main.adoc

Change logs for Rudder 6.0

Rudder 6.0 is currently a development version of Rudder.

This page provides a summary of changes for each version. Previous beta and rc versions are listed below for convenience.

What’s new?

A lot! More than a year after 5.0 and the creation of the plugin ecosystem, Rudder 6.0 improves core components, and sets the basis for future exciting features. Changes happened at all levels, from the communication protocol between nodes and server to major UI improvements. Major features will get detailed announcements on our blog.

Note	Some of these are still not totally documented, but stay tuned, we are working on it for the next beta!

Security features - plugins

• CIS policy pack: Allows to apply pre-made CIS policies using Rudder

• CVE management: Reports CVEs affecting installed packages

• OpenSCAP: Run OpenSCAP audits and collect and expose them in the web interface

Polishing the web interface

• Generalization of notifications: success popups have been replaced by self-disappearing notifications

• Nicer tables (in technical logs, inventory details, etc.), and various style improvements

• You can now explore the whole history of event logs, instead of being limited to 500 events! Thanks to server side pagination, loading only elements you are currently looking to. This opens to pagination of other tables in Rudder Web application, like changes or compliance reports

Policy design: Technique resources and a big UI/UX rework

• The technique editor received a lot of attention, with major productivity and usability improvements.

• Techniques built with the technique editor can now include files (typically configuration file templates), called technique resources. They are managed and viewable directly from the web interface. This will allow storing everything in one place, and avoid copying them manually from the shared-files. (This may also be a first step for future technique packages).

• The editor itself has been revamped, you now have foldable left and right menus, the ability to edit several methods at the same time, and much more!

New reporting protocol

• Rudder 6.0 introduces a new protocol for reporting, that will eventually replace syslog. It uses HTTPS for transport, and all reports are signed by the agent and validated by the server before inserting them into the database.

• Syslog stays the default for now, and the HTTPS reporting does not support "changes-only" reporting mode for now.

• The new protocol also allows getting much more information about the state of the node and what happened with additionnal logs, particularly about what has been changed, what is not compliant, or why changes could not be made. This will continue improving in minor releases.

Security

Besides the security improvements made possible by the new reporting protocol, we also worked on other security features:

• All nodes now have proper certificates, and the webapp provides an API to manage them.

• All client-server communications are now made inside TLS1.2+ (except for syslog reporting).

• It is now possible to configure your own server certificates (based on an existing PKI) to allow verifying the certificates of the policy server when seding inventories or reports.

• We improved our services with finer privilege separation, and for the new relayd component, SELinux and namespace/seccomp sandboxing profiles.

User experience improvements

• After first installation, the Rudder root server will initialize everything by itself. No need to execute an initialization script anymore (i.e. 👋 rudder-init)

• The server packages have been merged into one: everything (except for rudder-reports which can be installed on a separate database server) is part of rudder-webapp. This is clearer, and will fix several bugs that were due to the non-atomic upgrade.

• The /opt/rudder/bin/rudder-pkg command, used to manage plugins in 5.0, is replaced by a new rudder package subcommand, that now supports downloading plugins directly from our servers.

• All Rudder services are now systemd units (except the agent on non-systemd systems, of course!).

• It is now possible to execute only a specific directive on a node (with rudder directive list|run commands), to quicken and ease debugging of a particular policy.

• Agent trigger from the server, that was previously only available from the API, is now directly accessible from node details. If the port is open on the node, your can trigger is and the live agent output in the web interface.

Internals

• Initial policies are now downloaded from the server. This will avoid compatibility issues, and will allow future customization of initial policies.

• The new reporting protocol required to develop a new server component. Instead of existending the existing relay-api (written in Python), we decided to replace it by a new component written in Rust, that will handle relay features (called rudder-relayd), currently the relay api for remote agent trigger and file sharing between nodes, plus reports and inventory forwarding to root server.

• Rudder’s core is written in Scala since the beginning, and continues to evolve. We have moved to ZIO for error management and concurrency, learn more in the talk given at scala.io.

Installing, upgrading and testing

Warning

Rudder 6.0 is still in development and only provided for testing purposes, you should NOT install it on productions machines.

Note	If you are upgrading an existing server, carefully read the upgrade notes before.

• Install docs:

  • Debian/Ubuntu

  • RHEL/centOS

  • SLES

• Upgrade docs

• Download links

We also recommend using the Rudder Vagrant config if you want a quick and easy way to get an installation for testing.

Supported operating systems

This version provides packages for these operating systems:

• Rudder server and Rudder relay: Debian 9-10, RHEL/CentOS 7-8 (64 bits), SLES 12-15, Ubuntu 16.04 LTS-18.04 LTS

• Rudder agent: all of the above plus Debian 8, RHEL/CentOS 6, Ubuntu 14.04 LTS

• Rudder agent (binary packages available with a subscription) : Debian 5-7, RHEL/CentOS 3-5, SLES 10-11, Ubuntu 10.04 LTS-12.04 LTS-13.04-15.10, Windows Server 2008R2-2016, AIX 5-6-7, Slackware 14

Read more about supported operating systems in the documentation. == Rudder 6.0.0.beta1 (2019-11-04)

Changes

Packaging

• Cleanup rudder-upgrade (#15875)

• Cleanup roles in packaging (#15829)

• Add trace parameters to make calls during build (#15729)

• Increase default password size for db passwords (#15683)

• Cleanup packages postinstall (#15388)

• Cleanup webapp postinstall (#15379)

• Cleanup rudder-init (#15338)

• Merge rudder-ldap with rudder-webapp (#14989)

• Remove maven dependency at package time (#14973)

• Remove automatic provides generation from rpm packages (#14982)

• change rudder-webapp to be arch dependant (#14950)

• Deduplicate cfengine binaries (#14872)

• Not all ncf source should be included in rudder-webapp (#14913)

• Move away from python 2 to python 3 (#14881)

• Remove cf-monitord to save space (#14837)

• Cleanup rudder agent postinst (#14836)

• Beautify pg_hba.conf (#14780)

• Remove initial promises from rudder agent package (#14182)

• Remove initial promises from rudder agent package (#14182)

• Remove jdk installation on debian8 builder (#14761)

• Cleanup rudder-packages (#14749)

• Declare rpm dependencies is SPECS directory (#14711)

• Upgrade FusionInventory to 2.4.3 (#14424)

• Try faster builds with parallel make (#14108)

• Rename rudder-inventory-ldap to rudder-ldap (#14071)

• Move rudder-jetty service to a systemd unit (#14021)

• Upgrade embedded openldap to 2.4.47 (#14016)

• Move rudder-slapd to a systemd unit (#14006)

• Update rudder packages to match modern packaging recommendation (#14001)

• Merge packages into one (#13852)

• There are some remaining rudder-agent-thin references in packaging (#13980)

• Confine relayd with SELinux (#15500)

• Disable lto for relayd release builds (#15909)

• Cache relayd builds (#15880)

• Add hardening config in relayd systemd unit (#15521)

• Remove relayd tests from qa-test (#15254)

• Add shellcheck linting to shell scripts in the rudder repo (#14685)

• Remove local doc build when installing ncf (#14990)

• package modules must autodetect python version (#14912)

Miscellaneous

• Cleanup rudder-webapp install scripts (#15677)

Support info script

• Detect any .rpmnew files in rudder-support-info (#10512)

• Add a check for refusal message in syslog (#8567)

• Test agent runtime for runs > 5min (#8596)

• Only check recent failed inventories on the server (#8582)

• Low free space on disk should be a warning and not an error (#8579)

Agent

• Remove our patch that send agent errors to stderr (#14863)

• Add autocompletion to rudder-pkg (#15502)

• Make certificate verification in HTTP calls configurable (#15513)

• Fix command used to reload relay config (#15940)

• Improve rudder remote run command (#15816)

• Execute a single directive on the agent (#15223)

• Execute a single directive on the agent (#15223)

• Add a command to show agent auth info (#8552)

• Add rudder relay commands (#15330)

• Main rudder agent command should bootstrap if promises are empty (#15299)

• We should stop rudder agent check if the agent is disabled (#15300)

• Replace cfengine bootstrap by rudder bootstrap (#15266)

• Use rudder agent check at postinst and factory reset to avoid duplicating code (#14833)

• Clean up rudder agent check (#14831)

• Remove deprecated agent-reinit command (#14063)

Documentation

• Add a link to the backup doc at the beginning of upgrade procedure (#16073)

• Improve generic method docs (#16034)

• Add rudder-pkg notes to the 6.0 rudder doc (#15950)

• Document that 6.0 upgrade is only possible from 5.0 (#15972)

• Add relay API to doc menu (#15889)

• Adapt doc for 6.0 (#15845)

• Update doc for 5.1 (#15452)

• Add upgrade note about the change of behaviour of condition_from_command starting 5.1 (#15193)

• Add the security vulnerability reporting policy to the rudder repo (#15026)

• Add a contribution guide to the Rudder repo (#14878)

• Improve Rudder README in the repo (#14283)

• Remove ncf.io site (#16067)

Relay server or API

• Improve relayd tests (#16066)

• Enable backtrace in relayd (#16063)

• Don’t fail on nodeslist or certificate file absence (#15992)

• Simplify error type definitions (#15949)

• Refector api code in relayd (#15883)

• Improve status API (#15866)

• Remove avoidable dependencies (#15664)

• Update structopt (#15610)

• Add inventory forwarding on relays in relayd (#15497)

• Split API tests and fix tracing depency versions (#15489)

• Move rudder-pkg to rudder repo (#14943)

• Forward reports to upper relays in relayd (#15435)

• Make the remote run agent parameters configurable (#15196)

• Make the remote run agent parameters configurable (#15196)

• Implementing agents effectively in remote-run API (#15056)

• Implementing agents effectively in remote-run API (#15056)

• Split logging configuration (#15077)

Web - UI & UX

• Show log information next to reports and full compliance report (#15713)

• Add technique ID in UI (#15672)

• Display key info in node details (#15358)

• Change introduction and description fields look in Rudder web interface (#15587)

• Add a Button to trigger an agent run through the UI (#14647)

Web - Config management

• Add search/pagination to eventlogs UI (#15148)

• Add managed/technique private files for technique editor (#14657)

• Add managed/technique private files for technique editor (#14657)

Web - Nodes & inventories

• Merge inventory endpoint and rudder webapps (#15752)

Architecture - Refactoring

• Keep directive and rule name in Policy data structure (#15255)

• Correct scala compilation warnings (#15574)

• Clean-up cfengine enterprise code in webapp (#15257)

• Use ZIO for effect management in Rudder (#14870)

• Change Scala project structure so that parent-pom is a real parent project (#14359)

API

• Updating Apache’s reverse proxy configuration to handle HTTPS requests on remote-run API (#15536)

• Deprecate API up to 10 (#15353)

• Migrate ncf write technique api to Rudder (#15134)

System integration

• List all plugin in plugin status page (#15556)

Plugins integration

• Display warning when plugin license is near expiration date (#15568)

• Take care of number of nodes in plugin license check (#15275)

Architecture - Dependencies

• Update silencer plugin to version 1.4 (#15302)

• Upgrade to ZIO rc5 (#15040)

• Upgrade to Doobie .0.6.0 and related dependencies (#14598)

Performance and scalability

• Don’t archive reports anymore on Rudder 5.1 (#14862)

Web - Compliance & node report

• Remove red button code from rudder (#14054)

System techniques

• Remove ununsed nodeslist.json in /opt/rudder/etc (#16015)

• Cleanup roles in system techniques (#15757)

• Use ncf abort handler when agent is disable (#15160)

• Remove nova-specific cron job from system techniques (#15258)

• Remove unencrypted body files (#14353)

• Remove ncf.conf usage (#14193)

• Abort when running 5.1 policies on old agent (#14135)

• Remove rudder-lib from techniques (#14124)

• Cleanup reporting from rudder-techniques (#13999)

• Cleanup rudder promises generated (#13992)

• Remove template in system techniques (#13983)

• Remove minicurl references in rudder techniques (#13973)

• Replave the NOVA system variable with a simple condition (#13979)

• Remove ncf.conf (#14191)

• Remove ncf.conf (#14191)

Techniques

• Remove license header in techniques (#15704)

• Add the User techniques category to the technique packaging (#15380)

• Migrate rudder_common_classes bundle to classes_generic (#14993)

• Cleanup old OS classes in techniques (#14874)

• Deprecated techniques before 5.1 (#13988)

• Remove technique tools in Rudder 5.1 (#13974)

• Remove windows reference in rudder techniques (#13971)

• Drop support of the module check_zypper_version (#13976)

• Remove deprecated techniques un 5.1 (#13972)

Security

• Force TLS1.2 communication between agent and server (#14786)

Technique editor - UI/UX

• Replace "Technique restored from current session" message by notification (#16023)

• Make it possible to edit several methods in parallel (#15145)

• Improve parameters' UI in Technique editor (#15136)

• Make a new Technique Editor interface (#15336)

Generic methods

• Synchronize package modules from masterfiles (#14915)

• Remove 60_services and dispatcher from ncf (#14192)

• Split ncf_lib like cfengine lib (#14128)

• Split ncf_lib like cfengine lib (#14128)

• Move stuff from rudder-lib into ncf (#14125)

• Move generic stuff from techniques into ncf (#14000)

• Remove windows reference in ncf (#13970)

Bug fixes

Packaging

• Fixed: Packaging files for rudder-api-client in 5.0 are not correct (#16057)

• Fixed: Remove debug pprint from rudder-pkg (#15985)

• Fixed: Unwanted systemctl output in rudder-reports postinst (#15979)

• Fixed: rudder-api-client should not depend of python2 on redhat8 (#15936)

• Fixed: cache may ignore some change within dependencies patches (#15881)

• Fixed: Missing python build dependencies for rudder-api-client on debian builds (#15922)

• Fixed: build-caching cache the same thing twice (#15911)

• Fixed: ldap build should not use --debug (#15879)

• Fixed: curl doesnt fail on 404 during packaging (#15865)

• Fixed: Remove rudder-api-client/SOURCES/Makefile in 6.0 (#15861)

• Fixed: /var/rudder/reports/failed is not created at install (#15825)

• Fixed: inventory-web.properties is list as conf file but we removed it (#15805)

• Fixed: Wrong path for inventory.schema in Makefile (#15803)

• Fixed: Apache modules needed by rudder-webapp are listed in a file which is not included in the apache conf file (#15753)

• Fixed: packages fail to build on rpm (#15726)

• Fixed: Wrong python version used in rudder-server-relay build (#15720)

• Fixed: server 5.1 take too long to install (#15721)

• Fixed: rudder-api-client packaging fails to execute make clean (#15716)

• Fixed: Rudder api client expect python3 which is not available by default on rhel7 (#15711)

• Fixed: rudder-api-client fails to build on rpm (#15709)

• Fixed: Missing build dependencies on rpm based distros for rudder-api-client (#15701)

• Fixed: rudder-init does duplicate things with postinst (#15700)

• Fixed: Rudder-api-client packaging fails on rpm based system (#15695)

• Fixed: apache fails to start (#15693)

• Fixed: mod_proxy is not enabled in a relay (#15690)

• Fixed: Wrong Makefile in rudder-api-client (#15671)

• Fixed: Rudder-api-client changelog points to rudder-server-root (#15669)

• Fixed: Missing SOURCES directory in rudder-packages/rudder-api-client (#15624)

• Fixed: At installation Rudder-webapp only creates rudder-slapd and ncf-api-venv users but do not force group creation (#15649)

• Fixed: add a prerm script to rudder-server-relay (#15566)

• Fixed: Warning about systemd script during upgrade of rudder-agent 5.1 on centos7 (#15532)

• Fixed: Rights of ncf-api-venv home are not correct (at least on debian 9) preventing usage of technique editor (#15508)

• Fixed: Python deps for rudder-pkg are listed in build-depends instead of depends (#15495)

• Fixed: error during upgrade of rudder 5.1 nightly on a centos 7 (#15455)

• Fixed: Rudder init is not done in post install (#15409)

• Fixed: timestamp script is not executable (#15402)

• Fixed: upgrade from 5.0 to 5.1 fails (#15391)

• Fixed: /var/rudder/configuration-repository/ncf should not be checked anymore by rudder-fix-repository-permissions (#15373)

• Fixed: Rudder fails to build on 5.1 (#15347)

• Fixed: Agent doesn’t know when it is installed on a root server on rpm distro (#15335)

• Fixed: Selinux policy application fails in rudder-webapp postinst (#14794)

• Fixed: ncf api fails to run on python 3 (#15304)

• Fixed: Rudder 5.1 fails to build because of #15142 (#15175)

• Fixed: Add back java dependency on SLES12 for 5.1 (#15072)

• Fixed: Technique editor apache conf is misplaced on RHEL (#15071)

• Fixed: rudder-server-webapp depends on jdk >= 1.8 on sles15 but the package is no longer distributed (#15068)

• Fixed: Server install on 5.1 depends of libpq which does not exist on debian based distros (#15066)

• Fixed: Agent 5.1 fails to build on rhel6 and aix (#15059)

• Fixed: Add a placeholder in SOURCES dir for relay package (#15043)

• Fixed: Extract sources before fixing python version inscripts (#15030)

• Fixed: midding build dependencies for rhel8 (#14901)

• Fixed: Add dev dependencies for virtualenv (#14899)

• Fixed: Broken install script in 5.1 rpm agent (#14865)

• Fixed: Packaging fails at test step (#14769)

• Fixed: debian server 5.1 packages won’t build (#14759)

• Fixed: Postgresql misconfigured when not the default distrib package (ex: Centos 6 with Postgresql 9.3 from pgfoundry.org) (#14744)

• Fixed: Package for slackware doesn’t build (#14745)

• Fixed: Remove localdepends target in packages.makfile (#14674)

• Fixed: Remove http1.1 parameter from curl (#14671)

• Fixed: linker error during agent build (#14639)

• Fixed: Force http 1.1 when downloading curl (#14158)

• Fixed: rudder-reports postinstall fails on redhat (#14133)

• Fixed: rpm build error (#14118)

• Fixed: Postinstall 5.1 fails (#14113)

• Fixed: debian rudder-webapp fails to install (#14101)

• Fixed: rudder-server-relay fail to build (#14085)

• Fixed: rudder-server-relay fail to build (#14084)

• Fixed: Curl is not a rudder-server-root dependency (#14070)

• Fixed: rudder-server-relay fail to build (#14081)

• Fixed: rudder inventory ldap build fail (#14079)

• Fixed: specfile syntax error (#14078)

• Fixed: debian packages fail to build (#14076)

• Fixed: Error when building rudder-server-relay (#14075)

• Fixed: bad syntax during rpm build (#14074)

• Fixed: remove rudder-slapd-configure from installation (#14072)

• Fixed: builds fail to get repository.rudder.io (#14068)

• Fixed: Missing cd sourcedir in specfiles (#14067)

• Fixed: 5.1 fails to build for rpm (#14066)

• Fixed: Missing /var/rudder/lib/relay dir in packaging (#16052)

• Fixed: New techniques are not added to directive tree (#14354)

• Fixed: Incorrect permission on /var/rudder/reports (#15810)

• Fixed: add a prerm script to rudder-server-relay (#15566)

• Fixed: Missing directories in relay install target (#15555)

• Fixed: Typo in rudder Makefile (#15480)

• Fixed: relay api doesn’t support python2 and python 3 (#15399)

• Fixed: rudder-server-relay fails during postinstall (#15374)

• Fixed: Invalid cron file put by packaging (#14559)

• Fixed: slapd conf file owner is not correct (#15047)

• Fixed: Wrong check of response in rudder relay reload (#16058)

Agent

• Fixed: Postinst of rudder-agent on centos6 tries to use systemd (#15937)

• Fixed: agent reset keys won’t work anymore on 5.1 (#15339)

• Fixed: Agent inventory are refused by the webapp since they do not contains the agent certificate (#15325)

• Fixed: Rudder commands complain because of a missing rudder.json (#15282)

• Fixed: Initial promises are failing to execute since some bundles are not included (#15323)

• Fixed: agents in 5.1 fail to download ncf from the server (#15322)

• Fixed: agents in 5.1 fail to download ncf from the server (#15320)

• Fixed: HTTPS reporting is not done at first run if agent runs with -u (#15997)

• Fixed: Error at /opt/rudder/bin/rudder relay reload -p (#15995)

• Fixed: Ununderstandable error messages when server is not up and agent is installed (#15901)

• Fixed: Factory-reset does not reset uuid and certificates (#15401)

• Fixed: Explain in the doc that no reports are sent in verbose or debug mode (#15474)

• Fixed: Rudder agent disable command has a -s option, that is not parsed (#15460)

• Fixed: reload relay command should use POST (#15426)

• Fixed: "rudder agent check" should check certificate subject, and update it if it is wrong (#15332)

• Fixed: Syntax error in rudder agent check (#15329)

• Fixed: Broken curl command in agent (#15231)

• Fixed: reset and check commands break server in some cases (#15031)

Relay server or API

• Fixed: Rudder-pkg setup conf files in the wrong places (#15470)

• Fixed: relayd should stop when a thread panics (#16076)

• Fixed: HTTP errors when forwarding reports or inventories should generally be considered as transient (#16065)

• Fixed: Remote-run sometimes returns empty outpout or output with missing newlines (#16047)

• Fixed: Remote-run starts commands with no host name (#16044)

• Fixed: Passwords can appear in relayd logs (#16040)

• Fixed: Add logging contexts (#16001)

• Fixed: Add benchmarks for big nodes lists (#16013)

• Fixed: Receiving a report for an unkown node crashes the watcher (#15999)

• Fixed: Remote-run returns empty output (#15990)

• Fixed: Fix async & keep_output behavior (#15836)

• Fixed: relayd should accept empty condition field in remote-run (#15832)

• Fixed: Incorrect remote run command when used with sudo (#15814)

• Fixed: Fix synchronous remote run (#15808)

• Fixed: Fix PUT in shared-files API (#15668)

• Fixed: Update relayd dependencies to fix RUSTSEC-2019-0013 (#15597)

• Fixed: Make clean doesn’t remove all python files downloaded and generated on rudder-relay (#15490)

• Fixed: rudder-pkg python lib are missplaced on the server (#15483)

• Fixed: Report PUT is missing the file name (#15482)

• Fixed: rudder-pkg does not install properly (#15476)

• Fixed: Remove \r in reports in relayd (#15467)

• Fixed: postinstall of rudder-server-relay may fail if httpd is too slow to shut down (#15444)

• Fixed: relayd watcher does not catch moved files (#15427)

• Fixed: relayd should only control run date consistency inside the runlog (#15425)

• Fixed: Only treat file with report extension in relayd (#15405)

• Fixed: Add logs to Relay API (#14947)

• Fixed: Add logs to Relay API (#14947)

• Fixed: Relay packages uses python3 to build virtualenv (#14897)

• Fixed: Modify urllib3 import to disable useless pylint warning (#14684)

• Fixed: relayd fails to start on centos7 du to invalid permissions on nodeslist.json (#16059)

Support info script

• Fixed: script debug info (#15366)

• Fixed: Add a check for refusal message in syslog (#15367)

• Fixed: support-info script don’t list installed plugin (#12805)

Documentation

• Fixed: User manual doesn’t mention Debian wheezy support (#4124)

• Fixed: Use systemctl for rudder services management in docs (#15968)

• Fixed: Add a link to old docs (#15928)

• Fixed: Fix dead links in the doc (#15884)

• Fixed: Doc links in home should point to 5.0 and not 6.0 (#15855)

• Fixed: Missing 5.0 changelog in docs (#15618)

• Fixed: Prepare 5.1 doc (#15612)

• Fixed: Fix title levels in docs (#16036)

• Fixed: ncf site does not build (#14105)

System techniques

• Fixed: Agent bootstraping does not work on root server (#14788)

• Fixed: Typo in the system technique PropagatePromises (#16064)

• Fixed: Initial policies on root server broken with missing postgres-check.cf file (#16028)

• Fixed: In a separate database setup, an unexpected N/A report about "Postgresql component check" pops up (#15993)

• Fixed: Error in agent run about missing variable (#15464)

• Fixed: postgres-check.cf doesn’t exist anymore but is still loaded (#15899)

• Fixed: Duplicate report in distributePolicy/1.0/propagatePromises.cf (#15830)

• Fixed: Missing template for relayd conf in the initial promises (#15821)

• Fixed: Bootstrap policies should listen on 5309 (#15818)

• Fixed: Allow local cfruncommand on root server (#15820)

• Fixed: Initial promises contain an empty allowed network (#15779)

• Fixed: More typos in system techniques (#15750)

• Fixed: typo in server-roles/1.0/password-check.cf (#15748)

• Fixed: Anomalous ending during agent inventory (#15694)

• Fixed: RUDDER_WEBDAV_PASSWORD from /opt/rudder/etc/rudder-passwords.conf is ignored (#15682)

• Fixed: missing report about Send inventories to Rudder server (#15496)

• Fixed: duplicate report form component "Log system for reports" when report protocol is https (#15485)

• Fixed: When HTTPS reporting is selected, rsyslog is still active and so reports are duplicated on the server (#15446)

• Fixed: Syntax error in promises.cf (#15415)

• Fixed: Broken reports forwaring policy (#15404)

• Fixed: In 5.1 common policies always return a missing reports on the server (#15334)

• Fixed: Don’t set root owner on slapd config (#15326)

• Fixed: Wrong variable name when downloading inital promises from the server (#15316)

• Fixed: at install on the server on centos7, rudder-system-directives.cf is empty, and so, there are missing bundles when running the agent (#15309)

• Fixed: Fix broken 5.1 techniques (#15044)

• Fixed: No reports from nodes in Rudder 5.1 due to bad location of check_rsyslog_version (#14352)

• Fixed: missing reports in rudder 5.1 because of undefined distribute_policy_common.directiveId (#14350)

• Fixed: Syntax error in policy generation in 5.1 (#14242)

• Fixed: cf-agent aborted on defined class 'should_not_continue' (#14157)

• Fixed: server install fail on agent check (#14123)

• Fixed: System techniques are invalid in 5.1 (#14114)

• Fixed: Deleted stdlib files are still loaded in initial policies (#14102)

• Fixed: Making initial promises from rudder-techniques fails (#14069)

Web - UI & UX

• Fixed: Date handling in API Token Creation is broken (#15943)

• Fixed: Login page on Rudder 6.0 shows version 5.1 (#15941)

• Fixed: Missing notification for archive page (#15315)

• Fixed: Generation status is empty and grey at every connection (#15307)

• Fixed: Fix rudder-elm notifications init (#15438)

Server components

• Fixed: Rudder-pkg fails to build since subprocess.DEVNULL is undefined before python 3.3 (#16077)

• Fixed: Cannot start relayd (#15434)

• Fixed: Error while fixing 15748 (#15774)

• Fixed: Rudde server debug in 5.1 has a typo in it (#15318)

Plugins integration

• Fixed: Rudder package does not work when there are no plugin compatible with the current version of Rudder (#15952)

• Fixed: Rudder-pkg try to copy a folder with install command instead of using a recursive cp (#15481)

• Fixed: Remove tabulate python lib from rudder pkg (#15463)

Technique editor - Techniques

• Fixed: Policy generation is broken when using condition on generic methds (#16069)

• Fixed: ressources are not correctly referenced in technique (#16039)

• Fixed: Resources in technique are not put in the correct folder (#16033)

Web - Technique editor

• Fixed: Error message in technique editor when using wrong syntax for node properties is REALLY not clear enough (#15048)

• Fixed: Policy generation fails when we have technique ressources (#16008)

• Fixed: In rudder 5.1 we can no more put multiple lines in technique editor fields (#15314)

• Fixed: Cannot delete file and folder in file editor (#16029)

• Fixed: Drag’N Drop not working for generic method (#16037)

• Fixed: Import file button is still active when the panel is hide (#16035)

• Fixed: Show/Hides docs in technique editor doesn’t do anything (#16016)

Web - Config management

• Fixed: nodeslist.json can take up to 5 minutes to be updated after accepting a node (#16017)

• Fixed: Generation fails with: RejectedExecutionException'. Perhaps the thread pool was stopped? (#15981)

• Fixed: MANAGED_NODES_NAME is still needed for CFE nodes (#15355)

• Fixed: Webapp stops at ncf boot check (#15159)

Miscellaneous

• Fixed: Dynamic group based on another dynamic group don’t work correctly in 6.0 (#16010)

• Fixed: Unexpected crash of webapp on 6.0 (#16004)

Web - Nodes & inventories

• Fixed: add a test on group of groups (#16030)

• Fixed: Empty keyhashes in nodeslist.json on Linux nodes (#15547)

• Fixed: Wrong name for all nodes certificates files (#15403)

• Fixed: When receving pleinty of inventories at the same time, the web interface starts to parse them all at once (#15012)

• Fixed: Broken certificate handling in Unix nodes (#15331)

• Fixed: DecoderException: unable to decode base64 string: invalid characters encountered in base64 data (#15034)

Performance and scalability

• Fixed: Webapp does not start when only one proc is available (deadlock) (#15982)

• Fixed: Use extends AnyVal and remove HashCodeCaching for classes with one parameter (#15797)

• Fixed: Computing dynamic groups is very memory intensive, and can lead to FGC or OOM (#15858)

• Fixed: Use a queue for "changes" cache update (#15117)

System integration

• Fixed: Missing some logger documentation in logback.xml (#15916)

• Fixed: Webapp fails to boot (several time) (#15324)

• Fixed: Test in 5.1 for webapp are broken (#15364)

• Fixed: Policy generation error is not clear in log anymore (#15313)

• Fixed: Remove unused property "base_url" (#14932)

• Fixed: When switching to HTTPS reporting, the compliance of root server is broken because it receives both https and syslog (#16002)

Architecture - Refactoring

• Fixed: Normalize datetime format to ISO8601/rfc3339 (#15896)

• Fixed: Missing a fork for clean report info batch (#15849)

• Fixed: Port string template processing to zio (#15260)

• Fixed: Upgrade to ZIO new namespace (#15100)

Architecture - Dependencies

• Fixed: Update libraries to last minor versions (#15740)

API

• Fixed: Wrong path in shared-files API (#15552)

• Fixed: Unknown option in remote-run command (#15501)

• Fixed: Verifying signatures correctly in shared-files API (#15469)

• Fixed: Handle ttl parameter correctly in shared-files API (#15456)

• Fixed: upgrade API settings to v12 to include default report protocol and syslog protocol disabled (#15472)

• Fixed: Running remote-run as sudo during runtime (#15390)

• Fixed: Adding Windows shared folder feature to shared-file API (#15360)

• Fixed: API for node key management (#15344)

• Fixed: Sending & Receiving files with the shared-files API (#15253)

• Fixed: Validating signatures in shared-files API (#15247)

• Fixed: Limiting conditions length to 1024 characters (#15245)

• Fixed: public key and key-hash comparison not consistent in Rust’s version of shared-file API (#15233)

• Fixed: public key and key-hash comparison not consistent in Rust’s version of shared-file API (#15233)

• Fixed: public key and key-hash comparison not consistent in Rust’s version of shared-file API (#15233)

• Fixed: Handling keept_output and asynchronous parameters in the remote-run API (#15206)

• Fixed: Logging the remote-run API with warp (#15202)

• Fixed: support "classes" and "conditions" as parameters in the remote-run API (#15201)

Security

• Fixed: Guard against non-audit mode on node (#15431)

• Fixed: Relayd configuration is world-readable (#15523)

Techniques

• Fixed: Missing reports on system techniques in 6.0 for postgresql component check (#15994)

• Fixed: Use "rudder agent run" instead of cf-agent (#14873)

• Fixed: Use new package methods in techniques (#13998)

Technique editor - UI/UX

• Fixed: Cannot create Technique with resources (#15598)

• Fixed: We cannot delete parameters (#16027)

• Fixed: Fix file manager navbar’s display (#15604)

• Fixed: Fix Technique Editor loading message (#15600)

• Fixed: Popups display is broken (#15445)

• Fixed: Improve the Generic methods list of the new interface (#15396)

Generic methods - File Management

• Fixed: file_from_shared_folder generic methods fails to report (#15983)

Generic methods

• Fixed: variable_string_match tests are failing on old systems (#15971)

• Fixed: Reformat some cfengine classes bodies in ncf_lib.ncf in 5.1 (#15311)

• Fixed: condition_from_command does not do anything in audit mode (#15189)

• Fixed: in 5.1 the bundle ncf_configuration_basedir does not exists anymore (#14911)

• Fixed: ncf_lib shoudl not exist in 5.1 anymore (#14787)

• Fixed: Unwanted "methods" promise in log_rudder.cf (#14198)

Generic methods - Service Management

• Fixed: Service having both an init script and a real systemd unit are managed through the init script (#13740)

Release notes

Special thanks go out to the following individuals who invested time, patience, testing, patches or bug reports to make this version of Rudder better:

• Jonathan CLARKE

• Thomas CAILHE

This is a bug fix release in the 6.0 series and therefore all installations of 6.0.x should be upgraded when possible. When we release a new version of Rudder it has been thoroughly tested, and we consider the release enterprise-ready for deployment.