Harder, Better, Faster, Stronger (v1.1.0)

After our big 1.0.0 release, here the next minor update. It features mainly High Availability of Keycloak, better high availability of RabbitMQ, plus a switch to Elasticsearch 7 with a migration from Searchguard to OpenDistro. Please read the Changes section carefully as there is an important thing regarding Elasticsearch upgrades.

Changes:

• Move from Searchguard to Opendistro #1232
  IMPORTANT: You cannot upgrade from a Lagoon 0.x.x Version directly to 1.1.0, as the included Elasticsearch would try to upgrade from 6.6 to 7 which is not possible. Only upgrades from Elasticsearch 6.6 (included in Lagoon 0.x) to Elasticsearch 6.8 (included in Lagoon 1.0.x) to Elasticsearch 7 (included in Lagoon 1.1.x) are possible. So if you are on 0.x.x, upgrade to 1.0.x first and then to 1.1.0.
• Disable PHP notices on production environments by default #1162
• Add Drush launcher to /bin, with Drush 8 fallback #1183
• Adjust k8up backup webhooks for new format #1167
• Give default project user maintainer role #1252
  IMPORTANT: This is a change from 1.0.0! In 1.0.0 the default project user had the guest role. This caused drush sql-sync tasks in post-rollout to fail, as soon as #1229 has been merged, this will change back to the guest role.

Features:

• add migrate-resize-pv.sh script #1201

Bugfixes:

• Fix API slowness by caching keycloak authz response per API request #1222
• Fix API slowness in getBackupsByEnvironmentId resolver #1180 #1223
• Resolver for Backup > Environment was missing #1223
• deleteProject mutation not working (#1227)
• API queries/mutations related to environment variables always returned permission denied #1259
• Fix removeNotificationFromProject mutation #1261
• Renamed the VARNISH_UNSET_HEADER_CACHE_TAGS variable to VARNISH_SET_HEADER_CACHE_TAGS #1264

Improvements:

• Implement Native Cronjob Removal #1178
• Added containers for Node version 12 #1216
• Adding end of life notification for node versions v6 and v9 and upcoming end of life for node v8 #1215
• Update Lagoon node packages #1218
• Set RabbitMQ policy to enable Mirrored Queue by default for all "lagoon-" queues #1226
• Add group listing API queries/resolvers #1228
• Cleanup of tests #1231
• High Available Keycloak #1235
• Update Lagoon internal Node services to Node 10 #1240
• Makefile still references node 8 deps #1262
• Support for search_api_solr 8.x-3.x module with Solr 7.x #1246
• Updating to NewRelic Agent 9.1.0.246 #1248
• MariaDB Galera: add check package #1253
• deploymentconfigs and pods don't need to be deleted manually anymore #1257
• Use of REDIS_SERVICE_PORT instead of REDIS_PORT #1263
• Drush Config: define backup-dir #1266

Documentation:

• Allow Xdebug to work with .twig files #1239
• addSshKey schema change: userId changed to UserInput #1243
• RBAC doc changes #1245
• Update Drush 9 doc to include fix for updating drush aliases and rsync between remote envs #1256
• Kibana examples docs update #1268

101+1 Lagoons (v1.0.2)

1.0.2 is just a short hotfix for 1.0.0. Unfortunately Drupal does not support the newest Redis 5.0.0 release and therefore we reverted back to redis 4.3.0 in PHP Images. At the same time we also solved some documentation and Node.js issues.

Changes:

• Reverting #1135 and going back to PHPRedis 4.3.0 for all PHP Versions as Drupal 8 and Drupal 7 is not ready for Redis 5.0.0 yet. - #1206

Features:

• none

Bugfixes:

• Force installing nghttp2-libs as the upstream image shipped an outdated version of the library #1209 and #1213

Improvements:

• none

Documentation:

• added example for deleting environment #1211
• Small fix to use use the correct Loadbalancer name #1204
• Documentation Edits #1205

Lagoon Episode I: The permission wars (v1.0.0)

Today we feel as excited as we where exactly two years ago when we launched Lagoon two years ago.
Today we launch Lagoon Version 1.0.0, the first Major Version jump of Lagoon. We want to thank everybody who made this possible:

❤️ Our employees that work every day to improve Lagoon and make it better
💚 All the companies, enterprises, governments and freelancers that use Lagoon believe in Open Source and support it
💙 All contributors to the repository that decide to spend additional minutes to open a ticket, create a pull request or just like the project.

Thanks everybody for this, we always believed that Lagoon could make it that far, but without you it would never have happened.

As this is a major version jump there will be a dedicated upgrade documentation be created. But as it is a bit complicated we do not suggest to upgrade just now, but instead wait for 1.0.x and the upgrade documentation.

Edit - July 29 2020:
Here is a gist with the steps to upgrade to 1.0.0 - YMMV but this should get you there!

Changes:

• Groups and Subgroups instead of Customers. Starting in Lagoon 1.0.0 customers as we know if from v0.24.0 are gone: There are Groups instead. Projects can be assigned to one or multiple Groups. Users are added to Groups with a Role (see RBAC). Groups can be nested within Subgroups. This change provides a lot more flexibility and the possibility to recreate real world teams within Lagoon. The migration script will create for each existing customer a new group. #1200
• Role Based Access Control (RBAC). When assigning a user to a group, you need to provide a role for that user inside this group. Each one of the 5 current existing roles gives the user different permissions to the group and projects assigned to the group. There is a [full overview of all Roles existing]. The migration script will give each user the "Owner" Role. (https://docs.google.com/spreadsheets/d/1SBf7LxxgbJoefFg00DKA4m8HAshUjVpRHuqN3p_MyI4/edit?usp=sharing).
• Private Keys for Customers are now assigned to Projects. As we removed Customers and Projects can have multiple Groups assigned, the private keys for a project (which is used to access the git code) is now saved on the project directly. The migration script will assign the existing private keys from the customer directly to the projects. #1200
• amazeeio/elasticsearch:latest amazeeio/kibana:latest amazeeio/logstash:latest are not updated anymore! We now have versions for 6 and 7, like: amazeeio/elasticsearch:6 #1179
• Updated makefile and php Dockerfiles to pin correct alpine version for php 7.0 #1136
• Upgrading to PHPRedis 5.0.0 for PHP 7 and pin PHPRedis version 4.3.0 for PHP 5.6 image building process due to PHPRedis 5.0.0 dropping PHP5 support #1135

Features:

• If you don't provide any ssh private key during creation of a project, Lagoon will create a key pair automatically. #1200
• Prioritize production environments #995

Bugfixes:

• Projects with Promote Deployment Types do not create k8up objects - #1192
• Improved how fluentd handles connection interruptions #1171
• Retry API requests that timeout and reduce API load when syncing backups #1160
• Upgrade git-url-parse package to remove errant colon in UI #1066
• Exit and fail the deployment if the docker-host is not reachable #1143

Improvements:

• Searchguard is now using Groups instead of Projects for it's permissions. #1200
• Allow CronJobs to be scheduled on build nodes. #1196
• Allow any additional configurations to be added to elasticsearch #1188 #1182
• docker-host images now use the versioned amazeeio/docker-host:latest which is updated on every lagoon release and not on merges to master #1187
• exited containers are removed every 4 hours from docker-host #1187
• Update Drush to v8.3.0 #1185
• Update Drupal Console to v1.9.1 #1185
• Updating Composer to v1.9.0 #1184
• Bumps lodash.mergewith from 4.6.1 to 4.6.2. #1149
• Bump lodash.merge from 4.6.1 to 4.6.2 #1148
• Set memory resource limits for cli DeploymentConfigs (#1140)
• Xdebug will be enabled only if XDEBUG_ENABLE variable has a value #1170
• Allow adjustable interval in service idler (#1138)
• Check running builds and pods before idling (#1138)
• Allow services to be force idled manually ./idle-services.sh force #1139
• Enable much larger environment variable definitions in api #1133
• Also publish -latest suffix images for baseimages with versions #1131
• MDEV-17429 has been fixed, using newest mariadb-client again 821050d

Documentation:

• Update Dockerfile naming convention to .dockerfile #1190
• adding information hint for transition between CA certs and LE certs #1186
• Fixes small grammar issue in test documentation #1166
• Don't use "here" as link text #1163
• Document how to gracefully shutdown node.js containers #1159

24 (v0.24.0)

Nothing super crazy here, just some smaller bug-fixes and improvements. Jack Bauer would be proud for a quiet day.

Features:

• none

Changes:

• none

Bugfixes:

• Close hanging SQL connections related to API subscriptions #1113
• Use SAFE_PROJECT for bucket names in backup schedule
• add -f to force cleanup of build images #1128

Improvements:

• Bump axios from 0.18.0 to 0.18.1 #1112
• Bump js-yaml from 3.13.0 to 3.13.1 #1117
• Update mariadb-client to 10.2.24-r0 #1119
• Updated composer to v1.8.6 #1121 #1122
• Allow Lagoon to run with one pod a976730
• backoffLimit: 0 for cli pods 15d43f3
• remote logs-forwarder with better back-off 1d12d96

Documentation:

• none

Let's try that again, shall we? (v0.23.2)

Here another small release that addresses a Bugfix plus small new features and improvements that will make people happy.

Features:

• Add order field to allProjects and allEnvironments GraphQL API endpoints (#1109)
• Smal script that updates all liveness and readiness checks of nginx-php pods 5d85dae

Changes:

• none

Bugfixes:

• Fix broken Backup Page in UI - d89447f

Improvements:

• Liveness and Readiness checks of containers run every 10 secs instead of 5 (lower load for the cluster) - 28788b6

Documentation:

• none

Do, or do not. There is no try (v0.23.1)

We tried and we failed (a bit). Therefore there is a new release right after the big v0.23.0 one. This brings mostly improvements for the k8up integration and a new env variable:

Features:

• Provides support for a new .lagoon.env env file for catch-all variables #1108

Changes:

• none

Bugfixes:

• none

Improvements:

• Multiple Improvements for k8up integration #1110

Documentation:

• none

CLI Pods? Where we're going we don't need CLI pods. (v0.23.0)

This release has one big focus: idling CLI pods and cluster load overall. Currently we keep CLI pods alive in order for them to run Cron Jobs and do backups for shared MariaDB in coordination with k8up. But this means we have many pods running which are not really necessary, so this release changes that:

1. Cron Jobs are now not running in CLI Pod anymore, but instead we use Native Kubernetes CronJob objects. These CronJob will start a pod for each run which is then removed again. This reduces the load on the cluster dramatically and should free up some resources in our bigger clusters. One important thing: if there is a cronjob defined that runs more often than every 15mins, we still create them inside the CLI pods as the native CronJob objects would put too much load on the cluster if we start a new pod every minute.
2. k8up (our BaaS System) has now support for PreBackupPods. Which allows k8up to start a new pod during the backup. Until now we used the CLI pods to provide backups from a shared MariaDB system. Now k8up starts a pod during the backup which is also removed after the backup has finished.
   These two changes allow Lagoon to idle CLI pods and therefore reduce the Cluster load. They are of course automatically started again during pre- and post-deploy tasks and if somebody connects via SSH.

Another notable change regarding cluster load is the switch from exec readiness and liveness checks, to tcpSocket for php containers. Up until now we used small shell scripts to check the health of php containers. Unfortunately we see on Kubernetes/OpenShift Clusters with bigger nodes (100+ pods per node), that the performance of the kubelet and Docker daemon can drastically decrease as exec checks run an actual docker exec, which for big nodes can end up with 50 docker exec per second (!). Using tcpSocket checks does not put any load on the Docker daemon and should allow the clusters overall to run much smoother.

Features:

• Support for PreBackupPods together with k8up #1097
• Script to locate orphaned Ansible service broker Mariadb databases #1079

Changes:

• Idle CLI pods that don't have any cronjobs defined. If a cron is less often than 15 minutes, run it in a cronjob type rather than in the existing pod. #1031 #1105 #1106
• Allows the python-ckandatapusher image to have a configurable port #1071
• Create a new python-ckandatapusher service type that listens on the existing port #1071
• Update to composer v1.8.5 in php-cli Images #1041
• Update Drush v8.2.2 to v8.2.3 in php-cli Images #1024
• Update Drupal Console to 1.8.0 #1011

Bugfixes:

• Fix typo in typeDefs.js #1084
• Removed $ character from slack logs notification link #1073
• Fix problems when using SSH keys with a non-root users. #1033
• Fix UI subscriptions #1014
• Fixing curator runs by making sure .bashrc is sourced for cronjobs #1010

Improvements:

• Added icons in UI for "dev env in use" and task files #1095
• Solr Drupal 7.5: correct solr.install.dir in solrcore.properties file #1094
• Updated dsql and dfiles aliases #1092
• Replace gatter with gather #1087
• Added timeout to exit from the possible never ending loop when provisioning shared mariadb #1086
• Updating liveness and readiness checks for PHP to use TCPsocket #1085
• add findutils to php-cli image #1077
• Allow dashboard log container to be "full height" #1065
• Update gitlabProjectCreate webhook handler to correctly create Project #1055
• docker-host pruning is more thorough by removing all images older than 7 days, additionally we take care of potentially exited containers that prevented cleanup #1053
• Auto Idler checks if there are any running builds for a project, and also if there are any processes running beyond the entrypoint #1039
• support for WebP in php-fpm images #1029
• docker-host: Use extended regex to allow use of pipes in REPOSITORY_TO_UPDATE variable #1027
• Each API request will generate a new MariaDB connection #1012
• Ensure the searchguard init script is only run on initial deployment #908

Documentation:

• fix graphql query #1081
• Better Documentation of the addProject mutation #1080
• Make the contrib guidelines easier accessable #1078
• document Drush 9 alias generation #1068
• fixed link to GraphQL API #1056
• Mention VirtualBox requirement on the Development Setup page #1054
• Styling improvements #1043
• Ignoring the site directory when building the documentation locally #1043
• fixed broken document links #1037
• Improved MySQL Documentation #1035
• Adding remarks to .lagoon.yml #1015

rest2task - So Long, and Thanks for All the Fish (v0.22.1)

With this version of Lagoon we start to deprecate the rest2task service in favor of the GraphQL API. rest2task was created as a small workaround as the GraphQL API did not have any mutations in the beginning of Lagoon. Now as the GraphQL API is fully grown and mature we can deprecate the rest2task for good. In this version http requests to rest2task still work, but a friendly HTTP header and a message in the response body will inform you that rest2tasks is deprecated (the HTTP return code is still 200 though). In future Versions rest2tasks will be completely disabled. Thank you rest2tasks!

Features:

• Varnish Image: allow to define listen and management listen ports (#900)
• API has new mutations for triggering deployments (#894)

Changes:

• API requires new deployment information when creating/updating environments (#894)
• rest2tasks is deprecated in favor of GraphQL API (#894)

Bugfixes:

• Fixed a few styling regressions in the UI caused by #976 (#986)
• UI/API load too much task data and logs and causes slow page loads and timeouts (#961)
• Fixing an issue with route generation on PolySites (#915)
• Fixing a small bug in the api-db duplicate ssh key script (#1005)
• address duplicate values in LAGOON_ROUTES (#1000)
• Fixing small issues in logs-db-forwarder (aka fluentd) (#1006)

Improvements:

• Prevent a previously-moved newrelic.disabled file from causing an error at container restart (#979)
• upgrade New Relic agent to 8.6.0.238 and enable for php 7.3. (#966)
• Shorter expire time for S3 links and use in more places (#999)
• Upgraded all node modules (#994)
• Better UI/API error handling (#987)
• UI can now trigger new deployments for environments (#838)
• Skip pull request deploys from forked repos (#789)
• Add ability to disable auto-idle per environment (#980)

Documentation:

• none

the Blocklist (v0.22.0)

As we are working on a full overhaul of the permission system in Lagoon (is there a version 1.0.0 on it's way??) we have some Lagoon installations that need to protect some users from themselves and we implement a blacklist env variable which allows to disable some GraphQL Mutations from regular users to be used.
As soon as we have the RBAC based system running, this will be obsolete and removed again.

Features:

• Add environment variable to restrict API operations to admins only (#977)
• Python 2.7 and 3.7 Base Images (#897) - thanks @SRowlands
• CKAN Base Images (#897) - thanks @SRowlands

Changes:

• UI has clean URLs (#960)

Bugfixes:

• UI project page now returns 404 when no project is returned (#931)
• UI stuck in infinite loop when any runtime error is thrown in production mode

Improvements:

• API no longer allows adding duplicate ssh keys (#577) - IMPORTANT for Lagoon Admins: Make sure that you run /rerun_initdb.sh within the api-db container after release. This will generate the necessary ssh fingerprints in the api databases. Also if there are already existing duplicated keys, you need to fix them (the script warns you)
• Broker (RabbitMQ Cluster) is now having a separate headless service for cluster discovery (broker-headless) and a regular service for accessing the rabbitmq directly (broker). Before it was just a headless service which caused all kind of issues of connecting to the rabbitmq. - IMPORTANT for Lagoon Admins: you should delete the broker service and statefulset in your installation before deploying this version of Lagoon, as the deployment will fail otherwise. (#984)

Documentation:

• Fix Markdown (#970) thanks @petk !
• Better Shorthand ifs in the Drupal example files (#978)

curl Take Three

Unfortunately the curl issue from #923 returns and this will solve it for good real with also downgrading libcurl.

Features:

• none

Changes:

• Downgrade libcurl to 7.61.1 38a3efa

Bugfixes:

• none

Improvements:

• none

Documentation:

• none