Welcome to the OnApp Support portal!

Your one stop shop for OnApp Support. Raise tickets, view tickets, search our knowledgebase and stay up to date with the latest support announcements.

Dashboard accounts are required for support calls and tickets

You now need an OnApp dashboard account to raise a support ticket, either online or by phone, so you should create new dashboard accounts for any member of your team that might need to contact us. Once they have an account they can log in here to submit tickets. To set up those user accounts:

  • Log in to the dashboard
  • Go to Accounts -> Users and click the Add a new user button
  • Complete the form, making sure you check the boxes for Dashboard, Helpdesk and Forum access
  • Click the Create User button to finish

Tokens for telephone support

We've improved security for telephone support by introducing a new support token. Your token is displayed in the dashboard when you log in - you'll need to give that code to our team if you call us.

 

If you have any difficulties setting up dashboard accounts or using the new portal, just let us know.

 

OnApp Support

Maksym Holiney Jan 29 OnApp Cloud / Product Notifications

Updated glibc packages fix the GHOST  security issue.
This security update should be applied to static RHEL/CentOS 5.x and RHEL/CentOS 6.x hypervisors.

Enter the Control Panel box via ssh, and run from under root user to address the above vulnerability:

# yum update glibc

 

Please note that we will be releasing an updated CloudBoot image soon that explicitly patches this vulnerability.

Maksym Holiney Jan 20 OnApp Storage / OnApp Integrated Storage

Parallelrepaivdisks enables to repair up to 10 degraded vdisks simultaneously.

Also, you may indicate what data store will be repaired first or indicate sequence of data stores.

  • Log onto Hypervisor via SSH
  • Get the list of degraded vdisk with the following command:
  • getdegradedvdisks
  • Run 
  • parallelrepairvdisks [datastores=DS_UUID1,DS_UUID2,...]

Maksym Holiney December 17, 2014 1 OnApp Cloud / Product Notifications

It is required to update tzinfo gem to 0.3.42 version to address correct GMT offset for Moscow region.

NOTE! Only customers who are affected with this issue should uprgade!

1. Enter Control Panel box via ssh as root

2. Run

# yum update rubygem-tzinfo

3. Restart the http and onapp services

# service onapp restart
# service httpd restart

Maksym Holiney December 11, 2014 OnApp Cloud / Product Notifications

Ruby 2.0.0 update to address fixes of CVE-2014-3566, CVE-2014-8080, CVE-2014-8090. Applicable to OnApp version 3.3.0 and higher

CVE-2014-3566

  • The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other products, uses nondeterministic CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, aka the "POODLE" issue.

CVE-2014-8080

  • The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document, aka an XML Entity Expansion (XEE) attack.

CVE-2014-8090

  • The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x before 2.0.0 patchlevel 598, and 2.1.x before 2.1.5 allows remote attackers to cause a denial of service (CPU and memory consumption) a crafted XML document containing an empty string in an entity that is used in a large number of nested entity references, aka an XML Entity Expansion (XEE) attack. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-1821 and CVE-2014-8080.

Fixes of the following vulnerabilities for the YAML 1.1 parser and emitter C libraries. Applicable to OnApp version 3.0 and higher

CVE-2013-6393

  • The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

CVE-2014-2525

  • Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file


To apply the CVE fixes described above, please upgrade the Control Panel following the below instructions:

  • Enter the Control Panel box via ssh, and run from under root user to address YAML vulnerabilities:
# yum update libyaml
  • Enter the Control Panel box via ssh, and run from under root user to address RUBY vulnerabilities:
# yum update ruby rubygems
  • restart onapp and httpd services

Maksym Holiney December 8, 2014 OnApp Cloud / Product Notifications

XSA-114

A malicious guest administrator can deny service to other tasks. If the NMI watchdog is active, a timeout might be triggered, resulting in a host crash.

RHEL/CentOS 6.x with Xen 4.x Static (and CloudBoot if experimental mode is used) Hypervisors are vulnerable.

 

To eliminate the security issue for Static Hypervisors on RHEL/CentOS 6.x:

For customers willing to upgrade to the latest hypervisor tools (corresponded to used OnApp version):

Run the OnApp Xen Hypervisor installer

/onapp/onapp-hv-install/onapp-hv-xen-install.sh

Reboot the hypervisor.

!Consider migrating (if required) of running guests into any other host before the reboot.

 

For customers which are using latest hypervisor tools or do not want to upgrade them:

Run

# yum update centos-xen-repo xen xen-hypervisor 

This should update to the 4.2.5-37.onapp.3.el6 version.

Reboot the hypervisor.

!Consider migrating (if required) of running guests into any other host before the reboot.