What's coming in 4.2
-
4.2 will add the following:
- Update apps to manifest v2.
- Fix up apps to make migration easier. Many users are migrating apps from one Cloudron to another. For example, they install and setup an app in staging.domain.com and then move it to another cloudron at prod.domain.com. In such cases, the LDAP identification/auth causes problems because users of one Cloudron are different from the other Cloudron. We are fixing the apps to use
usernameattribute consistently instead ofuid. This means that as long as usernames match, migrations will happen seamlessly. - Migrate mongodb to cluster mode. New versions of Rocket.Chat require mongodb oplog to be enabled and also to run mongodb in cluster mode.
- Rework app task. This is an internal code refactor but expected to be quite big.
- Customizable app data directory - this will allow you to mount an external disk (like a DO block storage) and make an app use that storage block. This was expected to be in 4.1 but is blocked by the app task rework.
-
Some updates:
- All apps are now updated to v2
- We have fixed app migration for all apps as well. It's not easy to migrate apps easily across cloudrons. We settled on using username LDAP attribute for all newly installed apps.
- Mongodb is now migrated to cluster mode. This was part of 4.1.7.
-
I was checking up on things at git.cloudron.io and noticed that the email features we had discussed before were moved from milestone 4.2 to 4.3 which is disappointing though I understand you guys have a lot on your plate. Out of curiosity, since this is a pretty major feature that's needed for my freelance business / my clients, I'd like to know if possible a sort of time frame of when 4.2 and 4.3 are expected to land.
Knowing the approximate time frames (like 4.3 in say 2-3 months maybe?) would be helpful so I can make changes to how I currently deliver these features for my clients. Right now I have been holding off making big changes because I knew they were coming in 4.2, but since they've now been moved out to 4.3, I'm a bit more concerned and would like to know some more data so I can make an informed decision on what I should do next.
But please don't get me wrong - you guys are doing an awesome job and I'm definitely in love with this product! Happy it exists!
This is just a major feature I had prior to my move to Cloudron which I am really missing and some clients aren't as happy as they were because of it. That's on me of course, but that was not a limitation I expected to run into. Remember, if you could even just possibly tweak the number of addresses allowed in a forward rule in order to execute, that would at least buy me some time. Right now it's an unreliable workaround because anytime the server needs to be rebooted I have to remember to go in and make that change in the appropriate Docker container again. Maybe that tweak could still go into 4.2 even if just temporary? That would at least help remove the need to do it manually every time. -
@d19dotca It can still end up for 4.2. I just removed the tag, so it's not a blocker for 4.2. 4.2 itself will be out only in a couple of weeks, so there is still time.
Implementing the forwarding is quite easy (and we already have something working). But for getting the delivery to be correct, we found that SPF is in conflict with email forwarding - http://www.luke.maurits.id.au/blog/post/spf-breaks-email-forwarding.html (is one rant). It looks the fix is to implement https://en.wikipedia.org/wiki/Sender_Rewriting_Scheme to make forwarding work. So, I am still investigating. I will keep this post updated.
-
Oh that's fantastic then, thank you @girish
Much appreciated. I just saw the milestone flag change and got concerned, thinking I may need to devise my own solution if it would be quite far into the future for that to come out. Glad to hear it won't be too long and could still make it to 4.2. -
Any ETA for when 4.2 will be released? Or is it too early to tell yet?
-
@d19dotca It's passed our e2e test now, so 4.2.0 will be out next week. It's a long weekend here, so wednesday.
-
@girish Perfect!
No worries, was a long weekend for me too in Canada. -
The initial 4.2 was pushed out yesterday. So new Cloudrons will get 4.2 already. But this will take some time to hit existing cloudrons. We also have some features/cleanups to do for 4.2 to be properly released - https://git.cloudron.io/cloudron/box/issues/647 . The unofficial change log is here - https://git.cloudron.io/cloudron/box/blob/master/CHANGES#L1652
-
@girish how do we force it? I assumed when you said it’s take a while to roll out to existing Cloudron’s I figured that’d only impact the automatic ones, but that it’d still be usable if manually requested in the Settings page using the Check for Update button, however it won’t find it when I do that. Is that intentional?
-
@d19dotca yes that is intentional, what we do is we have a white/black list of domains to which we push out updates one after another. This allows more fine grained testing from our side. You can send us an email at support@cloudron.io and we can whitelist yours if you want to test it sooner.
-
@nebulon Okay, I kind of understand that methodology but I would still like to request then that for the future, when a user manually checks for an update it's because they want to update so that should be sort of auto-whitelisted (not to mention it would save you some unnecessary support emails). I can appreciate and totally understand scattering it for automatic download types, but it should be understandable from your side too that when a user is manually tapping the Check For Update button it's because they already know there's a new update out and are ready to deploy it.
So it'd be great if that auto-whitelisted the domain. -
Hey @girish. Congrats on the release! I know it took a bunch of work.
Did this feature get pulled from the 4.2 release? I wasn't able to see it in the release notes or on the demo site. Really looking forward to this feature.
@girish said in What's coming in 4.2:
Customizable app data directory - this will allow you to mount an external disk (like a DO block storage) and make an app use that storage block
-
@tamayers @d19dotca We have made the release available but it's only in use for new installations. This allows us get some early testing before we push it to all the existing Cloudrons. We are still working on the new app configuration UI + the mailbox forwarding feature. The data directory change is also there in the 4.2 release.
-
Quick update: the mailbox forwarding landed today ! You can now creating forwarding addresses to external domains. Cloudron will do SRS and reverse SRS as required.
-
@nebulon & @girish - my Cloudron still shows 4.1.7 when I check for updates. I would definitely say this should be a feature request then that is a user manually clicks/taps the Check For Updates button, the latest build is presented. It would only generally be used when someone is aware of an update and expecting to install it. I understand the blacklist/whitelist thing but I would say it should be ignored when the button is pressed. The rollout using a blacklist/whitelist should only be done for those who don't manually use the button so it notifies them when it's ready.
-
@d19dotca we don't push out 4.2.0 yet, even when checking for updates manually, has good reasons. We have found a few regressions which will affect existing Cloudrons, for example the stats view will miss data since that release would not reconfigure collectd as required. Newly created Cloudrons are not affected here.
-
@nebulon So to confirm then... 4.2 isn't really released at all then yet. It's pretty much in a "beta" state, used for new installs but nobody with an existing install will have received it yet unless we formally request our domain be whitelisted. Is that correct? There seems to be confusion here with the way things are being worded. 17 days ago it was stated "The initial 4.2 was pushed out yesterday" but now you're saying "we don't push out 4.2.0 yet" -- this is creating a bit of confusion.
-
Yes correct, the confusion comes from the fact that we wanted to release it normally but found regressions which are blocking it for now. Sorry about the communication here.
-
It's out!
Add external LDAP server integration
This is very good. Now if only the reverse was possible too we'd have ourselves a real symphony.
-
@yusf If you don't mind a bit of a "hack-n-slash" you could open up ports 389 and 636 in iptables to access the cloudron ldap server remotely
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@murgero That sure is filthy but if also IP restricted and/or tunneled it may be okay?
-
@yusf You can restrict the port in IPTABLES as well, I don't remember if cloudron uses just IPTables or UFW but here is a rule for both that would work for routing to internal networks only:
UFW:
ufw allow from 192.168.1.0/24 to any port 389
(This allows from the 192.168.1.0 network to TCP/UDP port 389. You can change the word "any" to "tcp" to restrict it to TCP only as well.)IPTABLES:
iptables -I INPUT -p tcp -s 192.168.1.0/24 --dport 389 -j ACCEPTPlease research what cloudron uses as it's firewall (I am almost positive it is iptables).
Also note - This is an unsupported modification too.
Also also note - You can probably make an app that can proxy this connection instead, using a different port, you can proxy to the LDAP server instead. (Say port 1389 as an example). This would probably work better since LDAP clients normally allow you to configure a port to connect to anyway.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@murgero Thanks! Though very unsupported also very interesting. Thought about the proxy app approach but you know my level id of expertise: not enough.
-
@yusf Maybe it will be my weekend project this week. Build an LDAP Proxy app for Cloudron.
I'll hit you up on Matrix if I get something working.
--
https://urgero.org
~ Professional Nerd. Freelance Programmer. ~ -
@murgero I’ve been meaning to do the same.
Should be doable with something like HAProxy, but I wanted to use some better auth mechanism, so I’ve been working on this: https://git.iamthefij.com/iamthefij/dockamole
The server is essentially just an ssh server that is configured to disallow running commands and only allow port forwarding. The client can be run anywhere and it exposes the ports for you.
I’m planning to run a server on my Cloudron to forward LDAP and Graphite (hopefully), and then I can deploy a client on my other VPS. I also plan to do the same with my NAS at home so I can have my VPS access it without exposing http access to my home network.
There are many ways to do this though.
-
@iamthefij said in What's coming in 4.2:
There are many ways to do this though.
True. I was more thinking of using stunnel for this.
-
@yusf said in What's coming in 4.2:
It's out!
Nope, it's not out. I've recieved a notification of the new version on one Cloudron but I can't install it yet.
-
It is not out yet due to regressions in the app task management. We are working on this and will announce it when it is really out. Sorry for all those update available notifications which appeared to have been issued in between.
-
Alright, we have started rolling out 4.2 slowly. If someone here wants it early, ping us on the chat as always. Thanks for your patience!
-
I’ve received another notification saying
Cloudron v4.2.5 is available
but this update too is nowhere to be found.
-
@yusf Did it work out?
4.2 is now available for all
-
@girish It did update, yes.
-
I have one SSD and one HDD in my homeserver running Cloudron 4.2.6 - neither are shown in "Graphs"...
-
@necrevistonnezr Can you open a separate thread for that (since I am going to close this release thread and announce 4.2.). Can you also please provide the
df -houtput in the post. Thanks! -
Hi, I was wondering if there is already some documentation for the external LDAP support. Wanted to see if I could hook my cloudron to the ldap tree exposed from my Univention UCS.
-
I've this problem with 4.2.x now that makes the memory graph only show app memory usage from my main domain. Reproducable?
-
@yusf My memory graph is seemingly ok, I can see all 3 of my domains in it.
