eBox 0.10 ready to rock

Hi fellow eBox users,

You favourite development team proudly presents the release of eBox platform 0.10. After a few days of testing eBox 0.9.100 we come up with the official release for these series.

Let’s recap, shall we? These are some of the awesome features which have been added:

  • Firewall: this module has been extended in such a way that you will not need to hack eBox anymore to add custom rules to the INPUT or OUTPUT chain. Now it’s more flexible, and it’s easier to add rules for services which are not managed by eBox itself. The UI totally has been totally pimped out and takes advantage of the generic AJAX table
  • Services: this is a new module that has been introduced for convenience. It allows the users and other modules to create services which can be used by modules using iptables-like rules. So far, only the firewall module and some parts of the core use this module, but modules like traffic shaping or networking will eventually use it too.
  • Events: we have included a neat framework to inform our users whenever an interesting event happens. Currently, we have just implemented a few events such as the machine is running out
    of disk space, a service has been stopped unexpectedly or eBox is up. The cool thing about all this is you can be told what is happening through your favourite Jabber client, so yes, it’s what you think, now eBox talks to you if we have a situation :)
  • Objects, DNS: And again, we are glad to announce that these two modules are joining the group of modules whose UI exploits the user experience provided by Ajax technology. Also, the DNS module automatically configures reverse resolution.
  • Control center: This new module is meant to be used for those system administrators who want to deploy machines running eBox in different locations. It provides a unique point of control to ease the management of a group of eBox machines. It automatically configures openVPN and apache under the hood to create a secure connection with the control center. Currently, the control center has no graphical user interface as it’s just a bunch of useful commands to carry out the necessary operations to set up the scenario. It uses SOAP to expose the eBox API to remote scripts which can be executed within the control center. Now we have the necessary infrastructure to implement the required features for this sort of scenario. So the next step is to get feedback from users who wish to have several machines running eBox and what they would expect from this control center. Once we agree which features are required we will think how to create a more friendly interface on top of it. Some examples of using the control center are: accessing every eBox connected to your control center, receiving events and alerts from a group of eBoxes, synchronising LDAPs amongst a group of machines, forcing software updates, uploading periodic backups…


Some notes on upgrading

As the upgrading process can be a critical task we suggest you backup your configuration before proceeding with the upgrading process

Please be advised that the firewall module has been modified to make it more flexible. We have tried our best to import your old data to the new module. Yet we strongly recommend you check your firewall configuration after upgrading.

Change log for eBox 0.10

ebox

  • Add EventDaemon
  • Add watcher and dispatch framework to support an event architecture on eBox
  • Add watcher to check if there is space left on disk
  • Add watcher to check if a given serivice is restarted too many times in a short period
  • Add watch to check if eBox is currently up
  • Add generic from
  • Improvements on generic table: paging, filtering..
  • Add Swedish translation

network

  • Fix bug with static routes which prevented them from working if the multigateway support was enabled
  • Fix bug importing gateway IP addresses from network configuration
  • Added /22 netmask setting iface IP address
  • Update models to new API
  • Get rid of custom controllers

ntp

  • Use services module

objects

  • Use the new model/view framework. Now you can edit object and member names.

firewall

  • Load ip_nat_ftp module
  • Use new model/view framework which implies several changes. UI uses Ajax
  • Now the user can add rules to INPUT/OUTPUT chain
  • Use the new services module

openvpn

  • Clients backup their certificates
  • Add API to support internal VPNs
  • Fix issue with www server to guess IP
  • Improvements on port availability
  • Only announce routes for RFC1918
  • Relax checking of advertised routes
  • Do not downgrade privileges from root to another user/group to avoid problems when reconnecting

users and groups

  • Allow dots in user names

samba

  • Create group directory with 0770
  • Add users to Domain Users group

services

  • First release

mail

  • Fix some typos

mailfilter

  • Bugfix. Removal of external domain

  • Configure firewall to open fort for freshclam

dns

  • Add reverse resolution
  • Use new model/view framework. UI uses Ajax