Engine Yard Release Notes - May 2015

The updates described are either important (where you need to take action) or of interest (you might want to know about these changes but you don't need to do anything).

Engine Yard Stack Release Notes for May 28th, 2015

Minor: Engine Yard Gentoo 12.11 stack upgrade

Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates.

  • Unicorn worker pool now has correct number of workers on first boot (running apply again solves this problem prior to this fix). 
  • Resolves issue with backups not working for new Frankfurt region.
  • Adds support for the MySQL event scheduler when performing snapshots.

Important: This release contains newer versions of the gems fog (1.30.0) and chef (10.34.6).  While these are isolated from your app, they are used when running custom chef.  If you have any custom chef recipes, please verify they work in staging before running in your production environment.

For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

Engine Yard Stack Release Notes for May 21st, 2015

Minor: Engine Yard Gentoo 12.11 stack upgrade

Action: We highly recommend you apply the following changes by clicking the Upgrade button for your Engine Yard Gentoo 2012.11 environment, then follow the instructions below to complete the process.

Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

stack_stable-v4.png

It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates.

This release installs a glibc version that has been patched against multiple security vulnerability (CVE-2012-3404, CVE-2012-3405, CVE-2012-3406, CVE-2012-3480, CVE-2012-4412, CVE-2012-4424, CVE-2012-6656, CVE-2013-0242, CVE-2013-1914, CVE-2013-2207, CVE-2013-4237, CVE-2013-4332, CVE-2013-4458, CVE-2013-4788, CVE-2014-4043, CVE-2015-0235).  However, upgrading will not purge the vulnerability from your environment(s). Once the upgrade process is complete, perform one of the following (listed in recommended preference order):

  • Simple, quick, with some downtime:
    Terminate and rebuild the environment using the most recent snapshot to fully purge the vulnerable software from all involved instances.
  • Maximized uptime:
  1. Cycle Application slave and utility instances (add new instance, then remove the older one, for each existing instance)
  2. Promote one Application slave to master
  3. Remove all existing DB slaves, making note of any names
  4. Add new DB slave, and wait for it to catch up to master
  5. Promote DB slave to master (this is the only step that results in downtime)
  6. Add back in DB slaves, using the previous names if applicable

NOTE: This requires a cluster setup -- those using single server setup will need to use one of the other methods.

  • Where speed is the most important:
    Disable takeover functionality, then manually reboot all instances simultaneously within the environment. 
  1. Schedule a time where a short duration of downtime can be tolerated
  2. Edit environment and change the Takeover Preference to Disabled
  3. Save the environment change, then click Apply.
  4. Wait for Apply to complete.
  5. Log into each instance and reboot simultaneously: sudo shutdown -r now
  6. Wait for the instances to reboot and confirm your app is working
  7. If there are any issues after the reboot, click apply and re-deploy your app
  8. Open a support ticket if you need further assistance
  9. Finally, edit the environment to restore your Takeover Preference to its previous value, save, then click Apply.
  • If absolute minimum downtime required and you're fully comfortable with linux process management:
    Manually kill and restart selective processes running the old software by checking for them using:
    lsof | grep DEL.*lib.*\.so | awk '{print $2, $1}' | sort -un
  • We understand these options are delicate to your operations. If you have questions, issues, or are not comfortable performing the above steps then please let us know via a support request. Our Application Support engineers are available to assist however possible.

    For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

    Engine Yard Stack Release Notes for May 14th, 2015

    Minor: Engine Yard Gentoo 2009 stack upgrade

    Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2009 environment.

    Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 2009 stack. You can access it by using the Stack select field in the Environment UI:

    stack_stable-v2.png

    It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

    • Removes logging of sensitive data to chef log.
    • Fixed minor issue on sysctlrecipe: tcp_synack_retries changed from 5 to 3

    For more information on Engine Yard Gentoo 2009, see the Engine Yard Gentoo 2009 docs.


    Minor: Engine Yard Gentoo 12.11 stack upgrade

    Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment.

    Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

    stack_stable-v4.png

    It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

    • Removes logging of sensitive data to chef log.
    • Fixed minor issue on sysctlrecipe: tcp_synack_retries changed from 5 to 3
    • Rebooted instances now correctly run custom cookbook recipes.

    For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.

     

    Engine Yard Stack Release Notes for May 5th, 2015

    Minor: Engine Yard Gentoo 2009 stack upgrade

    Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 2009 environment.

    Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 2009 stack. You can access it by using the Stack select field in the Environment UI:

    stack_stable-v2.png

    It's best practice to upgrade your Engine Yard Gentoo 2009 (stable-v2) stack regularly for the latest security and product updates. This week's updates:

    • Updates New Relic system monitor and php daemon to run with https for improved security.

    For more information on Engine Yard Gentoo 2009, see the Engine Yard Gentoo 2009 docs.


    Minor: Engine Yard Gentoo 12.11 stack upgrade

    Action: You apply the following changes the next time you click the Upgrade button for your Engine Yard Gentoo 12.11 environment.

    Note: For clarity, since we now have 2 Gentoo stacks, we refer to this stack as the Engine Yard Gentoo 12.11 stack. You can access it by using the Stack select field in the Environment UI:

    stack_stable-v4.png

    It's best practice to upgrade your Engine Yard Gentoo 12.11 (stable-v4) stack regularly for the latest security and product updates. This week's updates:

    • Adds node.js version 0.10.38
    • Updates New Relic system monitor and php daemon to run with https for improved security.
    • Updates Ruby 2.x series against vulnerabilities specified in CVE-2015-1855

      Note: Due to how Ruby changed their versioning semantics from Ruby 2.1.0 on, the Ruby Runtime will now only specify two significant numeric values (i.e.: Ruby 2.1, Ruby 2.2), and you will be kept up to date with the latest release in those series. Those on Ruby 2.1.2, 2.1.3 and 2.1.5 will be automatically updated to Ruby 2.1.6. Similarly for those on Ruby 2.2.0 and 2.2.1, you will be upgraded to Ruby 2.2.2. If you need to stay at a specific version, please contact support.

    • Updates PHP version to 5.4.40 to address CVE-2015-0273, CVE-2015-2301, CVE-2015-2783, CVE-2015-3329 and CVE-2015-1352

    For more information on Engine Yard Gentoo 12.11, see the Engine Yard Gentoo 12.11 docs.


    If you have feedback or questions about this page, add a comment below. If you need help, submit a ticket with Engine Yard Support.

    Comments

    Article is closed for comments.