Service Updates for Liferay Cloud
The services update for 2022.49.1 is a major revision bump for ALL services to 5.x.
What's New In 5.x
The full public changelog can be found at the end of this document, but we wanted to highlight the most important changes and additions.
New Features
Backup
Prepare and Swap Restore Strategy
A new opt-in restore strategy is now available. Currently, as soon as the restore process begins, we take down Liferay and other services that depend on the database.
In the new Prepare and Swap strategy, we remove this need entirely. Instead, we restore both the database and document library backups into a fresh database instance and volume, respectively - without touching the existing services. If the restore is successful, we then switch to the new database instance and volume.
We highly recommend that all customers opt-in to this new strategy to drastically reduce the downtime and risks associated with restoring from a backup. To opt-in to this new strategy, the following environment variable needs to be set:
Name | Required | Default Value | New Option |
LCP_BACKUP_RESTORE_STRATEGY | OVERWRITE | PREPARE_AND_SWAP |
Webserver
ModSecurity (Modsec)
Our webserver service image now contains the ModSecurity v3 Library installation and the necessary connector to integrate with Nginx. ModSecurity is an application-level security layer (WAF - Web Application Firewall) responsible for protecting applications against XSS and SQL Injection attacks.
For more information regarding this feature, please see this article on Help Center.
Deprecations
Backup
Reserved Volumes
In the past, customers were allowed to freely change the names of the /opt/liferay/data volume in both the liferay and backup services via your LCP.json. However, this is no longer possible. While this change isn't strictly being introduced by the 5.x service images, we wanted to call out this important change.
Existing services with these volumes will have their names respected, but cannot be changed. As such, there is no action required for this deprecation.
New services that are deployed with these volumes will have their name automatically assigned to it with no option to override or change at a later date.
Database
Leveraging failover/read replicas for High Availability Instances has been deprecated and is now considered a Legacy. The new Regional Persistence Disk High Availability mode is faster and more reliable than on average when compared to the replica mode strategy.
Regional persistent disk provides synchronous replication of data between two zones in a region while failover replica provides semi-synchronous replication. An added benefit of persistent disks is the high-performance block storage for workload.
By deploying the 5.x database service, this migration will automatically be performed.
IMPORTANT:
The first time you deploy the 5.x database service image, there will be a period of downtime as the migration is performed.
If your database's instance had already been migrated to regional by support, then you will not see any downtime when the 5.x database service image is deployed.
DXP Cloud Stack 2022.49.1
Service Name | Previous Release | Current Release | Docker Images |
Backup |
4.3.12 |
5.0.0 |
liferaycloud/backup:5.0.0 |
CI |
4.2.6 |
5.0.0 |
liferaycloud/jenkins:2.319.3-jdk8-5.0.0 |
Database |
4.2.7 |
5.0.0 |
liferaycloud/database:5.0.0 |
Liferay |
4.3.6 |
5.0.0 |
liferaycloud/liferay-dxp:7.4-5.0.0 liferaycloud/liferay-dxp:7.2-5.0.0 liferaycloud/liferay-dxp:7.1-5.0.0 liferaycloud/liferay-dxp:7.0-5.0.0 |
Search |
4.1.6 |
5.0.0 |
liferaycloud/elasticsearch:7.17.1-5.0.0 liferaycloud/elasticsearch:6.8.23-5.0.0 liferaycloud/elasticsearch:2.4.6-5.0.0 |
Webserver |
4.1.4 |
5.0.0 |
liferaycloud/nginx:1.21.6-5.0.0 |
Update Instructions
To take advantage of the new features and fixes provided by the 5.x stack of services, you must update your entire stack to the new 5.x images.
Change Log
Service Name | Service Version | Ticket Number | Description |
Backup |
5.0.0 |
LCE-5212
|
Allow customization of upload retry parameters to Google Storage |
|
|
LCD-13755 |
Export database data through CloudSQL Admin API |
|
|
LCD-13756 |
Import database data through cloudSQL Admin API |
|
|
LCE-1014 |
Prepare restore while keeping Liferay service up |
|
|
LCE-5421 |
Backup restore strategy should be validated |
|
|
LCE-5350 |
chown error during backup service restart |
|
|
LCE-719 |
Uploaded backup does not display in dr environment |
|
|
LCE-5431 |
Logging for "swap" backup restore strategy is misleading and promises continue running after failure |
|
|
LCE-3890 |
Upgrading from old backup service can results in error trying to list files |
|
|
LCE-5841 |
Backup Creation fails for multiple requests at same schedule |
|
|
LCE-6086 |
Liferay service data folder is owned by root, preventing Liferay’s use |
|
|
LCD-21593 |
Update directory deletion logic, which is faster and much more straightforward |
|
|
LCD-22513 |
Backup service crashes and restarts when connected to external project |
|
|
LCE-5537 |
Fix vulnerability in Backup service third-party packages |
CI |
5.0.0 |
LCE-530 |
Provide ZIP utility in service image |
|
|
LCD-14735 |
Install python |
|
|
LCE-1974 |
First deployment fails when project does not contain a 'dev' environment |
|
|
LCE-5652 |
Jenkins credentials reset on restart |
|
|
LCE-888 |
CI startup process slow due to chown of the mounted volume |
LCSEC-728 | Bump blueocean plugin version | ||
LCD-22162 | Install build-essential | ||
Database |
5.0.0 |
LCE-1014 |
Prepare restore while keeping Liferay service up |
|
|
LCD-13679 |
Update the database service to use project environment SA |
|
|
LCE-5123 |
Database service showing warning message to start |
|
|
LCE-1903 |
Warn when database instance disk size is bigger than requested size |
|
|
LCE-2377 |
Setting database flag results in error |
|
|
LCE-647 |
The database server is not updating the value of an existing Mysql flag |
|
|
LCD-22470 |
Authentication errors on database service |
|
|
LCSEC-498 |
Docker image vulnerability: database > debian:9 > expat/cyrus-sasl2 |
|
|
LCSEC-470 |
Docker image vulnerability: database > 4.2.6-xxx > debian:9 > python2.7 |
|
|
LCSEC-65 |
Bump alpine 15 > 16 |
|
|
LCSEC-705 |
Update node > alpine on database-service |
|
|
LCSEC-550 |
Improve architecture to better isolate service account based resources |
Liferay |
5.0.0 |
LCE-1014 |
Prepare restore while keeping Liferay service up |
|
|
LCD-14311 |
Create mechanism to switch doclib format for a given project |
|
|
LCE-3526 |
Log Formats for TOPS-96 |
|
|
LCE-1596 |
LIFERAY_HTTP_PERIOD_HEADER_PERIOD_VERSION_PERIOD_VERBOSITY is unmodifiable |
|
|
LCE-465 |
Fix backwards compatibility and use DXP_VERSION as in build-image.sh |
|
|
LCE-3932 |
Default Metaspace for DXPC Liferay is too low |
|
|
LCE-480 |
Add JVM arg required for JDk11 |
|
|
LCE-470 |
mysqldump fails in liferay-service |
|
|
LCE-400 |
Fix query string for mariadb change |
|
|
LCSEC-698 |
Update bash>alpine on liferay-dxp |
Search |
5.0.0 |
LCSEC-471 |
Add image for Elasticsearch 7.17.1 |
Webserver |
5.0.0 |
LCD-14015 |
Pull and compile mod_sec into Nginx image |
|
|
LCE-3526 |
Log Formats for TOPS-96 |
|
|
LCE-319 |
When DNS flap, HAProxy ends with 503 on backend |
|
|
LCE-109 |
Use $http_host in default log config instead of building the prefix with environment variables |
|
|
LCD-2083 |
Api/backend is DOWN when HAProxy health check exceeds default value |
|
|
LCD-2162 |
Add 'application/javascript' mime/type to the list of valid gzip files |
|
|
LCSEC-27 |
Docker image vulnerability: debian:10 |