SL1 PowerFlow Platform Release Notes, version 2.4.1

SL1 PowerFlow Platform version 2.4.1 addresses an issue where running many schedules in PowerFlow used a large amount of memory without returning that memory (also called a memory leak). This release also resolves two additional issues.

Unless mentioned elsewhere in the documentation, PowerFlow SyncPacks do not require a specific version of the PowerFlow Platform.

Issues Addressed

The following issues were addressed in "PowerFlow Platform" version 2.4.1:

  • Addressed an issue where running many schedules in PowerFLow used a large amount of memory without returning that memory. This memory leak could lead to a node failover.
  • Eliminated a memory leak in the contentapi service and optimized PowerFlow for faster throughput and efficiency.
  • Added the header "Strict-Transport-Security" to nginx configurations to prevent an HTTP Strict Transport Security (HSTS) vulnerability. (Case: 00126560)
  • Addressed an issue that occurred when upgrading from any previous version of PowerFlow to version 2.4.0. After the upgrade, a missing role-based access control (RBAC) permission could prevent the PowerFlow user interface from accessing Flower or RabbitMQ.

  • For PowerFlow version 2.4.0, you can resolve this scenario by running the following powerflowcontrol (pfctl) command:

    pfctl --host <ip_address> <username>:<password> node-action --action upload_default_content

  • For PowerFlow version 2.4.1 and later, you can resolve this scenario by running the pfctl healthcheck and autoheal actions.

    For more information see Upgrading from Version 2.0.0 or Later.

Known Issues

This release contains the following known issues:

  • When attempting to upgrade PowerFlow to version 2.2.x, 2.3.x, or 2.4.x, the RabbitMQ user interface might become inaccessible due to an incorrect RabbitMQ version in the docker-compose.yml file. This issue is addressed in PowerFlow version 2.5.0, so ScienceLogic recommends that you upgrade to version 2.5.0.
  • When upgrading to this version, the version of the powerflowcontrol (pfctl) utility might revert to an older version than the version you had installed. To download and install the latest version, see Installing the powerflowcontrol (pfctl) utility.
  • For Military Unique Deployments of PowerFlow only, an encrypted password that is longer than 24 characters will generate an error. This issue is addressed in the PowerFlow Platform version 2.6.0.
  • In PowerFlow version 2.4.0 and later, if you enabled the latest authentication updates for the backend services, the RabbitMQ API is no longer available externally from the cluster. As a result, remote API requests directly to RabbitMQ might not work (the RabbitMQ user interface is still completely operational). As a workaround, if you require remote access to the RabbitMQ API, you can return to legacy behavior by setting the following gui environment variable: force_auth_validation: true. Alternatively, you may perform any api requests to rabbit directly from within the container. Remote RabbitMQ API access for internal authentication users will be enabled in a future release of PowerFlow.
  • The Workflow Health and Interconnectivity widget on the PowerFlow Control Tower page displays diagrams for PowerFlow applications and SyncPacks that have been deleted. To work around this issue, run the "PowerFlow Control Tower HealthCheck" application or wait for the next scheduled run of the application.

  • If your PowerFlow system uses self-signed certificates, you will need to manually accept the certificate before you can upload SyncPacks. Go to https://<IP address of PowerFlow>:3141/isadmin, accept the certificate, and then log into PowerFlow. After you log in, you will be able to upload SyncPacks.

  • The latest tag does not exist after the initial ISO installation. This situation only affects users with custom services that point to the latest tag. To work around this issue, run the tag latest script manually after running the ./pull_start_iservices.sh command:

    python /opt/iservices/scripts/system_updates/tag_latest.py /opt/iservices/scripts/docker-compose.yml

System Requirements

PowerFlow Platform version 2.2.1 and later requires version 1.3.1 or later of the Base Steps SyncPack. This version includes an update to the "Query REST" step that prevents issues with scheduled PowerFlow applications. You can download the latest version of this SyncPack from the PowerPacks page of the ScienceLogic Support Site.

The PowerFlow builder is available as part of an SL1 Premium solution. To upgrade, contact ScienceLogic Customer Support. For more information, see https://sciencelogic.com/pricing.

The PowerFlow platform does not have a specific minimum required version for SL1 or AP2. However, certain SyncPacks for PowerFlow have minimum version dependencies, which are listed on the Dependencies for SL1 PowerFlow SyncPacks page.

Ports

The following table lists the PowerFlow ingress requirements:

Source Port Purpose

SL1 host

443

SL1 run book actions and connections to PowerFlow

User client

3141

Devpi access

User client

443

PowerFlow API

User client

5556

Dex Server: enable authentication for PowerFlow

User client

8091

Couchbase Dashboard

User client

15672

RabbitMQ Dashboard

User client

22

SSH access

The following table lists the PowerFlow egress requirements:

Destination Port Purpose

SL1 host

7706

Connecting PowerFlow to SL1Database Server

SL1 host

443

Connecting PowerFlow to SL1 API

Additional Considerations

Review the following list of considerations and settings before installing PowerFlow:

  • ScienceLogic highly recommends that you disable all firewall session-limiting policies. Firewalls will drop HTTPS requests, which results in data loss.
  • Starting with PowerFlow version 3.0.0, the minimum storage size for the initial partitions is 60 GB. Anything less will cause the automated installation to stop and wait for user input. You can use the tmux application to navigate to the other panes and view the logs. In addition, at 100 GB and above, PowerFlow will no longer allocate all of the storage space, so you will need to allocate the rest of the space based on your specific needs.
  • PowerFlow clusters do not support vMotion or snapshots while the cluster is running. Performing a vMotion or snapshot on a running PowerFlow cluster will cause network interrupts between nodes, and will render clusters inoperable.
  • The site administrator is responsible for configuring the host, hardware, and virtualization configuration for the PowerFlow server or cluster. If you are running a cluster in a VMware environment, be sure to install open-vm-tools and disable vMotion.
  • You can configure one or more SL1 systems to use PowerFlow to sync with a single instance of a third-party application like ServiceNow or Cherwell. You cannot configure one SL1 system to use PowerFlow to sync with multiple instances of a third-party application like ServiceNow or Cherwell. The relationship between SL1 and the third-party application can be either one-to-one or many-to-one, but not one-to-many.
  • The default internal network used by PowerFlow services is 172.21.0.1/16. Please ensure that this range does not conflict with any other IP addresses on your network. If needed, you can change this subnet in the docker-compose.yml file.

For more information about system requirements for your PowerFlow environment, see the System Requirements page at the ScienceLogic Support site at https://support.sciencelogic.com/s/system-requirements.

Installing or Upgrading PowerFlow

For detailed steps about installing or upgrading to this version of PowerFlow, see Installing and Configuring PowerFlow.