From ebf at isc.org Wed Oct 6 21:44:06 2021 From: ebf at isc.org (Everett B. Fulton) Date: Wed, 6 Oct 2021 16:44:06 -0500 Subject: [stork-users] Stork 0.21.0 is now available Message-ID: <199939d2-61e6-12ff-b2ad-a5bf47a9418d@isc.org> Stork 0.21.0 is a new development release of the Stork monitoring and configuration dashboard and it can be downloaded from: https://www.isc.org/download#Stork Documentation for Stork is available at https://stork.readthedocs.io. ----- # Stork 0.21.0, October 6th, 2021, Release Notes Welcome to Stork 0.21.0, another monthly development release. The changes introduced in this version are: * **TLS support**. The Stork Agent now supports communication with Kea over TLS. It automatically detects whether the Kea Control Agent is configured to use TLS. \[[#527](/isc-projects/stork/-/issues/527)\] * **Memory management improvements**. Most memory leaks in the Stork Web UI are now fixed. \[[#105](/isc-projects/stork/-/issues/105)\] * **Test improvements**. Intermittent failures have been addressed. Stork is now tested with Kea 1.9.11, instead of 1.8.2, and with some components run on CentOS 8, instead of CentOS 7. \[[#552](/isc-projects/stork/-/issues/552)\] Please see this link for known issues: [https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues](https:// gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues). ## Incompatible Changes * None. ## Release Model Stork has monthly development releases, with some exceptions. We encourage users to test the development releases and report back their findings on the stork-users mailing list, available at [https://lists.isc.org/mailman/listinfo/stork-users](https://lists.isc.or g/mailman/listinfo/stork-users). This text references issue numbers. For more details, visit the Stork GitLab page at [https://gitlab.isc.org/isc-projects/stork/issues](https://gitlab.isc.org /isc-projects/stork/issues). ## License Stork is released under the Mozilla Public License, version 2.0. [https://www.mozilla.org/en-US/MPL/2.0](https://www.mozilla.org/en-US/MPL /2.0) ## Download The easiest way to install the software is to use native deb or RPM packages. They can be downloaded from: [https://cloudsmith.io/\~isc/repos/stork/](https://cloudsmith.io/\~isc/re pos/stork/) The Stork source and PGP signature for this release may be downloaded from: [https://downloads.isc.org/isc/stork](https://downloads.isc.org/isc/stork ) The signature was generated with the ISC code-signing key which is available at: [https://www.isc.org/pgpkey](https://www.isc.org/pgpkey) ISC provides documentation in the Stork Administrator Reference Manual. It is available on ReadTheDocs.io at [https://stork.readthedocs.io/en/latest/](https://stork.readthedocs.io/en /latest/), and in source form at [https://gitlab.isc.org/isc-projects/stork/-/tree/master/doc](https://git lab.isc.org/isc-projects/stork/-/tree/master/doc). We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the stork-users mailing list ([https://lists.isc.org/mailman/listinfo/stork-users](https://lists.isc.o rg/mailman/listinfo/stork-users)). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Stork GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Stork will become available once it reaches the 1.0 milestone. Existing ISC customers that consider themselves early adopters may get involved in the development process, including roadmap, features planning, and early testing, but the software maturity level does not constitute a typical professional service before the 1.0 milestone. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at [https://www.isc.org/mailinglists/](https://www.isc.org/mailinglists/). If you have any comments or questions about working with Stork, please share them to the stork-users list ([https://lists.isc.org/mailman/listinfo/stork-users](https://lists.isc.o rg/mailman/listinfo/stork-users)). Bugs and feature requests may be submitted via GitLab at [https://gitlab.isc.org/isc-projects/stork/issues](https://gitlab.isc.org /isc-projects/stork/issues). ## Changes The following summarizes changes and important upgrades since the Stork 0.19.0 release. ```plaintext * 161 [func] slawek The Stork Agent now supports communication with Kea over TLS. It automatically detects if the Kea Control Agent is configured to use TLS. (Gitlab #527) * 160 [build] slawek Fix failed pipeline issues - bump CentOS version and related packages, change some unit tests to avoid crashes in CI environment. (Gitlab #552) * 159 [bug] slawek Eliminated memory leaks from the Stork Web UI. (Gitlab #105) ``` Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback. From Bertrand.Buclin at intl.att.com Wed Oct 27 16:00:11 2021 From: Bertrand.Buclin at intl.att.com (Buclin, Bertrand) Date: Wed, 27 Oct 2021 16:00:11 +0000 Subject: [stork-users] Certificate management in Stork and Kea Message-ID: <7393bc6a3f064b83a419315d84550a29@intl.att.com> Hi, Glad to see with KEA 2.0 and Stork 0.2x that we can now use TLS to secure the transactions between the Stork server and the Agent, and between the Agent and KEA. I'm trying to use server certificates signed by my organization certification authority instead of the self-signed certificates that Stork is proposing. To that effect, I've declared the trust-anchor, cert-file and key-file attributes in the KEA Control Agent pointing respectively to the Certification Authority certificate PEM file, the server certificate (and the certificate chain to the CA), and the server certificate private key (with the certificate chain to the certificate authority in the same PEM file). I'm trying to load the same certificates in Stork using the stork-tool, and no issue for the CA cert and the SRV Cert, but I can't get to load the server private key. The stork-tool call fails saying "main.go:333 problem parsing the server key: parsing private key: x509: failed to parse private key (use ParsePKCS1PrivateKey instead for this key format)". I know the private key file is the right one for the server certificate (checked them with the usual openssl x509/rsa -modulus | md5 routine), and all three CA certificate, server certificate and key files work OK with kea-shell... The PEM file for the private key starts with "-----BEGIN RSA PRIVATE KEY-----". When I export the private key that Stork self-generated, it says "BEGIN PRIVATE KEY". I've tried converting the private key to PKCS8 format, but then getting other errors and stork-tool crashing with "panic: interface conversion: interface {} is *rsa.PrivateKey, not *ecdsa.PrivateKey". Anyone succeeded in specifying keys across Stork and KEA successfully? Bertrand Buclin Director, Access Technology Management Global Connectivity Management AT&T Global Network Services (Switzerland) GmbH m +41 79 333 00 20 | bbuclin at att.com -------------- next part -------------- An HTML attachment was scrubbed... URL: