From 2eb6bc06925b93965536b861c7161d1349c1875b Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 5 Aug 2018 16:48:08 -0700 Subject: [PATCH 1/2] Add notes about new capability changes in new version --- daemon/configuration.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/daemon/configuration.md b/daemon/configuration.md index abf726d9..67145d65 100644 --- a/daemon/configuration.md +++ b/daemon/configuration.md @@ -103,7 +103,7 @@ Please note that all of the settings above are in the `docker.policy.network.X` | Setting Path | Default Value | Notes | | ------------ | ------------- | ----- | | `tmpfs` | `rw,exec,nosuid,size=50M` | These are the arguments used for mounting a `tmpfs` directory into containers to allow certain programs to run. | -| `log_driver` | none | The log driver to use for containers. We default to `none` to mitigate a potential DoS attack vector if a server were to spam log output. | +| `log_driver` | none | :warning: This option was **removed** in `v0.6` and is forcibly set to `json-file`. The log driver to use for containers. We default to `none` to mitigate a potential DoS attack vector if a server were to spam log output. | | `readonly_root` | true | Determines if the root filesystem of the container should be readonly. | | `securityopts` | array | An array of security options to apply to a container. The default array is provided below. | | `cap_drop` | array | An array of linux capabilities to drop from the container (in addition to ones [dropped by docker already](https://docs.docker.com/engine/security/security/#linux-kernel-capabilities). A listing of the default array is below. | @@ -118,19 +118,20 @@ Please note that all of the settings above are in the `docker.policy.container.X ``` ### Default Capabilities Drop Array + +::: warning +Starting with `v0.6` of the Daemon, the following previously _dropped_ capabilities are available in containers: `chown`, `kill`, `setgid`, and `setuid`. +::: + ``` json [ 'setpcap', 'mknod', 'audit_write', - 'chown', 'net_raw', 'dac_override', 'fowner', 'fsetid', - 'kill', - 'setgid', - 'setuid', 'net_bind_service', 'sys_chroot', 'setfcap', From c99d32bd33f78f55f0183bc46d804f79da9173f4 Mon Sep 17 00:00:00 2001 From: Dane Everitt Date: Sun, 5 Aug 2018 17:39:42 -0700 Subject: [PATCH 2/2] Docs for upgrading daemon --- daemon/upgrade/0.5_to_0.6.md | 61 ++++++++++++++++++++++++++++++++++++ daemon/upgrading.md | 1 + package.json | 2 +- yarn.lock | 6 ++-- 4 files changed, 66 insertions(+), 4 deletions(-) create mode 100644 daemon/upgrade/0.5_to_0.6.md diff --git a/daemon/upgrade/0.5_to_0.6.md b/daemon/upgrade/0.5_to_0.6.md new file mode 100644 index 00000000..298a69cc --- /dev/null +++ b/daemon/upgrade/0.5_to_0.6.md @@ -0,0 +1,61 @@ +# Upgrading 0.5.X to 0.6.0 + +[[toc]] + +::: warning Server Restart Required +Your servers will need to be restarted after upgrading the daemon in order to see the expected log output in the Panel. +::: + +## Breaking Changes +This release introduces a few breaking changes to how the Daemon operates, but maintains compatability with `v0.7.X` of +the Panel, so you don't need to worry about updating the Panel. + +Of notable change in this release is that we've switched from using custom logging functionality to using Docker logging +functionality. This allows us to better output events that happen before we can attach to the container, centralizes logic, +and allows Docker to manage the logs (which it does very well). Now, when your server refuses to boot, instead of seeing +an unhelpful "Server has crashed" message with nothing before it, you'll see _everything_ that happened in the container +leading up to that point, assuming things were output. + +## Download Files +To upgrade from v0.5.X first switch the directory where you installed your Daemon. If you followed the installation +guide your Daemon is most likely located in `/srv/daemon`. Then, download and unpack the archive using the +command below. + +::: danger +Stop your Daemon process before continuing in order to avoid any issues and ensure everything updates as expected. +::: + +``` bash +curl -L https://github.com/pterodactyl/daemon/releases/download/v0.6.0/daemon.tar.gz | tar --strip-components=1 -xzv +``` + +Then, update the core dependencies for the Daemon with the following command. + +``` bash +npm update --only=production +``` + +### Start the Daemon +Finally, start your daemon up, most likely with the command below. + +``` bash +systemctl start wings +``` + +## Rebuild Containers +Because of some changes we made behind the scenes when it comes to displaying server output you'll need to rebuild and +restart all of your servers. The rebuild step is required, the restart step is optional, but highly recommended otherwise +you will not be able to see any console output. + +Run the following commands _from the Panel server_ in order to perform a mass rebuild and restart. Replace `###` with the +ID of the node you just upgraded, or remove the `--node` flag entirely to rebuild on all nodes. + +``` bash +php artisan p:server:rebuild --node=### +``` + +Then, restart all of the servers using the following command, or by manually restarting them one at a time in the Panel. + +``` bash +php artisan p:server:restart --node=### +``` diff --git a/daemon/upgrading.md b/daemon/upgrading.md index 83c6ccc6..4c72587a 100644 --- a/daemon/upgrading.md +++ b/daemon/upgrading.md @@ -3,3 +3,4 @@ ## Version Specific Guides * [0.4.X to 0.5.X](upgrade/0.4_to_0.5.md) * [0.5.X series](upgrade/0.5.md) +* [0.5.X to 0.6.x](upgrade/0.5_to_0.6.md) diff --git a/package.json b/package.json index cf0328b3..3fcf73a7 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "dependencies": { "jquery": "^3.3.1", "slick-carousel": "^1.8.1", - "vuepress": "^0.13.0" + "vuepress": "^0.13.1" }, "scripts": { "build": "./node_modules/vuepress/bin/vuepress.js build", diff --git a/yarn.lock b/yarn.lock index 42dc4f6a..501f3cd8 100644 --- a/yarn.lock +++ b/yarn.lock @@ -6653,9 +6653,9 @@ vuepress-html-webpack-plugin@^3.2.0: toposort "^1.0.0" util.promisify "1.0.0" -vuepress@^0.13.0: - version "0.13.0" - resolved "https://registry.yarnpkg.com/vuepress/-/vuepress-0.13.0.tgz#7959feeb8c4bbd1cd96238383566182419576d5d" +vuepress@^0.13.1: + version "0.13.1" + resolved "https://registry.yarnpkg.com/vuepress/-/vuepress-0.13.1.tgz#73178d58f5b0660f7dbbdd4172b0170051eb1ea9" dependencies: "@babel/core" "7.0.0-beta.47" "@vue/babel-preset-app" "3.0.0-beta.11"