Engine Yard Release Updates September 2014

The updates described are either important (where you need to take action) or of interest (you might want to know about these changes but you don't need to do anything).

Hotfix: Engine Yard Gentoo 2009 stack upgrade

September 26th, 2014

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 2009" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Updates Bash to address vulnerabilities identified in CVE-2014-6271 and CVE-2014-7169.

    Notes:

    If you have any long-lived Bash processes (for example, from cron jobs, custom Chef recipes, or existing SSH shells), you need to restart them to ensure that the server is fully protected.

    It's a little confusing the way Emerge does this; the magic part to look for is the '(deleted)', which means the binary was replaced but the process is holding the old one open still.

    Here are specific instructions to help:

    1. Run lsof | grep '(deleted)' | grep bash.
    2. If there are any lines that show /var/tmp/portage/app-shells/bash-[some-value]/image/bin/bash (deleted), then ...
    3. The second field of the output is the PID for the process using that Bash; grep for it in ps. For example: ps -elf | grep 23050.
    4. Identify the processes using Bash and restart them.

      How to restart is very dependent on your particular usage. In some cases, you may have to identify the parent process of the process running the Bash processes, or higher, in order to determine which process you need to restart.

Hotfix: Engine Yard Gentoo 12.11 stack upgrade

September 26th, 2014

Action: We recommend you test this hotfix in your staging environment as soon as possible; then, when that is validated, click the Upgrade button for your production environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the "Engine Yard Gentoo 12.11" stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Updates Bash to address vulnerabilities identified in CVE-2014-6271 and CVE-2014-7169.

    Notes:

    If you have any long-lived Bash processes (for example, from cron jobs, custom Chef recipes, or existing SSH shells), you need to restart them to ensure that the server is fully protected.

    It's a little confusing the way Emerge does this; the magic part to look for is the '(deleted)', which means the binary was replaced but the process is holding the old one open still.

    Here are specific instructions to help:

    1. Run lsof | grep '(deleted)' | grep bash.
    2. If there are any lines that show /var/tmp/portage/app-shells/bash-[some-value]/image/bin/bash (deleted), then ...
    3. The second field of the output is the PID for the process using that Bash; grep for it in ps. For example: ps -elf | grep 23050.
    4. Identify the processes using Bash and restart them.

      How to restart is very dependent on your particular usage. In some cases, you may have to identify the parent process of the process running the Bash processes, or higher, in order to determine which process you need to restart.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

Minor: Engine Yard Gentoo 12.11 stack upgrade

September 24th, 2014

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment. If you use Riak, see the note about upgrade.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Supports Amazon AWS T2 and R3 instance types. (Limited Access release.)
  • Adds PostgreSQL dynamic buffer sizing (calculate and cap) to match resources available on a given instance type.
  • Updates Riak provisioning to accommodate HVM functionality.

    Note: If you are using Riak, you need to update your stack to this release (regardless of whether you plan to use HVM or not, and regardless of instance type). Existing Riak clusters are not impacted; but you'll need the new cookbooks when you add or remove nodes.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

Minor: Engine Yard Gentoo 2009 stack upgrade

September 19th, 2014

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2009 environment. If you use fog in your code base, see the important note below.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 2009 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v2.png

It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

  • Improvements to the Engine Yard backup system to support larger files.

    Important: This update required upgrading a dependency on fog from 0.7.2 to 0.8.2, so if you have custom recipes that use fog, you need to ensure your recipes function correctly before upgrading. Test any code base use of fog in a staging environment before upgrading your production environment.

  • Instance related features:

    • Improves swap creation to ensure that instance types have an SSD-backed 8 GB EBS swap partition, rather than relying on swap files. (Note: not included in this swap change: M1 Small and C1 Medium instances.)
    • Instances now receive an SSD-backed 100 GB ephemeral EBS volume added to the /mnt partition.
    • Improves backup reliability for C3 and M3 instance types.

    Note: In order to use these instance related features, you need to replace all existing instances with new instances. And remember that:

    • For an app master, you need to add a new app slave (with new features) first, then promote it to app master.
    • For a database master, you need to add a new database replica (with new features) first, then promote it to database master.
    • You also need to replace all the slaves, replicas, and utility instances.

    See Replace Degraded Instances for more information on how to replace your instances.

Minor: Engine Yard Gentoo 12.11 stack upgrade

September 5th, 2014

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment. If you use fog in your code base, see the important note below.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

  • Updates PHP to version 5.4.32 to address CVE-2014-3597, CVE-2014-5120, CVE-2014-3587.
  • Improvements to the Engine Yard backup system to support larger files.

    Important: This update required upgrading a dependency on fog from 0.7.2 to 0.8.2, so if you have custom recipes that use fog, you need to ensure your recipes function correctly before upgrading. Test any code base use of fog in a staging environment before upgrading your production environment.

  • Instance related features:

    • Improves swap creation to ensure that instance types have an SSD-backed 8 GB EBS swap partition, rather than relying on swap files. (Note: not included in this swap change: M1 Small and C1 Medium instances.)
    • Instances now receive an SSD-backed 100 GB ephemeral EBS volume added to the /mnt partition.
    • Improves backup reliability for C3 and M3 instance types.

    Note: In order to use these instance related features, you need to replace all existing instances with new instances. And remember that:

    • For an app master, you need to add a new app slave (with new features) first, then promote it to app master.
    • For a database master, you need to add a new database replica (with new features) first, then promote it to database master.
    • You also need to replace all the slaves, replicas, and utility instances.

    See Replace Degraded Instances for more information on how to replace your instances.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.


If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

Comments

Article is closed for comments.