@starkandwayne-bot starkandwayne-bot released this Sep 16, 2018 · 17 commits to master since this release

Assets 5

New Features

  • We now have a BackBlaze B2 storage plugin!


  • Ordinals are now optional in monthly schedule specs (via the web
    UI), allowing front-end users to type '3' or '3rd', per their
    strongly-held personal preference.

  • The token field of the vault plugins is now marked as a
    password, so that autocompletion in the browser gets turned off.
    Otherwise, Chrome/FF keeps wanting to leak your Vault tokens to

  • The data directory and web UI root configurations are now
    properly validated by the SHIELD core. If they do not exist,
    core startup is halted. That way, you find out sooner if you've
    misconfigured something. Wheee.

  • shield import can now properly import fixed-key backup jobs.
    Just what the doctor ordered for BOSH and SHIELD backup and

Bug Fixes

  • Errors with hourly schedules are now properly handled and give a
    readable error message to the front-end.

  • The mysql plugin can now properly restore a single database.

  • Some silly typos (some copy-pasta, some bad whitespace, some
    we-don't-know-what-we-were-thinking) have been fixed in SHIELD
    CLI --help output.

@starkandwayne-bot starkandwayne-bot released this Aug 10, 2018 · 38 commits to master since this release

Assets 5


  • Credentials in task log output are now displayed as a blurred white block,
    revealed on hover to those with sufficiently high rights.

  • The task log is now closed by clicking the [X] button in the log pane
    instead of clicking the 'full task log' link again.

@starkandwayne-bot starkandwayne-bot released this Aug 3, 2018 · 43 commits to master since this release

Assets 5

New Features

  • Compression of archives is now optional, on a per-target basis.
    If you have really big databases and don't want to bother compressing
    them, you can now turn that off and get done with your data protection
    tasks sooner!

  • The Tasks API now has new time boundary range parameters, for retrieving
    tasks based on when they started and/or stopped.


  • The Systems and Storage views now have the ability to toggle between a
    card-based layout (the default), and a table layout.

  • Tags in the Systems View Timeline are now only shown for non-backup tasks,
    and only for successfully completed tasks. In practice, this means that
    restore operations get tags and no one else does.

  • The Retention Policy API / UI / CLI is better. Namely, the API matches
    the documation (it's a PATCH not a PUT), and we have proper bounds
    checking on expiry days and policy name lengths.

Bug Fixes

  • When restoring archives with the CLI, and targeting a different data
    system than the archive originally came from, everything works as

@starkandwayne-bot starkandwayne-bot released this Jul 13, 2018 · 59 commits to master since this release

Assets 5


  • Move the vault.crypt file out from under the vault/ data
    directory sub-directory; that sub-directory is dedicated to the
    Vault instance, and we shouldn't be putting other things in there.

  • Threshold for storage now indicates the use of units in the form field, to
    prevent the accidental specification of 50 bytes when you meant 50 gigabytes.

  • Improved results of the /v2/info and /v2/heath API endpoints to match its
    documented behaviour.


  • Removed FQDN from /v2/info as it was populated using DNS reverse lookups
    that were less than useful.

Bug Fixes

  • Storage health correctly stated during creation of ad-hoc runs.

  • Scheduled jobs in timeline are not longer incorrectly as "Ad-hoc"

  • Admin/Sessions page no longer shows all IP Addresses as localhost and
    shows the session creation time in human-readable format.

  • Notes for targets are now displayed on the page for a given system.

  • Errors encountered when unlocking the vault now notify the user.

  • Release version correctly displayed on header instead of (development)

@starkandwayne-bot starkandwayne-bot released this Jul 1, 2018 · 73 commits to master since this release

Assets 5


  • New vault plugin for backing up Safe or Vault installations.
    You can optionally restrict the subtree that gets backed up and
    restored, in case you share the Vault with others.

@starkandwayne-bot starkandwayne-bot released this Jun 29, 2018 · 75 commits to master since this release

Assets 5


  • Check for the existence of the required top-level import
    manifest keys in shield import.

  • The s3 plugin can now be configured to use IAM instance
    metadata to assume roles inside of S3, instead of providing
    explicit access and secret key material. Yay security!

  • The postgres plugin now allows split read replica / write
    master backup and restore, for highly-available solutions.

@starkandwayne-bot starkandwayne-bot released this Jun 13, 2018 · 84 commits to master since this release

Assets 5

Bug Fixes

  • Sometimes, code gets lost. This happened on 8.0.9, when we
    merged some PRs that blew away PR's #395, #393, #398, and #399.
    These changes dealt with initialization and SHIELD recovery.

@starkandwayne-bot starkandwayne-bot released this May 4, 2018 · 91 commits to master since this release

Assets 5


  • Stop giving out bad advice in the help output of create-job
    and update-job, with respect to propery schedule syntax.

  • Better error messaging in filepath walker when the fs plugin
    encounters an error or missing stat info.

  • Credentials (as defined by plugins) are now redacted in task
    output, based on the rights of the viewer.

  • The xtrabackup plugin now supports the mysql_socket option,
    for specifying the absolute path to the MySQL socket.

Bug Fixes

  • Properly set the job name and notes (summary) from the web ui
    wizard, instead of ignoring what the user provided. Fixes #387.

  • The webdav plugin no longer panics if you omit the https://
    or http:// URL scheme from your DAV server URL. Instead, it
    assumes HTTPS and keeps on truckin'. Other URL parse errors are
    properly handled now as well.

  • Handle people who don't set up their Github profiles properly,
    and are missing display names. The Github API returns these as
    nil string pointers, instead of pointers to the empty string.

@starkandwayne-bot starkandwayne-bot released this Jan 20, 2018 · 115 commits to master since this release

Assets 5


  • Global Storage Systems are available for selection during the
    backup configuration wizard in the web UI.

  • Storage systems now properly report their health to all
    front-end views, fixing a few fixmes along the way.

  • Agents can now be resynchronized, in an ad hoc fashion, via the
    admin backend on the web UI.

  • Jobs will have their 'next run' time re-calculated when their
    schedule is changed. Previously, the existing schedule was in
    force until the first run after a schedule change, at which
    point the new schedule kicked in. This was weird, so we changed

  • New Cloud Storage Solutions (global or tenant-based) are
    considered healthy until proven broken.

  • shield-agent now has better logging to help troubleshoot
    registration problems.

Bug Fixes

  • Fix an egregious bug in the scheduling logic that was only
    considering jobs scheduled in the future to be "overdue".
    Since all jobs start out with a next_run of 0, this caused NO
    JOBS to ever be scheduled. Thankfully, 8.x is still beta.

  • Fix a segfault when dereferencing a nil Task during a broadcast.
    Now, we log that we got a nil task, to assist in tracking down
    why / where its occurring, rather than just crashing on panic.

  • The shield restore-archive command now prints out the UUID of
    the task scheduled to run the restore, rather than the cryptic
    (and oh-so-unhelpful) string "%s!:bool=true"

  • Neither shield create-job, nor shield update-job will allow
    you to create (or modify) jobs to have invalid, unparseable
    schedules. This will keep the CLI from accidentally creating
    schedules that the web UI can't process.

  • When restoring through the new wizard, the web UI only shows
    archives for the selected target system, instead of all of the
    archives every made for the tenant. Turns out this was less
    than useful.

  • Fix up some edge cases where we weren't checking for the
    existence of a tenant in tenant-scope API calls, just the rights
    to that tenant -- since system users can affect all tenants, we
    found that we could create child objects on non-existent

Developer Stuff

  • bin/testdev now runs a WebDAV service on the nginx reverse
    proxy (on $PORT+1), since we can no longer use the fs plugin
    for storage operations.

    On MacOS, with homebrew, you'll want to reinstall nginx with
    WebDAV support: brew reinstall --with-webdav nginx

@starkandwayne-bot starkandwayne-bot released this Jan 17, 2018 · 132 commits to master since this release

Assets 5

Bug Fixes

  • shield-agent will now propagate HTTP proxy environment
    variables: http_proxy, https_proxy and no_proxy, which
    some plugins (i.e. s3) can make use of.

  • The postgres plugin no longer requires a host address. If not
    specified, a local loopback (usually UNIX domain socket) will be

  • The postgres plugin no longer requires a password. If not
    specified, no authentication credentials will be sent. This is
    usually paired with an empty (or missing) pg_host, to gain
    superuser access over loopback (given a 'trust' entry in HBA)