Skip to content

SafeScale v21.11.0
Compare
Choose a tag to compare
@vplanche-pro vplanche-pro released this 17 Feb 10:21
· 638 commits to release/v21.11 since this release
v21.11.0
f590c46

!!! Warning !!!

Format of SafeScale metadata has evolved. It's strongly advised to not use the binaries of this release with existing SafeScale resources. However, if you are adventurous, there is a metadata upgrade procedure proposed when using safescale tenant set <tenant>, that still need more testings (there are some situations where the migration may fail, leaving metadata in inconsistent state). Use at your own risk !!! It's strongly recommended to realize a metadata backup; rclone may be of good use for that.
Next revision should remove this warning with further tested migration code (hopefully v21.11.1).

What's new

  • Introducing Security Group support. Please refer to documentation for more details (Security Group resource, usage).
  • SafeScale Network abstraction evolves: where in previous releases, a SafeScale Network encapsulated a resource couple (network/VPC + subnet), now SafeScale abstracts both Network and Subnet. Previous behaviour is kept as default (creates a Network AND a Subnet with the same names), with the ability to create an empty SafeScale Network in which multiple Subnets can be created
  • Significant improvements in tolerance to temporary communication failures (loss of connection, failed DNS resolution, variable latency, etc.); when possible, retries are attempted instead of immediate failure.
  • Merged scanner binary into safescale/safescaled. Use is now safescale tenant scan <tenant name>

Security Fixes

  • in previous releases of SafeScale, private SSH key may be readable from some Cloud Provider metadata services, from Host itself only. Now, even if a private SSH key is still readable, this key is used only once for first connection to the Host and then immediately replaced by a new private SSH key.

Developer interest

  • Refactoring done to separate IaaS code from SafeScale metadata (previously intimately mixed; this consumed a lot of time actually)
  • Moved SafeScale Platform code (Cluster, Features) from safescale to safescaled
  • Added metadata versioning (idea being to be able to migrate metadata of previous releases when necessary; ie warning message below)
  • Replaced Jaro-Winkler image selection algorithm by WagnerFischer (Levenshtein Distance kind of algorithm) with pre- and post-processing
  • Replaced standard json package use with github.com/json-iterator/go
  • Refactored Object Storage Bucket mount around the use of rclone instead of s3fs

Known limitations:

  • Mount of Google Object Storage Bucket not yet implemented

Known bugs

  • CLI flags are ignored if placed after parameters (since upgrade to urfave/cli v2), ie safescale network create --cidr 192.168.1.0/24 my-network interprets --cidr correctly, while safescale network create my-network --cidr 102.168.1.0/24 will not
  • OVH: templates i1.* contain far more nvme disk than reported by the API, costing a lot more than expected if selected
  • documentation has been improved but still needs work
  • system disk sizing not always honored for all Cloud Providers
Assets 5
Loading