CloudBolt Software Release Notes What’s New in CloudBolt 7.2 Blueprints Server tiers on blueprints now support a notion of “allowable OS families”. This restricts the set of OS Build choices available to users when they order the blueprints and also when blueprint admins set the OS Build on a server tier within the blueprint. This facilitates import and setup of blueprints from the content library. Custom Roles CloudBolt now allows the creation of custom roles. Visit the Admin > Roles page to create a role and decide which permissions it should have, then assign it to users from either the Users page or the Users tab of a group. CloudBolt’s out-of-the-box roles are now editable, too. You can add or remove permissions on them the way you would for custom roles. You can also restore these roles back to their default state from the Admin > Roles page at any time. The “Powerful Requestors” and “Restrict job logs to admins” miscellaneous settings have been replaced with permissions. If you had these options enabled, CloudBolt will take them into account and add the appropriate permissions during the upgrade. However, they will not be taken into account if you later revert the roles back to their default state on the Roles page. Resource Technologies Azure Resource Manager A new parameter, ‘Delete Empty ARM Resource Group’, is available for ARM environments and servers. When set to True on a server, the associated Resource Group will also be deleted if it becomes empty after deleting the server. Otherwise, the empty Resource Group will remain. For most users, this parameter can be set as a default for an entire environment. However, some use cases might have a need to set it differently on a specic blueprint or server deployment. AWS The AWS resource handler now uses the custom SSL certicates available at Admin SSL Root Certicates . If activated, the default certicates used to connect to HTTPS endpoints via the Boto library will still be used. Additional certicates can be added to supplement the list by adding them to the SSL Root Certicates page. Alternatively, SSL Certicate validation can be deactivated via that same page. The AWS rate hook now works on servers provisioned outside CloudBolt. It is also much faster than before, and no longer requires you to manually download the rate le before using it. AWS GovCloud A new resource handler has been added that can connect to AWS GovCloud (US) regions designed to host sensitive data and regulated workloads in the cloud, helping customers support their U.S. government compliance requirements. For more information, see https://aws.amazon.com/govcloud-us/. Eucalyptus A new resource handler has been added that can connect to Eucalyptus, an AWS-compatible private and hybrid cloud computing environment. For more information, see https://github.com/eucalyptus/eucalyptus/wiki. Content Library More content types can be imported from the CloudBolt Content Library. We added orchestration actions, server and service actions, rules, and recurring jobs. Go to the admin page for any of those and toggle the ‘cloud-download’ button at the top right to view and import samples hosted on the Content Library. When importing content that has already been imported, admins now have the choice to replace existing content or not. General Improvements The email sent to approvers when a new order is created will now show the URL for the portal where the order was placed. Several cross site scripting (XSS) vulnerabilities were xed. Malicious payloads on some user- supplied elds are now prevented. To prevent the database and job logs from growing too large, CloudBolt now ships with a recurring job to clean up job records older than one year. If you would like to keep jobs for a different amount of time, go to Admin Recurring jobs and edit the job to change the threshold or disable it entirely. Upgrade Notes Bulk user creation using a CSV le is no longer supported. The PKI authentication backend does not support custom roles. CloudBolt plugins for user permissions LDAP sync scripts and other CloudBolt plugins that grant permission will need to be updated to work with the new 7.2 roles. For example, the old call group.requestors.add(profile) will need to be updated to the following: from accounts.models import Role role = Role.objects.get(name='requestor') profile.add_role_for_group(role, group) See the new out-of-the-box LDAP orchestration action for more examples of how the new roles work. Rate hooks As part of improving the AWS Rate Hook for discovered servers, a new server argument is now passed to its compute_rate method. This has 2 impacts for customers: 1. If you have modied the out-of-the-box AWS Rate Hook, you will want to look at the new out- of-the-box version after upgrade and incorporate the change we’ve made into your version of the code. 2. If you have written any of your own custom rate hooks, you will need to ensure that their compute_rate method can accept a server keyword argument. The best way to do this is simply to have all your action methods accept **kwargs . What’s New in CloudBolt 7.1 Kubernetes Adds support for custom cong les, for ne-grained control of your Kubernetes resources. Custom cong les support any resource type, not just Pods. The cong les can also be templatized, similar to what is possible with actions, creating le inputs that can have default values set on the Pod Blueprint Item and/or have values entered at order time. Kubernetes resources created while provisioning a blueprint will be cleaned up when the service is deleted. General Improvements The Django web-app framework that powers CloudBolt has been upgraded to Django 1.10.6. New OS Families have been added: SUSE Linux, macOS, Amazon Linux, and Solaris. When viewing a server that has snapshots, there is a new delete icon next to each snapshot that allows the user to delete the snapshot. HTTPS requests made by CloudBolt now support the Certi library for validating SSL certicates. The default for SSL verication remains deactivated. However, it can be activated at Admin SSL Root Certicates . If activated, certicates being used to connect to any HTTPS endpoints must be trusted by this new library. More information is available at https://github.com/certi/python- certi. Additional certicates can be added to supplement the list provided by Certi by adding them to the SSL Root Certicates page. Resource Technologies VMware When importing datastores, datastores that are part of datastore clusters will no longer be excluded. Fixes bug where comma-separated datastores could not be entered. CloudBolt Forge is now the CloudBolt Content Library Some content from the CloudBolt Forge is now available for browsing and importing directly in the user interface. Initially, Server Actions, “base” actions, and UI extensions are supported. Simply browse to the admin pages for managing these objects and click on the “cloud-download” button in the top right to view and import remote content hosted on the Content Library. Support for more content types such as Blueprints and Rules will be implemented in the future. The CloudBolt Forge Git repository will be deprecated in favor of this more intuitive in-product presentation. But as always, contributions to this repository of sample content are welcome. Contact CloudBolt to share your own blueprints, actions, or UI extensions with the CloudBolt community. Upgrade Notes NIC elds on the order form will now show even if there is only one option. Past orders created with a hidden NIC may not duplicate correctly, and CIT tests based on these orders may need to be recreated. The conguration variable for MIDDLEWARE_CLASSES has changed to just MIDDLEWARE. Any references to that variable in customer_settings.py must also be changed. The get_thread_logger method that was used in some actions is being deprecated. The correct approach is to use ThreadLogger instead. If you use get_thread_logger in any of the actions you created, please change it to ThreadLogger. Use of get_thread_logger will log a deprecation warning. A set of out-of-the-box actions have been changed from get_thread_logger to ThreadLogger, so if you have edited the code of these actions you will need to incorporate the changes to the out-of-the-box version into your edited code: delete-servicenow-ci.py, create- servicenow-ci.py, puppet_ent_3.X_discover_groups.py, puppet_ent_3.X_clean_cert.py, puppet_ent_3.X_get_node_facts.py, puppet_ent_2015.3_discover_groups.py, puppet_ent_2015.3_clean_cert.py. The setting of a logger in an action should look like: from utilities.logger import ThreadLogger logger = ThreadLogger(__name__) and not: from utilities.logger import get_thread_logger logger = get_thread_logger(__name__) If you have a custom log-in template in /var/opt/cloudbolt/proserv/templates/registration/login.html, it may have an old piece of code that needs to be updated. Please ensure the form’s action attribute looks like this: action="{% url 'login' %}" and not: action="{% url 'utilities.views.login' %}" This is required by the upgrade to the latest Django framework and avoids an error on the log-in page. There was an issue where existing Google Compute subnetworks were not being found when syncing networks, causing them to be replaced. That has been xed, but existing networks will need to be re-synced after upgrading and their subnetworks will need to be re-added to the appropriate environments. What’s New in CloudBolt 7.0 Ordering To simplify the ordering process, CloudBolt’s two distinct order forms have been consolidated into one. The New Server order form has been removed, and all ordering now uses blueprints. The New Server link still exists, but it now points to a new out-of-the-box blueprint called Custom Server.