I am very happy to announce the release of the latest version of cordial
. Please see the release notes/ changelog below.
Change Log
Version v1.5.0
Released 2023/05/22
Please report issues via github or the ITRS Community Forum.
v1.5.0 - Highlights
This release brings numerous changes to the cordial
tools, especially
the geneos
utility. We have tried to improve the reliability and
usability of the utility through updated and improved documentation and
subsequent fixes and changes that arose from writing and checking that
documentation.
v1.5.0 - BREAKING CHANGES
-
pkg/logger
:-
REMOVED. This simplistic internal logging package has been
deprecated in favour of more mature solutions, such as
zerolog.
-
REMOVED. This simplistic internal logging package has been
-
tools/geneos
:-
The way SAN instances handle gateway connections has been fixed to
allow gateway represented as FDQNs or IP addresses. The old way
resulted in a mess - viper defaults to dots (‘.’) as configuration
item hierarchy delimiters and this caused issues. Most users with
SANs should not notice any change, but if you see problems please
check the san XML file and correct thegateways
section as
necessary. One way is to remove and re-set them using:geneos set san mySan -g gateway.example.com ...
Running
set
will rewrite the configuration in the new format bu
there is a chance that the previous configuration will continue to
occupy settings. You may need to manually edit the instance
configuration filesan.json
anyway. -
Like the above any variables defined for either SAN or Gateway
instances used to generate XML from templates will have not worked
in a case sensitive manner to mirror how Geneos treats variable
names. To fix this the internal format of thevariables
section
has been updated to move the variable name from the configuration
key to a separate structure as it’s own value. Code has been added
to automatically convert from the old format to the new when the
configuration file is updated however there is no fix for the
correction of variable case name being incorrect from previous
configurations. Please review and adjust as necessary. -
Support for running instances as other user accounts or under
sudo
has been deprecated. Security is hard, and the support
for these was poorly implemented. A better way should be coming in
a future release.This may mean that where users has configured netprobes to run as
different users and have previously runsudo geneos start
to let
the program do the right thing will run into issues. Please be
careful if any of your instances run as other users and do not run
thegeneos
program withsudo
. There is no additional
checking/rejection of running undersudo
or any other privilege
escalation system so this is important!
-
v1.5.0 - Other Changes
-
There has been a significant amount of refactoring and moving around
of the code-base. Most of this should not be user visible, but some
public APIs have changed. As with all major changes there may be
problems that have not been caught in testing. Please report
anything you see as either a github
issue or via the
ITRS Community Forum.There are too many changed to list them all in detail but specific
ones worth mentioning include:-
memguard
support for protected memory. Credentials (passwords, TLS keys and
so on) should now be handled as Enclaves (for plaintext or private
keys) or as LockedBuffers (for ciphertexts of sensitive data).The
config
package includes new methods
for handling configuration file data as Enclaves and LockedBuffers
to try to reduce the amount of confidential data visible in the
process.The changes are ongoing and, in addition to adding a layer of data
security tocordial
, an added benefit is the interception of
memory use errors etc. If you see errors, panic etc. please report
them as a github
issue -
A number of the previous package APIs have undergone review and
changed as needed. In particular the
config
API has been through the wringer
and if you have any code that relies on it from v1.4 or earlier
then it will require changes. There are new functions, which is to
be expected, but also some existing ones have been renamed or had
their argument signatures changed. Please review the documentation
to see what the methods and functions have become. -
Credentials support. There is both general purpose and
geneos
specific support for the local
storage of credentials. Passwords and other secrets “at rest” are
stored in Geneos AES256 format using a key file that is initial
auto-generated. To decode these passwords you must have both the
key file (which is by default only user readable) and the
credentials file. There should be support for other credentials
types, such as OAuth style client secrets and tokens, in future
releases. The username and the domain that the credentials
apply to are not encrypted, by design. This is however subject to
change in a future release.Credentials currently works with a free-text domain that matches a
destination using a “longest match wins” search, e.g. for a URL
this may be a full or partial domain name, and for Geneos
component authentication, e.g. the REST command API, the domain is
in the formgateway:NAME
. Others will be added later, probably
including TLS certificates and keys as well as SSH password and
private keys. -
Releases now include selected binaries with a semantic version
suffix. The programs incordial
use the base name of the binary
as a key to select which configuration files to load, so that
renaming the binary will result in a different set of
configuration file being used, automatically.To make life simpler, any version suffix is automatically stripped
if, and only if, it matches the one used to build the binary. This
means you can now downloadgeneos-v.1.5.0
and use it without
having to rename it (useful for initial testing of new releases).
-
-
-
Extensive documentation restructuring and rewriting. This is still
work in progress but largely complet. Built-in help text (shown
with thehelp
command or the--help
/-h
option) should now
align much more closely with real functionality and the online
documentation is now almost completely built from the same source. -
Addition of subsystems to group commands.
-
Move
aes
andtls
command sources to their subsystems. -
Add
host
andpackage
subsystems and create aliases for the
original commands, e.g.-
add host
becomeshost add
-
install
becomespackage install
- etc.
-
-
The
set user
,show user
etc. commands are now under single
config
subystem, e.g.geneos config set mykey=value
-
The
set global
and related commands have been deprecated. -
The new
package
subsystem command pulls all Geneos release
management into one place -
New
login
andlogout
commands to manage credentials. -
New
ca3
andfloating
components for Collection Agent 3 and Floating
Netprobes
-
-
- This new utility can be run as a Geneos Action or Effect to
capture one or more Dataviews and send as an email. The
configuration is extensive and the layout and contents are
completely configurable through the use of Go templates.
- This new utility can be run as a Geneos Action or Effect to
v1.5.0 - Bug Fixes
-
-
Version checking of local release archives was broken because of
overloading of a common function. This is now split and checking
should work once again. -
Most reported issues on github have been fixed.
-
v1.5.0 - To Do
-
Documentation needs more work and refinement. The built-in help for
almost all commands is now up-to-date but theinit
andtls
subsystems need to be reviewed further and completed. This should be
in a patch release soon. -
- Local storage of encrypted passwords for remote SSH access needs
documenting
- Local storage of encrypted passwords for remote SSH access needs