12/08/2022 Service Update 2022.49.1

Service Updates for Liferay Cloud

The services update for 2022.49.1 is a major revision bump for ALL services to 5.x.

What's New In 5.x

The full public changelog can be found at the end of this document, but we wanted to highlight the most important changes and additions.

New Features

Backup

Prepare and Swap Restore Strategy

A new opt-in restore strategy is now available. Currently, as soon as the restore process begins, we take down Liferay and other services that depend on the database.

In the new Prepare and Swap strategy, we remove this need entirely. Instead, we restore both the database and document library backups into a fresh database instance and volume, respectively - without touching the existing services. If the restore is successful, we then switch to the new database instance and volume.

We highly recommend that all customers opt-in to this new strategy to drastically reduce the downtime and risks associated with restoring from a backup. To opt-in to this new strategy, the following environment variable needs to be set:

Name Required Default Value New Option
LCP_BACKUP_RESTORE_STRATEGY   OVERWRITE PREPARE_AND_SWAP

 

Webserver

ModSecurity (Modsec)

Our webserver service image now contains the ModSecurity v3 Library installation and the necessary connector to integrate with Nginx. ModSecurity is an application-level security layer (WAF - Web Application Firewall) responsible for protecting applications against XSS and SQL Injection attacks.

For more information regarding this feature, please see this article on Help Center.

Deprecations

Backup

Reserved Volumes

In the past, customers were allowed to freely change the names of the /opt/liferay/data volume in both the liferay and backup services via your LCP.json. However, this is no longer possible. While this change isn't strictly being introduced by the 5.x service images, we wanted to call out this important change.

Existing services with these volumes will have their names respected, but cannot be changed. As such, there is no action required for this deprecation.

New services that are deployed with these volumes will have their name automatically assigned to it with no option to override or change at a later date.

Database

Leveraging failover/read replicas for High Availability Instances has been deprecated and is now considered a Legacy. The new Regional Persistence Disk High Availability mode is faster and more reliable than on average when compared to the replica mode strategy.

Regional persistent disk provides synchronous replication of data between two zones in a region while failover replica provides semi-synchronous replication. An added benefit of persistent disks is the high-performance block storage for workload.  

By deploying the 5.x database service, this migration will automatically be performed.

IMPORTANT:

The first time you deploy the 5.x database service image, there will be a period of downtime as the migration is performed.

If your database's instance had already been migrated to regional by support, then you will not see any downtime when the 5.x database service image is deployed.

 

DXP Cloud Stack 2022.49.1

Service Name Previous Release Current Release Docker Images

Backup

4.3.12

5.0.0

liferaycloud/backup:5.0.0

CI

4.2.6

5.0.0

liferaycloud/jenkins:2.319.3-jdk8-5.0.0

Database

4.2.7

5.0.0

liferaycloud/database:5.0.0

Liferay

4.3.6

5.0.0

liferaycloud/liferay-dxp:7.4-5.0.0
liferaycloud/liferay-dxp:7.3-5.0.0

liferaycloud/liferay-dxp:7.2-5.0.0

liferaycloud/liferay-dxp:7.1-5.0.0

liferaycloud/liferay-dxp:7.0-5.0.0

Search

4.1.6

5.0.0

liferaycloud/elasticsearch:7.17.1-5.0.0

liferaycloud/elasticsearch:6.8.23-5.0.0

liferaycloud/elasticsearch:2.4.6-5.0.0

Webserver

4.1.4

5.0.0

liferaycloud/nginx:1.21.6-5.0.0

 

Update Instructions

To take advantage of the new features and fixes provided by the 5.x stack of services, you must update your entire stack to the new 5.x images.

Change Log

Service Name Service Version Ticket Number Description

Backup

5.0.0

LCE-5212

 

Allow customization of upload retry parameters to Google Storage

 

 

LCD-13755

Export database data through CloudSQL Admin API

 

 

LCD-13756

Import database data through cloudSQL Admin API

 

 

LCE-1014

Prepare restore while keeping Liferay service up

 

 

LCE-5421

Backup restore strategy should be validated

 

 

LCE-5350

chown error during backup service restart

 

 

LCE-719

Uploaded backup does not display in dr environment

 

 

LCE-5431

Logging for "swap" backup restore strategy is misleading and promises continue running after failure

 

 

LCE-3890 

Upgrading from old backup service can results in error trying to list files

 

 

LCE-5841

Backup Creation fails for multiple requests at same schedule

 

 

LCE-6086

Liferay service data folder is owned by root, preventing Liferay’s use

 

 

LCD-21593

Update directory deletion logic, which is faster and much more straightforward

 

 

LCD-22513

Backup service crashes and restarts when connected to external project

 

 

LCE-5537

Fix vulnerability in Backup service third-party packages

CI

5.0.0

LCE-530

Provide ZIP utility in service image

 

 

LCD-14735

Install python

 

 

LCE-1974

First deployment fails when project does not contain a 'dev' environment

 

 

LCE-5652

Jenkins credentials reset on restart

 

 

LCE-888

CI startup process slow due to chown of the mounted volume
    LCSEC-728 Bump blueocean plugin version
    LCD-22162 Install build-essential

Database

5.0.0

LCE-1014

Prepare restore while keeping Liferay service up

 

 

LCD-13679

Update the database service to use project environment SA

 

 

LCE-5123

Database service showing warning message to start

 

 

LCE-1903

Warn when database instance disk size is bigger than requested size

 

 

LCE-2377

Setting database flag results in error

 

 

LCE-647

The database server is not updating the value of an existing Mysql flag

 

 

LCD-22470

Authentication errors on database service

 

 

LCSEC-498

Docker image vulnerability: database > debian:9 > expat/cyrus-sasl2

 

 

LCSEC-470

Docker image vulnerability: database > 4.2.6-xxx > debian:9 > python2.7

 

 

LCSEC-65

Bump alpine 15 > 16

 

 

LCSEC-705

Update node > alpine on database-service

 

 

LCSEC-550

Improve architecture to better isolate service account based resources

Liferay

5.0.0

LCE-1014

Prepare restore while keeping Liferay service up

 

 

LCD-14311

Create mechanism to switch doclib format for a given project

 

 

LCE-3526

Log Formats for TOPS-96

 

 

LCE-1596

LIFERAY_HTTP_PERIOD_HEADER_PERIOD_VERSION_PERIOD_VERBOSITY is unmodifiable

 

 

LCE-465

Fix backwards compatibility and use DXP_VERSION as in build-image.sh

 

 

LCE-3932

Default Metaspace for DXPC Liferay is too low

 

 

LCE-480

Add JVM arg required for JDk11

 

 

LCE-470

mysqldump fails in liferay-service

 

 

LCE-400

Fix query string for mariadb change

 

 

LCSEC-698

Update bash>alpine on liferay-dxp

Search

5.0.0

LCSEC-471

Add image for Elasticsearch 7.17.1

Webserver

5.0.0

LCD-14015

Pull and compile mod_sec into Nginx image

 

 

LCE-3526

Log Formats for TOPS-96

 

 

LCE-319

When DNS flap, HAProxy ends with 503 on backend

 

 

LCE-109

Use $http_host in default log config instead of building the prefix with environment variables

 

 

LCD-2083

Api/backend is DOWN when HAProxy health check exceeds default value

 

 

LCD-2162

Add 'application/javascript' mime/type to the list of valid gzip files

 

 

LCSEC-27

Docker image vulnerability: debian:10

この記事は役に立ちましたか?
0人中0人がこの記事が役に立ったと言っています