v14.2 Release Update #1 - 27 more appliances

Wow, has it really been almost a month since I announced v14.2 Core?! Looks like it has! Time flies when you're having fun I guess... :)

I'm pleased to announce 27 new updated appliances that have are now on the mirror. As per usual, these appliances are all available for download in a range of builds. Get them now via the appropriate links on the relevant appliance pages (specific appliance page links provided below). All the new appliances will launch by default from the Hub.

Also there are some other news to share; including a newer version of Adminer, as well as a (somewhat minor) confconsole bug fix. Unfortunately, OpenStack builds are still a work in progress and the Marketplace images are still coming, but hopefully we'll get there soon.

Without further ado, let's round up the first batch of new v14.2 appliances.

27 Updated Appliances

All new v14.2 appliances have version 1.0.0 of Confconsole (which has a somewhat minor bug), as mentioned in the Core announcement. As well as the usual Debian package updates. All appliances also include the other v14.2 components, such as updated Webmin and TKLBAM. All appliances that include Adminer, now have a newer version included. Hopefully the newer version has better support for PostgreSQL users (a number of you have noted that the previous version was a little limited). Read more about that below.

All appliances that install components from upstream source code (i.e. code direct from the original developers) have also been updated. Where ever possible we give LTS versions precedence over "the latest", but generally they should all now include a very recent, up to date stable release.

Newer Version of Adminer

Ninja Debian Developer, TurnKey friend and all round nice guy; Chris Lamb has kindly updated the version of Adminer in the Debian repositories. And TurnKey Community Legend; Ken Robinson (aka DocCyblade) stepped in and tweaked the code to add it to all the v14.2 LAMP/LAPP based appliances as well as for Lighty and Nginx (and a few others).

As many of you may know, the specific version of any software in Debian stable is usually locked for the duration of the release. They do get security patches and bug fixes. But those are backported to the version of the software already included in stable.

However, Debian also has what is called a "backports" repository. The Debian backports repository provides a pathway to have newer software included in a stable release. It isn't perfect, as backported packages don't have the same level of testing, support and attention as packages in the "main" repo. But we've been keeping our eye on Adminer for a while. It seems pretty well constructed and Chris has done a stellar job backporting it. So we think that any potential risks are outweighed by the gains.

Adminer Background Story

For those of you that are interested, I'd like to share a little of the background of this update.

Late last year, it looked like Adminer was close to dropping out of the Debian repositories altogether. The previous maintainer was MIA and the package was already really old (v3.3.3). In a passing conversation, I mentioned my concerns to Chris (whom I'd only just met - via email). I didn't really think much more about it, but next thing I know, Chris had stepped in and taken over the maintenance of the Debian Adminer package. He'd packaged and uploaded the latest version (v4.2.5 at the time) to 'unstable' (where all Debian packages start out). After the obligatory wait, it migrated to testing and Chris developed a Jessie backport.

Soon after the newer Adminer hit backports, TurnKey Community Power Dev; Ken Robinson jumped into gear and tweaked the TurnKey buildcode to include the newer Adminer version. Thanks tons to both of you guys! You rock!

Congrats to Chris (a complete aside)

As a complete aside, we'd also love to congratulate Chris on his recent success in being elected as the new Debian Project Leader. I must say that I found his platform appealing and if I were a Debian Developer, I wouldn't have hesitated to vote for him too! Nice work Chris!

The Fresh Appliances

To get back on track, the freshly updated appliances (in alphabetical order) are:

Please spin one (or 2 or 3 or more) up and let us know what you think. We always love feedback, but particularly constructive criticism.

Confconsole Bug Fix

Soon after release, a bug in the new Confconsole Hostname plugin came to light. As noted on GitHub, this issue relates to the Postfix config not being updated with the new hostname. As such it will only effect users who have Confconsole version 1.0.0+4+g18aa7e6, use it to update their hostname and wish to send email. The fixed version of Confconsole is v1.0.1. Unfortunately, it only became apparent after we had already built this latest round of updated appliances.

For a moment, we contemplated rebuilding them all. But seeing as we have a ton more appliances to get through, not to mention starting work on v15.0 (rebase on Debian Stretch), we thought better of it. So instead of spending precious time rebuilding affected appliances, we decided to just push on.

It's far from ideal, but it seems to us to be the best bad option. Hopefully you'll agree. As hinted above, we have released a fixed package and users can update to it via apt.

To check your version of Confconsole:

apt-get update && apt-cache policy confconsole

Users potentially affected by this bug will see:

confconsole:
  Installed: 1.0.0+4+g18aa7e6
  Candidate: 1.0.1
  Version table:
    1.0.1 0
       999 http://archive.turnkeylinux.org/debian/ jessie/main amd64 Packages apt-cache
*** 1.0.0+4+g18aa7e6 0
       100 /var/lib/dpkg/status

From this, we can see that the installed version is '1.0.0+4+g18aa7e6' but the "candidate" (version that will be installed with 'apt-get install') is v1.0.1. v14.0/14.1 users would expect to see '0.9.4+153+g10511f8' installed. If you see 0.9.4..., then this bug does not affect you (but perhaps you'll want to update).

For users affected by this (i.e. anyone who has manually updated confconsole or anyone using Core v14.2 or any of these 27 new appliances), the fix is as simple as updating. Do that like this:

apt-get update && apt-get install confconsole

If you are using v14.0 or v14.1 and wish to update, please see the docs.

More to Come

With a library of around 100 appliances, that means we're close to a third of the way through. I'm hoping to have another batch of 10-20 ready by next week and get them all updated (bar perhaps a couple of the extra tricky ones) by the end of the month. We'll see how that goes... Regardless, I will keep plugging away until they're all up to date!

So please try them out and let us know what you think. We're especially interested in bug reports, suggested improvements (big and small) and any other constructive criticism you have for us. Please post in the comments below, or start a new thread in the forums

. Bug reports and feature requests can be lodged directly to our "Issue Tracker".

Comments

Andi Northrop's picture

Nice work, shall be spinning LAMP and Drupal 8 up shortly :)

Just to note the Drupal 8 page is still showing the old permissions error "You are not authorized to access this page."

Ta!

John Youssef's picture

Ditto, would really like to get that Drupal 8 VM

Jeremy Davis's picture

Sorry guys I forgot about that (it looked fine to me...). It's fixed now so you should be good to go. Please let us know how it goes.
John Youssef's picture

Looks like the manifest for that ovf is invalid, any chance we could get it updated?

 

Jeremy Davis's picture

Someone else also reported that. I've put it on the tracker and we'll look into it ASAP (not sure why I didn't hit that in my testing).

Unfortunately I don't have an ETA on releasing a fix but I'll get to it real soon. I've lodged a bug on the tracker.

In the meantime, please try the VMDK or the ISO. And what I might do for now is just disable the OVA download.

Jeremy Davis's picture

As per my post on that other thread, I can't really reproduce it. I'm not sure whether there is something funky with the version which I have, or a bug in the version you guys have?

So if you can please give me some more info on the specific software you are using and the version. Hopefully I can work out what the issue is... Or perhaps you just got a corrupted download? Although usually a corrupted archive won't open properly (so I would expect you would more likely get an error on corrupted ova, rather than corrupted manifest).

John Youssef's picture

I'm using VMware ESXi 5.5. When I try to deploy the tempate I get the following error:

The OVF package is invalid and cannot be deployed.

The following manifest file entry (line 1) is invalid: SHA256(turnkey-drupal8-14.2-jessie-amd64.ovf)=5ddfd7f9f45c088d9253b2c9b667263723a08fdb56d3fdda31621d53c6fbcef7

Jeremy Davis's picture

Thanks very much. I'll look a bit closer at the manifest and see what's going on. I'll be back with something more as soon as I can.
Jeremy Davis's picture

I finally put some time aside to look into this a little closer. And I'm pretty sure I've discovered the issue. It's a compatibility problem with older versions of VMware products.

For v14.2 we used the latest version of VMware's OVF tool (v4.2) to produce our OVAs. And it appears that for this latest release (for v14.1 we used OVFTool v4.1) VMware have updated the checksum to SHA256 (which is good; SHA1 is essentially broken from a security standpoint).

However, it seems that older VMware products, such as ESX/ESKi up until vSphere v6.0 are not compatible with SHA256 checksums and can only understand SHA1 checksums. Older versions of VMware's other software are no doubt also affected e.g. Workstation, Player, etc.

I have discussed this with Alon and I'm going to test including both an SHA1 and SHA265 checksum to see if that can get us over the line and provide backwards compatibility. Even if I do manage to work around it satisfactorily, you'll no doubt hit this issue more and more as other vendors update to the new version of OVFTool. So longer term, it's probably worth looking at your upgrade options. You're going to need to either update your VMware infrastructure, or move to an alternate hypervisor (e.g. ProxmoxVE).

If I can't provide backwards compatibility, then until you upgrade, you'll need to resort to using the legacy VMX (included with our legacy VMDK build) or install from ISO. Another work around would be to download the old version of OVFTool (v4.1 should do it) and pre-process the OVAs with that first.

Jeremy Davis's picture

Hi John,

I have built a new v14.2 Drupal8 OVA and would really appreciate if you'd be able to test it for me. Is that possible? Please get in touch ASAP via jeremy AT turnkeylinux.org

Alternatively, if anyone else reads this and is running ESX/ESXi v5.5 or similar, please get in touch ASAP.

Bjarne's picture

Thank you so much for your continued support and development of Turnkey Linux.

We've been running a WordPress intranet on the v14.1 release in a Hyper-V machine for almost a year, with near 100% uptime. Very impressed.

I'll download the v14.2 release and give it a spin on my machine.

Using Turnkey WordPress and I LIKE it :)

Jeremy Davis's picture

Thanks for the kind, encouraging words! :)

Probably the most significant change specific to the v14.2 WordPress appliance is that it now comes with no plugins pre-installed.

We had a few comments that lead us to reconsider bundling it with plugins. One is that they're really easy for an admin to install them from within WordPress. The other was that whilst most of them were pretty useful, it's still highly unlikely that anyone would want all the ones we were including. So either there is something adding to server load without providing benefit (and potentially an attack vector too), or the admin needs to remove unwanted plugins. Either way it's a bit sucky...

FWIW, all the other cool stuff (e.g. the Let's Encrypt integration) is common to all v14.2 apps.

Bjarne's picture

As promised, I gave the latest WordPress stack a thorough spin:

  • Installed the .iso in a HyperV machine
  • Imported a 510 MB large WordPress website using All In One WP-Migration
  • Ensured WordPress 4.7 PDF thumbnail support, by adding imagick and ghostscript within webmin
  • Noticed that turnkey credits added to the output, conflicts with Divi builder, but once removed (sorry), everything worked perfectly.
  • Installed and tested WordFence.

Being a local test installation, I wasn't able to test the new Let's Encrypt certificate support.

The page https://www.turnkeylinux.org/wordpress still mentions the plugins that were prevously bundled. Thank you for not including those anymore, makes the install even lighter and quicker.

Thank's to everyone involved in this project - your efforts are appreciated :)

 

Using Turnkey WordPress and I LIKE it :)

Jeremy Davis's picture

I'm glad to hear that your happy with the new WordPress appliance.

No worries on disabling the credits. It happens. FWIW I'm pretty sure why it's incompatible with some plugins is that some use single quotes and others use double quotes. We switched our credits from using one to the other (I forget which one now) at one point because it was causing issues with another plugin. Obviously fixing that has created new issues with another one... I don't think that there's a lot we can do about that...

I'll tidy up the appliance page soon too. Thanks for highlighting that.

Jeremy Davis's picture

Hopefully it shouldn't be too far away. It won't be in the next batch of appliances (as they're already built to ISO) but should be in the batch after that.

The next batch should really be published by now, but I've been a bit sidetracked wrestling with the OVA build of the ones we've released already. A number of users can't get it to work so we're tweaking it a bit.

I'm only guessing, but I'd hope to have the new ehterpad appliance released within the next few weeks.

Jeremy Davis's picture

I'm not completely clear, but it sounds like you are trying to use the LXC appliance?! Is that right?

Trying to download v14.0 builds is a known bug; which will be resolved in the next release. I can't give a clear ETA, but should be really soon. Fingers crossed it will be in the same batch as etherpad (my post above).

As to your other issue, that's a new one! Perhaps you can provide a little more detail? If you can give the steps that are required to reproduce your issue, then I'll give it a go. If I can reproduce it, we can make sure that it isn't an issue in the v14.2 release.

If you're a programmer, then perhaps you can help out with the testing a bit?! TKL Community legend John Carver has a pull request waiting for final review and testing that should build a great v14.2 LXC appliance. If you install TKLDev and clone John's branch locally, then you can build the appliance ISO with his code and give it a spin. Any feedback that you can provide will certainly be welcomed.

Jeremy Davis's picture

Sorry for slow response...

Just use TKLDev v14.1; it's what we use to officially build all the new v14.2 appliance (I haven't built TKLDev 14.2 yet).

The only thing to note of any significance, is that you'll want to install the updated "fab" package (it resolves a regression in v14.1 that slows down the build workflow).

If you wish to locally tweak and build an existing appliance, that should just work. However, if you are working on an appliance that we haven't updated yet, if you wish to build it as v14.2; you'll need to bump the changelog version.

Also, I'm not clear on your motivations. If this is for your own personal usage, then you should be fine. Although please note that things can change quite a bit and quite regularly while we're working on a release. I urge you to work in your own branch of common and keep checking for updates that may impact what you are working on.

If you are wanting to help out with v14.2 updates and release, then let's chat as we have a few others helping out and best to work together to avoid people treading on each other's toes.

If you wish to develop a new appliance, that's great, but please be aware that the current appliance updates and release (including new ones, yet to be published) will get precedence over any additional new appliances.

Jeremy Davis's picture

Thanks for your kind words Gustavo.

Depending on what your plans are, perhaps you are interested in working with Ken (aka DocCyblade)? He's currently working on other appliances, but Odoo is on his list. FWIW he was the original developer of the Odoo appliance. At this point the main thing we'll be looking at is updating to v10 for the next release.

Jeremy Davis's picture

FWIW, the last commit was Jan 2015.

Essentially it could be considered "abandonware" however there are still plenty of people using it and someone has even forked it and updated it to run on PHP7. There also seems to be a bit of ongoing activity on their message board. So whilst people want to use it, and there aren't any glaring security issues, we'll probably continue to produce it as an appliance.

Pages

Add new comment