Skip to content

Releases: cvquesty/openvox-gui

openvox-gui 3.10.6 — Snappier Dashboard, graph pages, and multi-worker serving

Choose a tag to compare

@cvquesty cvquesty released this 02 Jul 13:15

openvox-gui 3.10.6

Stable promotion of the 3.10.5-dev performance train. Faster Overview | Dashboard and graph-heavy Insights pages, multi-worker uvicorn defaults, API TTL caches, and shared stale-while-revalidate UI.

Guide: docs/PERFORMANCE.md · Press kit: docs/releases/press_3.10.6.md

Highlights

Dashboard first paint

  • Lean PuppetDB extract for 48h status trends (certname, status, noop, receive_time) instead of full report documents
  • ~20s server TTL + single-flight locking
  • Session snapshot + keep-previous-data (no full-page blank on auto-refresh)

All graph-heavy Insights pages

Shared SWR + sessionStorage on: Compliance, Run Performance, Fact Distribution, Class Coverage, Heatmap, Classification, Timeline, Node Health, Environments, OpenVox Server Health, OpenVoxDB Health (Monitoring wallboard embeds inherit this)

Serving headroom

  • systemd defaults: --workers 2, --limit-concurrency 100, --backlog 2048, LimitNOFILE=65536, TasksMax=512
  • Configure via OPENVOX_GUI_UVICORN_WORKERS in config/.env
  • deploy.sh / remote update rewrites the unit every deploy so workers actually apply

Also

  • GZip large JSON; warmer PuppetDB httpx pool; metrics API TTL ~45s
  • Recharts animations off on operational charts; 30s default polls; Vite vendor chunks
  • Carries forward 3.10.4 (live fleet, Nodes export, Log Viewer / ENC / Executive Summary) and 3.10.2 (Monitoring NOC, single Bolt run per click #38)

Upgrade

sudo /opt/openvox-gui/scripts/update_local.sh

Or scripts/update_remote.sh. After upgrade:

  1. Hard-refresh browsers once
  2. Confirm workers: systemctl cat openvox-gui | grep ExecStart

Full CHANGELOG: https://github.com/cvquesty/openvox-gui/blob/main/CHANGELOG.md

OpenVox GUI 3.10.4

Choose a tag to compare

@cvquesty cvquesty released this 01 Jul 18:15

openvox-gui 3.10.4

Stable promotion of the 3.10.3b1–b14 train on main.

Highlights

  • Live fleet membership (get_live_nodes): active PuppetDB ∩ signed CA for Overview | Nodes, Dashboard, Insights | Inventory, Node Health, and ENC Unclassified / reconciliation. Hosts removed with puppetserver ca clean or deactivated/expired in PuppetDB no longer linger as ghosts; ENC SQLite rows not on the live set are pruned. Certificates remains CA-authoritative.
  • Nodes All Nodes export — same ExportActions as Inventory (CSV / JSON / text, column picker) over the filtered list.
  • Log Viewer — OpenVox Agent — journal-first collection (units, -t identifiers, host-journal filter); stack-aware labels; Since relaxation when log_level=err leaves the window empty.
  • Reliability — complete node Purge + sudoers; Bolt config from /etc/puppetlabs/bolt/; Executive Summary generator deployed, no lab sample fallback on live failure, in-process Send snapshot.
  • Carries forward 3.10.2 — Monitoring NOC, OpsTable / FilterBar, Orchestration single Bolt run per click (#38).

Upgrade

sudo /opt/openvox-gui/scripts/update_local.sh

Or scripts/update_remote.sh. Open Classification (ENC) once after upgrade for reconciliation. Deploy refreshes sudoers (see openvox-gui-users.bak.* if you used local overrides).

Full notes: CHANGELOG.md · Press kit: docs/releases/press_3.10.4.md

3.10.2-bugfix (3.10.2+bugfix) — Orchestration puppet agent lock

Choose a tag to compare

@cvquesty cvquesty released this 26 Jun 11:54

openvox-gui 3.10.2-bugfix

Friendly release name for the 3.10.2 line orchestration bug fix.

Installed / VERSION string: 3.10.2+bugfix (PEP 440 local version — required so ovox installs via pip/setuptools). A hyphenated 3.10.2-bugfix is not valid PEP 440 and broke LAB deploy.

Supersedes the brief 3.10.3 label on the same fix.

Fixed

  • Auto --waitforlock 300 on GUI puppet agent runs
  • 600s Bolt timeout for agent runs
  • Puppet exit 0 and 2 treated as success
  • Lock / partial-fleet operator hints (TROUBLESHOOTING)

Health after upgrade should report 3.10.2+bugfix.

3.10.2 — Monitoring NOC, ops UI, Orchestration single-run

Choose a tag to compare

@cvquesty cvquesty released this 25 Jun 21:35

openvox-gui 3.10.2

Stable release on main. Promotes the 3.10 line after the 3.10.a_r_alpha.6 merge and the 3.10.1.b1 / 3.10.1.b2 beta train (no separate stable 3.10.1 tag).

Highlights

  • Monitoring NOC wallboard — multi-graph live Monitoring with a shared UTC timeline (windowed trends + live JMX/series fixes for seconds-vs-ms timestamps).
  • Ops UI consistency (sruiux2) — shared OpsTable / FilterBar on fleet list surfaces; Insights hub at /insights/all.
  • Orchestration: one Bolt run per click — fixes #38. Run Command / Task / Plan no longer execute three times for human/json/rainbow format tabs.
  • 3.10 platform work from alpha — security, architecture, Executive Summary From/schedule delivery, and related trains (full history in CHANGELOG).

Upgrade

On the OpenVox GUI host:

sudo /opt/openvox-gui/scripts/update_local.sh

Remote (typical lab/ops pattern):

OPENVOX_DEPLOY_HOST=<host> OPENVOX_DEPLOY_USER=<user> scripts/update_remote.sh --yes

See UPDATE.md.

Links

Thanks to @Jdav00 for the #38 report and the alpha/beta contributors who landed the 3.10 line.

3.10.1.b2 — beta (Orchestration triple-run fix #38)

Choose a tag to compare

@cvquesty cvquesty released this 25 Jun 21:31

openvox-gui 3.10.1.b2 (beta)

Current beta on main — version string 3.10.1.b2 (SemVer-style pre-release with dotted b2 segment).

Tag: v3.10.1.b2 @ a69c948
Pre-release: yes (does not replace latest stable on the Releases “latest” pointer)

Fixed — GitHub #38

One click on Orchestration → Run Command no longer runs Bolt three times.

Root cause: the UI requested human, json, and rainbow formats in parallel (Promise.all of three POST /bolt/run/command), so each click executed the shell command three times on every target. CLI bolt command run was always 1×; only the GUI multi-format fetch was wrong.

Fix: single Bolt invocation (--format json for the PrettyJson tab); Human / JSON / Rainbow tabs reuse that one result. The same triple-call pattern is removed for Run Task and Run Plan.

Thanks @Jdav00 for the clear report and append-to-file reproduction.

Prior beta on this train

  • 3.10.1.b1 — settle main after 3.10.a_r_alpha.6 merge (Monitoring NOC / ops UI / 3.10 platform work)

Upgrade

OPENVOX_DEPLOY_HOST=<host> OPENVOX_DEPLOY_USER=<user> scripts/update_remote.sh --yes
# or on-box:
sudo /opt/openvox-gui/scripts/update_local.sh

Full audit trail: CHANGELOG.md.

3.10.1.b1 — beta (main)

Pre-release

Choose a tag to compare

@cvquesty cvquesty released this 25 Jun 21:28

openvox-gui 3.10.1.b1 (beta)

Pre-release — first 3.10.1 beta on main after landing the full 3.10.a_r_alpha.6 train (formerly labeled through 3.10.04.a8 on lab). Same product line; versioning settled for beta cadence (b2, b3, … then stable 3.10.1).

Highlights

  • Monitoring NOC wallboard — multi-graph live Monitoring with a shared UTC timeline (windowed trends + live JMX/series fixes for seconds-vs-ms).
  • Ops UI consistency (sruiux2) — shared OpsTable / FilterBar patterns on fleet list surfaces; Insights hub at /insights/all.
  • 3.10 platform work from alpha — security, architecture, and UI trains merged from alpha into main (see CHANGELOG for the full train).
  • Executive Summary — From-address / schedule delivery included (supersedes the interim 3.9.8 main-only port).

Upgrading (lab / test)

Remote (typical lab):

OPENVOX_DEPLOY_HOST=<host> OPENVOX_DEPLOY_USER=<user> scripts/update_remote.sh --yes

On-box:

sudo /opt/openvox-gui/scripts/update_local.sh

Notes for testers

Tag: v3.10.1.b1 on main.

openvox-gui 3.9.7 -- Metrics Documentation, Security Hardening, and Sudoers Safety

Choose a tag to compare

@cvquesty cvquesty released this 24 Jun 12:06

openvox-gui 3.9.7 is out

Current download is v3.9.7 -- get it from the Releases page.

Comprehensive Metrics Documentation (the headline)

This release ships complete, production-focused documentation for the full set of metrics views:

  • docs/METRICS.md now covers everything needed to enable Run Performance, Puppet Server Health, and PuppetDB Health charts.
  • Exact puppetserver.conf, metrics.conf, and auth.conf (or modern HOCON) settings are documented.
  • Guidance for using the built-in Configuration editor, verification commands, and troubleshooting.
  • Installer and post-install output now prominently call out the Metrics setup step.

Many users following only INSTALL.md or the on-screen messages previously had incomplete metrics data. This closes that gap.

Security and Operational Hardening

  • pydantic-settings updated to 2.14.2 (addresses symlink traversal in nested secrets sources).
  • Sudoers management completely reworked for safety:
    • Centralized in scripts/ensure-sudoers.sh
    • Automatic timestamped backups on every change
    • No more dangerous rm of sudoers files
    • Explicit, auditable rules with comments (see the greatly expanded docs/SUDOERS.md)
  • Added root SECURITY.md with clear vulnerability reporting process (preferred: GitHub private Security Advisories), supported versions, and deployment best practices.
  • Additional dependency updates (including Babel) to address advisories.

Documentation and Polish

  • Added screenshots for the new Metrics views to README.md.
  • Numerous documentation, proxy handling, fact deployment, and installer messaging improvements from the 3.9.6 development series.
  • Full audit trail available in CHANGELOG.md.

Upgrading

sudo /opt/openvox-gui/scripts/update_local.sh

(Or use your normal remote deploy process via update_remote.sh.)

3.9.5

Choose a tag to compare

@cvquesty cvquesty released this 18 Jun 21:54

New Features

  • Metrics | Node Health page:
    • Detects Puppet agent disabled state using the custom fact puppet_agent_disabled (and optional puppet_agent_disable_message).
    • Shows last-known state from facts + report/fact staleness signals ("stale = possibly disabled or offline").
    • Live "Check Current Status (via Bolt)" button runs an on-demand check using Bolt/SSH. This works even when the agent is disabled (the fundamental limitation of any fact-based approach).
    • Table with filtering, status badges, disable messages, timestamps, and live results.
    • Summary counts + help text.
  • Added supporting documentation: docs/puppet-agent-disabled-fact.md (bash external fact + Ruby alternative + caveats).
  • Installer and updater now stage puppet_agent_disabled external fact at share/facts.d/puppet_agent_disabled (executable bash script with the exact required name). Post-install/update messages guide users on copying it into their Puppet module's facts.d/ so it gets pluginsynced to agents as executable.

Improvements

  • Metrics | Fact Distribution: significantly upgraded graphing from basic/juvenile charts to professional Recharts visualizations matching the rest of the app.
    • Numeric facts: clean sorted AreaChart distribution curves (rank vs. value) with gradients instead of toy scatter plots.
    • Categorical facts: proper BarChart with horizontal layout on expand for long labels.
    • Consistent tooltips, axes, colors, and styling with Run Performance and health pages.
  • Clarified puppet_agent_disabled fact deployment docs and installer messaging for exact executable bash filename.

Bug Fixes

  • Metrics | Fleet Compliance: "Nodes by Category" pane now properly scrollable using the robust mechanism from Dashboard | Overview and other pages: <Box style={{ maxHeight: 500, minHeight: 0, overflow: 'hidden' }}><ScrollArea h="100%" ...></ScrollArea></Box> inside Collapse (with Paper overflow handling). The lists under "Compliant" (and other categories) are now fully scrollable with the full set of nodes. All node lists are sorted alphabetically by certname using localeCompare.

See the Fleet Fact Overview and Node Health pages for details.

Assisted By: Grok AI

OpenVox GUI 3.9.3

Choose a tag to compare

@cvquesty cvquesty released this 16 Jun 17:47

OpenVox GUI 3.9.3

Security patch release addressing all open Dependabot vulnerabilities (2 high + 3 moderate + 2 low previously reported on default branch).

Security

  • backend/requirements.txt:
    • python-multipart: 0.0.29 → 0.0.31 (quadratic-time querystring parsing DoS with semicolons, negative Content-Length memory DoS, parameter smuggling, Content-Disposition RFC 2231/5987 smuggling).
    • PyJWT[crypto]: 2.12.1 → 2.13.0 (PyJWKClient scheme allowlist SSRF + token forgery via file:// etc., public-key as HMAC secret forgery, unbounded Base64URL decoding DoS, algorithm allow-list bypass, unbounded JWKS DoS).
    • cryptography: 48.0.0 → 48.0.1 (vulnerable OpenSSL included in bundled wheels).
  • frontend:
    • vite: ^6.4.1 → ^7.3.5 (server.fs.deny bypass on Windows alternate paths, launch-editor NTLMv2 hash disclosure via UNC paths on Windows).
    • Strengthened overrides in package.json for transitive: esbuild ^0.25.0 (missing binary integrity enabling RCE via NPM_CONFIG_REGISTRY), @babel/core ^7.28.0 (arbitrary file read via sourceMappingURL Comment).
  • Verified: npm run build succeeds. Changes are drop-in.

This is a pure security patch on the 3.9.2 release (which added the live Inventory report page under Logs | Reports | Inventory with full PQL table, CSV export, "INVENTORY-O-MATIC 3000" theming, and related fixes).

Full details in CHANGELOG.md.

Upgrade:

sudo /opt/openvox-gui/scripts/update_local.sh

(or your normal remote deploy). The updated requirements and lockfile pull the hardened versions.

Apache-2.0. Repo: https://github.com/cvquesty/openvox-gui

Assisted By: Grok AI

OpenVox GUI 3.9.2

Choose a tag to compare

@cvquesty cvquesty released this 16 Jun 17:32

[3.9.2] - 2026-06-16

Stable release promoting the 3.9.1-dev pre-release train (final dev.4).

Features

  • Added live "Inventory" report page under the Logs navigation group as Logs | Reports | Inventory.
    • Full live PQL-driven inventory table (certname, OS details, processors, location, memory, disks, is_virtual/physical, uptime).
    • CSV export with proper RFC quoting for multi-line disk data; full ExportActions support.
    • UI: refresh, theming (including whimsical "INVENTORY-O-MATIC 3000" illustration in casual/robots theme), scrollable, empty/loading states.
    • Backend: new /api/reports/inventory using live inventory[] facts from PuppetDB.
    • Navigation integrated under Logs group.

Bug Fixes

  • Fixed route ordering and 500 errors on /inventory (report hash validation collision with catch-all).
  • Fixed table population for full fact records and virtual/physical classification using standard Facter is_virtual + virtual facts (with robust fallbacks).
  • Various robustness improvements for the new report.

See the detailed 3.9.1-dev.1 entry below for the full implementation notes. This release also includes prior work from the train (multi-select orchestration targets, etc.).

Assisted By: Grok AI

[3.9.1-dev.1] - 2026-06-15 (pre-release; promoted in 3.9.2)

Features

  • Added live "Inventory" report page under the Logs navigation group as Logs | Reports | Inventory.
    • New frontend route /inventory with a full-width table report.
    • Columns (exact per request): certname, OS Name, OS Full Release Version, Number of physical Processors, System Location, System Memory, List of Hard Disks and their size (one per line inside the cell), Whether a virtual or physical system, Total System Uptime.
    • Backend: new GET /api/reports/inventory (mounted under the existing reports router) + PuppetDBService.get_system_inventory().
    • Data source is fully live — on-demand PQL projection against PuppetDB's inventory endpoint (no server-side caching). Only the minimal required facts are requested for efficiency.