[stork-users] Stork 1.10.0 is now available
Everett B. Fulton
ebf at isc.org
Wed Apr 5 17:29:53 UTC 2023
Stork 1.10.0 is a new development release of the Stork dashboard for
monitoring Kea servers.
The easiest way to install the software is to use native deb or RPM
packages. They can be downloaded from:
https://cloudsmith.io/~isc/repos/stork/
The Stork source and PGP signature for this release may be downloaded from:
https://www.isc.org/download#Stork
Documentation for Stork is available at:
https://stork.readthedocs.io
-----
# Stork 1.10.0 Release Notes, April 5 2023
Welcome to Stork 1.10.0, another development release. The changes
introduced in this version are:
1. **Kea Configuration Review Improvements**: Added new checker that
warns if Basic Auth is used in an insecure way in Kea Control Agent
[#945]. Added new checker that warns if Subnet commands and Config
Backend hooks are used together [#940]. Added new checker that warns if
size of the pool equals number of host reservations [#941]. Added new
checker that warns if the multi-threading is enabled for Kea packet
processing but not for HA processing [#944].
2. **Kea Configuration Management**: The work continues towards the
capability to manage subnets. In this release, we refactored the code
pertaining to processing the Kea configuration in the Stork server. It
introduces no new user-visible functionality, but the number of code
changes is significant and thus noted in the ChangeLog and Release Notes
[#942]. The data model now retains much more information about Kea DHCP
parameters [#952].
3. **BIND 9 support improvements**: BIND 9 detection code has been
expanded and is now more robust. It now can also attempt to look at more
default locations for config files, use `named -V` to discover built-in
locations and also use `STORK_BIND9_CONFIG` environment variable to look
for a specific BIND9 config file. The detection process is also now more
verbose. Enabling DEBUG logging level may help [#831]. The rndc key is
now detected properly. The key value is visible only for
super-administrators [#997].
4. **UI improvements**: The new reservation added via Stork appears on
all lists instantly, not after the next refresh [#996]. The content of
the subnets column is now sorted [#855]. Fixed a problem with
periodically showing the HA loading indicator when High Availability was
not configured [#969]. Fixed the problem with displaying subnet
utilization bars on the shared network page. The bars for IA_NA and
IA_PD were always shown, even when they had no corresponding subnet
pools [#970].
5. **Agent improvements**: The agent now attempts to pull statistics
only from daemons that are running. This should greatly limit the amount
of logs generated by both Stork agent and the Kea control agent. This
change may help for repeated CTRL_AGENT_COMMAND_FORWARD_FAILED logs by
Kea control agent [#933].
6. **Security**: Fixed the path traversal vulnerability that allowed
everyone to check the existence of any file on the filesystem [#987].
Added support for passwordless connections for databases. The Postgres
server can now be reached over sockets. It allows securing the
connection using the `trust` and `host` authentication modes [#858].
Expanded Stork ARM with an explanation how to fix potential problems
with self-signed certificates [#543]. Fixed integer-casting issues
reported by CodeQL [#982].
7. **Build improvements**: Updated Angular, PrimeNG, GoSwagger, and
OpenAPI generator [#981]. Changed the executable paths configured in the
default systemd service files to absolute [#972]. Migrated from outdated
`docker-compose` to more recent `docker compose` [#979].
8. **Bug fixes**: A user without any groups can now log out properly
[#1004]. Fixed ignoring URL segments in the Grafana base address [#980].
Added a human-readable representation of the event level in the dump
package [#971].
Please see this link for known issues:
https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues.
## Incompatible Changes
None.
## Release Model
Stork has bi-monthly development releases, with some exceptions.
We encourage users to test the development releases and report back
their findings on the stork-users mailing list, available at
https://lists.isc.org/mailman/listinfo/stork-users.
This text references issue numbers. For more details, visit the Stork
GitLab page at https://gitlab.isc.org/isc-projects/stork/issues.
## License
Stork is released under the Mozilla Public License, version 2.0.
https://www.mozilla.org/en-US/MPL/2.0
## Download
The easiest way to install the software is to use native deb or RPM
packages. They can be downloaded from:
https://cloudsmith.io/~isc/repos/stork/
The Stork source and PGP signature for this release may be downloaded
from:
https://downloads.isc.org/isc/stork
The signature was generated with the ISC code-signing key, which is
available at:
https://www.isc.org/pgpkey
ISC provides documentation in the Stork Administrator Reference Manual
(ARM). It is available on ReadTheDocs.io at
https://stork.readthedocs.io/en/latest/, and in source form in [the doc/
directory](https://gitlab.isc.org/isc-projects/stork/-/tree/master/doc).
We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the stork-users mailing list
(https://lists.isc.org/mailman/listinfo/stork-users). We would also like
to hear whether the documentation is adequate and accurate. Please open
tickets in the Stork GitLab project for bugs, documentation omissions
and errors, and enhancement requests. We want to hear from you even if
everything worked.
## Support
Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/mailinglists/. If you have any comments or questions
about working with Stork, please share them to the stork-users list
(https://lists.isc.org/mailman/listinfo/stork-users). Bugs and feature
requests may be submitted via GitLab at
https://gitlab.isc.org/isc-projects/stork/issues.
## Changes
The following summarizes changes and important upgrades since the
previous Stork release versioned 1.9.0.
* 298 [func] marcin
New and updated host reservations are instantly visible in Stork
after
submitting the form.
(Gitlab #996)
* 297 [build] slawek
Fixed the security vulnerabilities reported by the Github Dependabot
and
updated dependencies including the Angular, PrimeNG, GoSwagger and
OpenAPI Generator.
(Gitlab #981)
* 296 [bug] slawek
Fixed the path traversal vulnerability that allowed everyone to
check the
existence of any file on the filesystem.
(Gitlab #987)
* 295 [bug] slawek
Fixed fetching the authorization keys from BIND 9 configuration. The
key
value is visible only for super-administrators.
(Gitlab #997)
* 294 [build] slawek
Changed the executable paths configured in the default SystemD
service
files to absolute.
(Gitlab #972)
* 293 [bug] slawek
Fixed a problem whereby a user not assigned to any groups could not
log out.
(Gitlab #1004)
* 292 [func] slawek
Added the configuration review checker to verify that the Stork
Agent and
Kea Control Agent communicate over TLS if the Kea Control Agent
requires
the HTTP credentials (i.e., Basic Auth).
(Gitlab #945)
* 291 [build] slawek
Upgrade the docker compose used in demo and system tests to V2
version.
The V1 version is still supported for backward compatibility.
(Gitlab #979)
* 290 [func] slawek
Added support for connecting to the Postgres server over sockets. It
allows
securing the connection using the "trust" and "host" authentication
modes.
(Gitlab #858)
* 289 [bug] slawek
Fixed ignoring URL segments in the Grafana base address.
(Gitlab #980)
* 288 [bug] razvan
The content of subnets column is now sorted.
(Gitlab #855)
* 287 [func] slawek
Added a human-readable representation of the event level in the dump
package.
(Gitlab #971)
* 286 [func] marcin
Refactored the code pertaining to processing the Kea configuration
in the
Stork server. It introduces no new user-visible functionality, but
the
number of code changes is significant and thus noted in the
ChangeLog.
(Gitlab #942)
* 285 [bug] tomek
BIND 9 detection code has been expanded and is now more robust. It
now can
also attempt to look at more default locations for config files, use
named -V to discover built-in locations and also use
STORK_BIND9_CONFIG
to explicitly tell where to look for a BIND9 config file. The
detection
process is also now more verbose. Enabling DEBUG logging level may
help.
(Gitlab #831)
* 284 [func] slawek
The Prometheus exporter no longer attempts to communicate with
non-configured Kea servers. It avoids producing repetitive error
logs in
the Kea Control Agent and the Stork Agent.
(Gitlab #933)
* 283 [bug] slawek
Fixed a problem with periodically showing the HA loading indicator
when
High Availability was not configured.
(Gitlab #969)
* 282 [bug] slawek
Fixed the problem with displaying subnet utilization bars on the
shared
network page. The bars for IA_NA and IA_PD were always shown, even
when
they had no corresponding subnet pools.
(Gitlab #970)
* 281 [func] slawek
Added a preliminary implementation of the hook framework.
(Gitlab #779)
* 280 [func] slawek
Implemented a new Kea configuration checker to detect if the subnet
commands hook is simultaneously used with the configuration backend
database and suggest replacing it with the configuration backend
command
hook.
(Gitlab #940)
* 279 [func] slawek
Added the Kea configuration checkers reporting when there are static
reservations for all addresses or delegated prefixes in the pools.
(Gitlab #941)
* 278 [func] slawek
Added the configuration review checkers to detect common
misconfigurations
related to the HA multi-threading mode. The first checker suggests
enabling
the HA+MT if Kea uses multi-threading, and the second validates that
HA
peers use dedicated ports rather than Kea Control Agent's port when
the
dedicated listeners are enabled.
(Gitlab #944)
Thank you again to everyone who assisted us in making this release
possible.
We look forward to receiving your feedback.
--
Everett B. Fulton
ISC Support
More information about the Stork-users
mailing list