SL1 PowerFlow Platform Release Notes, version 3.2.0

SL1 PowerFlow Platform version 3.2.0 adds the ability to bulk download reports, adds a new API endpoint to support bulk downloading reports, adds two new configuration options, and addresses multiple issues.

Features

This section covers the features that are included in SL1 PowerFlow Platform version 3.2.0:

  • You can now bulk download reports in PowerFlow. When bulk downloading, you have the option to select multiple specific instances of a report to download, or you can select all available instances to download.

  • Added the new DELETE/api/v1/reports/batch API endpoint, which allows you to delete reports in a batch. For more details about using the new endpoint, see the API documentation in the PowerFlow user interface.

  • Added two new configuration options to the docker-compose.yml file to allow access to the Couchbase and RabbitMQ user interfaces without requiring Dex authentication:

    • DISABLE_DEX_AUTH. This option allows you to disable Dex authentication for the Couchbase and RabbitMQ services.

    • ENABLE_SECONDARY_CB_UI. This option allows you to access the Couchbase user interface on port 8091 through secondary nodes without additional port openings.

    The DISABLE_DEX_AUTH and ENABLE_SECONDARY_CB_UI configuration options are intended only for troubleshooting and should be turned off when the PowerFlow system is stable.

  • Blank spaces in configuration options or application variables are now automatically stripped by the PowerFlow API to prevent the spaces from causing issues when PowerFlow reads the values.

  • Updated API service initialization messages to improve clarity when Couchbase indexes are created.

  • Updated the db_host configuration option to function more uniformly across all PowerFlowservices.

  • The following images are included in this release of PowerFlow:

  • registry.scilo.tools/sciencelogic/pf-api:rhel3.2.0
  • registry.scilo.tools/sciencelogic/pf-couchbase:6.6.0-14
  • registry.scilo.tools/sciencelogic/pf-dex:2.37.1-11
  • registry.scilo.tools/sciencelogic/pf-worker:rhel3.2.0
  • registry.scilo.tools/sciencelogic/pf-gui:3.2.0
  • registry.scilo.tools/sciencelogic/pf-pypi:6.3.1-15
  • registry.scilo.tools/sciencelogic/pf-rabbit:3.8.35-7
  • registry.scilo.tools/sciencelogic/pf-redis:6.2.14-6

Issues Addressed

The following issues were addressed in this release:

  • Addressed an issue that caused device sync to fail due to region-specific cache key issues. (Case: 00422286)

  • Addressed an issue that caused intermittent authentication failure when using SSO credentials to access PowerFlow. (Case: 00352925)

  • Addressed an issue that caused the pfctl utility to fail when changing the PowerFlow password if the "dollar-sign" character ($) was used in the new password. You can now use the $ character in the PowerFlow password. (Case:00484230)

  • Updated custom mappings values so that you can set any value you want before PowerFlow checks whether the value is unique. Previously, if you attempted to add a custom value and any part of the string matched an existing custom value, you could not attempt to save the value.

  • Addressed an issue that prevented users with view-only permissions from accepting the End User License Agreement (EULA).

ScienceLogic recommends using single quotes ( ' ) when setting your pfctl password with the pfctl password set command.

System Requirements

The PowerFlow platform does not have a specific minimum required version for SL1 or AP2. However, certain SyncPacks for PowerFlow have minimum version dependencies, which are listed on the Dependencies for SL1 PowerFlow SyncPacks page.

Ports

The following table lists the PowerFlow ingress requirements:

Source Port Purpose

SL1 host

443

SL1 run book actions and connections to PowerFlow

User client

3141

Devpi access

User client

443

PowerFlow API

User client

5556

Dex Server: enable authentication for PowerFlow

User client

8091

Couchbase Dashboard

User client

15672

RabbitMQ Dashboard

User client

22

SSH access

The following table lists the PowerFlow egress requirements:

Destination Port Purpose

SL1 host

7706

Connecting PowerFlow to SL1Database Server

SL1 host

443

Connecting PowerFlow to SL1 API

Additional Considerations

Review the following list of considerations and settings before installing PowerFlow:

  • ScienceLogic highly recommends that you disable all firewall session-limiting policies. Firewalls will drop HTTPS requests, which results in data loss.
  • Starting with PowerFlow version 3.0.0, the minimum storage size for the initial partitions is 75 GB. Anything less will cause the automated installation to stop and wait for user input. You can use the tmux application to navigate to the other panes and view the logs. In addition, at 100 GB and above, PowerFlow will no longer allocate all of the storage space, so you will need to allocate the rest of the space based on your specific needs.
  • PowerFlow clusters do not support vMotion or snapshots while the cluster is running. Performing a vMotion or snapshot on a running PowerFlow cluster will cause network interrupts between nodes, and will render clusters inoperable.
  • The site administrator is responsible for configuring the host, hardware, and virtualization configuration for the PowerFlow server or cluster. If you are running a cluster in a VMware environment, be sure to install open-vm-tools and disable vMotion.
  • You can configure one or more SL1 systems to use PowerFlow to sync with a single instance of a third-party application like ServiceNow or Cherwell. You cannot configure one SL1 system to use PowerFlow to sync with multiple instances of a third-party application like ServiceNow or Cherwell. The relationship between SL1 and the third-party application can be either one-to-one or many-to-one, but not one-to-many.
  • The default internal network used by PowerFlow services is 172.21.0.0/16. Please ensure that this range does not conflict with any other IP addresses on your network. If needed, you can change this subnet in the docker-compose.yml file.
  • The latest Oracle Linux 8 (OL8) versions are delivered in the PowerFlow ISO, and the latest package updates are included in PowerFlow Docker images.
  • The OL8 automated upgrade scripts are deprecated with version 3.2.0 of PowerFlow.
  • When upgrading PowerFlow using the RPM, be advised that you must remove the stack before deploying, as a new policy was added to the PowerFlow policy configurations in the /etc/iservices/casbinpolicy.csv file.
  • For new platform deployments and upgrades, always run powerflowcontrol (pfctl) healthcheck and autoheal actions after the stack is deployed (or redeployed in upgrade scenarios).

For more information about system requirements for your PowerFlow environment, see the System Requirements page at the ScienceLogic Support site at https://support.sciencelogic.com/s/system-requirements.

Known Issues

This release contains the following known issues:

  • If a report is deleted, sometimes the link to the report remains in the Reports list until you navigate away and return, or refresh the page.

  • The journald volatile storage takes part of the memory based on the environment memory size, which might cause undesired behavior in environments where the memory is highly used by PowerFlow services. PowerFlow uses journald volatile storage, which means that all logs are kept only in memory. (Case: 00347339)

  • To check the size of journal logs on a single PowerFlow node, run the following command:

    du -sh /run/log/journal

    You can clear logs with the following command (this is automatically done when you run the healthcheck action):

    journalctl --vacuum-time=7d

    You can also configure journald logs settings by using the following command to enforce small size and time limits:

    sudo sed -i -e '/RuntimeMaxUse=/s/.*/RuntimeMaxUse=800M/' -e '/MaxRetentionSec/s/.*/MaxRetentionSec=2week/' /etc/systemd/journald.conf && sudo systemctl restart systemd-journald

    PowerFlow updates journald volatile limits to the following values, which can be changed if you want retain fewer or more logs:

    RuntimeMaxUse=800M

    MaxRetentionSec=2week

  • When upgrading to Couchbase version 6.6.0 (PowerFlow later than 2.6.0) from PowerFlow versions earlier than 2.6.0, the number of documents in the logs bucket could make the upgrade take longer, as a namespace upgrade is needed. ScienceLogic recommends that you flush the logs bucket if there are more than 300,000 documents that are taking up close to 2 GB of space in every node. Flushing the logs bucket will speed up the upgrade process. Otherwise, migrating a logs bucket of that size would take two to three minutes per node.

    Run the following command to flush the logs bucket after the PowerFlow RPM is installed, but before redeploying the PowerFlow Stack:

    pfctl --host <hostname><username>:<password> node-action --action flush_logs_bucket

    Alternately, you can flush the logs bucket manually using the Couchbase user interface.

  • If you get the "Error: No such option: --version Did you mean --json?" error message when running the pfctl --version command, you might have an older version of pfctl that was installed as a different user. To resolve this, be sure to install the powerflowcontrol (pfctl) utility version 3.0.7 or later as root with sudo, and remove any other versions installed by other users (isadmin or ec2-user): (Case: 00360512) 

    su isadmin

    pip3 uninstall -y iservicecontrol

  • The Workflow Health and Interconnectivity widget on the PowerFlow Control Tower page displays diagrams for PowerFlow applications and SyncPacks that have been deleted. To work around this issue, run the "PowerFlow Control Tower HealthCheck" application or wait for the next scheduled run of the application.
  • If your PowerFlow system uses self-signed certificates, you will need to manually accept the certificate before you can upload SyncPacks. Go to https://<IP address of PowerFlow>:3141/isadmin, accept the certificate, and then log into PowerFlow. After you log in, you will be able to upload SyncPacks.
  • The latest tag does not exist after the initial ISO installation. This situation only affects users with custom services that point to the latest tag. To work around this issue, run the tag latest script manually after running the ./pull_start_iservices.sh command:

python /opt/iservices/scripts/system_updates/tag_latest.py /opt/iservices/scripts/docker-compose.yml

Installing or Upgrading PowerFlow

For detailed steps about installing or upgrading to this version of PowerFlow, see Installing and Configuring PowerFlow.

All PowerFlow platform releases are suitable for both MUD and non-MUD systems.

Due to the upcoming end of support for Oracle Linux 7, ScienceLogic strongly urges users to upgrade to Oracle Linux 8 (OL8). As such, only the OL8-based package and upgrade path is defined and provided. If you have extenuating circumstances and want to obtain an OL7-based install for PowerFlow 3.1.0, please contact your CSM or ScienceLogic support.

You should always upgrade to the most recent release of PowerFlow.