Skip to content

@barryo barryo released this Aug 20, 2020 · 3 commits to master since this release

This release primarily fixes a XSS security issue in IXP Manager. It also has a small number of bug fixes and improvements. All IX's running < v5.7.0 are advised to upgrade. This release has a minor version bump as there are two small database schema changes.

Summary:

git --no-pager diff --shortstat --no-merges v5.6.0 v5.7.0
 152 files changed, 13874 insertions(+), 8307 deletions(-)

Upgrade Instructions

Please follow the official upgrade documentation without skipping any steps.

There are no additional release specific steps required.

Security Fix

This release includes a fix for a XSS security bug in the looking glass feature.

The bug allows a potential attacker to provide an IXP Manager user or administrator a crafted URL which would result in the execution of supplied JavaScript within the user's browser.

If you are running IXP Manager with the looking glass feature enabled, you are advised to upgrade. If you wish to delay the upgrade and mitigate the risk in the mean time then you could:

  1. set the looking glass access privileges to SUPERUSER in each of your router configurations;
  2. advise your SUPERADMINS to examine any externally provided IXP Manager URL for the presence of potential XSS code.

Credit to Bart Vrancken (AbuseIO CERT) for responsibly disclosing this issue.

Small Features and Improvements

  • New Artisan command to reindex switch ports' ifIndex based on ifName. This is useful when a port's ifIndex changes in a switch operating system update. See this documentation for more information.
    • And suplemantal to this, we can now also exclude a switch from polling (via 00ccf4d).
  • IX-F Member Export: improvements include: (7286616)
    • Provides a more user friendly error message if the schema-required IX-F IXP ID is not set.
    • Allows the poller to provide an IX-F ID per infrastructure if one is not set via the parameter: &ixfid_1=xx&ixfid_2=yy.
    • Allows the poller to ignore the missing IX-F ID and set it to zero via the parameter: ?ignore_missing_ixfid=1.
    • Tag IXP Manager as the generator of the IX-F JSON document (4185fe6)
  • Better member logo layouts (c10c712) and option to add a background colour to check transparency (8a0ce56)

Bug Fixes

  • Can not update IRRDB if only IPv6 is configured. #662
  • Insufficient permissions error downloading crossconnect documents #663
  • VLAN Tagging should be warned/enforced when >2 vlan interfaces exist #667
  • ASN max length too short in IRRDB database due to the 32-bit ASN integer representation in database being signed - fixes #664
  • Admin log on as this user updates last login date when it shouldn't - fixes #652
  • Rack field in patch panel port verification page is blank (f95a893)
  • Off by one couting issue for admin dashboard - ports by location (4a10448)
Assets 2

@barryo barryo released this May 23, 2020 · 58 commits to master since this release

This release primarily adds a new Per-Member Document Store feature to IXP Manager and fixes a security issue. It also has a small number of bug fixes and improvements. All IX's running < v5.6.0 are advised to upgrade.

Summary:

git --no-pager diff --shortstat --no-merges v5.5.0 v5.6.0
 138 files changed, 12118 insertions(+), 3682 deletions(-)

Upgrade Instructions

Please follow the official upgrade documentation without skipping any steps.

There are no additional release specific steps required.

Security Fix

This release includes a fix for a security bug introduced in v4.9.0.

The bug allows logged in non-administrator users to affect changes to a non-service affecting database table.

To allow people a chance to upgrade, we will delay publishing more information on the security issue until Friday, May 29th 2020 .

Credit to David Croft (@davidc), an elected member director of LONAP, for finding and responsibly disclosing this issue.

Per-Member Document Store

We introduced a general document store in v5.4.0 which allows administrators to upload documents to be made generally available for specific user classes (public, customer user, customer admin, superadmin).

This release introduces a per-member document store which supports:

  1. Upload any file type.
  2. Edit uploaded files including name, description, minimum access privilege and replacing the file itself.
  3. Display of text (.txt) and display and parsing of Markdown (.md) files within IXP Manager.
  4. Directory hierarchy allowing the categorization of files.
  5. Each directory can have explanatory text.
  6. Deletion of files and recursive deletion of directories.
  7. Logging of destructive actions.

As an additional useful convenience, the per-member document store presents a virtual directory which collates any patch panel files that have been uploaded to a member's current or past cross connect record.

Please see the complete official document here.

Small Features & Improvements

  • Display MD5 password for RS/RC peering sessions on customer portal.
  • (Re)implemented logging for failed auth events - #642
  • Route servers: review and update IPv4 martian list (see 282fe10) - also closes #589
  • Route servers: fully disable standard community filtering if route server ASN is 32bit (see notes in 4372d79).
  • Add 400G as an edge port option.
  • Removed a large chunk of internal database result caching as this has proven endlessly problematic. In reality, the MySQL result cache will handle this anyway.
  • Allow a customer to add an inital MAC address. Removes check for >0 MACs. Resovles issue #643.
  • [IM] Better percentage members per VLAN stats and add VLAN to switch configuration explorer
  • Max prefixes for peering sessions should be available in IX-F member export

Bug Fixes

  • [BF] Patch Panels Customer View: State 'Reserved' appears white text on white background - fixes #637
  • 2fa logic fix to ensure it can be fully disabled.
  • [BF] Port Utilisation issues - fixes inexIXP-Manager#628
  • [BF] RRD max out value were reading in - fixes #626
Assets 2

@barryo barryo released this Mar 21, 2020 · 127 commits to master since this release

This release introduces a port utilisation reporting function into IXP Manager's frontend UI. You will find it in the IXP STATISTICS section of the left hand side menu.

The purpose of this tool is to easily identify ports that are nearing or exceeding 80% utilisation.

Our analysis at INEX has shown as much as 50% routine traffic increases across IXPs in areas under lock down due to the Coronavirus outbreak. To help us identify and engage with members for capacity upgrades, we needed a tool that would allow us to rapidly and easily view port utilisation across all members rather than looking at member graphs individually.

This feature was rapidly developed at INEX this week and we are releasing it immediately in the hope it may help other IXs plan for increased traffic during the Coronavirus outbreak.

Summary:

$ git --no-pager diff --shortstat --no-merges v5.4.1 v5.5.0
 22 files changed, 2131 insertions(+), 95 deletions(-)

Upgrade Instructions

Please follow the official upgrade documentation without skipping any steps.

Bug Fixes

  • White space issue - #620
Assets 2

@barryo barryo released this Mar 6, 2020 · 135 commits to master since this release

This is a bug fix release for version v5.4.0 that primarily fixes an issue in the new Document Store as reported by @listerr in #624.

If you are not yet running v5.4.0, please follow the release notes for v5.4.0 and upgrade to v5.4.0 first.

Quick Upgrade Instructions

This bug fix only has code changes and so the upgrade process is simple - in your IXP Manager installation directory (referred to as ${IXPROOT} in the usual upgrade instructions just run the following:

git fetch --all
git checkout v5.4.1

Boo-boo Update: I (@barryo) tagged v5.4.1 before updating the version.php file so after upgrading you'll still see v.5.4.0 in the footer. Sorry 😢

Bug Fixes

  • Document Store only displays latest subdirectory #624
  • Bug in Switches List Live Port State section #621

Other Small Changes

  • Pin composer libraries resolution to PHP 7.3
  • Make artisan down --message='Standby, updating...' message work and this is now displayed rather than the standard 5xx unavailable. 5f3b9e5
  • New artisan update:reset-mysql-views command to reset SQL views rather than the more cumbersome manual MySQL method. edd5f6a
Assets 2

@barryo barryo released this Feb 29, 2020 · 146 commits to master since this release

This release primarily adds a new Document Store feature to IXP Manager. It also has a small number of bug fixes and improvements. All IX's running < v5.3.0 are recommended to upgrade.

Summary:

git --no-pager diff --shortstat --no-merges v5.3.0 v5.4.0
 98 files changed, 4888 insertions(+), 1182 deletions(-)

Upgrade Instructions

Please follow the official upgrade documentation without skipping any steps.

There are no additional steps required.

Document Store

IXP Manager now has a document store allowing administrators to upload documents to be made generally available for specific user classes (public, customer user, customer admin, superadmin). The document store supports:

  1. Upload any file type.
  2. Edit uploaded files including name, description, minimum access privilege and replacing the file itself.
  3. For non-public documents, logging and reporting of downloads (total downloads and unique user downloads).
  4. Display of text (.txt) and display and parsing of Markdown (.md) files within IXP Manager.
  5. Directory hierarchy allowing the categorization of files.
  6. Each directory can have explanatory text.
  7. Deletion of files and recursive deletion of directories.
  8. Logging of destructive actions.

Please see the complete official document here.

Small Features & Improvements

  • Framework and backend upgrades
  • Frontend package upgrades
  • When we introduced long-lived remember me sessions in v5.3.0, a side effect is that return visits that utilised these long term cookies did not generate a user login event. This is now fixed and it also provides an indication if the login was via standard login or long-lived remember me cookie.

Bug Fixes

  • Fix member logo alignment - #616
  • (Re)fix IP sorting - #21
  • Rename superadmin customer dropdown template variable name to avoid collisions - islandbridgenetworks/IXP-Manager#257
  • 2fa related routes won't exist if 2fa is disabled - 6505be6
  • Password resets go out with welcome emails and so a 1hr expiry is way too quick - reset to 7 days via 12084bf
Assets 2

@barryo barryo released this Feb 6, 2020 · 225 commits to master since this release

This release adds a bunch of new features and tidies up a number of bugs / regressions in the v5 release train. All IX's running < v5.3.0 are advised to upgrade.

Summary:

git --no-pager diff --shortstat --no-merges  v5.2.0 v5.3.0
 277 files changed, 28450 insertions(+), 15504 deletions(-)

Upgrade Instructions

Please follow the official upgrade documentation without skipping any steps. Then read through the release notes below for any additional tasks.

Other Post-Upgrade Tasks

  1. Some very old databases may have a bad default value in some columns. Please run the following SQL manually:

    UPDATE `cust` SET `dateleave` = NULL where CAST(dateleave AS CHAR(10)) = '0000-00-00'
  2. See the SQL query in Patch Panel History Improvements below.

  3. Country and city details per IX-F Export Improvements below.

2FA and User Session Management

Two factor authentication (2fa) strengthens access security by requiring two methods (also referred to as factors) to verify your identity. Two factor authentication protects against phishing, social engineering and password brute force attacks and secures your logins from attackers exploiting weak or stolen credentials.

IXP Manager now supports a Google Authenticator compatible 2fa system.

In addition to this, we have implemented user session management which allows a user to be logged in and remembered from multiple browsers / devices and to manage those sessions from within IXP Manager.

See details here: https://docs.ixpmanager.org/usage/authentication/

IX-F Export Improvements

IXP Manager sets the switch location on IX-F Member Exports to the global city and country as defined in the IXP Manager configuration file.

We have added fields to the infrastructure (for your IX's country) and facilities (for city and country) to provide more precise information in the export.

After you upgrade IXP Manager, please edit your infrastructure(s) and set the new country field and then edit your facilities and set their city and country in the new fields provided. Once set, the IX-F Export will use these instead.

Patch Panel History Improvements

We chose not to link historical patch panel ports to customers via the customer database ID to avoid foreign key issues when customers are deleted. This meant it is difficult to show a specific customer's historical patch panel ports. This was fixed in v5.3 and admin users can now also see historical patch panel ports assigned to customers in the overview page for convenience.

To populate the customer history for your current database, please run the following after you upgrade:

UPDATE patch_panel_port_history ppph
    SET ppph.cust_id = (
        SELECT c.id FROM cust c WHERE c.name = ppph.customer
    )

You just need to do this once.

Small Features & Improvements

  • Looking Glass: navigation between looking glass instances improved (b488a66)
  • Looking Glass: only translate communities for route servers / collectors. Our communities only exist within our BGP daemons and any member using the same community tag would have a different intention / meaning.
  • Patch Panels: hide LoA options for non-customer ports (342b7ec)
  • PHP 7.4: IXP Manager is tested (and developed) on PHP 7.4 without issue (2178455)
  • Provisioner API: IP addresses are now included in the layer2interfaces (ab7f682)
  • VLAN Interface: ARPA hostname can be made optional by setting the configuration option: IXP_FE_VLANINTERFACES_HOSTNAME_REQUIRED=false.

Bug Fixes

  • Issue deleting a customer #568
  • Wrong login history displayed for user #594
  • Peering matrix displaying two rows rather than one (1eaf792)
  • Resold member details show billing information when it shouldn't (c32e4e0)
  • Switch configuration results in HTTP 500 error #602
  • last logins -> login history -> view -> generates 404 (fa09668)
  • Patch panel port list page - server 500 error (2aa8934)

Other Acknowledgements

We had a second level student on work experience who found a bunch of cosmetic issues and these were fixed in 1d5e700 - thanks Adam!

Assets 2

@barryo barryo released this Sep 30, 2019 · 469 commits to master since this release

This release adds a bunch of new features and tidies up a number of bugs / regressions in the milestone v5.0 and the v5.1 releases. All IX's running < v5.2.0 are advised to upgrade. Additionally, any IX's that are still allowing v5 to bed in can now safely upgrade as it has been in production at a number of exchanges for quite a while now.

Summary:

git --no-pager diff --shortstat --no-merges  v5.1.0 v5.2.0
 342 files changed, 17141 insertions(+), 18211 deletions(-)

Upgrade Instructions

Please follow the official upgrade documentation without skipping any steps. Then read through the release notes below for any additional tasks.

PeeringDB OAuth

PeeringDB OAuth

We are very pleased to announce that we have added the ability to login to IXP Manager via a member's PeeringDB account.

This is a particularly beneficial feature for members who are members of many IXPs which use IXP Manager - of which there are over 80 now - as it means they only need their PeeringDB account to access their portal at each of those IXPs. It also removes the hurdle for account creation via the IX operations team or having to find a user within a member's own organisation with administrative permissions.

The management and operations team at INEX have worked with the team from PeeringDB on this functionality - with the initial conversations dating back to early 2017 where we each agreed to develop our respective parts. The general peering community benefits greatly from this as PeeringDB now has a publicly available OAuth service and, through our own work, we have added PeeringDB OAuth client functionally to one of the more popular OAuth programming libraries.

IXP Manager interacts in a number of ways with PeeringDB (see here) and specific instructions for enabling PeeringDB OAuth with IXP Manager can be found here.

The scope of work for this PeeringDB OAuth support includes:

  • OAuth support
  • Information for admins about how a user was created
  • Per-member opt-outs for PeeringDB OAuth
  • Configurable OAuth-created user type

Support for rfc1997 pass-through on route servers

RFC1997 defines some well-known communities including NO_EXPORT (0xFFFFFF01 / 65535:65281) and NO_ADVERTISE and states that they have global significance and their operations shall be implemented in any community-attribute-aware BGP speaker.

According to rfc7947, it is a matter of local policy whether these well-known communities are interpreted or passed through on route servers. Historically, some IXP route servers interpret them and some pass them through. As such the behaviour of these well-known communities is not well-understood when it comes to route servers and this topic has been the subject of a good deal of debate in the IXP community over the years.

In 2017, INEX and LONAP published draft-hilliard-grow-no-export-via-rs-00 to try and create some consensus on this. While the draft was not accepted as a standard, the discussion drew a conclusion that these well-known communities should not be interpreted by the route server but passed through.

This commit adds support to enable pass through. As enabling this on Bird resets BGP sessions, this is being added with default as off for now so as to ensure it is not a breaking / service affected change. The recommended setting is on however. We will change the default in a later version when IX's have had a chance to update their route servers in a maintenance window.

More information in the documentation here.

Framework Upgrades

Laravel 6 was released on September 3rd. Despite the version bump from v5.8, the changes were moderately minor (the version change marks the beginning of semantic versioning rather than a massive framework change).

IXP Manager now runs on Laravel v6 and all related libraries updated.

Member vs Customer

IXP Manager is mostly deployed in member-owned IX's. The language used within IXP Manager to date has tended to be a mis-match of customer and member. We did a review of the templates and have standardised these to member. If in your case you prefer customer then add the following to your .env file:

IXP_FE_FRONTEND_CUSTOMER_ONE=customer
IXP_FE_FRONTEND_CUSTOMER_MANY=customers
IXP_FE_FRONTEND_CUSTOMER_OWNER="customer's"
IXP_FE_FRONTEND_CUSTOMER_OWNERS="customers'"

Small Features and Improvements

  • Data tables now remember pagination, rows per page and search settings #496
  • Grapher backend information (such as location of MRTG log files) is now available to administrators

Bug Fixes

  • RS Looking Glass sort order #544
  • Fix delete ports from switch-port/snmp-poll - (islandbridgenetworks/IXP-Manager#226)
  • Allow spaces at the end of virtual interface names #513
  • 500 server error changing patch panel port #545
  • Deleting patch panel ports should not bounce to listing all patch panel ports when complete (islandbridgenetworks/IXP-Manager#232)
  • Problems with params validation for some fields in /patch-panel/add - fixes islandbridgenetworks/IXP-Manager#236
  • Better error handling in the looking glass for large tables
  • Suspended state is white on white #561
  • Check RS ASN when examining tags - fixes #560
  • Hide download/view LOA for patch panel port without customer assigned (#569)
  • Fix issue delete customer #568
Assets 2

@barryo barryo released this Jul 23, 2019 · 554 commits to master since this release

This release adds a bunch of new features and tidies up a number of bugs / regressions in the milestone v5.0 release. All IX's running v5.0 are advised to upgrade. Additionally, any IX's that were allowing v5.0 to bed in can now safely upgrade as it has been in production at a number of exchanges for a while now.

Summary:

git --no-pager diff --shortstat --no-merges  v5.0.0 v5.1.0
 174 files changed, 15728 insertions(+), 20372 deletions(-)

Upgrade Instructions

Please follow the official upgrade documentation without skipping any steps. Then read through the release notes below for any additional tasks.

New Features

Expose IRRDB Functionality and Database Tables to Frontend

Route server filtering is based on IRRDB lookups of AS-SETs and related route objects. This is all documented here.

Up until now, the only way to see the contents of the IRRDB ASN and prefix database tables was to manually examine the database or the generated route server configuration. We now provide these within IXP Manager for admins and users to examine and search.

In addition, administrators and users can request an IRRDB update of the ASNs and/or prefixes from within the UI and, once complete, it will display any prefixes/ASNs added/removed. Up until now, this was only available by command line.

Support for v1.0 of the IX-F Member Export Schema

Together with Euro-IX, we released v1.0 of the IX-F Member Export Schema on July 19th 2019.

Continuing our long-running support of this project, IXP Manager now fully supports v1.0 of the schema out of the box.

The only manual change advised when upgrading is to edit your route servers and set:

  • the software daemon version (e.g. if using Bird 1.6.4 then enter 1.6.4); and
  • the operating system and the operating system version on which your route server runs.

A small number of IXPs have asked to make the IX-F Export private (an option which has existing for some time) but to also have the facility to allow the IX-F database poll that information securely. For this, we have add an access key which is documented here.

Documenting the Purpose of API Keys

Implements the basic request of #536 which is to add a description against API keys. We also now allow the setting of an expiry date (auto-deletion after ~1 week). We now also hide API keys by default and require the user to (re)enter their password to view them.

ASN and Prefix Lookups

IXP Manager has supported looking up the details of ASNs - by clicking on the ASN - via PeeringDB's Whois service since v5.0. This release updates that to cache the results (1 day by default but configurable). Many ASNs are not covered by PeeringDB as it happens - in that event, we also do a Whois lookup to Team Cymru's service to at least get the ASN organisation name.

We have added the ability to lookup prefixes by clicking on them against BGPmon's Whois service. This provides useful information from their collectors such as origin ASN observed and ROA validation status.

Database Housekeeping

Please execute the following SQL query manually on your database:

UPDATE `customer_to_users` SET last_login_date = NULL WHERE last_login_date = '1970-01-01 00:00:00'

Improvements

  • Domain name validation in a number of places - fixes islandbridgenetworks/IXP-Manager#216 and fixes #499
  • [IM] The new user management code/functionality (specifically the many-to-many for customers-to-users) has been given a second pass and completely rewritten by @yannrobin with many improvements.
  • [IM] Add note about uniqueness of VLAN 802.1q tags across infrastructures - fixes #517
  • [IM] Fix frontend links when no backend available for VLAN graphs - fixes #503
  • [BF] - Customer Notes spam (do not send notifications to disabled users) - 976f9bf

Bugs Fixed

  • [BF] - issue when the create date of a Layer 2 Address is null - 8e96284
  • [BF] Cannot list the users of disabled contact groups - #532
  • [BF] Corporate URL is not required - 5c7f69d
  • [BF] Fix date migration for users last login - closes #531
  • [BF] Email addresses are not actually meant to be unique - 31c4380
  • [BF] patch-panel/list throws exception if no patch panels defined - fixes #524
  • [BF] v5.0.0 customer user unable to view notes - fixes #521
  • [BF] View on Login History has broken links - fixes #523
  • [BF] Netmask doesn't show under Ports - fixes #522
  • [BF] Contact groups layout not appearing correctly in v5.0.0 interface - fixes #520
  • Typo from @listerr - manual fix of PR / fixes #518
Assets 2

@barryo barryo released this May 21, 2019 · 646 commits to master since this release

Welcome, finally, to the release of IXP Manager v5. Thanks for your patience to date - this is a BIG release! You are going to need about four hours to work through everything properly - so probably get a few ☕️'s before you hit the 🍻.

Dedication

IXP Manager 5.0 is dedicated to the memory of Barry Rhodes, who died in September 2018 and was Chief Executive of INEX for 15 years.

In 2005, IXP Manager was first envisioned and created by the INEX operations team, Nick Hilliard and Barry O'Donovan, to provide a robust and scalable management platform to run INEX's internet exchange in Dublin. Barry Rhodes put his full support behind the project, which enabled the code to be developed to the point that it could be open-sourced and released to the community. Today, more than 70 IXPs use IXP Manager as their management platform.

The INEX team are proud to honour Barry Rhodes' legacy by dedicating this significant release to his memory.

Release Summary

$ git --no-pager diff --shortstat release-v4 release-v5
 970 files changed, 79020 insertions(+), 87488 deletions(-)

A brief summery of the biggest changes in IXP Manager v5 include:

  • Bird v2 support for route servers, route collectors and AS112 services (AS112 not used in production at INEX yet).
  • RPKI support for Bird2! We have also updating the route server filtering mechanism - to fully understand RPKI and the updated filtering mechanism with IXP Manager is to watch our presentation from APRICOT 2019 or read this article on INEX's website.
  • The looking glass has been overhauled from a look and feel perspective. Also, when using Bird v2 it will now also show filtered routes and the reason for filtering.
  • The Route Server Prefix Analysis tool has been deprecated (but not removed). It has been replaced with a new tool that queries all Bird v2 route servers live to give a complete and accurate report on filtered prefixes.
  • Mandatory PHP >= 7.3 requirement (some reasoning discussed here and note that only >= 7.2 are in active support. This is quite easy on Ubuntu via this PPA and we've written a short how-to here.
  • Laravel framework upgraded from 5.5 to 5.8.
  • Bower as a frontend package management system has been replaced with Yarn and Laravel Mix. What this means is that the frontend assets ship with IXP Manager and no action required from you anymore!
  • Bootstrap frontend upgraded to v4.3 (from 3.x) and TailwindCSS added. There are still some rough edges but these will get sanded and smoothed over the coming weeks and months.

Upgrade Instructions

If you are upgrading to IXP Manager v5, this is where to start. We assume that you are upgrading from v4.9.x. No other upgrade paths are supported or recommended.

Prerequisite: ensure you have PHP >= v7.3 installed. If you are using Ubuntu, we recommend this PPA and we've written a short how-to here. We would also recommend that you upgrade to Ubuntu 18.04 LTS as part of this process if you are using an older version of Ubuntu (however it will work fine on 16.04 with PHP 7.3).

The process we describe here is based on the new instructions for upgrading within IXP Manager v5 and you should read that document now but follow the instructions as set out here for upgrading from v4.9.x.

We have created a Gist which shows a sample v4.9.3 to v5.0.0 upgrade to help illustrate the instructions below and the output / results you should see.

We will assume your installation of IXP Manager is installed at a location identified by the shell variable IXPROOT. This is set in step (1) below.

  1. Set up some variables and ensure directory permissions are okay:

    # set this to your IXP Manager installation directory
    IXPROOT=/srv/ixpmanager
    
    # fix as appropriate to your operating system. ubuntu/debian is fine with this:
    MY_WWW_USER=www-data
    
    # ensure the web server daemon user can write to necessary directories:
    chown -R $MY_WWW_USER: ${IXPROOT}/storage $IXPROOT/vendor
    chmod -R u+rwX ${IXPROOT}/storage $IXPROOT/vendor
  2. Enable maintenance mode to let your users know what's happening:

    cd $IXPROOT
    php artisan down --message='Upgrading to IXP Manager v5. This will take sometime.' --retry=900
  3. Using Git, checkout the v5.0.0 release of IXP Manager:

    # (assuming we're still in $IXPROOT)
    # pull the latest code
    git fetch --all
    # check out the version you are upgrading to
    git checkout v5.0.0
  4. Install latest required libraries from composer (read the notes on the new instructions for upgrading within IXP Manager v5. NB: ensure you are running Composer >=1.8.0 - see the composer website for install/upgrade instructions.

    # this assumes composer.phar is in the IXP Manager install directory. YMMV - see notes on the upgrade instructions.
    # Upgrade composer first:
    php ./composer.phar selfupdate
    
    # And update the libraries
    sudo -u $MY_WWW_USER bash -c "HOME=${IXPROOT}/storage && cd ${IXPROOT} && php ./composer.phar install --no-dev --prefer-dist"
  5. Restart Memcached and clear the cache. Do not forget / skip this step!

    # (assuming we're still in $IXPROOT)
    systemctl restart memcached.service
    php artisan cache:clear
  6. Update the database schema:

    # (assuming we're still in $IXPROOT)
    # (you really should take a mysqldump of your database first)
    # see what will change:
    php artisan doctrine:schema:update --sql
    # migrate:
    php artisan doctrine:schema:update --force
    php artisan migrate --force
  7. Restart Memcached (yes, again). Do not forget / skip this step!

    systemctl restart memcached.service
  8. Ensure file permissions are still correct.

    chown -R $MY_WWW_USER: ${IXPROOT}/storage $IXPROOT/vendor $IXPROOT/bootstrap/cache
    chmod -R u+rwX ${IXPROOT}/storage $IXPROOT/vendor $IXPROOT/bootstrap/cache
  9. Clear out all caches:

    php artisan cache:clear
    php artisan config:clear
    php artisan doctrine:clear:metadata:cache
    php artisan doctrine:clear:query:cache
    php artisan doctrine:clear:result:cache
    php artisan route:clear
    php artisan view:clear
  10. Now work through the rest of the release notes before proceeding and disabling maintenance mode.

  11. Disable maintenance mode:

    # (assuming we're still in $IXPROOT)
    ./artisan up
  12. Recreate SQL views

    Some older scripts, including the sflow modules, rely on MySQL view tables that may be affected by SQL updates. You can safely run this to recreate them:

    mysql -u $DB_USER -p $DB_DATABASE < $IXPROOT/tools/sql/views.sql
  13. Housekeeping:

  • you should have taken care of this in previous upgrades but if not, the var/ directory can be deleted.
  • we have moved away from Bower as a frontend package manager so you can delete this directory: public/bower_components/.

Route Server / Configuration Changes

IXP Manager v5 adds support for Bird v2 but maintains support for Bird v1. The only changes to the Bird v1 configuration is:

  • setting the use of standardised time formats (iso long);
  • IRRDB prefixes and ASNs are now sorted.

You will need to upgrade Bird's Eye to v1.2.1 for full support for this on your routers.

Upgrading to Bird v2 and RPKI support is a separate task and this is covered in our online documentation here.

Using Bird v2 and internal large communities, we have completely overhauled how we show end users what prefixes are filtered by the route servers. If you had been using the Route Server Prefix Analysis tool with Bird v1 and you want to keep using it for now, enable it by setting the following in your .env file:

IXP_FE_FRONTEND_DISABLED_RS_PREFIXES=false

Looking Glass

Upgrade to Bird's Eye v1.2.1 due to the following additions to Bird's configuration file:

# standardise time formats:
timeformat base         iso long;
timeformat log          iso long;
timeformat protocol     iso long;
timeformat route        iso long; 

Users

V5 changes user management in a number of ways - essentially implementing most of the ideas from the RFC in issue #354. We have rewritten the documentation for this and you should read that now. The changes include:

  1. Allow an user to be linked to more than one customer / network.
  2. Unshackle contacts from users - this was done in v4.9.0.
  3. Change the authorisation system from the current roles of CUSTADMINs and and CUSTUSERs. The current forms of CUSTADMINs date from equivalent functionality in the old RIPE LIR portal where identical roles existing. Instead, we would like CUSTADMIN to mean read/write/admin access and CUSTUSER to mean read-only access. All existing CUSTADMINs would be deleted (these users can only manage accounts and have no other purpose, they are usually role email addresses such as peering@/noc@). All existing CUSTUSERs would be elevated to CUSTADMINs.

To make these changes, carry out the following commands:

# expunge login logs >6 months 
php artisan utils:expunge-logs -v

# refactor user/customer entries for n:1 to n:m (customer:user)
# (you'll get warnings but as long as you are doing this as part of the V5.0.0 upgrade, it is safe)
php artisan update:customer2users

# delete CUSTADMIN users (optional but recommended)
php artisan update:remove-custadmins

# promote `CUSTUSER`s to `CUSTADMIN`s (optional but highly recommended)
php artisan update:promote-custusers

You will probably want to communicate these changes to your members. A draft of the email INEX sent to its members can be seen in this Gist.

New User Templates: As usual, new users will receive a welcome email. There is now a second version of this for existing users added to another customer ([documented here]https://docs.ixpmanager.org/usage/users/#welcome-email). You may want to review the content of this and consider skinning it.

Task Scheduler

Prior to IXP Manager v5, many cron jobs had to be configured manually. From v5.0 onwards, most required cron jobs are handled by Laravel's task scheduler. As such, you typically just need a single cron job entry such as:

* * * * *    www-data    cd /srv/ixpmanager && php artisan schedule:run >> /dev/null 2>&1

Please review the official documentation for this here as it lists what entries are covered by this.

At time of writing, the only ones which are not covered are:

  • the Grapher email updates (any Artisan command starting grapher:email- - documentation).
  • the port speeds auditor (audit:port-speeds - documentation).
  • the RIR object updater (rir:generate-object - documentation).

Third Party Integrations

We have added MANRS API integration and now highlight members that are part of the MANRS program (documentation).

We have also fixed the ASN lookup by using PeeringDB's whois integration and we have written new PeeringDB documentation to show all the integrations we use (documentation).

Templates

Due to the upgrade to Bootstrap 4, you may need to look at the CSS in some of your templated files. Common files that you may have templated include:

  • resources/skins/x/footer-content.foil.php -> moved to the layouts directory: resources/skins/x/layouts/footer-content.foil.php and note that the footer has been complete changed.
  • resources/skins/x/header-documentation.foil.php -> moved to the layouts directory: resources/skins/x/layouts/header-documentation.foil.php and the CSS has changed significantly (see the example under resources/views/layouts/header-documentation.foil.php).
  • CSS for the support page needs updating: resources/skins/x/content/0/support.foil.php (see INEX's for reference under resources/skins/inex/content/0/support.foil.php.

Development Updates

  • Laravel Telescope has been added.
  • Front end asset management now uses Yarn / Laravel mix. Updates for development are built via yarn run dev and for production releases via yarn run prod.
Assets 2

@barryo barryo released this Mar 8, 2019 · 1117 commits to master since this release

This is a security and bug fix release for version v4.9.

If you are not yet running v4.9.0, please [follow the release notes for v4.9.0] and upgrade to v4.9.0 first. (It is not necessary to upgrade to v4.9.1 or v4.9.2, you can go straight from v4.9.0 -> v4.9.3.)

Quick Upgrade Instructions

This security and bug fix only has code changes and so the upgrade process is simple - in your IXP Manager installation directory (referred to as ${IXPROOT} in the usual upgrade instructions just run the following:

git fetch --all
git checkout v4.9.3

Security Fixes

Fix an inventive XSS vulnerability with data retrieved via RIPE REST for AS objects. We have also added sanitisation to other services we pull data from. Thanks to Cynthia Revström for reporting this.

## Bug Fixes

  • [DB] Add remember_token to user entity (9682787)
  • [BF] Update UserController.php - allow . in usernames (fixes #507 with thanks to @listerr)
  • [BF] Remove hardcoded "INEX" in email subject. (fixes #506 with thanks to @listerr)
Assets 2
You can’t perform that action at this time.