SL1 Skylar Automation Platform Release Notes, version 3.1.1

SL1 Skylar Automation Platform version 3.1.1 makes Jinja2 available in the Skylar Automation Devpi Server and addresses an issue that prevented new schedules from functioning correctly if an application used an ID with both upper and lowercase letters.

Features

This section covers the features that are included in SL1 Skylar Automation Platform version 3.1.1:

  • The following images are included in this release of Skylar Automation:
  • registry.scilo.tools/sciencelogic/pf-api:rhel3.1.1
  • registry.scilo.tools/sciencelogic/pf-couchbase:6.6.0-13
  • registry.scilo.tools/sciencelogic/pf-dex:2.37.1-10
  • registry.scilo.tools/sciencelogic/pf-worker:rhel3.1.1
  • registry.scilo.tools/sciencelogic/pf-gui:3.1.1
  • registry.scilo.tools/sciencelogic/pf-pypi:6.3.1-14
  • registry.scilo.tools/sciencelogic/pf-rabbit:3.8.35-6
  • registry.scilo.tools/sciencelogic/pf-redis:6.2.14-5

Issues Addressed

The following issues were addressed in this release:

  • Addressed an issue that prevented new schedules from functioning correctly if an application used an ID with both upper and lowercase letters. (Case: 00495740)  (Jira ID: INT-6525)

  • Jinja2 is now available in the Skylar Automation Devpi Server, which allows the ServiceNow CMDB SyncPack to use it while rendering templates in offline environments. (Case: 00492419)  (Jira ID: INT-6467)

System Requirements

The Skylar Automation platform does not have a specific minimum required version for Skylar One or AP2. However, certain SyncPacks for Skylar Automation have minimum version dependencies, which are listed on the Dependencies for Skylar Automation SyncPacks page.

Ports

The following table lists the Skylar Automation ingress requirements:

Source Port Purpose

Skylar One host

443

Skylar One run book actions and connections to Skylar Automation

User client

3141

Devpi access

User client

443

Skylar Automation API

User client

5556

Dex Server: enable authentication for PowerFlow

User client

8091

Couchbase Dashboard

User client

15672

RabbitMQ Dashboard

User client

22

SSH access

The following table lists the Skylar Automation egress requirements:

Destination Port Purpose

SL1 host

7706

Connecting Skylar Automation to Skylar OneDatabase Server

SL1 host

443

Connecting Skylar Automation to Skylar One API

Additional Considerations

Review the following list of considerations and settings before installing Skylar Automation:

  • ScienceLogic highly recommends that you disable all firewall session-limiting policies. Firewalls will drop HTTPS requests, which results in data loss.
  • Starting with Skylar Automation version 3.0.0, the minimum storage size for the initial partitions is 75 GB. Anything less will cause the automated installation to stop and wait for user input. You can use the tmux application to navigate to the other panes and view the logs. In addition, at 100 GB and above, PowerFlow will no longer allocate all of the storage space, so you will need to allocate the rest of the space based on your specific needs.
  • Skylar Automation clusters do not support vMotion or snapshots while the cluster is running. Performing a vMotion or snapshot on a running Skylar Automation cluster will cause network interrupts between nodes, and will render clusters inoperable.
  • The site administrator is responsible for configuring the host, hardware, and virtualization configuration for the Skylar Automation server or cluster. If you are running a cluster in a VMware environment, be sure to install open-vm-tools and disable vMotion.
  • You can configure one or more Skylar One systems to use Skylar Automation to sync with a single instance of a third-party application like ServiceNow or Cherwell. You cannot configure one Skylar One system to use PowerFlow to sync with multiple instances of a third-party application like ServiceNow or Cherwell. The relationship between Skylar One and the third-party application can be either one-to-one or many-to-one, but not one-to-many.
  • The default internal network used by Skylar Automation services is 172.21.0.0/16. Please ensure that this range does not conflict with any other IP addresses on your network. If needed, you can change this subnet in the docker-compose.yml file.
  • The latest Oracle Linux 8 (OL8) versions are delivered in the Skylar Automation ISO, and the latest package updates are included in Skylar Automation Docker images.
  • The OL8 automated upgrade scripts are deprecated with version 3.2.0 of Skylar Automation.
  • When upgrading Skylar Automation using the RPM, be advised that you must remove the stack before deploying, as a new policy was added to the Skylar Automation policy configurations in the /etc/iservices/casbinpolicy.csv file.
  • For new platform deployments and upgrades, always run powerflowcontrol (pfctl) healthcheck and autoheal actions after the stack is deployed (or redeployed in upgrade scenarios).

For more information about system requirements for your Skylar Automation environment, see the System Requirements page at the ScienceLogic Support site at https://support.sciencelogic.com/s/system-requirements.

Known Issues

This release contains the following known issues:

  • The journald volatile storage takes part of the memory based on the environment memory size, which might cause undesired behavior in environments where the memory is highly used by Skylar Automation services. Skylar Automation uses journald volatile storage, which means that all logs are kept only in memory. (Case: 00347339)

  • To check the size of journal logs on a single PowerFlow node, run the following command:

    du -sh /run/log/journal

    You can clear logs with the following command (this is automatically done when you run the healthcheck action):

    journalctl --vacuum-time=7d

    You can also configure journald logs settings by using the following command to enforce small size and time limits:

    sudo sed -i -e '/RuntimeMaxUse=/s/.*/RuntimeMaxUse=800M/' -e '/MaxRetentionSec/s/.*/MaxRetentionSec=2week/' /etc/systemd/journald.conf && sudo systemctl restart systemd-journald

    Skylar Automation updates journald volatile limits to the following values, which can be changed if you want retain fewer or more logs:

    RuntimeMaxUse=800M

    MaxRetentionSec=2week

  • When upgrading to Couchbase version 6.6.0 (Skylar Automation later than 2.6.0) from Skylar Automation versions earlier than 2.6.0, the number of documents in the logs bucket could make the upgrade take longer, as a namespace upgrade is needed. ScienceLogic recommends that you flush the logs bucket if there are more than 300,000 documents that are taking up close to 2 GB of space in every node. Flushing the logs bucket will speed up the upgrade process. Otherwise, migrating a logs bucket of that size would take two to three minutes per node.

    Run the following command to flush the logs bucket after the PowerFlow RPM is installed, but before redeploying the PowerFlow Stack:

    pfctl --host <hostname><username>:<password> node-action --action flush_logs_bucket

    Alternately, you can flush the logs bucket manually using the Couchbase user interface.

  • If you get the "Error: No such option: --version Did you mean --json?" error message when running the pfctl --version command, you might have an older version of pfctl that was installed as a different user. To resolve this, be sure to install the powerflowcontrol (pfctl) utility version 3.0.7 or later as root with sudo, and remove any other versions installed by other users (isadmin or ec2-user): (Case: 00360512) 

    su isadmin

    pip3 uninstall -y iservicecontrol

  • To avoid authentication issues, do not use the dollar sign ($) character in any part of passwords related to Skylar Automation.
  • The Workflow Health and Interconnectivity widget on the PowerFlow Control Tower page displays diagrams for Skylar Automation applications and SyncPacks that have been deleted. To work around this issue, run the "Skylar Automation Control Tower HealthCheck" application or wait for the next scheduled run of the application.
  • If your Skylar Automation system uses self-signed certificates, you will need to manually accept the certificate before you can upload SyncPacks. Go to https://<IP address of PowerFlow>:3141/isadmin, accept the certificate, and then log into Skylar Automation. After you log in, you will be able to upload SyncPacks.
  • The latest tag does not exist after the initial ISO installation. This situation only affects users with custom services that point to the latest tag. To work around this issue, run the tag latest script manually after running the ./pull_start_iservices.sh command:

python /opt/iservices/scripts/system_updates/tag_latest.py /opt/iservices/scripts/docker-compose.yml

Installing or Upgrading Skylar Automation

For detailed steps about installing or upgrading to this version of Skylar Automation, see Installing and Configuring Skylar Automation.

Starting with version 2.3.0, all Skylar Automation platform releases are suitable for both MUD and non-MUD systems.

Due to the upcoming end of support for Oracle Linux 7, ScienceLogic strongly urges users to upgrade to Oracle Linux 8 (OL8). As such, only the OL8-based package and upgrade path is defined and provided. If you have extenuating circumstances and want to obtain an OL7-based install for Skylar Automation 3.1.0, please contact your CSM or ScienceLogic support.

You should always upgrade to the most recent release of Skylar Automation.