinks directories expected by Drush/Aegir in D8 root. * Sync defaults for hosting_advanced_cron_default_interval * Syntax error - fixes #587 * Syntax error - fixes #588 * The _NGINX_FORWARD_SECRECY=YES is ignored on Debian Wheezy - fixes #591 * The /login suffix is no longer supported in Drupal 8 and results with 404. * The backend verify sub-task breaks site import for Drupal 8. * Tomcat is not used anymore - see #570 * Use consistent stderr 2 stdout redirects in grep checks. * Use correct _THIS_DB_HOST on master instance. * Use correct pid file in procs monitor. * Use correct user to run drush test commands. * Use extended display mode for messages longer than 200 chars. * Use faster mysqldump mode/flags. * Use mirror to download complete vendor directory for Drush 7. * Use more intuitive PHP keyword naming convention. * Use mutatable interface in install_8.inc - fxes #2409085 * Use recommended releases for views404 and views_accelerator - fixes #578 * Use release specific o_contrib downloads. * Use safe tmp cleanup to avoid race conditions. * Where to set _USE_MYSQLTUNER variable - fixes #594 ### Stable BOA-2.3.8 Release - Full Edition ### Date: Sat Nov 29 09:58:45 SGT 2014 ### Includes Aegir 2.x-head with improvements # Release Notes: This new BOA release includes new features, improvements and bug fixes. #-### Support for optional Drupalgeddon daily checks on all hosted D7 sites ~/static/control/drupalgeddon.info Previously enabled by default, now requires this control file to still run daily, because it may generate some false positives not always possible to avoid or silence, so it no longer makes sense to run this check daily, especially after BOA has run it automatically for a month and finally even disabled automatically all clearly compromised sites. Note that your system administrator may still enable this with root level control file /root/.force.drupalgeddon.cnf, so it will still run, even if you will not create the Octopus instance level empty control file: ~/static/control/drupalgeddon.info Please note that current version of Drupalgeddon Drush extension needs the 'update' module to be enabled to avoid even more false positives, so BOA will enable the 'update' module temporarily while running this check, which in turn will result with even more emails notices sent to the site admin email, if these notices are enabled. #-### Support for automated BOA upgrades: weekly and one-time You can configure BOA to run automated upgrades to latest stable version for both Barracuda and all Octopus instances with three variables, empty by default. All three variables must be defined to enable auto-upgrade. You can set _AUTO_UP_MONTH and _AUTO_UP_DAY to any date in the past if you wish to enable only weekly system upgrades. Remember that one-time upgrades will include complete upgrade to latest BOA stable for Barracuda and all Octopus instances, while weekly upgrade is designed to run only 'barracuda up-stable system' upgrade. _AUTO_UP_WEEKLY= #------ Day of week (1-7) for weekly system upgrades _AUTO_UP_MONTH= #------- Month (1-12) to define date of one-time upgrade _AUTO_UP_DAY= #--------- Day (1-31) to define date of one-time upgrade All three variables should be added in your /root/.barracuda.cnf file. # Updated Octopus platforms: ERPAL 2.2 -------------------- https://drupal.org/project/erpal # New features and enhancements in this release: * Support for automated BOA upgrades: weekly and one-time. # Changes in this release: * Drupalgeddon daily checks on all hosted D7 sites are now optional. # Fixes in this release: * Issue #508 - The _EASY_HOSTNAME is not required in local install mode. * Issue #516 - Do not break binaries detection with 'which'. ### Stable BOA-2.3.7 Release - Full Edition ### Date: Tue Nov 25 15:44:48 PST 2014 ### Includes Aegir 2.x-head with improvements # Release Notes: This new BOA release includes updated versions of all supported Drupal platforms to provide latest Drupal 7.34 and Pressflow 6.34 cores, plus new features, improvements and bug fixes. We recommend that you upgrade your D7 sites using this safe workflow: https://omega8.cc/your-drupal-site-upgrade-safe-workflow-298 For up-to-date information on #Drupageddon please check: https://omega8.cc/drupageddon-psa-2014-003-342 #-### Support for locking/unlocking web server write access in all codebases This new, auto-enabled by default protection will enhance your system security, especially for sites in custom platforms you maintain in the ~/static directory tree. It is important to understand that your web server / PHP-FPM runs as your shell/ftps user, although with a different group. This allows to maintain virtual chroot for Octopus instances, which significantly improves security. However, it had a serious drawback: the web server had write access in all your platforms codebases located in the ~/static directory tree, because all files you have uploaded there have the same owner. While it allows you to use code management which requires web hooks, it also opens a door for possible attack vectors, like for the infamous #drupageddon disaster, where Drupal allowed attackers to create .php files intended to be used as backdoors in future attacks - inside your codebase. Even if it could affect only custom platforms you maintain in the ~/static directory tree, since all built-in Octopus platforms always had Drupal core completely write-protected, plus, even if created by attacking bot, these extra .php files are completely useless for attackers, because BOA default restricted configuration doesn't allow to execute not whitelisted, unknown .php files, having codebase writable by your web server is still dangerous, because at least theoretically it may open a possibility to overwrite valid .php files, so they could be used as an entry point in a future attack. BOA now protects all your codebases by reverting (daily) ownership on all files and directories in your codebase (modules and themes) so they are owned by the Aegir backend user and not your shell/ftps user. While this new default procedure protects all your codebases in the ~/static directory tree, and even in the sites/all directory tree, and even in the sites/foo.com/modules|themes tree in all your built-in Octopus platforms, you can still manage the code and themes with your main and extra shell accounts as usual, because your codebase is still group writable, and your shell accounts are members of the group not available for the web server. You can easily disable this default daily procedure with a single switch: ~/static/control/unlock.info You can also exclude any custom platform you maintain in the ~/static directory tree from this global procedure by adding an empty skip.info control file in the given platform root directory, so all other platforms are still protected, and only excluded platform is open for write access also for the web server. But normally you should never need this unlock! Please note that this procedure will not affect any platform if you have the non-default _PERMISSIONS_FIX=NO setting in your /root/.barracuda.cnf file. It will also skip any platform with fix_files_permissions_daily variable set to FALSE in the given platform active INI file. # Updated Octopus platforms: Commerce 1.32 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.20 ---------------- https://drupal.org/project/commerce_kickstart Commons 2.21 ----------------- https://drupal.org/project/commons Commons 3.20 ----------------- https://drupal.org/project/commons Guardr 2.5 ------------------- https://drupal.org/project/guardr Open Atrium 2.25 ------------- https://drupal.org/project/openatrium Open Outreach 1.13 ----------- https://drupal.org/project/openoutreach Panopoly 1.14 ---------------- https://drupal.org/project/panopoly # New features and enhancements in this release: * Support for locking/unlocking web server write access in all codebases. # Changes in this release: * Do not force site_readonly to be disabled on non-dev sites. # System upgrades in this release: * MariaDB 10.0.15 # Fixes in this release: * Allow any single site to use 1/2 of available SQL connections max. * Clean up dot files after installing or updating RVM. * Do not run extra updates on systems running latest head version. * Improve ghost sites cleanup. * Issue #467 - Centralize control files outside of codebases tree. * Issue #498 - ERPAL: Fatal error: Unsupported operand types. * Issue #499 - RVM: Add oily_png gem version 1.1.1 * Issue #504 - Add docs/RVM.txt * Issue #504 - Remove ~/.rvm/scripts/notes script breaking lshell. * Issue #509 - Do not delete anything from hostmaster site level modules. * It is safe to run manage_ltd_users every minute. * Never touch hostmaster aliases and vhosts even they appear broken. * Nginx: Fix for possible problem with files/imagecache in legacy D6 sites. * Use gnupg2 by default. * Use latest Ruby 2.1.x or 2.0.x available. * Use verbose RVM install mode to improve debugging. ### Stable BOA-2.3.6 Release - Full Edition ### Date: Mon Nov 17 08:11:17 SGT 2014 ### Includes Aegir 2.x-head with improvements # Release Notes: This new BOA release includes updated versions of all supported Drupal platforms to provide latest Drupal 7.33 core, plus great new features, improvements and bug fixes. We recommend that you upgrade your D7 sites using this safe workflow: https://omega8.cc/your-drupal-site-upgrade-safe-workflow-298 For up-to-date information on #Drupageddon please check: https://omega8.cc/drupageddon-psa-2014-003-342 #-### Support for automated, encrypted, daily backups to Amazon S3 * This new feature is available on self-hosted BOA and hosted Power Engines. * Note that provided 'backboa' tool uses symmetric password-only encryption. * You can configure AWS Region you prefer to use and Backup Rotation policy. It will archive all directories required to restore your data (sites files, databases archives, Nginx configuration and more) on a freshly installed BOA: /etc /var/aegir /var/www /home /data It will start to run nightly at 2:08 AM (server time) only once you will add five required _AWS_* variables in the /root/.barracuda.cnf file and run the special command 'backboa install' while logged in as root. To restore any file from backups created with 'backboa' tool, you can use the same script on the same or any other BOA server. Please read docs/BACKUPS.txt at https://github.com/omega8cc/boa for details. # Updated Octopus platforms: Commons 3.19 ----------------- https://drupal.org/project/commons Open Atrium 2.24 ------------- https://drupal.org/project/openatrium Open Deals 1.35 -------------- https://drupal.org/project/opendeals OpenChurch 1.15 -------------- https://drupal.org/project/openchurch OpenChurch 2.0-b2 ------------ https://drupal.org/project/openchurch OpenScholar 3.16.0 ----------- http://theopenscholar.org Panopoly 1.13 ---------------- https://drupal.org/project/panopoly Restaurant 1.0-b10 ----------- https://drupal.org/project/restaurant Ubercart 2.14 ---------------- https://drupal.org/project/ubercart Ubercart 3.8 ----------------- https://drupal.org/project/ubercart # New features and enhancements in this release: * Add support for automated, encrypted, daily backups to Amazon S3. * Automatic shutdown for sites with known #Drupageddon users/roles added. * Drush drupalgeddon extension added in all accounts. * Make _STRONG_PASSWORDS length configurable: 8-128, YES (32), NO (8). * Support for web and db clusters with MariaDB Galera (work in progress). * Apply SA-CORE-2014-005 hot-fix daily everywhere, also on BOA (any version) servers left on the auto-pilot. # Changes in this release: * Do not force site_readonly to be disabled on non-dev sites. * Ignore disabled sites in daily monitoring and healing procedures. * Remove support for abandoned Managing News distro. * Remove support for abandoned Open Atrium 6.x distro. * Remove support for abandoned Spark distro. * Remove support for abandoned Totem distro. * Set _PERMISSIONS_FIX=YES by default, so important fixes can be applied. * Update BOA wrappers hourly. # System upgrades in this release: * cURL 7.39.0 (if installed from sources) * Drush: Upgrade command line version 6 to mini-6-30-10-2014 * Nginx 1.7.7 * PHP 5.4.35 * PHP 5.5.19 * PHP: Zend OPcache master-08-11-2014 # Fixes in this release: * Add scout user if _SCOUT_KEY is not empty or cron entry exists. * Always escape dots in preg_replace() to not truncate www. by mistake. * Check if directory tree exists before running extended checks/fixes. * Clear drush cache directly before running hostmaster-migrate. * Disable scout if installed and enable later. * Do not export LC_CTYPE on initial install. * Do not use Redis on provision-save. * Fix for edge case when incorrect permissions were set in custom platform. * Fix for openatrium-7.x-2.22-7.32.1 * Fix for site_readonly mode in migrated instances. * Force setting to avoid issues with not expected to work RVM self-update. * Hint for Apache Solr Attachments and Java path possible confusion. * Improve web wrapper filtering. * Issue #2163979 - Check if field_info_field_map() is available. * Issue #2373923 - HTTPS and aliases redirection problem with Nginx. * Issue #438 - PHP: Remove support for 5.5 built-in Zend OPcache. * Issue #452 - PHP build could be broken also with MariaDB newer than 5.5.40 * Issue #456 - Aliases redirection: problems with AdvAgg paths. * Issue #457 - Aliases redirection: 404 file not found for resources. * Issue #461 - Remote Import needs Drush strict=0 mode. * Issue #463 - The yajl-ruby gem needs native binaries building. * Issue #480 - Normalize /etc/hosts to avoid FQDN mapped to 127.0.1.1 * Issue #490 - Nginx: Block semalt botnet. * Issue #496 - RVM 1.26.0 introduces signed releases (rvm: not found error). * Make sure that hostmaster site usage is not counted. * Move DB GRANTS setup for master instance to the correct level. * Move redis server daily restart to daily.sh agent. * Nginx: Fail if required db creds are empty to never create a broken vhost. * Remove hardcoded DNS for files.aegir.cc * Strict Permissions on All Binaries are default, not optional. * There is no point in running MySQLTuner on initial install. * Whitelist mysql command for overssh in lshell. ### Stable BOA-2.3.5 Release - Full Edition ### Date: Wed Oct 15 16:28:25 PDT 2014 ### Includes Aegir 2.1 with improvements ### Latest hotfix added on: Thu Oct 16 08:55:02 PDT 2014 # Release Notes: This new BOA release includes important updates and bug fixes. * All new Drupal 7 platforms received Drupal core security upgrade. For details please read: https://www.drupal.org/SA-CORE-2014-005 * All existing Drupal 7 built-in platforms will receive a hot-fix for this known vulnerability: https://www.drupal.org/SA-CORE-2014-005 once you will run 'barracuda up-stable' command on your server. This procedure is automated on hosted and managed Aegir at Omega8.cc * Your custom D7 platforms created in the ~/static directory tree will be checked in the next 12 hours after the upgrade, and if you have not applied this patch yet, it will be applied automatically for you - but only if there is at least one active site present in the given custom D7 platform. Note that while this procedure is automated on hosted and managed Aegir at Omega8.cc, on self-hosted BOA systems it will work only if you will set _PERMISSIONS_FIX=YES in /root/.barracuda.cnf (default is NO) We recommend that you upgrade your D7 sites using safe workflow: https://omega8.cc/your-drupal-site-upgrade-safe-workflow-298 # Updated Octopus platforms: aGov 1.5 --------------------- https://drupal.org/project/agov Commerce 1.31 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.19 ---------------- https://drupal.org/project/commerce_kickstart ERPAL 2.1 -------------------- https://drupal.org/project/erpal Guardr 1.14 ------------------ https://drupal.org/project/guardr Open Atrium 2.22 ------------- https://drupal.org/project/openatrium Open Outreach 1.12 ----------- https://drupal.org/project/openoutreach OpenPublic 1.2 --------------- https://drupal.org/project/openpublic Panopoly 1.12 ---------------- https://drupal.org/project/panopoly Recruiter 1.3 ---------------- https://drupal.org/project/recruiter # New features and enhancements in this release: * Explain that Solr self-provisioning works only if _MODULES_FIX=YES is set. * Reverify all sites daily if /root/.force.sites.verify.cnf ctrl file exists and _PERMISSIONS_FIX=YES is set in /root/.barracuda.cnf (default is NO) # Changes in this release: * Security: Remove support for SSLv3 due to POODLE vulnerability. * Disable Redis in Hostmaster until we will fix the Views based pages/blocks. * Disable site_readonly for non-dev sites by default. * Drush: Upgrade command line version 6 to mini-6-04-10-2014 * Enable AllowUserFXP in Pure-FTPd config by default. * Remove support for already deprecated non-LTS Ubuntu versions. * Run manage_ip_auth_access only once per minute. * The INI variable redis_flush_forced_mode is enabled by default (again). * Use sysklogd instead of rsyslog on Ubuntu. # System upgrades in this release: * MariaDB 5.5.40 * Nginx 1.7.6 * OpenSSH 6.7p1 (if installed from sources) * OpenSSL 1.0.1j (if installed from sources) - security upgrade. * PHP 5.5.18 * PHPRedis: master-03-10-2014 # Fixes in this release: * Add auto-detection of Legacy Ruby patch level update on old systems. * Add cleanup for ghost/broken sites dirs leftovers. * Add missing cleanup for backup_migrate leftovers. * Always cleanup pid files on exit/abort. * Apply patch for SA-CORE-2014-005 in all shared D7 cores/built-in platforms. * Compass Tools: Install 1.9.3 ffi expected by older themes. * Fix db_port entry in all vhosts hourly. * Fix for broken erpal-7.x-2.0-7.31.1 * Fix for broken site level drushrc.php file. * Fix for false alarm caused by ghost sites leftovers. * Fix for incorrect hash filtering on systems with OpenSSL built from sources. * Fix locales: Numerous fixes and improvements -- thanks ar-jan! * Fix typo in REVISIONS. * Force site Verify via frontend if drushrc.php has been fixed. * Issue #435 - SQL: Remove deprecated table_cache +update table_open_cache * Issue #440 - Improve innodb_buffer_pool_size calculation and add 10% * Issue #441 - New Relic is not disabled after removing newrelic.info file. * Issue #442 - Skip locked/fpmcheck if /root/.high_traffic.cnf exists. * Issue #444 - PHP: Remove useless sed replacement in pool.d/www{*}.conf * Issue #445 - Remote Import: update 6.x-2.x branch for Aegir 2.x and Drush 6 * Issue #447 - Export LANG, LANGUAGE and all LC_ environment variables. * Issue #447 - Improve locales consistency. * Issue #447 - Set default LC_CTYPE and LC_COLLATE environment variables. * Issue #447 - Simplify locales configuration on Ubuntu. * Issue #448 - Enforce locale settings by configuring defaults. * Issue #452 - PHP build is broken with latest MariaDB 5.5.40 * Make sure that db_port is never empty and defaults to 3306. * Make sure that firewall monitoring scripts never run simultaneously. * Make sure that standard caching is enabled in hostmaster. * Pause hostmaster tasks when RVM install for any user is running. * PHP: Do not run rebuilds if not needed. * PHP: Fix for broken upgrade logic on libcurl or libssl packages upgrade. * Remove acquia_connector from latest Commons to avoid broken installs. * Remove all legacy gems and re-install RVM/Ruby for root from scratch. * Remove legacy replacement to avoid converting symlinked includes into files. * SQL: Use correct defaults if MySQLTuner test failed. * Workaround for Drupal flood using 127.0.0.1 for all requests behind proxy. ### Stable BOA-2.3.4 Release - Full Edition ### Date: Wed Oct 15 09:51:08 PDT 2014 ### Includes Aegir 2.1 with improvements Release Notes and changelog for BOA-2.3.4 has been merged into BOA-2.3.5 above after security upgrades related to OpenSSL and SSLv3 have been added shortly after 2.3.4 release. ### Stable BOA-2.3.3 Release - Full Edition ### Date: Sat Sep 27 01:25:46 PDT 2014 ### Includes Aegir 2.1 with improvements # Release Notes: This BOA Edition includes important fixes to address some issues discovered after BOA-2.3.1 release. Please read also the release notes for BOA-2.3.1 further below before running the upgrade! #-### Important details on CiviCRM versions compatibility and profiles support * All BOA-2.3.x Editions fully support latest CiviCRM 4.5.0 for Drupal 7. * CiviCRM for Drupal 6 is not supported because of known CiviCRM issues. * CiviCRM support for Drupal 7 works great when added in sites/all/modules * CiviCRM support for Drupal 7 also works when added in profiles/foo/modules but no CiviCRM cron is currently managed until this known issue is fixed, therefore BOA-2.3.3 will check all platforms on the Octopus instance and if it will detect any with CiviCRM added in the installation profile directory tree, it will refuse to upgrade such instance to not break things for those using currently not fully supported CiviCRM codebase structure. # New Octopus platforms: OpenChurch 2.0-b1 ------------ https://drupal.org/project/openchurch # Updated Octopus platforms: ERPAL 2.0 -------------------- https://drupal.org/project/erpal Guardr 1.13 ------------------ https://drupal.org/project/guardr Open Outreach 1.11 ----------- https://drupal.org/project/openoutreach OpenChurch 1.14 -------------- https://drupal.org/project/openchurch OpenPublic 1.0-rc5 ----------- https://drupal.org/project/openpublic OpenScholar 3.15.1 ----------- http://theopenscholar.org # New features and enhancements in this release: * Add makefiles for CiviCRM 4.4.7 * Add makefiles for CiviCRM 4.5.0 # Changes in this release: * Drush: Upgrade command line version 6 to mini-6-27-09-2014 * Restart SSH hourly. * The INI variable redis_flush_forced_mode is now disabled by default. * Use aegir_custom_settings-6.x-3.12 * Use Provision CiviCRM boa-2.3.3-dev # System upgrades in this release: * MariaDB 10.0.14 * Nginx 1.7.5 * PHP 5.4.33 * PHP 5.5.17 * PHPRedis: master-02-09-2014 * Redis 2.8.17 # Fixes in this release: * Add extra cleanup for Drush related caches. * Always respect _SSH_PORT if set. * Always start cron before aborting on error. * Do not add duplicate cron entry for runner.sh * Do not allow system only upgrades if Master Instance is still on 2.2.x * Do not disable _DNS_SETUP_TEST * Enable path_alias_cache by default also in the hostmaster site. * Fix for broken pdnsd configuration if wrong IPs are detected. * Fix for insufficient permissions on files/civicrm/ConfigAndLog * Fix for insufficient permissions on files/civicrm/custom * Fix for insufficient permissions on files/civicrm/dynamic * Fix for missing cron entry for Scout, if _SCOUT_KEY is not empty. * Fix the not working procedure to revert hostmaster features. * Force problematic gems install to add them on accounts with enabled RVM. * Fox for Java version for Jetty 9 on newer systems. * Hardcode files.aegir.cc DNS entry. * Improve docs/ctrl/system.ctrl readability. * Install openjdk on CI instances by default. * Issue #411 - Unable to update Octopus Instance - Reports PHP on 5.2 * Issue #423 - Make sure that innodb_buffer_pool_size is not smaller than 64M * Issue #424 - Update mysqltuner.pl to support MariaDB 10.0 * Make sure that lsb-release is installed properly. * Make the check_civicrm_compatibility more reliable to avoid false alarms. * New Relic not enabled if no custom ~/static/control/{fpm|cli}.info exists. * Nginx: Auto-Switch to wildcard all vhosts existing in the Master Instance. * Nginx: Avoid any downtime on upgrade by using www53.fpm.socket temporarily. * Nginx: Convert all config templates to wildcard mode in legacy instances. * Nginx: Convert all Octopus vhosts to wildcard mode on Barracuda upgrade. * Nginx: Convert config to use PHP 5.2 if the instance still depends on it. * Nginx: Delete ghost, outdated or broken config includes in all instances. * Nginx: Delete ghost, outdated or broken vhosts in all instances. * Nginx: Force special vhosts access rules rebuild hourly. * Nginx: Improve wildcard conversion procedure on some really old instances. * Purge all ghost delete tasks before running hostmaster-migrate / upgrade. * Purge Drush related caches cleanly when needed. * Recreate possibly broken vhosts. * Remove duplicate cron entry for runner.sh to avoid critical system load. * Remove legacy replacement to not convert config symlinks into regular files. * Run check_civicrm_compatibility only on upgrade. * Single feature revert may not be enough. * Update contrib in Open Atrium D7 to maintain upgrade path. * Update cron defaults and remove legacy code. * Update default SSL Wildcard Nginx Proxy to use wildcard listen mode. * Use strict regex in vhosts listen mode conversion to not break ports. ### Stable BOA-2.3.2 Release - Full Edition ### Date: Thu Sep 18 15:16:33 PDT 2014 ### Includes Aegir 2.1 with improvements Release Notes and changelog for BOA-2.3.2 has been merged into BOA-2.3.3 above after several hotfixes and various updates have been added shortly after 2.3.2 release to address all identified post-release issues. ### Stable BOA-2.3.1 Release - Full Edition ### Date: Sun Sep 14 15:53:25 SGT 2014 ### Includes Aegir 2.1 with improvements ### Latest hotfix added on: Mon Sep 15 19:10:07 SGT 2014 # Release Notes: This major BOA Edition introduces many new features, changes and fixes. You should carefully read about some caveats further below **before** running this major upgrade on your system. Please secure a fresh system backup first. If you haven't run full barracuda+octopus upgrade to latest BOA Stable Edition yet, don't use any partial/system upgrade modes. Once new BOA Stable is released, you must run *full* upgrades with commands: $ cd;wget -q -U iCab http://files.aegir.cc/BOA.sh.txt;bash BOA.sh.txt $ barracuda up-stable $ octopus up-stable all both @=> Key new features: * BOA-2.3.1 comes with new, shiny Aegir 2.1 stable version! * Support for Drupal sites in subdirectories is enabled by default * Solr 4 cores can be added/updated/deleted via site level INI settings * Super-easy to use New Relic support with per Octopus license key * Ability to add new Octopus instances with new, simple command syntax @=> Aegir control panel new features: * The list of sites is searchable by name or installation profile * Sites have dedicated tabs: Backups, Task log, Edit and Packages * Platform have tabs: Add site, Clients, Task log, Edit and Packages * You can schedule tasks against filtered sites in batches * Scheduling tasks in batches is available also on the platform view * Scheduling tasks in batches is available also on the profile view * Scheduling tasks in batches is available also on the client view * You can schedule tasks also against platforms in batches * You can safely apply db updates via 'Run db updates' task on any site * The new 'Clients' menu item allows to list and manage sub-accounts * Profiles are listed with both human-readable and machine names * It is now possible to choose any existing alias or the main site name as a redirect target, but without the need to rename the site -- it will just re-verify the site and create new vhost automatically @=> Aegir control panel changes: * The hosting/signup form is still available but not included in the menu * The node/add/site form is no longer included in the main menu * The optional pseudo-CDN-aliases feature is now disabled by default @=> Other important changes: * Support for PHP 5.2 has been officially deprecated * The www53 PHP-FPM pool has been switched from port to default socket mode * All existing vhosts must use wildcard in the Nginx 'listen' directive * Legacy mode for Install and Upgrade moves to 2.2.x branch * DB credentials are no longer in settings.php, only in drushrc.php * Latest Drush 6 version is used in the Aegir backend by default But what if you are not ready for this major upgrade and you would like to have more time for testing, but still be able to run system upgrades, thus effectively still using previous version 2.2.9 ? #-### Legacy mode for Install and Upgrade moves to 2.2.x branch From now on, the 'legacy' install and upgrade mode available in all meta- installers will utilize branch 2.2.x instead of deprecated 2.1.x series. This means that starting with meta installers updated to use BOA-2.3.1 version you can use commands like shown below to update Barracuda, Octopus and also to install more Octopus instances, while still using version 2.2.9: $ boa in-legacy public server.mydomain.org my@email o1 $ barracuda up-legacy system $ octopus up-legacy o1 $ boa in-legacy public server.mydomain.org my@email o2 mini etc. Remember to update your meta-installers first! $ cd;wget -q -U iCab http://files.aegir.cc/BOA.sh.txt;bash BOA.sh.txt Note also that if you will upgrade to current 'stable', it is not possible to downgrade back to the 'old stable' with 'legacy' mode, so please proceed with care! Remember also that current legacy version will not receive any further updates, even for security issues (besides those provided as packages by your OS vendor - Debian or Ubuntu, which will still work), because it is already different enough from current 2.3.1 stable, so we can't reliably maintain both with working upgrade path. #-### Caveats: This upgrade will force wildcard in the Nginx 'listen' directive If you have old enough BOA system which still uses legacy IP mode and not a wildcard in the Nginx 'listen' directive, which is both Aegir and BOA standard for a long time already, this upgrade will fix the problem and update directives only in vhosts known and controlled by BOA. If you have any other vhosts, located in standard or non-standard Nginx/BOA directories for vhosts, you have to update them manually after upgrade to BOA-2.3.0 or newer, or they will take over all other vhosts on the system and cause redirects to /install.php which results with Nginx error 403 or 404, depending on the prior configuration. It will happen because IP based 'listen' directive in Nginx has higher priority, and will mess things horribly if there are vhosts using wildcard and some using the main system IP address. What and how to replace? Here are the commands you need to run as root: $ sed -i "s/.*listen.*:80;/ listen \*:80;/g" /path/to/vhost.file $ service nginx reload Note: this **doesn't** affect special vhosts for SSL enabled sites, if used, because they are designed to use IP based 'listen' directives to provide separation between SSL enabled IPs and their associated certificates, while their associated 'upstream' block may even point to either local or remote IP address, so there is no wildcard to use in this case, and it will not conflict with all other vhosts managed by Aegir, because all SSL enabled vhosts listen on other IP addresses than the main system IP, which is by default used by all vhosts with wildcard in the 'listen' directive. The problem may happen only when you have vhosts using wildcard and also some vhosts using **main** system IP address in the 'listen' directive, which may happen also unintentionally during upgrade to BOA-2.3.0 or never, if there are either vhosts BOA doesn't control, or there are ghost vhosts not yet purged if you didn't upgrade to BOA-2.2.9 before, or there are some disabled sites, so their vhosts will not be re-created by Aegir during this major upgrade (because only active sites can be re-verified). While BOA will fix also any such ghost vhosts anyway, it will not be able to detect and fix vhosts outside of the standard directories managed by Aegir. #-### Ability to add new Octopus instances with new, simple command syntax It is now possible to add stable Octopus instances w/o forcing Barracuda upgrade, plus optionally with no platforms added by default -- usage: $ boa {in-octopus} {email} {o2} {mini|max|none} #-### The www53 PHP-FPM pool has been switched from port to default socket mode. Note that we are breaking backward compatibility here, so it will cause downtime on upgrade from any too old BOA version, until you will upgrade also Octopus instance(s) and update any other non-standard vhosts or includes still using legacy port mode for 'fastcgi_pass' Nginx directive. If you have 'fastcgi_pass 127.0.0.1:9090;' in any custom vhost or Nginx include file on the Octopus instance, you should replace it with: fastcgi_pass unix:/var/run/o1.fpm.socket; where 'o1' is your corresponding Octopus system username. Note that if you have custom vhosts or includes in the Aegir Master Instance, you should instead replace 'fastcgi_pass 127.0.0.1:9090;' with: fastcgi_pass unix:/var/run/www53.fpm.socket; where '53' is related to PHP version defined via _PHP_FPM_VERSION in your /root/.barracuda.cnf file. Note that while variable has a dot, the socket name doesn't. #-### Support for PHP 5.2 has been officially deprecated While Barracuda 2.3.1 can continue to run and even upgrade if needed also the very old PHP 5.2 version, only Octopus instances running at least PHP 5.3 or newer in both FPM and CLI mode can be upgraded to Octopus 2.3.1 Edition. If you are still using PHP 5.2 in your Octopus instance, you will not receive Aegir nor Drupal Platforms upgrade, but the Barracuda part of your system will receive upgrade to 2.3.1 anyway, so it will be ready to support your outdated Octopus instance upgrade as soon as you will switch it to modern and secure PHP version -- which is easy! Let's quote the original how-to for reference: #-### Support for PHP FPM/CLI version safe switch per Octopus instance This allows to easily switch PHP version by the instance owner w/o system admin (root) help. All you need to do is to create ~/static/control/fpm.info and ~/static/control/cli.info file with a single line telling the system which available PHP version should be used (if installed): 5.5 or 5.4 or 5.3 Only one of them can be set, but you can use separate versions for web access (fpm.info) and the Aegir backend (cli.info). The system will switch versions defined via these control files in 5 minutes or less. We use external control files and not any option in the Aegir interface to make sure you will never lock yourself by switching to version which may cause unexpected problems. #-### Support for New Relic monitoring with per Octopus instance license key This new feature will disable global New Relic monitoring by deactivating server-level license key, so it can safely auto-enable or auto-disable it every 5 minutes, but per Octopus instance -- for all sites hosted on the given instance -- when a valid license key is present in the special new ~/static/control/newrelic.info control file. Please note that valid license key is a 40-character hexadecimal string that New Relic provides when you sign up for an account. To disable New Relic monitoring for the Octopus instance, simply delete its ~/static/control/newrelic.info control file and wait a few minutes. Please note that on a self-hosted BOA you still need to add your valid license key as _NEWRELIC_KEY in the /root/.barracuda.cnf file and run system upgrade with at least 'barracuda up-stable' first. This step is not required on Omega8.cc hosted service, where New Relic agent is already pre-installed for you. #-### Solr 4 cores can be added/updated/deleted via site level INI settings ;; ;; This option allows to activate Solr 4 core configuration for the site. ;; ;; Only Solr 4 powered by Jetty server is available. Supported integration ;; modules are limited to latest versions of either search_api_solr (D7 only) ;; or apachesolr (will use Drupal core specific version automatically). ;; ;; Currently used versions are listed below: ;; ;; https://ftp.drupal.org/files/projects/search_api_solr-7.x-1.6.tar.gz ;; https://ftp.drupal.org/files/projects/apachesolr-7.x-1.7.tar.gz ;; https://ftp.drupal.org/files/projects/apachesolr-6.x-3.0.tar.gz ;; ;; Note that you still need to add preferred integration module along with ;; any its dependencies in your codebase since this feature doesn't modify ;; your platform or site - it only creates Solr core with configuration ;; files provided by integration module: schema.xml and solrconfig.xml ;; ;; This setting affects only the running daily maintenance system behaviour, ;; so you need to wait until next morning to be able to use new Solr 4 core. ;; ;; Once the Solr core is ready to use, you will find a special file in your ;; site directory: sites/foo.com/solr.php with details on how to access ;; your new Solr core with correct credentials. ;; ;; The site with enabled Solr core can be safely migrated between platforms, ;; integration module can be moved within your codebase and even upgraded, ;; as long as it is using compatible schema.xml and solrconfig.xml files. ;; ;; Supported values for the solr_integration_module variable: ;; ;; apachesolr ;; search_api_solr ;; ;; To delete existing Solr core simply comment out this line. ;; The system will cleanly delete existing Solr core next morning. ;; ;; IMPORTANT if you are using self-hosted BOA: _MODULES_FIX=YES must be set ;; in the /root/.barracuda.cnf file (this is default value) to make this ;; feature active. ;; ;solr_integration_module = your_module_name_here ;; ;; This option allows to auto-update your Solr 4 core configuration files: ;; ;; schema.xml ;; solrconfig.xml ;; ;; If there is new release for either apachesolr or search_api_solr, your ;; Solr core will not be automatically upgraded to use newer schema.xml and ;; solrconfig.xml, unless allowed by switching solr_update_config to YES. ;; ;; This option will be ignored if you will set solr_custom_config to YES. ;; ;solr_update_config = NO ;; ;; This option allows to protect custom Solr 4 core configuration files: ;; ;; schema.xml ;; solrconfig.xml ;; ;; To use customized version of either schema.xml or solrconfig.xml, you need ;; to switch solr_custom_config to YES below and if you are using hosted ;; Aegir service, submit a support ticket to get these files updated with ;; your custom versions. On self-hosted BOA simply update these files directly. ;; ;; Please remember to use Solr 4 compatible config files. ;; ;solr_custom_config = NO # Updated Octopus platforms: aGov 1.4 --------------------- https://drupal.org/project/agov Guardr 1.12 ------------------ https://drupal.org/project/guardr Open Academy 1.1 ------------- https://drupal.org/project/openacademy Restaurant 1.0-b9 ------------ https://drupal.org/project/restaurant Ubercart 3.7 ----------------- https://drupal.org/project/ubercart # New features and enhancements in this release: * Ability to add new Octopus instances with new, simple command syntax * Add default aggressive php-fpm monitoring + /root/.no.fpm.cpu.limit.cnf * Allow to define always disabled modules via _MODULES_FORCE variable. * Better wait limits on connection testing for slow network / long distance. * Issue #1927522 - Add support for easy Solr cores self-management. * Issue #362 - Add imageapi_optimize binaries via IMG in _XTRAS_LIST * Issue #376 - Add New Relic support with per Octopus instance license key. * Make firewall management faster with randomized schedule. * Procs monitor runs every 3 seconds. * Run mysql_proc_control every 5 seconds for better results. * You can safely apply db updates via 'Run db updates' task on any site. # Changes in this release: * DB credentials are no longer visible in settings.php, only in drushrc.php * Delete default profiles in the hostmaster platform. * Disable _DEBUG_MODE if not enabled on the fly. * Disable newrelic-sysmond unless /root/.enable.newrelic.sysmond.cnf exists. * Drush: Upgrade command line version 6 to mini-6-14-09-2014 * Nginx: Remove deprecated code - _HTTP_WILDCARD is already used by default. * Nginx: Use limit_conn protection only for known dynamic requests. * Redis Integration Module (cache_backport): Update to version 6.x-1.0-rc2 * Redis Integration Module: Update to version mod-12-09-2014 * Remove _ALLOW_UNSUPPORTED legacy and no longer working properly feature. * Remove dependency on Update Manager globally. * Remove deprecated multi-instance labels in the New Relic configuration. * Replace old hosting_civicrm_cron with newer hosting_civicrm module. * Set hosting_default_profile to 'minimal' to improve Ubercart 3 visibility. * The www53 PHP-FPM pool has been switched from port to default socket mode. * Use Provision CiviCRM boa-2.3.1-dev # System upgrades in this release: * cURL 7.38.0 (if installed from sources) * Git 2.1.0 (if installed from sources) * Jetty 7.6.16.v20140903 * Jetty 8.1.16.v20140903 * Jetty 9.2.3.v20140905 * PHP 5.3.29 EOL! Please read: http://php.net/archive/2014.php#id2014-08-14-1 * PHP 5.4.32 * PHP 5.5.16 * Redis 2.8.14 # Fixes in this release: * Add cleanup for _GIT_FORCE_REINSTALL if added in .barracuda.cnf * Add missing drush cache-clear drush to improve upgrade path. * Add new features in the README.txt * Add wheezy to the exceptions list where required. * Allow to clear drush cache without directory restrictions. * Always set correct TMP path for supported users. * Cleanup for cron pid files in user specific .tmp dirs. * Count properly also symlinked files directories (improved). * D6 colorbox module requires old 1.3.18 library. * Delete drush_make leftovers. * Delete duplicate menu items on upgrade. * Do not allow to install SSH from sources on Trusty to avoid problems. * Do not skip daily.sh during barracuda system only update. * Eldir theme: Use max width for buttons, if possible. * Explain why installing RVM may take longer than expected. * Fix cleanup for drush aliases in sub-accounts. * Fix daily cleanup for user specific .tmp directories. * Fix docs/HINTS.txt * Fix for broken mariadb.list * Fix for broken, way too aggressive PHP-FPM monitoring. * Fix for ghost dirs cleanup. * Fix for ghost vhosts cleanup. * Fix for missing symlinks to existing platforms. * Fix for not working protection from blocking local IPs on multi-IP systems. * Fix for subdirs_support universal check. * Fix for unreliable _IS_OLD check on Octopus instances upgrade. * Fix for warning "Could not create directory ." on Hostmaster site Verify. * Fix the fields order in the site edit form. * Fix the regex to not whitelist unexpected IP ranges inadvertently. * Force cURL rebuild if installed with outdated OpenSSL version. * Guard against destructive or insecure tasks run on the hostmaster site. * Improve cleanup for empty platforms directories. * Improve monitoring to protect against convert trying to overload the system. * Issue #2330781 - Use Drush dt() wrapper instead of not always available t() * Issue #357 - Fix the logic for Git (re)install from sources. * Issue #360 - Exclude special --CDN vhosts from daily cleanup. * Issue #361 - Update and improve docs/FAQ.txt * Issue #369 - Automatically download and fix /bin/websh if missing. * Issue #369 - Restore classic /bin/sh symlink automatically if needed. * Issue #373 - Set correct TMP, TEMP, TMPDIR env variables in limited shell. * Issue #373 - Too restrictive lshell forbidden list breaks drush sql-sync. * Issue #380 - Nameserver / pdnsd problem -- Fixes also Issue #2007990. * Issue #381 - Zend OPcache forced adds useless noise in the log. * Issue #388 - Version 6.x-2.x of provision_civicrm requires hosting_civicrm * Issue #389 - hosting_civicrm breaks site install form with confusing error. * Issue #390 - Duplicate platforms nodes are created after upgrade to 2.3.0 * Issue #395 - Validate username isn't reserved before running install script. * Issue #396 - Locale isn't getting set properly. * Issue #397 - Not actually prompted for platforms during installation. * Issue #398 - Make locales setup/fix for Debian always OS compatible. * Issue #399 - The hitimes gem needs to be pre-installed to support Omega4. * Issue #400 - CiviCRM is not installed on 2.3.0 * Issue #401 - Create sites/all/* subdirs in Hostmaster early enough. * Issue #402 - Fix for ghost or disabled vhosts which still listen on IP. * Issue #405 - Installer hangs due to yes/no dialog - "Untrusted packages" * Issue #406 - Force keyring reinstall also upon 'GPG error'. * Issue #407 - Fix for 'username is already taken' error on a local VM install * Issue #408 - Fix for multiple funny typos. Thanks ar-jan! * Make it clear that subdomain and subdirectory name must be identical. * Make sure that keys subdirectory exists to avoid active platforms cleanup. * Make the PHP-FPM processes monitor less aggressive by default. * New Relic not enabled if no custom ~/static/control/{fpm|cli}.info exists. * Nginx: Add config symlinks only on legacy instances. * Nginx: Add cron access support for subdir sites. * Nginx: Convert all vhosts to wildcard mode on Barracuda upgrade. * Nginx: Disable monitoring for POST requests related to cart/checkout URI. * Nginx: Do not touch nginx_wild_ssl.conf during this upgrade. * Nginx: Improve wildcard conversion procedure on some really old instances. * Nginx: Remove deprecated code and config templates. * Nginx: Sanitize aliases in vhost_disabled.tpl.php to avoid warnings. * Nginx: Update config includes to match optional BOA features improvements. * Nginx: Update unified configuration templates in Provision to unfork BOA. * Nginx: Update vhosts templates to match BOA improvements. * PHP: Avoid unintended duplicate rebuilds. * PHP: Sync disable_functions list. * Protect sites/all/drush * Provision: Backport provision_hosting_feature_enabled() * Provision: Remove legacy subdir code and update checks. * Redis config should sync with PHP-CLI, not PHP-FPM. * Remove legacy procs monitoring code. * Remove no longer needed limreq global fixes. * Remove no longer needed/used contrib updates. * Remove redundant file_exists() if is_readable() is also used. * Replace old hosting_civicrm_cron with newer hosting_civicrm module. * Restart pdnsd before running barracuda upgrade. * Restore BOA formatting for tasks log to improve readability. * Restore BOA naming convention and docs in Hostmaster. * Restore BOA naming convention for Installation profiles in Hostmaster. * Restore BOA strict _hosting_valid_fqdn* testing procedures in Hostmaster. * Restore BOA weight defaults in the form in Hostmaster. * Restore punycode in Hostmaster. * Restore tasks sort to always show tasks scheduled and running at the top. * Sanitize cli.info and fpm.info * Set _PLATFORMS_LIST properly. * Silence early sed replacements to avoid confusion. * Simplify colorbox-1.3.18 download. * Simplify colorbox-1.5.13 download. * Switch branch on the fly and add support for Aegir vanilla mode. * Sync /tmp access restrictions. * The hosting_civicrm_cron is now a submodule and should be also auto-enabled. * The wildcard transition **doesn't** affect vhosts for SSL enabled sites. * There is no need to force backend clone from GitHub on initial upgrade. * Update for the Hostmaster welcome page. * Update FPM monitoring settings. * Use as short labels on the site node as possible. * Use control files properly to not run redundant Jetty/Solr upgrade. * Use correct paths to platform level drushrc.php file. * Use correct Provision version on initial upgrade to 2.3.0 * Use Drush6 with @hostmaster. * Use is_dir() instead of file_exists() when checking directory existence. * Use is_file() and is_link() instead of file_exists() before trying unlink() * Use is_readable() and file_exists() instead of file_exists() for backup. * Use is_readable() check instead of insufficient file_exists() for includes. * Use is_readable() instead of file_exists() when checking alias existence. * Install latest Git even if not specified via _XTRAS_LIST but previous version built from sources is detected. * Issue #2278847 - Derivatives can't be created on install with Drush and Aegir or when no vhost is available yet (Drupal Commons) ### Stable BOA-2.3.0 Release - Full Edition ### Date: Mon Sep 8 08:42:01 PDT 2014 ### Includes Aegir 2.1 with improvements Release Notes and changelog for BOA-2.3.0 has been merged into BOA-2.3.1 above after several hotfixes and some great new features have been added shortly after 2.3.0 release to address all identified post-release issues. ### Stable BOA-2.2.9 Release - Full Edition ### Date: Wed Aug 6 17:08:10 PDT 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Fri Aug 15 09:37:04 PDT 2014 # Release Notes: This release includes updated versions of all supported Drupal platforms to provide latest Drupal 7 and Pressflow 6 core, plus some changes, improvements, bug fixes, and many updated Octopus platforms. NOTE: Since the first Edition in the BOA-2.3.x series is not ready for release yet, and new Drupal core has been released to fix security issues, followed by yet another release to fix serious regressions, followed by yet another security release, we have decided to make it available to everyone and release yet another stable BOA-2.2.x Edition. IMPORTANT! This is the last Edition in the 2.2.x series, which marks the end of Drupal 5, PHP 5.2 and Drush 4 support. Next Edition will open 2.3.x series, which will allow us to provide newer Aegir version with built-in Drush 6 support, sites in subdirectories, and many Aegir User Interface improvements. If you still host any Drupal 5 sites or you are using PHP 5.2 for D6 sites, you will not be able to upgrade to the next 2.3.x Edition and you will have to stay on the 'legacy' BOA 2.2.x version, which will receive only system security upgrades, but no further feature nor bugfix releases. This also means that from now on the 'legacy' 2.2.x version will no longer receive Drupal core upgrades, even if there will be security core releases. It is time to upgrade away from Drupal 5 and away from PHP 5.2, if still used. # Updated Octopus platforms: aGov 1.2 --------------------- https://drupal.org/project/agov Commerce 1.29 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.17 ---------------- https://drupal.org/project/commerce_kickstart Commons 2.20 ----------------- https://drupal.org/project/commons Commons 3.17 ----------------- https://drupal.org/project/commons ERPAL 2.0-b5 ----------------- https://drupal.org/project/erpal Guardr 1.11 ------------------ https://drupal.org/project/guardr Open Atrium 2.21 ------------- https://drupal.org/project/openatrium Open Outreach 1.10 ----------- https://drupal.org/project/openoutreach OpenPublic 1.0-rc4 ----------- https://drupal.org/project/openpublic Panopoly 1.11 ---------------- https://drupal.org/project/panopoly Restaurant 1.0-b2 ------------ https://drupal.org/project/restaurant # New features and enhancements in this release: * Allow to define always disabled modules via _MODULES_FORCE variable. * Eldir: Add subtle 3D and round some edges. * Eldir: Improve spacing and hide useless headers. * Fix permissions on sites/all/{modules,libraries,themes} on Platform Verify. * Make firewall management faster with randomized schedule. * Merge pull request #362 from pricejn2/imageapi-optimize-binaries * RVM: Add exceptions for gems which can't be installed in Limited Shell. * Shell: Compass Tools: Allow to access guard. * Shell: Improve config to better support advanced Drush commands over SSH. # Changes in this release: * Drush: Upgrade command line version 6 to mini-6-14-08-2014 * Nginx: Add DBot to is_crawler list. * Remove no longer supported NodeStream distro. * Run complete modules-dis-list weekly (Saturday) and basic list daily. # System upgrades in this release: * MariaDB 10.0.13 * MariaDB 5.5.39 * Nginx 1.7.4 * OpenSSL 1.0.1i (if installed from sources) * PHP: ionCube loader 4.6.1 * PHP: Zend OPcache master-30-07-2014 # Fixes in this release: * Add cleanup for .tmp in sub-accounts. * Add cleanup for drush-backups leftovers. * Add cleanup for various /var/backups/* leftovers. * Add daily auto-cleanup for ghost vhosts, platforms and drush aliases. * Add exception for symlinked /data/all * Add hint for HTTPS-only mode forced in local.settings.php * Allow to clear drush cache without directory restrictions. * Avoid "Is a directory" noise in the log. * Commons 2.20 has changed its profile name from drupal_commons to commons. * Do not modify site_footer on hostmaster upgrade. * Do not rename the legacy Commons profile name. * Fix -mtime expected values. * Fix cleanup for .restore vhost leftovers. * Fix cleanup for drush aliases in sub-accounts. * Fix for unreliable _IS_OLD check on Octopus instances upgrade. * Fix Nginx monitor to respect all whitelisted POST requests in both modes. * Fix permissions on sites/all/{modules,libraries,themes} globally. * Fix weird typo in global.inc * Improve cleanup for empty platforms directories. * Improve RVM cleanup. * Issue #2278847 - Derivatives (Drupal Commons) can't be created on install. * Issue #334 - Backported provision_civicrm #1485920 * Issue #334 - Delete the civicrm_class_loader variable after deploying. * Issue #334 - Install civicrm in any location (sites/ profiles + contrib). * Issue #360 - Exclude special --CDN vhosts from daily cleanup. * Make sure that /keys subdirectory exists to avoid active platforms cleanup. * Make sure that local IPs are never blocked by mistake. * Never touch websh wrapper to avoid high load because of redirect loop. * Nginx: Detected $device is not used in Boost config, only in Speed Booster. * Nginx: Fix limreq also for some really old vhosts. * Nginx: Modify only vhosts known as included in the protected mode. * Remove /var/run/daily-fix.pid if exists when it shouldn't. * Remove debugging mode in old codebases cleanup. * Remove no longer needed/used contrib updates. * Restore default websh wrapper symlink as fast as possible. * Run manage_ltd_users every 3 minutes instead of every minute. * Simplify colorbox-1.3.18 download. * Simplify colorbox-1.5.13 download. * Uninstall css_emimage only on hostmaster upgrade. * Update and improve docs/FAQ.txt * Update regex for exceptions in Nginx monitoring. ### Stable BOA-2.2.8 Release - Full Edition ### Date: Sat Jul 26 15:31:29 PDT 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Tue Aug 5 14:47:17 PDT 2014 # Release Notes: This release includes updated versions of all supported Drupal platforms to provide latest Drupal 7 and Pressflow 6 core, plus some changes, improvements, bug fixes, and six (6) updated Octopus platforms. NOTE: Since the first Edition in the BOA-2.3.x series is not ready for release yet, and new Drupal core has been released to fix security issues, followed by yet another release to fix serious regressions, we have decided to make it available to everyone and release yet another stable BOA-2.2.x Edition. IMPORTANT! This is the last Edition in the 2.2.x series, which marks the end of Drupal 5, PHP 5.2 and Drush 4 support. Next Edition will open 2.3.x series, which will allow us to provide newer Aegir version with built-in Drush 6 support, sites in subdirectories, and many Aegir User Interface improvements. If you still host any Drupal 5 sites or you are using PHP 5.2 for D6 sites, you will not be able to upgrade to the next 2.3.x Edition and you will have to stay on the 'legacy' BOA 2.2.x version, which will receive only system security upgrades, but no further feature nor bugfix releases. This also means that from now on the 'legacy' 2.2.x version will no longer receive Drupal core upgrades, even if there will be security core releases. It is time to upgrade away from Drupal 5 and away from PHP 5.2, if still used. # Updated Octopus platforms: Commerce 1.28 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.16 ---------------- https://drupal.org/project/commerce_kickstart Commons 3.16 ----------------- https://drupal.org/project/commons Open Outreach 1.8 ------------ https://drupal.org/project/openoutreach OpenBlog 1.0-v3 -------------- https://drupal.org/project/openblog Panopoly 1.8 ----------------- https://drupal.org/project/panopoly # New features and enhancements in this release: * Allow to force OpenSSL etc. re-install with _SSL_FORCE_REINSTALL=YES * Auto-Move no longer used shared codebases to /var/backups/codebases-cleanup # Changes in this release: * Drush: Upgrade command line version 6 to mini-6-29-07-2014 * Issue #334 - Update provision_civicrm version - code by ixiam - thanks! * Redis Integration Module: Update to version mod-21-07-2014 * Uninstall css_emimage in hostmaster to avoid broken upgrades. * Update for Contrib [F]orce[D]isabled modules list. * Use more aggressive defaults for _PURGE_BACKUPS and _PURGE_TMP if not set. # System upgrades in this release: * PHP 5.4.31 * PHP 5.5.15 # Fixes in this release: * Add auto-cleanup for civimail ghost leftovers. * Add cleanup drush aliases in the main SSH account properly. * Add cleanup for RVM archives and logs. * Fix for default value on hot fix update. * Fix for dev regression - it shouldn't set $conf['cache'] on valid dev URLs. * Fix the logic for custom _DEL_OLD_EMPTY_PLATFORMS defaults. * Issue #333 - Update BOA changelog URL shortcut. * Nginx: Automate SPDY test to determine if OpenSSL re-install is required. * Nginx: Silence access log for already protected /civicrm admin requests. * Remove special one-time variables if set, once used. * RVM: Install OS compatible Ruby version + various related adjustments. * Silence useless noise in the log. * Sync firewall limits. ### Stable BOA-2.2.7 Release - Full Edition ### Date: Thu Jul 17 03:11:47 CEST 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Fri Jul 18 18:21:40 CDT 2014 # Release Notes: This release includes some nice new features, improvements, bug fixes, one new Octopus platform, five (5) updated Octopus platforms, along with latest Drupal core security upgrades for all supported platforms. NOTE: Since the first Edition in the BOA-2.3.x series is not ready for release yet, and new Drupal core has been released today to fix security issues, we have decided to make it available to everyone and release yet another stable BOA-2.2.x series Edition. IMPORTANT! This is the last Edition in the 2.2.x series, which marks the end of Drupal 5, PHP 5.2 and Drush 4 support. Next Edition will open 2.3.x series, which will allow us to provide newer Aegir version with built-in Drush 6 support, sites in subdirectories, and many Aegir User Interface improvements. If you still host any Drupal 5 sites or you are using PHP 5.2 for D6 sites, you will not be able to upgrade to the next 2.3.x Edition and you will have to stay on the 'legacy' BOA 2.2.x version, which will receive only system security upgrades, but no further feature nor bugfix releases. This also means that from now on the 'legacy' 2.2.x version will no longer receive Drupal core upgrades, even if there will be security core releases. It is time to upgrade away from Drupal 5 and away from PHP 5.2, if still used. # New Octopus platforms: OpenPublic 1.0-b23 ----------- https://drupal.org/project/openpublic # Updated Octopus platforms: Commerce 1.27 ---------------- https://drupal.org/project/commerce_kickstart Commons 3.15 ----------------- https://drupal.org/project/commons ERPAL 2.0-b4 ----------------- https://drupal.org/project/erpal Guardr 1.9 ------------------- https://drupal.org/project/guardr Open Deals 1.33 -------------- https://drupal.org/project/opendeals # New features and enhancements in this release: * Add early auto-repair procedure if Provision is missing for any reason. * Add support for Debian Squeeze LTS updates. * Add support for Debian Squeeze Stable Proposed Updates. * Add views_accelerator in all D7 platforms by default via o_contrib bundle. * Issue #307 - Support for Compass Tools via RVM with local user gems. * Make $conf['cache'] configurable via disable_drupal_page_cache INI variable. # Changes in this release: * Nginx: Send Boost compatible Cache-Control headers also with Speed Booster. This is to mimic Drupal core behaviour when full-page cache is disabled, even if it is not really disabled via disable_drupal_page_cache INI variable. Note that Speed Booster continues to ignore Cache-Control headers sent by Drupal backend, as before, to force its own TTL set via INI variable: speed_booster_anon_cache_ttl or in the custom local.settings.php code. * Add css_emimage to hostmaster makefile to remove dependency on o_contrib. * Do not upgrade existing o_contrib, only add new if missing in old platforms. * Drush: Upgrade command line version 6 to mini-6-16-07-2014 * Limited Shell configuration update. * Nginx: Do not log HTTPS redirects. * PHP: AutoRemove 5.2 from _PHP_MULTI_INSTALL if no instance is using it. * Prefer dash if available. * Redis Integration Module: Update to version mod-10-07-2014 * The ?nocache=1 in the URL should also force $conf['cache'] = 0; on the fly. * Update lfd default configuration. # System upgrades in this release: * cURL 7.37.1 (if installed from sources) * Nginx 1.7.3 * PHP 5.4.30 * PHP 5.5.14 * PHPRedis: master-06-07-2014 * Redis 2.8.13 # Fixes in this release: * Authorized IPs detection - it should ignore serial/remote console logins. * BND --- Bind9 DNS Server (available on Debian only). * Clear packages cache more aggressively to avoid issues during OS upgrades. * Configure RVM env properly if installed in the user home directory. * Contrib update: filefield-6.x-3.13 * Disable redis integration during hostmaster upgrade. * Do not allow known bots to activate nocache and noredis URLs behaviour. * Do not use css_emimage in hostmaster to avoid broken upgrades. * Fix for o_contrib update logic. * Fix for possible permissions problem with redis log file. * Fix incorrect version in the permissions fix. * Fix legacy test logic to allow head instances to upgrade to another 2.2.x * Fix regex in procs monitor. * Fix the check for legacy systems on upgrade. * Force keyring reinstall if reported as broken. * Issue #316 - Octopus upgrade fails because of missing cd $_ROOT/.drush/sys * Issue #319 - XTRAS_LIST settings are being overwritten (Ubuntu). * Issue #320 - Compass Tools available on Squeeze, Wheezy, Precise and Trusty. * Issue #324 - HTTPS results in redirect loop on AWS due to ignored _MY_OWNIP. * Issue #328 - The /bin/sh symlink modified daily causes false lfd alarm. * Make it clear that we recommend and support Debian 64bit. * Make sure that redis and cache_backport are available for hostmaster. * Purge no longer used jdk leftovers. * Readme improvements. * Remove no longer needed tmp chown -R * Remove no longer used /data/src directory. * Remove remote_import if found if the wrong directory. * Sanitize logs lines before analyzing them. * The list of platforms symbols can be in a single line or one per line. * There is no need to force SHELL in the websh wrapper. * Update nginx documentation URL. * Use static ftp.debian.org instead of unreliable http.debian.net mirrors. ### Stable BOA-2.2.6 Release - Full Edition ### Date: Sat Jun 21 06:14:18 PDT 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Mon Jul 14 14:54:04 CDT 2014 # Release Notes: This release includes great new features, improvements, important changes, many bug fixes, plus 3 new and 7 updated Octopus platforms. IMPORTANT! This is the last Edition in the 2.2.x series, which marks the end of Drupal 5, PHP 5.2 and Drush 4 support. Next Edition will open 2.3.x series, which will allow us to provide newer Aegir version with built-in Drush 6 support, sites in subdirectories, and many Aegir User Interface improvements. If you still host any Drupal 5 sites or you are using PHP 5.2 for D6 sites, you will not be able to upgrade to the next 2.3.x Edition and you will have to stay on the 'legacy' BOA 2.2.x version, which will receive only system security upgrades, but no further feature nor bugfix releases. This also means that from now on the 'legacy' 2.2.x version will no longer receive Drupal core upgrades, even if there will be security core releases. It is time to upgrade away from Drupal 5 and away from PHP 5.2, if still used. # New Octopus platforms: aGov 1.0-rc8 ----------------- https://drupal.org/project/agov ERPAL 2.0-b2 ----------------- https://drupal.org/project/erpal Restaurant 1.0-a5 ------------ https://drupal.org/project/restaurant # Updated Octopus platforms: Commerce 2.15 ---------------- https://drupal.org/project/commerce_kickstart Commons 2.18 ----------------- https://drupal.org/project/commons Commons 3.14 ----------------- https://drupal.org/project/commons Guardr 1.5 ------------------- https://drupal.org/project/guardr Open Atrium 2.19 ------------- https://drupal.org/project/openatrium Open Outreach 1.7 ------------ https://drupal.org/project/openoutreach Panopoly 1.6 ----------------- https://drupal.org/project/panopoly # New features and enhancements in this release: * Drush aliases based workflows are now supported also remotely over SSH. This is significant improvement since we have added automatically generated and updated Drush aliases for the on-the-server use in BOA-2.2.0 * Add gems: compass_radix v2 and compass_twitter_bootstrap * Add support for automatic Scout App upgrade on RVM/Ruby/Gems upgrade. * Install headless JRE and only if Solr is expected to run. * Issue #2268889 - Allow to whitelist IPs for chive, cgp and sqlbuddy access. * Issues #2248907 #1299526 - Allow to use comments for admin notes. * Nginx: Disable proxy_buffering to avoid useless extra layer in local proxy. * SQL: Allow to change InnoDB log file size via _INNODB_LOG_FILE_SIZE variable * Use better subdirectory tree for Drush extensions. * Add support for disable_user_register_protection INI variable on the platform level - on self-hosted BOA and Power Engines only. * Issue #2240277 - Customize Octopus platforms list via control file. ~/static/control/platforms.info This file, if exists and contains a single line with supported platforms symbols, allows to control/override the value of _PLATFORMS_LIST variable normally defined in the /root/.${_USER}.octopus.cnf file, which can't be modified by the Aegir instance owner with no system root access. IMPORTANT: If used, it will replace/override the value defined on initial instance install and all previous upgrades. It takes effect on every future Octopus instance upgrade, which means that you will miss all newly added distributions, if they will not be listed also in this control file. Supported values which can be written in this file - remember: all in a single line, space separated, so not one per line, as listed below only for readability: # D7P D7S D7D --- Drupal 7 prod/stage/dev # D6P D6S D6D --- Pressflow 6 p/s/d # AGV ----------- aGov # CME ----------- Commerce v.2 # CS7 ----------- Commons 7 # DCE ----------- Commerce v.1 # DCS ----------- Commons 6 # ERP ----------- ERPAL # FSR ----------- Feature Server # GDR ----------- Guardr # MNS ----------- Managing News # OA7 ----------- Open Atrium D7 # OAM ----------- Open Atrium D6 # OAY ----------- Open Academy # OBG ----------- OpenBlog # OCH ----------- OpenChurch # ODS ----------- Open Deals # OOH ----------- Open Outreach # OSR ----------- OpenScholar # PPY ----------- Panopoly # RER ----------- Recruiter # RST ----------- Restaurant # SRK ----------- Spark # TTM ----------- Totem # UC7 ----------- Ubercart D7 # UCT ----------- Ubercart D6 You can also use special keyword 'ALL' to have all available platforms installed, including newly added in the future BOA system releases. Examples: ALL D7P D6P OAM MNS OOH RST * Issue #314 - Make _BACKEND_ITEMS configurable via _BACKEND_ITEMS_LIST You can whitelist extra binaries to make them available for web server requests, in addition to already whitelisted, known as safe binaries. NOTE: This feature is available only on self-hosted BOA systems. Please be aware that you could easily open security holes by whitelisting commands which may provide access to otherwise not available parts of the system, because the exec() in PHP doesn't respect other limitations like open_basedir directive. You should list only filenames, not full paths, for example: _BACKEND_ITEMS_LIST="git foo bar" # Changes in this release: * Add memcache, memcache_admin to the list of automatically disabled modules. * Add support for Debian Squeeze LTS updates. * Add support for Debian Squeeze Stable Proposed Updates. * Add varnish to the list of automatically disabled modules. * Add watchdog_live to the list of automatically disabled modules. * Disable and remove not used init scripts on known VM systems. * Drush: Upgrade command line version 6 to mini-6-21-06-2014 * Fast DNS Cache Server (pdnsd) install is no longer optional. * Install only vanilla core platforms by default (can be overridden) * Nginx: Update default limit_conn settings. * Nginx: Use only newer control file to force DoS monitor aggressive mode. * Sync permissions with new defaults in the hardened setup. * Update files ownership to match defaults in the hardened setup. * Use dynamic mirror selection provided by Debian instead of forced static. * The BOA project has moved to Github! We no longer use repositories and issue queues on drupal.org, in an effort to avoid fragmentation and duplication. We have moved all downloads used by Barracuda and Octopus to our mirrors a few months ago, and it helped to make BOA faster and more reliable during both system install and upgrades. The next step is to use http://boa.readthedocs.org as a new home for all future documentation efforts - it will build the docs, including printable versions, on the fly, using dedicated Github repository as a backend, where you can help migrate existing docs and improve them, both via boa-docs project issue queue and pull requests: https://github.com/omega8cc/boa-docs We also encourage you to use drupal.stackexchange.com for BOA support: http://drupal.stackexchange.com/questions/tagged/aegir Please use our Github project for contributing code, reporting bugs, and also suggesting new features and ideas: https://github.com/omega8cc/boa # System upgrades in this release: * cURL 7.37.0 (if installed from sources) * MariaDB 10.0.12 * MariaDB 5.5.38 * MySecureShell 1.33 * Nginx 1.7.2 * OpenSSL 1.0.1h (if installed from sources) * PHP 5.4.29 * PHP 5.5.13 * PHP: Zend OPcache master-28-05-2014 * Redis 2.8.11 * Ruby 2.1.2 # Fixes in this release: * Add caveats to docs/REMOTE.txt * Add explicit whitelisting in websh wrapper to avoid any edge case problems. * Add info about Two-Factor Auth for Chive in the welcome email template. * Add missing exceptions in global.inc and simplify docs/REMOTE.txt * Add missing wrapper exceptions required by daily.sh script. * Clean up packages cache on finale() * Create symlink for boa wrapper on the initial install only. * Delete daily both files and directories in the ~/static/trash/ * Do not remove bundler in CI instances if /root/.keep.bundler.cnf exists. * Explain that _ALLOW_UNSUPPORTED works only with head. * Fix for _NGINX_DOS_LIMIT logical error in the scan_nginx template. * Fix for already installed Open Atrium 2.18 7.28.1 * Fix for Postfix configuration. * Fix incorrect version in the permissions fix. * Fix permissions after every upgrade. * Fix permissions and owner/group required for feeds (upload) support. * Fix regex in procs monitor. * Force apticron re-install if apticron.conf is outdated. * Generate /data/all/cpuinfo daily to be used in Provision. * GPL Ghostscript should be available for the web (PHP-FPM) access. * Issue #2248037 - Add Platform and Site INI files Templates on Verify task. * Issue #2262935 - Modules dir must be group writable in custom platforms. * Issue #315 - Upgrading from older versions of BOA fails * Issue #316 - Upgrade fails because of missing cd $_ROOT/.drush/sys line. * Issue #319 - XTRAS_LIST settings are being overwritten (Ubuntu) * Issue #324 - HTTPS results in redirect loop on AWS due to ignored _MY_OWNIP. * PHP: Add protection from switching to not installed CLI or FPM version. * PHP: Do not block getenv function. * Provision: Use /data/all/cpuinfo generated by BOA daily, if exists. * Remove redundant downloads silencer. * Remove remote_import if found in the wrong directory. * Sanitize logs lines before analyzing them. * SQL: Do not run update_innodb_log_file_size() if the size is the same. * Sync BOND with BARRACUDA. * Update for switch_to_bash procedure. * Use already downloaded patches. * Use Debian release specific proposed-updates. * Use full path to sqlmagic in daily.sh to avoid 'command not found' error. * Use static ftp.debian.org instead of unreliable http.debian.net mirrors. * Fix for authorized IPs detection in the protected vhosts logic - it should ignore serial/remote console logins. * Provision: Use higher hardcoded threshold to avoid breaking tasks due to high load on multi-CPU systems when provision can't determine the real load. ### Stable BOA-2.2.5 Release - Full Edition ### Date: Thu May 8 11:59:23 PDT 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Sat May 10 09:05:19 PDT 2014 # Release Notes: This release includes no new features, but does include bug fixes plus latest Drupal 7.28.1 and Pressflow 6.31.2 core in all built-in Octopus platforms. There are also three updated distributions included, as listed below. We also list here all hot-fixes applied to previous stable after its release. # Important - Read This First! (for self-hosted BOA only) If you haven't run full barracuda+octopus upgrade to latest BOA Stable Edition yet, don't use any partial upgrade modes explained in docs/UPGRADE.txt Once new BOA Stable is released, you must run *full* upgrades with commands: $ barracuda up-stable $ octopus up-stable all both For silent, logged mode with email message sent once the upgrade is complete, but no progress is displayed in the terminal window, you can run alternatively, starting with screen session to avoid incomplete upgrade if your SSH session will be closed for any reason before the upgrade will complete: $ screen $ barracuda up-stable log $ octopus up-stable all both log Note that the silent, non-interactive mode will automatically say Y/Yes to all prompts and is thus useful to run auto-upgrades scheduled in cron. If you have skipped some recent BOA releases, and you have new default config option: _PERMISSIONS_FIX=NO in your /root/.barracuda.cnf configuration file, plus, you are not sure if you follow best practices for managing permissions as recommended in our docs: https://omega8.cc/node/116 then we recommend that you change it to _PERMISSIONS_FIX=YES temporarily, or even permanently if your VPS is fast enough, and then run this powerful script as root: $ bash /var/xdrago/daily.sh Note that BOA 'legacy' mode is still at version 2.1.3 # Updated Octopus platforms: Commons 3.12 ----------------- https://drupal.org/project/commons Open Atrium 2.18 ------------- https://drupal.org/project/openatrium Open Outreach 1.6 ------------ https://drupal.org/project/openoutreach # Changes in this release: * Add rsyslog/sysklogd to auto-healing procedures. * Make the aggressive scan_nginx mode optional and use old mode by default. * Nginx: Add HiScan to blocked crawlers list. * Nginx: Add Riddler to blocked crawlers list. * PHP: Use pm.process_idle_timeout = 10s for speed and RAM optimization. # System upgrades in this release: * MySecureShell 1.33 * PHP 5.4.28 * PHP 5.5.12 # Fixes in this release: * Always define _PHP_CN variable properly. * Firewall: Sync CONNLIMIT for web ports with updated limit_conn in Nginx. * Fix for _NGINX_DOS_LIMIT logical error in the scan_nginx template. * Force Pure-FTPd server re-install if key files are missing for any reason. * Issue #2237167 - Improve authorized IPs detection in all protected vhosts. * Issue #2262935 - Modules dir must be group writable in custom platforms. * Nginx: Do not overwrite custom symlinks to the Under Construction template. * Nginx: Update limit_conn in all instances and vhosts on Barracuda upgrade. * PHP: Delete pear in legacy paths, if still exists. * PHP: Fix for CVE-2014-0185 privilege escalation in FPM (doesn't affect BOA) * Postfix: Force re-install if broken permissions detected on upgrade. * Pressflow 6: Fix #GH 84 by using drupal_page_is_cacheable(). * Pressflow 6: Merge pull request #GH 85 from pressflow/SA-CORE-2014-002-fix. * Pressflow 6: Remove duplicate openid_update_6001(). * Revert "Force MariaDB 5.5 re-install". * Set the TERM env variable if missing to avoid errors. * Skip packages set on hold when running apticron. * The ~/static/control must be writeable by lshell user to manage ctrl files. * Add extra cron semaphore to prevent concurrent cron invocations via multiple running runner.sh instances. ### Stable BOA-2.2.4 Release - Full Edition ### Date: Wed Apr 30 17:03:36 PDT 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Fri May 2 04:54:25 PDT 2014 # Release Notes: This release includes several bug fixes along with five updated platforms, plus some hot-fixes applied to previous stable after its release. We have also added a fix for known problem is recent Drupal 7.27 [#2245331] hence the change from Drupal 7.27.1 to 7.27.2 in all D7 platforms. # Updated Octopus platforms: ### Drupal 7.27.2 Commerce 1.25 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.14 ---------------- https://drupal.org/project/commerce_kickstart Commons 3.11 ----------------- https://drupal.org/project/commons Panopoly 1.5 ----------------- https://drupal.org/project/panopoly ### Pressflow 6.31.1 Commons 2.17 ----------------- https://drupal.org/project/commons Note: Always read and follow upgrade procedure if explained in the distro release notes, like for Panopoly 1.5 at https://drupal.org/node/2255133 # New o_contrib modules: * print-6.x-1.19 (includes patch to auto-detect /usr/bin/wkhtmltopdf) * print-7.x-2.0 (includes patch to auto-detect /usr/bin/wkhtmltopdf) # New features and enhancements in this release: * Support for session.gc_maxlifetime configurable via INI files. You can control session garbage collector (EOL) per site and per platform. The value (in seconds) of the session_gc_eol variable is used as session.gc_maxlifetime value and specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up, resulting with $_SESSION variable discarded and affected authenticated users logged out. BOA default defined in the system level global.inc file is 86400 == 24h. # Changes in this release: * Drush: Upgrade command line version 6 to mini-6-26-04-2014 * Nginx: Use higher defaults for limit_conn to avoid error 503 (CloudFlare) * Nginx: Use more aggressive limits against spambots trying to rgstr accounts. * Redis: Integration module (the modern variant) upgrade to 7.x-2.x-o8-2.6-B # System upgrades in this release: * Nginx 1.7.0 * PHP 5.5.12 * Redis 2.8.9 # Fixes in this release: * Add symlinks in the home directory if missing (every 5 minutes). * Add warning that Compass Tools install and upgrade may take a LONG time. * Always define _PHP_CN variable properly. * Do not delete symlinks to wrappers to avoid false LFD alarms. * Fix for 'Force backward compatible SERVER_SOFTWARE'. * Fix in websh for _IN_PATH logic to not break backend Drush tasks. * Fix the logic for wrappers update and symlinks. * Improve status messages to display when silent mode is used on upgrade. * Improve whitelisting in the websh wrapper. * Issue #2238805 - Command filtering - no word containing *drush* is allowed. * Issue #2241495 - wkhtmltopdf stopped working after upgrade. * Issue #2247997 - Update docs/REMOTE.txt with workaround for websh issue. * Issue #2250397 - Always follow (limited) redirects in cURL requests. * Issue #GH-304 - [rvm] use $_RUBY_VERSION as default. * Issue #GH-305 - Check disk usage before running install/upgrade. * Issue #GH-306 - Allow ruby 1.8 to remain installed. * Nginx: Allow to configure keywords for aggressive requests rate monitoring. * Nginx: Do not overwrite custom symlinks to the Under Construction template. * Nginx: Sync FastCGI timeouts with other Nginx and PHP-FPM defaults. * PHP: Add /opt/local/bin/php tmp symlink on barracuda/octopus upgrade. * PHP: Allow to set custom _PHP_FPM_TIMEOUT but not lower than 60 (in seconds) * PHP: Always respect _PHP_FPM_WORKERS variable if set to numeric value > 0 * PHP: Better defaults for realpath_cache_ttl and realpath_cache_size. * PHP: Fix for CVE-2014-0185 privilege escalation in FPM (doesn't affect BOA) * PHP: pm.max_children was not properly updated on FPM version self-switch. * PHP: Sync incorrect default_socket_timeout with max_execution_time (180s). * PHP: Use 30s for pm.process_idle_timeout - it prevents too high RAM usage. * PHP: Variable _PROCESS_MAX_FPM is not used on the Satellite Instance level. * Postfix: Force re-install if broken permissions detected on upgrade. * Prevent duplicate cron invocations with more strict delays. * Restart rsyslog once the install or upgrade is complete. * Set the TERM env variable if missing to avoid errors. * Shell: Proper fix for wildcard in the path (cd command only) * Standardize install and upgrade for Chive, SQL Buddy and CGP. * Sync Redis timeout with default FPM timeout (180s). * Sync SQL connect_timeout with default mysql.connect_timeout in PHP (60s). * The ~/static/control must be writeable by lshell user to manage ctrl files. * Update the logic for multi-version PHP support in BOND. * Update the logic for multi-version PHP support in docs/REMOTE.txt ### Stable BOA-2.2.3 Release - Full Edition ### Date: Fri Apr 18 12:57:40 PDT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This release includes several bug fixes and security upgrades both for the system services and Drupal core, along with three updated platforms and new features, including support for MariaDB 10.0 and Ubuntu 14.04 LTS Trusty. # Updated Octopus platforms: ### Drupal 7.27.1 Guardr 1.3 ------------------- https://drupal.org/project/guardr Open Atrium 2.17 ------------- https://drupal.org/project/openatrium Recruiter 1.2 ---------------- https://drupal.org/project/recruiter # New features and enhancements in this release: * Add docs/FAQ.txt * Add support for MariaDB 10.0 or 5.5 install via _DB_SERIES variable. * Add support for Ubuntu 14.04 LTS Trusty. * Improve auto-healing for multi-version PHP-FPM setup. * Improve docs/UPGRADE.txt * Improve health check for protected vhosts during live SSH-auth update. * Nginx: More aggressive limits against spambots trying to register accounts. # Changes in this release: * Issue #GH-299 - Force disable LESS developer mode on production sites. * Move custom scripts to /opt/local/bin/ * Nginx: Use higher defaults for limit_conn to avoid error 503 (CloudFlare) * Normalize localhost entry in /etc/hosts to avoid FQDN mapped to 127.0.0.1 * PHP: Do not use separate FPM pool for cron if _PHP_FPM_DENY is empty. # System upgrades in this release: * MariaDB 5.5.37 # Fixes in this release: * Add 'exit 0' line if missing. * Add /opt/local/bin to PATH by default. * Add symlinks for wrappers only temporarily. * Add warning that Compass Tools install and upgrade may take a LONG time. * Better gem uninstall options. * Compass: Multiple fixes for various expected gems versions install/upgrades. * Do not override lshell env_path in websh wrapper. * Do not use monitored bin path for custom scripts to avoid LFD false alarms. * Extra db GRANT for 127.0.0.1 not added when migrating site. * Improve auto-healing to create required directories in /var/run/ if missing. * Issue #2230269 - New Jetty 9 version overrides JETTY_PORT=8099 with 8080. * Issue #2235991 - Drush make needs better exceptions in websh wrapper. * Issue #2236475 - Clarify what the Legacy mode really means. * Issue #2238965 - Add missing path to switch_to_bash(). * Issue #2241013 - Git commands should be whitelisted in websh wrapper. * Issue #2241495 - wkhtmltopdf stopped working after upgrade. * Issue #GH-301 - Update the list of restricted keywords for Octopus username. * Issue #GH-304 - [rvm] use $_RUBY_VERSION as default. * Make sure that permissions on Chive Manager dir/files are correct. * Note: _SSL_FROM_SOURCES=YES is ignored and not needed on Wheezy and Precise. * PHP: Add /opt/local/bin/php tmp symlink on barracuda/octopus upgrade. * PHP: Allow to set custom _PHP_FPM_TIMEOUT but not lower than 60 (in seconds) * PHP: Always respect _PHP_FPM_WORKERS variable if set to numeric value > 0 * PHP: pm.max_children was not properly updated on FPM version self-switch. * PHP: Variable _PROCESS_MAX_FPM is not used on the Satellite Instance level. * Remove the line with header TABLE_NAME (sqlmagic). * Reset PATH to avoid RVM overrides after Compass Tools install/upgrade. * Shell: Allow to run 'drush cache-clear drush' in any directory. * The _PHP_MODERN_ONLY variable is no longer used. * Ubuntu 14.04 LTS Trusty requires MariaDB 10.0 * Use hostname -b instead of deprecated hostname -v. ### Stable BOA-2.2.2 Release - Barracuda Edition ### Date: Tue Apr 8 07:24:18 PDT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This is a bug-fix only release to address issues discovered after recent major BOA-2.2.0 and subsequent BOA-2.2.1 Releases. The most important problem fixed in this Release is related to known OpenSSL security issue, which has been fixed in OpenSSL 1.0.1g To learn more please visit: http://heartbleed.com @=> Note for those on self-hosted BOA (skip this if you are on a hosted Aegir) We recommend that you enable _SSL_FROM_SOURCES=YES option in your system /root/.barracuda.cnf file, to always build latest OpenSSL from sources. Note that it will also trigger OpenSSH and cURL install from sources, plus subsequent PHP rebuild to include latest SSL libraries. Note that _SSL_FROM_SOURCES=YES will not force the build from sources on Debian Wheezy and Ubuntu Precise, to avoid confirmed conflicts and because both OS versions already provide custom, patched OpenSSL packages. This Release doesn't include any updates to the Octopus installer, so there is no point in running full upgrade. It is enough to run the barracuda only, system upgrade in the "silent mode" with: $ screen $ barracuda up-stable system The system will send you an email with results when the upgrade is complete, but there will be no upgrade progress displayed in the console. You can watch it, if you prefer, with command (DATE/TIME are placeholders for real values): $ tail -f /var/backups/reports/up/barracuda/DATE/barracuda-up-DATE-TIME.log # System upgrades in this release: * Nginx 1.5.13 * OpenSSL 1.0.1g (if installed from sources) * PHP 5.4.27 * PHP 5.5.11 # Fixes in this release: * Chive Authentication via SSH session may break Nginx due to race conditions. * Drush specific dt() wrapper is required in Provision for custom platforms. * Fix Compass Tools support for Omega (gems dependencies via bundle install). * Fix default shell for system level cron tasks. * Fix for csf firewall compatibility test. * Force better health check on protected vhosts on live SSH-auth update. * Improved health check for protected vhosts during live SSH-auth update. * Issue #2229555 - On fresh boa install link missing durring install. * Issue #2229715 - Tasks queue doesn't work on the Master Instance. * Issue #2231093 - Add new line before 'UseDNS no' in the sshd_config file. * Issue #2235991 - Drush make needs better exceptions in websh wrapper. * Issue #294 - New Relic ext not installed even if _NEWRELIC_KEY is not empty. * Nginx: Backup and re-create default wildcard SSL cert/key with rsa:4096 * Nginx: Generate 4096 bit long DH parameters when _NGINX_FORWARD_SECRECY=YES * Normalize localhost entry in /etc/hosts to avoid FQDN mapped to 127.0.0.1 * PHP: Better default workers limits for the ondemand mode. * PHP: max_input_time should be set to 180 and not 60, by default. * PHP: Zend OPcache directive opcache.enable=1 must be set in all ini files. * Reset PATH to avoid RVM overrides after Compass Tools install/upgrade. * The 'scp' command is broken in limited shell. * Too broad whitelisting breaks commands in limited shell with 'tmp' keyword. * Too restrictive open_basedir defaults break access to valid PEAR paths. * Too restrictive open_basedir defaults break access to valid Tika paths. * Use rsa:4096 by default in self-signed certs for Nginx and FTPS. ### Stable BOA-2.2.1 Release - Full Edition ### Date: Tue Apr 1 10:28:45 SGT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This is a bug-fix only release to address issues discovered after recent major BOA-2.2.0 Release. # Fixes in this release: * Chive Authentication via SSH session doesn't work on some older instances. * Compass Tools don't use correct paths to Ruby 2.1.1 * Cron for sites doesn't work on old instances without Nginx wildcard vhost. * FTPS (FTP over SSL) connections may experience TLS problems. * PHP: Disabled 'assert' may cause warnings on features revert. * PHP: Disabled 'create_function' may break some contrib modules or code. * The 'git pull' command is broken in limited shell. * The 'rsync' command is broken in limited shell. * The 'drush dl foo' command can't be run outside of site directory. # Known Issues on systems upgraded to BOA-2.2.1 (and 2.2.0) releases ==> Updated on Tue Apr 8 01:26:47 PDT 2014 @=> Issues fixed in BOA head (running the hotfix in stable is enough): * Chive Authentication via SSH session may break Nginx due to race conditions. * Drush specific dt() wrapper is required in Provision for custom platforms. * Issue #2229715 - Tasks queue doesn't work on the Master Instance. * PHP: max_input_time should be set to 180 and not 60, by default. * The 'scp' command is broken in limited shell. * Too broad whitelisting breaks commands in limited shell with 'tmp' keyword. * Too restrictive open_basedir defaults break access to valid Tika paths. * Zend OPcache directive opcache.enable=1 must be set in all php.ini files. To fix all those problems you can run as root on self-hosted system: $ wget -q -U iCab http://files.aegir.cc/update/boa221fix.txt $ bash boa221fix.txt We have fixed this on all hosted and remotely managed Aegir instances already. @=> Other issues fixed in BOA head (run 'barracuda up-head system' to apply): * PHP: New Relic extension not installed even if _NEWRELIC_KEY is not empty. * Too restrictive open_basedir defaults break access to valid PEAR paths. ### Stable BOA-2.2.0 Release - Full Edition ### Date: Mon Mar 31 06:44:08 SGT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: There are many important changes and improvements in this release you should be aware of *before* running your BOA system upgrade. Even if you are on a hosted BOA system with upgrades managed for you, it is very important to read at least this extensive release notes. Here is a list of topics covered in detail further below: * New 'legacy' mode available for installs and upgrades * Important Note For Those Using Our Hosted Aegir Service! * Custom php.ini protection has changed and will not honor old settings * Barracuda no longer supports Percona since 2.2.0 release * Support for PHP FPM/CLI version safe switch per Octopus instance * All PHP FPM workers in 5.5, 5.4 and 5.3 now use the 'ondemand' mode * Drush aliases are now automatically copied to all relevant accounts * Drush is now restricted to use only trusted modules installed by default * The ~/.drush and other important directories and symlinks are protected * Support for safely configurable cache bins exceptions in Redis * Two-Factor-like Authentication to protect access to Chive DB Manager * Support for session.cookie_lifetime configurable via INI files * Support for files permissions-fix exceptions via platform level INI file * High-performance JavaScript callback handler (js) in all platforms And if you are more curious, read also the big changelog further below, which covers only a small number of over 560 commits since BOA-2.1.3 release. But what if you are not ready for this major upgrade and you would like to have more time for testing, but still be able to run system upgrades, thus effectively still using previous version 2.1.3 with standard command 'barracuda up-stable system', as explained in the docs/UPGRADE.txt? #-### New 'legacy' mode available for installs and upgrades We are introducing special 'legacy' mode both for BOA installs and upgrades. This means that starting with BOA-2.2.0 you can use commands like: $ boa in-legacy public server.mydomain.org my@email o1 $ barracuda up-legacy system $ octopus up-legacy o1 etc. These special 'legacy' commands allow you to install and/or upgrade the 'old stable', once the 'new stable' is released. But only until another 'stable' is released, of course. Thus you can use it only as an interim solution if you are not yet ready for latest 'stable' BOA Edition, for any reason, but you want to update at least the low level system packages, kernel etc. Note also that if you will upgrade to current 'stable', it is not possible to downgrade back to the 'old stable' with 'legacy' mode, so please proceed with care! This option will be particularly important once we release *next* major BOA Edition. It will come with terminated support for Drush 4, Drupal 5 and, yes, PHP 5.2 (finally). This step is required to use latest Drush 6+ with supported Drupal cores versions and supported PHP versions, which in fact is required to introduce the real Aegir 2.0 in BOA -- we are still using older, customized for backward compatibility, Aegir 2 HEAD version, so it is time to move on and stay up to date with everything, get new features like ability to manage Drupal sites in subdirectories etc. Once that *next* major BOA Edition is released, we will freeze the 'legacy' mode at 2.2.x series level, which will receive only security upgrades and no further feature nor bugfix releases. At that point you will have to stick to the 'legacy' BOA version if you will need to run PHP 5.2 and Drupal 5 with Aegir based on Drush 4. It will be still possible, but not recommended and not really supported, besides security related issues outside of Drupal. This also means that at that point the 'legacy' version will no longer receive Drupal core upgrades, even if there will be security core releases. Note that we don't use the term "major release" in the known convention for versions naming. It is because the first digit, for historical reasons, refers to the Aegir version supported, the second digit refers to BOA stack major release, and the last digit refers to both feature and bugfix BOA stack upgrades. #-### Important Note For Those Using Our Hosted Aegir Service! NOW is the time (and last chance) to upgrade all your legacy Drupal 5 sites and outdated Drupal 6 sites still not compatible with at least PHP 5.3, because once we upgrade to the *next* major BOA Edition, it will be no longer possible to still run Drupal sites not compatible with PHP 5.3 -- there were literally years of this legacy support provided, and this finally comes to the end, because we will not use the BOA 'legacy' mode on our own servers. It will be still available for remotely managed 'Aegir on Your Own Server' option, though, but only on request: https://omega8.cc/support #-### Custom php.ini protection has changed and will not honor old settings If you have custom settings in any of your php.ini files protected with old variable in the /root/.barracuda.cnf, make a backup of your ini files before running this upgrade. While these files will not get overwritten, they will no longer be used, because we have introduced new, standardized directory structure to properly support multi-PHP-versions systems. Respective php.ini files are now located in /opt/phpXX/etc/phpXX.ini for FPM and /opt/phpXX/lib/php.ini for CLI, where XX is 55, 54, 53 or 52, depending on the versions listed via _PHP_MULTI_INSTALL variable in the /root/.barracuda.cnf file. Also the variables used to protect ini files from being overwritten have changed to _CUSTOM_CONFIG_PHPXX. If you need any non-standard settings in any of active ini files, don't overwrite them with the old files, but rather carefully review and apply only the differences you need. #-### Barracuda no longer supports Percona since 2.2.0 release If you have used Percona before, Barracuda will force upgrade to MariaDB 5.5 and PHP rebuild automatically. We plan to add possibility to install MariaDB 10.0 once released as stable and tested. MariaDB is the default DB server in Barracuda for a long time already. #-### Support for PHP FPM/CLI version safe switch per Octopus instance This allows to easily switch PHP version by the instance owner w/o system admin (root) help. All you need to do is to create ~/static/control/fpm.info and ~/static/control/cli.info file with a single line telling the system which available PHP version should be used (if installed): 5.5 or 5.4 or 5.3 Only one of them can be set, but you can use separate versions for web access (fpm.info) and the Aegir backend (cli.info). The system will switch versions defined via these control files in 5 minutes or less. We use external control files and not any option in the Aegir interface to make sure you will never lock yourself by switching to version which may cause unexpected problems. Note that the same version will be used in all platforms and all sites hosted on the same Octopus instance. Why not to try latest and greatest PHP 5.5 now? #-### All PHP FPM workers in 5.5, 5.4 and 5.3 now use the 'ondemand' mode This change will help to better manage memory use, especially on systems with multiple PHP versions running in parallel. This will also free resources and allocate them dynamically only when requests are coming and only to the active FPM pools. Note that the 'ondemand' mode doesn't affect Zend OPcache, because it is managed by the parent process(es) which stay(s) active. The net result is that on a vanilla BOA install, without non-hostmaster sites running, the complete stack consumes just ~200 MB of RAM (in total, so with MariaDB, Redis and Nginx etc. included) with all three PHP-FPM versions running in parallel: 5.5, 5.4 and 5.3: CPU[#* 2.0%] Mem[|||||||||||||###***********************************209/1002MB] Swp[ 0/0MB] magic:~# ps axf | grep fpm 8380 ? Ss 0:00 php-fpm: master process (/opt/php55/etc/php55-fpm.conf) 8391 ? Ss 0:00 php-fpm: master process (/opt/php54/etc/php54-fpm.conf) 8402 ? Ss 0:00 php-fpm: master process (/opt/php53/etc/php53-fpm.conf) magic:~# #-### Drush aliases are now automatically copied to all relevant accounts While Aegir manages Drush aliases for its backend needs, they are normally not available for the main nor the extra shell users on the instance. But starting with 2.2.0, BOA automatically manages copies of all Drush aliases, by adding them, updating or removing, every 5 minutes, once it detects that there are changes applied, like: the site has been migrated to another platform, or associated client/owner has been updated, etc. You no longer need to `cd` to the respective site directory to perform some available Drush tasks. Just check the available aliases list with `drush aliases` and then enjoy the beauty of `drush @foo.com command` syntax. #-### Drush is now restricted to use only trusted modules installed by default Note: this change affects only Aegir backend/system user, typically o1, while all other limited shell accounts are not affected, because they are already individually jailed with protected custom php.ini and special Drush wrappers and settings. This means that you can skip this section if you are on a hosted Aegir. Customized Drush now included in BOA by default, will be able to use only extensions/commands bundled with contrib modules which are either a part of modules added in every platform via shared o_contrib/o_contrib_seven symlink located in the platform core modules directory, or are included in the built-in platforms installation profiles space, or in the system account, protected .drush sub-directory. This means that any Drush extension/command bundled with contrib module uploaded to the sites/all/modules space in all built-in platforms will be ignored and not available on command line for the backend user. The same applies to site level contrib space, if used. Additionally, any Drush extension/command bundled with custom platforms located in the ~/static directory tree will be completely ignored by Drush, no matter where uploaded: core, profiles, sites/all or sites/foo.com space. This is not a problem in hosted environments, where users normally never should have an access to the Aegir backend user, anyway. If you have any reason to use Drush on command line as an Aegir backend/system user, for example to escape limited shell restrictions, we recommend to install vanilla Drush 6, for example in /opt/tools/drush/vanilla/drush/ and then symlink it into /usr/local/bin/ with custom name, so it will be available automatically in your backend o1 user's PATH. Further improvements to secure sites and instances in a completely locked virtual jails are planned in next BOA releases, which will address all other known and even potential security issues in Aegir. #-### The ~/.drush and other important directories and symlinks are protected There are directories, files and symlinks which should be protected from any changes and managed exclusively by the BOA system. The reasons may vary from security to avoidable support requests when the less experienced user will delete his sites or platforms symlinks, while they can't be easily nor automatically recreated. It also prevents the sub-accounts users from using their account home directory as a private upload/archive disk space. #-### Support for safely configurable cache bins exceptions in Redis Sometimes you may want to exclude some problematic cache bins from Redis so they will use default SQL engine, at least until related issue will be fixed either in your contrib code or in the Redis integration module. Normally you had to edit the local.settings.php file which is both tedious and dangerous because of extra steps: https://omega8.cc/node/230 to add a line, for example: $conf['cache_class_cache_foo'] = 'DrupalDatabaseCache'; Plus, it had to be done for every site separately. Now you can simply list the cache bins to exclude, comma separated, either in the site or platform level active INI file. Example: redis_exclude_bins = "cache_views,cache_foo,cache_bar" #-### Two-Factor-like Authentication to protect access to Chive DB Manager We are introducing Two-Factor-like Authentication logic - now extended also to protect Chive DB Manager, Collectd Graph Panel and SQL Buddy DB Manager. You must be logged in via SSH and run any auto-continuos command, for example: `ping -i 30 google.com` to keep the access open for your IP address. Why is this important? While BOA forces HTTPS connection for Chive, anyone who knows the URL can access it and attempt to either run brute-force attack to get into your site's database, or at least attempt to hammer the server and cause DoS-like effects, at least until the system will block his IP on the firewall. The other important reason is that your site's DB credentials change only when you migrate or rename the site, and otherwise remain intact. Now, what if you have an employee or a freelancer whom you no longer want to be able to access your site? If you think that deleting his SFTP sub-account is enough, think again. He still can access your site's database via Chive, if he knows the site's DB credentials and the Chive URL. But now it's no longer possible. Only the visitor who is able to successfully authenticate himself via SSH, and keeps active SSH session, will be able to access the Chive URL. The rest of the world will see just dummy Nginx 403 Access Denied error. And in case you are using self-hosted BOA, the same protection is applied also to Collectd Graph Panel and SQL Buddy DB Manager. #-### Support for session.cookie_lifetime configurable via INI files You can control session cookies expiration (TTL) per site and per platform. The value (in seconds) of the session_cookie_ttl variable is used as session.cookie_lifetime value. BOA default defined in the system level global.inc file is 86400 == 24h. We also recommend that you enable and configure built-in session_expire module, which allows you to keep the sessions DB table tidy. Make sure that TTL set via session_cookie_ttl variable is *lower* than TTL configured in the session_expire module, because the module does not care about PHP settings and simply deletes old entries from the sessions table on cron run. #-### Support for files permissions-fix exceptions via platform level INI file You can opt-out from globally enabled daily-permissions-fix procedure per platform with new fix_files_permissions_daily variable. This feature can be useful when you prefer to manage custom platform in a monolithic codebase mode in Git, so forcing permissions could conflict with your workflow or development tools. Otherwise you should never disable this to avoid issues with Aegir tasks related to sites on this platform. Note that the system level option _PERMISSIONS_FIX (introduced in BOA-2.1.0 and set to NO by default) should be also enabled with YES in the system level /root/.barracuda.cnf file, if you prefer to have permissions fixed in all sites on all platforms, except those with fix_files_permissions_daily = FALSE set in the platform level, active INI file. #-### High-performance JavaScript callback handler (js) in all platforms All platforms, both built-in and custom in the ~/static directory tree, enjoy automatically added High-performance JavaScript callback handler (js) support, which requires extra /js.php file in the platform root and also proper Nginx rewrites. The module itself is also included in the built-in o_contrib bundle. All you need is to enable the module, if recommended by any other module, and enjoy much faster page generation, where possible. You can review the full list of modules which will benefit from this great helper module on its project page: https://drupal.org/project/js Enjoy another super-fast and even more powerful BOA Edition! # New Octopus platforms: ### Drupal 7.26.4 Guardr 1.1 ------------------- https://drupal.org/project/guardr # Updated Octopus platforms: ### Drupal 7.26.4 Commerce 1.24 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.13 ---------------- https://drupal.org/project/commerce_kickstart Commons 3.9.1 ---------------- https://drupal.org/project/commons Drupal 7.26.4 ---------------- https://drupal.org/drupal-7.26 Open Academy 1.0 ------------- https://drupal.org/project/openacademy Open Atrium 2.15 ------------- https://drupal.org/project/openatrium Open Deals 1.32 -------------- https://drupal.org/project/opendeals Open Outreach 1.5 ------------ https://drupal.org/project/openoutreach OpenBlog 1.0-a3 -------------- https://drupal.org/project/openblog OpenChurch 1.12 -------------- https://drupal.org/project/openchurch OpenScholar 3.12.1 ----------- http://theopenscholar.org Panopoly 1.2 ----------------- https://drupal.org/project/panopoly Recruiter 1.1.2 -------------- https://drupal.org/project/recruiter Spark 1.0-b1 ----------------- https://drupal.org/project/spark Totem 1.1.2 ------------------ https://drupal.org/project/totem Ubercart 3.6 ----------------- https://drupal.org/project/ubercart ### Pressflow 6.30.1 Commons 2.16 ----------------- https://drupal.org/project/commons Feature Server 1.2 ----------- http://bit.ly/fserver Managing News 1.2.4 ---------- https://drupal.org/project/managingnews Open Atrium 1.7.2 ------------ https://drupal.org/project/openatrium Pressflow 6.30.1 ------------- http://pressflow.org Ubercart 2.13 ---------------- https://drupal.org/project/ubercart # New features and enhancements in this release: * Add High-performance JavaScript callback handler (js) in all platforms. * Add session_expire module to shared contrib space in all platforms. * Add support for session.cookie_lifetime configurable via INI variable. * Allow to control swap clear with control file /root/.no.swap.clear.cnf * Auto-Update all BOA install and upgrade wrappers daily. * Default system /bin/sh symlink target replaced with /bin/websh wrapper. * Disable tcp_slow_start_after_idle for better SPDY performance. * Improve the logic in the global.inc for faster processing. * Issue #1217486 - Add o_contrib symlinks on platform Verify task. * Issue #1310054 - Add support for drush aliases in all lshell accounts. * Issue #2148335 - Add Default Localhost Vhost. * Issue #2166641 - Make hard-coded load thresholds configurable. * Issue #2170079 - Use _CUSTOM_CONFIG_LSHELL to protect lshell.conf template. * Issue #2226919 - Custom Platforms in Version Control (skip permissions fix). * Lshell: Update /etc/lshell.conf only when required instead of every 5 min. * Manage extra db GRANT for 127.0.0.1 to allow SSH tunneling for SQL access. * New option _REDIS_LISTEN_MODE to configure PORT or SOCKET mode globally. * Nginx: Add support for protected PHP-FPM monitor. * Nginx: Force aggressive no-cache headers for the under construction page. * Nginx: Switch to buffered logging when /root/.high_traffic.cnf exists. * PHP: Add support for FPM/CLI version safe switch per Octopus instance. * PHP: Allow to install and run all supported versions: 5.5, 5.4, 5.3, 5.2 * PHP: Extra php.ini files automatically managed per system and shell user. * PHP: FPM workers in 5.5, 5.4 and 5.3 will use 'ondemand' mode by default. * PHP: Use separate FPM pools per Octopus instance. * PHP: Use TCP Socket mode for all FPM pools and Port mode for legacy vhosts. * Protect ~/.drush and other important directories and symlinks from changes. * Redis: Allow to exclude cache bins on the fly, per site or per platform. * Save 295 seconds on BOA Install and Upgrade. * Set and auto-manage strict permissions on some important config files. * Set PHP CLI version in the /bin/websh wrapper on the fly. * Use Two-Factor-like Authentication logic for Chive DB Manager access. * Improve `sqlmagic fix file.sql` to properly replace INSERT INTO with INSERT IGNORE INTO (a workaround for duplicate keys in the DB dump) * Use the same trick with modules/local-allow.info to temporarily make civicrm.settings.php writable, if exists. # Changes in this release: * Add ~/static/trash/* to automatic daily cleanup. * Add coder to auto-disabled modules -- see #2068771 * Allow 'drush uli' as root, but deny root access to Drush by default. * Disable D8 install via _ALLOW_UNSUPPORTED until next release. * Do not enable SYNFLOOD protection by default. * Do not force old_short_name in any profile file directly. * Firewall: Allow to connect to Apple Push Notification service (APNs) * Issue #289 - Update lshell env_path for RVM and install/update global gems. * Issue #292 - Open standard RTMP port 1935. * Lshell: Use latest Drush 6 (master) by default and remove other versions. * Nginx and PHP-FPM: Better default timeout limits. * Nginx: Add apk, pxl, ipa to known mime types / download extensions. * Nginx: Use text/xml mime type for .xml URLs and restore other mime defaults. * Open local access for web based sites cron. * Open outgoing port 2525 for custom SMTP connections. * Percona DB server is no longer supported. * PHP: Always build from sources. * PHP: Disable 5.2 FPM if installed, but not used. * PHP: Only critical errors are enabled by default in the CLI mode. * PHP: Reloading FPM hourly no longer makes any sense. * PHP: Remove support for deprecated APC and Memcached. * PHP: Restore MailParse support - 2.1.6 * PHP: Use aggressive disable_functions defaults (further tuned per FPM pool). * Redis: Integration module (the modern variant) upgrade to 7.x-2.x-o8-2.6-A * Redis: Use modern version with enabled fast lock and aggressive flush mode. * Remove insecure exception for wkhtmltopdf uploaded in the user space. * Rename master repository on GitHub from legacy nginx-for-drupal to boa. * Set _STRICT_BIN_PERMISSIONS=YES by default. * Upgrade Compass Tools on every upgrade, not just on new BOA release. * Use 60s opcache.revalidate_freq by default to save disk I/O on live sites. * Use Ruby Version Manager (RVM) by default to manage Compass Tools etc. * Use RVM for global gem installation and updates. * Use search_api_solr-7.x-1.4 for new installs. * Use web based cron by default to benefit from Zend OPcache. * Do not check existence nor auto-config Purge/Expire unless INI variable purge_expire_auto_configuration is set to TRUE (automatically, when the module is detected as enabled). * New naming convention for Ubercart 3.x platforms: [ud2] to support upgrades from uberdrupal profile, and [aq3] to support upgrades from acquia profile. Note that you have to choose Vanilla Testing profile to see [ud2] or Vanilla Minimal to see [aq3] platform in the Add Site form. * GitHub is now our main repository, we re-open the issue queue there for patches merge requests, while d.o has a code mirror status from now on. * Make it crystal clear that Ubuntu is barely supported, rarely tested and thus not recommended. * The "Run cron" extra task has been removed for security reasons. Site cron can be run either via standard, scheduled in Aegir procedure, which uses local, but web based request to the protected /cron.php URL, or on command line, or from the site admin area, as usual. # System upgrades in this release: * Bazaar Version Control System (bzr) 2.6.0 * Collectd Graph Panel (CGP) master-30-03-2014 * cURL 7.36.0 (if installed from sources) * Git 1.9.1 (if installed from sources) * Jetty 7.6.14, 8.1.14, 9.1.3 * Limited Shell 0.9.16.5-om8 * MariaDB 5.5.36 * MySecureShell 1.32 * Nginx 1.5.12 * OpenSSH 6.6p1 (if installed from sources) * OpenSSL 1.0.1f (if installed from sources) * PHP 5.4.26 * PHP 5.5.10 * PHP: Imagick 3.1.2 * PHP: ionCube loader 4.5.3 * PHP: MongoDB 1.4.5 (optional add-on) * PHP: Zend OPcache master-09-03-2014 * PHPRedis: master-22-03-2014 * Redis 2.8.8 * Ruby 2.1.1 (from now on compiled from sources) # Fixes in this release: * Add fix_collectd_nginx for Collectd config update. * Add missing panopoly_demo app in the Panopoly distro to fix broken install. * Add missing variables to active INI files, if needed. * Avoid way too long Speed Booster TTL for bots, especially for rss feeds. * Changing old_short_name mapping to: uberdrupal->testing and acquia->minimal * Do not force old_short_name if already set in db/drushrc. * Do not run swap clean when heavy tasks like cdp backup run. * Drush: Simplify and improve access restrictions logic when aliases are used. * Excessive and useless Drush internal cache clear in daily.sh removed. * Fix default PATH in all sub-scripts. * Fix for broken cURL from sources install logic. * Fix for drush make broken by websh fix for cd wildcard crash fix. * Fix for multi-IP cron access. * Fix missing /dev/fd early enough to avoid broken tasks in Aegir. * Fix the logic in manage_ip_auth_access() * Fix to avoid daily services maintenance/cron freeze if Jetty didn't stop. * Force backward compatible SERVER_SOFTWARE to silence core warnings. * Force OpenSSH rebuild on OpenSSL upgrade (if installed from sources). * Issue #1317322 - Filters UI broken. * Issue #1991908 - Fix the syslog flood caused by collectd df plugin. * Issue #2057213 - Use better SQL GRANT style. * Issue #2110589 - Unable to install BOA correctly on Debian 6.0 and OpenVZ * Issue #2141283 - Drush aliases like `drush dbup` no longer work properly. * Issue #2144801 - Display bug on add site. * Issue #2144947 - Install new Ruby for better compatibility with new gems. * Issue #2150557 - Make the check and update procedure for UseDNS safe. * Issue #2152383 - Fix for [js module] - add js_server_software variable. * Issue #2159881 - Drush is broken because Console_Table URL no longer works. * Issue #2161115 - AdvAgg: Strictly follow RFC 2616 14.21 * Issue #2167141 - Do not exclude --with-ldap --with-gmp in the PHP on Wheezy. * Issue #2172089 - Fix for syntax error. * Issue #2173209 - Do not use legacy (removed) symlink for version check. * Issue #2175197 - Regex configuration not matching esi/ssi tags. * Issue #2177837 - process.max not set correctly for PHP 5.5 and 5.4 * Issue #2182671 - Solr 4 with Jetty 8 does not start after upgrade. * Issue #2188907 - Update docs criteria for not rebuilding ssh, ssl, and curl. * Issue #2199229 - CiviCRM 4.4.4 Requires change in the Nginx configuration. * Issue #288 - SMTP Authentication Module depends on fsockopen. * Lshell: Fix for crash on wildcard cd. * Lshell: Remove symlinks for legacy drush_make. * Modules can be incorrectly whitelisted from dis by installation profile. * Nginx: Add exceptions for known video players. * Nginx: Avoid downtime on upgrade because of too low variables_hash_max_size * Nginx: Better gzip defaults. * Nginx: Default value of variables_hash_max_size is too low. * Nginx: Do not overwrite gzip_types. * Nginx: Improve fastcgi defaults. * Nginx: Remove too broad regex for 'flag' keyword in the URI. * Nginx: Send Access-Control-Allow-Origin * header also for /favicon.ico * Nginx: Use port 9090 in nginx_octopus_include.conf by default (PHP-FPM 5.3) * Nginx: Use Redirect 301 for legacy paths /sites/default/files/* * Once you have next 2.3.x installed, you can't downgrade to legacy 2.2.x * PHP: Add protection for instance level php.ini files. * PHP: Fix for broken build when --with-ldap is used. * PHP: Fix for broken dependencies in newer Debian and Ubuntu systems. * PHP: Fix for forced rebuild mode if lib curl is broken or updated with apt. * PHP: Fix for GEOS 3.4.2 and multi-version install. * PHP: Fix for legacy 5.2 logic. * PHP: Force 5.5 to use correct SQL drivers so its built-in will not be used. * PHP: Reduce duplicate rebuilds. * PHP: The --with-curlwrappers option has been removed in 5.5 * Redis: Auto-Restart if socket is missing only when socket mode is enabled. * Redis: Exclude cache_form bin or it will break modules like ajax_comments. * Redis: Force clean restart daily, with long enough sleep time. * Redis: Restore pwd protection. * Redis: The cache_metatag bin needs aggressive flush mode -- see #2062379 * Reduce system load during db backups with short delays between databases. * Remove collectd on major system upgrade even if /var/www/cgp doesn't exist. * Silence AIS (Adaptive Image Styles) module .htaccess requirements. * Sort and group cnf variables to bring some order into this chaos. * Symlink main drush wrapper to shared location outside of Master Instance. * Update for Redis bins exceptions logic. * Update system load check method in all scripts. * Use forced Jetty restart mode. * Use https in the welcome screen image src URL. * Use IPv4-strict hostname and IP checks only. # Known Issues on systems upgraded to BOA-2.2.0 release (all fixed) ==> Updated on Tue Apr 1 12:20:27 SGT 2014 @=> Issues hot-fixed in stable (run 'barracuda up-stable system' to apply): * Compass Tools don't use correct paths to Ruby 2.1.1 * Chive Authentication via SSH session doesn't work on some older instances. * PHP: Disabled 'create_function' may break some contrib modules or code. * PHP: Disabled 'assert' may cause warnings on features revert. * Cron for sites doesn't work on old instances without Nginx wildcard vhost. * The 'git pull' command is broken in limited shell. * FTPS (FTP over SSL) connections may experience TLS problems. * The 'rsync' command is broken in limited shell. * The drush dl foo can't be run outside of site directory. ### Stable BOA-2.1.3 Release - Full Edition ### Date: Thu Nov 21 17:55:47 SGT 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This release provides Drupal 7.24.1 and Pressflow 6.29.1 core security upgrade for all supported distributions. It also includes two updated platforms and several fixes for issues discovered since BOA-2.1.2 released 3 days ago, plus some clever improvements to help you automatically optimize all tables daily, or even automatically convert tables to-innodb or to-myisam, either per site or per platform, or per entire Octopus instance. There is also Purge Cruft Machine available to run some spring-cleaning daily with configurable TTL. Enjoy another super-fast and even more clever BOA Edition! # Updated Octopus platforms: ### Drupal 7.24.1 Open Atrium 2.0.9 ------------ http://drupal.org/project/openatrium OpenScholar 3.9.3 ------------ http://openscholar.harvard.edu # New features and enhancements in this release: * Purge Cruft Machine moved to daily.sh agent and made configurable with _DEL_OLD_BACKUPS and _DEL_OLD_TMP per Octopus instance. If changed to any number greater than "0" it will automatically delete backups stored in the /data/disk/U/backups/ directory and in all hosted sites backup_migrate directories, during daily cleanup, if created more than X days ago, where X is a number of days defined in _DEL_OLD_BACKUPS. If "0" then this feature is disabled. It can't be configured via INI files, so you may need to submit support request if you want to customize this option set to 7 days by default on all hosted instances, as per our backups policy: https://omega8.cc/backups The same logic applies to _DEL_OLD_TMP which defines for how long the temporary files in all hosted sites files/tmp/ and private/temp/ directories are kept before deleting them during running daily maintenance. * Added sql_conversion_mode variable in the platform and site level INI to customize instance-wide mode optionally set via _SQL_CONVERT. This option allows to activate and/or customize DB tables conversion per site, per platform and via _SQL_CONVERT per Octopus instance. Supported values are: innodb and myisam (lowercase only!) Note that this conversion will run daily even if all tables have been already converted, so it will run OPTIMIZE on all tables, effectively. Related Issue #2126471 - Convert DB engine control files to ini format. # Changes in this release: * Allow to install unsupported distros only in head, not stable. * Contrib update: advagg-7.x-2.3 * Map drush to drush6 on command line. You can still use drush4 and drush5. * New contrib: display_cache * New contrib: panels_content_cache * Nginx 1.5.7 -- security upgrade. * Use dev versions of CDN module with patch for AdvAgg 7 compatibility. * Use Drush 5 and 6 head until next release. # Fixes in this release: * Always cleanup temp downloads to avoid failed builds due to leftovers. * Always fix permissions on contrib on upgrade and in daily.sh agent. * Better auto-recovery when broken libcurl is detected. * Delete any tar/gz/zip files in modules|themes|libraries daily. * Delete dangerous local-allow.info file. * Display all active INI variables in HTTP headers on dev URLs. * Fix for cron auto-correction. * Fix for Feature Server broken due to incorrect context version downloaded. * Fix the logic for cURL install from sources. * Nginx: Add Access-Control-Allow-Origin header also for static .json * Nginx: Protect also .md files in modules|themes|libraries dirs. * Issue #2137583 - Permissions on the site directory are broken after running, how ironically, the Health Check task. * Issue #2138811 - Maintenance agent disables modules from its standard turn-off list, even if they are required by other modules, apps or features. # Known Issues on systems upgraded to initial BOA-2.1.3 release ==> Updated on Thu Nov 28 18:33:58 SGT 2013. @=> Issues which will trigger `barracuda up-stable system` if discovered: * PHP: Fix for broken cURL from sources install logic. * PHP: Fix for forced rebuild mode if lib curl is broken or updated. * PHP: Fix for legacy 5.2 rebuild required when broken libcurl is detected. * Use dummy variable instead of 'true' to avoid breaking the logic. @=> Issues which will NOT trigger `barracuda up-stable system` if discovered: * Add coder to the auto-disabled modules list -- see #2068771 * Excessive and useless Drush internal cache clear in daily.sh * Issue #2141283 - Drush aliases like `drush dbup` no longer work properly. * Issue #8215957 - Invalid version type error in old Drush Make. * MariaDB 5.5.34 just released. * Redis: Incorrect permissions on the integration module directory. * Modules can be incorrectly whitelisted by installation profile and never disabled, while they should be. # HotFix for known post-upgrade issues Run the boa-fix-upgrade script when logged in as system root: $ cd;rm -f boa-fix-upgrade.sh.txt* $ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt $ bash boa-fix-upgrade.sh.txt This script is updated once there is any new regression or bug discovered, so it is safe and recommended to run it again if the list of known issues have been updated. Note that this script will detect and fix all Octopus instances on your system at once. ### Stable BOA-2.1.2 Release - Full Edition ### Date: Mon Nov 18 00:03:30 SGT 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This is primarily a bug-fix release and you should read release notes and also the changelog for both BOA-2.1.1 and BOA-2.1.0 for a context, especially if you are upgrading from BOA-2.0.9 or older release (we have tested upgrades from as old Editions as BOA-2.0.1, released on Dec 28 07:00:00 EST 2011). This Edition includes fixes for all Known Issues on systems already upgraded to initial BOA-2.1.1 release, plus some extra improvements and one updated platform (Managing News). Important new features include ability to use either legacy (default) or modern (highly recommended) version of Redis integration module. The reason we don't enable the modern version by default is that it may need some testing before using it on a complex Drupal sites. The modern version of Redis integration module comes with some great new features which allow you to configure flush mode per cache bin, with three modes available. Please refer to the module README for more information on all available advanced flush modes: http://bit.ly/1drmi35 It also comes with super-fast lock backend, which can be enabled only when you are using the modern version, but still needs more improvements, so we auto-configure some exceptions on the fly, when it is used, to avoid known issues, as reported in the queue: https://drupal.org/node/2135545 Please read also INI docs to understand how it works, and how to improve performance by enabling and tuning these settings: http://bit.ly/1bwfZZj Enjoy! # Updated Octopus platforms: ### Pressflow 6.28.3 Managing News 1.2.4 ---------- http://drupal.org/project/managingnews # New features and enhancements in this release: * Redis: Modern integration module 7.x-2.5 with latest fixes from #2135545 is available as an option with new INI variable: redis_use_modern * Redis: New option redis_flush_forced_mode to better control flush modes when redis_use_modern = TRUE * Add example for custom Speed Booster cache TTL configuration in the optional override.global.inc file. It can be used also in local.settings.php file. * Add detection and auto-config for the allow_private_file_downloads variable. * Issue #1978066 - Add _RESERVED_RAM variable for "reserved" memory. * Map all old_short_name profiles relations in the Aegir Provision directly. # Updated Aegir modules or extensions: * Newer aegir_custom_settings 6.x-2.3 with site clone added for client role. * Newer registry_rebuild 7.x-2.1 with fixed critical bug - see: #2130905 # Changes in this release: * Auto-Disable views_cache_bully also when Ubercart is enabled. * Do not delete testing profile, we need it for acquia->testing upgrade path. * Do not map old_short_name on the Octopus level, it is moved to Provision. * Make ACTIVE INI files comments-free to never confuse them with templates. * Make the fix for known Feeds problem global, not just ManagingNews specific. * PHP: 5.4.22 and 5.5.6 as an option (for testing only). * PHP: Use latest (master) phpredis_new by default. * Redis: Default integration module version reverted to pre-7.x-2.0 release. * Redis: Force rebuild on system upgrade to update also Redis config. * Redis: Make redis_lock_enable available only when redis_use_modern = TRUE * Set opcache.revalidate_freq to 5 sec only on non-dev URLs by default. * Switch Ubercart 3 to use D7 Minimal instead if Standard to fix upgrade path. * Update prev release notes to explain importance of using latest Pressflow 6. # Fixes in this release: * Always fix permissions on contrib on upgrade and in daily.sh agent. * Avoid files checks for Drupal for Facebook and Domain Access by default. * Better auto-recovery when broken libcurl is detected. * Fix for cron auto-correction. * Fix for post-upgrade permissions issues affecting modules|themes|libraries. * Fix for too restrictive permissions in /data/all/000/* * Fix regression in the logic for dev URLs detection and auto-configuration. * Fix the forced contrib upgrade logic. * Fix the logic for cURL install from sources. * Improve procs monitoring agent with better whitelisting. * Improve sanitize_string() filtering to avoid issues with strong passwords. * Issue #1860706 - Native, unified support also for D6 lock backend. * Issue #2023895 - Do not kill java, only jetty and tomcat procs when needed. * Issue #2105477 - Allowed gem commands need custom aliases in lshell. * Issue #2134329 - Going from 2.0.9 to 2.1.1 does not update platforms. * Issue #2135545 - Lock Backend freezes the site on cache clear. * Issue #2136413 - Use -H to force correct HOME environment variable. * Issue #2136413 - Use sudo to avoid lshell protection in DB auto-conversion. * Make sure that /usr/local/bin is in the PATH. * Make the check_if_required test in daily.sh six (6) times faster. * Nginx: Fix too restrictive access policy for Aegir specific /hosting URI. * Redis: Add some debugging on dev URLs to make sure permissions are correct. * Redis: Added prefix support for lock backend. * Redis: Disable persistent mode to never use on-disk storage, see #2135545 * Redis: Do not enable tcp-keepalive or weird things may happen, see #2135545 * Redis: Exclude some bins to avoid issues with lock support, see #2135545 * Redis: Missing default values on variable_get() calls causing D6 break. * Redis: Update docs and naming convention for modern integration module. * Silence cURL test in meta-installers. * Sync randpass with sanitize_string(). * Set less restrictive permissions on civicrm.settings.php since provision_civicrm does not make the file writable temporarily as it should. # Known Issues on systems upgraded to initial BOA-2.1.2 release ==> Updated on Thu Nov 21 01:28:23 SGT 2013 with all fixes applied to stable. * Feature Server platform is broken since BOA-2.1.0 due to incorrect context module version downloaded via makefile. This bug affects only some instances upgraded to head and not stable, but since in the first 24 hours after BOA-2.1.2 release our static downloads were still out of sync on two of our mirrors, it is safe to assume that you should run the HotFix via boa-fix-upgrade.sh.txt anyway. * There is regression introduced in the maintenance agent logic, which results with dependency check effectively ignored. This may cause various disastrous effects, like disabling all modules chained via feature or via apps module, because apps module requires update module, which is normally disabled. While any feature which requires dblog or update module enabled is considered as a serious developer error and should be avoided, we have to respect all dependencies defined to never break any site by forcefully disabling modules. * Part of the Site Health Check task (the `drush6 status-report` command) breaks permissions on the site directory, which blocks any further tasks like Clone, Migrate and Backup. This regression was introduced in the BOA-2.1.0 release. # HotFix for known post-upgrade issues Run the boa-fix-upgrade script when logged in as system root: $ cd;rm -f boa-fix-upgrade.sh.txt* $ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt $ bash boa-fix-upgrade.sh.txt This script is updated once there is any new regression or bug discovered, so it is safe and recommended to run it again if the list of known issues have been updated. Note that this script will detect and fix all Octopus instances on your system at once. ### Stable BOA-2.1.1 Release - Full Edition ### Date: Sat Nov 9 17:00:00 EST 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: There are some important bug fixes in this release, along with changes to the Auto-(En|Dis)able agent, explained in greater detail in embedded docs included in platform specific INI file template. Note that the system agent doesn't modify any existing and active INI file, so updated docs are included only in the updated each morning INI templates: default.boa_platform_control.ini and default.boa_site_control.ini You can find both INI templates also online at: https://omega8.cc/node/293 We have also added some docs to help you if you experience any issues with cached, Views based pages and panels: https://omega8.cc/node/292 Note also that since BOA-2.1.0 all D6 based sites are forced to use PHP 5.3.27 on hosted and managed Aegir instances, even if they were previously configured to use deprecated, insecure, unstable and outdated PHP 5.2 for D6 based sites. This means that if you are using either too old D6 core (older than 6.28.x) some features will stop working, namely imagecache, /update.php and any feature which depends on contrib modules not yet compatible with PHP 5.3 We have allowed to use PHP 5.2 for too long, to give enough time (in years) to upgrade to latest Pressflow 6.x version and we no longer can extend this allowance, for obvious security and systems stability reasons. Furthermore, sticking with PHP 5.2 would not allow us to use latest Aegir 2.x version (BOA still includes a bit older Aegir 2.x for backward compatibility), since newer Aegir versions need newer Drush (BOA still uses ancient Drush 4.6) and newer Drush requires newer PHP version. It is even more important because Drupal 8 will not run on older PHP nor Drush older than 7.x, so there is basically no choice other than make all your sites compatible with PHP 5.3, or you will miss all future BOA system upgrades. Now even PHP 5.3 is officially in the EOL (End-of-Live) phase, with only security fixes expected, but also only until July 2014 and then it will be completely deprecated, so we will have to switch to modern PHP 5.5, first introduced as an option, later this year. Upgrading to latest Pressflow 6.x is *very* easy. Just add all contrib modules you are using in your outdated 6.x platform to the latest Pressflow 6.x platform we provide by default, reverify the new platform, clone the site in the old platform, migrate the cloned copy to the new platform and if everything works fine, migrate also your live site. It will take less than 15 minutes and there is absolutely no excuse to not upgrade. If you experience issues with your site due to the old core used on now forced PHP 5.3, we can temporarily revert it to PHP 5.2 for the last time, but it is really a bad idea. Much better idea is to find those 15 minutes and upgrade your site, so we could continue to provide future upgrades and new amazing features also for your Aegir instance. Enjoy new, shiny BOA Edition! # Updated Octopus platforms: ### Drupal 7.23.3 Open Atrium 2.0.4 ------------ http://drupal.org/project/openatrium Open Deals 1.31 -------------- http://drupal.org/project/opendeals OpenBlog 1.0-a3 -------------- http://drupal.org/project/openblog Recruiter 1.1.2 -------------- http://drupal.org/project/recruiter Spark 1.0-a10 ---------------- http://drupal.org/project/spark Totem 1.1.2 ------------------ http://drupal.org/project/totem ### Pressflow 6.28.3 Commons 2.13.2 --------------- http://drupal.org/project/commons Open Atrium 1.7.2 ------------ http://drupal.org/project/openatrium # New features and enhancements in this release: * Document all system-level control files in docs/ctrl/system.ctrl * Fast Redis lock implementation is now enabled by default for D6 and D7. * Nginx: Add NAXSI (Nginx Anti XSS & SQL Injection) WAF as an option. * Use 100% static downloads in stable to remove dependency on github and d.o * Use extended connection check procedure before exit 1. * Use reliable Redis UP check via PING/PONG instead of pid file check. # Updated o_contrib modules: * Contrib update: httprl-6.x-1.13 * Contrib update: httprl-7.x-1.13 * Contrib update: redis-7.x-2.3 * Contrib update: views_cache_bully-6.x-3.x * Contrib update: views_cache_bully-7.x-3.x * Contrib update: views_content_cache-7.x-3.0-alpha3 # Changes in this release: * Introducing Pressflow 6.28.3 to include fix for #2130865 * Updated INI docs for views_cache_bully and views_content_cache. * ProsePoint moved to unsupported. * Private files mode in D7 requires allow_private_file_downloads = TRUE in boa_site_control.ini or boa_platform_control.ini and is disabled by default. * Do not enable views_cache_bully and views_content_cache, unless special control files exist and related variables in the platform specific INI are not set to TRUE. * Auto-Disable views_cache_bully on sites with commerce module enabled, but allow to override it with ~/static/control/enable_views_cache_bully.info and views_cache_bully_dont_enable = FALSE # Fixes in this release: * All-in-One Site Health Check in Aegir not displayed for non-uid=1 users. * Always prepare shared D6 and D7 cores. * Always remove www. from the Redis cache key prefix. * Better check for not yet updated Octopus instances in a batch upgrade mode. * Check if ctools is enabled before attempting to enable views_content_cache. * Do not force HEAD on Precise. * Fix for /root/.upstart.cnf consistency. * Fix for PATH in aegir.sh * Fix still too aggressive procs monitoring. * Fix the check_if_required() logic in the Auto-Disable agent. * Improve all cURL based downloads with auto-continue mode. * Issue #1980250 - Fix for broken cache_page bin in Redis integration module. * Issue #2127237 - New Relic: Unable to initialize module on Debian Wheezy. * Issue #2128233 - Rsyslog is still installed and consumes all CPU on OpenVZ. * Issue #2128819 - Better exceptions in too aggressive process monitoring. * Make sure to never set any HTTP headers or redirects in the backend. * Nginx: Do not use separate location for /images/ URI shortcut. * Nginx: Fix for regression in "Rewrite for legacy requests with /index.php". * Nginx: Fix the logic for restricted access to /authorize.php and /update.php * Nginx: Map URI shortcuts early to avoid overrides in other locations. * Remove rsyslog on VZ, if installed. * Restore backward compatibility with IP and not wildcard based vhosts. * Use silent upgrade mode in _LENNY_TO_SQUEEZE and _SQUEEZE_TO_WHEEZY. * Issue #2127329 - AdvAgg (D6 version) presence in o_contrib should not auto-disable standard aggregation, unless the module is enabled. # Known Issues on systems upgraded to initial BOA-2.1.1 release ==> Updated on Tue Nov 12 14:44:16 EST 2013 with all fixes applied to stable. * Fast Redis lock may cause problems on node edit, with temporary error saying that the node was changed by "another user", because current implementation was not multisite-aware enough. * Views Cache Bully module, if enabled after upgrade to BOA-2.1.0, may break the cart and checkout on sites using Ubercart, and should be disabled automatically like it is done for Commerce based sites since BOA-2.1.1 * The version of Redis integration module included: 7.x-2.3 causes warnings for D6 sites, visible either on dev URLs or on command line and may break some advanced Views configurations if custom caching is not yet enabled. It may also break menu updates due to not aggressive enough cache clear policy for cache_menu bin. * Permissions set daily on the civicrm.settings.php file are too restrictive and since provision_civicrm extension does not make this file writable before attempting to re-create it, as it should, all tasks on CiviCRM enabled sites fail. * Permissions on sites/all/{modules,theme,libraries} on newly added, empty platforms with no sites created yet, so not included in the running daily permissions fix, are initially not group writable, as they should be. * The check_if_required procedure in the running daily maintenance agent to detect if the module is required by any other module or feature or by installation profile, is 6 (six) slower than it should be and never disables devel module properly. * The running daily maintenance agent does not disable files checks for Drupal for Facebook (fb) and Domain Access modules as it should in the platform level INI file, unless those modules are detected. # HotFix for known post-upgrade issues Run the boa-fix-upgrade script when logged in as system root: $ cd;rm -f boa-fix-upgrade.sh.txt* $ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt $ bash boa-fix-upgrade.sh.txt This script is updated once there is any new regression or bug discovered, so it is safe and recommended to run it again if the list of known issues have been updated. You can also run another upgrade with "barracuda up-stable system" command, followed by "octopus up-stable all both log" since all fixes have been applied to current stable as well, but boa-fix-upgrade script is faster than running complete upgrade again. ### Stable BOA-2.1.0 Release - Full Edition - Now NSA-proof ### Date: Sat Nov 2 18:15:19 EDT 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: There are some really important changes and improvements in this release you should be aware of before running your BOA system upgrade. Even if you are on a hosted BOA system with upgrades managed for you, it is very important to read at least this release notes. And if you are more curious, read also the giant changelog further below. Besides all changes, fixes and improvements, all currently supported Drupal distributions have been upgraded to use latest Drupal core versions. Plus, there are seven (7) NEW platforms included! #-### Control files to customize your BOA system per platform and per site Almost all control files are now replaced with two centralized, platform and site specific INI files, using standard PHP INI format. The platform specific INI file template with extensive documentation included, has filename default.boa_platform_control.ini and is located in the sites/all/modules directory. The site specific INI file template with extensive documentation included, has filename default.boa_site_control.ini and is located in the sites/foo.com/modules directory. Any existing control files, both on the platform and site level will be automatically converted into active INI files and then deleted to avoid confusion, also automatically, on the first run of the special maintenance script: /var/xdrago/daily.sh but defaults in the global.inc file will allow for smooth, fully automated transition. This change will improve customizing your BOA system maintainability and overall system performance/load thanks to minimized files checks. #-### Empty and not used platforms auto-cleanup BOA has finally the ability to auto-delete, during daily maintenance, which happens each morning (server time zone), all empty and not used platforms. While on all hosted instances the TTL (time-to-live) is set to 60 days (counted since last verify task date/time on the platform), it can be configured per instance in the /root/.USER.octopus.cnf file by changing value of _DEL_OLD_EMPTY_PLATFORMS variable to anything higher than 0 (days), which is default (and means the feature is OFF). Note that every Octopus instance upgrade re-verifies all existing platforms, so if you will configure the TTL to 90 days but you will run the upgrade every month or every two months, no platforms will ever be deleted. If you wish to have this TTL customized on the hosted instance, where it is set to 60 (days) by default, please open a support ticket via: https://omega8.cc/support Remotely managed BOA systems can have this feature enabled and configured upon request submitted via https://omega8.cc/support #-### All-in-One Site Health Check in your Aegir control panel You will notice a new Task available on every site page in your Aegir Control Panel, named "Run health check". This new task will run a few important tests on your site and will store all results in the Task Log, so you easily review all results by clicking on the "View" button to the right of the task, when it is complete. Make sure to check all details by clicking on the "Expand" links in the log. What are the tests included? 1. The "drush clean-modules" command will be run for you to make sure there is no module left in the system table as "enabled" while it no longer even exists on the system. This part will utilize (behind the scenes) extension: https://drupal.org/project/clean_missing_modules If it will find any such leftover, it will clean it up, automatically. 2. The "drush6 pm-updatestatus" command is a native Drush command which tells you if there are any waiting module/code updates in the site. Note: it will *not* upgrade anything, it is a check only. Of course there should be no updates waiting if you follow Aegir site upgrade best practices and your site's code is up to date. Yes, this check will automatically enable the "update" module for you, but it will not auto-disable it afterwards (to not break things in case it is required by some other module or feature). 3. The "drush6 status-report" command is a native Drush command which provides you a complete overview of your site status. Instead of logging into the site, you can review it easily here. 4. The "drush6 updatedb-status" command is a native Drush command which tells you if there are any waiting database updates in the site. Note: it will *not* apply these updates, it is a check only. Of course there should be no updates waiting if you follow Aegir site upgrade best practices, but who knows, hence the check. 5. The "drush security-review" command will run only on Drupal 7 based sites and provides some additional information by using (behind the scenes) this extension: https://drupal.org/project/security_review #-### PFS (Perfect Forward Secrecy) support in Nginx BOA now fully supports the most secure, yet still compatible with most used systems and browsers SSL configuration. All hosted BOA instances have been already upgraded automatically and you don't need to do anything to make it work -- it is already done for you -- both on any SSL enabled site with dedicated certificate and IP address and also on the standard, system-wide SSL proxy level, which is available for every hosted site -- just type HTTPS:// in the URL. On self-hosted instances it needs to be enabled by adding a line in your /root/.barracuda.cnf file: _NGINX_FORWARD_SECRECY=YES before the upgrade. Note that depending on the system used, it may auto-install some requirements like latest OpenSSL libraries and packages. Remotely managed BOA systems can have this feature enabled upon request submitted via https://omega8.cc/support #-### SPDY (new networking protocol) support in Nginx BOA now fully supports the advanced, new protocol which allows to run sites over HTTPS with much better performance than plain HTTP. While not all browsers support this protocol yet, it is already enabled by default on all hosted BOA instances (but obviously works only when you access the site via HTTPS:// in the URL). On self-hosted instances it needs to be enabled by adding a line in your /root/.barracuda.cnf file: _NGINX_SPDY=YES before the upgrade. Note that depending on the system used, it may auto-install some requirements like latest OpenSSL libraries and packages. Remotely managed BOA systems can have this feature enabled upon request submitted via https://omega8.cc/support #-### Zend OPcache replaced APC in PHP Newer versions of PHP already come with next generation opcode cache from Zend, which is now open-sourced and available also as an extension for older PHP versions, including 5.2 and 5.3 BOA leverages this opportunity and now uses Zend OPcache instead of APC. This change is introduced automatically on all systems, both hosted and managed for you and also self-hosted. Only Debian Squeeze and Ubuntu Precise systems which are using PHP installed from packages and not from sources, so with _BUILD_FROM_SRC=NO set in the /root/.barracuda.cnf file, still use APC by default. You can install Zend OPcache by changing it to _BUILD_FROM_SRC=YES before running the upgrade. Note that Zend OPcache default configuration caches every script for 60 seconds, so any changes you will introduce, will be visible with up to 1 minute delay. However, if there is .dev. or .devel. in the site name, this delay is lowered automatically to just 1 second. You can change the default per site permanently by adding in the local.settings.php preferred value, for example, to set it to 10 seconds: ini_set('opcache.revalidate_freq', '10'); -- but remember that you will override default (1 second) for dev URLs using this method. Enjoy the most advanced, NSA-proof BOA Edition yet! # New Octopus platforms: ### Drupal 7.23.3 Open Academy 1.0-rc3 --------- http://drupal.org/project/openacademy Open Atrium 2.0 -------------- http://drupal.org/project/openatrium OpenBlog 1.0-a2 -------------- http://drupal.org/project/openblog OpenScholar 3.8.1 ------------ http://openscholar.harvard.edu Recruiter 1.1 ---------------- http://drupal.org/project/recruiter Spark 1.0-a9 ----------------- http://drupal.org/project/spark Totem 1.1 -------------------- http://drupal.org/project/totem # Updated Octopus platforms: ### Drupal 7.23.3 Commerce 1.20 ---------------- http://drupal.org/project/commerce_kickstart Commerce 2.9 ----------------- http://drupal.org/project/commerce_kickstart Commons 3.4 ------------------ http://drupal.org/project/commons Conference 1.0-a2 ------------ http://drupal.org/project/cod Drupal 7.23.3 ---------------- http://drupal.org/drupal-7.23 Open Deals 1.27 -------------- http://drupal.org/project/opendeals Open Outreach 1.2 ------------ http://drupal.org/project/openoutreach OpenChurch 1.11-b14 ---------- http://drupal.org/project/openchurch Panopoly 1.0-rc5 ------------- http://drupal.org/project/panopoly Ubercart 3.5.1 --------------- http://drupal.org/project/ubercart ### Pressflow 6.28.2 Commons 2.13 ----------------- http://drupal.org/project/commons Feature Server 1.2 ----------- http://bit.ly/fserver Managing News 1.2.3 ---------- http://drupal.org/project/managingnews Open Atrium 1.7.1 ------------ http://drupal.org/project/openatrium Pressflow 6.28.2 ------------- http://pressflow.org ProsePoint 0.46 -------------- http://prosepoint.org Ubercart 2.12.1 -------------- http://drupal.org/project/ubercart # New features and enhancements in this release: * Add a workaround for an edge case problem -- a missing /etc/resolv.conf * Add auto-config for AdvAgg on both Drupal 7 and Drupal 6. * Add command to check for available updates: `drushextra check updates` * Add gems for Omega 4 by default. * Add sass-globbing gem by default. * Allow to install latest OpenSSH from sources with _SSH_FROM_SOURCES * Allow to install latest OpenSSL from sources with _SSL_FROM_SOURCES * Anonymize lshell intro message. * Better code sharing with central core dirs for all built-in platforms. * BOA installer wrapper depends on curl instead of wget. * Do not stop/start cron if /root/.upstart.cnf control file exists. * Drush: Add embedded how-to for aliased commands. * Enable views_cache_bully and views_content_cache if views is enabled. * Firewall: Disable incoming ping/ICMP. * Firewall: Protect port 80 only with CONNLIMIT and remove it from PORTFLOOD. * Firewall: Update config template and enable port/syn flood protection * FTP: Allow to list/see up to 3000 files/subdirs in a directory. * Improve daily.sh performance. * Improve dist-upgrade procedure. * Improve docs/MODULES.txt * Improve meta-installers auto-update procedures. * Improve SQL limits auto-configuration. * Install pdnsd as a last service. * Issue #2000932 - Add also zen-grids. * Issue #2015553 - Fix the logic for protected registration of new accounts. * Issue #2044589 - SPDY Nginx support. * Issue #2052703 - Conversion from control files to ini includes. * Issue #2092599 - Switch to disable MySQL password reset on upgrades. * Issue #2105477 - Add support for bundler gem. * Issue #2116387 - Nginx and PHP: Improve system hardening. * Issue #2116395 - Nginx: Better protection and 404 instead of 403. * Issue #2118393 - Mark drush/cron as newrelic_background_job * Make Bazaar installation optional with BZR keyword required in _XTRAS_LIST * Nginx: Use forced HTTPS-only access for Chive and SQL Buddy. * PHP: Add experimental support for 5.4 and 5.5 * PHP: Install Zend OPcache instead of deprecated APC by default. * PHP: Reload FPM hourly unless /root/.high_traffic.cnf exists. * Restart db server when backup is complete if /root/.my.optimize.cnf exists. * Restore support for Expire and Purge modules. * Shell: Add gunzip to allowed commands. * Shell: Disable mc on the fly unless /root/.allow.mc.cnf control file exists. * Shell: Use MySecureShell 1.31 for SFTP by default. * Try to download wrapper 4 times before it gives up. * Use MySQLTuner to better tune SQL configuration on install and upgrade. * Use sqlmagic to fix errors caused by duplicate keys in the db dump. * Use standard D7 profile for Ubercart 3 and update related contrib. * We no longer depend on drupal.org for any downloads. * Add optional, configurable per site, automated and smart (via sqlmagic tool) DB table format/engine conversion, enabled per instance with non-default _SQL_CONVERT=YES option. * Add support for _MODULES_SKIP variable and make the auto-disable agent much smarter to never disable any module defined as required by any other module or feature. * Improve auto-recovery from manual permissions/ownership big mistakes related to critical files and dirs. * Issue #2067193 - PFS (Perfect Forward Secrecy) support in Nginx with _NGINX_FORWARD_SECRECY=YES config option. * Use _DEL_OLD_EMPTY_PLATFORMS to enable and define auto-cleanup for old, empty platforms with no sites hosted, separately per Satellite instance (it does not affect Master instance). * Issue #2000932 - Add more Compass tools/extensions: (compass_radix, zurb-foundation) and make sure the gems are updated on upgrade. * Nginx: Add support for domain specific /robots.txt mapped to static files/$host.robots.txt to make it possible to manage it per domain also when Domain Access module is used. * Improve the logic for daily permissions fix (no longer enabled by default) and make it configurable via _PERMISSIONS_FIX variable. * Improve the logic for daily modules fix (still enabled by default) and make it configurable via _MODULES_FIX variable. * Generate static sites/foo.com/files/robots.txt file per site, which is mapped to /robots.txt # New and updated Aegir modules or extensions: * Add security_review extension * Use registry_rebuild 7.x-2.x # New o_contrib modules: * Add Advagg 6 and 7 to all platforms. * Add force_password_change to all platforms. * Add views_cache_bully to all platforms. # Changes in this release: * All D6 based sites are forced to use latest PHP 5.3.27 version. * Chive 1.3 * cURL 7.33.0 as an option. * Drush 5.10.0 and 6.1.0 (available as drush5 and drush6) * Git 1.8.4.1 * Lshell 0.9.16.4-om8 * MariaDB 5.5.33a * Nginx 1.5.6 * Nginx: ngx_cache_purge-2.1 * OpenSSH 6.3p1 as an option. * Percona 5.5.33 * PHP 5.4.21 and 5.5.5 as an option. * Redis 2.6.16 * Vnstat 1.11 * Deprecate CiviCRM as a separate platform. * Remove obsolete MartPlug distro. * Move OpenPublish to unsupported. * Move NodeStream to unsupported. * Do not include D6 core translations, never included also in D7 platforms. * Do not include notoriously buggy backup_migrate module. # Fixes in this release: * Add all extra, non-standard options in the barracuda.cnf docs template. * Add built-in support for Domain Access also for sites/all/modules/contrib * Add exception to support commerce_multicurrency module properly. * Add info about self-signed SSL certificate in the welcome email (again). * Add support for /usr/etc/sshd_config if exists. * Always force update_newrelic - even if there is no new PHP version. * Better check for GitHub partial downtime. * Better logic for clean resolvconf re-install when needed. * Contrib: Make the list readable. * Delete too old pid files if any exists. * Do not allow to break working DNS cache server with parent system overrides. * Do not allow to install OpenSSL and cURL from sources also on Precise. * Do not install rsyslog on VZ based VM. * Do not set session.cookie_secure on SSL requests for sites < D7 * Enable dev mode also when HTTP_HOST begins with dev. * Firewall: Adjust some defaults to improve flood protection, * Firewall: Always upgrade, unless _CUSTOM_CONFIG_CSF is set to YES. * Firewall: Better support for auto-whitelisting multi-IP systems. * Firewall: Fix csf.uidignore file to whitelist important system uids. * Firewall: Fix for csf template on VZ. * Firewall: Improve some flood protection defaults. * Firewall: Improve whitelisted IPs msg. * Firewall: Remove deprecated monitoring for now closed port 25 (incoming). * Firewall: Update config template. * Firewall: VZ compatibility. * Fix for /etc/resolv.conf and curl requirement in the BOA Meta Installer. * Fix for cron tasks queue. * Fix for forced pdnsd and resolvconf upgrades. * Fix for incorrect nproc discovery results on some VM systems. * Fix for proper handling mysql connections leftovers. * Fix for selected packages hold status. * Fix for the auto-update logic -- now it is default. * Fix permissions for control files to avoid leftovers on delete task. * Fix permissions on default backup_migrate dirs. * Fix the auto-healing to avoid killing all php-fpm processes at midnight. * Fix the automatic generation of static robots.txt file per site. * Fix the daily enable/disable logic and use faster drush version. * Fix the logic for chained installs from sources on upgrade. * Fix the makefiles to avoid issues after d.o upgrade. * Fix the not really working auto-healing to properly restart mysqld. * Fix the not really working lshell logs monitor. * Force clean pdnsd and resolvconf reinstall when needed. * Force contrib update to include redis module stable release. * Force cURL and OpenSSH re-install from sources when OpenSSL is from src. * Force Git rebuild from sources if SSL/cURL was built from sources. * Force Lshell rebuild when OpenSSL is installed from sources. * Force MSS and FTP rebuild when OpenSSL is installed from sources. * Force Nginx, PHP and Pure-FTPd re-install when OpenSSL is from sources. * Force PHP-FPM restart if 9+ connections with 499 in the last 60 seconds. * Generate 2048 bit long DH parameters when _NGINX_FORWARD_SECRECY=YES * IDS monitor should use lower defaults after introducing last min checks. * Improve gem and bundler allowed/denied restrictions. * Improve procs monitoring and whitelist backend tasks properly. * Improvements for Ubercart 2 installation + contrib updates. * Install latest CGP, collectd 5 compatible. * Issue #1751916 - Add Spark 1.0-a9 * Issue #1874786 - Fix for GNU Mailutils support. * Issue #1991312 - Fix support and auto-config for AdvAgg 7 and HTTPRL. * Issue #1991658 - Firewall: Close port 25 for incoming connections * Issue #1994346 - DoS protection for not cached URLs doesn't respect $scheme * Issue #1994346 - Fix the logic for SSESS/SESS prefix in the cookie name. * Issue #1995342 - X-Accel-Expires is never send when $expire_in_seconds == 0 * Issue #2002678 - barracuda up-stable system adds annoying extra delay. * Issue #2005116 - 403 on every attempt to log in from Hostmaster homepage. * Issue #2015551 - Fix for broken dev mode support switch. * Issue #2015551 - Fix the keyword check used to trigger "dev" mode. * Issue #2020043 - Send PUT requests for *.json URI to Drupal. * Issue #2032379 - _AUTOPILOT=YES should be forced also for "silent" modes. * Issue #2083373 - drush dl foo --destination=/path/ should be restricted. * Issue #2101193 - Support Drupal for Facebook from sites/all/modules/contrib * Issue #2105259 - All Platforms Installation Fails with Permission Denied. * Issue #2116177 - Use phpredis 2.2.4 * Lshell: Better settings for newer Drush versions. * Lshell: Fix for env_path * Lshell: version update and monitoring improvements. * Make sure o_contrib is updated also on head-to-head upgrades. * Make sure to rebuild PHP if cURL is installed from sources. * Make the upgrade email generic. * More compact code for downloads. * Move csf/lfd corrections after pdnsd install. * Move the giant modules list from README.txt to docs/MODULES.txt * Nginx: Add access protection for .txt files in the modules|themes|libraries. * Nginx: Add access protection with fast 404 also for authorize.php * Nginx: Add access protection with fast 404 for extra .php known URLs. * Nginx: Add example site specific config for legacy .php URIs 301 redirects. * Nginx: Better support for static and dynamic .json requests/URIs * Nginx: Deny spiders on glossary/* URI, as they are never allowed to crawl. * Nginx: Fix for dynamically generated PDFs. * Nginx: Fix for redirects for legacy URLs with asp/aspx extension. * Nginx: Improve auto-whitelisting in the access log monitor. * Nginx: Improve POST requests monitoring. * Nginx: Move AJAX and webform requests location after civicrm location. * Nginx: Normalize newlines and spacing when fixing proxy config files. * Nginx: Remove 'results' from the bots-protected URI regex. * Nginx: Remove deprecated conf.d directory, if exists. * Nginx: Replace legacy keyword gulag with neutral limreq everywhere. * Nginx: Replace the zone legacy name also in Provision. * Nginx: Rewrite legacy requests with /index.php to extension-free URL. * Nginx: The /admin* URI protection logic has been moved to global.inc * Nginx: Update gzip_types to list all expected mime.types * Nginx: Update headers for AdvAgg compatibility. * Nginx: Update mime.types * Nginx: Use more precise wildcard in paths for replacements. * PHP: 5.4 requires uploadprogress-1.0.3.1 * PHP: Disable ionCube Loader for PHP 5.5 * PHP: Do not force extensions re-install unless _PHP_FORCE_REINSTALL=YES * PHP: Fix config overrides for 5.4 and 5.5 * PHP: Fix possible issues with legacy 5.2 support logic. * PHP: Fix unintended overrides in the ini files. * PHP: Force All Extensions Rebuild when _FROM_SOURCES=NO * PHP: Force APC instead of Zend OPcache on Squeeze/Precise on no-src install. * PHP: Force legacy version rebuild if exists. * PHP: Improve rebuild logic if SSL/cURL was built from sources. * PHP: Make sure that latest version of ionCube loader is installed. * PHP: Rebuild extensions also for 5.2, even if _PHP_MODERN_ONLY=YES * PHP: Set opcache.revalidate_freq to 1 second on dev alias/URL on the fly. * PHP: Start more FPM workers by default to avoid Nginx 499 and timeouts. * PHP: Use correct version of ioncube_loader for 5.4 * PHP: Use pecl-jsmin-0.1.1 with newer PHP versions. * PHP: Zend OPcache is a zend_extension and needs full path in the php.ini * Redis: Make redis_client_password optional and none by default. * Reload PHP-FPM before auto-healing will force its restart after midnight. * Remove already deprecated platforms. * Remove insecure files from libraries/plupload/examples. * Remove lock files before adding new users. * Security updates for selected contrib on all affected D7 platforms. * Shell: Fix FTPS compatibility after switching to MySecureShell * Shell: Sync IdleTimeOut for MSS with SSH and FTPS default 15m. * Shorten some too long status messages. * Silent Mode Option: aegir == Only stock Aegir forced up-head upgrade. * Simplify vnstat setup. * Split usage monitor into two separate scripts. * SQL auto-healing should always stop-stop-start and not just restart it. * SQL: Allow the engine to manage correct innodb_thread_concurrency value. * SSH: Make sure that 'UseDNS no' is always set. * Sync $cookie_domain validation with Drupal 7 core. * Sync dates with BOA defaults. * Unify apt-get options order. * Update for Redis config template. * Update or create /etc/apt/sources.list early enough. * Update PHP and SQL config early enough to avoid issues during upgrade. * Use --force-yes option if apt-get -y is used. * Use correct version of /etc/apt/preferences * Use drush6 only when required. * Use extended GitHub tests on HEAD and non-stock build only. * Use forced symlinks mode if possible. * Use is_readable() check instead of file_exists() for all includes. * Use mirror downloads for all contrib and patches to make it faster. * Use more restrictive permissions on lshell log files. ### Stable BOA-2.0.9 Release - Barracuda Edition ### Date: Thu May 9 11:25:59 EDT 2013 ### Includes Aegir from BOA-2.0.8 Edition # This is the first Barracuda-only Edition, released to address important security issue with Nginx server and provide system level upgrades. This Edition will not upgrade Aegir Master nor Aegir Satellite Instances, because there was no new Drupal core released since BOA-2.0.8 Edition and there were not enough updates to built-in platforms or contrib accumulated. Releasing Barracuda-only Edition separately from full Edition allows us to address system/services security issues without any extra delay, while releasing Octopus-only Edition will allow us to provide Drupal core or Aegir version upgrades, without affecting system level services. There is also another reason why separate releases will be useful. BOA-2.0.9 is the last Edition where Aegir 2.x still uses old Drush 4.6 in the backend. We need to sync BOA specific Aegir 2.x with upstream and finally switch to Drush 5, or even Drush 6, if possible. This change, however, may cause issues if you still host legacy Drupal 5 or some old Drupal 6 sites, with either core or contrib not compatible with PHP 5.3, which is now used by default. That is why we plan to introduce ability to install older/previous Barracuda and/or Octopus release, if you need more time to upgrade. # New features and enhancements in this release: * Debian 7.0 Wheezy support. * Automated upgrade from Squeeze with _SQUEEZE_TO_WHEEZY=YES option. * Added config template with inline how-to in docs/cnf/barracuda.cnf * Added config template with inline how-to in docs/cnf/octopus.cnf * Added passwords encryption how-to in docs/BLOWFISH.txt * Added the list of symbols used on install in docs/PLATFORMS.txt * Forced mysql restart if there are too many high CPU mysqld processes. * Improved docs/NOTES.txt * Improved docs/README.txt * Install libpam-unix2 and libxcrypt1 by default. * Install s3cmd by default. * Issue #1974640 - Allow to use Midnight Commander for limited shell users. * Limited Shell Logs Monitor enabled by default. * Nginx: Check for Linux/Cdorked.A malware and delete if discovered. * Re-generate and sync Aegir passwords before and after instance upgrade. * The silent 'system' mode documented in docs/UPGRADE.txt * Allow to exclude platform from otherwise forced `drush en entitycache -y` if sites/all/modules/entitycache_dont_enable.info control file is present. # Changes in this release: * Nginx 1.5.0 - security upgrade for CVE-2013-2028 * PHP 5.3.25 * Redis 2.6.13 * Do not disable update module in platforms known to include it as required. * Firewall: Open port 1129 for outgoing connections (some gateways need it). * Force syslog module as disabled by default and save some disk I/O. * Tune kernel to always use max RAM and not swap, if possible. # Fixes in this release: * Add outgoing port 25 SMTP to the list of requirements. * Firewall: Add truly permanent block for heavy abusers. * Fix for mytop support, available again on systems with MariaDB. * Fix permissions in the /data/all tree if required. * Fix the order of checks - they scan only the last (current) minute. * Force _STRONG_PASSWORDS=NO if locales still look broken on second check. * Improve detecting no longer running drush.php and/or cron PHP processes. * Improve fix_locales logic. * Improve global.inc symlinking on initial install and upgrade. * Improve messages displayed when fix_locales discovers broken locales. * Improve monitoring to avoid duplicate entries on low traffic systems. * Improve sanitize_string() filtering to avoid issues with strong passwords. * Improve syncpass tool - Update system user passwd and flush privileges. * Issue #1961226 - Warning: Could not change permissions of sites/all to 751. * Issue #1962458 - 403 for anonymous users on node/add. * Issue #1963044 - Force UTF-8 locales if not present/configured properly. * Issue #1974542 - Use /root/.home.no.wildcard.chmod.cnf control file. * Issue #1987936 - Restore ability to install PHP 5.2 for FPM and CLI. * Make sure that /dev/null is writable for everyone. * Make sure that all drushrc.php files are owned by Aegir system user. * Make sure that all expected sites/all/{modules,themes,libraries} dirs exist. * Make sure that DB server is restarted on upgrade after config tuning. * Make sure that pdnsd and resolvconf are properly installed. * Nginx: Remove duplicate Vary: Accept-Encoding headers. * Percona no longer supports older Ubuntu non-LTS releases. * PHP: Do not reload FPM every hour - it may cause error 502. * PHP: Fix paths depending on CLI version used. * PHP: Fix the extensions installation and upgrade logic. * PHP: Make sure that the FPM port is set correctly for D6 sites with 5.2 * PHP: Properly uninstall all related packages when using source build. * PHP: Start more FPM workers on systems with enough RAM by default. * Purge bin logs before disabling them. * Run New Relic re-install early enough to avoid locking full-upgrade. * Sync the load limits for spiders and backend tasks. * The Java/Jetty monitor should use higher allowed limits by default. * Update apticron message to recommend system mode instead of full upgrade. * Update docs for _BUILD_FROM_SRC option. * Use aggressive enough Jetty restart procedure on nightly services reload. * Use correct status messages on install and upgrade. * Use installer and not Aegir version download on stable install/upgrade. ### Stable Edition BOA-2.0.8 ### Date: Mon Apr 8 01:41:36 CEST 2013 ### Installs Aegir 2.x # Updated Octopus platforms: ### Drupal 7.22.1 Commerce 2.6 ----------------- http://drupal.org/project/commerce_kickstart NodeStream 2.0-rc5 ----------- http://drupal.org/project/nodestream Open Deals 1.19 -------------- http://drupal.org/project/opendeals All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # Fixes: * Critical Issue #1962690 - Fix for broken Percona support. * Allow to use [a-z0-9] subdomains and not only [www] for IDN domain names. * Change the interval between platforms builds from 5 to 3 seconds. * Forced 1s Speed Booster TTL for vhosts behind local proxy is deprecated. * Move old firewall logs to backups to avoid crazy load after upgrade. * Nginx: Better exceptions handling in the Abuse Guard for js/shs modules. * PHP: CLI is at 5.3 since BOA-2.0.4, so symlink old 5.2 binary path to 5.3 * Update _LENNY_TO_SQUEEZE major upgrade procedure. * Update contrib with login_security-7.x-1.2 * Use static downloads for all distros in stable edition. ### Stable Edition BOA-2.0.7 ### Date: Thu Apr 4 00:00:17 EDT 2013 ### Installs Aegir 2.x # Updated Octopus platforms: ### Drupal 7.22.1 Commons 3.2 ------------------ http://drupal.org/project/commons All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # Fixes: * Create dot dirs and keys if not exist, plus known_hosts for system user. * Fix the sqlmagic regex to really convert only expected tables. * Issue #1958502 - Add missing symlinks to the new Drush extensions. * Issue #1960192 - Fix literal path replacement with sites/$new_url in D7. * Issues #1930670 #1958898 #1932616 - Fix for hosting_server_update_6200. * Taxonomy Edge update to 7.x-1.7 and 6.x-1.7 * Update contrib in all D7 platforms to ctools-7.x-1.3 - security upgrade. ### Stable Edition BOA-2.0.6 ### Date: Mon Apr 1 21:34:04 EDT 2013 ### Installs Aegir 2.x # New Octopus platforms: ### Drupal 7 Commons 3.1 ------------------ http://drupal.org/project/commons # Updated Octopus platforms: ### Drupal 7 CiviCRM 4.2.8 ---------------- http://civicrm.org Commerce 1.16 ---------------- http://drupal.org/project/commerce_kickstart Commerce 2.5 ----------------- http://drupal.org/project/commerce_kickstart Drupal 7.21.2 ---------------- http://drupal.org/drupal-7.21 NodeStream 2.0-rc4 ----------- http://drupal.org/project/nodestream Open Deals 1.18 -------------- http://drupal.org/project/opendeals Open Outreach 1.0-rc10 ------- http://drupal.org/project/openoutreach OpenChurch 1.11-beta9 -------- http://drupal.org/project/openchurch Panopoly 1.0-rc4a ------------ http://drupal.org/project/panopoly Ubercart 3.4.1 --------------- http://drupal.org/project/ubercart ### Pressflow 6 Acquia 6.28.1 ---------------- http://bit.ly/acquiadrupal Commons 2.12 ----------------- http://drupal.org/project/commons Feature Server 1.2 ----------- http://bit.ly/fserver Managing News 1.2.3 ---------- http://drupal.org/project/managingnews Open Atrium 1.7.1 ------------ http://drupal.org/project/openatrium Pressflow 6.28.1 ------------- http://pressflow.org ProsePoint 0.46 -------------- http://prosepoint.org Ubercart 2.11.1 -------------- http://drupal.org/project/ubercart All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # No longer supported Octopus platforms: The platforms listed below can be re-added when their maintainers will fix all critical issues and/or apply required updates: ELMS ------------------------- http://drupal.org/project/elms MartPlug --------------------- http://drupal.org/project/martplug Octopus Video ---------------- http://octopusvideo.org Open Academy ----------------- http://drupal.org/project/openacademy Open Enterprise -------------- http://drupal.org/project/openenterprise OpenPublic ------------------- http://drupal.org/project/openpublic OpenScholar ------------------ http://openscholar.harvard.edu Videola ---------------------- http://videola.tv # New features: * Add an option to allow cron based, unattended system-only upgrades. * Add randpass helper script. * Add support for wkhtmltoimage. * Add syncpass tool to repair broken instances after incomplete upgrade. * Allow to specify extra apt-get packages with _EXTRA_PACKAGES option. * Allow to tune PHP-CLI timeout in the BOND script with separate option. * Install auditd with aureport by default. * Issue #1479300 - Add optional LDAP support in Nginx. * Issue #1876418 - Support for High-performance JavaScript callback handler. * Issue #1916804 - Validated bypass of flood control based on tty. * Jetty: Make migration from Tomcat easy with _TOMCAT_TO_JETTY=YES * PHP: Allow to use _PHP_EXTRA_CONF for custom builds from src. * Redis: Add Lock Backend Support for Drupal 6 and Drupal 7. * Redis: Enable lock support if modules/redis_lock_enable.info exists. * Shell: Add extra Drush versions available as drush4, drush5 and drush6. * SOLR: Support for 1.x / Jetty 7, 3.x / Jetty 8 and 4.x / Jetty 9. * SOLR: Use Jetty 8 for Solr 4 on systems with Java 1.6 available. * SOLR: Use Jetty 9 for Solr 4 on systems with Java 1.7 available. * SQL: Add sqlmagic tool to fix SQL dumps and convert to/from InnoDB/MyISAM. * SQL: Make default_storage_engine configurable with _DB_ENGINE option. * Use Registry Rebuild with Fixed Redis Lock Support aware configuration. * Allow to force SERVER_NAME based $cookie_domain with special modules/cookie_domain.info control file per site. # New Aegir modules or extensions: * Add drush clean-modules command - clean_missing_modules extension. * Add drush_ecl extension - Drush Entity Cache Loader. * Add hosting_site_backup and provision_site_backup enabled by default. # Changes: * Git 1.8.2 * MariaDB 5.5.30 * Nginx 1.3.15 * Percona 5.5.30 * PHP 5.3.23 * Redis 2.6.12 * Deprecate CiviCRM 3.4.8 D6 - only available with _ALLOW_UNSUPPORTED=YES. * Do not force filefield_nginx_progress as enabled also for D7. * Drupal 8.0-dev-tested deprecated and moved to unsupported group. * ELMS 1.0-beta1 deprecated and moved to unsupported group. * Enable entitycache module by default. * Master Aegir: Re-create secure db password on every barracuda upgrade. * Master Aegir: Sync generating secure db password also on barracuda install. * Nginx: Set 24h Speed Booster cache TTL for spiders/bots by default. * NodeStream 1.5.1 deprecated and moved to unsupported group. * Open default MongoDB port 27017 for outgoing connections. * OpenScholar deprecated and moved to unsupported group. * PHP: Deprecate 5.2 also on upgrade. * PHP: Install MongoDB driver if MNG keyword is listed in _XTRAS_LIST. * PHP: Set _PHP_CLI_VERSION=5.3 by default. * PHP: Switch to forced CLI 5.3 and FPM 5.3 also in the custom config. * PHP: Switch to FPM 5.3 also for D6 sites by default. * Pressflow 5.23 deprecated and moved to unsupported group. * Redis: Re-create secure password on every barracuda upgrade. * Satellite Aegir: Re-create secure db password on every octopus upgrade. * SQL: Do not run DB OPTIMIZE unless /root/.my.optimize.cnf ctrl file exists. * SQL: Re-generate new secure mysql root password on every barracuda upgrade. * SQL: Use key_buffer = 2M by default. * SQL: Use more safe memory limits after introducing higher key_buffer_size * Use better names for various control files. * Watch crons running > 2 min and kill crons running > 3 min. * Split _XTRAS_LIST into two groups: included via ALL keyword and other which need to be listed explicitly. # Fixes: * Add Ksplice-aware kernel upgrade alert. * Add some delay to avoid race conditions when removing more zombies. * Allow higher system load before disabling access for spiders temporarily. * Always send upgrade log when running in the silent mode. * Avoid cron collisions and make sure all maintenance tasks run 0-6 AM. * Better and separate backup rotation on hostmaster upgrade. * Better check if Webmin GnuPG signing key has been added properly. * Better fix for $cookie_domain and DA compatibility. * Better protection for all ports usually targeted in brute force attacks. * Check if nproc is present and fall back to /proc/cpuinfo otherwise. * Clean swap on kernel tuning update. * Delete broken o_contrib symlinks before trying to recreate them. * Do not add and remove bind from /etc/sudoers since it is not supported. * Do not block @ in the limited shell - it breaks git foo git@bar etc. * Do not force _DEBUG_MODE=YES if not required. * Do not force _HTTP_WILDCARD=NO for stock install option. * Do not run extra IP checks for requests below $mininumber threshold. * Do not run initial apticron check in local install. * Do not run two mysql restarts in a row on mysql upgrade. * Downgrade to working wkhtmltopdf-0.10.0_rc2 and wkhtmltoimage-0.10.0_rc2 * Drupal 7.x core with Field API memory optimization - see #1915646 * Enable image_allow_insecure_derivatives to avoid issues with drupal-7.20 * Fix apticron to suggest barracuda up-stable instead of apt-get upgrades. * Fix AWS system auto-discovery and auto-configuration. * Fix Drush 5.x and _USE_STOCK support. * Fix for Bazaar (bzr) 2.6b2 extensions build. * Fix for pdnsd install on Ubuntu Precise. * Fix the 32 long ALNUM password generation for lshell users. * Fix the hint to just display the uptrack command, not run it. * Force logrotate on demand if /var/log/syslog > 1GB * Force mysql tables check and upgrade before hostmaster upgrade. * Force proper pdnsd and resolvconf re-installation if needed. * Force proper resolvconf configuration to support and use pdnsd server. * FTPS on all modern systems requires lshell path added in /etc/shells. * Hostmaster/Octopus contrib modules are now added via Aegir makefile. * Improve autonomous IDS auto-cleaning and permanent block mgmt. * Improve compatibility testing with Drush 5 and Drush 6. * Improve kernel default tuning. * Improve Master Instance upgrade logic. * Improve mysqldump performance by default. * Improve the default strict configuration for $cookie_domain. * Improve Tomcat/Jetty self-healing to avoid stuck processes. * Install also hostmaster contrib when stock option is used. * Issue #1782034 - Use fixed version of the message_notify module. * Issue #1825018 - Disable binary logging and make it optional. * Issue #1871060 - CiviCRM 4.2.6 needs separate civicrml10n fix. * Issue #1873478 - Localhost install broken because getent test is used. * Issue #1875348 - Fix for Nginx 1.3.10 bug causing random segfaults. * Issue #1886920 - Fix the unrecognized option [service=system-auth] error. * Issue #1886920 - Pure-FTPd config broken because of deprecated pam_stack.so * Issue #1888380 - Deleted platform cache folder recreated automatically. * Issue #1889322 - Domain Access module breaks sites provisioning. * Issue #1897018 - Set Pin-Priority also in wrappers to fix also stable. * Issue #1897018 - Ubuntu Precise breaks install and upgrade. * Issue #1906760 - Incomplete access_log directive in the purge vhost. * Issue #1906900 - Nginx microcaching not disabled on prefixed admin URIs. * Issue #1909208 - Changed MariaDB GnuPG signing key hangs install/upgrade. * Issue #1913394 - Disable automatic CSF/LFD upgrade. * Issue #1913488 - Do not install GEOS PHP ext. unless explicitly listed. * Issue #1914294 - APC 3.1.14 disappeared from PECL - downgrade to 3.1.13 * Issue #1918722 - Add diff command as allowed in the limited shell. * Issue #1920972 - Could not change permissions warnings on site verify. * Issue #1932388 - Use correct keyword PPY for Panopoly install. * Issue #1935388 - Use reliable check for Master Instance install path. * Issue #1947082 - Permissions are never fixed on the profile level. * Issue #1949740 - Make sure that cache_prefix for Redis is always set. * Issue #1952042 - Make strong passwords optional and not default. * Issue #1953248 - Extra Drush versions should be added properly. * Issue #1957762 - Upgrade to Bazaar (bzr) 2.6b2 * Jetty: Tune memory limits automatically to avoid extra RAM requirements. * Keep all extra modules in the same profiles/hostmaster/modules directory. * Lshell: Allow ping command to help keep session active / auto-whitelist. * Make apticron aware of the BOA version currently running. * Make BOND aware of _CUSTOM_CONFIG_SQL if present. * Make Compass Tools available in the standard path, if installed. * Make sure that all removed zombies use unique dir names. * Make sure that all users home dirs are protected. * Make sure that now redundant hosting_backup_gc module is removed. * Make sure that SERVER_NAME is set to HTTP_HOST early enough, if required. * Make the errors monitor aware of system only upgrade mode. * Make URI filtering regex localization-aware in the global.inc * Nginx Security: BEAST attack protection and fix for PCI compliance. * Nginx: Another fix for broken imagecache paths in some imported sites. * Nginx: Better protection from DoS attempts on never cached uri. * Nginx: Do not block spiders on imagecache/styles URIs. * Nginx: Do not force use epoll - it is set on install properly. * Nginx: Do not force worker_connections. It will not work in the VM guest. * Nginx: Do not force worker_rlimit_nofile. It will not work in the VM guest. * Nginx: Force rebuild to include LDAP support if enabled via _NGINX_LDAP=YES * Nginx: Improve Abuse Guard to better protect from imagecache|styles flood. * Nginx: Improve no-cache exceptions for known AJAX and webform requests. * Nginx: Make json compatible with boost caching but dynamic for POST. * Nginx: Restore fast 404 for static json requests. * Nginx: Set workers number to available CPUs x2 with min/max defaults. * Nginx: Use default buffer=32k in the access_log for better performance. * Nginx: Use static /normal/ instead of dynamic /$device/ for Boost cache. * PHP: Enable more FPM workers by default for better performance. * PHP: Force php53-fpm restart if there is no master process running. * PHP: Many Drupal 7 based distros require 196M limit at minimum. * PHP: Never force php53-fpm restart when another script reloads it. * PHP: Use more safe limits on low memory systems. * Prevent turning the feature server site into a spam machine. * Protect also from not supported request types if Nginx server is busy. * Randomize tasks wait/start intervals better to avoid high system load. * Redis: Do not disable it on the fly when there is /nojs/ in the URI. * Redis: Double check if $cache_lock_path exists before using it. * Redis: No need to force exception for cache_menu bin. * Redis: Tune sysctl for better memory management by default. * Remove up to two last zombies on Master Instance upgrade. * Remove up to two last zombies on Satellite Instance upgrade. * Rename profiles to avoid confusion between Commons 2 and Commons 3. * Run drush @hostmaster hosting-dispatch during upgrade to sync things. * Send also OK report when running in the silent mode. * Set correct default DNS entry in /etc/hosts before running local install. * Shell: Fix for too restrictive Drush commands filtering. * Shell: Fix the broken Git support over SSH. * Shell: Fixed too restrictive permissions on the extra Drush directories. * SQL: Do not run the purge_binlogs script when binary logging is disabled. * SQL: Improve sqlmagic converter and allow it to use control files. * SQL: The sqlmagic_convert should not be available for extra lshell users. * SQL: Tune also key_buffer_size by default. * Sync generating secure passwords also for limited shell users. * Update csf.conf template. * Update self-healing for Tomcat/Jetty support. * Update welcome email template to better explain how to manage databases. * Use Boost with silenced false alarms. * Use Limited Shell branch with fixed tab completion. * Use public DNS during pdnsd (re)installation to avoid issues. * Whitelist /tmp/make_tmp.* in the csf.fignore to avoid false alarms. ### Stable Edition BOA-2.0.5 ### Date: Sun Dec 23 15:35:46 EST 2012 ### Installs Aegir 2.0.5 compatible with Aegir 1.9 # Updated Octopus platforms: Commerce 1.12.1 -------------- http://drupalcommerce.org Commerce 2.0 ----------------- http://drupalcommerce.org Commons 2.11 ----------------- http://acquia.com/drupalcommons Drupal 7.18.1 ---------------- http://drupal.org/drupal-7.18 Open Deals 1.14 -------------- http://opendealsapp.com Open Outreach 1.0-rc7 -------- http://openoutreach.org OpenChurch 1.11-beta7 -------- http://openchurchsite.com Panopoly 1.0-rc3 ------------- http://drupal.org/project/panopoly Pressflow 6.27.1 ------------- http://pressflow.org ProsePoint 0.45 -------------- http://prosepoint.org Ubercart 2.11.1 -------------- http://ubercart.org Ubercart 3.3.1 --------------- http://ubercart.org All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # New Aegir modules or extensions: * Add drush clean-modules command - clean_missing_modules extension. # New o_contrib modules: * Add reroute_email module in both D6 and D7 contrib. # Changes: * Git 1.8.0.2 * MariaDB 5.3.11 on Debian Lenny * MariaDB 5.5.28a * Nginx 1.3.9 * PHP 5.3.20 * Redis 2.6.7 * Delete old tmp files in all sites daily. * Disable Expire and Purge modules by default - they are no longer needed. * Redis integration module updated to 7.x-2.0-beta2 * There is no need to restart Redis and Tomcat hourly. * Use higher innodb_lock_wait_timeout by default - 120 instead of 50. * Use 1h instead of 30min default timeout for sql and php-cli to avoid breaking some extra long running backend tasks on some really big sites. # Fixes: * Allow more drush commands over SSH. * Always force drupal_http_request_fails to FALSE to avoid false alarm. * Better check for standalone vhosts firewall setup. * Better lshell forbidden list of keywords. * Better regex to deny wildcards with top-level or country level domains. * Check for existence of host_master and not host_master/001 directory. * Compass is not available on older OS versions. * Delete ltd-shell extra user/client if there is no site associated/owned. * Delete old symlinks in the client directory for no longer associated sites. * Fix broken usage.sh script - it does not enable/disable modules. * Fix date formatting also in the sqlcheck script. * Fix for some really old installs without .barracuda.cnf file. * Fix permissions for Boost cache directory with correct chmod. * Fix the hint - it should say to restart mysql. * Issue #1081266 - Avoid re-scanning modules directory. * Issue #1263602 - Force New Relic re-install on every upgrade, if used. * Issue #1460882 - Send .json requests to @drupal instead of =404. * Issue #1837418 - Fix permissions inside ~/.drush directory. * Issue #1837776 - Do not disable httprl module. * Issue #1837910 - Upload progress broken for all D6 sites. * Issue #1839122 - Disabling Redis on known AJAX calls breaks UI elements. * Issue #1839544 - Use language neutral checks for users, groups and hosts. * Issue #1841230 - BOA provides Apache Solr 1.4 with Tomcat 6. * Issue #1841246 - Fix csf.fignore file to whitelist /tmp/drush_* * Issue #1842554 - Replace broken links to Skitch screenshots. * Issue #1847682 - Fix extra Nginx config support in the Master Instance. * Issue #1850034 - Disable SYSLOG_CHECK in csf to avoid false alarms. * Issue #1857250 - Domain Access support is broken in the backend cli. * Issue #1857990 - Include reroute_email module in o_contrib by default. * Issue #1860100 - Use provision-backup-delete instead of backup_delete. * Issue #1865112 - Add drush clean-modules command. * Issue #1867264 - Too many Redis caching exceptions cause serious confusion. * Issue #1871060 - CiviCRM l10n should be moved to proper directory. * Lshell: Map drush mup to up instead of upc. Add new drush mupc map for upc. * Max supported version of Search API Solr search is 7.x-1.0-rc2 * More complete permissions fix on install and upgrade. * More strict check for _LENNY_TO_SQUEEZE option. * Nginx: Better regex in the Nginx monitor. * Nginx: Exclude also files/progress path in the Nginx monitor. * Nginx: Fix rewrite rules in the CDN Far Future expiration support. * Nginx: Make sure that any older packages are uninstalled on upgrade. * Nginx: Make sure that default Nginx vhosts are deleted also on upgrade. * Nginx: Skip all logged media and download requests in the Nginx monitor. * PHP: Use high enough value for max_input_vars in PHP 5.3 by default. * Really fix the datestamp comparison logic on various systems. * Rebuild registry without --no-cache-clear option to avoid issues. * Redis: Check if Redis binary exists, not symlink. * Redis: Delete redis-server symlink to avoid failed Redis install. * Redis: Do not use all three extra exceptions on the hostmaster site. * Redis: Do not use sleep breaks during Redis full restart. * Redis: The cache_menu bin should be still excluded from Redis caching. * Redis: The hostmaster site needs exception for cache_class_cache bin. * Stop and Start CSF only if installed. * The locked auto-healing script needs to kill tomcat more aggressively. * Update csf.conf template. * Upgrade to ctools-6.x-1.10 in the hostmaster platform. * Use aliases in drush commands where possible. * Use better name for non-web New Relic app tracking. * You must remove remote_import extension from the source server. ### Stable Edition BOA-2.0.4 ### Date: Thu Nov 8 18:31:01 EST 2012 ### Installs Aegir 2.0.4 compatible with Aegir 1.9 # New Octopus platforms: Commerce 2.0-rc4 ------------- http://drupalcommerce.org # Updated Octopus platforms: CiviCRM 4.1.6-d6 ------------- http://civicrm.org CiviCRM 4.2.6-d7 ------------- http://civicrm.org Commerce 1.11.1 -------------- http://drupalcommerce.org Commons 2.10 ----------------- http://acquia.com/drupalcommons Conference 1.0-rc2 ----------- http://usecod.com Drupal 7.17.1 ---------------- http://drupal.org/drupal-7.17 Drupal 8.0-dev-tested -------- http://bit.ly/drupal-eight ELMS 1.0-beta1 --------------- http://elms.psu.edu NodeStream 1.5.1 ------------- http://nodestream.org NodeStream 2.0-beta8 --------- http://nodestream.org Open Atrium 1.6.1 ------------ http://openatrium.com Open Deals 1.11 -------------- http://opendealsapp.com Open Outreach 1.0-rc6 -------- http://openoutreach.org OpenChurch 1.11-beta5 -------- http://openchurchsite.com OpenPublish 3.0-beta7 -------- http://openpublishapp.com OpenScholar 2.0-rc1 ---------- http://openscholar.harvard.edu Panopoly 1.0-rc2 ------------- http://drupal.org/project/panopoly Ubercart 2.10.1 -------------- http://ubercart.org Ubercart 3.2.1 --------------- http://ubercart.org * We plan to shorten BOA system release and upgrades cycle to 1-2 months max, so we have decided to remove support for some outdated distros. We have tried to manage both security and version updates for some abandoned or semi-abandoned distros, to keep them useful for you, but since it involves increasing amount of work because of cascades of no longer compatible patches and various dependencies, we have decided that it is time to stop doing it, if their original maintainers no longer care about their users. Here is a list of distros we no longer support: MartPlug ------------ http://drupal.org/project/martplug Octopus Video ------- http://octopusvideo.org Open Academy -------- http://drupal.org/project/openacademy Open Enterprise ----- http://drupal.org/project/openenterprise OpenPublic ---------- http://openpublicapp.com Videola ------------- http://videola.tv The platforms listed above can be re-added when their maintainers will fix all critical issues and/or apply required updates. # New features: * Add auto-healing support for Bind9. * Add LOCK/FROZEN check for PHP-FPM and Tomcat in the auto-healing. * Add option to force 15min Speed Booster cache TTL for anonymous visitors. * Add optional easy install of already supported Compass Tools. * Add support for aegir|platforms|both modes on octopus upgrade. * Allow for another one upgrade daily but only to add more platforms. * Allow to install unsupported distros with option _ALLOW_UNSUPPORTED=YES * Allow to install vanilla Aegir 2.x and Drush 5.7 with "stock" option. * Improved databases backup with added OPTIMIZE TABLE foo action per table. * New Relic PHP Agent version 3.0 compatibility. * Pseudo-streaming server-side support for Flash Video (FLV) and H.264/AAC. * Support for Wysiwyg Fields module. # New Aegir modules or extensions: * Add hosting_tasks_extra module and provision_tasks_extra extension. # New o_contrib modules: * Add login_security module in D7 contrib. * Add cdn module in both D6 and D7 contrib. # Changes: * Allow outgoing mysql connections by default. * APC 3.1.13 * Chive 1.2 * Do not bundle seckit module in o_contrib. * Do not enable Expire and Purge modules by default. * Enable Syslog module by default. * Git 1.8.0 * MariaDB 5.3.9 on Debian Lenny * MariaDB 5.5.28 * Nginx 1.3.8 * Percona 5.5.28 * PHP 5.3.18 * Pure-FTPd 1.0.36 * Redis 2.6.4 * Remove not supported httprl module and disable if enabled. * The filefield_nginx_progress is forced-enabled in all D7 sites, again. * Use PHP-FPM 5.3 for Chive, Collectd and other non-Drupal sites. * Use php-cli 5.3 for drush on command line by default. You can still force 5.2 with --php=/usr/local/bin/php drush option. # Fixes: * Add cache_tax_image bin to no-redis-cache exceptions. * Add support for pdnsd in the VServer guest. * Allow all standard compass/sass commands in limited shell. * Auto-discover _NEWRELIC_KEY if not listed in .barracuda.cnf * Better auto-healing for php-fpm zombies edge case. * Better check for failed login attempts (when user exists). * Better permissions magic repair running daily. * Deny crawlers on search results pages - they may cause very high load. * Disable spinner if screen is used. * Do not force default Debian and Ubuntu mirrors even if _AUTOPILOT=YES. * Do not quote password in .my.cnf - it breaks mytop. * Do not use log/custom_cron for anything. * Do not use resolveip in the localhost mode. * Exclude cache_bootstrap and cache_pulled_tweets from Redis caching. * Fix for broken drush make edge case caused by leftovers. * Fix for broken Tika download URL. * Fix for civicrm_engage in D6. * Fix for Debian Lenny upgrade. * Fix for global.inc logic related to high traffic sites only. * Fix for NGX, PHP and SQL forced reinstall mode. * Fix for Pin-Priority in Squeeze. * Fix for sql abuse monitor. * Fix for the selectively forced upgrade mode. * Fix motd for Skynet fun. * Fix too restrictive lshell command filtering. * Force Pure-FTPd rebuild on every upgrade to avoid broken binary. * Force tomcat restart and reload php-fpm hourly. * Improve Domain module support. * Improve mysql crashed tables detection and repair in auto-healing. * Improve Nginx Abuse Guard by stopping those never cached POST DoS attacks. * Improve Nginx guard support for VServer guests. * Improved checkpoint info in Octopus. * Issue #1225380 - Do not truncate sessions table during db daily backup. * Issue #1472786 - SQL check ERROR and too many SQL check CLEAN notices. * Issue #1528726 - Fix for Redis support in all shared directories/code. * Issue #1540242 - Do not install conflicting libavcodec53 or libavcodec52. * Issue #1588060 - Make sure that /var/run is present in open_basedir. * Issue #1589052 - Incomplete PATH breaks standard tasks. * Issue #1590120 - Fix for java path changed in recent Ubuntu releases. * Issue #1591746 - Update GeoIP.dat file automatically. * Issue #1592646 - Enabled old cache backend integration module causes WSOD. * Issue #1592650 - Do not use Hide platforms with non-default profiles. * Issue #1592680 - Upload progress module breaks uploads on all D7 sites. * Issue #1593794 - New redis-only caching backend settings. * Issue #1593810 - Duplicate php-cli 5.3 binaries after upgrade. * Issue #1593980 - Remove invisible characters breaking localhost install. * Issue #1597580 - External/Aggressive caching in D6 breaks path_alias_cache. * Issue #1598676 - Collectd graphs broken. * Issue #1600426 - Cron is run every minute on all sites not yet defined. * Issue #1602142 - Do not use device specific keys for Redis cache entries. * Issue #1606146 - The manage_ltd_users.sh script locks important tasks. * Issue #1614162 - CRON Not Running on Octopus Satellites and Sites. * Issue #1643616 - APC is missing in the Ubuntu Precise based install. * Issue #1659452 - Add support for Aegir HTTPS header in the Speed Booster. * Issue #1663262 - Fix FMG install on Ubuntu Precise. * Issue #1679114 - New user name check in Octopus is too restrictive. * Issue #1689656 - Avoid caching /civicrm* and known webform requests. * Issue #1716004 - The zlib.output_compression should be disabled in 5.3 * Issue #1728616 - Better CDN Far Future expiration support. * Issue #1777982 - Do not break wordpress_migrate module support. * Issue #1778712 - Better workaround for MariaDB 5.5.27 critical bug. * Issue #1784440 - Cannot stat scan_nginx when using BOND.sh.txt * Issue #1796420 - Do not break write access to the tcpdf cache directory. * Issue #1798288 - Provision-backup_delete could not be found. * Issue #1799116 - Standardize on installation vs. install profile. * Issue #1821866 - Force Nginx rebuild to include pseudo-streaming support. * Issue #1824888 - BOND.sh.txt breaks Nginx, SQL and PHP configuration. * Issue #1825298 - Redis: force rebuild from sources on version mismatch. * Issue #1825420 - Avoid the Use of undefined constant OctopusNoCacheID. * Issue #1825630 - Remove duplicate code causing false alarm. * Issue #1825992 - Redis cache is never cleared via php-cli. * Issue #1825998 - Improved auto-healing for Redis. * Issue #1835796 - Default cache headers break CloudFlare Always Online. * Make sure that path_alias_cache module takes precedence. * Make sure that PHP 5.2 is re-installed if required. * Monitor and kill too long running sites cron tasks. * Move away buagent init script if exists when Barracuda runs. * Nginx: Allow to include high level local configuration override. * Nginx: Better regex for exceptions in the abuse guard monitor. * Nginx: Block stupid spiders/downloaders with 403 error, not CSF. * Nginx: Deny known bots on some heavy URLs. * Nginx: FileField Nginx Progress 7.x-2.3 compatibility. * Nginx: Fix for broken images paths in civicrm. * Nginx: Fix for D6 upload progress support. * Nginx: Make the abuse monitor aware of possible lang code prefixes. * Nginx: Monitor and block if required also via-multi-proxy attacks. * Nginx: Remove packages on every upgrade to avoid duplicate re-installs. * Nginx: Remove redundant URL filtering. * Nginx: Send 403 for vbulletin URI to avoid Drupal heavy 404. * Nginx: Support for /contrib/ for wysiwyg helpers exceptions location. * Nginx: Use latest nginx-upload-progress-module v0.9.0 * Nginx: Use ngx_cache_purge-1.6 * PHP: Allow short_open_tag also in 5.3 * PHP: Disable the original php5-fpm init script causing segfaults. * PHP: Fix for _FROM_SOURCES PHP-FPM 5.3 build. * PHP: Fix for the php53-fpm init script. * PHP: Force proper php53-fpm restart if required. * PHP: Install JSMin extension by default. * PHP: Install php-pear by default also in no-src based default install. * PHP: Load extensions in a safe, correct order. * PHP: Log killed php-fpm events. * PHP: Make sure that all builds use correct, fresh downloads. * PHP: Make sure that php53-fpm is disabled during apt-get based upgrade. * PHP: Make sure that suhosin.so is removed and jsmin.so added. * PHP: Remove duplicate and conflicting allow_call_time_pass_reference. * PHP: Remove php5-sasl extension causing segfaults. * PHP: Remove php5-suhosin from the stack - too many weird issues. * PHP: The realpath_cache_ttl should be as low for CLI as possible. * PHP: Use 2x higher limits in the tune_web_server_config logic. * Purge Redis cache hourly. * Randomize runner intervals. * Remove all control files on init to avoid aborted Octopus upgrades. * Remove any extra search directive from resolv.conf when pdnsd is installed. * Remove Dotdeb libmysqld-dev conflicting with Percona libmysqlclient-dev. * Remove not really working properly Boost separate mobile bins. * Remove not supported MTA only on initial install. * Remove old cache module from all old profiles. * Segfault monitor should not disable sites by default. * Serve .less files as static by default, no log. * Set hosting_advanced_cron_default_interval to 3 hours. * SQL: Use skip-name-resolve by default. * Support both HTTP_X_FORWARDED_PROTO and HTTPS. * The dev. should not disable Redis cache. * The missing /usr/bin/lshell entry may affect also Lucid. * There is no need to force Debian mirror. * Tune AdvAgg config - disable async mode and use JSMin by default. * Use autoselect for civicrm downloads. * Use DrupalDatabaseCache for some Redis bins to avoid confirmed issues. * Use higher default timeouts for php-cli and wait_timeout in mysql. * Use SERVER_NAME instead of HTTP_HOST header in the Redis cache key. * Use version specific directory for static downloads. * Yet another umask trick for shell and SFTP. ### Stable Edition BOA-2.0.3 ### Date: Thu May 17 18:17:40 EST 2012 ### Installs Aegir 2.0.3 compatible with Aegir 1.9 # There are major improvements and new features added in this BOA Edition. Here is the description of those most important/expected, while complete list of all changes, new features and fixes is available further below. * Caching backend has been simplified. We no longer use chained cache system with Memcached+Redis+database. New system uses only Redis cache and the same configuration for all Drupal 6 and Drupal 7 platforms. This new system doesn't require any extra module to be enabled in any site. Complete integration is already enabled by default for every platform/site installed by default and for every custom platform as before - the next day after first site on the custom platform has been created. You can disable this caching layer using the same modules/cache/NO.txt control file as before. While there is just one cache engine (Redis) used, there is also an automatic, instant failover to standard database caching, just in case Redis is not available for some reason. You can also disable Redis cache on the fly for debugging by adding ?noredis=1 to any URL. * We have added support for Drupal 8.x while still using modified Drush 4.6-dev version, so we can still support Drupal 5 on the same system, but on another Octopus instance. * You can choose different PHP version for PHP-FPM (web access) and PHP-CLI, for even greater control over compatibility with various Drupal major versions. * You can choose both PHP-FPM and PHP-CLI versions per Octopus instance, on the same system. And you can change those versions on upgrade. * Installing and upgrading BOA system has been greatly simplified. You can still configure and run both installers as before, but you can also use these new, shockingly simple command line tools to install Barracuda and Octopus at once, to install more Octopus instances, to run selective or batch upgrades of all Octopus instances etc. See docs/INSTALL.txt and docs/UPGRADE.txt for details. * We have added an 'easy install' configuration shortcuts for both standard (public) and localhost installs. You no longer need to read, understand and configure all options, unless you prefer to choose some non-default configuration options. * Default installs on Debian Squeeze and Ubuntu Precise use packages for PHP 5.3, so initial setup takes just 10-15 minutes. * You can easily grant limited shell and FTPS access for developers, simply by creating "Clients" in the Aegir control panel and define them as 'owners' of one or more sites. Their access will be limited to only sites they can manage, but only if you will send them their access credentials, which are independent of their Aegir control panel credentials and stored in the ~/users/ directory in your main account. You will find there files with passwords for every "Client" with at least one site attached. For example ~/users/o1.username file means that this Client's username for SSH and FTPS access is 'o1.username' while his password is stored in this file. This means that SSH/FTPS access is not granted automatically, but you can decide who should receive it. How to change any extra user's password? Simply delete his ~/users/o1.username file and wait up to 5 minutes - the system will re-create his account with new password. And how to delete the user completely? Simply delete this user "Client" account in the Aegir control panel and allow the system to delete also his SSH/FTPS access in the next 5 minutes. * We have added segfault monitor for php-fpm and nginx, enabled by default. It is pretty aggressive, because it disables vhost of any site causing segfault errors and sends email alert to the Octopus instance owner and server owner email addresses. Simple site re-verify in Aegir enables the site again - but until the next segfault only, so read the info included in the email alert message, if this will happen. If you prefer to not run this monitor: `rm -f /var/xdrago/monitor/check/segfault_alert` * Previously recommended site and platforms re-verify on Clone or Migrate is now fully automated. Aegir will run these extra tasks as a part of Clone or Migrate task, to make sure that there are no errors and that Aegir is using up-to-date information collected about platforms and sites. It also automatically fixes the known problem with domain aliases incorrectly written in the original and cloned sites, as reported in the Aegir queue: http://drupal.org/node/1004526 * Apps are now fully supported. If the App is not downloaded yet, installing it via browser only requires write permissions, normally never available for the web server user, so you need to create an empty control file, either in sites/all/modules/apps-allow.info or sites/domain/modules/apps-allow.info and then run 'Reset password' task. It will open write access where required until the next site 'Verify' task will run . After installing the App, remember to re-Verify the site to restore default, safe permissions. * Custom local.settings.php file support uses similar logic with control file sites/domain/modules/local-allow.info and also 'Reset password' task. After running this task the local.settings.php file will be group writable, so you will be able to edit it also when logged in as limited shell user. Remember to run site Verify when done, to restore standard, safe permissions. Note that this file is created automatically, but is not open for write access by default. # Notes on new and updated platforms and new Drupal core: All 6.x and 7.x platforms have been updated with latest core, so they are all in fact new in this BOA Edition, but we list here only really new platforms or those with new version released since last BOA Edition, with one exception: we list also basic 6.26.2 and 7.14.2 platforms as new. NOTE: before you will try to upgrade any of your sites, please read our important how-to: http://omega8.cc/the-best-recipes-for-disaster-139 http://omega8.cc/are-there-any-specific-good-habits-to-learn-116 http://omega8.cc/managing-your-code-in-the-aegir-style-110 REALLY, PLEASE READ IT TO AVOID SOME HEAVY HEADACHES! # New Octopus platforms: CiviCRM 4.1.2-d6 ------------- http://civicrm.org CiviCRM 4.1.2-d7 ------------- http://civicrm.org Drupal 7.14.2 ---------------- http://drupal.org/drupal-7.14 Drupal 8.0-dev --------------- http://bit.ly/drupal-eight MartPlug 1.0-beta1b ---------- http://drupal.org/project/martplug Octopus Video 1.0-alpha6 ----- http://octopusvideo.org Panopoly 1.0-beta3 ----------- http://drupal.org/project/panopoly Pressflow 6.26.2 ------------- http://pressflow.org # Updated Octopus platforms: Acquia 6.26.2 ---------------- http://bit.ly/acquiadrupal CiviCRM 3.4.8-d6 ------------- http://civicrm.org CiviCRM 4.0.8-d7 ------------- http://civicrm.org Commerce 1.7.1 --------------- http://drupalcommerce.org Commons 2.6 ------------------ http://acquia.com/drupalcommons Feature Server 1.1 ----------- http://bit.ly/fserver Managing News 1.2.2 ---------- http://managingnews.com NodeStream 1.5 --------------- http://nodestream.org NodeStream 2.0-beta1 --------- http://nodestream.org Open Atrium 1.4.1 ------------ http://openatrium.com Open Deals 1.0-beta7e -------- http://opendealsapp.com Open Outreach 1.0-rc1 -------- http://openoutreach.org OpenChurch 1.10-alpha1 ------- http://openchurchsite.com OpenPublish 3.0-alpha8 ------- http://openpublishapp.com Ubercart 2.9.1 --------------- http://ubercart.org Ubercart 3.1.1 --------------- http://ubercart.org Videola 1.0-alpha3 ----------- http://videola.tv # New features: * Add Adaptive Image Styles support. * Add Compass compatibility in the limited shell (Compass is not installed by default). * Add ssh-copy-id and ssh-add commands as allowed over SSH. * Add X-Speed-Cache-Key header for Speed Booster debugging. * All Clone/Migrate forms in the Aegir control panel have useful inline help added. * Allow to easily re-start BOA failed install, just by running boa installer again. * Allow to install PHP 5.3 only with option _PHP_MODERN_ONLY=YES (default). * Deny HTTPS access on Nginx level for all known bots and crawlers. * Do not force HTTPS for Aegir if /data/conf/no-https-aegir.inc control file exists. * Fix system time hourly via auto-healing. * Install wkhtmltopdf by default - available at /usr/bin/wkhtmltopdf * Issue #1263602 - New Relic Server and Apps Monitor with per Site/Instance reporting. * Issue #1392498 - Use .barracuda.cnf to define YES/NO for some config overrides. * Issue #1428078 - Compatibility with resp_img module. * Issue #1436522 - Add option to set _PHP_CLI_VERSION. * Issue #1438906 - Add Imagick to PHP by default. * Issue #1463494 - Add support for radioactivity module. * Issue #1542712 - Automated wildcard DNS for easy localhost mode. * Lock temporarily almost all known crawlers on high load with error 503. * Make _NGINX_DOS_LIMIT configurable and allow higher load by default. * Make both 1 and 5 minute max allowed load configurable in the auto-healing. * Support for automatically managed extra SSH/FTPS accounts per Aegir Client. * The _LOAD_LIMIT used in the auto-healing system is now configurable. * The _SPEED_VALID_MAX used as a Speed Booster cache TTL is now configurable. * Ubuntu Precise 12.04 is fully supported. * Use nice default /root/.bashrc config. # New Aegir modules or extensions: * Add hosting_advanced_cron module - enabled by default. * Add hosting_civicrm_cron module - enabled by default. * Add hosting_task_gc module - enabled by default. * Add provision_cdn module and extension, by default not enabled. * Add remote_import and hosting_remote_import - not enabled by default. * Add revision_deletion module - automatically configured and enabled by default. * Registry Rebuild Drush extension - installed by default. # New o_contrib modules: * entitycache-7.x-1.x-dev * nocurrent_pass-7.x-1.0 * speedy-7.x-1.0 # Changes: * Acquia 7.x platform has been merged with Ubercart 3. * Always disable css_gzip, javascript_aggregator and performance modules. * Automate database server secure setup on initial install. * Disable /etc/cron.daily/mlocate by default. * Do not disable update module - it may break some features depending on it. * Do not enable filefield_nginx_progress module by default. * Do not remove Testing profile and use better naming convention for D7/D8. * Do not search for mirrors by default. * Drupal 8 compatible Drush 4.6-dev * GitHub availability is required also when another mirror is used by default. * Installing Git from sources is now optional. * Limited shell 0.9.15.1-sec-noreload * Lower default APC and Redis memory in VZ to 64MB to avoid/limit known VZ issues. * MariaDB and Percona 5.5 * Modify Ubercart platform to include some contrib modules in the D6 version. * Nginx 1.3.0 * Open Enterprise 1.0-beta3 is deprecated and not supported. * Plain FTP access disabled with FTPS-only mode available. * Pure-FTPd server install is now optional, but still default. * Send all known bots to $args free URLs. * Use _HTTP_WILDCARD=YES by default to match Aegir standard setup. # Fixes: * Abort all parent installers as soon as any sub-installer fails with fatal error. * Add $http_x_forwarded_proto to the cache key to never mix HTTP and HTTPS entries. * Add a list/chart in the readme for an easy overview of all included modules. * Add volatile updates to /etc/apt/sources.list for Squeeze. * All connection tests should be run after netcat is installed if not yet available. * Allow more than one IP to connect to the same FTPS account at the same time. * Allow some known php files also in profiles - a fix for Nginx config regression. * Always update nginx_speed_purge.conf file on upgrade. * Archive install and upgrade logs in /var/backups/ * Avoid double dots in $cookie_domain. * Better detection of real visitor IP in the scan_nginx abuse guard. * Cache 403 response for 5s by default. * Count only valid requests in the scan_nginx abuse guard. * Disable caching in admin_menu module by default. * Disabled allow_url_fopen breaks drush dl. * Do not allow bots to create cache entries with long expire time. * Do not prompt for D6 or D7 vanilla platforms install if not defined in the config. * Explain in the email templates that plain FTP is no longer available. * Fix cart block issue in Ubercart. * Fix for Debian Lenny support - packages have been moved to archives. * Fix for slow networks/DNS in pdnsd cache default config. * Fix for VServer on _LENNY_TO_SQUEEZE upgrade. * Fix tune_memory_limits logic to really tune the config on low mem systems. * Follow some symlinks when running chmod/ownership repair daily. * Force global upgrade for Expire and Purge modules. * Force safe default settings for expire module. * Improved Lenny to Squeeze major upgrade support. * Increase allowed limit_conn for local purge requests. * Issue #1216420 - Incorrect lshell path in /etc/passwd breaks FTPS on Squeeze. * Issue #1317264 #1543118 - Uninstall Sendmail if exists to avoid breaking Postfix. * Issue #1377492 - Improve Install / Upgrade mode detection and move away any zombies. * Issue #1398050 - Use our mirror for all downloads on install and upgrade. * Issue #1436522 - Add missing php.ini for PHP-CLI 5.3 * Issue #1440796 - Aegir support broken due to duplicate db update in Commons/OG. * Issue #1441366 - The _USE_SPEED_BOOSTER switch is deprecated. * Issue #1443284 - Early start of CSF may lockout the ssh user and break the install. * Issue #1445460 - Broken Git install on Ubuntu Lucid. * Issue #1451262 - Do not lock the access to phpinfo. * Issue #1472460 #1524738 - Nginx denies request methods: PUT, DELETE and OPTIONS. * Issue #1475416 - Unable to install Barracuda due to Aegir failed install. * Issue #1478984 - Add Access-Control-Allow-Origin header with wildcard where required. * Issue #1479188 - Octopus does not respect _DNS_SETUP_TEST setting on upgrade. * Issue #1505370 - Conflict between Mime Type and Document Type in Nginx. * Issue #1515762 - Nginx microcaching should skip all known AJAX requests. * Issue #1526382 - The _PHP_CLI_VERSION set in cnf file is not respected. * Issue #1527852 - Random WSOD on D7 sites with Redis enabled for anonymous visitors. * Issue #1528692 - Both cache_backport and redis modules are never added on upgrade. * Issue #1528726 - Redis caching backend should be unified across all instances. * Issue #1528996 - Nginx microcaching should use TTL 1s only for upstream errors. * Issue #1534306 - Duplicate directives break Dotdeb Nginx version. * Issue #1539512 - Keep custom Redis configuration during upgrade. * Issue #1540112 - HEAD install fails on Debian Squeeze 32bit. * Issue #1540242 - Add useful codecs to ffmpeg if enabled. * Issue #1541334 - Add kvm to supported virtualization systems. * Issue #1544144 - Use $server_name instead of $host in all sites/ paths. * Issue #1547878 - Port 11371 should be open for outgoing connections. * Issue #1553150 - Both php.ini and my.cnf config files get overridden upon upgrade. * Issue #1553166 - Disable incompatible mysql config options. * Issue #1554972 - PHP cli downgraded to 5.2 on upgrade with _PHP_MODERN_ONLY=YES * Issue #1556192 - Upgrade Entity API to head to fix issue with Drupal 7.14 * Issue #1585348 - Disable openchurch_video_demo_content to avoid fatal error. * Kill nash-hotplug if running. * Lower some my.cnf defaults to better support low mem systems. * Make default myisam_sort_buffer_size big enough to run repair if required. * Make sure that /dev/null has correct permissions. * Pass some expected headers when using local proxy. * Remind people that they should use their own email address or exit early. * Remove deprecated Nginx config includes and use symlinks for backward compatibility. * Sanitize important variables early. * Save 330 seconds with 3x faster spinner. * Set hosting_queue_cron_frequency to 8888 weeks by default to really use schedule defined via hosting_advanced_cron module and never override it. * Share and symlink civicrm code. * Skip _AEGIR_LOGIN_URL in the debug mode - it is empty then. * Update mime.types for Nginx. * Use _FULL_FORCE_REINSTALL when recovering from broken/partial install automatically. * Use faster locations matching where possible in the Nginx config. * Use higher values for limit_conn in Nginx to avoid issues when required. * Use loglevel warning in Redis config. * Use safe placeholders to avoid issues on low-mem machines. ### Stable Edition BOA-2.0.2 ### Date: Thu Feb 9 14:00:00 EST 2012 ### Installs Aegir 2.0.2 # Note on new and updated platforms and new Drupal core: All 6.x and 7.x platforms have been updated with latest core, so they are all in fact new in this BOA Edition, but we list here only really new platforms or those with new version released since last BOA Edition, with one exception: we list also basic 6.24.1 and 7.12 platforms as new. Please note that instead of waiting for 6.25, we already included patches required to fix major issues with 6.24: http://drupal.org/node/1425868 http://drupal.org/node/1425260 Our Pressflow 6.24.1 +Extra version includes not only listed above patches, but also a few extra, performance related patches discussed here: http://groups.drupal.org/node/187209 Note also that we renamed too basic Acquia 7.x platform to Ubercart 3.x platform. It is based on the same acquia install profile, but includes all contrib modules required for any basic Ubercart 3.x site. NOTE: before you will try to upgrade any of your sites, please read our important how-to: http://omega8.cc/the-best-recipes-for-disaster-139 http://omega8.cc/are-there-any-specific-good-habits-to-learn-116 http://omega8.cc/managing-your-code-in-the-aegir-style-110 REALLY, PLEASE READ IT TO AVOID SOME HEAVY HEADACHES! # New Octopus platforms: Drupal 7.12 ------------------ http://drupal.org/drupal-7.12 NodeStream 2.0-alpha6 -------- http://nodestream.org OpenPublish 3-alpha3 --------- http://openpublishapp.com Pressflow 6.24.1 ------------- http://pressflow.org Ubercart 3.0.1 --------------- http://ubercart.org # Updated Octopus platforms: Acquia Commons 2.4 ----------- http://acquia.com/drupalcommons Commerce Kickstart 1.3 ------- http://drupalcommerce.org ELMS 1.0-alpha6 -------------- http://elms.psu.edu Open Atrium 1.2.1 ------------ http://openatrium.com Open Deals 1.0-beta7 --------- http://opendealsapp.com Open Outreach 1.0-beta7a ----- http://openoutreach.org ProsePoint 0.43 -------------- http://prosepoint.org Videola 1.0-alpha2 ----------- http://videola.tv # New features: * Barracuda now supports Debian Lenny to Squeeze major upgrade. Of course you should create full backup image before running this major system upgrade, just in case, but all the rest is fully automated - it is enough to set advanced configuration option in Barracuda to _LENNY_TO_SQUEEZE=YES and run Barracuda as usual. It will upgrade your system to Squeeze and re-build everything, with almost no downtime during the upgrade. You will still need to reboot the server when it will complete all upgrades. Important: Debian Lenny reached EOL on February 6, 2012. Details: http://lists.debian.org/debian-announce/2012/msg00001.html * All new 7.x sites now run on latest PHP-FPM 5.3.10 by default. For existing sites it is enough to re-verify them in your Aegir control panel to get them on PHP-FPM 5.3.10 automatically. All existing and new 5.x sites run on the old PHP-FPM 5.2.17 version by default and you can't change that. You can still choose between PHP-FPM 5.2.17 and 5.3.10 for all your 6.x sites - just let us know via http://omega8.cc/support that you wish to switch to 5.3.10 - but make sure first that all your 6.x sites are fully PHP 5.3 compatible. By default all 6.x sites still run on PHP-FPM 5.2.17. Of course you could choose 5.3.10 for 6.x sites on one Octopus instance and 5.2.17 on another - on the same server. Just one more reason to use Octopus built-in intelligence :) All of this works the same both for Aegir Master Instance and all Aegir Satellite Instances. * Both Speed Booster, Boost and Redis/Memcached supports separate caches per mobile device, so it is safe to use separate themes or content for mobile devices. We use simple logic to determine the kind of device and there are separate cache bins for mobile-tablet, mobile-smart and mobile-other. You can review it here: http://bit.ly/wYz6PG * Purge module is now enabled by default in all 6.x and also 7.x sites. Now Speed Booster works like a Boost - it expires immediately the cache for any node/page as soon as it has been edited or comment added. It also automatically expires the cache for the homepage and RSS feed at once. You no longer need to wait up to one hour for Speed Booster cache expiration. Plus, unlike in Boost, it purges all separate caches for all mobile devices along with non-mobile cache, at once. Now you have a good reason to disable Boost and use our crazy fast Speed Booster only. * You can use GeoIP data provided by your Nginx server in your custom code or modules with variables: $_SERVER['GEOIP_COUNTRY_CODE'] and $_SERVER['GEOIP_COUNTRY_NAME'] to display content or block depending on the visitor's country. You can check/review it from your location also on command line with: 'curl -I http://your-domain' - you will see GeoIP headers. * You can safely manage Clients/Users attached to hosted sites in your Aegir interface. Make sure that all sites have its associated Client! Otherwise the site will be listed as available for all Clients/Users you have added. The site can lost its association with Client after Clone task if there is any non-alphanumeric value in the Client name, like &. * CloudFlare specific header 'CF-Connecting-IP' is now supported out of the box and available as standard $_SERVER['REMOTE_ADDR'] in all 5.x, 6.x and 7.x platforms without any contrib module. * You can disable both Boost and Speed Booster on the fly by adding ?nocache=1 to any URL. Useful for debugging. * Speed Booster offers now also ESI microcaching, as explained in this article: http://groups.drupal.org/node/197478. This may enhance not only anonymous visitors, but also logged in users experience, since it allows you to separate microcache for ESI/SSI includes (valid for just 15 seconds) from both default Speed Booster cache for anonymous visitors (valid by default for 3 hours, unless purged on demand via recently introduced Purge/Expire modules) and also from Speed Booster cache per logged in user (valid for 60 seconds). The ESI module is included in all 6.x platforms but is not enabled and not configured automatically, so please consult its documentation for details on how to use it properly. Now you have three different levels of Speed Booster cache to leverage and deliver the 'live content' experience for all visitors, and still protect your server from DoS or simply high load caused by unexpected high traffic etc. * Automatic configuration of options required when Barracuda detects _VMFAMILY=AWS (Amazon EC2). * Both _NGINX_WORKERS and _PHP_FPM_WORKERS are now configurable. * You can avoid overwriting /etc/mysql/my.cnf with empty control file: $ touch /etc/mysql/custom.my.cnf * You can avoid overwriting /opt/php52/etc/php52.ini on upgrade with empty control file: $ touch /opt/etc/custom.php.ini * You can avoid overwriting /opt/php52/lib/php.ini on upgrade with empty control file: $ touch /opt/etc/custom.php.ini * You can avoid overwriting /opt/php53/etc/php53.ini on upgrade with empty control file: $ touch /opt/etc/custom.php53.ini * You can avoid overwriting /var/spool/cron/crontabs/root on upgrade by adding your extra/custom entries in the extra file: $ nano /var/xdrago/cron/custom.txt * You can avoid overwriting your CSF configuration on upgrade with empty control file: $ touch /var/log/custom.csf.log # New o_contrib modules: * taxonomy_edge-6.x-1.3 (with core patch) * taxonomy_edge-7.x-1.1 (with core patch) * purge-6.x-1.x * purge-7.x-1.x * expire-6.x-1.x * expire-7.x-1.x # Changes: * Nginx upgrade to 1.0.12 * Lshell upgrade to 0.9.15-beta1 * Percona upgrade to 5.5.19 * Chive upgrade to 1.0.2 * Git upgrade to 1.7.9 * Suhosin upgrade to 0.9.33 * Textile upgrade to 2.3 * Mytop is now installed by default. * Drush based method for sites cron is more reliable and now set by default. * More compact naming for platforms in Octopus. * Speed Booster cache per logged in user now valid for only 60 seconds. * Speed Booster anonymous cache now valid for 3 hours, unless purged. * Extra $_COOKIE[OctopusCacheID] has been removed. * We use $cache_uid from parent map (Nginx) in fastcgi_cache_key. * Forced external caching only for Pressflow 6 core. * Octopus installs by default: D7P D7S D7D D6P D6S D6D OAM. * We no longer need to force Percona on Oneiric. MariaDB also works. * We no longer need to force MariaDB on Lenny and MariaDB Natty on Oneiric. * We no longer need to use Percona for Maverick on Natty and Oneiric. * We use _THIS_DB_HOST=localhost by default. * Secure/restricted access to manage users/clients is open by default in every Aegir Satellite Instance also for the extra non-uid=1 admin. * Users in every Aegir Satellite Instance are protected with userprotect and protect_critical_users modules. * Some default SQL limits have been increased. * The insecure D7 plugin manager is now forced as disabled by default. * The hosting_platform_pathauto module is now enabled in Aegir by default. * The provision_boost module is now added and enabled in Aegir by default. # Fixes: * Simplified Nginx config with 'modern', 'octopus' and 'legacy' templates. * Removed duplicate code and fixed caching logic for D5, D6 and D7. * Fixed logic for ESI microcache and Boost cache. * Removed imageinfo_cache module. It breaks platforms with imagecache module. * Disable deslash in globalredirect to avoid redirect loop. * Load IonCube also in php-cli. * Use core version in paths for all platforms. * Make sure that 301 redirects are only microcached - 5 seconds by default. * Do not run duplicate PHP-FPM rebuild on upgrade when there is no new DB server version installed/available. * Set boost_ignore_htaccess_warning to 1 by default. * Use provision_civicrm 6.x-1.x branch instead of outdated master. * Fix for broken regex on lshell.conf update per user. * All broken symlinks in the clients directory now deleted daily. * All broken symlinks in the lshell user home directory now deleted daily. * Avoid breaking Aegir upgrade because of high load. * Set correct loglevel for Redis to avoid useless I/O noise. * Add curl as allowed command to lshell default config. * Use faster download instead of git for Pressflow core. * Issue #1432668 - Octopus username should never start with a digit. * Issue #1408972 - Make nginx rewrites compatible with audio module. * Issue #1428990 - Load memcache in php-cli. * Issue #1408200 - AgrCache breaks aggregation and should be removed. * Issue #1420758 - Make sure that Nginx config includes are really used on initial Barracuda install. * Issue #1418608 - Add --with-xmlrpc in the PHP-FPM build by default. * Issue #1396204 - Add GeoIP support in Nginx by default * Issue #1394152 - Build PHP-FPM with --enable-calendar by default. * Issue #1392498 - Do not overwrite CSF configuration on Barracuda upgrade. # Recommendations: * Use _FORCE_GIT_MIRROR=github because it is 10x faster than others. ### Stable Edition BOA-2.0.1 ### Date: Wed Dec 28 07:00:00 EST 2011 ### Installs Aegir 2.0.1 # New Octopus platforms: ELMS 1.0-alpha5 -------------- http://elms.psu.edu Open Deals 1.0-alpha4 -------- http://opendealsapp.com Open Outreach 1.0-beta6 ------ http://openoutreach.org # Updated Octopus platforms: Acquia 7.10.10 --------------- http://bit.ly/acquiadrupal Acquia Commons 2.3 ----------- http://acquia.com/drupalcommons CiviCRM 3.4.8 ---------------- http://civicrm.org CiviCRM 4.0.8 ---------------- http://civicrm.org Commerce Kickstart 1.0-rc7 --- http://drupalcommerce.org Drupal 7.10 ------------------ http://drupal.org/drupal-7.0 Managing News 1.2.1 ---------- http://managingnews.com NodeStream 1.1 --------------- http://nodestream.org Open Atrium 1.1.1 ------------ http://openatrium.com OpenChurch 1.22-a ------------ http://openchurchsite.com OpenScholar 2.0-beta13 ------- http://openscholar.harvard.edu ProsePoint 0.41 -------------- http://prosepoint.org # New features: * Speed Booster Purge Server for all Drupal 6.x based platforms with automatically configured support for all devices caching. * Enhanced Pressflow core for all bundled 6.22 based platforms, applied automatically also to already installed platforms: https://github.com/omega8cc/pressflow6 * Added access to the "clients" directory with shortcuts/symlinks to all hosted sites per Aegir "client". # New o_contrib modules: * ESI for Nginx SSI - http://drupal.org/sandbox/mikeytown2/1328648 * Purge for Speed Booster - http://drupal.org/project/purge * Expire for Speed Booster - http://drupal.org/project/expire # Changes: * Nginx upgrade to 1.0.11 * MariaDB upgrade to 5.2.10 * Percona upgrade to 5.5.18 * Chive upgrade to 1.0.1 * Pure-FTPd upgrade to 1.0.35 * The syslog module is no longer enabled by default and added to the list of automatically disabled modules. # Fixes: * Mobile devices detection and caching improved. * Many fixes and enhancements for Speed Booster caching logic. * Many fixes and enhancements for Boost caching logic. * More reliable Nginx auto-healing. * Broken symlinks in the "clients" directory are now purged daily. * The preg_match for dev should check for dev. and devel. only. * Issue #1366564 - Use instance specific .octopus.cnf files. * Issue #1262988 - Use reliable test for upload progress availability. * Issue #1350028 - Make sure that all BOA pid files are removed on reboot. * Issue #1348906 - BOND script outdated _INSTALLER_VERSION variable fixed. * Issue #1321428 - Make sure that _SSH_PORT is written in /etc/ssh/sshd_config. ### Stable Edition BOA-1.4S ### Date: Mon, 24 October 2011 14:00:00 +0200 ### Installs Aegir stable 1.4S # Updated Octopus platforms: Acquia 7.8.7 ----------------- http://bit.ly/acquiadrupal Acquia Commons 2.2 ----------- http://acquia.com/drupalcommons CiviCRM 3.4.7 ---------------- http://civicrm.org CiviCRM 4.0.7 ---------------- http://civicrm.org Commerce Kickstart 1.0-rc4 --- http://drupalcommerce.org OpenPublic 1.0-beta3 --------- http://openpublicapp.com Ubercart 6.x-2.7 ------------- http://ubercart.org # New features: * Mobile devices detection for mobile-tablet, mobile-smart and mobile-other. * Mobile devices detection integrated with Redis/Memcached caches. * Mobile devices detection integrated with Boost cache. * Mobile devices detection integrated with Speed Booster cache. * Responsive Images 7.x module support. * New .barracuda.cnf and .octopus.cnf files for better configuration management. * Ubuntu Oneiric 11.10 is now fully supported. * Issue #1266912 - Support for Apache Solr Attachments - Tika. * Issue #1310082 - Disable XML Sitemap for dev automatically. * Support for fbconnect module. * Support testing->minimal->standard migrations for D7 out-of-the-box. * The Speed Booster $key_uri enhanced logic included in the default Nginx config. # Changes: * Nginx upgrade to 1.0.8 * Create mobile cache separate subdirs for Boost by default. * _MODULES_ON and _MODULES_OFF now forced also for D7 sites. * Do not force hosting_ignore_default_profiles by default. * Some o_contrib modules received updates - use _O_CONTRIB_UP=YES to apply them. * Allow 'contrib' subdirectory in the modules path for allowed PHP files. * Issue #1309996 - Extended support for common modules locations/paths. * Issue #1305542 - Do not overwrite php.ini and my.cnf if control files exist. * Add collectd to the auto-healing monitor and automated restart. * Disable l10n_update module by default to avoid issues when d.o servers are down. * Updated docs/SOLR.txt to explain how to configure any core to support 7.x. * Duplicate parts of Nginx config moved to maps in the parent server.tpl.php file. * Add 'drush pmi' to the list of displayed/allowed commands. * Issue #1243068 - Allow to override in override.global.inc also Redis/Memcached etc. * Deny known crawlers on the HTTPS proxy level. # Fixes: * The wkhtmltopdf binary should be always executable if exists. * Issue #1238200 - Use custom _SSH_PORT only in TCP_IN. * Make sure the keys for MariaDB or Percona are added to avoid broken install. * Issue #1307664 - Test repo.percona.com and ftp.osuosl.org availability. * Issue #1262988 - Missing upload_progress_test.conf breaks upgrade for older installs. * Issue #1281896 - Add some missing video types to mime.types in the Nginx config. * Do not use path_alias_cache in the Hostmaster site to avoid broken URL aliases. * Issue #1270724 and #1263124 - really use /tmp directory during 'drush dl module'. * Do not break admin/reports/status/rebuild URL in D7. ### Stable Edition 1.0-boa-T-8.10 ### Date: Mon, 5 September 2011 16:15:00 +0200. ### Installs Aegir stable 1.3.1 # New Octopus platforms: OpenChurch 1.21 -------------- http://openchurchsite.com # Updated Octopus platforms: Acquia 7.7.6 ----------------- http://bit.ly/acquiadrupal Acquia Commons 2.0 ----------- http://acquia.com/drupalcommons CiviCRM 3.4.5 ---------------- http://civicrm.org CiviCRM 4.0.5 ---------------- http://civicrm.org Conference 1.0-beta2 --------- http://usecod.com Drupal 7.8 ------------------- http://drupal.org/drupal-7.0 Drupal Commerce 1.0 ---------- http://drupalcommerce.org OpenPublic 1.0-beta2 7.8 ----- http://openpublicapp.com Ubercart 2.6 6.22 ------------ http://ubercart.org # Changes: * Drush Make upgrade to 2.3 * Drush upgrade to 4.5 * Nginx upgrade to 1.0.6 * MariaDB upgrade to 5.2.8 * Higher limit_conn for AdvAgg to support high async connections rate. # Fixes: * Tomcat runs as a separate 'tomcat' user instead of root. * Issue #1250448 - Textile 7 requires Vars module. * Issue #1248432 - support for CNAME records in the DNS check. # New features: * HTTP/HTTPS redirects example in the override.global.inc file. * Enabled by default HTTPS and HTTP sessions/cookies for D7. * Issue #1243068 - Allow to override $cache_module_path. ### Stable Edition 1.0-boa-T-8.9 ### Date: Sat, 30 July 2011 23:50:00 +0200. ### Installs Aegir HEAD 1.2.1 # Updated Octopus platforms: Drupal 7.7 ------------------- http://drupal.org/drupal-7.0 Acquia 7.7.5 ----------------- http://bit.ly/acquiadrupal OpenPublic 1.0-beta1 7.7 ----- http://openpublicapp.com Drupal Commerce 1.0-rc1 ------ http://drupalcommerce.org Open Atrium 1.0 6.22 --------- http://openatrium.com ProsePoint 0.40 6.22 --------- http://prosepoint.org # Fixes: * Two critical cache related bugs fixed in Nginx 1.0.5. * Critical Issue #1222208 - broken web-based cron for sites. * Issue #1223506 - cloning a site looses client site ownership. * Missing jquery.ui symlink in Conference COD breaks install. * Issue #1230420 - do not purge /tmp too aggressively. * Issue #1234470 - SSL proxy didn't respect HTTP wildcard. * Boost's false alarm about permissions silenced. * Permissions for sites/domain/private/* also fixed daily. # Changes: * Nginx upgrade to 1.0.5 * Chive upgrade to 0.5.1 * Web-based method set by default for sites cron in Aegir. # New features: * Speed Booster Purge experimental backend can be installed, but is not used in production yet - see _PURGE_MODE flag and Issue #1048000. ### Stable Edition 1.0-boa-T-8.8 ### Date: Thu, 15 July 2011 08:00:00 +0200 ### Installs Aegir stable 1.2 # New Octopus platforms: Drupal 7.4 ------------------- http://drupal.org/drupal-7.0 CiviCRM 3.4.4 ---------------- http://civicrm.org CiviCRM 4.0.4 ---------------- http://civicrm.org Videola 1.0-alpha1 ----------- http://videola.tv # Updated Octopus platforms: OpenPublic 1.0-beta1 7.4 ----- http://openpublicapp.com Drupal Commerce 1.0-beta4 ---- http://drupalcommerce.org Acquia Commons 1.7 ----------- http://acquia.com/drupalcommons Acquia 7.4.4 ----------------- http://bit.ly/acquiadrupal OpenScholar 2.0-beta11 ------- http://openscholar.harvard.edu Conference 1.0-beta1 --------- http://usecod.com # New features: * Speed Booster can be disabled per site or per platform. * Redis/Memcached can be disabled per site or per platform. * Redis/Memcached chained cache enabled also for anonymous visitors. * Support for private_upload module added. * Support for static sites/domain/files/robots.txt file per site #1173954. * New _HTTP_WILDCARD Barracuda option for Nginx configuration #1152316. * New _XTRAS_LIST Barracuda option to define extras to be used. * Scripts to add extra ftp or lshell standard or lshell master users. * New _PLATFORMS_LIST Octopus option to configure the list of platforms. * You can migrate sites between some installation profiles by default: Drupal/Pressflow -> Acquia Acquia -> Drupal/Pressflow Acquia -> CiviCRM 3 Cocomore/CDC/DrupalCenter -> Pressflow * New _O_CONTRIB_UP Octopus option to upgrade last two contrib sets. # Changes: * Migration from commercedev to commerce_kickstart profile. * More system info stored in BOA logs to help with debugging. * Nginx config - deny access to /hosting/c/server_master. * Better how-to in the override.global.inc template. * Chive upgrade to 0.4.2 * Nginx upgrade to 1.0.4 # Fixes: * OpenPublic password policy issue fixed on site install. * OpenScholar missing libraries issue fixed. * Issue #1213094 - FServer platform missing module fixed. * Mollom problem when running via (SSL) proxy fixed. * Issue #1209150 - always use _MY_OWNIP when defined. * Issue #1208386 - fix for broken csf configuration template. * Boost cache write permissions after site migration fixed. * Nginx config - better support for CiviCRM. * Issue #1198572 - do not run SMTP check if _SMTP_RELAY_HOST is set. * Forced PHP-FPM rebuild on MariaDB 5.2.7 upgrade. * Issue #1196006 - fixed Nginx X-Accel-Redirect support. * Security Issue #1197172 - bypass access restrictions to protected files fixed. * Issue #1182680 - fixed support for backup_migrate module. * Issue #1182582 - fixed search paths for node.js, image.jpg etc. * Critical Issue #1183500 #1182660 - fall back to the wildcard * in Nginx. * Issue #962188 - Nginx version check in vhost.tpl.php now works. * Issue #1170498 - Extra config variable was missing in Nginx config templates. * Percona upgrade path fixed. * Broken dev version of the backup_migrate module replaced with stable. * Use correct platforms versions numbers in the ftp symlinks. ### Stable Edition 1.0-boa-T-8.7 ### Date: Mon, 30 May 2011 11:40:00 +0200 ### Installs Aegir HEAD 1.1.2 1. Fixed critical issue with MariaDB upgrade from 5.1 to 5.2 2. Fixed critical issue with Nginx build. 3. Fixed critical issue with Feature Server platform build. 4. Added upgrade monitor. ### Stable Edition 1.0-boa-T-8.6 ### Date: Sun, 29 May 2011 13:30:00 +0200 ### Installs Aegir HEAD 1.1.2 ---------------------------------------- # Added or upgraded since January 2011 ---------------------------------------- * Added support for install and upgrade to Percona Server 5.5 * MariaDB server upgraded to version 5.2.6. * Nginx server upgraded to version Barracuda/1.0.2 * Added support for Debian Squeeze and Ubunty Natty. * Open Atrium includes extra features: Atrium Folders: http://bit.ly/oafolders Ideation: http://bit.ly/oaideation * Hostmaster platform comes with ready to enable extra modules: http://drupal.org/project/hosting_backup_queue http://drupal.org/project/hosting_backup_gc http://drupal.org/project/hosting_upload * New Octopus platforms: OpenPublic 1.0-beta1 --------- http://openpublicapp.com NodeStream 1.0 --------------- http://nodestream.org Drupal Commons 1.6 ----------- http://acquia.com/drupalcommons OpenScholar 2.0-beta10-1 ----- http://openscholar.harvard.edu Conference 1.0-alpha3 -------- http://usecod.com Open Enterprise 1.0-beta3 ---- http://leveltendesign.com/enterprise Acquia 7.2.2 ----------------- http://bit.ly/acquiadrupal Drupal Commerce 1.0-beta3 ---- http://drupalcommerce.org * Basic Drupal 6 and Drupal 7 platforms now come in three instances, to make your standard workflow easier for: -dev, -stage and -prod, with correct suffix: D.00x, S.00x and P.00x in the platform name. * Speed Booster cache for 5.x, 6.x and 7.x Drupal platforms. This new feature adds super fast caching for anonymous visitors, and yes! - also for logged in users (cache per user) directly on the web server level - no Drupal module required. It works for all platforms, except of Ubercart, Commerce and any platform with ubercart in sites/all/modules/ubercart. * Support for secure ubercart keys location to use ../keys path. * The filefield_nginx_progress now also in every 7.x platform. * Drush upgraded to version 4.4 * Drush Make upgraded to version 2.2 * Redis cache server upgraded to version 2.0.5 * PHP-FPM server upgraded to version 5.2.17 * APC upgraded to version 3.1.9 * Memcache extension replaced with memcached and libmemcached. * Chive database manager upgraded to version 0.4.1 * Added support for robotstxt module in all new 6.x based platforms. * Drush gm / generate-makefile command added as allowed to lshell. * Git over ssh added as allowed to lshell. ---------------------------------------- # Improvements since January 2011 ---------------------------------------- * Speed Booster now works also in the Aegir Master Instance. * Full Barracuda install takes only 30 minutes (tested on Linode). * Nginx abuse guard is now integrated with csf firewall. * Bots/crawlers are now denied on any "dev" type subdomain. * The pdnsd server install is now optional. * The csf/lfd firewall install is now optional. * Limited shell configuration is now updated on every upgrade. * Auto-tuning in Barracuda leaves more memory for MyISAM etc. * Aegir runs cron for D5 and D6 sites using Wget instead of Drush to leverage APC cache, while D7 can use built-in poormanscron. * Many improvements in the Speed Booster cache configuration. * Improved memcached/redis cache bins configuration. * The o_contrib modules now symlinked also in custom platforms. * Boost directories created automatically also in custom platforms. * Improved web server self-healing monitor. * PHP notices no longer displayed for dev subdomains, only errors. * Many improvements in the Nginx configuration - now it's faster. * Permissions on uploaded modules, themes and files are now automatically fixed every morning to help with post-import issues. * Almost all 6.x platforms now come with performance related modules already enabled and configured on site install by default. * Nginx config - now doesn't use php-fpm to serve fckeditor files. * Introduced possibility to add upgrade-safe custom Nginx rewrite rules to support transparent migration of legacy URLs/content. * Aegir Hostmaster control panel received extra caching and speed. * Better support for securepages 1.9 with forced secure cookies. * Better support for dynamically created base_url for http/https. * Too generic D7 profile names replaced with unique Drupal 7 names. * A few new commands have been added to your Aegir Drush Shell (SSH). * You can use git to manage the code and rsync to manage backups. * Useful new commands from Drush v.4 are now available. * Now it is possible to delete old sites backups created in Aegir. * You can access Aegir backups also via SSH or SFTP/FTPS. * You can cancel queued task in Aegir before it is started. * The "dev" anywhere in the subdomain enables all PHP errors. * You can use "dev" type alias for live site for easier debugging. * Added support for imagecache_external module. * It is possible to safely delete any not used platforms on request. * Access to static files allowed only for currently used domain. * Added crossdomain.xml in the root of every new platform. * New rewrite introduced to map /files to /sites/domain/files, /images to /sites/domain/files/images and /downloads to /sites/domain/files/downloads. * The standard /update.php works again, however using "drush dbup" command is recommended. * The "drush mup" command allows now to upgrade contributed modules. ---------------------------------------- # Fixes since January 2011 ---------------------------------------- * Auto-healing no longer starts concurrent servers when InnoDB start takes more time on servers with big or many databases. * Hostname is no longer reverted to default on Linode and similar. * Barracuda supports now both old and new Mailx behavior. * All platforms paths and symlinks include core version numbers. * Fixed some memory issues with Virtuozzo family systems. * Fixed issue with broken site when non-lowercase domain was used on Migrate or Clone task. * Fixed upgrade path for Drupal 5 * Fixed double slash in the images paths issue in the Pressflow core. * Speed Booster cookies shouldn't be sent for imagecache/styles and AdvAgg module dynamic requests. * Speed Booster shouldn't cache imagecache/styles and AdvAgg module dynamic requests on the Nginx level. * Nginx upgrade to 1.0.0 fixes known issue with random but very high CPU load on Nginx server configuration reload/restart. * Fix for critical bug causing sessions issues on older sites without $cookie_domain set in settings.php when speed booster is enabled. * The session.cookie_secure is no longer forced in D6 platforms. * Security issue #1098304 - domain aliases were not sanitized. * Nginx config - proper fix for broken wysiwyg pop-ups. * Fixed issue with Nginx configuration for private files access. * The authorize.php added to allowed php files - required in D7. * Known issue with paths to files not rewritten is now fixed. * Known issue with sites cron semaphore in Aegir now resolved. * Known issue with PHP notices breaking some Aegir tasks resolved. * Fixed web server rewrites to support "ad" module. * Fixed Aegir issue with .info and .pl domains extensions. * Drush make via SSH now works as expected. * Fixed Nginx issue with /system/ paths and static files or images. * Fixed issue with broken site when non-lowercase domain was used. ---------------------------------------- # Other changes ---------------------------------------- * Forced public downloads for all 6.x platforms, except of ubercart. * Boost crawler option is now denied for performance reasons. * Forced log-out on browser quit only for Aegir control panel. ### Project and issue queue moved to Drupal.org ### Date: Sat, 7 May 2011 14:00:00 +0200 ### http://drupal.org/project/barracuda ### http://drupal.org/project/octopus ### Stable Edition 1.0-boa-T-8.5 ### Date: Tue, 3 May 2011 14:30:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.4 ### Date: Sun, 1 May 2011 23:30:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.3 ### Date: Sat, 30 Apr 2011 20:15:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.2 ### Date: Tue, 26 Apr 2011 21:45:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.1 ### Date: Wed, 20 Apr 2011 19:30:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8 ### Date: Mon, 18 Apr 2011 20:15:00 +0200 ### Installs Aegir stable 1.0 ### Stable Edition 1.0-boa-T-5 ### Date: Fri, 8 Apr 2011 19:15:00 +0200 ### Installs Aegir working HEAD after 1.0-rc6 ### Stable Edition 1.0-boa-T-2 ### Date: Wed, 6 Apr 2011 01:34:40 +0200 ### Installs Aegir working HEAD before 1.0-rc3 ### Stable Edition 1.0-boa-T ### Date: Mon, 14 Mar 2011 02:43:15 +0100 ### Stable Edition 0.4-boa-C ### Date: Thu, 10 Feb 2011 04:41:57 +0100 ### For changes/improvements between 2010-09-24 and 2010-12-31 please see comments in the commits history. ### ### Thu, 2010-09-23 17:30 - Edition 0.4-HEAD-A14.B Added/Fixed: (upgrade for all pre-A14.A required) 1. Introducing default SSL Wildcard Nginx Proxy. Works for all sites/hostmaster instances on the same server and can be used also for encrypted connections to Chive and Collectd. Doesn't interfere even with SSL enabled sites on the same IP (with separate certs). 2. The redirects are now back and enhanced. Fully compatible with Nginx in any combination with aliases and SSL settings/modes. 3. Barracuda and Octopus by default installs still Aegir HEAD, but the latest alpha14 also works. 4. Octopus can define its separate IP address if available. 5. Fixed issue with too aggressive Hot Sauce check, causing creating not shared copies of code for platforms on every install or upgrade. 6. Barracuda and Octopus now allows to skip DNS test, to make it possible to install on any virtualbox with dynamic DNS/IP etc. There is no guarantee it will work, but another switch is now available, if someone needs it. 7. Octopus can now turn off local Memcache and Redis caches and switch all sites to use defined remote caches. 8. Forced /etc/apt/sources.list rewrite also before the Barracuda system upgrade. 9. Fix for the already installed and possibly broken git-core. 10. Fix for Aegir sites with .info domains, the path alias should now work without 403 error. ### Fri, 2010-09-17 11:00 - Edition 0.4-HEAD-A14.A Added/Fixed: (upgrade required) 1. Barracuda and Octopus by default installs now Aegir HEAD to use the fix for critical issue on sites import. It will be included in alpha14, please don't use alpha13. 2. Debian Lenny on 32bit systems works again. Fix for broken git-core after upgrade to version: 1:1.5.6.5-3+lenny3.1 on Lenny 32bit. 3. Fix and better inline warnings/info about missing locales at Linode and RackSpaceCloud. 4. More details in the installer log for better debugging and version tracking. 5. E-mail address for alerts on database repair started by auto-healing now correctly replaced. 6. Redis for Lenny now built from sources due to apt version moved already to Squeeze. 7. Critical bugfix for failed platforms install when hostmaster is not upgraded. 8. Introducing simple edition archive: http://omega8.cc/dev/bo-a14a.tar.gz 9. Octopus now better supports using newer shared code for platforms and introduces new setting: _HOT_SAUCE to allow forced fresh/hot code. ### Tue, 2010-09-12 21:50 - Edition 0.4-HEAD-A13.A Added/Fixed: (upgrade recommended) 1. Octopus now creates SSH/FTPS separate, non-aegir account for every Aegir Satellite Instance, with limited shell to avoid using commands like "drush up" since they should never be used on sites managed in the Aegir system. 2. Octopus now by default sends a welcome email with some useful intro information and access details to the address defined as _CLIENT_EMAIL. 3. When Octopus is used the first time to create an Aegir Satellite Instance, it doesn't allow to skip installing all platforms, since it is recommended to add all available platforms with initial install, for easier re-using the code by next Aegir Satellite Instances. 4. The second and all future non-core Hostmaster installs allow to choose one or more platforms or to skip adding platforms at all. 5. Octopus by default honors initial domain used for the Aegir Satellite Instance on every upgrade to avoid mistakes with using different copies of the script for different Aegir Satellite Instances upgrades. 6. Also Barracuda will always honor initial domain used for the core Hostmaster to avoid mistakes on upgrade when you don't use the original version of the script. 7. Better checks if the script is running as root. 8. Removed memcache module since cache is used. 9. SMTP connection test is now optional. 10. Nginx version set to 0.8.50. 11. By default Aegir 0.4-HEAD instead of alpha13 is now installed to fix critical issues with importing sites. See also: http://drupal.org/node/907248 12. Solr and Chive are now optional (Yes/no). 13. Added optional install of Collectd monitor. 14. Fixed issue with SSL mode. 15. Better compatibility for upgrades from pre-Barracuda Nginx installs. 16. Now it doesn't start cron before completing all install tasks to avoid breaking spinner. 17. Both Barracuda and Octopus now can better support re-starting stopped install/upgrade. 18. Octopus now refuses to run if defined domain doesn't resolve yet to the server IP address. 19. Octopus now refuses to run on system not created initially by Barracuda installer. 20. Custom FQDN hostname is now forced (if defined) in Barracuda before running DNS checks. 21. Fix for some missing mime types in vanilla Nginx. 22. Updated versions of Open Atrium, Drupal Commons and Cocomore Drupal distros installed by Octopus. 23. Lowered memory defaults in the MariaDB configuration. ### Tue, 2010-08-31 23:50 - Edition 0.4-HEAD-A12.D Added/Fixed: (upgrade recommended because it works!) 1. Upgrade of Aegir Master Instance by Barracuda and upgrade of Aegir Satellite Instances by Octopus finally works as expected. 2. It is now possible to use Barracuda to install environment and Aegir Master Instance, to upgrade only environment, to upgrade only Aegir Master Instance, or both at the same time. 3. Octopus now can separately install and/or upgrade any Aegir Satellite Instance or any platform on any instance, separately, using detailed prompt with version numbers and links to distributions home pages. 4. New platform Cocomore Drupal added in Octopus: http://drupal.cocomore.com ### Sat, 2010-08-28 20:15 - Edition 0.4-HEAD-A12.C Added/Fixed: (upgrade recommended) 1. By default Aegir 0.4-HEAD with Drush 3.3 is now installed to fix critical issues with importing sites. The fix is also available as a patch for alpha12: http://drupal.org/node/882970#comment-3382542 2. Both Barracuda and Octopus now allow to choose if the Aegir Hostmaster will be upgraded or not. 3. Added versions numbers and links to all platforms Yes/no prompts. 4. /tmp directory no longer used to avoid problems due to secure noexec mount. 5. Improved readme and docs (in progress). 6. Removed old, no longer supported installer. ### Fri, 2010-08-27 04:15 - Edition 0.4-alpha12-A12.B Added/Fixed: (upgrade optional) 1. Octopus now allows to install or upgrade only Aegir Satellite Instance without any platforms added. 2. Enabled again early exit on the first error to avoid confusing cascade of errors if something went wrong. 3. Both Barracuda and Octopus runs now faster. ### Thu, 2010-08-26 19:30 - Edition 0.4-alpha12-A12.A Added/Fixed: (upgrade from previous versions recommended) 1. Barracuda now includes multicore Apache Solr Search, Redis and Memcache. 2. Barracuda now can upgrade packages selectively. Just run it again to upgrade the system and the Aegir Master Instance. 3. Octopus can create many Aegir Satellite Instances on the same server, each with different set of platforms, but with ability to share the code between instances, so you can use this system even on the low end VPS. 4. Chive database manager added by default with db. subdomain (may require dns entry or wildcard). ### Thu, 2010-08-26 08:55 - Edition 0.4-alpha12-A12.A Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-alpha12 with Drush 3.3 is now installed. 2. Introduced new Octopus and Barracuda installers. See README.txt for more information. Both are in pre-alpha debugging phase. 3. All installers code and helpers now hosted on GitHub. ### Thu, 2010-08-18 21:30 - Edition 0.4-HEAD-A11.B Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-HEAD with Drush 3.3 is now installed. 2. Introduced support for Virtuozzo/OpenVZ IP address automatic discovery. ### Thu, 2010-08-12 22:15 - Edition 0.4-alpha11-A11.A Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-alpha11 with Drush 3.3 is now installed. 2. PHP-FPM version is now 5.2.14. 3. Improved UX - only interesting status messages are now displayed. 4. Hostmaster root directory now properly named using Aegir version: '-0.4-alpha11' or '-HEAD'. ### Thu, 2010-08-12 06:10 - Edition 0.4-alpha10-A10.A Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-alpha10 with Drush 3.3 is now installed. 2. Nginx version is now 0.8.49, MariaDB is 5.1.49 and Drupal is 6.19. 3. Fixed freezing request on the first /admin hit. 4. Better tuned Nginx, PHP-FPM and MariaDB settings. 5. Various small improvements in the code. ### Thu, 2010-08-07 06:10 - Edition 0.4-alpha9-A9.F Added/Fixed: (upgrade of existing installs not required) 1. By default latest HEAD from git.aegirproject.org is now installed, due to critical bug found, see this for details: http://drupal.org/node/874716 The default install will be reverted to 0.4-alpha10 when it will be released. You can use 0.4-alpha9 with caution (just don't use remote servers new feature to stay safe). 2. Fixed problem with setting up FQDN hostname on Linode based servers. The fix can help also with other providers probably. 3. Installer now writes date and version used in file: /var/aegir/config/includes/installer_version.txt ### Thu, 2010-08-05 22:00 Added/Fixed: (upgrade of existing installs not required) 1. Fixed critical problem with Drush broken due to change of URL to the required php library: http://drupal.org/node/875196 2. Aegir version is now configurable. By default latest 0.4-alpha9 will be installed, but it is also possible to install latest HEAD from git.aegirproject.org. 3. Aegir front-end (sub)domain is now configurable and can be different than machine FQDN hostname. 4. Machine FQDN hostname and IP is now configurable. 5. Nginx version updated to 0.8.48. 6. Fixed progress spinner on Ubuntu. 7. Fixed problem with automatic ionCube loader discovery of required version 32/64 bit. ### Mon, 2010-08-02 01:08 Added/Fixed: 1. Added automatic, full support for Ubuntu Lucid and Karmic. 2. If there is no FQDN hostname, we are trying to set it using reverse IP hostname, if exists. 3. Now we are trying both `uname -n` and `hostname -f` to make sure if the FQDN hostname is already set, but not available with `uname -n` test. 4. Added support for ionCube Loader with automatic discovery of required version 32/64 bit. ### Sat, 2010-07-31 18:00 Added/Fixed: 1. Simplified installer by removing unnecessary duplicate prompts in the original embedded install script. 2. Check for SMTP outgoing port 25 now fully automated. 3. Even more fun added :) ### Fri, 2010-07-30 19:00 Added/Removed: 1. New all-in-one installer for Debian 5.0 Lenny Aegir 0.4-alpha9 compatible. 2. Removed deprecated scripts & how-to. ### Sat, 2010-02-06 23:55 Added/Fixed: 1. Missing --with-libevent=shared added in php-fpm-install.txt http://github.com/omega8cc/boa/issues/#issue/2 2. Debian specific stuff added in php-fpm-install.txt to allow easy install on vanilla vps. 3. Xcache replaced with APC and Memcache install added. ### Wed, 2010-02-03 06:37 Added/Fixed: 1. mkdir for required cache dirs added in nginx-install.txt http://github.com/omega8cc/boa/issues#issue/1 ### Fri, 2010-01-29 06:37 Added/Fixed: 1. FCKeditor/CKEditor fix for .xml files. 2. Security: deny direct access to backup_migrate directory. ### Mon, 2010-01-11 01:46 1. Added custom fix required only when using purl, spaces & og for modules: ajax_comments, watcher and fasttoggle. 2. Simplified rewrite rules for location @drupal resolves also some problems with imagecache. 3. Changed order of try_files for Boost to match newer version of dirs structure first. ### Tue, 2009-12-01 16:19 Added/Fixed: 1. Latest Boost compatibility for /cache/normal & /cache/perm. 2. Json cache for Boost added. 3. Fix for xml/feed Boost cache files with .html extension. 4. Fix for xml/feed Boost cache correct mime type.