Changelog of the base of the orchestrator

5.25 (2025-01-06)

Automatically sets privileged: true for the container-scanner service, if the kernel version of the machine hosting Cyberwatch is lower than 5.11
The configuration file /etc/cyberwatch/configs-enabled/compose-service/container-scanner.yml has been renamed to /etc/cyberwatch/configs-enabled/compose-service/35-container-scanner.yml for the container-scanner service.
Fixed a problem in the order of use of configuration files in /etc/cyberwatch/configs-enabled/

Improved cyberwatch commands for container-scanner:
- Add cyberwatch exec container-scanner command
- Add cyberwatch log container-scanner command
- Add container-scanner when executing cyberwatch status
Improved timeout when using the cyberwatch restart command
Fixed a problem when importing the security database for offline instances. The new command is cyberwatch exec sidekiq_master security_database_import_task
Moved the directory where the container-scanner service is stored to /etc/cyberwatch/configs-enabled/compose-service/container-scanner.yml
Private keys created with cyberwatch configure now have a size of 3072 bits

Fix an update error with the config.env file when installing the deb package
Fix an error that could occur in the post-installation script with an old version of bash

Remove the migration from cbw-on-premise v2.X to cbw-on-premise 5.X
- The new procedure involves reinstalling Cyberwatch. Do not hesitate to contact support for more information
The web, sidekiq, sidekiq_master and sidekiq_node containers are now run with a non-privileged user
Remove the cron service
Added a sidekiq_master service available only on the master node

Fix a network error with network for container scanner that can occurs with power failure

Added Buildah engine to scan docker container docker
- For more information, see the documentation Using the Buildah engine Buildah
Containers Redis and MariaDB are now run with non-privileged user
Correction of exit code returned on successful execution of orchestrator configuration command (cyberwatch configure)

Fixed a problem related to the generation of the root certificate introduced in 5.14

Remove CPU resource limitation for Docker containers with Swarm, introduced in version 5.14

Added memory and processor resource limitation for Docker containers with Swarm
Automatic removal of the version field in Docker Compose files
Automatic scaling to two Sidekiq replicas when the machine hosting Cyberwatch has more than four processors
Improved the TLS certificate generation steps, when configuring the orchestrator base with Swarm
Multiple fixes to ensure compatibility with Docker Engine versions higher than 25.2
Minimal version supported of the Docker Engine is now 23.0.6

Added a --no-pull option to the command to start Cyberwatch without pulling new Docker images (cyberwatch start command)
Added a --no-redis option to the command to configure an external Redis server (cyberwatch configure command)
Added a CBW_NO_PULL variable in the orchestrator base configuration file to disable the pull of new Docker images
Added missing options in the Bash completion of Cyberwatch commands
Helm versions lower than 3.7.0 are no longer supported

Added a --no-pull option to the command to restart Cyberwatch without pulling new Docker images (cyberwatch restart command)
Added a CBW_SIDEKIQ_REPLICAS variable in the orchestrator base configuration file to increase the number of Sidekiq replicas
Fixed a problem related to the use of an external Redis
Fixed an infinite loop problem that could occur when stopping the application when the orchestrator is Swarm (cyberwatch stop command)
Fixed an issue with the command checking the orchestrator base status, when checking for database backups (cyberwatch doctor command)
Fixed error code returned when executing a command on a running container (cyberwatch exec command)
TLS certificates for master and satellite nodes are now valid for five years