- We now have a BackBlaze B2 storage plugin!
Ordinals are now optional in monthly schedule specs (via the web UI), allowing front-end users to type '3' or '3rd', per their strongly-held personal preference.
tokenfield of the
vaultplugins is now marked as a password, so that autocompletion in the browser gets turned off. Otherwise, Chrome/FF keeps wanting to leak your Vault tokens to people.
The data directory and web UI root configurations are now properly validated by the SHIELD core. If they do not exist, core startup is halted. That way, you find out sooner if you've misconfigured something. Wheee.
shield importcan now properly import fixed-key backup jobs. Just what the doctor ordered for BOSH and SHIELD backup and recovery.
Errors with hourly schedules are now properly handled and give a readable error message to the front-end.
mysqlplugin can now properly restore a single database.
Some silly typos (some copy-pasta, some bad whitespace, some we-don't-know-what-we-were-thinking) have been fixed in SHIELD CLI
Build From Source
... we're still working on this one ...
Older SHIELD Releases
Credentials in task log output are now displayed as a blurred white block, revealed on hover to those with sufficiently high rights.
The task log is now closed by clicking the [X] button in the log pane instead of clicking the 'full task log' link again.
Compression of archives is now optional, on a per-target basis. If you have really big databases and don't want to bother compressing them, you can now turn that off and get done with your data protection tasks sooner!
The Tasks API now has new time boundary range parameters, for retrieving tasks based on when they started and/or stopped.
The Systems and Storage views now have the ability to toggle between a card-based layout (the default), and a table layout.
Tags in the Systems View Timeline are now only shown for non-backup tasks, and only for successfully completed tasks. In practice, this means that restore operations get tags and no one else does.
The Retention Policy API / UI / CLI is better. Namely, the API matches the documation (it's a PATCH not a PUT), and we have proper bounds checking on expiry days and policy name lengths.
- When restoring archives with the CLI, and targeting a different data system than the archive originally came from, everything works as expected.
vault.cryptfile out from under the
vault/data directory sub-directory; that sub-directory is dedicated to the Vault instance, and we shouldn't be putting other things in there.
Threshold for storage now indicates the use of units in the form field, to prevent the accidental specification of 50 bytes when you meant 50 gigabytes.
Improved results of the /v2/info and /v2/heath API endpoints to match its documented behaviour.
- Removed FQDN from /v2/info as it was populated using DNS reverse lookups that were less than useful.
Storage health correctly stated during creation of ad-hoc runs.
Scheduled jobs in timeline are not longer incorrectly as "Ad-hoc"
Admin/Sessions page no longer shows all IP Addresses as
localhostand shows the session creation time in human-readable format.
Notes for targets are now displayed on the page for a given system.
Errors encountered when unlocking the vault now notify the user.
Release version correctly displayed on header instead of
vaultplugin for backing up Safe or Vault installations. You can optionally restrict the subtree that gets backed up and restored, in case you share the Vault with others.
Global Storage Systems are available for selection during the backup configuration wizard in the web UI.
Storage systems now properly report their health to all front-end views, fixing a few fixmes along the way.
Agents can now be resynchronized, in an ad hoc fashion, via the admin backend on the web UI.
Jobs will have their 'next run' time re-calculated when their schedule is changed. Previously, the existing schedule was in force until the first run after a schedule change, at which point the new schedule kicked in. This was weird, so we changed it.
New Cloud Storage Solutions (global or tenant-based) are considered healthy until proven broken.
shield-agentnow has better logging to help troubleshoot registration problems.
Fix an egregious bug in the scheduling logic that was only considering jobs scheduled in the future to be "overdue". Since all jobs start out with a next_run of 0, this caused NO JOBS to ever be scheduled. Thankfully, 8.x is still beta.
Fix a segfault when dereferencing a nil Task during a broadcast. Now, we log that we got a nil task, to assist in tracking down why / where its occurring, rather than just crashing on panic.
shield restore-archivecommand now prints out the UUID of the task scheduled to run the restore, rather than the cryptic (and oh-so-unhelpful) string "%s!:bool=true"
shield create-job, nor
shield update-jobwill allow you to create (or modify) jobs to have invalid, unparseable schedules. This will keep the CLI from accidentally creating schedules that the web UI can't process.
When restoring through the new wizard, the web UI only shows archives for the selected target system, instead of all of the archives every made for the tenant. Turns out this was less than useful.
Fix up some edge cases where we weren't checking for the existence of a tenant in tenant-scope API calls, just the rights to that tenant -- since system users can affect all tenants, we found that we could create child objects on non-existent tenants.
bin/testdevnow runs a WebDAV service on the nginx reverse proxy (on
$PORT+1), since we can no longer use the
fsplugin for storage operations.
On MacOS, with homebrew, you'll want to reinstall nginx with WebDAV support:
brew reinstall --with-webdav nginx
shield-agentwill now propagate HTTP proxy environment variables:
no_proxy, which some plugins (i.e. s3) can make use of.
postgresplugin no longer requires a host address. If not specified, a local loopback (usually UNIX domain socket) will be attempted.
postgresplugin no longer requires a password. If not specified, no authentication credentials will be sent. This is usually paired with an empty (or missing) pg_host, to gain superuser access over loopback (given a 'trust' entry in HBA)
- Fix non-deterministic short-circuit bug in Github OAuth role assignment logic that lead to different behaviors depending on how Github returned org/team memberships.
The Github OAuth provider now properly handles Github Enterprise for API work (user lookups, org lookups, etc.)
The Github OAuth provider can now handle assignment across multiple tenants (including SYSTEM) from a single Github Org.
Shield CLI has been renamed from
shieldsimilar to previous versions.
Added Cassandra target plugin.
Fix a missing slash in the Github Authentication Provider display, in the administrative backend.
The Web UI now propagates the job name from the configuration wizard to the API, replacing 'a random name?' with something just a bit less ... random.
The v8 Web UI now properly renders target plugin forms, based on the metadata provided by the plugins themselves. Previously, only the fs plugin was working, due to the next bug we fixed.
The fs plugin was mistakenly reporting a store field, something that got missed when we removed its ability to act as a store plugin.
The swift plugin now features field metadata.
SHIELD 8.x is still beta software; not recommended for production deployment
- SHIELD now supports Fixed Key encryption for disaster recovery of backups for SHIELD itself.
s3plugin now uses pathd buckets, so it should work better with S3-workalikes that don't support DNS-style buckets.
fsplugin strips the base director from the files as they are archived, allowing archives to be portably replayed to different base directors on restore.
xtrabackupplugins are better now.
buckler importworks better now, no longer requiring a SHIELD core (via either
$SHIELD_CORE). It also now supports skipping TLS verification of the SHIELD Core.
Plugins now accept boolish strings and numbers in place of actual booleans.
Handle symlinks in the
The S3 plugin now properly sets a multipart upload chunk size of 5 MEGABYTES, not 5 GIGABYTES, so we don't OOM on VMs. Oops.
The WebUI can now display OAuth provider configuration (again).
buckler create-policynow properly validates the expiry value as a number.
SHIELD Core no longer leaks file descriptors when talking to the sealed Vaults.
SHIELD 8.x is still beta software; not recommended for production deployment
azureplugin now features a
path_prefixsetting to allow sharing of a single Azure Blobstore container amongst several jobs and/or SHIELDs.
fsplugin no longer relies on the
bsdtarexecutable to function; instead, all tarball creation / extraction is handled directly by the plugin code, making it easier to deploy.
purgetasks that are scheduled in the slow loop are now skipped if the Vault is sealed. This keeps the task list from growing with lots of tasks that will not be scheduled until later. For
purgetasks this wasn't a huge deal, but for
test-storeit meant that cloud storage would get slammed with test after test after test after test as soon as the SHIELD was unlocked.
fsplugin no longer functions as a store plugin. This configuration was deemed to dangerous in the wild, given the locality constraints. If you need local-ish filesystem-backed storage, check out the
WebSocket broadcast receivers are only registered after a successful upgrade from plain HTTP to WebSockets, to avoid stalling out the core on badly-behaved clients.
The CLI now honors
-keverywhere it appears.
It is now possible to update a target / store that was created without any configuration (no
CLI update-* commands now properly display the updated object attributes, instead of an empty report.
create-auth-tokenCLI command now honors
SHIELD v8 is a marked improvement over previous version of SHIELD.
Multi-Tenancy - SHIELD now supports the notion of tenants, which allow site operators to group their users logically, and sequester teams from one another. Each tenant has its own set of jobs, tasks, archives, etc., and members of one tenant cannot interact with the resources of another. Users can be assigned to multiple tenants, concurrently.
Archive Encryption - SHIELD now leverages AES-256 encryption when storing backup archives in cloud storage, making sure that your data is secure, even at-rest.
Agent Registration - SHIELD Agents now register with the SHIELD Core, and provide metadata to assist operators in the configuration of backup targets, and cloud storage systems.
Improved Web UI - SHIELD's web-based user interface got a massive overhaul in this release, with a concerted focus on efficiency and ease-of-use for operators, and their immediate concerns.
New CLI - The SHIELD CLI has been rewritten from the ground-up to interface more cleanly with the SHIELD v8 API. It handles plugin configuration more naturally, without forcing you to write proper JSON. Yay. It also supports a new
importfunction that makes it easy to ensure that your target and storage systems, jobs, retention policies, etc. are always correct.
Improved Scheduling - Backup Jobs can now be run every X hours, much to the delight of SHIELD users everywhere.