= 5.9.5 (RightLink 5.9 release candidate 3) Released 2013-11-27 == Bug Fixes * Added ruby as a package dependency. * Removed unnecessary warning about rightscale user during package install. * Fixed regression in patching mechanism. = 5.9.4 (RightLink 5.9 release candidate 2) Released 2013-11-20 == Changes to Existing Functionality * Revert rs_tag query TAG_LIST param to split tags by space. No spaces allowed in a tag. == Bug Fixes * Redundant rs_state output when executed. * Fix RightLink failure to run RightScripts that contain a single or double quote. = 5.9.3 (RightLink 5.9 release candidate 1) Released 2013-10-17 == New Features * rs_state utility that lets users interrogate the run-state (rs_state --type run) or agent state (rs_state --type agent) == Changes to Existing Functionality * RightLink changes the audit summary when waiting for missing inputs on boot. It also strands if inputs are still missing after 45 minutes. ("Missing" means inputs that are set to a value that cannot yet be computed, such as the IP address of a non-running server.) * RS_DECOM_REASON is not populated anymore * The cloud-support package for Rackspace Classic cloud suffixed as "rackspace-first-gen" has been removed. * The cloud-support package for Rackspace OpenCloud is suffixed with "rackspace". == Bug Fixes * RightLink sets correct permissions on users' home directories (using OS defaults) for users that have been created on login. * RightLink CLI tools will no longer crash when executed without arguments. * RightLink will no longer give a warning about missing tty name when boot scripts complete. = 5.9.2 (RightLink 5.9 beta 3) Released 2013-09-06. == New Features * RightLink's log level can now be controlled by a tag, "rs_agent_dev:log_level". The rs_log_level command is now an interface for getting or setting this tag. * The log-level tag and command no longer apply to the RightLink agent, only to Chef and RightScript execution. To set the RightLink agent's log level explicitly, use the "--agent" option of rs_log_level. * When running on a RedHat-derived distro, RightLink installs public keys for EPEL signed packages at boot. == Changes to Existing Functionality * When installing RightLink, the recommended technique is to install _only_ the appropriate cloud-support package for the cloud in which RightLink will run. The other RightLink packages will be installed as dependencies. For instance, to install RightLink on an EC2 instance: apt-get install rightlink-cloud-ec2 * The cloud-support packages for Rackspace clouds have been renamed to avoid confusion. The package for Rackspace Classic is suffixed with "rackspace-first-gen". The support package for Rackspace OpenCloud is suffixed with "rackspace-open-cloud". == Bug Fixes * RightLink now looks in the proper directory (/var/spool/rackspace) for cloud-injected userdata when running on Rackspace OpenCloud. * RightLink now requires a modern version of sudo (we rely on the #includedir directive) * Included SUSE vendor-support tags in our rpmspec to prevent warnings from zypper * RightLink DEBs are now signed * Init scripts have more accurate LSB metadata, preventing warnings from init-updaters = 5.9.1 (RightLink 5.9 beta 2) Released 2013-08-07. == New Features * Rebooting the machine with "rs_shutdown --reboot" will now use OS' facility for rebooting the machine rather than invoking the cloud's API to reboot. This works around VM state loss when the hypervisor/image isn't properly generating/handling ACPI restart events. == Changes to Existing Functionality * Add AMQP connection lifecycle callbacks to ensure that the instance recovers from from AMQP connection failures much more rapidly. * Assign random password to users that are created during SSH login, ensuring that the RightLink agent can reliably lock and unlock their accounts when role evolution occurs. == Bug Fixes * Repository freezing under CentOS 6 uses the proper public key file name, instead of hardcoding "/RPM-GPG-KEY-CentOS-5" = 5.9.0 (RightLink 5.9 beta 1) Released 2013-07-13. == New Features * The RS_DECOM_REASON environment variable is set during decommission script/recipe execution to indicate the reason why decommission is running. This variable will have one of the following values: 'reboot', 'stop', 'terminate' or 'unknown'. The value will be 'reboot', 'stop' or 'terminate' when decommissioning through the RightScale dashboard or when using the rs_shutdown command. The 'unknown' value may be seen when the rightlink service is decommissioned (not stopped) from the console or else the instance is shutdown or rebooted without using the rs_shutdown command. * RightLink is distributed as a modular "tree" of packages, making it easy to install just what you need * Improved package hygiene, e.g. clean uninstall and minimal post-install filesystem tampering * Ability to distinguish between sudo (server_login + server_superuser) and normal (server_login) users * Cookbook contents are cached on the instance, significantly improving reconverge speed == Changes to Existing Functionality * Disable users' accounts if they lose login privileges, in addition to removing trust in their key * Respect /etc/sudoers.d when configuring sudo * Minimize sudo privileges of rightscale user * Freeze RubyGems by editing the systemwide RubyGems config file (/etc/gemrc) rather than modifying root's (~root/.gemrc). This helps ensure more consistent RubyGems behavior across multiple users and Ruby versions. * Support frozen repositories for Ubuntu 12.04-12.10 (precise, quantal) * Update sandbox Ruby to 1.8.7p371 * Remove OpenSSL from the sandbox; link against system OpenSSL to inherit OS security patches * Remove monit from the sandbox (RightLink no longer relies on it) * PowerShell/Chef process spawning has been improved under Windows == Bug Fixes * pty ownership is assigned correct to enable screen/tmux sessions as "rightscale@" * Chef "script" resource now honors the user, group and umask attributes * Chef "right_link_tag" resource no longer crashes on "load" action * Exit codes for rs_run_recipe and rs_run_right_script accurately reflect failure/success * rs_run_right_script can deal with parameters that contain "=" * Network failures during cookbook/attachment download are handled gracefully * MOTD no longer refers to obsolete files * Output of "rs_tag --help" has been improved * AMQP broker reconnect reliability improved for certain corner cases * SuSE metadata query on CloudStack has been fixed = 5.8.13 (General Availability release in conjunction with ServerTemplates v13.4) == New Features === Cloud Support == Bug Fixes * Hardened metadata retrieval for Windows on Openstack to overcome DHCP-lease race conditions = 5.8.12 (Limited-availability release) == New Features === Cloud Support * Rackspace Open Cloud == Bug Fixes * Managed login always displays MOTD, works with older versions of sudo, * Cookbook download is more reliable in fail-and-retry scenarios = 5.8.8 (General Availability release in conjunction with ServerTemplates v12.11 LTS) == New Features === Cloud Support * Google Compute Engine * Windows Azure * SoftLayer === Security and Compliance * Compliance with the Linux Filesystem Hierarchy Standard (FHS) helps RightLink coexist with host-based IDS * See INSTALL.rdoc for more information on filesystem paths * Managed login requires users to login with to their own limited-privilege account, and to execute privileged commands using "sudo" * Some features of RightLink can be disabled prior to package install, to facilitate custom image builds for high-security deployment environments * For more information, refer to http://bit.ly/IftBeq or to RightLink's INSTALL.rdoc === Automation * Concurrent recipe/script execution is supported; see the --thread option of rs_run_recipe and rs_run_right_script. * Non-error audit output can be suppressed for recipes/scripts that run very frequently; see the --policy and --audit-period options of rs_run_recipe and rs_run_right_script * Tag queries accept a timeout option -- both via the rs_tag command-line tool, and the ServerCollection resource * The agent queries its own tags before running a sequence of scripts or recipes, helping to ensure that tag-based decisions are made using fresh state. The result of the tag query is audited, to enhance transparency and facilitate debugging. === Chef * Chef 0.10.10 * An rs_ohai command is available to invoke Ohai from the command line with all of the RightScale plugins and enhancements. * RightLink features "development mode" for cookbooks, wherein the instance directly checks out cookbooks from their associated Git/Subversion repository and converges using the contents of the repo. Users can edit recipes between runs, and even commit and push their changes upstream after everything is working. * Enable this for selected cookbooks by applying a tag to the server that lists comma-separated dev cookbook names * e.g. rs_agent_dev:dev_cookbooks=cb_1,cb_2,cb_3,... * For more information on cookbook development, refer to http://bit.ly/HHcVhs * Most commands invoked by Ohai/Chef are logged with DEBUG severity for easier debugging of troublesome providers/recipes. To change the RightLink log, use the rs_log_level command. == Miscellaneous * The rs_agent_dev:log_level tag now allows you to specify any level (not just debug). Other agent-dev tags no longer force debug log level. The log level can be changed by other utilities, e.g. the rs_log_level command, even if it has been initially set by the tag. The chef process will re-query it's tags prior to convergence and the rs_log_level tag will take precedence in this case. == Bug Fixes * The command-line tools now report a meaningful version number (currently 0.3) and will continue to do so with future RightLink releases * Instances will strand if they fail to install any package required by boot scripts * HTTP metadata fetching is more tolerant of server errors; its output is far less verbose * The UI's ordering of cookbook repositories is preserved at runtime, for cookbooks that are defined in multiple repos * Extraneous Ohai debug output has been squelched from audits and logs * RightLink agent startup and shutdown is more reliable under Linux