This is the first update to NS8 core since Beta 1 release announcement. This brief recap is written by hand because our @nethbot is still not trained for NS8!
Security alert
First of all, this update contains an important security fix. It will be fully disclosed next Monday. In the mean time, follow the instructions below.
Hide the overlayFs partition in get-node-status #406
Fix UI endless load state in retrieveNodesStatus() #411
…and other fixes and improvements!
To apply the update go to Software Center. If the update available banner is not shown, push the Reload repositories button to refresh the repository metadata cache.
To make the security fix immediately effective, the following steps are required to invalidate any existing cluster-admin (api-server) session:
Access the leader node with SSH or console
Generate a new JWT seed.
sed -i "/^SECRET=/ c SECRET=$(uuidgen)" /etc/nethserver/api-server.env
Restart api-server service
systemctl restart api-server
After restarting api-server any cluster-admin session is logged-out. Log in to the updated cluster-admin and change the administrative passwords.
Repeat steps 1-3 on worker nodes, too.
The storage format of 2FA secrets has changed. After the update is applied, 2FA needs to be enabled again by admin users. Follow instructions at Cluster management — NS8 documentation.
First of all, this release does not ship improvements to VM images. Future plans for them are to reduce the number of distro images (just one, e.g. Debian? Rocky?) and focus on platforms (VMWare, Proxmox). See also the Trello card.
In the mean time, please be patient. If the current images are not working, or are missing, try to use the alternative installation method, install.sh (see Installation — NS8 documentation).
Debian 12 support was already planned and some initial tests are progressing. To support Debian 12 we need to elevate NS8 requirements from Python 3.9 to Python 3.11.