Notakey Authentication Appliance
v5.0.82 (2023-02-27)
- Add :rp.access_log" option to enable RP service access log in traefik container log. Configure with
ntk cfg set :rp.access_log on|off
.
v5.0.81 (2022-09-13)
- Cleanup output for commands in debug mode
v5.0.80 (2022-07-13)
- Fix regression when cluster cannot be joined during initial setup wizard
- Fix configuration migration issue when no cluster service is started on node
v5.0.79 (2022-07-11)
- Documentation update
- Fix for cron service frequent job
- Fix regression with static certificates in wizard
v5.0.75 (2022-04-26)
New Features
- Deprecate legacy RancherOS system-docker cron integration
- Introduce automatic system updates (enable with
ntk cfg set cli.auto_update 1
) - Backup restore graceful exit on format error
- CLI script reinstall feature
- Fix unused image cleanup to free disk space
- Add support for automatic backups of config and data (enable with
ntk cfg set cli.auto_backup 1
) - Fix local configuration access when running commands in cli-server service
Known Limitations
- If using automatic updates, CLI server service will not automatically restart after update, this has to be done manually by running
ntk cli restart
.
v5.0.62 (2022-03-23)
- Add params option to plugin specification
v5.0.60 (2022-02-01)
- Add device OS version to NtkAS device report
v5.0.59 (2022-01-04)
- Store updated service original image reference
- Remove htop image dependency
- Documentation fixes
- Fix initial install failure
- Fix intermittent cluster write failure during wizard
v5.0.54 (2021-12-13)
- Automatic integration tests before release publishing
- New CI build system integration
- Fix REDIS cli command
- Allow to use cluster config value for REDIS secret
- New bundled cron service as docker container
- Install wizard improvements
- Bootstrap package update
- Improved installation on host OS
v5.0.47 (2021-11-26)
- Automatic integration tests before release publishing
- New CI build system integration
- Fix REDIS cli command
- Allow to use cluster config value for REDIS secret
- New bundled cron service as docker container
v5.0.43 (2021-11-12)
- New CI build system integration
v5.0.28 (2021-10-28)
- Connection limit fix for consul
- Add optional password protection support for Redis
- Update procedure improvements
v5.0.26 (2021-09-10)
- Update procedure improvements
- Remove “ntk cli update” and “ntk cli check” commands
- Prepare for automatic version change related configuration updates
v5.0.25 (2021-07-01)
- Support for installation on Ubuntu 20.04 LTS
- Automatic update availabilty check and administration user notification
v5.0.24 (2021-06-01)
- Support for cluster datastore snapshots
- Configuration consistency fix for cluster leave / join commands
- Verify cluster state before updating plugins with “ntk sys update”
- Fix regression in “ntk wizard”
v5.0.23 (2021-05-27)
- Fix for ROS 1.1.0 integration
- NtkAS session encryption key now resides only in cluster config storage
v5.0.22 (2021-04-14)
- Builtin reverse proxy certificate provisioning improvements
- Fix “ntk sys supreq” on some appliance versions
v5.0.21 (2021-04-12)
- Fixed ntk rp status command
v5.0.20 (2021-04-09)
- Fixed regression with static certificates on non-management port
v5.0.19 (2021-03-05)
- Bugfixes for use cases with static certificates for alternate FQDNs
- Shared cluster directory sync issue fixes
v5.0.18 (2021-02-24)
- Fix regression that broke “ntk wizard”
v5.0.17 (2021-02-23)
- Improvments for backup load and save commands
- Added support for plugins, see plugin-support for details
- Change local namespace for downloaded container images
- Support for NtkAS 3.1, server now runs in single container
- Changes in respect to external load balancer users, management service is no longer available on port 6000 (use :nas.dual_instance_mode to keep old behaviour)
v5.0.16 (2020-12-02)
- Fixed bug with external outbound proxy configuration
v5.0.15 (2020-11-27)
- NtkAS and NtkSSO healthcheck improvements
- Fixed
ntk as status
command - Fixed bug in
ntk sys cleanup
- Enable cron automatically during install
docker ps
now will not report health status, usentk [service] status
command- Encryption support for support request log archives made with
ntk sys supreq
v5.0.14 (2020-11-09)
- Added support for REDIS server configuration for NtkAS service
v5.0.13 (2020-10-27)
- Fixed issue with custom user password change
v5.0.12 (2020-10-22)
- Fixed bug related to backup restore failure when NTP servers are defined
v5.0.11 (2020-09-03)
- Added healthcheck from reverse proxy side towards NtkAS to avoid http 404 in case of backend failures
v5.0.10 (2020-07-01)
- Timezone change bugfix
- Support for NtkAS 2.23.x
v5.0.9 (2020-06-08)
- Added syslog option support for VRRP service.
v4.2.40 (2020-06-08)
- Added syslog option support for VRRP service.
v5.0.8 (2020-05-27)
- Add :nas.caching and :nas.cache_ttl to control cache options for NtkAS service
v4.2.39 (2020-05-27)
- Add :nas.caching and :nas.cache_ttl to control cache options for NtkAS service
v5.0.7 (2020-05-19)
- Zabbix agent related updates
v5.0.6 (2020-05-07)
- Updates related to SSO release 3.0.0
- Reliability fix for SSO cron task execution (metadata refresh and session cleanup)
- Persistent volume for local metadata cache is now persisted between restarts
v5.0.5 (2020-05-06)
- Add option to define additional FQDNs for ACME client for custom services
v5.0.3 (2020-04-20)
- Added RancherOS installer
- Improved configuration wizard
- Backup load and save commands now support persisting service state and partial import
- Migrate to new config schema
To manually migrate schema issue the following commands:
(
ntk cfg migrate notakey.proxy ap 2> /dev/null
ntk cfg migrate mgmt_port nas.mgmt_port 2> /dev/null
ntk cfg migrate host nas.host 2> /dev/null
ntk cfg migrate host :nas.host 2> /dev/null
ntk cfg migrate :host :nas.host 2> /dev/null
ntk cfg migrate env nas.env 2> /dev/null
ntk cfg migrate secret_key_base nas.secret_key_base 2> /dev/null
ntk cfg migrate image nas.image 2> /dev/null
ntk cfg migrate consulimg cluster.image 2> /dev/null
ntk cfg migrate proxyimg rp.image 2> /dev/null
ntk cfg migrate htopimg htop.image 2> /dev/null
ntk cfg migrate keepalivedimg vrrp.image 2> /dev/null
)
v4.2.38 (2020-03-25)
- Migrate to new config schema
To manually migrate schema issue the following commands:
(
ntk cfg migrate notakey.proxy ap 2> /dev/null
ntk cfg migrate mgmt_port nas.mgmt_port 2> /dev/null
ntk cfg migrate host nas.host 2> /dev/null
ntk cfg migrate host :nas.host 2> /dev/null
ntk cfg migrate :host :nas.host 2> /dev/null
ntk cfg migrate env nas.env 2> /dev/null
ntk cfg migrate secret_key_base nas.secret_key_base 2> /dev/null
ntk cfg migrate image nas.image 2> /dev/null
ntk cfg migrate consulimg cluster.image 2> /dev/null
ntk cfg migrate proxyimg rp.image 2> /dev/null
ntk cfg migrate htopimg htop.image 2> /dev/null
ntk cfg migrate keepalivedimg vrrp.image 2> /dev/null
)
v4.2.37 (2020-03-23)
- Fixed edge cases with SSO asset sync
v4.2.36 (2020-03-12)
- Add SSO file syncing over nodes in cluster group
- Add SSO session flush command
v4.2.35 (2020-02-07)
- Update ntk as report to add licence information
- Fix bug in cron task manager
- Increase timeout limits for cron tasks
- Fix NAS CLI bootstraping
- Add ntk cron status command
- Documentation updates
v4.2.34 (2020-02-06)
- Update ntk as report to add licence information
- Force SSL for cookies on dashboard
- Fix bug in cron task manager
- Increase timeout limits for cron tasks
- Fix NAS CLI bootstraping
- Add ntk cron status command
- Documentation updates
v4.2.33 (2020-02-06)
- Update ntk as report to add licence information
- Force SSL for cookies on dashboard
- Fix bug in cron task manager
- Increase timeout limits for cron tasks
- Fix NAS CLI bootstraping
- Add ntk cron status command
- Documentation updates
v4.2.32 (2019-10-22)
- Zabbix agent support
- Custom params for all services
- Support for advanced private repository authentication schemas
v4.2.31 (2019-09-23)
- Fixes for admin access recovery from shell
- 2FA can now be disabled from CLI
- NAS initial setup from CLI
v4.2.30 (2019-08-16)
- Fix issues with “ntk sys cleanup”
- Add NAS config option “:nas.external_proxy on/off” for external proxy server support (e.g. external load balacer)
- Add SSO config option “:sso.external_proxy on/off” for external proxy server support (e.g. external load balacer)
- Latest NAS image support
v4.2.29 (2019-08-05)
- Disk resizing utility to increase available storage allocation.
v4.2.28 (2019-07-10)
- Update procedure improvements. Cluster and cli component updates now are exclusive as they can affect other update processes.
v4.2.27 (2019-07-08)
- Support for SSO custom modules. Now you can have custom templates and authentication sources built as docker images loded into SSO service and easily maintain future compatibility.
v4.2.26 (2019-06-25)
- Support for update info bulletins when running “ntk sys update” from individual services and products
v4.2.25 (2019-06-19)
- Fixed bug introduced in NAA 4.2.24 when VRRP service cannot be started
- Added support for informational bulletins when updating NAA with “ntk sys update”
v4.2.24 (2019-06-05)
- Fixed bug that breaks backend discovery if using static certificate with non-wildcard subject or SAN. Bug was introduced in 4.2.16.
v4.2.23 (2019-06-01)
- Improved VRRP configuration CLI
- Multiple VRRP instances can be defined
- VRRP can now track individual services and bind them to resources (IP addresses)
v4.2.22 (2019-05-21)
- Added reports for enabled services, users and devices
- Initial wizard now supports joining existing cluster
- Bootstraping NAS from CLI for strict security environments
- Recovery of root admin user
v4.2.21 (2019-04-26)
- Password change bugfix
v4.2.20 (2019-04-03)
- Cron job run bugfix
- Status detection bugfixes
v4.2.19 (2019-03-27)
- Scope management support for API clients
v4.2.18 (2019-03-25)
- Add reindex command
- Add free disk command
- Reverse proxy SSL improvements
v4.2.17 (2019-03-14)
- Fix NAS auth command
- Cron enable / disable fixes
v4.2.16 (2019-03-11)
- 3ef7c59 Add logging option for NAS
- bf18165 Add :nas.phone_country_code setting for NAS
- 70a5531 Add config management instruction
- 10be661 Merge branch ‘master’ of https://gitlab.com/notakey/cfg
- ad5fbe3 Enable special character usage in password
- 1e2fe0a Allow $ and ! to be used in ntkadmin password
- 1161315 Add rp and cluster restart after update
v4.2.15 (2019-01-28)
- Support for ACME TLS SSL provisioning
- Configuration manipulation bugfix
v4.2.14 (2018-11-21)
- Introduce AUTH_DOMAIN env to provision SSD domain
- Add sso.healthcheck config option support
- Bugfixes
v4.2.13 (2018-10-31)
- Fix ntk cluster health printout
- Messenger URL bugfix
- Add documentation for nas.ks.pubkey_ttl config
- Add nas.ks.pubkey_ttl config option, externalize ENV passed to NAS
- Fix netsted useless startup validations
- Add vrrp validate command
- Do not print validation skip message
- Add appliance mode deplyment variable to NAS
- Bugfix
- Add notakey:logrotate:accesstoken rake task to cron
- Performance improvement
- Fix bug
- Promt fix on hostname change
- Error message clarifications
- Add configurable support for ACCESS_TOKEN_TTL in NAS
v4.2.12 (2018-10-24)
- NAS API auth client management
- Config management improvements
v4.2.11 (2018-10-18)
- SSO configuration improvemnets
- Support for cluster wide configuraions
- Faster load times during service restarts
- Bugfixes
v4.2.10 (2018-09-10)
- Better integration with SSO and reverse proxy
- Status reporting consistent across AS, RP, SSO and VRRP command trees
- Internal rewrite of core functions
v4.2.9 (2018-08-01)
- Fix for ACME client
- NAS control function improvements
- VRRP control function improvements
- Support for generic socket monitoring in VRRP
- Bugfixes
v4.2.8 (2018-06-26)
- Support for HTTP-01 ACME domain validation
- Remove legacy ACME TLS-01 entrypoint
- Add support for nas.healthcheck = on|off
- ntk sys cleanup bugfix
- Fix password change verbosity
v4.2.7 (2017-11-09)
New Features
- Improved backup restore functionality
- Simplified cluster join when adding members to existing cluster
- Support for latest consul datastore and RAFT v3 protocol
- Simplified cluster management commands
- Support for multiple upstream RADIUS servers
- Support for authentication proxy standalone deployment scenario
- Bundled latest SSO version with appliance
- Support for SAN certificates
- Support for docker version change
- Recovery from inaccesible console in case of invalid configuration
Bugfixes
- Check for running consul before backup
- Fix backup restore if DHCP is used
- Fix SSL certificate for management dashboard, if non-standard port is used
v4.2.6 (2017-11-07)
New Features
- General test improvements
Bugfixes
- Check for running consul before backup
- Fix backup restore if DHCP is used
v4.2.5 (2017-11-03)
New Features
- Docker 17.06.1 enabled by default
- Latest Notakey NAS and complementary image versions
- Improved backup management
- Security updates to OS images
- All images tagged in repo.notakey.com namespace
- Simplified cluster setup and management
v4.2.3 (2017-08-21)
New Features
- Docker engine version management
- Fixed reboot and shutdown
- SAN certificate support
Known Limitations
- Nodes with version NAA 4.0.0 cannot coexist with 4.1.0 in singe cluster, all nodes have to be upgraded
- Proxy setup cannot be used with ACME certificates
- Static certificates have to be used for management dashboard
v4.2.2 (2017-08-08)
New Features
- Built-in SSO functionality
Known Limitations
- Nodes with version NAA 4.0.0 cannot coexist with 4.1.0 in singe cluster, all nodes have to be upgraded
- Proxy setup cannot be used with ACME certificates
- Static certificates have to be used for management dashboard
v4.1.3 (2017-07-10)
New Features
- Cisco specific RADIUS message support configurable
Known Limitations
- Nodes with version NAA 4.0.0 cannot coexist with 4.1.0 in singe cluster, all nodes have to be upgraded
- Proxy setup cannot be used with ACME certificates
- Static certificates have to be used for management dashboard
v4.1.0 (2017-06-22)
New Features
- Automated attended package update support
- Private package repository support for update
- Timezone configuration support for all applications
- Support for AuthProxy 1.0.2, message text and TTL configuration
- NTP server configuration
- Network diagnostic utilities
- System performance monitoring tool
- Firewall config validation on application startup
- Support request automated diagnostic log package creation
- Improved various terminal type support
- Updated database engine
- Updated reverse proxy version
- Improved resilency due to more thorough application state checks in VRRP
Known Limitations
- Nodes with version NAA 4.0.0 cannot coexist with 4.1.0 in singe cluster, all nodes have to be upgraded
- Proxy setup cannot be used with ACME certificates
- Static certificates have to be used for management dashboard
v4.0.0 (2017-06-02)
New Features
- Setup possible without working DNS hostname
- Proxy server configuration for outbound connections
- Support for management dashboard deployment on custom port for limited access
- HTTP SSL certificate sync between cluster nodes
- VRRP group and preempt configuration
- Improved vmware integration
- Persistent storage for user files
- scp utility to move files between nodes
Known Limitations
- Proxy setup cannot be used with ACME certificates
- Static certificates have to be used for management dashboard