Ops One AG platform status and maintenance announcements. Times are indicated in local Swiss time. https://opsone.ch/.
All systems are operational
Scheduled Maintenance
Sentry 24.4.2

We will update Sentry to version 24.4.2.

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Cluster Maintenance

We will update soft- and firmware throughout our cluster. During the update, a higher disk i/o latency is to be expected.

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Debian Updates: Managed Server 7

We will update the following packages to the latest version.

  • docker-ce/buster 5:26.1.1-1~debian.10~buster amd64 [upgradable from: 5:26.1.0-1~debian.10~buster]
  • docker-ce-cli/buster 5:26.1.1-1~debian.10~buster amd64 [upgradable from: 5:26.1.0-1~debian.10~buster]
  • docker-ce-rootless-extras/buster 5:26.1.1-1~debian.10~buster amd64 [upgradable from: 5:26.1.0-1~debian.10~buster]
  • docker-compose-plugin/buster 2.27.0-1~debian.10~buster amd64 [upgradable from: 2.26.1-1~debian.10~buster]
  • blackfire/any 2:2.27.0 amd64 [upgradable from: 2:2.26.4]

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Debian Updates: Managed Server 8

We will update the following packages to the latest version.

  • docker-ce/buster 5:26.1.1-1~debian.10~buster amd64 [upgradable from: 5:26.1.0-1~debian.10~buster]
  • docker-ce-cli/buster 5:26.1.1-1~debian.10~buster amd64 [upgradable from: 5:26.1.0-1~debian.10~buster]
  • docker-ce-rootless-extras/buster 5:26.1.1-1~debian.10~buster amd64 [upgradable from: 5:26.1.0-1~debian.10~buster]
  • docker-compose-plugin/buster 2.27.0-1~debian.10~buster amd64 [upgradable from: 2.26.1-1~debian.10~buster]
  • blackfire/any 2:2.27.0 amd64 [upgradable from: 2:2.26.4]

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Debian Updates: Managed Server 9

We will update the following packages to the latest version.

  • docker-ce-cli/bullseye 5:26.1.1-1~debian.11~bullseye amd64 [upgradable from: 5:26.1.0-1~debian.11~bullseye]
  • docker-ce-rootless-extras/bullseye 5:26.1.1-1~debian.11~bullseye amd64 [upgradable from: 5:26.1.0-1~debian.11~bullseye]
  • docker-ce/bullseye 5:26.1.1-1~debian.11~bullseye amd64 [upgradable from: 5:26.1.0-1~debian.11~bullseye]
  • docker-compose-plugin/bullseye 2.27.0-1~debian.11~bullseye amd64 [upgradable from: 2.26.1-1~debian.11~bullseye]

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Elasticsearch 7.17.21

We will update Elasticsearch to version 7.17.21.

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Elasticsearch 8.13.3

We will update Elasticsearch to version 8.13.3.

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Kibana 8.13.3

We will update Kibana to version 8.13.3.

Start maintenance window: 06/05/2024 23:00
Stop maintenance window: 07/05/2024 02:00

Past Incidents

Friday 7th September 2018

No incidents reported

Thursday 6th September 2018

No incidents reported

Wednesday 5th September 2018

No incidents reported

Tuesday 4th September 2018

Managed Server Version 5: Add global nginx configuration options

We introduced options to define global nginx configurations on server and http level. See the documentation for details.

Closes #385

Monday 3rd September 2018

Nextcloud v13.0.6, scheduled 5 years ago

We have updated Nextcloud to the latest version.

Managed Server Version 5: mariadb, scheduled 5 years ago

Several issues have been discovered in the MariaDB database server. The vulnerabilities are addressed by upgrading MariaDB to the new upstream version 10.0.36. Please see the MariaDB 10.0 Release Notes for further details: https://mariadb.com/kb/en/mariadb/mariadb-10036-release-notes/

We have updated mariadb to the latest version.

  • mariadb-client/oldstable 10.0.36-0+deb8u1 all [upgradable from: 10.0.35-0+deb8u1]
  • mariadb-client-10.0/oldstable 10.0.36-0+deb8u1 amd64 [upgradable from: 10.0.35-0+deb8u1]
  • mariadb-client-core-10.0/oldstable 10.0.36-0+deb8u1 amd64 [upgradable from: 10.0.35-0+deb8u1]
  • mariadb-common/oldstable 10.0.36-0+deb8u1 all [upgradable from: 10.0.35-0+deb8u1]
  • mariadb-server/oldstable 10.0.36-0+deb8u1 all [upgradable from: 10.0.35-0+deb8u1]
  • mariadb-server-10.0/oldstable 10.0.36-0+deb8u1 amd64 [upgradable from: 10.0.35-0+deb8u1]
  • mariadb-server-core-10.0/oldstable 10.0.36-0+deb8u1 amd64 [upgradable from: 10.0.35-0+deb8u1]
Managed Server Version 5: tomcat8 update, scheduled 5 years ago

Two security issues have been discovered in the Tomcat servlet and JSP engine. [DLA 1491-1]

We have updated tomcat8 to the latest version.

  • libtomcat8-java/oldstable 8.0.14-1+deb8u13 all [upgradable from: 8.0.14-1+deb8u12]
  • tomcat8/oldstable 8.0.14-1+deb8u13 all [upgradable from: 8.0.14-1+deb8u12]
  • tomcat8-admin/oldstable 8.0.14-1+deb8u13 all [upgradable from: 8.0.14-1+deb8u12]
  • tomcat8-common/oldstable 8.0.14-1+deb8u13 all [upgradable from: 8.0.14-1+deb8u12]
Matomo 3.6.0, scheduled 5 years ago

We have updated Matomo to the latest version.

Managed Server Version 5: php5 update, scheduled 5 years ago

Two vulnerabilities have been discovered in php5 [DLA 1490-1]

We have updated php5 to the latest version.

  • php5-cli/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
  • php5-common/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
  • php5-curl/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
  • php5-fpm/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
  • php5-gd/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
  • php5-imap/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
  • php5-mysql/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
  • php5-readline/oldstable 5.6.37+dfsg-0+deb8u1 amd64 [upgradable from: 5.6.36+dfsg-0+deb8u1]
New Cockpit Version: New website types and a more clarified monthly invoice

Features

  • Added new website types for generation 6 Servers
  • Display IPv6 address in the servers network interfaces tab
  • Remove ssh key from all servers and websites of a customer when user is removed from that customer
  • Display Balance on the monthly invoice

Bugs

  • ID's in HTML can not start with a number
  • Different structure of the network interfaces for hiera
  • Forbid test as website name
  • Better parsing of EPP messages
Managed Server Version 5: move global security settings into dedicated configuration file

To deny access to certain private files and directories like .git, we used some custom locations defined on each website. Those locations where defined directly within the vhost configuration, but after the custom configuration include to allow overrides for certain setups.

Due to the predefined nginx location block selection order, it is possible to override our security locations by mistake, especially when defining a own location for everything (like location ~* ^/), which will disable processing of any following regex locations used in our security configuration.

To avoid misconfigurations leading to open access to private files, we took the following precautions:

  • security locations moved into their own file /etc/nginx/custom/security.conf, which can be included in custom locations as well
  • warning to the corresponding documentation
  • automatic check to find custom locations without included security configuration
  • automatic check to scan for secret files over HTTP

Please include the new security configuration within affected locations like described within our updated documentation. Additionally, we will contact all customer with affected configurations over the next few days.

Closes #386

Sunday 2nd September 2018

No incidents reported

Saturday 1st September 2018

No incidents reported