Welcome to Joyent Cloud Customer Support

To stay updated with announcements regarding incidents and maintenance please visit or status page at status.joyent.com.
You can subscribe for automatic notifications when new incidents occur and maintenances are scheduled. In general maintenance events are ONLY published on the status page.

To submit a support request please login or send us an email at support@joyent.com.

 

Joyent Support

Sean G. Aug 24 Announcements / Announcements

Overview

Joyent is excited to announce a new version of the software image used for Manta compute jobs. The new image is based on the 64-bit LTS version of the 16.1.0 base image, which includes upgraded versions of the packages already available in Manta.

The new image will become the default for new jobs, starting 19-September-2016. While we are confident that this new image will be a compatible upgrade for most customers, it is possible that some applications could break due to the upgrade. For this reason, it is strongly recommended that you test existing jobs on the new image *prior* to September 19th:

  • You can try the new image using the --image flag to mjob or mlogin. It is currently only available by opting in on a per-job basis (see FAQs below for details).
  • Additionally, after we change the default to the new image, we will retain some capacity for the old image. 

If you need any assistance, please contact Support.

FAQs

What is an image, and what is actually changing?

Manta compute jobs run inside containers known as compute zones. Each zone is created from a software image that defines which software packages will be available and installed in that zone.

Previously, new Manta jobs were executed in zones based on the SmartOS 13.3 base image. Starting today, new jobs can instead choose to run in zones based on the 16.1.0 base image. The new image includes more choices in software, and offers newer versions for many of the existing packages.

It is important to note that the image defines which pkgsrc packages are installed in the zone. However, you can always run your own software in a zone based on any image, as long as you provide all of your own dependencies and/or rely only on libraries that do not alter incompatibilities over time.

How does this affect me?

Since the 13.3-based 32-bit image is still the current default, there is no immediate change for users unless you opt in to use the new image. However, starting on September 19, all jobs will run in the 16.1-based 64-bit image by default. For that reason, it is strongly recommended that you test your jobs on the 16.1-based image as soon as possible, to avoid any potential issues when the new image is deployed.

How can I try the new image now?

You can try the new image today by adding --image=16.1 to your mjob command. You have to do this for each phase. 

For example:

$ mjob create \
    --image=16.1 -m "grep request_id" \
    --image=16.1 -r "sort | uniq -c"

 

You can also experiment with the image using mlogin as follows:

$ mlogin --image=16.1

 

What if I need to use the old image after September 19?

We understand that some users may need to keep using the old 13.3-based image after we switch the default to the 16.1 version. We will retain the old image in a small subset of zones, but capacity will be significantly reduced. The old image will be completely removed in the near future, and we will provide further notice when that has been scheduled. 

To explicitly choose the old image, the instructions shown above for the new image apply, except that you will want to substitute the (following) old image version for the new one:

mjob create --image=13.3

Support

Again, if you need further help moving to the new image (after reading the information above), please contact Joyent Support.

Sean G. Jun 28 Announcements / Security Advisories

How To Update Your Services

SmartOS Users

New releases of the Node.js packages have been added to the 2016Q1 pkgsrc repository. The following latest package releases address the vulnerabilities outlined in this notice:

If you are running on a SmartOS image that is using a different pkgsrc repository, you can still install the above by using the following command (you may want to first test for any potential incompatibilities on a non-production machine):

$ pkg_add http://pkgsrc.joyent.com/packages/SmartOS/2014Q4/x86_64/All/<nodejs_package>

 

You can visit this Node.js page for more information about these vulnerabilities.

 

Triton Cloud Users 

The public cloud has been fixed; customers are advised to update their individual instances with the relevant Node.js packages.

 

Triton Enterprise Users

We will update this notice as soon as the 20160625 and 20160707 releases become available via the support channel, so that software customers can update their installations.

 

Linux Users

Please check the notices applicable to the Linux Distro you are using for the necessary remedial actions:

Original Notice

This notice is to advise all Triton Cloud (public cloud) and Triton Enterprise software (formerly SDC) customers of the following recently-identified Node.js security vulnerabilities:

  • CVE-2016-1669: Under certain conditions, V8 may improperly expand memory allocations in the Zone::New function. This could potentially be used to cause a Denial of Service via buffer overflow or as a trigger for a remote code execution; mitigation will be required.
  • CVE-2014-9748 is Windows-related and does not pertain to any Joyent software or services.

For now, you can visit this Node.js page to obtain additional details. Within the next several days, Joyent will proactively update this notice to confirm actions that we have taken, as well as provide specific details on any required actions to be taken by both Triton Cloud and Triton Enterprise customers to mitigate CVE-2016-1669. Your attention is appreciated.

If you are a Joyent customer and have any questions or concerns, please do not hesitate to contact our Support team by raising a ticket at https://help.joyent.com/home or by emailing support@joyent.com.

Sean G. May 27 Announcements / Current System Status

Overview

This notice is to alert our Joyent Public Cloud and Manta Storage Service customers to our newly enhanced maintenance/incidents notification system:

In making this change, our goal is to provide you (and all of our customers) with even faster, more user-tailored and efficient cloud-wide notifications about planned maintenance and unplanned incidents. This new notification system will allow us to reach that commitment.

Subscribing for Notifications

An important feature of our new notification system is that customers can subscribe to receive email notices of incidents and maintenance activities. In order to subscribe to these timely email alerts, follow these simple steps:

  1. Go to https://status.joyent.com and bookmark the page.
  2. While you are there, take a moment to click the "Subscribe" button in the top right corner, as illustrated below.
  3. You will be emailed a link that will let you easily manage the types of email alerts you wish to receive.

That’s all you need to do! Of course, you will also be able to view maintenance and incident notifications directly at https://status.joyent.com.

subscribe.png

Support

Thank you for your time in attending to this notice. If you are a Joyent customer and have any further questions regarding this change, please do not hesitate to submit a request via http://help.joyent.com or by email to support@joyent.com.

Ryan May 26 JoyentCloud Knowledge Articles / Virtual Machines

If you run into the following errors attempting to start services via systemctl in centos-7 or other systemd based infrastructure containers:

# systemctl start httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.

 

Create a directory 

/etc/systemd/system/SERVICENAME.service.d/ 

in this case, for httpd, that would be 

/etc/systemd/system/httpd.service.d

Create a file named override.conf in that directory, i.e.:

/etc/systemd/system/httpd.service.d/override.conf

Edit that file to contain

[Service]
PrivateTmp=no

and run 

systemctl daemon-reload

The service should now start properly.

Sean G. May 3 Announcements / Security Advisories

Update to Original Notice

(Updates as of 24-May-2016 UTC appear with asterisk*)

(First update appeared 9-May-2016 UTC; Original Notice appears at the bottom of this post)

How To Update Your Services

Joyent Public Cloud (JPC) users and Triton Elastic Infrastructure (formerly SDC 7) software users:

Update to the fixed release of the affected versions, as shown in the table below:

CVE Version(s) Affected Fixed Release(s) Where Available

CVE-2016-2108

 

OpenSSL 1.0.2 

OpenSSL 1.0.1

OpenSSL 1.0.2c

OpenSSL 1.0.1o

 2015Q1

 2014Q2, 2014Q4

CVE-2016-2107,
CVE-2016-2105, 
CVE-2016-2106,
CVE-2016-2109,
and
CVE-2016-2176

OpenSSL 1.0.2

OpenSSL 1.0.1

 

 

OpenSSL 1.0.2h

OpenSSL 1.0.1t

 

 

 2015Q4, 2016Q1

 2014Q4

 

 

You can determine whether OpenSSL is installed (as well as the version you have installed) by running: 

$ pkgin ls | grep -i openssl

Customers can re-install OpenSSL with the following commands:
$ pkgin -y up && pkgin -y in openssl


Or, install the version needed (if only available in a different repository), by running:

 $ pkg_add pkgsrc_path_to_package


For example, if you need to install OpenSSL version 1.0.2h from the 2016Q1 repository, but you are running on an image that is using a different repository, you can install the 1.0.2h version by running the following (with the caveat that we strongly suggest you first try this on a non-production machine, to ensure you do not run into any dependency issues):

$ pkg_add https://pkgsrc.joyent.com/packages/SmartOS/2016Q1/x86_64/All/openssl-1.0.2h.tgz

 

Triton Elastic Infrastructure (formerly SDC 7) software users*

The following Triton components have been fixed and are now available from the support channel:

  • sdcadm (upgrade to most recently published 1.11.1 version)
  • adminui (upgrade to release-20160512-20160512T165733Z-g63d9d37)
  • docker (upgrade to release-20160512-20160512T164735Z-gabdb1f1)
  • imgapi (upgrade to release-20160512-20160512T164432Z-g318b58e)
  • gz-tools (upgrade to most recently published 3.0.0 version)
  • Users should also update their boot platform to release-20160428-20160504T174400Z, or newer

For further details on applying updates, you can reference the Triton maintenance and upgrades web page. Should you require any further assistance with your updates to the components above, please contact our Support team by raising a request at the Customer Support portal or emailing support@joyent.com.

 

Joyent Manta, CloudAPI and Portal:

Please be assured that any Joyent components identified as being affected will be updated. 

 

Linux Users:

Please check the notices applicable to the Linux distro that you are using:

 

Node.js users:

As described in the 6-May-2016 Node.js update found here, the following releases have been made available to include the OpenSSL security updates:

Please upgrade your Node.js installation as soon as possible.

 

Open Source SDC users:

Update boot platform image to: release-20160428-20160504T174400Z

Update adminui, docker, and imgapi to the 20150512* releases.*

Direct any further questions to: The SmartOS Community Mailing Lists and IRC 

Original Notice

(Posted 3-May-2016 UTC)

This notice is to provide preliminary advice to all Joyent Public Cloud (JPC) customers and all Triton Elastic Infrastructure (formerly SDC 7) software customers of the recently-identified, high-severity OpenSSL security vulnerabilities CVE-2016-2108 and CVE-2016-2107, as well as four low-severity CVEs. Further information regarding these vulnerabilities is available here.

As soon as we can, we will update this notice to confirm the actions taken by Joyent, and to provide specific details of any required actions -- such as pkgsrc and software updates -- that will need to be taken by both JPC and Triton/SDC customers.

Node users are advised to watch for updates here; any new Node.js releases impacting software will be included in the above-mentioned Joyent pkgsrc and software updates.

At any time, please do not hesitate to contact our Support team (by raising a ticket at the Customer Support portal or by email to support@joyent.com) if any questions or concerns come up.

 

Overview | Recent