Skip to content

Release v0.14.0

Compare
Choose a tag to compare
@wh1te909 wh1te909 released this 07 Jul 21:45
· 908 commits to develop since this release
  • Switched to NATS websocket for agent<->server communication. This removes the need to publicly expose port 4222 TCP and now the only open port needed is 443 TCP. You must leave port 4222 open though until all your agents are updated to v2.1.0 at which point you may close port 4222 in your firewall.
  • If you have more than a few hundred agents, you should increase nginx's open file limit as now each agent uses an additional nginx connection. You can do so by adding the following line to the top of /etc/nginx/nginx.conf
worker_rlimit_nofile 1000000;
  • Note for those running UNSUPPORTED setups or proxies (HAProxy, NPM, Traefik, Kubernetes etc. Ignore this section if you are on a traditional or docker install): NATS still listens on 4222 (for internal communication between various trmm services) but now also listens internally on localhost:9235 (websocket protocol). Agent NATS traffic now connects to nginx public port 443 which is proxy passed to localhost:9235 so you will need to implement this manually in your proxy settings. You may refer to this commit to see how a supported nginx setup implements it (make sure to only proxy pass traffic that matches the pattern https://api.example.com/natsws). You must implement this in your custom proxy before upgrading to this release.

  • If for whatever reason you can't use NATS websocket or just want to keep things the way they were before this release, check out these docs on how to fall back to NATS standard.

  • Note for docker users: the docker-compose.yml file has changed this release so make sure to delete the old one and re-download the latest one (just copy paste from the docker update docs).

  • Added an API endpoint which can be called to monitor your TRMM instance's health, check docs for instructions.

  • Changed the uWSGI config to automatically scale workers based on load. Previously, the number of workers and threads was calculated based on number of cpu cores but required manual load testing to tune to optimal values. Now the workers will dynamically increase/decrease based on server load, which will solve issues with no workers being available during long running http requests and/or high number of requests per second caused by agents slamming the server.

  • Agent binaries now follow a consistent naming format tacticalagent-vX.X.X-os-arch to prepare for mac agent and any future agent OS that we will support.

  • Fixed a bug where orphaned tasks were not being removed.

  • Frontend code has been moved to its own repo and build tool has been switched to Vite instead of Webpack.

  • The frontend build is now compiled using github actions on every release and uploaded as a tarball to github releases. This removes the need to compile it during a trmm update which lately was using a ton of RAM and causing OOM errors and updates to fail. The update script now downloads this pre-compiled tarball.

  • Added a new find service management command.

  • Added a new method to bulk recover agents (Tools > Recover All Agents) which will restart both the tacticalagent and meshagent services across all machines, which helps when restoring.

  • Fixed an integer out of range error that would cause scripts or command results to not be saved in the database when return code value was greater than 2147483647.

  • Fixed #10 linux agent update doesn't work when /tmp is mounted on different filesystem.

  • Agent is now built with golang 1.18.3

  • Code refactoring and optimizations

  • Update MeshCentral to 1.0.43