### Stable BOA-2.2.5 Release - Full Edition ### Date: Thu May 8 11:59:23 PDT 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Sat May 10 09:05:19 PDT 2014 # Release Notes: This release includes no new features, but does include bug fixes plus latest Drupal 7.28.1 and Pressflow 6.31.2 core in all built-in Octopus platforms. There are also three updated distributions included, as listed below. We also list here all hot-fixes applied to previous stable after its release. # Important - Read This First! (for self-hosted BOA only) If you haven't run full barracuda+octopus upgrade to latest BOA Stable Edition yet, don't use any partial upgrade modes explained in docs/UPGRADE.txt Once new BOA Stable is released, you must run *full* upgrades with commands: $ barracuda up-stable $ octopus up-stable all both For silent, logged mode with e-mail message sent once the upgrade is complete, but no progress is displayed in the terminal window, you can run alternatively, starting with screen session to avoid incomplete upgrade if your SSH session will be closed for any reason before the upgrade will complete: $ screen $ barracuda up-stable log $ octopus up-stable all both log Note that the silent, non-interactive mode will automatically say Y/Yes to all prompts and is thus useful to run auto-upgrades scheduled in cron. If you have skipped some recent BOA releases, and you have new default config option: _PERMISSIONS_FIX=NO in your /root/.barracuda.cnf configuration file, plus, you are not sure if you follow best practices for managing permissions as recommended in our docs: https://omega8.cc/node/116 then we recommend that you change it to _PERMISSIONS_FIX=YES temporarily, or even permanently if your VPS is fast enough, and then run this powerful script as root: $ bash /var/xdrago/daily.sh Note that BOA 'legacy' mode is still at version 2.1.3 # Updated Octopus platforms: Commons 3.12 ----------------- https://drupal.org/project/commons Open Atrium 2.18 ------------- https://drupal.org/project/openatrium Open Outreach 1.6 ------------ https://drupal.org/project/openoutreach # Changes in this release: * Add rsyslog/sysklogd to auto-healing procedures. * Make the aggressive scan_nginx mode optional and use old mode by default. * Nginx: Add HiScan to blocked crawlers list. * Nginx: Add Riddler to blocked crawlers list. * PHP: Use pm.process_idle_timeout = 10s for speed and RAM optimization. # System upgrades in this release: * MySecureShell 1.33 * PHP 5.4.28 * PHP 5.5.12 # Fixes in this release: * Always define _PHP_CN variable properly. * Firewall: Sync CONNLIMIT for web ports with updated limit_conn in Nginx. * Fix for _NGINX_DOS_LIMIT logical error in the scan_nginx template. * Force Pure-FTPd server re-install if key files are missing for any reason. * Issue #2237167 - Improve authorized IPs detection in all protected vhosts. * Issue #2262935 - Modules dir must be group writable in custom platforms. * Nginx: Do not overwrite custom symlinks to the Under Construction template. * Nginx: Update limit_conn in all instances and vhosts on Barracuda upgrade. * PHP: Delete pear in legacy paths, if still exists. * PHP: Fix for CVE-2014-0185 privilege escalation in FPM (doesn't affect BOA) * Postfix: Force re-install if broken permisions detected on upgrade. * Pressflow 6: Fix #GH 84 by using drupal_page_is_cacheable(). * Pressflow 6: Merge pull request #GH 85 from pressflow/SA-CORE-2014-002-fix. * Pressflow 6: Remove duplicate openid_update_6001(). * Revert "Force MariaDB 5.5 re-install". * Set the TERM env variable if missing to avoid errors. * Skip packages set on hold when running apticron. * The ~/static/control must be writeable by lshell user to manage ctrl files. * Add extra cron semaphore to prevent concurrent cron invocations via multiple running runner.sh instances. ### Stable BOA-2.2.4 Release - Full Edition ### Date: Wed Apr 30 17:03:36 PDT 2014 ### Includes Aegir 2.x-boa-custom version. ### Latest hotfix added on: Fri May 2 04:54:25 PDT 2014 # Release Notes: This release includes several bug fixes along with five updated platforms, plus some hot-fixes applied to previous stable after its release. We have also added a fix for known problem is recent Drupal 7.27 [#2245331] hence the change from Drupal 7.27.1 to 7.27.2 in all D7 platforms. # Updated Octopus platforms: ### Drupal 7.27.2 Commerce 1.25 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.14 ---------------- https://drupal.org/project/commerce_kickstart Commons 3.11 ----------------- https://drupal.org/project/commons Panopoly 1.5 ----------------- https://drupal.org/project/panopoly ### Pressflow 6.31.1 Commons 2.17 ----------------- https://drupal.org/project/commons Note: Always read and follow upgrade procedure if explained in the distro release notes, like for Panopoly 1.5 at https://drupal.org/node/2255133 # New o_contrib modules: * print-6.x-1.19 (includes patch to auto-detect /usr/bin/wkhtmltopdf) * print-7.x-2.0 (includes patch to auto-detect /usr/bin/wkhtmltopdf) # New features and enhancements in this release: * Support for session.gc_maxlifetime configurable via INI files. You can control session garbage collector (EOL) per site and per platform. The value (in seconds) of the session_gc_eol variable is used as session.gc_maxlifetime value and specifies the number of seconds after which data will be seen as 'garbage' and potentially cleaned up, resulting with $_SESSION variable discarded and affected authenticated users logged out. BOA default defined in the system level global.inc file is 86400 == 24h. # Changes in this release: * Drush: Upgrade command line version 6 to mini-6-26-04-2014 * Nginx: Use higher defaults for limit_conn to avoid error 503 (CloudFlare) * Nginx: Use more aggressive limits against spambots trying to rgstr accounts. * Redis: Integration module (the modern variant) upgrade to 7.x-2.x-o8-2.6-B # System upgrades in this release: * Nginx 1.7.0 * PHP 5.5.12 * Redis 2.8.9 # Fixes in this release: * Add symlinks in the home directory if missing (every 5 minutes). * Add warning that Compass Tools install and upgrade may take a LONG time. * Always define _PHP_CN variable properly. * Do not delete symlinks to wrappers to avoid false LFD alarms. * Fix for 'Force backward compatible SERVER_SOFTWARE'. * Fix in websh for _IN_PATH logic to not break backend Drush tasks. * Fix the logic for wrappers update and symlinks. * Improve status messages to display when silent mode is used on upgrade. * Improve whitelisting in the websh wrapper. * Issue #2238805 - Command filtering - no word containing *drush* is allowed. * Issue #2241495 - wkhtmltopdf stopped working after upgrade. * Issue #2247997 - Update docs/REMOTE.txt with workaround for websh issue. * Issue #2250397 - Always follow (limited) redirects in cURL requests. * Issue #GH-304 - [rvm] use $_RUBY_VERSION as default. * Issue #GH-305 - Check disk usage before running install/upgrade. * Issue #GH-306 - Allow ruby 1.8 to remain installed. * Nginx: Allow to configure keywords for aggressive requests rate monitoring. * Nginx: Do not overwrite custom symlinks to the Under Construction template. * Nginx: Sync FastCGI timeouts with other Nginx and PHP-FPM defaults. * PHP: Add /opt/local/bin/php tmp symlink on barracuda/octopus upgrade. * PHP: Allow to set custom _PHP_FPM_TIMEOUT but not lower than 60 (in seconds) * PHP: Always respect _PHP_FPM_WORKERS variable if set to numeric value > 0 * PHP: Better defaults for realpath_cache_ttl and realpath_cache_size. * PHP: Fix for CVE-2014-0185 privilege escalation in FPM (doesn't affect BOA) * PHP: pm.max_children was not properly updated on FPM version self-switch. * PHP: Sync incorrect default_socket_timeout with max_execution_time (180s). * PHP: Use 30s for pm.process_idle_timeout - it prevents too high RAM usage. * PHP: Variable _PROCESS_MAX_FPM is not used on the Satellite Instance level. * Postfix: Force re-install if broken permisions detected on upgrade. * Prevent duplicate cron invocations with more strict delays. * Restart rsyslog once the install or upgrade is complete. * Set the TERM env variable if missing to avoid errors. * Shell: Proper fix for wildcard in the path (cd command only) * Standardize install and upgrade for Chive, SQL Buddy and CGP. * Sync Redis timeout with default FPM timeout (180s). * Sync SQL connect_timeout with default mysql.connect_timeout in PHP (60s). * The ~/static/control must be writeable by lshell user to manage ctrl files. * Update the logic for multi-version PHP support in BOND. * Update the logic for multi-version PHP support in docs/REMOTE.txt ### Stable BOA-2.2.3 Release - Full Edition ### Date: Fri Apr 18 12:57:40 PDT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This release includes several bug fixes and security upgrades both for the system services and Drupal core, along with three updated platforms and new features, including support for MariaDB 10.0 and Ubuntu 14.04 LTS Trusty. # Updated Octopus platforms: ### Drupal 7.27.1 Guardr 1.3 ------------------- https://drupal.org/project/guardr Open Atrium 2.17 ------------- https://drupal.org/project/openatrium Recruiter 1.2 ---------------- https://drupal.org/project/recruiter # New features and enhancements in this release: * Add docs/FAQ.txt * Add support for MariaDB 10.0 or 5.5 install via _DB_SERIES variable. * Add support for Ubuntu 14.04 LTS Trusty. * Improve auto-healing for multi-version PHP-FPM setup. * Improve docs/UPGRADE.txt * Improve health check for protected vhosts during live SSH-auth update. * Nginx: More aggressive limits against spambots trying to register accounts. # Changes in this release: * Issue #GH-299 - Force disable LESS developer mode on production sites. * Move custom scripts to /opt/local/bin/ * Nginx: Use higher defaults for limit_conn to avoid error 503 (CloudFlare) * Normalize localhost entry in /etc/hosts to avoid FQDN mapped to 127.0.0.1 * PHP: Do not use separate FPM pool for cron if _PHP_FPM_DENY is empty. # System upgrades in this release: * MariaDB 5.5.37 # Fixes in this release: * Add 'exit 0' line if missing. * Add /opt/local/bin to PATH by default. * Add symlinks for wrappers only temporarily. * Add warning that Compass Tools install and upgrade may take a LONG time. * Better gem uninstall options. * Compass: Multiple fixes for various expected gems versions install/upgrades. * Do not override lshell env_path in websh wrapper. * Do not use monitored bin path for custom scripts to avoid LFD false alarms. * Extra db GRANT for 127.0.0.1 not added when migrating site. * Improve auto-healing to create required directories in /var/run/ if missing. * Issue #2230269 - New Jetty 9 version overrides JETTY_PORT=8099 with 8080. * Issue #2235991 - Drush make needs better exceptions in websh wrapper. * Issue #2236475 - Clarify what the Legacy mode really means. * Issue #2238965 - Add missing path to switch_to_bash(). * Issue #2241013 - Git commands should be whitelisted in websh wrapper. * Issue #2241495 - wkhtmltopdf stopped working after upgrade. * Issue #GH-301 - Update the list of restricted keywords for Octopus username. * Issue #GH-304 - [rvm] use $_RUBY_VERSION as default. * Make sure that permissions on Chive Manager dir/files are correct. * Note: _SSL_FROM_SOURCES=YES is ignored and not needed on Wheezy and Precise. * PHP: Add /opt/local/bin/php tmp symlink on barracuda/octopus upgrade. * PHP: Allow to set custom _PHP_FPM_TIMEOUT but not lower than 60 (in seconds) * PHP: Always respect _PHP_FPM_WORKERS variable if set to numeric value > 0 * PHP: pm.max_children was not properly updated on FPM version self-switch. * PHP: Variable _PROCESS_MAX_FPM is not used on the Satellite Instance level. * Remove the line with header TABLE_NAME (sqlmagic). * Reset PATH to avoid RVM overrides after Compass Tools install/upgrade. * Shell: Allow to run 'drush cache-clear drush' in any directory. * The _PHP_MODERN_ONLY variable is no longer used. * Ubuntu 14.04 LTS Trusty requires MariaDB 10.0 * Use hostname -b instead of deprecated hostname -v. ### Stable BOA-2.2.2 Release - Barracuda Edition ### Date: Tue Apr 8 07:24:18 PDT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This is a bug-fix only release to address issues discovered after recent major BOA-2.2.0 and subsequent BOA-2.2.1 Releases. The most important problem fixed in this Release is related to known OpenSSL security issue, which has been fixed in OpenSSL 1.0.1g To learn more please visit: http://heartbleed.com @=> Note for those on self-hosted BOA (skip this if you are on a hosted Aegir) We recommend that you enable _SSL_FROM_SOURCES=YES option in your system /root/.barracuda.cnf file, to always build latest OpenSSL from sources. Note that it will also trigger OpenSSH and cURL install from sources, plus subsequent PHP rebuild to include latest SSL libraries. Note that _SSL_FROM_SOURCES=YES will not force the build from sources on Debian Wheezy and Ubuntu Precise, to avoid confirmed conflicts and because both OS versions already provide custom, patched OpenSSL packages. This Release doesn't include any updates to the Octopus installer, so there is no point in running full upgrade. It is enough to run the barracuda only, system upgrade in the "silent mode" with: $ screen $ barracuda up-stable system The system will send you an e-mail with results when the upgrade is complete, but there will be no upgrade progress displayed in the console. You can watch it, if you prefer, with command (DATE/TIME are placeholders for real values): $ tail -f /var/backups/reports/up/barracuda/DATE/barracuda-up-DATE-TIME.log # System upgrades in this release: * Nginx 1.5.13 * OpenSSL 1.0.1g (if installed from sources) * PHP 5.4.27 * PHP 5.5.11 # Fixes in this release: * Chive Authentication via SSH session may break Nginx due to race conditions. * Drush specific dt() wrapper is required in Provision for custom platforms. * Fix Compass Tools support for Omega (gems dependencies via bundle install). * Fix default shell for system level cron tasks. * Fix for csf firewall compatibility test. * Force better health check on protected vhosts on live SSH-auth update. * Improved health check for protected vhosts during live SSH-auth update. * Issue #2229555 - On fresh boa install link missing durring install. * Issue #2229715 - Tasks queue doesn't work on the Master Instance. * Issue #2231093 - Add new line before 'UseDNS no' in the sshd_config file. * Issue #2235991 - Drush make needs better exceptions in websh wrapper. * Issue #294 - New Relic ext not installed even if _NEWRELIC_KEY is not empty. * Nginx: Backup and re-create default wildcard SSL cert/key with rsa:4096 * Nginx: Generate 4096 bit long DH parameters when _NGINX_FORWARD_SECRECY=YES * Normalize localhost entry in /etc/hosts to avoid FQDN mapped to 127.0.0.1 * PHP: Better default workers limits for the ondemand mode. * PHP: max_input_time should be set to 180 and not 60, by default. * PHP: Zend OPcache directive opcache.enable=1 must be set in all ini files. * Reset PATH to avoid RVM overrides after Compass Tools install/upgrade. * The 'scp' command is broken in limited shell. * Too broad whitelisting breaks commands in limited shell with 'tmp' keyword. * Too restrictive open_basedir defaults break access to valid PEAR paths. * Too restrictive open_basedir defaults break access to valid Tika paths. * Use rsa:4096 by default in self-signed certs for Nginx and FTPS. ### Stable BOA-2.2.1 Release - Full Edition ### Date: Tue Apr 1 10:28:45 SGT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This is a bug-fix only release to address issues discovered after recent major BOA-2.2.0 Release. # Fixes in this release: * Chive Authentication via SSH session doesn't work on some older instances. * Compass Tools don't use correct paths to Ruby 2.1.1 * Cron for sites doesn't work on old instances without Nginx wildcard vhost. * FTPS (FTP over SSL) connections may experience TLS problems. * PHP: Disabled 'assert' may cause warnings on features revert. * PHP: Disabled 'create_function' may break some contrib modules or code. * The 'git pull' command is broken in limited shell. * The 'rsync' command is broken in limited shell. * The 'drush dl foo' command can't be run outside of site directory. # Known Issues on systems upgraded to BOA-2.2.1 (and 2.2.0) releases ==> Updated on Tue Apr 8 01:26:47 PDT 2014 @=> Issues fixed in BOA head (running the hotfix in stable is enough): * Chive Authentication via SSH session may break Nginx due to race conditions. * Drush specific dt() wrapper is required in Provision for custom platforms. * Issue #2229715 - Tasks queue doesn't work on the Master Instance. * PHP: max_input_time should be set to 180 and not 60, by default. * The 'scp' command is broken in limited shell. * Too broad whitelisting breaks commands in limited shell with 'tmp' keyword. * Too restrictive open_basedir defaults break access to valid Tika paths. * Zend OPcache directive opcache.enable=1 must be set in all php.ini files. To fix all those problems you can run as root on self-hosted system: $ wget -q -U iCab http://files.aegir.cc/update/boa221fix.txt $ bash boa221fix.txt We have fixed this on all hosted and remotely managed Aegir instances already. @=> Other issues fixed in BOA head (run 'barracuda up-head system' to apply): * PHP: New Relic extension not installed even if _NEWRELIC_KEY is not empty. * Too restrictive open_basedir defaults break access to valid PEAR paths. ### Stable BOA-2.2.0 Release - Full Edition ### Date: Mon Mar 31 06:44:08 SGT 2014 ### Includes Aegir 2.x-boa-custom version. # Release Notes: There are many important changes and improvements in this release you should be aware of *before* running your BOA system upgrade. Even if you are on a hosted BOA system with upgrades managed for you, it is very important to read at least this extensive release notes. Here is a list of topics covered in detail further below: * New 'legacy' mode available for installs and upgrades * Important Note For Those Using Our Hosted Aegir Service! * Custom php.ini protection has changed and will not honor old settings * Barracuda no longer supports Percona since 2.2.0 release * Support for PHP FPM/CLI version safe switch per Octopus instance * All PHP FPM workers in 5.5, 5.4 and 5.3 now use the 'ondemand' mode * Drush aliases are now automatically copied to all relevant accounts * Drush is now restricted to use only trusted modules installed by default * The ~/.drush and other important directories and symlinks are protected * Support for safely configurable cache bins exceptions in Redis * Two-Factor-like Authentication to protect access to Chive DB Manager * Support for session.cookie_lifetime configurable via INI files * Support for files permissions-fix exceptions via platform level INI file * High-performance JavaScript callback handler (js) in all platforms And if you are more curious, read also the big changelog further below, which covers only a small number of over 560 commits since BOA-2.1.3 release. But what if you are not ready for this major upgrade and you would like to have more time for testing, but still be able to run system upgrades, thus effectively still using previous version 2.1.3 with standard command 'barracuda up-stable system', as explained in the docs/UPGRADE.txt? #-### New 'legacy' mode available for installs and upgrades We are introducing special 'legacy' mode both for BOA installs and upgrades. This means that starting with BOA-2.2.0 you can use commands like: $ boa in-legacy public server.mydomain.org my@email o1 $ barracuda up-legacy system $ octopus up-legacy o1 etc. These special 'legacy' commands allow you to install and/or upgrade the 'old stable', once the 'new stable' is released. But only until another 'stable' is released, of course. Thus you can use it only as an interim solution if you are not yet ready for latest 'stable' BOA Edition, for any reason, but you want to update at least the low level system packages, kernel etc. Note also that if you will upgrade to current 'stable', it is not possible to downgrade back to the 'old stable' with 'legacy' mode, so please proceed with care! This option will be particularly important once we release *next* major BOA Edition. It will come with terminated support for Drush 4, Drupal 5 and, yes, PHP 5.2 (finally). This step is required to use latest Drush 6+ with supported Drupal cores versions and supported PHP versions, which in fact is required to introduce the real Aegir 2.0 in BOA -- we are still using older, customized for backward compatibility, Aegir 2 HEAD version, so it is time to move on and stay up to date with everything, get new features like ability to manage Drupal sites in subdirectories etc. Once that *next* major BOA Edition is released, we will freeze the 'legacy' mode at 2.2.x series level, which will receive only security upgrades and no further feature nor bugfix releases. At that point you will have to stick to the 'legacy' BOA version if you will need to run PHP 5.2 and Drupal 5 with Aegir based on Drush 4. It will be still possible, but not recommended and not really supported, besides security related issues outside of Drupal. This also means that at that point the 'legacy' version will no longer receive Drupal core upgrades, even if there will be security core releases. Note that we don't use the term "major release" in the known convention for versions naming. It is because the first digit, for historical reasons, refers to the Aegir version supported, the second digit refers to BOA stack major release, and the last digit refers to both feature and bugfix BOA stack upgrades. #-### Important Note For Those Using Our Hosted Aegir Service! NOW is the time (and last chance) to upgrade all your legacy Drupal 5 sites and outdated Drupal 6 sites still not compatible with at least PHP 5.3, because once we upgrade to the *next* major BOA Edition, it will be no longer possible to still run Drupal sites not compatible with PHP 5.3 -- there were literally years of this legacy support provided, and this finally comes to the end, because we will not use the BOA 'legacy' mode on our own servers. It will be still available for remotely managed 'Aegir on Your Own Server' option, though, but only on request: https://omega8.cc/support #-### Custom php.ini protection has changed and will not honor old settings If you have custom settings in any of your php.ini files protected with old variable in the /root/.barracuda.cnf, make a backup of your ini files before running this upgrade. While these files will not get overwritten, they will no longer be used, because we have introduced new, standardized directory structure to properly support multi-PHP-versions systems. Respective php.ini files are now located in /opt/phpXX/etc/phpXX.ini for FPM and /opt/phpXX/lib/php.ini for CLI, where XX is 55, 54, 53 or 52, depending on the versions listed via _PHP_MULTI_INSTALL variable in the /root/.barracuda.cnf file. Also the variables used to protect ini files from being overwritten have changed to _CUSTOM_CONFIG_PHPXX. If you need any non-standard settings in any of active ini files, don't overwrite them with the old files, but rather carefully review and apply only the differences you need. #-### Barracuda no longer supports Percona since 2.2.0 release If you have used Percona before, Barracuda will force upgrade to MariaDB 5.5 and PHP rebuild automatically. We plan to add possibility to install MariaDB 10.0 once released as stable and tested. MariaDB is the default DB server in Barracuda for a long time already. #-### Support for PHP FPM/CLI version safe switch per Octopus instance This allows to easily switch PHP version by the instance owner w/o system admin (root) help. All you need to do is to create ~/static/control/fpm.info and ~/static/control/cli.info file with a single line telling the system which available PHP version should be used (if installed): 5.5 or 5.4 or 5.3 Only one of them can be set, but you can use separate versions for web access (fpm.info) and the Aegir backend (cli.info). The system will switch versions defined via these control files in 5 minutes or less. We use external control files and not any option in the Aegir interface to make sure you will never lock yourself by switching to version which may cause unexpected problems. Note that the same version will be used in all platforms and all sites hosted on the same Octopus instance. Why not to try latest and greatest PHP 5.5 now? #-### All PHP FPM workers in 5.5, 5.4 and 5.3 now use the 'ondemand' mode This change will help to better manage memory use, especially on systems with multiple PHP versions running in parallel. This will also free resources and allocate them dynamically only when requests are coming and only to the active FPM pools. Note that the 'ondemand' mode doesn't affect Zend OPcache, because it is managed by the parent process(es) which stay(s) active. The net result is that on a vanilla BOA install, without non-hostmaster sites running, the complete stack consumes just ~200 MB of RAM (in total, so with MariaDB, Redis and Nginx etc. included) with all three PHP-FPM versions running in parallel: 5.5, 5.4 and 5.3: CPU[#* 2.0%] Mem[|||||||||||||###***********************************209/1002MB] Swp[ 0/0MB] magic:~# ps axf | grep fpm 8380 ? Ss 0:00 php-fpm: master process (/opt/php55/etc/php55-fpm.conf) 8391 ? Ss 0:00 php-fpm: master process (/opt/php54/etc/php54-fpm.conf) 8402 ? Ss 0:00 php-fpm: master process (/opt/php53/etc/php53-fpm.conf) magic:~# #-### Drush aliases are now automatically copied to all relevant accounts While Aegir manages Drush aliases for its backend needs, they are normally not available for the main nor the extra shell users on the instance. But starting with 2.2.0, BOA automatically manages copies of all Drush aliases, by adding them, updating or removing, every 5 minutes, once it detects that there are changes applied, like: the site has been migrated to another platform, or associated client/owner has been updated, etc. You no longer need to `cd` to the respective site directory to perform some available Drush tasks. Just check the available aliases list with `drush aliases` and then enjoy the beauty of `drush @foo.com command` syntax. #-### Drush is now restricted to use only trusted modules installed by default Note: this change affects only Aegir backend/system user, typically o1, while all other limited shell accounts are not affected, because they are already individually jailed with protected custom php.ini and special Drush wrappers and settings. This means that you can skip this section if you are on a hosted Aegir. Customized Drush now included in BOA by default, will be able to use only extensions/commands bundled with contrib modules which are either a part of modules added in every platform via shared o_contrib/o_contrib_seven symlink located in the platform core modules directory, or are included in the built-in platforms installation profiles space, or in the system account, protected .drush sub-directory. This means that any Drush extension/command bundled with contrib module uploaded to the sites/all/modules space in all built-in platforms will be ignored and not available on command line for the backend user. The same applies to site level contrib space, if used. Additionally, any Drush extension/command bundled with custom platforms located in the ~/static directory tree will be completely ignored by Drush, no matter where uploaded: core, profiles, sites/all or sites/foo.com space. This is not a problem in hosted environments, where users normally never should have an access to the Aegir backend user, anyway. If you have any reason to use Drush on command line as an Aegir backend/system user, for example to escape limited shell restrictions, we recommend to install vanilla Drush 6, for example in /opt/tools/drush/vanilla/drush/ and then symlink it into /usr/local/bin/ with custom name, so it will be available automatically in your backend o1 user's PATH. Further improvements to secure sites and instances in a completely locked virtual jails are planned in next BOA releases, which will address all other known and even potential security issues in Aegir. #-### The ~/.drush and other important directories and symlinks are protected There are directories, files and symlinks which should be protected from any changes and managed exclusively by the BOA system. The reasons may vary from security to avoidable support requests when the less experienced user will delete his sites or platforms symlinks, while they can't be easily nor automatically recreated. It also prevents the sub-accounts users from using their account home directory as a private upload/archive disk space. #-### Support for safely configurable cache bins exceptions in Redis Sometimes you may want to exclude some problematic cache bins from Redis so they will use default SQL engine, at least until related issue will be fixed either in your contrib code or in the Redis integration module. Normally you had to edit the local.settings.php file which is both tedious and dangerous because of extra steps: https://omega8.cc/node/230 to add a line, for example: $conf['cache_class_cache_foo'] = 'DrupalDatabaseCache'; Plus, it had to be done for every site separately. Now you can simply list the cache bins to exclude, comma separated, either in the site or platform level active INI file. Example: redis_exclude_bins = "cache_views,cache_foo,cache_bar" #-### Two-Factor-like Authentication to protect access to Chive DB Manager We are introducing Two-Factor-like Authentication logic - now extended also to protect Chive DB Manager, Collectd Graph Panel and SQL Buddy DB Manager. You must be logged in via SSH and run any auto-continuos command, for example: `ping -i 30 google.com` to keep the access open for your IP address. Why is this important? While BOA forces HTTPS connection for Chive, anyone who knows the URL can access it and attempt to either run brute-force attack to get into your site's database, or at least attempt to hammer the server and cause DoS-like effects, at least until the system will block his IP on the firewall. The other important reason is that your site's DB credentials change only when you migrate or rename the site, and otherwise remain intact. Now, what if you have an employee or a freelancer whom you no longer want to be able to access your site? If you think that deleting his SFTP sub-account is enough, think again. He still can access your site's database via Chive, if he knows the site's DB credentials and the Chive URL. But now it's no longer possible. Only the visitor who is able to successfully authenticate himself via SSH, and keeps active SSH session, will be able to access the Chive URL. The rest of the world will see just dummy Nginx 403 Access Denied error. And in case you are using self-hosted BOA, the same protection is applied also to Collectd Graph Panel and SQL Buddy DB Manager. #-### Support for session.cookie_lifetime configurable via INI files You can control session cookies expiration (TTL) per site and per platform. The value (in seconds) of the session_cookie_ttl variable is used as session.cookie_lifetime value. BOA default defined in the system level global.inc file is 86400 == 24h. We also recommend that you enable and configure built-in session_expire module, which allows you to keep the sessions DB table tidy. Make sure that TTL set via session_cookie_ttl variable is *lower* than TTL configured in the session_expire module, because the module does not care about PHP settings and simply deletes old entries from the sessions table on cron run. #-### Support for files permissions-fix exceptions via platform level INI file You can opt-out from globally enabled daily-permissions-fix procedure per platform with new fix_files_permissions_daily variable. This feature can be useful when you prefer to manage custom platform in a monolithic codebase mode in Git, so forcing permissions could conflict with your workflow or development tools. Otherwise you should never disable this to avoid issues with Aegir tasks related to sites on this platform. Note that the system level option _PERMISSIONS_FIX (introduced in BOA-2.1.0 and set to NO by default) should be also enabled with YES in the system level /root/.barracuda.cnf file, if you prefer to have permissions fixed in all sites on all platforms, except those with fix_files_permissions_daily = FALSE set in the platform level, active INI file. #-### High-performance JavaScript callback handler (js) in all platforms All platforms, both built-in and custom in the ~/static directory tree, enjoy automatically added High-performance JavaScript callback handler (js) support, which requires extra /js.php file in the platform root and also proper Nginx rewrites. The module itself is also included in the built-in o_contrib bundle. All you need is to enable the module, if recommended by any other module, and enjoy much faster page generation, where possible. You can review the full list of modules which will benefit from this great helper module on its project page: https://drupal.org/project/js Enjoy another super-fast and even more powerful BOA Edition! # New Octopus platforms: ### Drupal 7.26.4 Guardr 1.1 ------------------- https://drupal.org/project/guardr # Updated Octopus platforms: ### Drupal 7.26.4 Commerce 1.24 ---------------- https://drupal.org/project/commerce_kickstart Commerce 2.13 ---------------- https://drupal.org/project/commerce_kickstart Commons 3.9.1 ---------------- https://drupal.org/project/commons Drupal 7.26.4 ---------------- https://drupal.org/drupal-7.26 Open Academy 1.0 ------------- https://drupal.org/project/openacademy Open Atrium 2.15 ------------- https://drupal.org/project/openatrium Open Deals 1.32 -------------- https://drupal.org/project/opendeals Open Outreach 1.5 ------------ https://drupal.org/project/openoutreach OpenBlog 1.0-a3 -------------- https://drupal.org/project/openblog OpenChurch 1.12 -------------- https://drupal.org/project/openchurch OpenScholar 3.12.1 ----------- http://theopenscholar.org Panopoly 1.2 ----------------- https://drupal.org/project/panopoly Recruiter 1.1.2 -------------- https://drupal.org/project/recruiter Spark 1.0-b1 ----------------- https://drupal.org/project/spark Totem 1.1.2 ------------------ https://drupal.org/project/totem Ubercart 3.6 ----------------- https://drupal.org/project/ubercart ### Pressflow 6.30.1 Commons 2.16 ----------------- https://drupal.org/project/commons Feature Server 1.2 ----------- http://bit.ly/fserver Managing News 1.2.4 ---------- https://drupal.org/project/managingnews Open Atrium 1.7.2 ------------ https://drupal.org/project/openatrium Pressflow 6.30.1 ------------- http://pressflow.org Ubercart 2.13 ---------------- https://drupal.org/project/ubercart # New features and enhancements in this release: * Add High-performance JavaScript callback handler (js) in all platforms. * Add session_expire module to shared contrib space in all platforms. * Add support for session.cookie_lifetime configurable via INI variable. * Allow to control swap clear with control file /root/.no.swap.clear.cnf * Auto-Update all BOA install and upgrade wrappers daily. * Default system /bin/sh symlink target replaced with /bin/websh wrapper. * Disable tcp_slow_start_after_idle for better SPDY performance. * Improve the logic in the global.inc for faster processing. * Issue #1217486 - Add o_contrib symlinks on platform Verify task. * Issue #1310054 - Add support for drush aliases in all lshell accounts. * Issue #2148335 - Add Default Localhost Vhost. * Issue #2166641 - Make hard-coded load thresholds configurable. * Issue #2170079 - Use _CUSTOM_CONFIG_LSHELL to protect lshell.conf template. * Issue #2226919 - Custom Platforms in Version Control (skip permissions fix). * Lshell: Update /etc/lshell.conf only when required instead of every 5 min. * Manage extra db GRANT for 127.0.0.1 to allow SSH tunneling for SQL access. * New option _REDIS_LISTEN_MODE to configure PORT or SOCKET mode globally. * Nginx: Add support for protected PHP-FPM monitor. * Nginx: Force aggressive no-cache headers for the under construction page. * Nginx: Switch to buffered logging when /root/.high_traffic.cnf exists. * PHP: Add support for FPM/CLI version safe switch per Octopus instance. * PHP: Allow to install and run all supported versions: 5.5, 5.4, 5.3, 5.2 * PHP: Extra php.ini files automatically managed per system and shell user. * PHP: FPM workers in 5.5, 5.4 and 5.3 will use 'ondemand' mode by default. * PHP: Use separate FPM pools per Octopus instance. * PHP: Use TCP Socket mode for all FPM pools and Port mode for legacy vhosts. * Protect ~/.drush and other important directories and symlinks from changes. * Redis: Allow to exclude cache bins on the fly, per site or per platform. * Save 295 seconds on BOA Install and Upgrade. * Set and auto-manage strict permissions on some important config files. * Set PHP CLI version in the /bin/websh wrapper on the fly. * Use Two-Factor-like Authentication logic for Chive DB Manager access. * Improve `sqlmagic fix file.sql` to properly replace INSERT INTO with INSERT IGNORE INTO (a workaround for duplicate keys in the DB dump) * Use the same trick with modules/local-allow.info to temporarily make civicrm.settings.php writable, if exists. # Changes in this release: * Add ~/static/trash/* to automatic daily cleanup. * Add coder to auto-disabled modules -- see #2068771 * Allow 'drush uli' as root, but deny root access to Drush by default. * Disable D8 install via _ALLOW_UNSUPPORTED until next release. * Do not enable SYNFLOOD protection by default. * Do not force old_short_name in any profile file directly. * Firewall: Allow to connect to Apple Push Notification service (APNs) * Issue #289 - Update lshell env_path for RVM and install/update global gems. * Issue #292 - Open standard RTMP port 1935. * Lshell: Use latest Drush 6 (master) by default and remove other versions. * Nginx and PHP-FPM: Better default timeout limits. * Nginx: Add apk, pxl, ipa to known mime types / download extensions. * Nginx: Use text/xml mime type for .xml URLs and restore other mime defaults. * Open local access for web based sites cron. * Open outgoing port 2525 for custom SMTP connections. * Percona DB server is no longer supported. * PHP: Always build from sources. * PHP: Disable 5.2 FPM if installed, but not used. * PHP: Only critical errors are enabled by default in the CLI mode. * PHP: Reloading FPM hourly no longer makes any sense. * PHP: Remove support for deprecated APC and Memcached. * PHP: Restore MailParse support - 2.1.6 * PHP: Use aggressive disable_functions defaults (further tuned per FPM pool). * Redis: Integration module (the modern variant) upgrade to 7.x-2.x-o8-2.6-A * Redis: Use modern version with enabled fast lock and aggressive flush mode. * Remove insecure exception for wkhtmltopdf uploaded in the user space. * Rename master repository on GitHub from legacy nginx-for-drupal to boa. * Set _STRICT_BIN_PERMISSIONS=YES by default. * Upgrade Compass Tools on every upgrade, not just on new BOA release. * Use 60s opcache.revalidate_freq by default to save disk I/O on live sites. * Use Ruby Version Manager (RVM) by default to manage Compass Tools etc. * Use RVM for global gem installation and updates. * Use search_api_solr-7.x-1.4 for new installs. * Use web based cron by default to benefit from Zend OPcache. * Do not check existence nor auto-config Purge/Expire unless INI variable purge_expire_auto_configuration is set to TRUE (automatically, when the module is detected as enabled). * New naming convention for Ubercart 3.x platforms: [ud2] to support upgrades from uberdrupal profile, and [aq3] to support upgrades from acquia profile. Note that you have to choose Vanilla Testing profile to see [ud2] or Vanilla Minimal to see [aq3] platform in the Add Site form. * GitHub is now our main repository, we re-open the issue queue there for patches merge requests, while d.o has a code mirror status from now on. * Make it crystal clear that Ubuntu is barely supported, rarely tested and thus not recommended. * The "Run cron" extra task has been removed for security reasons. Site cron can be run either via standard, scheduled in Aegir procedure, which uses local, but web based request to the protected /cron.php URL, or on command line, or from the site admin area, as usual. # System upgrades in this release: * Bazaar Version Control System (bzr) 2.6.0 * Collectd Graph Panel (CGP) master-30-03-2014 * cURL 7.36.0 (if installed from sources) * Git 1.9.1 (if installed from sources) * Jetty 7.6.14, 8.1.14, 9.1.3 * Limited Shell 0.9.16.5-om8 * MariaDB 5.5.36 * MySecureShell 1.32 * Nginx 1.5.12 * OpenSSH 6.6p1 (if installed from sources) * OpenSSL 1.0.1f (if installed from sources) * PHP 5.4.26 * PHP 5.5.10 * PHP: Imagick 3.1.2 * PHP: ionCube loader 4.5.3 * PHP: MongoDB 1.4.5 (optional add-on) * PHP: Zend OPcache master-09-03-2014 * PHPRedis: master-22-03-2014 * Redis 2.8.8 * Ruby 2.1.1 (from now on compiled from sources) # Fixes in this release: * Add fix_collectd_nginx for Collectd config update. * Add missing panopoly_demo app in the Panopoly distro to fix broken install. * Add missing variables to active INI files, if needed. * Avoid way too long Speed Booster TTL for bots, especially for rss feeds. * Changing old_short_name mapping to: uberdrupal->testing and acquia->minimal * Do not force old_short_name if already set in db/drushrc. * Do not run swap clean when heavy tasks like cdp backup run. * Drush: Simplify and improve access restrictions logic when aliases are used. * Excessive and useless Drush internal cache clear in daily.sh removed. * Fix default PATH in all sub-scripts. * Fix for broken cURL from sources install logic. * Fix for drush make broken by websh fix for cd wildcard crash fix. * Fix for multi-IP cron access. * Fix missing /dev/fd early enough to avoid broken tasks in Aegir. * Fix the logic in manage_ip_auth_access() * Fix to avoid daily services maintenance/cron freeze if Jetty didn't stop. * Force backward compatible SERVER_SOFTWARE to silence core warnings. * Force OpenSSH rebuild on OpenSSL upgrade (if installed from sources). * Issue #1317322 - Filters UI broken. * Issue #1991908 - Fix the syslog flood caused by collectd df plugin. * Issue #2057213 - Use better SQL GRANT style. * Issue #2110589 - Unable to install BOA correctly on Debian 6.0 and OpenVZ * Issue #2141283 - Drush aliases like `drush dbup` no longer work properly. * Issue #2144801 - Display bug on add site. * Issue #2144947 - Install new Ruby for better compatibility with new gems. * Issue #2150557 - Make the check and update procedure for UseDNS safe. * Issue #2152383 - Fix for [js module] - add js_server_software variable. * Issue #2159881 - Drush is broken because Console_Table URL no longer works. * Issue #2161115 - AdvAgg: Strictly follow RFC 2616 14.21 * Issue #2167141 - Do not exclude --with-ldap --with-gmp in the PHP on Wheezy. * Issue #2172089 - Fix for syntax error. * Issue #2173209 - Do not use legacy (removed) symlink for version check. * Issue #2175197 - Regex configuration not matching esi/ssi tags. * Issue #2177837 - process.max not set correctly for PHP 5.5 and 5.4 * Issue #2182671 - Solr 4 with Jetty 8 does not start after upgrade. * Issue #2188907 - Update docs criteria for not rebuilding ssh, ssl, and curl. * Issue #2199229 - CiviCRM 4.4.4 Requires change in the Nginx configuration. * Issue #288 - SMTP Authentication Module depends on fsockopen. * Lshell: Fix for crash on wildcard cd. * Lshell: Remove symlinks for legacy drush_make. * Modules can be incorrectly whitelisted from dis by installation profile. * Nginx: Add exceptions for known video players. * Nginx: Avoid downtime on upgrade because of too low variables_hash_max_size * Nginx: Better gzip defaults. * Nginx: Default value of variables_hash_max_size is too low. * Nginx: Do not overwrite gzip_types. * Nginx: Improve fastcgi defaults. * Nginx: Remove too broad regex for 'flag' keyword in the URI. * Nginx: Send Access-Control-Allow-Origin * header also for /favicon.ico * Nginx: Use port 9090 in nginx_octopus_include.conf by default (PHP-FPM 5.3) * Nginx: Use Redirect 301 for legacy paths /sites/default/files/* * Once you have next 2.3.x installed, you can't downgrade to legacy 2.2.x * PHP: Add protection for instance level php.ini files. * PHP: Fix for broken build when --with-ldap is used. * PHP: Fix for broken dependencies in newer Debian and Ubuntu systems. * PHP: Fix for forced rebuild mode if lib curl is broken or updated with apt. * PHP: Fix for GEOS 3.4.2 and multi-version install. * PHP: Fix for legacy 5.2 logic. * PHP: Force 5.5 to use correct SQL drivers so its built-in will not be used. * PHP: Reduce duplicate rebuilds. * PHP: The --with-curlwrappers option has been removed in 5.5 * Redis: Auto-Restart if socket is missing only when socket mode is enabled. * Redis: Exclude cache_form bin or it will break modules like ajax_comments. * Redis: Force clean restart daily, with long enough sleep time. * Redis: Restore pwd protection. * Redis: The cache_metatag bin needs aggressive flush mode -- see #2062379 * Reduce system load during db backups with short delays between databases. * Remove collectd on major system upgrade even if /var/www/cgp doesn't exist. * Silence AIS (Adaptive Image Styles) module .htaccess requirements. * Sort and group cnf variables to bring some order into this chaos. * Symlink main drush wrapper to shared location outside of Master Instance. * Update for Redis bins exceptions logic. * Update system load check method in all scripts. * Use forced Jetty restart mode. * Use https in the welcome screen image src URL. * Use IPv4-strict hostname and IP checks only. # Known Issues on systems upgraded to BOA-2.2.0 release (all fixed) ==> Updated on Tue Apr 1 12:20:27 SGT 2014 @=> Issues hot-fixed in stable (run 'barracuda up-stable system' to apply): * Compass Tools don't use correct paths to Ruby 2.1.1 * Chive Authentication via SSH session doesn't work on some older instances. * PHP: Disabled 'create_function' may break some contrib modules or code. * PHP: Disabled 'assert' may cause warnings on features revert. * Cron for sites doesn't work on old instances without Nginx wildcard vhost. * The 'git pull' command is broken in limited shell. * FTPS (FTP over SSL) connections may experience TLS problems. * The 'rsync' command is broken in limited shell. * The drush dl foo can't be run outside of site directory. ### Stable BOA-2.1.3 Release - Full Edition ### Date: Thu Nov 21 17:55:47 SGT 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This release provides Drupal 7.24.1 and Pressflow 6.29.1 core security upgrade for all supported distributions. It also includes two updated platforms and several fixes for issues discovered since BOA-2.1.2 released 3 days ago, plus some clever improvements to help you automatically optimize all tables daily, or even automatically convert tables to-innodb or to-myisam, either per site or per platform, or per entire Octopus instance. There is also Purge Cruft Machine available to run some spring-cleaning daily with configurable TTL. Enjoy another super-fast and even more clever BOA Edition! # Updated Octopus platforms: ### Drupal 7.24.1 Open Atrium 2.0.9 ------------ http://drupal.org/project/openatrium OpenScholar 3.9.3 ------------ http://openscholar.harvard.edu # New features and enhancements in this release: * Purge Cruft Machine moved to daily.sh agent and made configurable with _DEL_OLD_BACKUPS and _DEL_OLD_TMP per Octopus instance. If changed to any number greater than "0" it will automatically delete backups stored in the /data/disk/U/backups/ directory and in all hosted sites backup_migrate directories, during daily cleanup, if created more than X days ago, where X is a number of days defined in _DEL_OLD_BACKUPS. If "0" then this feature is disabled. It can't be configured via INI files, so you may need to submit support request if you want to customize this option set to 7 days by default on all hosted instances, as per our backups policy: https://omega8.cc/backups The same logic applies to _DEL_OLD_TMP which defines for how long the temporary files in all hosted sites files/tmp/ and private/temp/ directories are kept before deleting them during running daily maintenance. * Added sql_conversion_mode variable in the platform and site level INI to customize instance-wide mode optionally set via _SQL_CONVERT. This option allows to activate and/or customize DB tables conversion per site, per platform and via _SQL_CONVERT per Octopus instance. Supported values are: innodb and myisam (lowercase only!) Note that this conversion will run daily even if all tables have been already converted, so it will run OPTIMIZE on all tables, effectively. Related Issue #2126471 - Convert DB engine control files to ini format. # Changes in this release: * Allow to install unsupported distros only in head, not stable. * Contrib update: advagg-7.x-2.3 * Map drush to drush6 on command line. You can still use drush4 and drush5. * New contrib: display_cache * New contrib: panels_content_cache * Nginx 1.5.7 -- security upgrade. * Use dev versions of CDN module with patch for AdvAgg 7 compatibility. * Use Drush 5 and 6 head until next release. # Fixes in this release: * Always cleanup temp downloads to avoid failed builds due to leftovers. * Always fix permissions on contrib on upgrade and in daily.sh agent. * Better auto-recovery when broken libcurl is detected. * Delete any tar/gz/zip files in modules|themes|libraries daily. * Delete dangerous local-allow.info file. * Display all active INI variables in HTTP headers on dev URLs. * Fix for cron auto-correction. * Fix for Feature Server broken due to incorrect context version downloaded. * Fix the logic for cURL install from sources. * Nginx: Add Access-Control-Allow-Origin header also for static .json * Nginx: Protect also .md files in modules|themes|libraries dirs. * Issue #2137583 - Permissions on the site directory are broken after running, how ironically, the Health Check task. * Issue #2138811 - Maintenance agent disables modules from its standard turn-off list, even if they are required by other modules, apps or features. # Known Issues on systems upgraded to initial BOA-2.1.3 release ==> Updated on Thu Nov 28 18:33:58 SGT 2013. @=> Issues which will trigger `barracuda up-stable system` if discovered: * PHP: Fix for broken cURL from sources install logic. * PHP: Fix for forced rebuild mode if lib curl is broken or updated. * PHP: Fix for legacy 5.2 rebuild required when broken libcurl is detected. * Use dummy variable instead of 'true' to avoid breaking the logic. @=> Issues which will NOT trigger `barracuda up-stable system` if discovered: * Add coder to the auto-disabled modules list -- see #2068771 * Excessive and useless Drush internal cache clear in daily.sh * Issue #2141283 - Drush aliases like `drush dbup` no longer work properly. * Issue #8215957 - Invalid version type error in old Drush Make. * MariaDB 5.5.34 just released. * Redis: Incorrect permissions on the integration module directory. * Modules can be incorrectly whitelisted by installation profile and never disabled, while they should be. # HotFix for known post-upgrade issues Run the boa-fix-upgrade script when logged in as system root: $ cd;rm -f boa-fix-upgrade.sh.txt* $ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt $ bash boa-fix-upgrade.sh.txt This script is updated once there is any new regression or bug discovered, so it is safe and recommended to run it again if the list of known issues have been updated. Note that this script will detect and fix all Octopus instances on your system at once. ### Stable BOA-2.1.2 Release - Full Edition ### Date: Mon Nov 18 00:03:30 SGT 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: This is primarily a bug-fix release and you should read release notes and also the changelog for both BOA-2.1.1 and BOA-2.1.0 for a context, especially if you are upgrading from BOA-2.0.9 or older release (we have tested upgrades from as old Editions as BOA-2.0.1, released on Dec 28 07:00:00 EST 2011). This Edition includes fixes for all Known Issues on systems already upgraded to initial BOA-2.1.1 release, plus some extra improvements and one updated platform (Managing News). Important new features include ability to use either legacy (default) or modern (highly recommended) version of Redis integration module. The reason we don't enable the modern version by default is that it may need some testing before using it on a complex Drupal sites. The modern version of Redis integration module comes with some great new features which allow you to configure flush mode per cache bin, with three modes available. Please refer to the module README for more information on all available advanced flush modes: http://bit.ly/1drmi35 It also comes with super-fast lock backend, which can be enabled only when you are using the modern version, but still needs more improvements, so we auto-configure some exceptions on the fly, when it is used, to avoid known issues, as reported in the queue: https://drupal.org/node/2135545 Please read also INI docs to understand how it works, and how to improve performance by enabling and tuning these settings: http://bit.ly/1bwfZZj Enjoy! # Updated Octopus platforms: ### Pressflow 6.28.3 Managing News 1.2.4 ---------- http://drupal.org/project/managingnews # New features and enhancements in this release: * Redis: Modern integration module 7.x-2.5 with latest fixes from #2135545 is available as an option with new INI variable: redis_use_modern * Redis: New option redis_flush_forced_mode to better control flush modes when redis_use_modern = TRUE * Add example for custom Speed Booster cache TTL configuration in the optional override.global.inc file. It can be used also in local.settings.php file. * Add detection and auto-config for the allow_private_file_downloads variable. * Issue #1978066 - Add _RESERVED_RAM variable for "reserved" memory. * Map all old_short_name profiles relations in the Aegir Provision directly. # Updated Aegir modules or extensions: * Newer aegir_custom_settings 6.x-2.3 with site clone added for client role. * Newer registry_rebuild 7.x-2.1 with fixed critical bug - see: #2130905 # Changes in this release: * Auto-Disable views_cache_bully also when Ubercart is enabled. * Do not delete testing profile, we need it for acquia->testing upgrade path. * Do not map old_short_name on the Octopus level, it is moved to Provision. * Make ACTIVE INI files comments-free to never confuse them with templates. * Make the fix for known Feeds problem global, not just ManagingNews specific. * PHP: 5.4.22 and 5.5.6 as an option (for testing only). * PHP: Use latest (master) phpredis_new by default. * Redis: Default integration module version reverted to pre-7.x-2.0 release. * Redis: Force rebuild on system upgrade to update also Redis config. * Redis: Make redis_lock_enable available only when redis_use_modern = TRUE * Set opcache.revalidate_freq to 5 sec only on non-dev URLs by default. * Switch Ubercart 3 to use D7 Minimal instead if Standard to fix upgrade path. * Update prev release notes to explain importance of using latest Pressflow 6. # Fixes in this release: * Always fix permissions on contrib on upgrade and in daily.sh agent. * Avoid files checks for Drupal for Facebook and Domain Access by default. * Better auto-recovery when broken libcurl is detected. * Fix for cron auto-correction. * Fix for post-upgrade permissions issues affecting modules|themes|libraries. * Fix for too restrictive permissions in /data/all/000/* * Fix regression in the logic for dev URLs detection and auto-configuration. * Fix the forced contrib upgrade logic. * Fix the logic for cURL install from sources. * Improve procs monitoring agent with better whitelisting. * Improve sanitize_string() filtering to avoid issues with strong passwords. * Issue #1860706 - Native, unified support also for D6 lock backend. * Issue #2023895 - Do not kill java, only jetty and tomcat procs when needed. * Issue #2105477 - Allowed gem commands need custom aliases in lshell. * Issue #2134329 - Going from 2.0.9 to 2.1.1 does not update platforms. * Issue #2135545 - Lock Backend freezes the site on cache clear. * Issue #2136413 - Use -H to force correct HOME environment variable. * Issue #2136413 - Use sudo to avoid lshell protection in DB auto-conversion. * Make sure that /usr/local/bin is in the PATH. * Make the check_if_required test in daily.sh six (6) times faster. * Nginx: Fix too restrictive access policy for Aegir specific /hosting URI. * Redis: Add some debugging on dev URLs to make sure permissions are correct. * Redis: Added prefix support for lock backend. * Redis: Disable persistent mode to never use on-disk storage, see #2135545 * Redis: Do not enable tcp-keepalive or weird things may happen, see #2135545 * Redis: Exclude some bins to avoid issues with lock support, see #2135545 * Redis: Missing default values on variable_get() calls causing D6 break. * Redis: Update docs and naming convention for modern integration module. * Silence cURL test in meta-installers. * Sync randpass with sanitize_string(). * Set less restrictive permissions on civicrm.settings.php since provision_civicrm does not make the file writable temporarily as it should. # Known Issues on systems upgraded to initial BOA-2.1.2 release ==> Updated on Thu Nov 21 01:28:23 SGT 2013 with all fixes applied to stable. * Feature Server platform is broken since BOA-2.1.0 due to incorrect context module version downloaded via makefile. This bug affects only some instances upgraded to head and not stable, but since in the first 24 hours after BOA-2.1.2 release our static downloads were still out of sync on two of our mirrors, it is safe to assume that you should run the HotFix via boa-fix-upgrade.sh.txt anyway. * There is regression introduced in the maintenance agent logic, which results with dependency check effectively ignored. This may cause various disastrous effects, like disabling all modules chained via feature or via apps module, because apps module requires update module, which is normally disabled. While any feature which requires dblog or update module enabled is considered as a serious developer error and should be avoided, we have to respect all dependencies defined to never break any site by forcefully disabling modules. * Part of the Site Health Check task (the `drush6 status-report` command) breaks permissions on the site directory, which blocks any further tasks like Clone, Migrate and Backup. This regression was introduced in the BOA-2.1.0 release. # HotFix for known post-upgrade issues Run the boa-fix-upgrade script when logged in as system root: $ cd;rm -f boa-fix-upgrade.sh.txt* $ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt $ bash boa-fix-upgrade.sh.txt This script is updated once there is any new regression or bug discovered, so it is safe and recommended to run it again if the list of known issues have been updated. Note that this script will detect and fix all Octopus instances on your system at once. ### Stable BOA-2.1.1 Release - Full Edition ### Date: Sat Nov 9 17:00:00 EST 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: There are some important bug fixes in this release, along with changes to the Auto-(En|Dis)able agent, explained in greater detail in embedded docs included in platform specific INI file template. Note that the system agent doesn't modify any existing and active INI file, so updated docs are included only in the updated each morning INI templates: default.boa_platform_control.ini and default.boa_site_control.ini You can find both INI templates also online at: https://omega8.cc/node/293 We have also added some docs to help you if you experience any issues with cached, Views based pages and panels: https://omega8.cc/node/292 Note also that since BOA-2.1.0 all D6 based sites are forced to use PHP 5.3.27 on hosted and managed Aegir instances, even if they were previously configured to use deprecated, insecure, unstable and outdated PHP 5.2 for D6 based sites. This means that if you are using either too old D6 core (older than 6.28.x) some features will stop working, namely imagecache, /update.php and any feature which depends on contrib modules not yet compatible with PHP 5.3 We have allowed to use PHP 5.2 for too long, to give enough time (in years) to upgrade to latest Pressflow 6.x version and we no longer can extend this allowance, for obvious security and systems stability reasons. Furthermore, sticking with PHP 5.2 would not allow us to use latest Aegir 2.x version (BOA still includes a bit older Aegir 2.x for backward compatibility), since newer Aegir versions need newer Drush (BOA still uses ancient Drush 4.6) and newer Drush requires newer PHP version. It is even more important because Drupal 8 will not run on older PHP nor Drush older than 7.x, so there is basically no choice other than make all your sites compatible with PHP 5.3, or you will miss all future BOA system upgrades. Now even PHP 5.3 is officially in the EOL (End-of-Live) phase, with only security fixes expected, but also only until July 2014 and then it will be completely deprecated, so we will have to switch to modern PHP 5.5, first introduced as an option, later this year. Upgrading to latest Pressflow 6.x is *very* easy. Just add all contrib modules you are using in your outdated 6.x platform to the latest Pressflow 6.x platform we provide by default, reverify the new platform, clone the site in the old platform, migrate the cloned copy to the new platform and if everything works fine, migrate also your live site. It will take less than 15 minutes and there is absolutely no excuse to not upgrade. If you experience issues with your site due to the old core used on now forced PHP 5.3, we can temporarily revert it to PHP 5.2 for the last time, but it is really a bad idea. Much better idea is to find those 15 minutes and upgrade your site, so we could continue to provide future upgrades and new amazing features also for your Aegir instance. Enjoy new, shiny BOA Edition! # Updated Octopus platforms: ### Drupal 7.23.3 Open Atrium 2.0.4 ------------ http://drupal.org/project/openatrium Open Deals 1.31 -------------- http://drupal.org/project/opendeals OpenBlog 1.0-a3 -------------- http://drupal.org/project/openblog Recruiter 1.1.2 -------------- http://drupal.org/project/recruiter Spark 1.0-a10 ---------------- http://drupal.org/project/spark Totem 1.1.2 ------------------ http://drupal.org/project/totem ### Pressflow 6.28.3 Commons 2.13.2 --------------- http://drupal.org/project/commons Open Atrium 1.7.2 ------------ http://drupal.org/project/openatrium # New features and enhancements in this release: * Document all system-level control files in docs/ctrl/system.ctrl * Fast Redis lock implementation is now enabled by default for D6 and D7. * Nginx: Add NAXSI (Nginx Anti XSS & SQL Injection) WAF as an option. * Use 100% static downloads in stable to remove dependency on github and d.o * Use extended connection check procedure before exit 1. * Use reliable Redis UP check via PING/PONG instead of pid file check. # Updated o_contrib modules: * Contrib update: httprl-6.x-1.13 * Contrib update: httprl-7.x-1.13 * Contrib update: redis-7.x-2.3 * Contrib update: views_cache_bully-6.x-3.x * Contrib update: views_cache_bully-7.x-3.x * Contrib update: views_content_cache-7.x-3.0-alpha3 # Changes in this release: * Introducing Pressflow 6.28.3 to include fix for #2130865 * Updated INI docs for views_cache_bully and views_content_cache. * ProsePoint moved to unsupported. * Private files mode in D7 requires allow_private_file_downloads = TRUE in boa_site_control.ini or boa_platform_control.ini and is disabled by default. * Do not enable views_cache_bully and views_content_cache, unless special control files exist and related variables in the platform specific INI are not set to TRUE. * Auto-Disable views_cache_bully on sites with commerce module enabled, but allow to override it with ~/static/control/enable_views_cache_bully.info and views_cache_bully_dont_enable = FALSE # Fixes in this release: * All-in-One Site Health Check in Aegir not displayed for non-uid=1 users. * Always prepare shared D6 and D7 cores. * Always remove www. from the Redis cache key prefix. * Better check for not yet updated Octopus instances in a batch upgrade mode. * Check if ctools is enabled before attempting to enable views_content_cache. * Do not force HEAD on Precise. * Fix for /root/.upstart.cnf consistency. * Fix for PATH in aegir.sh * Fix still too aggressive procs monitoring. * Fix the check_if_required() logic in the Auto-Disable agent. * Improve all cURL based downloads with auto-continue mode. * Issue #1980250 - Fix for broken cache_page bin in Redis integration module. * Issue #2127237 - NewRelic: Unable to initialize module on Debian Wheezy. * Issue #2128233 - Rsyslog is still installed and consumes all CPU on OpenVZ. * Issue #2128819 - Better exceptions in too aggressive process monitoring. * Make sure to never set any HTTP headers or redirects in the backend. * Nginx: Do not use separate location for /images/ URI shortcut. * Nginx: Fix for regression in "Rewrite for legacy requests with /index.php". * Nginx: Fix the logic for restricted access to /authorize.php and /update.php * Nginx: Map URI shortcuts early to avoid overrides in other locations. * Remove rsyslog on VZ, if installed. * Restore backward compatibility with IP and not wildcard based vhosts. * Use silent upgrade mode in _LENNY_TO_SQUEEZE and _SQUEEZE_TO_WHEEZY. * Issue #2127329 - AdvAgg (D6 version) presence in o_contrib should not auto-disable standard aggregation, unless the module is enabled. # Known Issues on systems upgraded to initial BOA-2.1.1 release ==> Updated on Tue Nov 12 14:44:16 EST 2013 with all fixes applied to stable. * Fast Redis lock may cause problems on node edit, with temporary error saying that the node was changed by "another user", because current implementation was not multisite-aware enough. * Views Cache Bully module, if enabled after upgrade to BOA-2.1.0, may break the cart and checkout on sites using Ubercart, and should be disabled automatically like it is done for Commerce based sites since BOA-2.1.1 * The version of Redis integration module included: 7.x-2.3 causes warnings for D6 sites, visible either on dev URLs or on command line and may break some advanced Views configurations if custom caching is not yet enabled. It may also break menu updates due to not aggressive enough cache clear policy for cache_menu bin. * Permissions set daily on the civicrm.settings.php file are too restrictive and since provision_civicrm extension does not make this file writable before attempting to re-create it, as it should, all tasks on CiviCRM enabled sites fail. * Permissions on sites/all/{modules,theme,libraries} on newly added, empty platforms with no sites created yet, so not included in the running daily permissions fix, are initially not group writable, as they should be. * The check_if_required procedure in the running daily maintenance agent to detect if the module is required by any other module or feature or by installation profile, is 6 (six) slower than it should be and never disables devel module properly. * The running daily maintenance agent does not disable files checks for Drupal for Facebook (fb) and Domain Access modules as it should in the platform level INI file, unless those modules are detected. # HotFix for known post-upgrade issues Run the boa-fix-upgrade script when logged in as system root: $ cd;rm -f boa-fix-upgrade.sh.txt* $ wget -q -U iCab http://files.aegir.cc/update/boa-fix-upgrade.sh.txt $ bash boa-fix-upgrade.sh.txt This script is updated once there is any new regression or bug discovered, so it is safe and recommended to run it again if the list of known issues have been updated. You can also run another upgrade with "barracuda up-stable system" command, followed by "octopus up-stable all both log" since all fixes have been applied to current stable as well, but boa-fix-upgrade script is faster than running complete upgrade again. ### Stable BOA-2.1.0 Release - Full Edition - Now NSA-proof ### Date: Sat Nov 2 18:15:19 EDT 2013 ### Includes Aegir 2.x-boa-custom version. # Release Notes: There are some really important changes and improvements in this release you should be aware of before running your BOA system upgrade. Even if you are on a hosted BOA system with upgrades managed for you, it is very important to read at least this release notes. And if you are more curious, read also the giant changelog further below. Besides all changes, fixes and improvements, all currently supported Drupal distributions have been upgraded to use latest Drupal core versions. Plus, there are seven (7) NEW platforms included! #-### Control files to customize your BOA system per platform and per site Almost all control files are now replaced with two centralized, platform and site specific INI files, using standard PHP INI format. The platform specific INI file template with extensive documentation included, has filename default.boa_platform_control.ini and is located in the sites/all/modules directory. The site specific INI file template with extensive documentation included, has filename default.boa_site_control.ini and is located in the sites/foo.com/modules directory. Any existing control files, both on the platform and site level will be automatically converted into active INI files and then deleted to avoid confusion, also automatically, on the first run of the special maintenance script: /var/xdrago/daily.sh but defaults in the global.inc file will allow for smooth, fully automated transition. This change will improve customizing your BOA system maintainability and overall system performance/load thanks to minimized files checks. #-### Empty and not used platforms auto-cleanup BOA has finally the ability to auto-delete, during daily maintenance, which happens each morning (server time zone), all empty and not used platforms. While on all hosted instances the TTL (time-to-live) is set to 60 days (counted since last verify task date/time on the platform), it can be configured per instance in the /root/.USER.octopus.cnf file by changing value of _DEL_OLD_EMPTY_PLATFORMS variable to anything higher than 0 (days), which is default (and means the feature is OFF). Note that every Octopus instance upgrade re-verifies all existing platforms, so if you will configure the TTL to 90 days but you will run the upgrade every month or every two months, no platforms will ever be deleted. If you wish to have this TTL customized on the hosted instance, where it is set to 60 (days) by default, please open a support ticket via: https://omega8.cc/support Remotely managed BOA systems can have this feature enabled and configured upon request submitted via https://omega8.cc/support #-### All-in-One Site Health Check in your Aegir control panel You will notice a new Task available on every site page in your Aegir Control Panel, named "Run health check". This new task will run a few important tests on your site and will store all results in the Task Log, so you easily review all results by clicking on the "View" button to the right of the task, when it is complete. Make sure to check all details by clicking on the "Expand" links in the log. What are the tests included? 1. The "drush clean-modules" command will be run for you to make sure there is no module left in the system table as "enabled" while it no longer even exists on the system. This part will utilize (behind the scenes) extension: https://drupal.org/project/clean_missing_modules If it will find any such leftover, it will clean it up, automatically. 2. The "drush6 pm-updatestatus" command is a native Drush command which tells you if there are any waiting module/code updates in the site. Note: it will *not* upgrade anything, it is a check only. Of course there should be no updates waiting if you follow Aegir site upgrade best practices and your site's code is up to date. Yes, this check will automatically enable the "update" module for you, but it will not auto-disable it afterwards (to not break things in case it is required by some other module or feature). 3. The "drush6 status-report" command is a native Drush command which provides you a complete overview of your site status. Instead of logging into the site, you can review it easily here. 4. The "drush6 updatedb-status" command is a native Drush command which tells you if there are any waiting database updates in the site. Note: it will *not* apply these updates, it is a check only. Of course there should be no updates waiting if you follow Aegir site upgrade best practices, but who knows, hence the check. 5. The "drush security-review" command will run only on Drupal 7 based sites and provides some additional information by using (behind the scenes) this extension: https://drupal.org/project/security_review #-### PFS (Perfect Forward Secrecy) support in Nginx BOA now fully supports the most secure, yet still compatible with most used systems and browsers SSL configuration. All hosted BOA instances have been already upgraded automatically and you don't need to do anything to make it work -- it is already done for you -- both on any SSL enabled site with dedicated certificate and IP address and also on the standard, system-wide SSL proxy level, which is available for every hosted site -- just type HTTPS:// in the URL. On self-hosted instances it needs to be enabled by adding a line in your /root/.barracuda.cnf file: _NGINX_FORWARD_SECRECY=YES before the upgrade. Note that depending on the system used, it may auto-install some requirements like latest OpenSSL libraries and packages. Remotely managed BOA systems can have this feature enabled upon request submitted via https://omega8.cc/support #-### SPDY (new networking protocol) support in Nginx BOA now fully supports the advanced, new protocol which allows to run sites over HTTPS with much better performance than plain HTTP. While not all browsers support this protocol yet, it is already enabled by default on all hosted BOA instances (but obviously works only when you access the site via HTTPS:// in the URL). On self-hosted instances it needs to be enabled by adding a line in your /root/.barracuda.cnf file: _NGINX_SPDY=YES before the upgrade. Note that depending on the system used, it may auto-install some requirements like latest OpenSSL libraries and packages. Remotely managed BOA systems can have this feature enabled upon request submitted via https://omega8.cc/support #-### Zend OPcache replaced APC in PHP Newer versions of PHP already come with next generation opcode cache from Zend, which is now open-sourced and available also as an extension for older PHP versions, including 5.2 and 5.3 BOA leverages this opportunity and now uses Zend OPcache instead of APC. This change is introduced automatically on all systems, both hosted and managed for you and also self-hosted. Only Debian Squeeze and Ubuntu Precise systems which are using PHP installed from packages and not from sources, so with _BUILD_FROM_SRC=NO set in the /root/.barracuda.cnf file, still use APC by default. You can install Zend OPcache by changing it to _BUILD_FROM_SRC=YES before running the upgrade. Note that Zend OPcache default configuration caches every script for 60 seconds, so any changes you will introduce, will be visible with up to 1 minute delay. However, if there is .dev. or .devel. in the site name, this delay is lowered automatically to just 1 second. You can change the default per site permanently by adding in the local.settings.php preferred value, for example, to set it to 10 seconds: ini_set('opcache.revalidate_freq', '10'); -- but remember that you will override default (1 second) for dev URLs using this method. Enjoy the most advanced, NSA-proof BOA Edition yet! # New Octopus platforms: ### Drupal 7.23.3 Open Academy 1.0-rc3 --------- http://drupal.org/project/openacademy Open Atrium 2.0 -------------- http://drupal.org/project/openatrium OpenBlog 1.0-a2 -------------- http://drupal.org/project/openblog OpenScholar 3.8.1 ------------ http://openscholar.harvard.edu Recruiter 1.1 ---------------- http://drupal.org/project/recruiter Spark 1.0-a9 ----------------- http://drupal.org/project/spark Totem 1.1 -------------------- http://drupal.org/project/totem # Updated Octopus platforms: ### Drupal 7.23.3 Commerce 1.20 ---------------- http://drupal.org/project/commerce_kickstart Commerce 2.9 ----------------- http://drupal.org/project/commerce_kickstart Commons 3.4 ------------------ http://drupal.org/project/commons Conference 1.0-a2 ------------ http://drupal.org/project/cod Drupal 7.23.3 ---------------- http://drupal.org/drupal-7.23 Open Deals 1.27 -------------- http://drupal.org/project/opendeals Open Outreach 1.2 ------------ http://drupal.org/project/openoutreach OpenChurch 1.11-b14 ---------- http://drupal.org/project/openchurch Panopoly 1.0-rc5 ------------- http://drupal.org/project/panopoly Ubercart 3.5.1 --------------- http://drupal.org/project/ubercart ### Pressflow 6.28.2 Commons 2.13 ----------------- http://drupal.org/project/commons Feature Server 1.2 ----------- http://bit.ly/fserver Managing News 1.2.3 ---------- http://drupal.org/project/managingnews Open Atrium 1.7.1 ------------ http://drupal.org/project/openatrium Pressflow 6.28.2 ------------- http://pressflow.org ProsePoint 0.46 -------------- http://prosepoint.org Ubercart 2.12.1 -------------- http://drupal.org/project/ubercart # New features and enhancements in this release: * Add a workaround for an edge case problem -- a missing /etc/resolv.conf * Add auto-config for AdvAgg on both Drupal 7 and Drupal 6. * Add command to check for available updates: `drushextra check updates` * Add gems for Omega 4 by default. * Add sass-globbing gem by default. * Allow to install latest OpenSSH from sources with _SSH_FROM_SOURCES * Allow to install latest OpenSSL from sources with _SSL_FROM_SOURCES * Anonymize lshell intro message. * Better code sharing with central core dirs for all built-in platforms. * BOA installer wrapper depends on curl instead of wget. * Do not stop/start cron if /root/.upstart.cnf control file exists. * Drush: Add embedded how-to for aliased commands. * Enable views_cache_bully and views_content_cache if views is enabled. * Firewall: Disable incoming ping/ICMP. * Firewall: Protect port 80 only with CONNLIMIT and remove it from PORTFLOOD. * Firewall: Update config template and enable port/syn flood protection * FTP: Allow to list/see up to 3000 files/subdirs in a directory. * Improve daily.sh performance. * Improve dist-upgrade procedure. * Improve docs/MODULES.txt * Improve meta-installers auto-update procedures. * Improve SQL limits auto-configuration. * Install pdnsd as a last service. * Issue #2000932 - Add also zen-grids. * Issue #2015553 - Fix the logic for protected registration of new accounts. * Issue #2044589 - SPDY Nginx support. * Issue #2052703 - Conversion from control files to ini includes. * Issue #2092599 - Switch to disable MySQL password reset on upgrades. * Issue #2105477 - Add support for bundler gem. * Issue #2116387 - Nginx and PHP: Improve system hardening. * Issue #2116395 - Nginx: Better protection and 404 instead of 403. * Issue #2118393 - Mark drush/cron as newrelic_background_job * Make Bazaar installation optional with BZR keyword required in _XTRAS_LIST * Nginx: Use forced HTTPS-only access for Chive and SQL Buddy. * PHP: Add experimental support for 5.4 and 5.5 * PHP: Install Zend OPcache instead of deprecated APC by default. * PHP: Reload FPM hourly unless /root/.high_traffic.cnf exists. * Restart db server when backup is complete if /root/.my.optimize.cnf exists. * Restore support for Expire and Purge modules. * Shell: Add gunzip to allowed commands. * Shell: Disable mc on the fly unless /root/.allow.mc.cnf control file exists. * Shell: Use MySecureShell 1.31 for SFTP by default. * Try to download wrapper 4 times before it gives up. * Use MySQLTuner to better tune SQL configuration on install and upgrade. * Use sqlmagic to fix errors caused by duplicate keys in the db dump. * Use standard D7 profile for Ubercart 3 and update related contrib. * We no longer depend on drupal.org for any downloads. * Add optional, configurable per site, automated and smart (via sqlmagic tool) DB table format/engine conversion, enabled per instance with non-default _SQL_CONVERT=YES option. * Add support for _MODULES_SKIP variable and make the auto-disable agent much smarter to never disable any module defined as required by any other module or feature. * Improve auto-recovery from manual permissions/ownership big mistakes related to critical files and dirs. * Issue #2067193 - PFS (Perfect Forward Secrecy) support in Nginx with _NGINX_FORWARD_SECRECY=YES config option. * Use _DEL_OLD_EMPTY_PLATFORMS to enable and define auto-cleanup for old, empty platforms with no sites hosted, separately per Satellite instance (it does not affect Master instance). * Issue #2000932 - Add more Compass tools/extensions: (compass_radix, zurb-foundation) and make sure the gems are updated on upgrade. * Nginx: Add support for domain specific /robots.txt mapped to static files/$host.robots.txt to make it possible to manage it per domain also when Domain Access module is used. * Improve the logic for daily permissions fix (no longer enabled by default) and make it configurable via _PERMISSIONS_FIX variable. * Improve the logic for daily modules fix (still enabled by default) and make it configurable via _MODULES_FIX variable. * Generate static sites/foo.com/files/robots.txt file per site, which is mapped to /robots.txt # New and updated Aegir modules or extensions: * Add security_review extension * Use registry_rebuild 7.x-2.x # New o_contrib modules: * Add Advagg 6 and 7 to all platforms. * Add force_password_change to all platforms. * Add views_cache_bully to all platforms. # Changes in this release: * All D6 based sites are forced to use latest PHP 5.3.27 version. * Chive 1.3 * cURL 7.33.0 as an option. * Drush 5.10.0 and 6.1.0 (available as drush5 and drush6) * Git 1.8.4.1 * Lshell 0.9.16.4-om8 * MariaDB 5.5.33a * Nginx 1.5.6 * Nginx: ngx_cache_purge-2.1 * OpenSSH 6.3p1 as an option. * Percona 5.5.33 * PHP 5.4.21 and 5.5.5 as an option. * Redis 2.6.16 * Vnstat 1.11 * Deprecate CiviCRM as a separate platform. * Remove obsolete MartPlug distro. * Move OpenPublish to unsupported. * Move NodeStream to unsupported. * Do not include D6 core translations, never included also in D7 platforms. * Do not include notoriously buggy backup_migrate module. # Fixes in this release: * Add all extra, non-standard options in the barracuda.cnf docs template. * Add built-in support for Domain Access also for sites/all/modules/contrib * Add exception to support commerce_multicurrency module properly. * Add info about self-signed SSL certificate in the welcome e-mail (again). * Add support for /usr/etc/sshd_config if exists. * Always force update_newrelic - even if there is no new PHP version. * Better check for GitHub partial downtime. * Better logic for clean resolvconf re-install when needed. * Contrib: Make the list readable. * Delete too old pid files if any exists. * Do not allow to break working DNS cache server with parent system overrides. * Do not allow to install OpenSSL and cURL from sources also on Precise. * Do not install rsyslog on VZ based VM. * Do not set session.cookie_secure on SSL requests for sites < D7 * Enable dev mode also when HTTP_HOST begins with dev. * Firewall: Adjust some defaults to improve flood protection, * Firewall: Always upgrade, unless _CUSTOM_CONFIG_CSF is set to YES. * Firewall: Better support for auto-whitelisting multi-IP systems. * Firewall: Fix csf.uidignore file to whitelist important system uids. * Firewall: Fix for csf template on VZ. * Firewall: Improve some flood protection defaults. * Firewall: Improve whitelisted IPs msg. * Firewall: Remove deprecated monitoring for now closed port 25 (incoming). * Firewall: Update config template. * Firewall: VZ compatibility. * Fix for /etc/resolv.conf and curl requirement in the BOA Meta Installer. * Fix for cron tasks queue. * Fix for forced pdnsd and resolvconf upgrades. * Fix for incorrect nproc discovery results on some VM systems. * Fix for proper handling mysql connections leftovers. * Fix for selected packages hold status. * Fix for the auto-update logic -- now it is default. * Fix permissions for control files to avoid leftovers on delete task. * Fix permissions on default backup_migrate dirs. * Fix the auto-healing to avoid killing all php-fpm processes at midnight. * Fix the automatic generation of static robots.txt file per site. * Fix the daily enable/disable logic and use faster drush version. * Fix the logic for chained installs from sources on upgrade. * Fix the makefiles to avoid issues after d.o upgrade. * Fix the not really working auto-healing to properly restart mysqld. * Fix the not really working lshell logs monitor. * Force clean pdnsd and resolvconf reinstall when needed. * Force contrib update to include redis module stable release. * Force cURL and OpenSSH re-install from sources when OpenSSL is from src. * Force Git rebuild from sources if SSL/cURL was built from sources. * Force Lshell rebuild when OpenSSL is installed from sources. * Force MSS and FTP rebuild when OpenSSL is installed from sources. * Force Nginx, PHP and Pure-FTPd re-install when OpenSSL is from sources. * Force PHP-FPM restart if 9+ connections with 499 in the last 60 seconds. * Generate 2048 bit long DH parameters when _NGINX_FORWARD_SECRECY=YES * IDS monitor should use lower defaults after introducing last min checks. * Improve gem and bundler allowed/denied restrictions. * Improve procs monitoring and whitelist backend tasks properly. * Improvements for Ubercart 2 installation + contrib updates. * Install latest CGP, collectd 5 compatible. * Issue #1751916 - Add Spark 1.0-a9 * Issue #1874786 - Fix for GNU Mailutils support. * Issue #1991312 - Fix support and auto-config for AdvAgg 7 and HTTPRL. * Issue #1991658 - Firewall: Close port 25 for incoming connections * Issue #1994346 - DoS protection for not cached URLs doesn't respect $scheme * Issue #1994346 - Fix the logic for SSESS/SESS prefix in the cookie name. * Issue #1995342 - X-Accel-Expires is never send when $expire_in_seconds == 0 * Issue #2002678 - barracuda up-stable system adds annoying extra delay. * Issue #2005116 - 403 on every attempt to log in from Hostmaster homepage. * Issue #2015551 - Fix for broken dev mode support switch. * Issue #2015551 - Fix the keyword check used to trigger "dev" mode. * Issue #2020043 - Send PUT requests for *.json URI to Drupal. * Issue #2032379 - _AUTOPILOT=YES should be forced also for "silent" modes. * Issue #2083373 - drush dl foo --destination=/path/ should be restricted. * Issue #2101193 - Support Drupal for Facebook from sites/all/modules/contrib * Issue #2105259 - All Platforms Installation Fails with Permission Denied. * Issue #2116177 - Use phpredis 2.2.4 * Lshell: Better settings for newer Drush versions. * Lshell: Fix for env_path * Lshell: version update and monitoring improvements. * Make sure o_contrib is updated also on head-to-head upgrades. * Make sure to rebuild PHP if cURL is installed from sources. * Make the upgrade e-mail generic. * More compact code for downloads. * Move csf/lfd corrections after pdnsd install. * Move the giant modules list from README.txt to docs/MODULES.txt * Nginx: Add access protection for .txt files in the modules|themes|libraries. * Nginx: Add access protection with fast 404 also for authorize.php * Nginx: Add access protection with fast 404 for extra .php known URLs. * Nginx: Add example site specific config for legacy .php URIs 301 redirects. * Nginx: Better support for static and dynamic .json requests/URIs * Nginx: Deny spiders on glossary/* URI, as they are never allowed to crawl. * Nginx: Fix for dynamically generated PDFs. * Nginx: Fix for redirects for legacy URLs with asp/aspx extension. * Nginx: Improve auto-whitelisting in the access log monitor. * Nginx: Improve POST requests monitoring. * Nginx: Move AJAX and webform requests location after civicrm location. * Nginx: Normalize newlines and spacing when fixing proxy config files. * Nginx: Remove 'results' from the bots-protected URI regex. * Nginx: Remove deprecated conf.d directory, if exists. * Nginx: Replace legacy keyword gulag with neutral limreq everywhere. * Nginx: Replace the zone legacy name also in Provision. * Nginx: Rewrite legacy requests with /index.php to extension-free URL. * Nginx: The /admin* URI protection logic has been moved to global.inc * Nginx: Update gzip_types to list all expected mime.types * Nginx: Update headers for AdvAgg compatibility. * Nginx: Update mime.types * Nginx: Use more precise wildcard in paths for replacements. * PHP: 5.4 requires uploadprogress-1.0.3.1 * PHP: Disable ionCube Loader for PHP 5.5 * PHP: Do not force extensions re-install unless _PHP_FORCE_REINSTALL=YES * PHP: Fix config overrides for 5.4 and 5.5 * PHP: Fix possible issues with legacy 5.2 support logic. * PHP: Fix unintended overrides in the ini files. * PHP: Force All Extensions Rebuild when _FROM_SOURCES=NO * PHP: Force APC instead of Zend OPcache on Squeeze/Precise on no-src install. * PHP: Force legacy version rebuild if exists. * PHP: Improve rebuild logic if SSL/cURL was built from sources. * PHP: Make sure that latest version of ionCube loader is installed. * PHP: Rebuild extensions also for 5.2, even if _PHP_MODERN_ONLY=YES * PHP: Set opcache.revalidate_freq to 1 second on dev alias/URL on the fly. * PHP: Start more FPM workers by default to avoid Nginx 499 and timeouts. * PHP: Use correct version of ioncube_loader for 5.4 * PHP: Use pecl-jsmin-0.1.1 with newer PHP versions. * PHP: Zend OPcache is a zend_extension and needs full path in the php.ini * Redis: Make redis_client_password optional and none by default. * Reload PHP-FPM before auto-healing will force its restart after midnight. * Remove already deprecated platforms. * Remove insecure files from libraries/plupload/examples. * Remove lock files before adding new users. * Security updates for selected contrib on all affected D7 platforms. * Shell: Fix FTPS compatibility after switching to MySecureShell * Shell: Sync IdleTimeOut for MSS with SSH and FTPS default 15m. * Shorten some too long status messages. * Silent Mode Option: aegir == Only stock Aegir forced up-head upgrade. * Simplify vnstat setup. * Split usage monitor into two separate scripts. * SQL auto-healing should always stop-stop-start and not just restart it. * SQL: Allow the engine to manage correct innodb_thread_concurrency value. * SSH: Make sure that 'UseDNS no' is always set. * Sync $cookie_domain validation with Drupal 7 core. * Sync dates with BOA defaults. * Unify apt-get options order. * Update for Redis config template. * Update or create /etc/apt/sources.list early enough. * Update PHP and SQL config early enough to avoid issues during upgrade. * Use --force-yes option if apt-get -y is used. * Use correct version of /etc/apt/preferences * Use drush6 only when required. * Use extended GitHub tests on HEAD and non-stock build only. * Use forced symlinks mode if possible. * Use is_readable() check instead of file_exists() for all includes. * Use mirror downloads for all contrib and patches to make it faster. * Use more restrictive permissions on lshell log files. ### Stable BOA-2.0.9 Release - Barracuda Edition ### Date: Thu May 9 11:25:59 EDT 2013 ### Includes Aegir from BOA-2.0.8 Edition # This is the first Barracuda-only Edition, released to address important security issue with Nginx server and provide system level upgrades. This Edition will not upgrade Aegir Master nor Aegir Satellite Instances, because there was no new Drupal core released since BOA-2.0.8 Edition and there were not enough updates to built-in platforms or contrib accumulated. Releasing Barracuda-only Edition separately from full Edition allows us to address system/services security issues without any extra delay, while releasing Octopus-only Edition will allow us to provide Drupal core or Aegir version upgrades, without affecting system level services. There is also another reason why separate releases will be useful. BOA-2.0.9 is the last Edition where Aegir 2.x still uses old Drush 4.6 in the backend. We need to sync BOA specific Aegir 2.x with upstream and finally switch to Drush 5, or even Drush 6, if possible. This change, however, may cause issues if you still host legacy Drupal 5 or some old Drupal 6 sites, with either core or contrib not compatible with PHP 5.3, which is now used by default. That is why we plan to introduce ability to install older/previous Barracuda and/or Octopus release, if you need more time to upgrade. # New features and enhancements in this release: * Debian 7.0 Wheezy support. * Automated upgrade from Squeeze with _SQUEEZE_TO_WHEEZY=YES option. * Added config template with inline how-to in docs/cnf/barracuda.cnf * Added config template with inline how-to in docs/cnf/octopus.cnf * Added passwords encryption how-to in docs/BLOWFISH.txt * Added the list of symbols used on install in docs/PLATFORMS.txt * Forced mysql restart if there are too many high CPU mysqld processes. * Improved docs/NOTES.txt * Improved docs/README.txt * Install libpam-unix2 and libxcrypt1 by default. * Install s3cmd by default. * Issue #1974640 - Allow to use Midnight Commander for limited shell users. * Limited Shell Logs Monitor enabled by default. * Nginx: Check for Linux/Cdorked.A malware and delete if discovered. * Re-generate and sync Aegir passwords before and after instance upgrade. * The silent 'system' mode documented in docs/UPGRADE.txt * Allow to exclude platform from otherwise forced `drush en entitycache -y` if sites/all/modules/entitycache_dont_enable.info control file is present. # Changes in this release: * Nginx 1.5.0 - security upgrade for CVE-2013-2028 * PHP 5.3.25 * Redis 2.6.13 * Do not disable update module in platforms known to include it as required. * Firewall: Open port 1129 for outgoing connections (some gateways need it). * Force syslog module as disabled by default and save some disk I/O. * Tune kernel to always use max RAM and not swap, if possible. # Fixes in this release: * Add outgoing port 25 SMTP to the list of requirements. * Firewall: Add truly permanent block for heavy abusers. * Fix for mytop support, available again on systems with MariaDB. * Fix permissions in the /data/all tree if required. * Fix the order of checks - they scan only the last (current) minute. * Force _STRONG_PASSWORDS=NO if locales still look broken on second check. * Improve detecting no longer running drush.php and/or cron PHP processes. * Improve fix_locales logic. * Improve global.inc symlinking on initial install and upgrade. * Improve messages displayed when fix_locales discovers broken locales. * Improve monitoring to avoid duplicate entries on low traffic systems. * Improve sanitize_string() filtering to avoid issues with strong passwords. * Improve syncpass tool - Update system user passwd and flush privileges. * Issue #1961226 - Warning: Could not change permissions of sites/all to 751. * Issue #1962458 - 403 for anonymous users on node/add. * Issue #1963044 - Force UTF-8 locales if not present/configured properly. * Issue #1974542 - Use /root/.home.no.wildcard.chmod.cnf control file. * Issue #1987936 - Restore ability to install PHP 5.2 for FPM and CLI. * Make sure that /dev/null is writable for everyone. * Make sure that all drushrc.php files are owned by Aegir system user. * Make sure that all expected sites/all/{modules,themes,libraries} dirs exist. * Make sure that DB server is restarted on upgrade after config tuning. * Make sure that pdnsd and resolvconf are properly installed. * Nginx: Remove duplicate Vary: Accept-Encoding headers. * Percona no longer supports older Ubuntu non-LTS releases. * PHP: Do not reload FPM every hour - it may cause error 502. * PHP: Fix paths depending on CLI version used. * PHP: Fix the extensions installation and upgrade logic. * PHP: Make sure that the FPM port is set correctly for D6 sites with 5.2 * PHP: Properly uninstall all related packages when using source build. * PHP: Start more FPM workers on systems with enough RAM by default. * Purge bin logs before disabling them. * Run NewRelic re-install early enough to avoid locking full-upgrade. * Sync the load limits for spiders and backend tasks. * The Java/Jetty monitor should use higher allowed limits by default. * Update apticron message to recommend system mode instead of full upgrade. * Update docs for _BUILD_FROM_SRC option. * Use aggressive enough Jetty restart procedure on nightly services reload. * Use correct status messages on install and upgrade. * Use installer and not Aegir version download on stable install/upgrade. ### Stable Edition BOA-2.0.8 ### Date: Mon Apr 8 01:41:36 CEST 2013 ### Installs Aegir 2.x # Updated Octopus platforms: ### Drupal 7.22.1 Commerce 2.6 ----------------- http://drupal.org/project/commerce_kickstart NodeStream 2.0-rc5 ----------- http://drupal.org/project/nodestream Open Deals 1.19 -------------- http://drupal.org/project/opendeals All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # Fixes: * Critical Issue #1962690 - Fix for broken Percona support. * Allow to use [a-z0-9] subdomains and not only [www] for IDN domain names. * Change the interval between platforms builds from 5 to 3 seconds. * Forced 1s Speed Booster TTL for vhosts behind local proxy is deprecated. * Move old firewall logs to backups to avoid crazy load after upgrade. * Nginx: Better exceptions handling in the Abuse Guard for js/shs modules. * PHP: CLI is at 5.3 since BOA-2.0.4, so symlink old 5.2 binary path to 5.3 * Update _LENNY_TO_SQUEEZE major upgrade procedure. * Update contrib with login_security-7.x-1.2 * Use static downloads for all distros in stable edition. ### Stable Edition BOA-2.0.7 ### Date: Thu Apr 4 00:00:17 EDT 2013 ### Installs Aegir 2.x # Updated Octopus platforms: ### Drupal 7.22.1 Commons 3.2 ------------------ http://drupal.org/project/commons All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # Fixes: * Create dot dirs and keys if not exist, plus known_hosts for system user. * Fix the sqlmagic regex to really convert only expected tables. * Issue #1958502 - Add missing symlinks to the new Drush extensions. * Issue #1960192 - Fix literal path replacement with sites/$new_url in D7. * Issues #1930670 #1958898 #1932616 - Fix for hosting_server_update_6200. * Taxonomy Edge update to 7.x-1.7 and 6.x-1.7 * Update contrib in all D7 platforms to ctools-7.x-1.3 - security upgrade. ### Stable Edition BOA-2.0.6 ### Date: Mon Apr 1 21:34:04 EDT 2013 ### Installs Aegir 2.x # New Octopus platforms: ### Drupal 7 Commons 3.1 ------------------ http://drupal.org/project/commons # Updated Octopus platforms: ### Drupal 7 CiviCRM 4.2.8 ---------------- http://civicrm.org Commerce 1.16 ---------------- http://drupal.org/project/commerce_kickstart Commerce 2.5 ----------------- http://drupal.org/project/commerce_kickstart Drupal 7.21.2 ---------------- http://drupal.org/drupal-7.21 NodeStream 2.0-rc4 ----------- http://drupal.org/project/nodestream Open Deals 1.18 -------------- http://drupal.org/project/opendeals Open Outreach 1.0-rc10 ------- http://drupal.org/project/openoutreach OpenChurch 1.11-beta9 -------- http://drupal.org/project/openchurch Panopoly 1.0-rc4a ------------ http://drupal.org/project/panopoly Ubercart 3.4.1 --------------- http://drupal.org/project/ubercart ### Pressflow 6 Acquia 6.28.1 ---------------- http://bit.ly/acquiadrupal Commons 2.12 ----------------- http://drupal.org/project/commons Feature Server 1.2 ----------- http://bit.ly/fserver Managing News 1.2.3 ---------- http://drupal.org/project/managingnews Open Atrium 1.7.1 ------------ http://drupal.org/project/openatrium Pressflow 6.28.1 ------------- http://pressflow.org ProsePoint 0.46 -------------- http://prosepoint.org Ubercart 2.11.1 -------------- http://drupal.org/project/ubercart All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # No longer supported Octopus platforms: The platforms listed below can be re-added when their maintainers will fix all critical issues and/or apply required updates: ELMS ------------------------- http://drupal.org/project/elms MartPlug --------------------- http://drupal.org/project/martplug Octopus Video ---------------- http://octopusvideo.org Open Academy ----------------- http://drupal.org/project/openacademy Open Enterprise -------------- http://drupal.org/project/openenterprise OpenPublic ------------------- http://drupal.org/project/openpublic OpenScholar ------------------ http://openscholar.harvard.edu Videola ---------------------- http://videola.tv # New features: * Add an option to allow cron based, unattended system-only upgrades. * Add randpass helper script. * Add support for wkhtmltoimage. * Add syncpass tool to repair broken instances after incomplete upgrade. * Allow to specify extra apt-get packages with _EXTRA_PACKAGES option. * Allow to tune PHP-CLI timeout in the BOND script with separate option. * Install auditd with aureport by default. * Issue #1479300 - Add optional LDAP support in Nginx. * Issue #1876418 - Support for High-performance JavaScript callback handler. * Issue #1916804 - Validated bypass of flood control based on tty. * Jetty: Make migration from Tomcat easy with _TOMCAT_TO_JETTY=YES * PHP: Allow to use _PHP_EXTRA_CONF for custom builds from src. * Redis: Add Lock Backend Support for Drupal 6 and Drupal 7. * Redis: Enable lock support if modules/redis_lock_enable.info exists. * Shell: Add extra Drush versions available as drush4, drush5 and drush6. * SOLR: Support for 1.x / Jetty 7, 3.x / Jetty 8 and 4.x / Jetty 9. * SOLR: Use Jetty 8 for Solr 4 on systems with Java 1.6 available. * SOLR: Use Jetty 9 for Solr 4 on systems with Java 1.7 available. * SQL: Add sqlmagic tool to fix SQL dumps and convert to/from InnoDB/MyISAM. * SQL: Make default_storage_engine configurable with _DB_ENGINE option. * Use Registry Rebuild with Fixed Redis Lock Support aware configuration. * Allow to force SERVER_NAME based $cookie_domain with special modules/cookie_domain.info control file per site. # New Aegir modules or extensions: * Add drush clean-modules command - clean_missing_modules extension. * Add drush_ecl extension - Drush Entity Cache Loader. * Add hosting_site_backup and provision_site_backup enabled by default. # Changes: * Git 1.8.2 * MariaDB 5.5.30 * Nginx 1.3.15 * Percona 5.5.30 * PHP 5.3.23 * Redis 2.6.12 * Deprecate CiviCRM 3.4.8 D6 - only available with _ALLOW_UNSUPPORTED=YES. * Do not force filefield_nginx_progress as enabled also for D7. * Drupal 8.0-dev-tested deprecated and moved to unsupported group. * ELMS 1.0-beta1 deprecated and moved to unsupported group. * Enable entitycache module by default. * Master Aegir: Re-create secure db password on every barracuda upgrade. * Master Aegir: Sync generating secure db password also on barracuda install. * Nginx: Set 24h Speed Booster cache TTL for spiders/bots by default. * NodeStream 1.5.1 deprecated and moved to unsupported group. * Open default MongoDB port 27017 for outgoing connections. * OpenScholar deprecated and moved to unsupported group. * PHP: Deprecate 5.2 also on upgrade. * PHP: Install MongoDB driver if MNG keyword is listed in _XTRAS_LIST. * PHP: Set _PHP_CLI_VERSION=5.3 by default. * PHP: Switch to forced CLI 5.3 and FPM 5.3 also in the custom config. * PHP: Switch to FPM 5.3 also for D6 sites by default. * Pressflow 5.23 deprecated and moved to unsupported group. * Redis: Re-create secure password on every barracuda upgrade. * Satellite Aegir: Re-create secure db password on every octopus upgrade. * SQL: Do not run DB OPTIMIZE unless /root/.my.optimize.cnf ctrl file exists. * SQL: Re-generate new secure mysql root password on every barracuda upgrade. * SQL: Use key_buffer = 2M by default. * SQL: Use more safe memory limits after introducing higher key_buffer_size * Use better names for various control files. * Watch crons running > 2 min and kill crons running > 3 min. * Split _XTRAS_LIST into two groups: included via ALL keyword and other which need to be listed explicitly. # Fixes: * Add Ksplice-aware kernel upgrade alert. * Add some delay to avoid race conditions when removing more zombies. * Allow higher system load before disabling access for spiders temporarily. * Always send upgrade log when running in the silent mode. * Avoid cron collisions and make sure all maintenance tasks run 0-6 AM. * Better and separate backup rotation on hostmaster upgrade. * Better check if Webmin GnuPG signing key has been added properly. * Better fix for $cookie_domain and DA compatibility. * Better protection for all ports usually targeted in brute force attacks. * Check if nproc is present and fall back to /proc/cpuinfo otherwise. * Clean swap on kernel tuning update. * Delete broken o_contrib symlinks before trying to recreate them. * Do not add and remove bind from /etc/sudoers since it is not supported. * Do not block @ in the limited shell - it breaks git foo git@bar etc. * Do not force _DEBUG_MODE=YES if not required. * Do not force _HTTP_WILDCARD=NO for stock install option. * Do not run extra IP checks for requests below $mininumber threshold. * Do not run initial apticron check in local install. * Do not run two mysql restarts in a row on mysql upgrade. * Downgrade to working wkhtmltopdf-0.10.0_rc2 and wkhtmltoimage-0.10.0_rc2 * Drupal 7.x core with Field API memory optimization - see #1915646 * Enable image_allow_insecure_derivatives to avoid issues with drupal-7.20 * Fix apticron to suggest barracuda up-stable instead of apt-get upgrades. * Fix AWS system auto-discovery and auto-configuration. * Fix Drush 5.x and _USE_STOCK support. * Fix for Bazaar (bzr) 2.6b2 extensions build. * Fix for pdnsd install on Ubuntu Precise. * Fix the 32 long ALNUM password generation for lshell users. * Fix the hint to just display the uptrack command, not run it. * Force logrotate on demand if /var/log/syslog > 1GB * Force mysql tables check and upgrade before hostmaster upgrade. * Force proper pdnsd and resolvconf re-installation if needed. * Force proper resolvconf configuration to support and use pdnsd server. * FTPS on all modern systems requires lshell path added in /etc/shells. * Hostmaster/Octopus contrib modules are now added via Aegir makefile. * Improve autonomous IDS auto-cleaning and permanent block mgmt. * Improve compatibility testing with Drush 5 and Drush 6. * Improve kernel default tuning. * Improve Master Instance upgrade logic. * Improve mysqldump performance by default. * Improve the default strict configuration for $cookie_domain. * Improve Tomcat/Jetty self-healing to avoid stuck processes. * Install also hostmaster contrib when stock option is used. * Issue #1782034 - Use fixed version of the message_notify module. * Issue #1825018 - Disable binary logging and make it optional. * Issue #1871060 - CiviCRM 4.2.6 needs separate civicrml10n fix. * Issue #1873478 - Localhost install broken because getent test is used. * Issue #1875348 - Fix for Nginx 1.3.10 bug causing random segfaults. * Issue #1886920 - Fix the unrecognized option [service=system-auth] error. * Issue #1886920 - Pure-FTPd config broken because of deprecated pam_stack.so * Issue #1888380 - Deleted platform cache folder recreated automatically. * Issue #1889322 - Domain Access module breaks sites provisioning. * Issue #1897018 - Set Pin-Priority also in wrappers to fix also stable. * Issue #1897018 - Ubuntu Precise breaks install and upgrade. * Issue #1906760 - Incomplete access_log directive in the purge vhost. * Issue #1906900 - Nginx microcaching not disabled on prefixed admin URIs. * Issue #1909208 - Changed MariaDB GnuPG signing key hangs install/upgrade. * Issue #1913394 - Disable automatic CSF/LFD upgrade. * Issue #1913488 - Do not install GEOS PHP ext. unless explicitly listed. * Issue #1914294 - APC 3.1.14 disappeared from PECL - downgrade to 3.1.13 * Issue #1918722 - Add diff command as allowed in the limited shell. * Issue #1920972 - Could not change permissions warnings on site verify. * Issue #1932388 - Use correct keyword PPY for Panopoly install. * Issue #1935388 - Use reliable check for Master Instance install path. * Issue #1947082 - Permissions are never fixed on the profile level. * Issue #1949740 - Make sure that cache_prefix for Redis is always set. * Issue #1952042 - Make strong passwords optional and not default. * Issue #1953248 - Extra Drush versions should be added properly. * Issue #1957762 - Upgrade to Bazaar (bzr) 2.6b2 * Jetty: Tune memory limits automatically to avoid extra RAM requirements. * Keep all extra modules in the same profiles/hostmaster/modules directory. * Lshell: Allow ping command to help keep session active / auto-whitelist. * Make apticron aware of the BOA version currently running. * Make BOND aware of _CUSTOM_CONFIG_SQL if present. * Make Compass Tools available in the standard path, if installed. * Make sure that all removed zombies use unique dir names. * Make sure that all users home dirs are protected. * Make sure that now redundant hosting_backup_gc module is removed. * Make sure that SERVER_NAME is set to HTTP_HOST early enough, if required. * Make the errors monitor aware of system only upgrade mode. * Make URI filtering regex localization-aware in the global.inc * Nginx Security: BEAST attack protection and fix for PCI compliance. * Nginx: Another fix for broken imagecache paths in some imported sites. * Nginx: Better protection from DoS attempts on never cached uri. * Nginx: Do not block spiders on imagecache/styles URIs. * Nginx: Do not force use epoll - it is set on install properly. * Nginx: Do not force worker_connections. It will not work in the VM guest. * Nginx: Do not force worker_rlimit_nofile. It will not work in the VM guest. * Nginx: Force rebuild to include LDAP support if enabled via _NGINX_LDAP=YES * Nginx: Improve Abuse Guard to better protect from imagecache|styles flood. * Nginx: Improve no-cache exceptions for known AJAX and webform requests. * Nginx: Make json compatible with boost caching but dynamic for POST. * Nginx: Restore fast 404 for static json requests. * Nginx: Set workers number to available CPUs x2 with min/max defaults. * Nginx: Use default buffer=32k in the access_log for better performance. * Nginx: Use static /normal/ instead of dynamic /$device/ for Boost cache. * PHP: Enable more FPM workers by default for better performance. * PHP: Force php53-fpm restart if there is no master process running. * PHP: Many Drupal 7 based distros require 196M limit at minimum. * PHP: Never force php53-fpm restart when another script reloads it. * PHP: Use more safe limits on low memory systems. * Prevent turning the feature server site into a spam machine. * Protect also from not supported request types if Nginx server is busy. * Randomize tasks wait/start intervals better to avoid high system load. * Redis: Do not disable it on the fly when there is /nojs/ in the URI. * Redis: Double check if $cache_lock_path exists before using it. * Redis: No need to force exception for cache_menu bin. * Redis: Tune sysctl for better memory management by default. * Remove up to two last zombies on Master Instance upgrade. * Remove up to two last zombies on Satellite Instance upgrade. * Rename profiles to avoid confusion between Commons 2 and Commons 3. * Run drush @hostmaster hosting-dispatch during upgrade to sync things. * Send also OK report when running in the silent mode. * Set correct default DNS entry in /etc/hosts before running local install. * Shell: Fix for too restrictive Drush commands filtering. * Shell: Fix the broken Git support over SSH. * Shell: Fixed too restrictive permissions on the extra Drush directories. * SQL: Do not run the purge_binlogs script when binary logging is disabled. * SQL: Improve sqlmagic converter and allow it to use control files. * SQL: The sqlmagic_convert should not be available for extra lshell users. * SQL: Tune also key_buffer_size by default. * Sync generating secure passwords also for limited shell users. * Update csf.conf template. * Update self-healing for Tomcat/Jetty support. * Update welcome e-mail template to better explain how to manage databases. * Use Boost with silenced false alarms. * Use Limited Shell branch with fixed tab completion. * Use public DNS during pdnsd (re)installation to avoid issues. * Whitelist /tmp/make_tmp.* in the csf.fignore to avoid false alarms. ### Stable Edition BOA-2.0.5 ### Date: Sun Dec 23 15:35:46 EST 2012 ### Installs Aegir 2.0.5 compatible with Aegir 1.9 # Updated Octopus platforms: Commerce 1.12.1 -------------- http://drupalcommerce.org Commerce 2.0 ----------------- http://drupalcommerce.org Commons 2.11 ----------------- http://acquia.com/drupalcommons Drupal 7.18.1 ---------------- http://drupal.org/drupal-7.18 Open Deals 1.14 -------------- http://opendealsapp.com Open Outreach 1.0-rc7 -------- http://openoutreach.org OpenChurch 1.11-beta7 -------- http://openchurchsite.com Panopoly 1.0-rc3 ------------- http://drupal.org/project/panopoly Pressflow 6.27.1 ------------- http://pressflow.org ProsePoint 0.45 -------------- http://prosepoint.org Ubercart 2.11.1 -------------- http://ubercart.org Ubercart 3.3.1 --------------- http://ubercart.org All other not listed above platforms are available with latest D6 or D7 core, even if there were no new distro version released. # New Aegir modules or extensions: * Add drush clean-modules command - clean_missing_modules extension. # New o_contrib modules: * Add reroute_email module in both D6 and D7 contrib. # Changes: * Git 1.8.0.2 * MariaDB 5.3.11 on Debian Lenny * MariaDB 5.5.28a * Nginx 1.3.9 * PHP 5.3.20 * Redis 2.6.7 * Delete old tmp files in all sites daily. * Disable Expire and Purge modules by default - they are no longer needed. * Redis integration module updated to 7.x-2.0-beta2 * There is no need to restart Redis and Tomcat hourly. * Use higher innodb_lock_wait_timeout by default - 120 instead of 50. * Use 1h instead of 30min default timeout for sql and php-cli to avoid breaking some extra long running backend tasks on some really big sites. # Fixes: * Allow more drush commands over SSH. * Always force drupal_http_request_fails to FALSE to avoid false alarm. * Better check for standalone vhosts firewall setup. * Better lshell forbidden list of keywords. * Better regex to deny wildcards with top-level or country level domains. * Check for existence of host_master and not host_master/001 directory. * Compass is not available on older OS versions. * Delete ltd-shell extra user/client if there is no site associated/owned. * Delete old symlinks in the client directory for no longer associated sites. * Fix broken usage.sh script - it does not enable/disable modules. * Fix date formatting also in the sqlcheck script. * Fix for some really old installs without .barracuda.cnf file. * Fix permissions for Boost cache directory with correct chmod. * Fix the hint - it should say to restart mysql. * Issue #1081266 - Avoid re-scanning modules directory. * Issue #1263602 - Force New Relic re-install on every upgrade, if used. * Issue #1460882 - Send .json requests to @drupal instead of =404. * Issue #1837418 - Fix permissions inside ~/.drush directory. * Issue #1837776 - Do not disable httprl module. * Issue #1837910 - Upload progress broken for all D6 sites. * Issue #1839122 - Disabling Redis on known AJAX calls breaks UI elements. * Issue #1839544 - Use language neutral checks for users, groups and hosts. * Issue #1841230 - BOA provides Apache Solr 1.4 with Tomcat 6. * Issue #1841246 - Fix csf.fignore file to whitelist /tmp/drush_* * Issue #1842554 - Replace broken links to Skitch screenshots. * Issue #1847682 - Fix extra Nginx config support in the Master Instance. * Issue #1850034 - Disable SYSLOG_CHECK in csf to avoid false alarms. * Issue #1857250 - Domain Access support is broken in the backend cli. * Issue #1857990 - Include reroute_email module in o_contrib by default. * Issue #1860100 - Use provision-backup-delete instead of backup_delete. * Issue #1865112 - Add drush clean-modules command. * Issue #1867264 - Too many Redis caching exceptions cause serious confusion. * Issue #1871060 - CiviCRM l10n should be moved to proper directory. * Lshell: Map drush mup to up instead of upc. Add new drush mupc map for upc. * Max supported version of Search API Solr search is 7.x-1.0-rc2 * More complete permissions fix on install and upgrade. * More strict check for _LENNY_TO_SQUEEZE option. * Nginx: Better regex in the Nginx monitor. * Nginx: Exclude also files/progress path in the Nginx monitor. * Nginx: Fix rewrite rules in the CDN Far Future expiration support. * Nginx: Make sure that any older packages are uninstalled on upgrade. * Nginx: Make sure that default Nginx vhosts are deleted also on upgrade. * Nginx: Skip all logged media and download requests in the Nginx monitor. * PHP: Use high enough value for max_input_vars in PHP 5.3 by default. * Really fix the datestamp comparison logic on various systems. * Rebuild registry without --no-cache-clear option to avoid issues. * Redis: Check if Redis binary exists, not symlink. * Redis: Delete redis-server symlink to avoid failed Redis install. * Redis: Do not use all three extra exceptions on the hostmaster site. * Redis: Do not use sleep breaks during Redis full restart. * Redis: The cache_menu bin should be still excluded from Redis caching. * Redis: The hostmaster site needs exception for cache_class_cache bin. * Stop and Start CSF only if installed. * The locked auto-healing script needs to kill tomcat more aggressively. * Update csf.conf template. * Upgrade to ctools-6.x-1.10 in the hostmaster platform. * Use aliases in drush commands where possible. * Use better name for non-web NewRelic app tracking. * You must remove remote_import extension from the source server. ### Stable Edition BOA-2.0.4 ### Date: Thu Nov 8 18:31:01 EST 2012 ### Installs Aegir 2.0.4 compatible with Aegir 1.9 # New Octopus platforms: Commerce 2.0-rc4 ------------- http://drupalcommerce.org # Updated Octopus platforms: CiviCRM 4.1.6-d6 ------------- http://civicrm.org CiviCRM 4.2.6-d7 ------------- http://civicrm.org Commerce 1.11.1 -------------- http://drupalcommerce.org Commons 2.10 ----------------- http://acquia.com/drupalcommons Conference 1.0-rc2 ----------- http://usecod.com Drupal 7.17.1 ---------------- http://drupal.org/drupal-7.17 Drupal 8.0-dev-tested -------- http://bit.ly/drupal-eight ELMS 1.0-beta1 --------------- http://elms.psu.edu NodeStream 1.5.1 ------------- http://nodestream.org NodeStream 2.0-beta8 --------- http://nodestream.org Open Atrium 1.6.1 ------------ http://openatrium.com Open Deals 1.11 -------------- http://opendealsapp.com Open Outreach 1.0-rc6 -------- http://openoutreach.org OpenChurch 1.11-beta5 -------- http://openchurchsite.com OpenPublish 3.0-beta7 -------- http://openpublishapp.com OpenScholar 2.0-rc1 ---------- http://openscholar.harvard.edu Panopoly 1.0-rc2 ------------- http://drupal.org/project/panopoly Ubercart 2.10.1 -------------- http://ubercart.org Ubercart 3.2.1 --------------- http://ubercart.org * We plan to shorten BOA system release and upgrades cycle to 1-2 months max, so we have decided to remove support for some outdated distros. We have tried to manage both security and version updates for some abandoned or semi-abandoned distros, to keep them useful for you, but since it involves increasing amount of work because of cascades of no longer compatible patches and various dependencies, we have decided that it is time to stop doing it, if their original maintainers no longer care about their users. Here is a list of distros we no longer support: MartPlug ------------ http://drupal.org/project/martplug Octopus Video ------- http://octopusvideo.org Open Academy -------- http://drupal.org/project/openacademy Open Enterprise ----- http://drupal.org/project/openenterprise OpenPublic ---------- http://openpublicapp.com Videola ------------- http://videola.tv The platforms listed above can be re-added when their maintainers will fix all critical issues and/or apply required updates. # New features: * Add auto-healing support for Bind9. * Add LOCK/FROZEN check for PHP-FPM and Tomcat in the auto-healing. * Add option to force 15min Speed Booster cache TTL for anonymous visitors. * Add optional easy install of already supported Compass Tools. * Add support for aegir|platforms|both modes on octopus upgrade. * Allow for another one upgrade daily but only to add more platforms. * Allow to install unsupported distros with option _ALLOW_UNSUPPORTED=YES * Allow to install vanilla Aegir 2.x and Drush 5.7 with "stock" option. * Improved databases backup with added OPTIMIZE TABLE foo action per table. * New Relic PHP Agent version 3.0 compatibility. * Pseudo-streaming server-side support for Flash Video (FLV) and H.264/AAC. * Support for Wysiwyg Fields module. # New Aegir modules or extensions: * Add hosting_tasks_extra module and provision_tasks_extra extension. # New o_contrib modules: * Add login_security module in D7 contrib. * Add cdn module in both D6 and D7 contrib. # Changes: * Allow outgoing mysql connections by default. * APC 3.1.13 * Chive 1.2 * Do not bundle seckit module in o_contrib. * Do not enable Expire and Purge modules by default. * Enable Syslog module by default. * Git 1.8.0 * MariaDB 5.3.9 on Debian Lenny * MariaDB 5.5.28 * Nginx 1.3.8 * Percona 5.5.28 * PHP 5.3.18 * Pure-FTPd 1.0.36 * Redis 2.6.4 * Remove not supported httprl module and disable if enabled. * The filefield_nginx_progress is forced-enabled in all D7 sites, again. * Use PHP-FPM 5.3 for Chive, Collectd and other non-Drupal sites. * Use php-cli 5.3 for drush on command line by default. You can still force 5.2 with --php=/usr/local/bin/php drush option. # Fixes: * Add cache_tax_image bin to no-redis-cache exceptions. * Add support for pdnsd in the VServer guest. * Allow all standard compass/sass commands in limited shell. * Auto-discover _NEWRELIC_KEY if not listed in .barracuda.cnf * Better auto-healing for php-fpm zombies edge case. * Better check for failed login attempts (when user exists). * Better permissions magic repair running daily. * Deny crawlers on search results pages - they may cause very high load. * Disable spinner if screen is used. * Do not force default Debian and Ubuntu mirrors even if _AUTOPILOT=YES. * Do not quote password in .my.cnf - it breaks mytop. * Do not use log/custom_cron for anything. * Do not use resolveip in the localhost mode. * Exclude cache_bootstrap and cache_pulled_tweets from Redis caching. * Fix for broken drush make edge case caused by leftovers. * Fix for broken Tika download URL. * Fix for civicrm_engage in D6. * Fix for Debian Lenny upgrade. * Fix for global.inc logic related to high traffic sites only. * Fix for NGX, PHP and SQL forced reinstall mode. * Fix for Pin-Priority in Squeeze. * Fix for sql abuse monitor. * Fix for the selectively forced upgrade mode. * Fix motd for Skynet fun. * Fix too restrictive lshell command filtering. * Force Pure-FTPd rebuild on every upgrade to avoid broken binary. * Force tomcat restart and reload php-fpm hourly. * Improve Domain module support. * Improve mysql crashed tables detection and repair in auto-healing. * Improve Nginx Abuse Guard by stopping those never cached POST DoS attacks. * Improve Nginx guard support for VServer guests. * Improved checkpoint info in Octopus. * Issue #1225380 - Do not truncate sessions table during db daily backup. * Issue #1472786 - SQL check ERROR and too many SQL check CLEAN notices. * Issue #1528726 - Fix for Redis support in all shared directories/code. * Issue #1540242 - Do not install conflicting libavcodec53 or libavcodec52. * Issue #1588060 - Make sure that /var/run is present in open_basedir. * Issue #1589052 - Incomplete PATH breaks standard tasks. * Issue #1590120 - Fix for java path changed in recent Ubuntu releases. * Issue #1591746 - Update GeoIP.dat file automatically. * Issue #1592646 - Enabled old cache backend integration module causes WSOD. * Issue #1592650 - Do not use Hide platforms with non-default profiles. * Issue #1592680 - Upload progress module breaks uploads on all D7 sites. * Issue #1593794 - New redis-only caching backend settings. * Issue #1593810 - Duplicate php-cli 5.3 binaries after upgrade. * Issue #1593980 - Remove invisible characters breaking localhost install. * Issue #1597580 - External/Aggressive caching in D6 breaks path_alias_cache. * Issue #1598676 - Collectd graphs broken. * Issue #1600426 - Cron is run every minute on all sites not yet defined. * Issue #1602142 - Do not use device specific keys for Redis cache entries. * Issue #1606146 - The manage_ltd_users.sh script locks important tasks. * Issue #1614162 - CRON Not Running on Octopus Satellites and Sites. * Issue #1643616 - APC is missing in the Ubuntu Precise based install. * Issue #1659452 - Add support for Aegir HTTPS header in the Speed Booster. * Issue #1663262 - Fix FMG install on Ubuntu Precise. * Issue #1679114 - New user name check in Octopus is too restrictive. * Issue #1689656 - Avoid caching /civicrm* and known webform requests. * Issue #1716004 - The zlib.output_compression should be disabled in 5.3 * Issue #1728616 - Better CDN Far Future expiration support. * Issue #1777982 - Do not break wordpress_migrate module support. * Issue #1778712 - Better workaround for MariaDB 5.5.27 critical bug. * Issue #1784440 - Cannot stat scan_nginx when using BOND.sh.txt * Issue #1796420 - Do not break write access to the tcpdf cache directory. * Issue #1798288 - Provision-backup_delete could not be found. * Issue #1799116 - Standardize on installation vs. install profile. * Issue #1821866 - Force Nginx rebuild to include pseudo-streaming support. * Issue #1824888 - BOND.sh.txt breaks Nginx, SQL and PHP configuration. * Issue #1825298 - Redis: force rebuild from sources on version mismatch. * Issue #1825420 - Avoid the Use of undefined constant OctopusNoCacheID. * Issue #1825630 - Remove duplicate code causing false alarm. * Issue #1825992 - Redis cache is never cleared via php-cli. * Issue #1825998 - Improved auto-healing for Redis. * Issue #1835796 - Default cache headers break CloudFlare Always Online. * Make sure that path_alias_cache module takes precedence. * Make sure that PHP 5.2 is re-installed if required. * Monitor and kill too long running sites cron tasks. * Move away buagent init script if exists when Barracuda runs. * Nginx: Allow to include high level local configuration override. * Nginx: Better regex for exceptions in the abuse guard monitor. * Nginx: Block stupid spiders/downloaders with 403 error, not CSF. * Nginx: Deny known bots on some heavy URLs. * Nginx: FileField Nginx Progress 7.x-2.3 compatibility. * Nginx: Fix for broken images paths in civicrm. * Nginx: Fix for D6 upload progress support. * Nginx: Make the abuse monitor aware of possible lang code prefixes. * Nginx: Monitor and block if required also via-multi-proxy attacks. * Nginx: Remove packages on every upgrade to avoid duplicate re-installs. * Nginx: Remove redundant URL filtering. * Nginx: Send 403 for vbulletin URI to avoid Drupal heavy 404. * Nginx: Support for /contrib/ for wysiwyg helpers exceptions location. * Nginx: Use latest nginx-upload-progress-module v0.9.0 * Nginx: Use ngx_cache_purge-1.6 * PHP: Allow short_open_tag also in 5.3 * PHP: Disable the original php5-fpm init script causing segfaults. * PHP: Fix for _FROM_SOURCES PHP-FPM 5.3 build. * PHP: Fix for the php53-fpm init script. * PHP: Force proper php53-fpm restart if required. * PHP: Install JSMin extension by default. * PHP: Install php-pear by default also in no-src based default install. * PHP: Load extensions in a safe, correct order. * PHP: Log killed php-fpm events. * PHP: Make sure that all builds use correct, fresh downloads. * PHP: Make sure that php53-fpm is disabled during apt-get based upgrade. * PHP: Make sure that suhosin.so is removed and jsmin.so added. * PHP: Remove duplicate and conflicting allow_call_time_pass_reference. * PHP: Remove php5-sasl extension causing segfaults. * PHP: Remove php5-suhosin from the stack - too many weird issues. * PHP: The realpath_cache_ttl should be as low for CLI as possible. * PHP: Use 2x higher limits in the tune_web_server_config logic. * Purge Redis cache hourly. * Randomize runner intervals. * Remove all control files on init to avoid aborted Octopus upgrades. * Remove any extra search directive from resolv.conf when pdnsd is installed. * Remove Dotdeb libmysqld-dev conflicting with Percona libmysqlclient-dev. * Remove not really working properly Boost separate mobile bins. * Remove not supported MTA only on initial install. * Remove old cache module from all old profiles. * Segfault monitor should not disable sites by default. * Serve .less files as static by default, no log. * Set hosting_advanced_cron_default_interval to 3 hours. * SQL: Use skip-name-resolve by default. * Support both HTTP_X_FORWARDED_PROTO and HTTPS. * The dev. should not disable Redis cache. * The missing /usr/bin/lshell entry may affect also Lucid. * There is no need to force Debian mirror. * Tune AdvAgg config - disable async mode and use JSMin by default. * Use autoselect for civicrm downloads. * Use DrupalDatabaseCache for some Redis bins to avoid confirmed issues. * Use higher default timeouts for php-cli and wait_timeout in mysql. * Use SERVER_NAME instead of HTTP_HOST header in the Redis cache key. * Use version specific directory for static downloads. * Yet another umask trick for shell and SFTP. ### Stable Edition BOA-2.0.3 ### Date: Thu May 17 18:17:40 EST 2012 ### Installs Aegir 2.0.3 compatible with Aegir 1.9 # There are major improvements and new features added in this BOA Edition. Here is the description of those most important/expected, while complete list of all changes, new features and fixes is available further below. * Caching backend has been simplified. We no longer use chained cache system with Memcached+Redis+database. New system uses only Redis cache and the same configuration for all Drupal 6 and Drupal 7 platforms. This new system doesn't require any extra module to be enabled in any site. Complete integration is already enabled by default for every platform/site installed by default and for every custom platform as before - the next day after first site on the custom platform has been created. You can disable this caching layer using the same modules/cache/NO.txt control file as before. While there is just one cache engine (Redis) used, there is also an automatic, instant failover to standard database caching, just in case Redis is not available for some reason. You can also disable Redis cache on the fly for debugging by adding ?noredis=1 to any URL. * We have added support for Drupal 8.x while still using modified Drush 4.6-dev version, so we can still support Drupal 5 on the same system, but on another Octopus instance. * You can choose different PHP version for PHP-FPM (web access) and PHP-CLI, for even greater control over compatibility with various Drupal major versions. * You can choose both PHP-FPM and PHP-CLI versions per Octopus instance, on the same system. And you can change those versions on upgrade. * Installing and upgrading BOA system has been greatly simplified. You can still configure and run both installers as before, but you can also use these new, shockingly simple command line tools to install Barracuda and Octopus at once, to install more Octopus instances, to run selective or batch upgrades of all Octopus instances etc. See docs/INSTALL.txt and docs/UPGRADE.txt for details. * We have added an 'easy install' configuration shortcuts for both standard (public) and localhost installs. You no longer need to read, understand and configure all options, unless you prefer to choose some non-default configuration options. * Default installs on Debian Squeeze and Ubuntu Precise use packages for PHP 5.3, so initial setup takes just 10-15 minutes. * You can easily grant limited shell and FTPS access for developers, simply by creating "Clients" in the Aegir control panel and define them as 'owners' of one or more sites. Their access will be limited to only sites they can manage, but only if you will send them their access credentials, which are independent of their Aegir control panel credentials and stored in the ~/users/ directory in your main account. You will find there files with passwords for every "Client" with at least one site attached. For example ~/users/o1.username file means that this Client's username for SSH and FTPS access is 'o1.username' while his password is stored in this file. This means that SSH/FTPS access is not granted automatically, but you can decide who should receive it. How to change any extra user's password? Simply delete his ~/users/o1.username file and wait up to 5 minutes - the system will re-create his account with new password. And how to delete the user completely? Simply delete this user "Client" account in the Aegir control panel and allow the system to delete also his SSH/FTPS access in the next 5 minutes. * We have added segfault monitor for php-fpm and nginx, enabled by default. It is pretty aggressive, because it disables vhost of any site causing segfault errors and sends e-mail alert to the Octopus instance owner and server owner e-mail addresses. Simple site re-verify in Aegir enables the site again - but until the next segfault only, so read the info included in the e-mail alert message, if this will happen. If you prefer to not run this monitor: `rm -f /var/xdrago/monitor/check/segfault_alert` * Previously recommended site and platforms re-verify on Clone or Migrate is now fully automated. Aegir will run these extra tasks as a part of Clone or Migrate task, to make sure that there are no errors and that Aegir is using up-to-date information collected about platforms and sites. It also automatically fixes the known problem with domain aliases incorrectly written in the original and cloned sites, as reported in the Aegir queue: http://drupal.org/node/1004526 * Apps are now fully supported. If the App is not downloaded yet, installing it via browser only requires write permissions, normally never available for the web server user, so you need to create an empty control file, either in sites/all/modules/apps-allow.info or sites/domain/modules/apps-allow.info and then run 'Reset password' task. It will open write access where required until the next site 'Verify' task will run . After installing the App, remember to re-Verify the site to restore default, safe permissions. * Custom local.settings.php file support uses similar logic with control file sites/domain/modules/local-allow.info and also 'Reset password' task. After running this task the local.settings.php file will be group writable, so you will be able to edit it also when logged in as limited shell user. Remember to run site Verify when done, to restore standard, safe permissions. Note that this file is created automatically, but is not open for write access by default. # Notes on new and updated platforms and new Drupal core: All 6.x and 7.x platforms have been updated with latest core, so they are all in fact new in this BOA Edition, but we list here only really new platforms or those with new version released since last BOA Edition, with one exception: we list also basic 6.26.2 and 7.14.2 platforms as new. NOTE: before you will try to upgrade any of your sites, please read our important how-to: http://omega8.cc/the-best-recipes-for-disaster-139 http://omega8.cc/are-there-any-specific-good-habits-to-learn-116 http://omega8.cc/managing-your-code-in-the-aegir-style-110 REALLY, PLEASE READ IT TO AVOID SOME HEAVY HEADACHES! # New Octopus platforms: CiviCRM 4.1.2-d6 ------------- http://civicrm.org CiviCRM 4.1.2-d7 ------------- http://civicrm.org Drupal 7.14.2 ---------------- http://drupal.org/drupal-7.14 Drupal 8.0-dev --------------- http://bit.ly/drupal-eight MartPlug 1.0-beta1b ---------- http://drupal.org/project/martplug Octopus Video 1.0-alpha6 ----- http://octopusvideo.org Panopoly 1.0-beta3 ----------- http://drupal.org/project/panopoly Pressflow 6.26.2 ------------- http://pressflow.org # Updated Octopus platforms: Acquia 6.26.2 ---------------- http://bit.ly/acquiadrupal CiviCRM 3.4.8-d6 ------------- http://civicrm.org CiviCRM 4.0.8-d7 ------------- http://civicrm.org Commerce 1.7.1 --------------- http://drupalcommerce.org Commons 2.6 ------------------ http://acquia.com/drupalcommons Feature Server 1.1 ----------- http://bit.ly/fserver Managing News 1.2.2 ---------- http://managingnews.com NodeStream 1.5 --------------- http://nodestream.org NodeStream 2.0-beta1 --------- http://nodestream.org Open Atrium 1.4.1 ------------ http://openatrium.com Open Deals 1.0-beta7e -------- http://opendealsapp.com Open Outreach 1.0-rc1 -------- http://openoutreach.org OpenChurch 1.10-alpha1 ------- http://openchurchsite.com OpenPublish 3.0-alpha8 ------- http://openpublishapp.com Ubercart 2.9.1 --------------- http://ubercart.org Ubercart 3.1.1 --------------- http://ubercart.org Videola 1.0-alpha3 ----------- http://videola.tv # New features: * Add Adaptive Image Styles support. * Add Compass compatibility in the limited shell (Compass is not installed by default). * Add ssh-copy-id and ssh-add commands as allowed over SSH. * Add X-Speed-Cache-Key header for Speed Booster debugging. * All Clone/Migrate forms in the Aegir control panel have useful inline help added. * Allow to easily re-start BOA failed install, just by running boa installer again. * Allow to install PHP 5.3 only with option _PHP_MODERN_ONLY=YES (default). * Deny HTTPS access on Nginx level for all known bots and crawlers. * Do not force HTTPS for Aegir if /data/conf/no-https-aegir.inc control file exists. * Fix system time hourly via auto-healing. * Install wkhtmltopdf by default - available at /usr/bin/wkhtmltopdf * Issue #1263602 - New Relic Server and Apps Monitor with per Site/Instance reporting. * Issue #1392498 - Use .barracuda.cnf to define YES/NO for some config overrides. * Issue #1428078 - Compatibility with resp_img module. * Issue #1436522 - Add option to set _PHP_CLI_VERSION. * Issue #1438906 - Add Imagick to PHP by default. * Issue #1463494 - Add support for radioactivity module. * Issue #1542712 - Automated wildcard DNS for easy localhost mode. * Lock temporarily almost all known crawlers on high load with error 503. * Make _NGINX_DOS_LIMIT configurable and allow higher load by default. * Make both 1 and 5 minute max allowed load configurable in the auto-healing. * Support for automatically managed extra SSH/FTPS accounts per Aegir Client. * The _LOAD_LIMIT used in the auto-healing system is now configurable. * The _SPEED_VALID_MAX used as a Speed Booster cache TTL is now configurable. * Ubuntu Precise 12.04 is fully supported. * Use nice default /root/.bashrc config. # New Aegir modules or extensions: * Add hosting_advanced_cron module - enabled by default. * Add hosting_civicrm_cron module - enabled by default. * Add hosting_task_gc module - enabled by default. * Add provision_cdn module and extension, by default not enabled. * Add remote_import and hosting_remote_import - not enabled by default. * Add revision_deletion module - automatically configured and enabled by default. * Registry Rebuild Drush extension - installed by default. # New o_contrib modules: * entitycache-7.x-1.x-dev * nocurrent_pass-7.x-1.0 * speedy-7.x-1.0 # Changes: * Acquia 7.x platform has been merged with Ubercart 3. * Always disable css_gzip, javascript_aggregator and performance modules. * Automate database server secure setup on initial install. * Disable /etc/cron.daily/mlocate by default. * Do not disable update module - it may break some features depending on it. * Do not enable filefield_nginx_progress module by default. * Do not remove Testing profile and use better naming convention for D7/D8. * Do not search for mirrors by default. * Drupal 8 compatible Drush 4.6-dev * GitHub availability is required also when another mirror is used by default. * Installing Git from sources is now optional. * Limited shell 0.9.15.1-sec-noreload * Lower default APC and Redis memory in VZ to 64MB to avoid/limit known VZ issues. * MariaDB and Percona 5.5 * Modify Ubercart platform to include some contrib modules in the D6 version. * Nginx 1.3.0 * Open Enterprise 1.0-beta3 is deprecated and not supported. * Plain FTP access disabled with FTPS-only mode available. * Pure-FTPd server install is now optional, but still default. * Send all known bots to $args free URLs. * Use _HTTP_WILDCARD=YES by default to match Aegir standard setup. # Fixes: * Abort all parent installers as soon as any sub-installer fails with fatal error. * Add $http_x_forwarded_proto to the cache key to never mix HTTP and HTTPS entries. * Add a list/chart in the readme for an easy overview of all included modules. * Add volatile updates to /etc/apt/sources.list for Squeeze. * All connection tests should be run after netcat is installed if not yet available. * Allow more than one IP to connect to the same FTPS account at the same time. * Allow some known php files also in profiles - a fix for Nginx config regression. * Always update nginx_speed_purge.conf file on upgrade. * Archive install and upgrade logs in /var/backups/ * Avoid double dots in $cookie_domain. * Better detection of real visitor IP in the scan_nginx abuse guard. * Cache 403 response for 5s by default. * Count only valid requests in the scan_nginx abuse guard. * Disable caching in admin_menu module by default. * Disabled allow_url_fopen breaks drush dl. * Do not allow bots to create cache entries with long expire time. * Do not prompt for D6 or D7 vanilla platforms install if not defined in the config. * Explain in the e-mail templates that plain FTP is no longer available. * Fix cart block issue in Ubercart. * Fix for Debian Lenny support - packages have been moved to archives. * Fix for slow networks/DNS in pdnsd cache default config. * Fix for VServer on _LENNY_TO_SQUEEZE upgrade. * Fix tune_memory_limits logic to really tune the config on low mem systems. * Follow some symlinks when running chmod/ownership repair daily. * Force global upgrade for Expire and Purge modules. * Force safe default settings for expire module. * Improved Lenny to Squeeze major upgrade support. * Increase allowed limit_conn for local purge requests. * Issue #1216420 - Incorrect lshell path in /etc/passwd breaks FTPS on Squeeze. * Issue #1317264 #1543118 - Uninstall Sendmail if exists to avoid breaking Postfix. * Issue #1377492 - Improve Install / Upgrade mode detection and move away any zombies. * Issue #1398050 - Use our mirror for all downloads on install and upgrade. * Issue #1436522 - Add missing php.ini for PHP-CLI 5.3 * Issue #1440796 - Aegir support broken due to duplicate db update in Commons/OG. * Issue #1441366 - The _USE_SPEED_BOOSTER switch is deprecated. * Issue #1443284 - Early start of CSF may lockout the ssh user and break the install. * Issue #1445460 - Broken Git install on Ubuntu Lucid. * Issue #1451262 - Do not lock the access to phpinfo. * Issue #1472460 #1524738 - Nginx denies request methods: PUT, DELETE and OPTIONS. * Issue #1475416 - Unable to install Barracuda due to Aegir failed install. * Issue #1478984 - Add Access-Control-Allow-Origin header with wildcard where required. * Issue #1479188 - Octopus does not respect _DNS_SETUP_TEST setting on upgrade. * Issue #1505370 - Conflict between Mime Type and Document Type in Nginx. * Issue #1515762 - Nginx microcaching should skip all known AJAX requests. * Issue #1526382 - The _PHP_CLI_VERSION set in cnf file is not respected. * Issue #1527852 - Random WSOD on D7 sites with Redis enabled for anonymous visitors. * Issue #1528692 - Both cache_backport and redis modules are never added on upgrade. * Issue #1528726 - Redis caching backend should be unified across all instances. * Issue #1528996 - Nginx microcaching should use TTL 1s only for upstream errors. * Issue #1534306 - Duplicate directives break Dotdeb Nginx version. * Issue #1539512 - Keep custom Redis configuration during upgrade. * Issue #1540112 - HEAD install fails on Debian Squeeze 32bit. * Issue #1540242 - Add useful codecs to ffmpeg if enabled. * Issue #1541334 - Add kvm to supported virtualization systems. * Issue #1544144 - Use $server_name instead of $host in all sites/ paths. * Issue #1547878 - Port 11371 should be open for outgoing connections. * Issue #1553150 - Both php.ini and my.cnf config files get overridden upon upgrade. * Issue #1553166 - Disable incompatible mysql config options. * Issue #1554972 - PHP cli downgraded to 5.2 on upgrade with _PHP_MODERN_ONLY=YES * Issue #1556192 - Upgrade Entity API to head to fix issue with Drupal 7.14 * Issue #1585348 - Disable openchurch_video_demo_content to avoid fatal error. * Kill nash-hotplug if running. * Lower some my.cnf defaults to better support low mem systems. * Make default myisam_sort_buffer_size big enough to run repair if required. * Make sure that /dev/null has correct permissions. * Pass some expected headers when using local proxy. * Remind people that they should use their own e-mail address or exit early. * Remove deprecated Nginx config includes and use symlinks for backward compatibility. * Sanitize important variables early. * Save 330 seconds with 3x faster spinner. * Set hosting_queue_cron_frequency to 8888 weeks by default to really use schedule defined via hosting_advanced_cron module and never override it. * Share and symlink civicrm code. * Skip _AEGIR_LOGIN_URL in the debug mode - it is empty then. * Update mime.types for Nginx. * Use _FULL_FORCE_REINSTALL when recovering from broken/partial install automatically. * Use faster locations matching where possible in the Nginx config. * Use higher values for limit_conn in Nginx to avoid issues when required. * Use loglevel warning in Redis config. * Use safe placeholders to avoid issues on low-mem machines. ### Stable Edition BOA-2.0.2 ### Date: Thu Feb 9 14:00:00 EST 2012 ### Installs Aegir 2.0.2 # Note on new and updated platforms and new Drupal core: All 6.x and 7.x platforms have been updated with latest core, so they are all in fact new in this BOA Edition, but we list here only really new platforms or those with new version released since last BOA Edition, with one exception: we list also basic 6.24.1 and 7.12 platforms as new. Please note that instead of waiting for 6.25, we already included patches required to fix major issues with 6.24: http://drupal.org/node/1425868 http://drupal.org/node/1425260 Our Pressflow 6.24.1 +Extra version includes not only listed above patches, but also a few extra, performance related patches discussed here: http://groups.drupal.org/node/187209 Note also that we renamed too basic Acquia 7.x platform to Ubercart 3.x platform. It is based on the same acquia install profile, but includes all contrib modules required for any basic Ubercart 3.x site. NOTE: before you will try to upgrade any of your sites, please read our important how-to: http://omega8.cc/the-best-recipes-for-disaster-139 http://omega8.cc/are-there-any-specific-good-habits-to-learn-116 http://omega8.cc/managing-your-code-in-the-aegir-style-110 REALLY, PLEASE READ IT TO AVOID SOME HEAVY HEADACHES! # New Octopus platforms: Drupal 7.12 ------------------ http://drupal.org/drupal-7.12 NodeStream 2.0-alpha6 -------- http://nodestream.org OpenPublish 3-alpha3 --------- http://openpublishapp.com Pressflow 6.24.1 ------------- http://pressflow.org Ubercart 3.0.1 --------------- http://ubercart.org # Updated Octopus platforms: Acquia Commons 2.4 ----------- http://acquia.com/drupalcommons Commerce Kickstart 1.3 ------- http://drupalcommerce.org ELMS 1.0-alpha6 -------------- http://elms.psu.edu Open Atrium 1.2.1 ------------ http://openatrium.com Open Deals 1.0-beta7 --------- http://opendealsapp.com Open Outreach 1.0-beta7a ----- http://openoutreach.org ProsePoint 0.43 -------------- http://prosepoint.org Videola 1.0-alpha2 ----------- http://videola.tv # New features: * Barracuda now supports Debian Lenny to Squeeze major upgrade. Of course you should create full backup image before running this major system upgrade, just in case, but all the rest is fully automated - it is enough to set advanced configuration option in Barracuda to _LENNY_TO_SQUEEZE=YES and run Barracuda as usual. It will upgrade your system to Squeeze and re-build everything, with almost no downtime during the upgrade. You will still need to reboot the server when it will complete all upgrades. Important: Debian Lenny reached EOL on February 6, 2012. Details: http://lists.debian.org/debian-announce/2012/msg00001.html * All new 7.x sites now run on latest PHP-FPM 5.3.10 by default. For existing sites it is enough to re-verify them in your Aegir control panel to get them on PHP-FPM 5.3.10 automatically. All existing and new 5.x sites run on the old PHP-FPM 5.2.17 version by default and you can't change that. You can still choose between PHP-FPM 5.2.17 and 5.3.10 for all your 6.x sites - just let us know via http://omega8.cc/support that you wish to switch to 5.3.10 - but make sure first that all your 6.x sites are fully PHP 5.3 compatible. By default all 6.x sites still run on PHP-FPM 5.2.17. Of course you could choose 5.3.10 for 6.x sites on one Octopus instance and 5.2.17 on another - on the same server. Just one more reason to use Octopus built-in intelligence :) All of this works the same both for Aegir Master Instance and all Aegir Satellite Instances. * Both Speed Booster, Boost and Redis/Memcached supports separate caches per mobile device, so it is safe to use separate themes or content for mobile devices. We use simple logic to determine the kind of device and there are separate cache bins for mobile-tablet, mobile-smart and mobile-other. You can review it here: http://bit.ly/wYz6PG * Purge module is now enabled by default in all 6.x and also 7.x sites. Now Speed Booster works like a Boost - it expires immediately the cache for any node/page as soon as it has been edited or comment added. It also automatically expires the cache for the homepage and RSS feed at once. You no longer need to wait up to one hour for Speed Booster cache expiration. Plus, unlike in Boost, it purges all separate caches for all mobile devices along with non-mobile cache, at once. Now you have a good reason to disable Boost and use our crazy fast Speed Booster only. * You can use GeoIP data provided by your Nginx server in your custom code or modules with variables: $_SERVER['GEOIP_COUNTRY_CODE'] and $_SERVER['GEOIP_COUNTRY_NAME'] to display content or block depending on the visitor's country. You can check/review it from your location also on command line with: 'curl -I http://your-domain' - you will see GeoIP headers. * You can safely manage Clients/Users attached to hosted sites in your Aegir interface. Make sure that all sites have its associated Client! Otherwise the site will be listed as available for all Clients/Users you have added. The site can lost its association with Client after Clone task if there is any non-alphanumeric value in the Client name, like &. * CloudFlare specific header 'CF-Connecting-IP' is now supported out of the box and available as standard $_SERVER['REMOTE_ADDR'] in all 5.x, 6.x and 7.x platforms without any contrib module. * You can disable both Boost and Speed Booster on the fly by adding ?nocache=1 to any URL. Useful for debugging. * Speed Booster offers now also ESI microcaching, as explained in this article: http://groups.drupal.org/node/197478. This may enhance not only anonymous visitors, but also logged in users experience, since it allows you to separate microcache for ESI/SSI includes (valid for just 15 seconds) from both default Speed Booster cache for anonymous visitors (valid by default for 3 hours, unless purged on demand via recently introduced Purge/Expire modules) and also from Speed Booster cache per logged in user (valid for 60 seconds). The ESI module is included in all 6.x platforms but is not enabled and not configured automatically, so please consult its documentation for details on how to use it properly. Now you have three different levels of Speed Booster cache to leverage and deliver the 'live content' experience for all visitors, and still protect your server from DoS or simply high load caused by unexpected high traffic etc. * Automatic configuration of options required when Barracuda detects _VMFAMILY=AWS (Amazon EC2). * Both _NGINX_WORKERS and _PHP_FPM_WORKERS are now configurable. * You can avoid overwriting /etc/mysql/my.cnf with empty control file: $ touch /etc/mysql/custom.my.cnf * You can avoid overwriting /opt/php52/etc/php52.ini on upgrade with empty control file: $ touch /opt/etc/custom.php.ini * You can avoid overwriting /opt/php52/lib/php.ini on upgrade with empty control file: $ touch /opt/etc/custom.php.ini * You can avoid overwriting /opt/php53/etc/php53.ini on upgrade with empty control file: $ touch /opt/etc/custom.php53.ini * You can avoid overwriting /var/spool/cron/crontabs/root on upgrade by adding your extra/custom entries in the extra file: $ nano /var/xdrago/cron/custom.txt * You can avoid overwriting your CSF configuration on upgrade with empty control file: $ touch /var/log/custom.csf.log # New o_contrib modules: * taxonomy_edge-6.x-1.3 (with core patch) * taxonomy_edge-7.x-1.1 (with core patch) * purge-6.x-1.x * purge-7.x-1.x * expire-6.x-1.x * expire-7.x-1.x # Changes: * Nginx upgrade to 1.0.12 * Lshell upgrade to 0.9.15-beta1 * Percona upgrade to 5.5.19 * Chive upgrade to 1.0.2 * Git upgrade to 1.7.9 * Suhosin upgrade to 0.9.33 * Textile upgrade to 2.3 * Mytop is now installed by default. * Drush based method for sites cron is more reliable and now set by default. * More compact naming for platforms in Octopus. * Speed Booster cache per logged in user now valid for only 60 seconds. * Speed Booster anonymous cache now valid for 3 hours, unless purged. * Extra $_COOKIE[OctopusCacheID] has been removed. * We use $cache_uid from parent map (Nginx) in fastcgi_cache_key. * Forced external caching only for Pressflow 6 core. * Octopus installs by default: D7P D7S D7D D6P D6S D6D OAM. * We no longer need to force Percona on Oneiric. MariaDB also works. * We no longer need to force MariaDB on Lenny and MariaDB Natty on Oneiric. * We no longer need to use Percona for Maverick on Natty and Oneiric. * We use _THIS_DB_HOST=localhost by default. * Secure/restricted access to manage users/clients is open by default in every Aegir Satellite Instance also for the extra non-uid=1 admin. * Users in every Aegir Satellite Instance are protected with userprotect and protect_critical_users modules. * Some default SQL limits have been increased. * The insecure D7 plugin manager is now forced as disabled by default. * The hosting_platform_pathauto module is now enabled in Aegir by default. * The provision_boost module is now added and enabled in Aegir by default. # Fixes: * Simplified Nginx config with 'modern', 'octopus' and 'legacy' templates. * Removed duplicate code and fixed caching logic for D5, D6 and D7. * Fixed logic for ESI microcache and Boost cache. * Removed imageinfo_cache module. It breaks platforms with imagecache module. * Disable deslash in globalredirect to avoid redirect loop. * Load IonCube also in php-cli. * Use core version in paths for all platforms. * Make sure that 301 redirects are only microcached - 5 seconds by default. * Do not run duplicate PHP-FPM rebuild on upgrade when there is no new DB server version installed/available. * Set boost_ignore_htaccess_warning to 1 by default. * Use provision_civicrm 6.x-1.x branch instead of outdated master. * Fix for broken regex on lshell.conf update per user. * All broken symlinks in the clients directory now deleted daily. * All broken symlinks in the lshell user home directory now deleted daily. * Avoid breaking Aegir upgrade because of high load. * Set correct loglevel for Redis to avoid useless I/O noise. * Add curl as allowed command to lshell default config. * Use faster download instead of git for Pressflow core. * Issue #1432668 - Octopus username should never start with a digit. * Issue #1408972 - Make nginx rewrites compatible with audio module. * Issue #1428990 - Load memcache in php-cli. * Issue #1408200 - AgrCache breaks aggregation and should be removed. * Issue #1420758 - Make sure that Nginx config includes are really used on initial Barracuda install. * Issue #1418608 - Add --with-xmlrpc in the PHP-FPM build by default. * Issue #1396204 - Add GeoIP support in Nginx by default * Issue #1394152 - Build PHP-FPM with --enable-calendar by default. * Issue #1392498 - Do not overwrite CSF configuration on Barracuda upgrade. # Recommendations: * Use _FORCE_GIT_MIRROR=github because it is 10x faster than others. ### Stable Edition BOA-2.0.1 ### Date: Wed Dec 28 07:00:00 EST 2011 ### Installs Aegir 2.0.1 # New Octopus platforms: ELMS 1.0-alpha5 -------------- http://elms.psu.edu Open Deals 1.0-alpha4 -------- http://opendealsapp.com Open Outreach 1.0-beta6 ------ http://openoutreach.org # Updated Octopus platforms: Acquia 7.10.10 --------------- http://bit.ly/acquiadrupal Acquia Commons 2.3 ----------- http://acquia.com/drupalcommons CiviCRM 3.4.8 ---------------- http://civicrm.org CiviCRM 4.0.8 ---------------- http://civicrm.org Commerce Kickstart 1.0-rc7 --- http://drupalcommerce.org Drupal 7.10 ------------------ http://drupal.org/drupal-7.0 Managing News 1.2.1 ---------- http://managingnews.com NodeStream 1.1 --------------- http://nodestream.org Open Atrium 1.1.1 ------------ http://openatrium.com OpenChurch 1.22-a ------------ http://openchurchsite.com OpenScholar 2.0-beta13 ------- http://openscholar.harvard.edu ProsePoint 0.41 -------------- http://prosepoint.org # New features: * Speed Booster Purge Server for all Drupal 6.x based platforms with automatically configured support for all devices caching. * Enhanced Pressflow core for all bundled 6.22 based platforms, applied automatically also to already installed platforms: https://github.com/omega8cc/pressflow6 * Added access to the "clients" directory with shortcuts/symlinks to all hosted sites per Aegir "client". # New o_contrib modules: * ESI for Nginx SSI - http://drupal.org/sandbox/mikeytown2/1328648 * Purge for Speed Booster - http://drupal.org/project/purge * Expire for Speed Booster - http://drupal.org/project/expire # Changes: * Nginx upgrade to 1.0.11 * MariaDB upgrade to 5.2.10 * Percona upgrade to 5.5.18 * Chive upgrade to 1.0.1 * Pure-FTPd upgrade to 1.0.35 * The syslog module is no longer enabled by default and added to the list of automatically disabled modules. # Fixes: * Mobile devices detection and caching improved. * Many fixes and enhancements for Speed Booster caching logic. * Many fixes and enhancements for Boost caching logic. * More reliable Nginx auto-healing. * Broken symlinks in the "clients" directory are now purged daily. * The preg_match for dev should check for dev. and devel. only. * Issue #1366564 - Use instance specific .octopus.cnf files. * Issue #1262988 - Use reliable test for upload progress availability. * Issue #1350028 - Make sure that all BOA pid files are removed on reboot. * Issue #1348906 - BOND script outdated _INSTALLER_VERSION variable fixed. * Issue #1321428 - Make sure that _SSH_PORT is written in /etc/ssh/sshd_config. ### Stable Edition BOA-1.4S ### Date: Mon, 24 October 2011 14:00:00 +0200 ### Installs Aegir stable 1.4S # Updated Octopus platforms: Acquia 7.8.7 ----------------- http://bit.ly/acquiadrupal Acquia Commons 2.2 ----------- http://acquia.com/drupalcommons CiviCRM 3.4.7 ---------------- http://civicrm.org CiviCRM 4.0.7 ---------------- http://civicrm.org Commerce Kickstart 1.0-rc4 --- http://drupalcommerce.org OpenPublic 1.0-beta3 --------- http://openpublicapp.com Ubercart 6.x-2.7 ------------- http://ubercart.org # New features: * Mobile devices detection for mobile-tablet, mobile-smart and mobile-other. * Mobile devices detection integrated with Redis/Memcached caches. * Mobile devices detection integrated with Boost cache. * Mobile devices detection integrated with Speed Booster cache. * Responsive Images 7.x module support. * New .barracuda.cnf and .octopus.cnf files for better configuration management. * Ubuntu Oneiric 11.10 is now fully supported. * Issue #1266912 - Support for Apache Solr Attachments - Tika. * Issue #1310082 - Disable XML Sitemap for dev automatically. * Support for fbconnect module. * Support testing->minimal->standard migrations for D7 out-of-the-box. * The Speed Booster $key_uri enhanced logic included in the default Nginx config. # Changes: * Nginx upgrade to 1.0.8 * Create mobile cache separate subdirs for Boost by default. * _MODULES_ON and _MODULES_OFF now forced also for D7 sites. * Do not force hosting_ignore_default_profiles by default. * Some o_contrib modules received updates - use _O_CONTRIB_UP=YES to apply them. * Allow 'contrib' subdirectory in the modules path for allowed PHP files. * Issue #1309996 - Extended support for common modules locations/paths. * Issue #1305542 - Do not overwrite php.ini and my.cnf if control files exist. * Add collectd to the auto-healing monitor and automated restart. * Disable l10n_update module by default to avoid issues when d.o servers are down. * Updated docs/SOLR.txt to explain how to configure any core to support 7.x. * Duplicate parts of Nginx config moved to maps in the parent server.tpl.php file. * Add 'drush pmi' to the list of displayed/allowed commands. * Issue #1243068 - Allow to override in override.global.inc also Redis/Memcached etc. * Deny known crawlers on the HTTPS proxy level. # Fixes: * The wkhtmltopdf binary should be always executable if exists. * Issue #1238200 - Use custom _SSH_PORT only in TCP_IN. * Make sure the keys for MariaDB or Percona are added to avoid broken install. * Issue #1307664 - Test repo.percona.com and ftp.osuosl.org availability. * Issue #1262988 - Missing upload_progress_test.conf breaks upgrade for older installs. * Issue #1281896 - Add some missing video types to mime.types in the Nginx config. * Do not use path_alias_cache in the Hostmaster site to avoid broken URL aliases. * Issue #1270724 and #1263124 - really use /tmp directory during 'drush dl module'. * Do not break admin/reports/status/rebuild URL in D7. ### Stable Edition 1.0-boa-T-8.10 ### Date: Mon, 5 September 2011 16:15:00 +0200. ### Installs Aegir stable 1.3.1 # New Octopus platforms: OpenChurch 1.21 -------------- http://openchurchsite.com # Updated Octopus platforms: Acquia 7.7.6 ----------------- http://bit.ly/acquiadrupal Acquia Commons 2.0 ----------- http://acquia.com/drupalcommons CiviCRM 3.4.5 ---------------- http://civicrm.org CiviCRM 4.0.5 ---------------- http://civicrm.org Conference 1.0-beta2 --------- http://usecod.com Drupal 7.8 ------------------- http://drupal.org/drupal-7.0 Drupal Commerce 1.0 ---------- http://drupalcommerce.org OpenPublic 1.0-beta2 7.8 ----- http://openpublicapp.com Ubercart 2.6 6.22 ------------ http://ubercart.org # Changes: * Drush Make upgrade to 2.3 * Drush upgrade to 4.5 * Nginx upgrade to 1.0.6 * MariaDB upgrade to 5.2.8 * Higher limit_conn for AdvAgg to support high async connections rate. # Fixes: * Tomcat runs as a separate 'tomcat' user instead of root. * Issue #1250448 - Textile 7 requires Vars module. * Issue #1248432 - support for CNAME records in the DNS check. # New features: * HTTP/HTTPS redirects example in the override.global.inc file. * Enabled by default HTTPS and HTTP sessions/cookies for D7. * Issue #1243068 - Allow to override $cache_module_path. ### Stable Edition 1.0-boa-T-8.9 ### Date: Sat, 30 July 2011 23:50:00 +0200. ### Installs Aegir HEAD 1.2.1 # Updated Octopus platforms: Drupal 7.7 ------------------- http://drupal.org/drupal-7.0 Acquia 7.7.5 ----------------- http://bit.ly/acquiadrupal OpenPublic 1.0-beta1 7.7 ----- http://openpublicapp.com Drupal Commerce 1.0-rc1 ------ http://drupalcommerce.org Open Atrium 1.0 6.22 --------- http://openatrium.com ProsePoint 0.40 6.22 --------- http://prosepoint.org # Fixes: * Two critical cache related bugs fixed in Nginx 1.0.5. * Critical Issue #1222208 - broken web-based cron for sites. * Issue #1223506 - cloning a site looses client site ownership. * Missing jquery.ui symlink in Conference COD breaks install. * Issue #1230420 - do not purge /tmp too aggressively. * Issue #1234470 - SSL proxy didn't respect HTTP wildcard. * Boost's false alarm about permissions silenced. * Permissions for sites/domain/private/* also fixed daily. # Changes: * Nginx upgrade to 1.0.5 * Chive upgrade to 0.5.1 * Web-based method set by default for sites cron in Aegir. # New features: * Speed Booster Purge experimental backend can be installed, but is not used in production yet - see _PURGE_MODE flag and Issue #1048000. ### Stable Edition 1.0-boa-T-8.8 ### Date: Thu, 15 July 2011 08:00:00 +0200 ### Installs Aegir stable 1.2 # New Octopus platforms: Drupal 7.4 ------------------- http://drupal.org/drupal-7.0 CiviCRM 3.4.4 ---------------- http://civicrm.org CiviCRM 4.0.4 ---------------- http://civicrm.org Videola 1.0-alpha1 ----------- http://videola.tv # Updated Octopus platforms: OpenPublic 1.0-beta1 7.4 ----- http://openpublicapp.com Drupal Commerce 1.0-beta4 ---- http://drupalcommerce.org Acquia Commons 1.7 ----------- http://acquia.com/drupalcommons Acquia 7.4.4 ----------------- http://bit.ly/acquiadrupal OpenScholar 2.0-beta11 ------- http://openscholar.harvard.edu Conference 1.0-beta1 --------- http://usecod.com # New features: * Speed Booster can be disabled per site or per platform. * Redis/Memcached can be disabled per site or per platform. * Redis/Memcached chained cache enabled also for anonymous visitors. * Support for private_upload module added. * Support for static sites/domain/files/robots.txt file per site #1173954. * New _HTTP_WILDCARD Barracuda option for Nginx configuration #1152316. * New _XTRAS_LIST Barracuda option to define extras to be used. * Scripts to add extra ftp or lshell standard or lshell master users. * New _PLATFORMS_LIST Octopus option to configure the list of platforms. * You can migrate sites between some installation profiles by default: Drupal/Pressflow -> Acquia Acquia -> Drupal/Pressflow Acquia -> CiviCRM 3 Cocomore/CDC/DrupalCenter -> Pressflow * New _O_CONTRIB_UP Octopus option to upgrade last two contrib sets. # Changes: * Migration from commercedev to commerce_kickstart profile. * More system info stored in BOA logs to help with debugging. * Nginx config - deny access to /hosting/c/server_master. * Better how-to in the override.global.inc template. * Chive upgrade to 0.4.2 * Nginx upgrade to 1.0.4 # Fixes: * OpenPublic password policy issue fixed on site install. * OpenScholar missing libraries issue fixed. * Issue #1213094 - FServer platform missing module fixed. * Mollom problem when running via (SSL) proxy fixed. * Issue #1209150 - always use _MY_OWNIP when defined. * Issue #1208386 - fix for broken csf configuration template. * Boost cache write permissions after site migration fixed. * Nginx config - better support for CiviCRM. * Issue #1198572 - do not run SMTP check if _SMTP_RELAY_HOST is set. * Forced PHP-FPM rebuild on MariaDB 5.2.7 upgrade. * Issue #1196006 - fixed Nginx X-Accel-Redirect support. * Security Issue #1197172 - bypass access restrictions to protected files fixed. * Issue #1182680 - fixed support for backup_migrate module. * Issue #1182582 - fixed search paths for node.js, image.jpg etc. * Critical Issue #1183500 #1182660 - fall back to the wildcard * in Nginx. * Issue #962188 - Nginx version check in vhost.tpl.php now works. * Issue #1170498 - Extra config variable was missing in Nginx config templates. * Percona upgrade path fixed. * Broken dev version of the backup_migrate module replaced with stable. * Use correct platforms versions numbers in the ftp symlinks. ### Stable Edition 1.0-boa-T-8.7 ### Date: Mon, 30 May 2011 11:40:00 +0200 ### Installs Aegir HEAD 1.1.2 1. Fixed critical issue with MariaDB upgrade from 5.1 to 5.2 2. Fixed critical issue with Nginx build. 3. Fixed critical issue with Feature Server platform build. 4. Added upgrade monitor. ### Stable Edition 1.0-boa-T-8.6 ### Date: Sun, 29 May 2011 13:30:00 +0200 ### Installs Aegir HEAD 1.1.2 ---------------------------------------- # Added or upgraded since January 2011 ---------------------------------------- * Added support for install and upgrade to Percona Server 5.5 * MariaDB server upgraded to version 5.2.6. * Nginx server upgraded to version Barracuda/1.0.2 * Added support for Debian Squeeze and Ubunty Natty. * Open Atrium includes extra features: Atrium Folders: http://bit.ly/oafolders Ideation: http://bit.ly/oaideation * Hostmaster platform comes with ready to enable extra modules: http://drupal.org/project/hosting_backup_queue http://drupal.org/project/hosting_backup_gc http://drupal.org/project/hosting_upload * New Octopus platforms: OpenPublic 1.0-beta1 --------- http://openpublicapp.com NodeStream 1.0 --------------- http://nodestream.org Drupal Commons 1.6 ----------- http://acquia.com/drupalcommons OpenScholar 2.0-beta10-1 ----- http://openscholar.harvard.edu Conference 1.0-alpha3 -------- http://usecod.com Open Enterprise 1.0-beta3 ---- http://leveltendesign.com/enterprise Acquia 7.2.2 ----------------- http://bit.ly/acquiadrupal Drupal Commerce 1.0-beta3 ---- http://drupalcommerce.org * Basic Drupal 6 and Drupal 7 platforms now come in three instances, to make your standard workflow easier for: -dev, -stage and -prod, with correct suffix: D.00x, S.00x and P.00x in the platform name. * Speed Booster cache for 5.x, 6.x and 7.x Drupal platforms. This new feature adds super fast caching for anonymous visitors, and yes! - also for logged in users (cache per user) directly on the web server level - no Drupal module required. It works for all platforms, except of Ubercart, Commerce and any platform with ubercart in sites/all/modules/ubercart. * Support for secure ubercart keys location to use ../keys path. * The filefield_nginx_progress now also in every 7.x platform. * Drush upgraded to version 4.4 * Drush Make upgraded to version 2.2 * Redis cache server upgraded to version 2.0.5 * PHP-FPM server upgraded to version 5.2.17 * APC upgraded to version 3.1.9 * Memcache extension replaced with memcached and libmemcached. * Chive database manager upgraded to version 0.4.1 * Added support for robotstxt module in all new 6.x based platforms. * Drush gm / generate-makefile command added as allowed to lshell. * Git over ssh added as allowed to lshell. ---------------------------------------- # Improvements since January 2011 ---------------------------------------- * Speed Booster now works also in the Aegir Master Instance. * Full Barracuda install takes only 30 minutes (tested on Linode). * Nginx abuse guard is now integrated with csf firewall. * Bots/crawlers are now denied on any "dev" type subdomain. * The pdnsd server install is now optional. * The csf/lfd firewall install is now optional. * Limited shell configuration is now updated on every upgrade. * Auto-tuning in Barracuda leaves more memory for MyISAM etc. * Aegir runs cron for D5 and D6 sites using Wget instead of Drush to leverage APC cache, while D7 can use built-in poormanscron. * Many improvements in the Speed Booster cache configuration. * Improved memcached/redis cache bins configuration. * The o_contrib modules now symlinked also in custom platforms. * Boost directories created automatically also in custom platforms. * Improved web server self-healing monitor. * PHP notices no longer displayed for dev subdomains, only errors. * Many improvements in the Nginx configuration - now it's faster. * Permissions on uploaded modules, themes and files are now automatically fixed every morning to help with post-import issues. * Almost all 6.x platforms now come with performance related modules already enabled and configured on site install by default. * Nginx config - now doesn't use php-fpm to serve fckeditor files. * Introduced possibility to add upgrade-safe custom Nginx rewrite rules to support transparent migration of legacy URLs/content. * Aegir Hostmaster control panel received extra caching and speed. * Better support for securepages 1.9 with forced secure cookies. * Better support for dynamically created base_url for http/https. * Too generic D7 profile names replaced with unique Drupal 7 names. * A few new commands have been added to your Aegir Drush Shell (SSH). * You can use git to manage the code and rsync to manage backups. * Useful new commands from Drush v.4 are now available. * Now it is possible to delete old sites backups created in Aegir. * You can access Aegir backups also via SSH or SFTP/FTPS. * You can cancel queued task in Aegir before it is started. * The "dev" anywhere in the subdomain enables all PHP errors. * You can use "dev" type alias for live site for easier debugging. * Added support for imagecache_external module. * It is possible to safely delete any not used platforms on request. * Access to static files allowed only for currently used domain. * Added crossdomain.xml in the root of every new platform. * New rewrite introduced to map /files to /sites/domain/files, /images to /sites/domain/files/images and /downloads to /sites/domain/files/downloads. * The standard /update.php works again, however using "drush dbup" command is recommended. * The "drush mup" command allows now to upgrade contributed modules. ---------------------------------------- # Fixes since January 2011 ---------------------------------------- * Auto-healing no longer starts concurrent servers when InnoDB start takes more time on servers with big or many databases. * Hostname is no longer reverted to default on Linode and similar. * Barracuda supports now both old and new Mailx behavior. * All platforms paths and symlinks include core version numbers. * Fixed some memory issues with Virtuozzo family systems. * Fixed issue with broken site when non-lowercase domain was used on Migrate or Clone task. * Fixed upgrade path for Drupal 5 * Fixed double slash in the images paths issue in the Pressflow core. * Speed Booster cookies shouldn't be sent for imagecache/styles and AdvAgg module dynamic requests. * Speed Booster shouldn't cache imagecache/styles and AdvAgg module dynamic requests on the Nginx level. * Nginx upgrade to 1.0.0 fixes known issue with random but very high CPU load on Nginx server configuration reload/restart. * Fix for critical bug causing sessions issues on older sites without $cookie_domain set in settings.php when speed booster is enabled. * The session.cookie_secure is no longer forced in D6 platforms. * Security issue #1098304 - domain aliases were not sanitized. * Nginx config - proper fix for broken wysiwyg pop-ups. * Fixed issue with Nginx configuration for private files access. * The authorize.php added to allowed php files - required in D7. * Known issue with paths to files not rewritten is now fixed. * Known issue with sites cron semaphore in Aegir now resolved. * Known issue with PHP notices breaking some Aegir tasks resolved. * Fixed web server rewrites to support "ad" module. * Fixed Aegir issue with .info and .pl domains extensions. * Drush make via SSH now works as expected. * Fixed Nginx issue with /system/ paths and static files or images. * Fixed issue with broken site when non-lowercase domain was used. ---------------------------------------- # Other changes ---------------------------------------- * Forced public downloads for all 6.x platforms, except of ubercart. * Boost crawler option is now denied for performance reasons. * Forced log-out on browser quit only for Aegir control panel. ### Project and issue queue moved to Drupal.org ### Date: Sat, 7 May 2011 14:00:00 +0200 ### http://drupal.org/project/barracuda ### http://drupal.org/project/octopus ### Stable Edition 1.0-boa-T-8.5 ### Date: Tue, 3 May 2011 14:30:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.4 ### Date: Sun, 1 May 2011 23:30:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.3 ### Date: Sat, 30 Apr 2011 20:15:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.2 ### Date: Tue, 26 Apr 2011 21:45:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8.1 ### Date: Wed, 20 Apr 2011 19:30:00 +0200 ### Installs Aegir stable 1.1 ### Stable Edition 1.0-boa-T-8 ### Date: Mon, 18 Apr 2011 20:15:00 +0200 ### Installs Aegir stable 1.0 ### Stable Edition 1.0-boa-T-5 ### Date: Fri, 8 Apr 2011 19:15:00 +0200 ### Installs Aegir working HEAD after 1.0-rc6 ### Stable Edition 1.0-boa-T-2 ### Date: Wed, 6 Apr 2011 01:34:40 +0200 ### Installs Aegir working HEAD before 1.0-rc3 ### Stable Edition 1.0-boa-T ### Date: Mon, 14 Mar 2011 02:43:15 +0100 ### Stable Edition 0.4-boa-C ### Date: Thu, 10 Feb 2011 04:41:57 +0100 ### For changes/improvements between 2010-09-24 and 2010-12-31 please see comments in the commits history. ### ### Thu, 2010-09-23 17:30 - Edition 0.4-HEAD-A14.B Added/Fixed: (upgrade for all pre-A14.A required) 1. Introducing default SSL Wildcard Nginx Proxy. Works for all sites/hostmaster instances on the same server and can be used also for encrypted connections to Chive and Collectd. Doesn't interfere even with SSL enabled sites on the same IP (with separate certs). 2. The redirects are now back and enhanced. Fully compatible with Nginx in any combination with aliases and SSL settings/modes. 3. Barracuda and Octopus by default installs still Aegir HEAD, but the latest alpha14 also works. 4. Octopus can define its separate IP address if available. 5. Fixed issue with too aggressive Hot Sauce check, causing creating not shared copies of code for platforms on every install or upgrade. 6. Barracuda and Octopus now allows to skip DNS test, to make it possible to install on any virtualbox with dynamic DNS/IP etc. There is no guarantee it will work, but another switch is now available, if someone needs it. 7. Octopus can now turn off local Memcache and Redis caches and switch all sites to use defined remote caches. 8. Forced /etc/apt/sources.list rewrite also before the Barracuda system upgrade. 9. Fix for the already installed and possibly broken git-core. 10. Fix for Aegir sites with .info domains, the path alias should now work without 403 error. ### Fri, 2010-09-17 11:00 - Edition 0.4-HEAD-A14.A Added/Fixed: (upgrade required) 1. Barracuda and Octopus by default installs now Aegir HEAD to use the fix for critical issue on sites import. It will be included in alpha14, please don't use alpha13. 2. Debian Lenny on 32bit systems works again. Fix for broken git-core after upgrade to version: 1:1.5.6.5-3+lenny3.1 on Lenny 32bit. 3. Fix and better inline warnings/info about missing locales at Linode and RackSpaceCloud. 4. More details in the installer log for better debugging and version tracking. 5. E-mail address for alerts on database repair started by auto-healing now correctly replaced. 6. Redis for Lenny now built from sources due to apt version moved already to Squeeze. 7. Critical bugfix for failed platforms install when hostmaster is not upgraded. 8. Introducing simple edition archive: http://omega8.cc/dev/bo-a14a.tar.gz 9. Octopus now better supports using newer shared code for platforms and introduces new setting: _HOT_SAUCE to allow forced fresh/hot code. ### Tue, 2010-09-12 21:50 - Edition 0.4-HEAD-A13.A Added/Fixed: (upgrade recommended) 1. Octopus now creates SSH/FTPS separate, non-aegir account for every Aegir Satellite Instance, with limited shell to avoid using commands like "drush up" since they should never be used on sites managed in the Aegir system. 2. Octopus now by default sends a welcome e-mail with some useful intro information and access details to the address defined as _CLIENT_EMAIL. 3. When Octopus is used the first time to create an Aegir Satellite Instance, it doesn't allow to skip installing all platforms, since it is recommended to add all available platforms with initial install, for easier re-using the code by next Aegir Satellite Instances. 4. The second and all future non-core Hostmaster installs allow to choose one or more platforms or to skip adding platforms at all. 5. Octopus by default honors initial domain used for the Aegir Satellite Instance on every upgrade to avoid mistakes with using different copies of the script for different Aegir Satellite Instances upgrades. 6. Also Barracuda will always honor initial domain used for the core Hostmaster to avoid mistakes on upgrade when you don't use the original version of the script. 7. Better checks if the script is running as root. 8. Removed memcache module since cache is used. 9. SMTP connection test is now optional. 10. Nginx version set to 0.8.50. 11. By default Aegir 0.4-HEAD instead of alpha13 is now installed to fix critical issues with importing sites. See also: http://drupal.org/node/907248 12. Solr and Chive are now optional (Yes/no). 13. Added optional install of Collectd monitor. 14. Fixed issue with SSL mode. 15. Better compatibility for upgrades from pre-Barracuda Nginx installs. 16. Now it doesn't start cron before completing all install tasks to avoid breaking spinner. 17. Both Barracuda and Octopus now can better support re-starting stopped install/upgrade. 18. Octopus now refuses to run if defined domain doesn't resolve yet to the server IP address. 19. Octopus now refuses to run on system not created initially by Barracuda installer. 20. Custom FQDN hostname is now forced (if defined) in Barracuda before running DNS checks. 21. Fix for some missing mime types in vanilla Nginx. 22. Updated versions of Open Atrium, Drupal Commons and Cocomore Drupal distros installed by Octopus. 23. Lowered memory defaults in the MariaDB configuration. ### Tue, 2010-08-31 23:50 - Edition 0.4-HEAD-A12.D Added/Fixed: (upgrade recommended because it works!) 1. Upgrade of Aegir Master Instance by Barracuda and upgrade of Aegir Satellite Instances by Octopus finally works as expected. 2. It is now possible to use Barracuda to install environment and Aegir Master Instance, to upgrade only environment, to upgrade only Aegir Master Instance, or both at the same time. 3. Octopus now can separately install and/or upgrade any Aegir Satellite Instance or any platform on any instance, separately, using detailed prompt with version numbers and links to distributions home pages. 4. New platform Cocomore Drupal added in Octopus: http://drupal.cocomore.com ### Sat, 2010-08-28 20:15 - Edition 0.4-HEAD-A12.C Added/Fixed: (upgrade recommended) 1. By default Aegir 0.4-HEAD with Drush 3.3 is now installed to fix critical issues with importing sites. The fix is also available as a patch for alpha12: http://drupal.org/node/882970#comment-3382542 2. Both Barracuda and Octopus now allow to choose if the Aegir Hostmaster will be upgraded or not. 3. Added versions numbers and links to all platforms Yes/no prompts. 4. /tmp directory no longer used to avoid problems due to secure noexec mount. 5. Improved readme and docs (in progress). 6. Removed old, no longer supported installer. ### Fri, 2010-08-27 04:15 - Edition 0.4-alpha12-A12.B Added/Fixed: (upgrade optional) 1. Octopus now allows to install or upgrade only Aegir Satellite Instance without any platforms added. 2. Enabled again early exit on the first error to avoid confusing cascade of errors if something went wrong. 3. Both Barracuda and Octopus runs now faster. ### Thu, 2010-08-26 19:30 - Edition 0.4-alpha12-A12.A Added/Fixed: (upgrade from previous versions recommended) 1. Barracuda now includes multicore Apache Solr Search, Redis and Memcache. 2. Barracuda now can upgrade packages selectively. Just run it again to upgrade the system and the Aegir Master Instance. 3. Octopus can create many Aegir Satellite Instances on the same server, each with different set of platforms, but with ability to share the code between instances, so you can use this system even on the low end VPS. 4. Chive database manager added by default with db. subdomain (may require dns entry or wildcard). ### Thu, 2010-08-26 08:55 - Edition 0.4-alpha12-A12.A Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-alpha12 with Drush 3.3 is now installed. 2. Introduced new Octopus and Barracuda installers. See README.txt for more information. Both are in pre-alpha debugging phase. 3. All installers code and helpers now hosted on GitHub. ### Thu, 2010-08-18 21:30 - Edition 0.4-HEAD-A11.B Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-HEAD with Drush 3.3 is now installed. 2. Introduced support for Virtuozzo/OpenVZ IP address automatic discovery. ### Thu, 2010-08-12 22:15 - Edition 0.4-alpha11-A11.A Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-alpha11 with Drush 3.3 is now installed. 2. PHP-FPM version is now 5.2.14. 3. Improved UX - only interesting status messages are now displayed. 4. Hostmaster root directory now properly named using Aegir version: '-0.4-alpha11' or '-HEAD'. ### Thu, 2010-08-12 06:10 - Edition 0.4-alpha10-A10.A Added/Fixed: (upgrade from previous versions recommended) 1. By default Aegir 0.4-alpha10 with Drush 3.3 is now installed. 2. Nginx version is now 0.8.49, MariaDB is 5.1.49 and Drupal is 6.19. 3. Fixed freezing request on the first /admin hit. 4. Better tuned Nginx, PHP-FPM and MariaDB settings. 5. Various small improvements in the code. ### Thu, 2010-08-07 06:10 - Edition 0.4-alpha9-A9.F Added/Fixed: (upgrade of existing installs not required) 1. By default latest HEAD from git.aegirproject.org is now installed, due to critical bug found, see this for details: http://drupal.org/node/874716 The default install will be reverted to 0.4-alpha10 when it will be released. You can use 0.4-alpha9 with caution (just don't use remote servers new feature to stay safe). 2. Fixed problem with setting up FQDN hostname on Linode based servers. The fix can help also with other providers probably. 3. Installer now writes date and version used in file: /var/aegir/config/includes/installer_version.txt ### Thu, 2010-08-05 22:00 Added/Fixed: (upgrade of existing installs not required) 1. Fixed critical problem with Drush broken due to change of URL to the required php library: http://drupal.org/node/875196 2. Aegir version is now configurable. By default latest 0.4-alpha9 will be installed, but it is also possible to install latest HEAD from git.aegirproject.org. 3. Aegir front-end (sub)domain is now configurable and can be different than machine FQDN hostname. 4. Machine FQDN hostname and IP is now configurable. 5. Nginx version updated to 0.8.48. 6. Fixed progress spinner on Ubuntu. 7. Fixed problem with automatic ionCube loader discovery of required version 32/64 bit. ### Mon, 2010-08-02 01:08 Added/Fixed: 1. Added automatic, full support for Ubuntu Lucid and Karmic. 2. If there is no FQDN hostname, we are trying to set it using reverse IP hostname, if exists. 3. Now we are trying both `uname -n` and `hostname -f` to make sure if the FQDN hostname is already set, but not available with `uname -n` test. 4. Added support for ionCube Loader with automatic discovery of required version 32/64 bit. ### Sat, 2010-07-31 18:00 Added/Fixed: 1. Simplified installer by removing unnecessary duplicate prompts in the original embedded install script. 2. Check for SMTP outgoing port 25 now fully automated. 3. Even more fun added :) ### Fri, 2010-07-30 19:00 Added/Removed: 1. New all-in-one installer for Debian 5.0 Lenny Aegir 0.4-alpha9 compatible. 2. Removed deprecated scripts & how-to. ### Sat, 2010-02-06 23:55 Added/Fixed: 1. Missing --with-libevent=shared added in php-fpm-install.txt http://github.com/omega8cc/boa/issues/#issue/2 2. Debian specific stuff added in php-fpm-install.txt to allow easy install on vanilla vps. 3. Xcache replaced with APC and Memcache install added. ### Wed, 2010-02-03 06:37 Added/Fixed: 1. mkdir for required cache dirs added in nginx-install.txt http://github.com/omega8cc/boa/issues#issue/1 ### Fri, 2010-01-29 06:37 Added/Fixed: 1. FCKeditor/CKEditor fix for .xml files. 2. Security: deny direct access to backup_migrate directory. ### Mon, 2010-01-11 01:46 1. Added custom fix required only when using purl, spaces & og for modules: ajax_comments, watcher and fasttoggle. 2. Simplified rewrite rules for location @drupal resolves also some problems with imagecache. 3. Changed order of try_files for Boost to match newer version of dirs structure first. ### Tue, 2009-12-01 16:19 Added/Fixed: 1. Latest Boost compatibility for /cache/normal & /cache/perm. 2. Json cache for Boost added. 3. Fix for xml/feed Boost cache files with .html extension. 4. Fix for xml/feed Boost cache correct mime type.