[stork-users] Stork 1.10.0 is now available

Everett B. Fulton ebf at isc.org
Wed Apr 5 17:29:53 UTC 2023


Stork 1.10.0 is a new development release of the Stork dashboard for
monitoring Kea servers.

The easiest way to install the software is to use native deb or RPM
packages. They can be downloaded from:

      https://cloudsmith.io/~isc/repos/stork/

The Stork source and PGP signature for this release may be downloaded from:

      https://www.isc.org/download#Stork

Documentation for Stork is available at:

      https://stork.readthedocs.io

-----
# Stork 1.10.0 Release Notes, April 5 2023

Welcome to Stork 1.10.0, another development release. The changes
introduced in this version are:

1. **Kea Configuration Review Improvements**: Added new checker that
warns if Basic Auth is used in an insecure way in Kea Control Agent
[#945]. Added new checker that warns if Subnet commands and Config
Backend hooks are used together [#940]. Added new checker that warns if
size of the pool equals number of host reservations [#941]. Added new
checker that warns if the multi-threading is enabled for Kea packet
processing but not for HA processing [#944].

2. **Kea Configuration Management**: The work continues towards the
capability to manage subnets. In this release, we refactored the code
pertaining to processing the Kea configuration in the Stork server. It
introduces no new user-visible functionality, but the number of code
changes is significant and thus noted in the ChangeLog and Release Notes
[#942]. The data model now retains much more information about Kea DHCP
parameters [#952].

3. **BIND 9 support improvements**: BIND 9 detection code has been
expanded and is now more robust. It now can also attempt to look at more
default locations for config files, use `named -V` to discover built-in
locations and also use `STORK_BIND9_CONFIG` environment variable to look
for a specific BIND9 config file. The detection process is also now more
verbose. Enabling DEBUG logging level may help [#831]. The rndc key is
now detected properly. The key value is visible only for
super-administrators [#997].

4. **UI improvements**: The new reservation added via Stork appears on
all lists instantly, not after the next refresh [#996]. The content of
the subnets column is now sorted [#855]. Fixed a problem with
periodically showing the HA loading indicator when High Availability was
not configured [#969]. Fixed the problem with displaying subnet
utilization bars on the shared network page. The bars for IA_NA and
IA_PD were always shown, even when they had no corresponding subnet
pools [#970].

5. **Agent improvements**: The agent now attempts to pull statistics
only from daemons that are running. This should greatly limit the amount
of logs generated by both Stork agent and the Kea control agent. This
change may help for repeated  CTRL_AGENT_COMMAND_FORWARD_FAILED logs by
Kea control agent [#933].

6. **Security**: Fixed the path traversal vulnerability that allowed
everyone to check the existence of any file on the filesystem [#987].
Added support for passwordless connections for databases. The Postgres
server can now be reached over sockets. It allows securing the
connection using the `trust` and `host` authentication modes [#858].
Expanded Stork ARM with an explanation how to fix potential problems
with self-signed certificates [#543]. Fixed integer-casting issues
reported by CodeQL [#982].

7. **Build improvements**: Updated Angular, PrimeNG, GoSwagger, and
OpenAPI generator [#981]. Changed the executable paths configured in the
default systemd service files to absolute [#972]. Migrated from outdated
`docker-compose` to more recent `docker compose` [#979].

8. **Bug fixes**: A user without any groups can now log out properly
[#1004]. Fixed ignoring URL segments in the Grafana base address [#980].
Added a human-readable representation of the event level in the dump
package [#971].

Please see this link for known issues:
https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues.

## Incompatible Changes

None.

## Release Model

Stork has bi-monthly development releases, with some exceptions.

We encourage users to test the development releases and report back
their findings on the stork-users mailing list, available at
https://lists.isc.org/mailman/listinfo/stork-users.

This text references issue numbers. For more details, visit the Stork
GitLab page at https://gitlab.isc.org/isc-projects/stork/issues.

## License

Stork is released under the Mozilla Public License, version 2.0.

    https://www.mozilla.org/en-US/MPL/2.0

## Download

The easiest way to install the software is to use native deb or RPM
packages. They can be downloaded from:

    https://cloudsmith.io/~isc/repos/stork/

The Stork source and PGP signature for this release may be downloaded
from:

    https://downloads.isc.org/isc/stork

The signature was generated with the ISC code-signing key, which is
available at:

    https://www.isc.org/pgpkey

ISC provides documentation in the Stork Administrator Reference Manual
(ARM). It is available on ReadTheDocs.io at
https://stork.readthedocs.io/en/latest/, and in source form in [the doc/
directory](https://gitlab.isc.org/isc-projects/stork/-/tree/master/doc).

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the stork-users mailing list
(https://lists.isc.org/mailman/listinfo/stork-users). We would also like
to hear whether the documentation is adequate and accurate. Please open
tickets in the Stork GitLab project for bugs, documentation omissions
and errors, and enhancement requests. We want to hear from you even if
everything worked.

## Support

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/mailinglists/. If you have any comments or questions
about working with Stork, please share them to the stork-users list
(https://lists.isc.org/mailman/listinfo/stork-users). Bugs and feature
requests may be submitted via GitLab at
https://gitlab.isc.org/isc-projects/stork/issues.

## Changes

The following summarizes changes and important upgrades since the
previous Stork release versioned 1.9.0.


* 298 [func] marcin

     New and updated host reservations are instantly visible in Stork
after
     submitting the form.
     (Gitlab #996)

* 297 [build] slawek

     Fixed the security vulnerabilities reported by the Github Dependabot
and
     updated dependencies including the Angular, PrimeNG, GoSwagger and
     OpenAPI Generator.
     (Gitlab #981)

* 296 [bug] slawek

     Fixed the path traversal vulnerability that allowed everyone to
check the
     existence of any file on the filesystem.
     (Gitlab #987)

* 295 [bug] slawek

     Fixed fetching the authorization keys from BIND 9 configuration. The
key
     value is visible only for super-administrators.
     (Gitlab #997)

* 294 [build] slawek

     Changed the executable paths configured in the default SystemD
service
     files to absolute.
     (Gitlab #972)

* 293 [bug] slawek

     Fixed a problem whereby a user not assigned to any groups could not
log out.
     (Gitlab #1004)

* 292 [func] slawek

     Added the configuration review checker to verify that the Stork
Agent and
     Kea Control Agent communicate over TLS if the Kea Control Agent
requires
     the HTTP credentials (i.e., Basic Auth).
     (Gitlab #945)

* 291 [build] slawek

     Upgrade the docker compose used in demo and system tests to V2
version.
     The V1 version is still supported for backward compatibility.
     (Gitlab #979)

* 290 [func] slawek

     Added support for connecting to the Postgres server over sockets. It
allows
     securing the connection using the "trust" and "host" authentication
modes.
     (Gitlab #858)

* 289 [bug] slawek

     Fixed ignoring URL segments in the Grafana base address.
     (Gitlab #980)

* 288 [bug] razvan

     The content of subnets column is now sorted.
     (Gitlab #855)

* 287 [func] slawek

     Added a human-readable representation of the event level in the dump
     package.
     (Gitlab #971)

* 286 [func] marcin

     Refactored the code pertaining to processing the Kea configuration
in the
     Stork server. It introduces no new user-visible functionality, but
the
     number of code changes is significant and thus noted in the
ChangeLog.
     (Gitlab #942)

* 285 [bug] tomek

     BIND 9 detection code has been expanded and is now more robust. It
now can
     also attempt to look at more default locations for config files, use
     named -V to discover built-in locations and also use
STORK_BIND9_CONFIG
     to explicitly tell where to look for a BIND9 config file. The
detection
     process is also now more verbose. Enabling DEBUG logging level may
     help.
     (Gitlab #831)

* 284 [func] slawek

     The Prometheus exporter no longer attempts to communicate with
     non-configured Kea servers. It avoids producing repetitive error
logs in
     the Kea Control Agent and the Stork Agent.
     (Gitlab #933)

* 283 [bug] slawek

     Fixed a problem with periodically showing the HA loading indicator
when
     High Availability was not configured.
     (Gitlab #969)

* 282 [bug] slawek

     Fixed the problem with displaying subnet utilization bars on the
shared
     network page. The bars for IA_NA and IA_PD were always shown, even
when
     they had no corresponding subnet pools.
     (Gitlab #970)

* 281 [func] slawek

     Added a preliminary implementation of the hook framework.
     (Gitlab #779)

* 280 [func] slawek

     Implemented a new Kea configuration checker to detect if the subnet
     commands hook is simultaneously used with the configuration backend
     database and suggest replacing it with the configuration backend
command
     hook.
     (Gitlab #940)

* 279 [func] slawek

     Added the Kea configuration checkers reporting when there are static
     reservations for all addresses or delegated prefixes in the pools.
     (Gitlab #941)

* 278 [func] slawek

     Added the configuration review checkers to detect common
misconfigurations
     related to the HA multi-threading mode. The first checker suggests
enabling
     the HA+MT if Kea uses multi-threading, and the second validates that
HA
     peers use dedicated ports rather than Kea Control Agent's port when
the
     dedicated listeners are enabled.
     (Gitlab #944)

Thank you again to everyone who assisted us in making this release
possible.

We look forward to receiving your feedback.

-- 
Everett B. Fulton
ISC Support


More information about the Stork-users mailing list