ChangeLog

2026-05-13

clustercontrol-controller-2.4.0-19549

clustercontrol-controller-2.3.4-19548
clustercontrol-mcc-2.4.0-842
clustercontrol2-2.4.0-2278
clustercontrol-mcc-2.3.4-841
clustercontrol2-2.3.4-2278

What’s New

This patch is a stability and security maintenance release for ClusterControl 2.4.0. It resolves a set of customer-reported issues across PostgreSQL backups, Galera and Valkey cluster operations, MariaDB replication setup, and Prometheus monitoring deployment. The release also tightens read-only permission enforcement on both the user interface and the API, and introduces support for MaxScale 24.x alongside existing MaxScale versions.

Improvements

MaxScale 24.x Support — ClusterControl now supports MaxScale 24.x while preserving backward compatibility with earlier versions. Supported distributions include alma8/9, centos9, debian11/12, rocky8/9, and ubuntu22/24. (CLUS-7444)

Cross-cluster Replication — Added the missing “Rebuild Replication Slave” action for Galera nodes participating in cross-cluster asynchronous replication topologies. (CLUS-7405)

Bug Fixes

Backups & Restore* PostgreSQL point-in-time recovery (PITR) no longer behaves differently between the first and subsequent base backups; stale recovery_target values are no longer carried over from previous PITR attempts. (CLUS-4899)

• Galera cluster restore from a mysqldump-based backup no longer breaks replica nodes. The restore now runs with wsrep_on=OFF and forces SST on secondaries afterwards so all nodes converge on the restored data. (CLUS-6440, CLUS-7478)
• ClusterControl no longer leaves thousands of leftover temporary directories under STAGING_DIR when backup schedules run frequently — temporary files are now swept and empty parents removed after each operation. (CLUS-7422)

Replication & Clustering

The “retry SSH connection” action now functions correctly on sharded Valkey/Redis clusters. (CLUS-7199)

• Re-adding a previously removed node to a sharded Valkey cluster no longer fails because of CLUSTER FORGET temporarily blacklisting the node ID — ClusterControl now waits and retries until the rejoining node is accepted. (CLUS-7404)
• MariaDB semi-synchronous replication setup no longer fails due to use of MySQL 8 variable names (rpl_semi_sync_source); MariaDB’s master/slave conventions (rpl_semi_sync_master) are now used correctly. (CLUS-7387)
• MariaDB audit logs generated by the server_audit plugin are now included in Error Reports. (CLUS-7283)

Security & Access Control

View-only users can no longer terminate database queries from the UI. The backend now also rejects deleteAccount requests for read-only callers, ensuring consistent enforcement regardless of how the API is invoked. (CLUS-7244, CLUS-7311)

Monitoring & Deployment

Agent-based Prometheus monitoring deployment no longer fails on hosts with strict UMASK settings — /etc/prometheus/prometheus.yml is now created with the correct prometheus:prometheus ownership across all save paths. (CLUS-7396)

UI 

Monitoring dashboards now populate within seconds of agent-based monitoring deployment instead of remaining on “No Data” until manually refreshed. (CLUS-7396)

Stability

Fixed false “HAProxy Disconnected” alarms for PostgreSQL replica nodes registered on HAProxy’s read-write listening port. (CLUS-6857)

• Fixed the HAProxy version being incorrectly displayed in the ClusterControl GUI due to overly greedy parsing of haproxy -v output. (CLUS-6889)
• Fixed a memory leak in the cluster information cache that could grow over long-running CMON sessions. (CLUS-7292)

2026-05-04
clustercontrol-mcp-1.0.0-57

What is ClusterControl MCP?

ClusterControl MCP is a new integration that lets you talk to your database clusters in plain English — directly inside Claude (Claude Desktop or Claude Code), OpenAI Codex, or any MCP-compatible AI client. No dashboards, no SQL, no API calls. Just ask a question and get an answer.

It connects your AI assistant to your ClusterControl environment via a lightweight background process that speaks to the CMON controller on your behalf. Once set up, the integration is invisible — you simply chat and it handles the rest.

The server exposes 69 tools and 20 MCP resources/templates covering cluster inventory, topology, jobs, alarms, backups, performance analysis, ProxySQL, configuration (both database node and controller runtime settings), user management, maintenance, audit, controller and host logs, and more.

What can you do with it?

Cluster overview

Get a quick read on what's running across your entire fleet, or drill into a specific cluster. View normalized topology with replication links to understand how nodes relate to each other.

"List all my database clusters and their status"
"What database clusters do I have running?"
"Give me a summary of cluster 4"
"Show me all nodes across my clusters"
"Show me the topology of cluster 2"

Jobs and operations

Track running and historical operations across your clusters. Filter by status or command to focus on what matters.

"Show me recent jobs on cluster 2"
"Show me only failed jobs on cluster 1"
"What backup jobs have run on cluster 3?"
"Why did job #42 fail? Show me the log"

Start and stop jobs:

"Run a backup on cluster 1 right now"
"Trigger a rolling restart of cluster 2"
"Start a failover on cluster 4 — the primary is down"
"Rebuild the replication slave on db3.example.com"
"Job #88 has been stuck for an hour — kill it"

Alarms and health

Stay on top of what's going wrong — for a single cluster or across your entire fleet. Acknowledge alarms individually or in bulk by filter.

"Are there any active alarms across all clusters?"
"Show me alarms for cluster 3"
"Show me only critical alarms"
"What's the health status of my Galera cluster?"

Acknowledge alarms:

"Acknowledge the high CPU alarm on cluster 3, we know about it"
"Acknowledge all warnings on cluster 1"
"Clear all warning-level alarms on db1.example.com"
"Show me active alarms on cluster 2, then acknowledge any that are just warnings"

Performance diagnosis

Investigate performance issues without writing a single query.

"What's the CPU and memory usage on cluster 2's nodes?"
"Show me the top queries by wait time on cluster 1"
"Are there any long-running queries on cluster 3 right now?"
"Kill the query with process ID 4321 on db1.example.com — it's been running for 2 hours"
"How fast is the database on cluster 1 growing? Show me the last 30 days"

Schema health advisors

Proactively identify structural problems that cause replication failures, slow queries, and wasted resources.

"Are there any tables without primary keys on cluster 1?"
"Check for redundant indexes on my production cluster"
"Find any MyISAM tables on cluster 2 that should be converted to InnoDB"

Transaction deadlocks

Diagnose application hangs by inspecting which transactions are blocking which.

"Are there any deadlocks on cluster 1?"
"Show me recent transaction deadlocks — my app is hanging"
"What transactions are blocking each other on the production cluster?"

SQL text from deadlocked transactions is omitted by default to avoid leaking sensitive query content; ask for it explicitly when you need to debug a specific deadlock.

ProxySQL

Inspect query routing, rules, and backend server health on ProxySQL instances managed by ClusterControl.

"What are the top queries going through ProxySQL on cluster 3?"
"Show me the query routing rules on proxy1.example.com"
"List the backend servers configured in ProxySQL on proxy1.example.com"

Cluster and CMON logs

Two distinct sets of logs are now available — and they answer different questions.

CMON controller log entries — internal events the controller recorded for a cluster (host registration, alarm activity, replication watchers, configuration changes). Useful for "why did CMON do that?". Filterable by severity, component, hostname, and time.

"Show me the CMON log for cluster 1"
"Are there any warnings in the CMON log for cluster 2?"
"Show CMON log entries from db2.example.com in the last hour, severity LOG_WARNING or higher"
"Summarise the CMON log for cluster 1 by severity and component"

Database server logs and other collected host logs — the log files CMON has gathered from your cluster hosts (mysqld error log, PostgreSQL logs, Prometheus exporter log, ClusterControl agent logs). Useful for "what did the database itself say?".

"List the log files collected from cluster 1"
"Show me the last 200 lines of mysqld.log on db1.example.com in cluster 1"
"Save the full PostgreSQL log from db1.example.com in cluster 4 to /tmp/pg.log"

Backups, restores, and backup schedules

Verify backup health, inspect schedules, manage recurring backup jobs, and restore from backups. Filter by status or method to find what you need.

"List recent backups for cluster 5"
"Show me only failed backups on cluster 1"
"When was the last successful backup on my MongoDB cluster?"
"Give me a summary of the backup schedules on cluster 2"
"Does cluster 1 have a backup schedule configured?"
"Create a nightly backup schedule at 02:00 on cluster 1 using xtrabackup"
"Change the backup schedule on cluster 3 to run at 03:30 instead of 02:00"
"Delete backup schedule #42 on cluster 1 — we're switching to a different tool"
"Delete backup record #99 from cluster 2 — it's corrupted and taking up space"
"Restore backup #42 to cluster 1 — the last deployment broke the data"
"Roll back cluster 3 to yesterday's backup"

Maintenance windows

Schedule and manage maintenance windows through natural conversation — for a single cluster or across the fleet. Remove windows individually or in bulk by filter.

"Is any node in cluster 2 in maintenance mode?"
"Show me all maintenance windows across my clusters"
"Show me only active maintenance windows"
"Put db1.example.com into maintenance from 22:00 to 23:00 UTC tonight — we're patching the OS"
"Remove the maintenance window with UUID 97fa5a14-... from db2.example.com"
"Cancel all maintenance windows on cluster 3"
"Remove all active maintenance windows on db1.example.com"

Database users and access

Create, manage, and remove database user accounts — with fine-grained privilege control.

"Who are the database users on cluster 2?"
"List all accounts on my MySQL replication cluster"
"Create a read-only user called 'reporter' with SELECT on the analytics database"
"Add a user 'appuser' with password 'secret' that can connect from 10.0.0.0/8"
"Drop the user 'oldapp' from cluster 3"
"Grant INSERT and UPDATE on appdb.* to 'appuser'@'%' on cluster 1"
"Revoke DELETE from 'appuser' on cluster 2"
"Remove all privileges from 'tempuser' on cluster 1 — we're done with that account"

Database schemas

List existing schemas or create new databases on your clusters.

"What databases exist on cluster 2?"
"List all schemas on my PostgreSQL cluster"
"Create a database called 'analytics' on cluster 2"
"Add a new schema 'reporting' to my PostgreSQL cluster"

Error reports

Generate, download, and inspect ClusterControl error reports without logging into the server.

"List error reports for cluster 1"
"Generate an error report for cluster 3 — something is behaving oddly"
"Download error report #13 for cluster 1 to /tmp/report.tar.gz"
"Extract the error report at /tmp/report.tar.gz so I can look at the logs"

ClusterControl user management

Create and manage the user accounts that have access to the ClusterControl interface itself — not the database users inside your clusters, but the operators and administrators who log into ClusterControl.

"List all ClusterControl users"
"Who has access to the ClusterControl interface?"
"What CMON groups exist?"
"Create a ClusterControl user called 'john' with email john@example.com"
"Update alice's email address to alice@newdomain.com"
"Change the password for ClusterControl user 'bob'"
"Remove the ClusterControl user 'oldstaff' — they've left the company"

Email addresses are omitted from list_cmon_users output by default to reduce PII exposure; ask for them explicitly when you need to see them.

PostgreSQL logical replication

Inspect logical replication publications and subscriptions on PostgreSQL clusters.

"List the replication publications on cluster 4"
"What subscriptions are configured on my PostgreSQL cluster?"

Audit log

Find out who changed what — across one cluster or all of them.

"Show me recent activity on cluster 1"
"Who made changes to cluster 3 in the last hour?"
"Show me all user management events across all clusters"
"What did admin do recently?"

Configuration

Inspect and modify both database node configuration and CMON controller runtime settings.

Database node configuration:

"Show me the configuration for cluster 1"
"What are the settings for the primary node of cluster 3?"
"What's the max_connections setting on host db1.example.com?"
"Set max_connections to 500 on db1.example.com in cluster 1"
"Reset the innodb_buffer_pool_size on db2.example.com to the database default"
"What version of CMON is running? Is it up?"

Controller runtime settings (thresholds, sampling, retention, etc.):

"Show me the controller settings for cluster 1"
"What's the swap_warning threshold on cluster 2?"
"Set swap_warning to 20 on cluster 1"
"What's the backup retention period on cluster 3?"

What you need

• A running ClusterControl instance (CMON controller reachable on port 9501)

• A CMON user account with access to the clusters you want to query

• An MCP-compatible AI client: Claude Desktop, Claude Code, OpenAI Codex, or any tool that supports the MCP protocol

Installation

Packages are published to the Severalnines repository alongside other ClusterControl components.

Debian / Ubuntu:

apt-get install clustercontrol-mcp

RHEL / Rocky / AlmaLinux:

yum install clustercontrol-mcp

The binary installs to /usr/bin/cmon-mcp. A systemd service unit and default configuration file are also installed:

• /usr/lib/systemd/system/clustercontrol-mcp.service — service unit

• /etc/default/clustercontrol-mcp — environment file for credentials and transport options

Setup

The MCP server supports two transport modes. Pick the one that matches your AI client.

Stdio mode (Claude Desktop, Claude Code)

The AI client spawns the MCP server as a local subprocess. No ports, no daemons — the simplest setup for individual use.

Claude Desktop — edit ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or the equivalent on your platform:

{
  "mcpServers": {
    "clustercontrol": {
      "command": "cmon-mcp",
      "env": {
        "CMON_ENDPOINT": "https://your-cc-host:9501",
        "CMON_USERNAME": "admin",
        "CMON_PASSWORD": "your-password"
      }
    }
  }
}

Restart Claude Desktop. A hammer icon in the chat toolbar confirms the server loaded.

Claude Code:

claude mcp add clustercontrol -- cmon-mcp \
  -endpoint https://your-cc-host:9501 \
  -username admin \
  -password your-password

HTTP mode (Codex, team access, multi-client)

For OpenAI Codex, shared team access, or any scenario where multiple clients connect to the same running server, deploy the MCP server as a persistent HTTP service.

When MCP_BIND_ADDRESS is set, two MCP transports are served on the same port:

1. Configure and start the service. Edit /etc/default/clustercontrol-mcp on the CMON host:

CMON_ENDPOINT=https://127.0.0.1:9501
CMON_USERNAME=admin
CMON_KEY_FILE=/etc/clustercontrol/id_rsa

# Listen on all interfaces so remote clients can connect
MCP_BIND_ADDRESS=0.0.0.0:3000

# Tell clients to connect using the host's public hostname or IP
MCP_BASE_URL=http://your-cc-host:3000

# Require a bearer token on all connections (strongly recommended)
MCP_AUTH_TOKEN=<your-strong-random-token>

Generate a strong token:

openssl rand -hex 32

Start (or restart) the service:

systemctl restart clustercontrol-mcp
journalctl -u clustercontrol-mcp -n 20   # confirm it started

2. Connect Codex (OpenAI) — Codex uses the streamable HTTP transport at the /mcp endpoint:

codex --mcp-server-uri http://your-cc-host:3000/mcp \
      --mcp-header "Authorization: Bearer <your-token>"

3. Connect Claude Code (SSE transport):

claude mcp add clustercontrol --transport sse http://your-cc-host:3000/sse \
  --header "Authorization: Bearer <your-token>"

4. Connect Claude Desktop (SSE transport):

{
  "mcpServers": {
    "clustercontrol": {
      "type": "sse",
      "url": "http://your-cc-host:3000/sse",
      "headers": {
        "Authorization": "Bearer <your-token>"
      }
    }
  }
}

Authentication

The MCP server has two independent authentication layers.

CMON authentication (MCP server to controller)

The MCP server authenticates with the CMON controller on every session. Two methods are supported, and the server tries RSA key auth first (if configured), falling back to password auth automatically.

• Password authentication — set CMON_USERNAME and CMON_PASSWORD. All communication uses HTTPS, so credentials are encrypted in transit. Quick to set up; preferred for development and testing.

• RSA key authentication (recommended for production) — generate a key pair with ssh-keygen -t rsa -b 4096 -f ~/.cmon/id_rsa, register the public key in your CMON user account (ClusterControl UI → User Management → User Settings → Key Management), and set CMON_KEY_FILE to the private key path. Each session uses a unique challenge-response signature; nothing reusable is ever transmitted. Supported key formats: PKCS#1, PKCS#8, OpenSSH (auto-detected).

After successful authentication, CMON issues a session cookie that the MCP server manages automatically — including transparent re-authentication when the session expires.

MCP transport authentication (AI client to MCP server)

When running in HTTP mode, set MCP_AUTH_TOKEN to require a bearer token on all incoming /sse, /message, and /mcp requests. Strongly recommended whenever you bind to anything other than 127.0.0.1 — without a token, anyone who can reach the port has full access to your clusters.

Built-in safety for write operations

Any action that changes something — creating a job, adding a user, scheduling maintenance, restoring a backup, setting node or controller config, etc. — works in two steps:

1. Dry run (default): Claude describes exactly what it would do, in plain English, without touching your CMON controller.

2. Execute: After you confirm, Claude calls the tool again with dry_run=false to carry out the action.

High-risk operations (node restart, failover, drop cluster, drop user, delete backup schedule, restore backup, delete ClusterControl account) include an additional warning in the dry-run output so nothing destructive ever runs without your explicit approval.

Dry-run output for user-management tools (create_cmon_user, set_cmon_user) does not echo the email, name, or password values you supplied — only that those fields would be set or changed.

Sensitive output handling

A handful of tools can return data that may include PII or sensitive application content. These tools omit such fields by default and provide opt-in flags to include them when needed:

Note: log-content tools (get_cmon_logs, get_job_log, get_cluster_log) and the matching MCP resources can still contain sensitive values that originate inside the underlying logs themselves. Treat their outputs as support data and share only with trusted recipients.

MCP task support

Long-running tools (restore_backup, generate_error_report, download_error_report) support MCP task augmentation. Clients that implement the MCP task protocol can:

1. Start the tool as a background task

2. Poll for progress via tasks/get

3. Fetch the final result with tasks/result

4. Cancel a running task with tasks/cancel

Task mode is optional — the tools work synchronously as before if the client doesn't use tasks.

Known limitations

Claude Code: not all tools visible when multiple MCP servers are connected

Claude Code uses a deferred tool discovery system with a shared budget across all connected MCP servers. If you have multiple MCP servers connected simultaneously (e.g., Atlassian, Slack, and ClusterControl), the combined tool count may exceed the budget, causing some ClusterControl tools to not appear in Claude Code's tool index.

All 69 tools are registered and functional server-side — this is purely a client-side discovery limitation.

Workarounds:

• Disconnect MCP servers you don't need in the current session (type /mcp in Claude Code, select the server, and choose Disconnect) to free up tool slots for ClusterControl

• Use Claude Desktop or HTTP mode with Codex, which are not affected by this limit

• This is tracked upstream at anthropics/claude-code#23508 and will be resolved when hierarchical tool group loading is implemented

Tips for users

• Reference clusters by name or ID — Claude looks up the ID automatically if you use the name.

• Ask follow-up questions in the same conversation — Claude remembers what it found earlier.

• Combine questions: "Which cluster has the most active alarms, and what are they?"

• For write actions, Claude always shows a preview and waits for your confirmation before executing.

====

2026-04-27

clustercontrol-controller-2.4.0-18992
clustercontrol-mcc-2.4.0-825
clustercontrol2-2.4.0-2264
clustercontrol-controller-2.3.4-18991
clustercontrol-mcc-2.3.4-824
clustercontrol2-2.4.0-2263

What's New

This patch introduces first-class support for incremental PostgreSQL backups using pg_basebackup — including streaming directly to S3, point-in-time recovery from an incremental chain, and new WAL-summarization controls exposed end-to-end from the Backup Wizard through to the controller. Valkey (Sentinel and Sharded) now supports a "Promote Replica" action, matching the existing Redis workflow. The release also resolves a collection of customer-reported issues across PostgreSQL user management, certificate issuance, MySQL user creation, view-only permissions, and cluster-switching stability.

New Features

Incremental PostgreSQL backups with pg_basebackup (streaming to S3)

End-to-end support for pg_basebackup --incremental, including the controls, wizard flow, and restore paths needed to use it in production:

• Backup Wizard — pg_basebackupincr is now a selectable backup method for PostgreSQL 17+. The wizard warns if the selected host has WAL summarization disabled, and ensures summarize_wal=true is set on the target before submitting the backup. (CLUS-7196, CLUS-7212, CLUS-7223)
• Configure WAL — the node-level "Configure WAL" action lets you turn summarize_wal ON or OFF and refreshes the node state immediately. (CLUS-7196, CLUS-7280)
• Under the hood — incremental backups run via pg_basebackup --incremental, support the summarize_walsetting across the full workflow, and stream directly to S3 (removing the local-disk capacity requirement). (CLUS-6563, CLUS-7084, CLUS-7086, CLUS-7213)
• Backup manifests are now uploaded separately from the tarball for both full and incremental pg_basebackupbackups, enabling cleaner storage and retrieval. (CLUS-7195)
• Restore an incremental backup chain — ClusterControl automatically retrieves the full chain, reconstructs it with pg_combinebackup, and restores the combined data. (CLUS-7085, CLUS-7218, CLUS-7220, CLUS-7221)
• Point-in-time recovery (PITR) from an incremental pg_basebackup backup. (CLUS-7224)
• Create a new cluster directly from an incremental pg_basebackup backup. (CLUS-7225)
• Replica compatibility — incremental pg_basebackup now works correctly on a replica even when the primary has summarize_wal disabled. (CLUS-7281)

Promote Replica for Valkey / Redis

• Valkey (Sentinel and Sharded) and Redis clusters now support promoting a replica to primary from the node's action menu. A confirmation dialog guards against accidental promotion. (CLUS-6951, CLUS-7285)

Improvements

• PostgreSQL backups dynamically raise wal_keep_size before running pg_basebackup to prevent failure when WAL files are recycled mid-backup; the original value is restored on the target node afterward. (CLUS-7075)
• Galera package detection has been updated to work with the new Percona repository API, keeping Galera version selection accurate for new deployments and upgrades. (CLUS-7331)

Bug Fixes

Backups

• Incremental pg_basebackup now succeeds after a prior pg_basebackup restore, so repeated backup/restore cycles work as expected. (CLUS-7300)
• Creating an incremental pg_basebackup backup for a newly added replica node now succeeds. (CLUS-7364)
• Added safeguards to prevent incremental pg_basebackup from failing when attempted on a fresh timeline after a restore. (CLUS-7383)
• The controller is no longer offered as a backup storage host in pool mode for cluster types where it should be disabled, and selecting the controller as storage now correctly sets the cc_storage flag on the backup job. (CLUS-6986)

User Management

• Creating a new PostgreSQL user in User Management v2 now works reliably. Grants and revokes are always applied at the database level as expected. (CLUS-7231)
• Deleting a PostgreSQL user that owns no objects no longer fails — privileges are now explicitly revoked before the user is dropped. (CLUS-7232)
• Cluster permission level no longer unexpectedly switches from Read-Only to Custom in User Management when new clusters are added; existing non-custom teams are now correctly reflected on new clusters. (CLUS-7077)
• Fixed a syntax error when creating a MySQL user with "No privileges" selected. (CLUS-7076)

Security & Access Control

• View-only users can no longer kill a database query — execution permissions on the qm_killprocess and qm_purgeactions have been tightened. (CLUS-7244)
• View-only users can no longer delete database users. The DB Users screen now correctly enforces read-only access across Galera, MySQL Replication, and PostgreSQL Streaming Replication clusters. (CLUS-7290)
• Credential passwords are now consistently masked in error reports when the masking option is enabled — previously some passwords could leak through unmasked. (CLUS-6958)

Certificates

• A previously created Certificate Authority can now be selected as the issuer when generating server or client certificates. Selecting the CA from the side menu no longer replaces it with a self-signed certificate. (CLUS-7252)

Replication & Stability

• Adding a PostgreSQL replica to a cluster under load no longer times out, and the wal_keep pre-flight warning has been corrected for PostgreSQL 13 and later. (CLUS-7277)
• Fixed a UI crash that could occur when switching from PostgreSQL user management to a Valkey cluster that had failed. (CLUS-7365)

2026-04-10

cmon-proxy-2.4.0-169

• LDAP logins with mixed‑case usernames now work correctly when using external directory authentication. Previously, after upgrading to 2.4.0, some LDAP users had to change the case of their usernames (for example, from P2810681ADM to p2810681adm) to log in successfully. Follow‑up requests could fail with errors such as:
  
  [ROUTER] No router found for user: P2810681ADM
  
  We’ve updated the cmon-proxy routing logic so that LDAP usernames are handled in a case‑insensitive way, in line with LDAP standards. Users can now log in and use the UI regardless of how they capitalize their LDAP username, and session routing will work reliably. (CLUS-7229)

2026-04-07

clustercontrol-controller-2.4.0-18485
clustercontrol-mcc-2.4.0-784
clustercontrol2-2.4.0-2241
cmon-proxy-2.4.0-165
clustercontrol-controller-2.3.4-18486
clustercontrol-mcc-2.3.4-285
clustercontrol2-2.3.4-2242

CMON Controller

• Simpler monitoring setup with shared Prometheus hosts
When using a shared Prometheus instance, the controller now reuses existing credentials. This reduces manual configuration and lowers the chance of misconfiguring monitoring authentication.
 (CLUS-7024)
• Improved reliability of Prometheus authentication on shared hosts
Fixes have been made to how basic authentication is handled for Prometheus on shared hosts, eliminating intermittent authentication issues in some environments. 
(CLUS-7024)
• More reliable Percona XtraDB Cluster deployments on Ubuntu
An issue that could cause Percona XtraDB Cluster deployments to fail on Ubuntu has been resolved. Deployments on supported Ubuntu versions should now complete as expected. 
(CLUS-7041)
• Clearer handling of unreachable MySQL hosts.
 The controller now treats “unknown host” errors from MySQL as connection issues. This improves error messages and behavior when a MySQL host cannot be reached or is misconfigured.
 (CLUS-7193)
• Safer default MySQL performance collection
A low-level performance collection option has been removed from the default MySQL configuration to reduce unnecessary overhead on instances where that extra detail is not needed.
 (CLUS-7243)
• More consistent data directory layout for CCX
Data directories for CCX instances are now standardized. This helps avoid confusion about where data is stored and reduces risk from misconfigured paths.


UI

• Cleaner PostgreSQL role creation form
When creating roles in PostgreSQL User Management, the password expiry option is now only shown when it actually applies. This reduces clutter and makes the role creation flow clearer.
 (CLUS-7074)
• PgBouncer settings visible again. The PgBouncer configuration is now correctly shown under Manage → Configuration, so you can once again view and adjust connection pooling settings from the UI.
 (CLUS-7052)

2026-03-24

clustercontrol-controller-2.4.0-18342
clustercontrol-mcc-2.4.0-774
clustercontrol2-2.4.0-2231
cmon-proxy-2.4.0-165
clustercontrol-controller-2.3.4-18341
clustercontrol-mcc-2.3.4-775
clustercontrol2-2.3.4-2232
cmon-proxy-2.3.4-164

Bug Fixes

• Fixed an issue with WebSSH and cmon-proxy authentication token handling. (CLUS-7103, CLUS-7111)
• Fixed an issue where the outgoing_messages table could fill up unnecessarily in CCX deployments. (CLUS-7145)
• Prevented automatic database schema upgrades in CCX environments to avoid unintended side effects. (CLUS-7158)
• Cluster migration no longer aborts when a cluster has no SSL certificate files under /var/lib/cmon/ca. (CLUS-7112)
• Fixed missing adapter checks in secure file handling that could cause incorrect results when checking for the existence of configuration files. (CLUS-7163)
• Exceptions thrown during Kubernetes configuration checks and job execution are now properly caught and handled, preventing unexpected crashes. (CLUS-7164)
• Fixed a regression that prevented editing of MySQL database users. (CLUS-7071)
• Fixed PgBouncer deployment failures when PostgreSQL nodes are running on a non-default port. (CLUS-6998)
• Fixed Cluster Load metric options on the Overview Page appearing clickable but having no effect. (CLUS-6975)
• Fixed the "Rows per Page" control in the ProxySQL UI not correctly updating the number of displayed rows. (CLUS-6973)
• Sorting by "Hits" in the ProxySQL Rules view now sorts numerically instead of alphabetically, ensuring accurate ordering. (CLUS-6974)
• Fixed an issue where login was attempted before the Kubernetes operator ping completed, causing intermittent login failures. (CLUS-6764)
• Fixed an extra space in the connection pool example string that could cause unexpected issues. (CLUS-7083)

Improvements

• PostgreSQL Backup Reliability — Updated pg_basebackup to use the stream WAL method for more reliable base backups. (CLUS-7172)
• Kubernetes Secret Migration — ClusterControl now automatically migrates cluster configuration files to Kubernetes Secrets before the daemon starts, improving security posture in Kubernetes environments. (CLUS-7171)
• Monitoring Exporter Updates — Several monitoring exporters have been updated to newer versions for improved compatibility and observability. (CLUS-7080)
• User Management — The "Disable Login" button has been renamed to "Disable User" for clarity, and user locking (login/nologin) is now supported. (CLUS-6712)
• Audit Logging — Audit logging has been added to user management, along with general improvements to the user details view. (CLUS-6713)
• Controller Retry — A retry option is now available in the Add Controller job action menu, making it easier to recover from failed controller additions. (CLUS-7044)
• File migration events are now logged at INFO level instead of WARNING, reducing noise in operational logs. (CLUS-7112)
• Redis/Valkey and MSSQL log files are now included in Error Reports for more complete diagnostics. (CLUS-7007)

UI

• Long cluster names are now displayed in full in the left-side navigation menu. (CLUS-7078)
• Long SQL queries in the ProxySQL UI now wrap automatically, making them easier to read without horizontal scrolling. (CLUS-6976)
• Granular controller access with CIDR /32 — You can now use a /32 CIDR mask to restrict access to a specific controller IP address. A helpful tooltip has been added to guide you through this setting. (CLUS-7018)

2026-03-09

clustercontrol-controller-2.4.0-18159
clustercontrol-mcc-2.4.0-759
clustercontrol2-2.4.0-2223
clustercontrol-controller-2.3.4-18160
clustercontrol-mcc-2.3.4-760
custercontrol2-2.3.4-2224

Security

• MongoDB GPG Key Management — ClusterControl now automatically downloads, verifies, and refreshes expired MongoDB GPG keys, including support for MongoDB Enterprise. This prevents deployment and maintenance failures caused by expired signing keys. (CLUS-7062)
• Prometheus Authentication & Encryption — Prometheus monitoring endpoints are now secured with basic authentication and TLS encryption by default, protecting metrics data in transit. (CLUS-6623)

Performance

• Faster Cluster Info Loading — Significantly improved the performance of cluster information retrieval through a new caching layer. Users managing large numbers of clusters should notice faster page loads and API responses. (CLUS-6878)

Bug Fixes

• Fixed an issue where a controller ID could be lost if removed by another pool member, causing controller registration problems. (CLUS-7065)
• Fixed ProxySQL deployment failures in multi-controller environments. (CLUS-7050)
• Fixed Percona XtraDB Cluster deployment failures on Ubuntu. (CLUS-7041)
• Resolved PostgreSQL 12/13 repository conflicts that could cause upgrade failures by switching to PGDG archive repositories. (CLUS-6971)
• Fixed a stability issue that could cause unexpected crashes during cluster removal. (CLUS-6962)
• Fixed Prometheus TLS/Auth being incorrectly enabled in CCX-managed environments. (CLUS-6959)
• Fixed MongoDB replica set nodes incorrectly receiving a shard server role when added to a cluster. (CLUS-6944)
• Fixed a memory safety issue in filesystem configuration handling. (CLUS-6903)
• Package manager operations (yum/dnf) now automatically retry up to 5 times on transient failures, improving reliability on systems with intermittent network issues. (CLUS-6859)
• Fixed an issue where jobs could not be cancelled when the ClusterControl database became temporarily unavailable in CCX environments. (CLUS-6524)
• Fixed cloud backup uploads getting stuck and failing to progress. (CLUS-6427)

UI

• Cluster Load metrics on Overview Page — The Cluster Load metric options on the Overview Page are now fully functional. Previously, the options appeared clickable but had no effect. (CLUS-6975)
• MySQL database user editing — Fixed an issue where editing MySQL database users could fail unexpectedly. (CLUS-7071)
• PgBouncer deployment with non-default PostgreSQL ports — PgBouncer can now be successfully deployed when PostgreSQL nodes are running on a non-default port. (CLUS-6998)
• ProxySQL pagination — The "Rows per Page" control in the ProxySQL UI now correctly updates the number of displayed rows. (CLUS-6973)
• ProxySQL Rules sorting — Sorting by "Hits" in the ProxySQL Rules view now sorts numerically instead of alphabetically, ensuring accurate ordering. (CLUS-6974)
• Login reliability — Improved connection handling during the login process to prevent intermittent failures. (CLUS-6764)

Improvements

• Updated and validated Percona package repositories, and added support for PXC versions 8.0.44, 8.4.6, and 8.4.7. (CLUS-7042, CLUS-6984)
• HAProxy node discovery now uses internal hostnames by default, reducing false alarms and improving reliability in environments where database nodes are registered by internal or data hostnames. (CLUS-6905)
• Improved Kubernetes secret handling reliability. (CLUS-5992)

UI

• SQL query readability in ProxySQL — Long SQL queries in the ProxySQL UI now wrap automatically, making them easier to read without horizontal scrolling. (CLUS-6976)
• Granular controller access with CIDR /32 — You can now use a /32 CIDR mask to restrict access to a specific controller IP address. A helpful tooltip has been added to guide you through this setting. (CLUS-7018)

======

ClusterControl Ops-C v2.4.0
2026-02-17

clustercontrol-mcc-2.4.0-745
clustercontrol2-2.4.0-2213
clustercontrol-controller-2.4.0-17970
clustercontrol-kuber-proxy-2.3.4-624
clustercontrol-proxy-2.4.0-158
clustercontrol-cloud-2.4.0-474
clustercontrol-clud-2.4.0-474
clustercontrol-notifications-2.4.0-395
clustercontrol-ssh-2.4.0-248
s9s-tools 1.9.2026021709-release1

We’re pleased to announce the release of ClusterControl v2.4.0 LTS which adds support for:

• Scaling ClusterControl with CMON Controller Pool - GA Release!
  Scalable pool of controllers, designed for demanding, multi‑site and high‑growth environments. This work improves scalability, resilience, and day‑2 operations when managing many clusters. 
  • Activate/Deactivate CMON Controller Pool on an existing controller, enabling gradual adoption and rollback
  • Horizontal Scaling: Automatically Add&Remove Controllers
  • Shared CMON Configurations using NFS
  • Integrated UI/UX when enabling CMON Controller Pool
  • HA setup - CURRENTLY NOT AVAILABLE. WILL BE INCLUDED IN AN UPCOMING RELESE
• PostgreSQL DB User Management (v2)
  We’re continuing to enhance PostgreSQL user management in ClusterControl to make day‑to‑day operations simpler and safer. 
  • Improvements to user creation, role assignment, and permission management
  • Create, edit, and assign PostgreSQL roles directly from ClusterControl
    • This helps standardize access patterns across databases and reduces manual psql work
  • View and edit database, schema, and table‑level permissions
    • This will provide a clearer overview of who can access what, and simplify adjustments to fine‑grained permissions
  • Manage PostgreSQL authentication methods and password policies
    • Enforce security standards for database users at scale
  • Improved support for automatic client authentication (pg_hba.conf) changes and synchronization when new users are created. 
    • Reduces configuration drift and lowers the risk of connectivity issues after user creation
  • UI and UX refinements across the board
    • Make complex permission and user-management flows easier to understand and operate.

===============

2026-02-02

clustercontrol-controller-2.3.4-17761

CLUS-6859 – Improved package manager retry behavior

• Added retry logic for yum/dnf package manager operations.
• Configured dnf package update commands to retry up to 5 times and log warnings only until the final failure.

CLUS-6944 – Corrected clusterRole handling when adding nodes

• Fixed an issue where the shardsvr clusterRole was incorrectly added to a replica set when adding a node.
   

2026-01-28

clustercontrol-controller-2.3.4-17687
clustercontrol2-2.3.4-2202
clustercontrol-mcc-2.3.4-719

CMON Controller
HAProxy hostname resolution & alarms (CLUS-6905)

• Switched HAProxy to prefer internal hostnames for database nodes instead of public/external hostnames.
• Improved HAProxy db node list parsing to be more strict and fail fast on syntax issues.
• Updated HAProxy install flow to:
  • Warn when a node is skipped during installation.
  • Use internal hostnames for database nodes by default where appropriate.
• Adjusted HAProxy node addition logic to:
  • Check for existing hosts by internal hostname while preserving previous behavior.
  • Avoid raising alarms for missing db nodes when those nodes are registered using data or internal hostnames.
• Fixed an incorrect numeric operator in HAProxy health‑check scripts.

Prometheus & HTTP client basic auth (CLUS-6623)

• Implemented basic auth support in the CMON HTTP client.
• Introduced deployment of Prometheus with Basic Auth and TLS enabled.
• Replaced external htpasswd dependency by generating bcrypt hashes via libbcrypt.
• Fixed a dangling pointer bug in FilesystemReadWriteConfig (CLUS-6903).

Ensured correct ownership of PgBackRest repositories when using NFS

• Explicitly enforce repository ownership as postgres (CLUS-6753).'

Web UI

Backup retention preview (CLUS-6918)

• Fixed the backup “Preview” page to correctly display the configured default backup retention period instead of always showing 

HAProxy / node address display

• Updated UI to display HAProxy node_addresses using semicolon (;) as the separator (CLUS-6923).
• Aligned deployment and preview flows so HAProxy deployment using internal IP addresses is consistently reflected in the preview step (CLUS-6854).

2026-01-15

clustercontrol-controller-2.3.4-17501

Backup & Restore

• CLUS-6837 – Restore log backup fails on MSSQL
  • Fixed an issue where restoring log backups on MSSQL would fail.
• CLUS-5810 – The job to upload backup to cloud is blocked
  • Resolved a problem where the upload_backup_data_to_cloud_storage job could be blocked by other jobs.
• CLUS-6586 – Restoring the cloud backup uses the default home dir
  • Fixed cloud backup restore to use the correct home directory, avoiding failures when adding new replicas.

PostgreSQL / Logical Replication

• CLUS-6573 – Make PSQL promote replica stable
  • Added a reusable generatePrimarySlotName helper.
  • Limited logical replication slot names to 64 bytes.

Cmon / Prometheus / Process handling

• CLUS-6860 – Segfault on cmonprometheus::check and process handling
  • Prometheus integration
    • Improves cache access patterns while querying exporters to prevent races and segfaults.

Galera / Host Manager / Controller pool behaviour

• CLUS-6492 – Galera clusters new deployments on pool leave controller in bad state

Donor / Read-only handling

• CLUS-6566 – Donor node stuck in read-only mode after resync
  • Fixed logic so donor nodes correctly leave read-only mode after resync
• CLUS-6672 – Disable readonly not remove parameter
  • Adjusted parameter handling so “disable read-only” does not remove read_only and super_read_only but correctly disables them

CI / Tooling / Misc

• CLUS-6674 – Escape rebase output JSON for Slack notification
  • Ensured rebase output is correctly escaped for JSON payloads sent to Slack, preventing malformed notifications.

2025-12-22

clustercontrol-mcc-2.3.4-693

• Address an issue (404) when opening the Kubernetes Settings sub pages (CLUS-6871)

2025-12-17

clustercontrol-controller-2.3.4-17322
clustercontrol-mcc-2.3.4-689
clustercontrol2-2.3.4-2187

• Address an issue with cmon exporter appending authentication entries to the pg_hba.conf file. (CLUS-6278)
  • Configure initdb to generate pg_hba.conf with peer authentication for local connections and md5 for host connections, replacing the default trust method
  • CMON now prefers local socket for pg_basebackup when pg_hba allows
  • Falls back to TCP/IP using the cmon_replication user and PGPASSWORD when local socket access is not allowed
  • Added support for positional insertion of pg_hba entries instead of always appending
    • Added detection of local trust rules
    • CMON now inserts user-specific entries before any local trust rules
  • Improved default security posture by replacing global trust rules:
    • peer is now used for local (Unix socket) connections
    • md5 is enforced for host-based connections
• Address an issue with expired MSSQL certificates and backup restore. Renew certificates with s9s cli (CLUS-6631)
  s9s cluster --renew-cert --cluster-id=4 
• Address an improvement to update Prometheus version used to 2.53.5 LTS (CLUS-6829)
• Address an issue with Valkey 7 deployments on Oracle 8 (CLUS-6818)
• Address an issue with adding a new Valkey node (CLUS-6744)
• Address issues creating a replica cluster with PostgreSQL (CLUS-6735)
• Address improvements to hardened TLS configuration for CMON and CMND (CLUS-6663, CLUS-6662)
  • Removed weak CBC and Camellia-based cipher suites from CMON and CMND in line with current recommendations from https://ciphersuite.info
  • New installations now enforce TLS 1.3 by default, while existing installations keep TLS 1.2 enabled for backward compatibility.
  • Added a new allow_tls12=true|false option in CMON’s configuration:
    • false: only TLS 1.3+ connections are allowed.
    • true: both TLS 1.2 and TLS 1.3+ are allowed.
  • The allow_tls12 setting is propagated to CMND (cmnd.conf) to ensure consistent TLS behavior.
• Address an issue with restoring external backup because primary could not be determined (CLUS-6590)
• Address improvements with potential race conditions with frequent configuration changes and remove cluster operations (CLUS-6852)
  
  UI
• Address an issue where the bi-directional option was incorrectly shown for create replica cluster with PostgreSQL streaming replication cluster (CLUS-6796)
• Address an issue with Query Monitoring / Agents page not refreshing when clicking on a different cluster (CLUS-6780)
• Address an issue when editing backup schedules where storage host was not correct with MongoDB (CLUS-6757)
• Address an improvement to truncate DB user privileges with there many PostgreSQL users listed (CLUS-6578)
• Address an issue with a too narrow custom data directory input field with the PostgreSQL wizard (CLUS-6828)

2025-12-02

clustercontrol-mcc-2.3.4-674
clustercontrol-proxy-2.3.4-139
clustercontrol-kuber-proxy-2.3.4-624

We are pleased to announce that our Kubernetes Database Operators feature is now out of "tech preview" and General Available / GA.

Deploy and manage databases in Kubernetes using community-driven database operators through declarative, YAML-based configurations with built-in version control. Laying the foundation for cloud-native database operations with ClusterControl.

Kubernetes Database Operators with ClusterControl - General Available

• Supported Databases:
  • Easily deploy PostgreSQL and MySQL replication clusters to any Kubernetes environment.

• Supported Database Operators
  • PostgreSQL: cloudnative-pg
  • MySQL: Moco

• YAML based management with version control
  • Manage deployment and backups with access to the YAML configurations , ensuring flexibility and control over the database operator setups.

• Effortless scaling
  • Scale out or in by simply modifying the deployments

• Backup management
  • Manage backup schedules
  • Restore cluster from backups
  • Cloud object storage with S3 compliant cloud storage vendors

• New: Resource and database configuration management
  • Limit CPU, Disk and Storage usage with custom templates applied at deployment
  • Customize database configurations with custom templates applied at deployment
• New: Troubleshoot by retrieving and view pod logs
• New: Manage and monitor Kubernetes resources
  • Create and view namespaces 
• New: Support for Argo CD Integration with GitOps workflow
  • Provides a CI/CD pipeline
  • Use Git (GitHub) as a single source of truth - declarative configurations stored in Git
  • Limitations: Initial release only supports the Kuber-proxy agent and DB Operators installations. More to come in upcoming releases / patches.
• UI Integration
  • Leverage ClusterControl’s intuitive uiser interface to manage and monitor databases deployed in Kubernetes, streamlining operations regardless of database environments.

2025-12-02

clustercontrol-controller-2.3.4-17176
clustercontrol2-2.3.4-2180

• PostgreSQL Locale Handling Improvements (CLUS-6693)
  • Fixed locale settings for PostgreSQL major upgrade jobs:
  • No longer use LC_ALL=C for initdb commands.
  • Do not set lc_collate, lc_ctype, and related settings to 'C'; allow them to be derived from server_encoding.
  • When upgrading, reuse old node's lc_collate and lc_ctype values, in addition to lc_messages, lc_monetary, lc_numeric, and lc_time, preserving unique custom locale configurations
• TimescaleDB 17 & 18 Support and Packaging Updates (CLUS-6686)
  • Supported with
    • PostgreSQL 17&18 - Ubuntu 22 (Jammy)
    • PostgreSQL 17&18 - Ubuntu 24 (Noble)
    • PostgreSQL 17 - Debian 11 (Bullseye)
    • PostgreSQL 17&18 - Debian 12 (Bookworm)
    • PostgreSQL 17&18 CentOS/RHEL 9
  • Note: Currently a Linux distro issue supporting PostgreSQL 18 with latest Rocky 9 
• Address a deployment issue with Valkey 8|9 with Rocky 9 (CLUS-6748)
• Address an issue when promoting a PostgreSQL replica to a primary (CLUS-6573)
• Address an issue with PITR label with backup tool tip (CLUS-6577)
• Address an issue with inconsistent pg_dump options in the UI (CLUS-6624)

2025-11-18

clustercontrol-controller-2.3.4-17075
clustercontrol-mcc-2.3.4-654
clustercontrol2-2169

• Address an issue with the Galera donor node stuck in read-only mode after resync. An alarm will be triggered if the donor remains in read-only.  (CLUS-6566)
• Address an issue with disabling read_only and super_read_only not taking effect with Percona XtraDB cluster (CLUS-6672)
• Address an issue adding a replica when restoring a cloud backup using the default home directory instead of the configured backup mount point (CLUS-6586)
• Address an UI issue with HAProxy advanced settings not correctly reflecting the correct RO/RW port used (CLUS-6670)
• Address an issue to remove 'beta' label from QM agents (CLUS-6682)
• Address tooltips improvements for partial backup with pg_dump (CLUS-6630)

2025-11-07

clustercontrol-controller-2.3.4-16855
clustercontrol-mcc-2.3.4-645
clustercontrol2-2162

• Address issues  partial backup restore with PostgreSQL
  (CLUS-6538)
  • Fixed pgdump restore for compressed/encrypted backups in streaming mode.
  • Fixed partial restore for encrypted and compressed backups stored on the controller.
  • Reduced overly detailed logs for better clarity and performance.
• Address an issue restoring partial backup with pg_dump when using 'Custom' format (CLUS-6581)
  • Improved directory processing during pg_restore.
  • Prevented re-application of schema filters during backup restore.
• Address an issue with differential backups failing with MSSQL (CLUS-6361)
• Address an improvement to update ccxadmin privileges for Redis/Valkey to include -@dangerous for enhanced security (CLUS-6657)
• Address a potential issue with CMON segfault after upgrade to 2.3.4  (CLUS-6643)
• Address an issue with hanged deployment jobs & segfaults on CCX env (--k8s and --pool) (CLUS-6606)
• Address an issue with alarms reported coming from the CMON server instead of the node reporting the problem (CLUS-6602)
• Address an issue with PostgreSQL replica restart failing because the primary_slot_name is in uppercase (CLUS-6634)
• Address an issue with the topology view for Group Replication with HAProxy (CLUS-6610)

clustercontrol-mcc-2.3.4-634
clustercontrol2-2153

• Address an issue with downloading the generated error report (CLUS-6550)

2025-10-30

clustercontrol-controller-2.3.4-16739

• General
  • Addressed hanged jobs occurring in the 2.3.4 release (CLUS-6606).
  • Improved trace logging and applied various clang fixes (CLUS-6492).
  • Enhanced detection of cmon.service in controller_pool.sh (CLUS-6492).
  • Improved cluster monitoring traces in cmon.log (CLUS-6492).
  • Added thread info logging after instance creation (CLUS-6492).
  • Improved formatting and added traces for s9s_func_thread failures in cmon (CLUS-6492).
  • Removed controllers with duplicate hostname and port on start (CLUS-6492).
  • Forced cmonhostmanager cache update (reload from DB) when Galera has no servers (CLUS-6492).
  • Prevented m_galeraServers from being cleared when cache is empty (Fix for CLUS-6492).
  • Avoided updating cmonhostmanager to prevent deadlocks (CLUS-6492, CLUS-6606).
• PostgreSQL
  • Improved logs during backup restore operations (CLUS-6612).
  • During pg_restore, directories are now processed correctly (CLUS-6581).
  • Prevented re-application of schema filters during backup restore (CLUS-6581).
  • PgDump: Use PgDumpAll restore when the DB name is * (CLUS-6612).
  • PgBackRest: Simplified filtering for verifyBackup mode (CLUS-6612).
  • PgBackRest: Filter backup candidates by the requested target host port (CLUS-6612).
  • Restore host now inherits port from the backup record (CLUS-6612).
• PostgreSQL 18
  • Fixed upgrade process by adding --no-data-checksums when needed (CLUS-6522).
• Code Quality
  • Fixed various clang-tidy issues (CLUS-6612, CLUS-6581).

2025-10-23

clustercontrol-controller-2.3.4-16604
clustercontrol-controller-2.3.3-16605
clustercontrol-controller-2.3.2-16606
clustercontrol-controller-2.3.1-16607
clustercontrol-controller-2.2.0-16608
 

• Address an issue to update an expired repository GPG key for MySQL (CLUS-6604) 

2025-10-23

clustercontrol-controller-2.3.4-16591
clustercontrol-mcc-2.3.4-626
clustercontrol2-2.3.4-2151

• Address an issue with supported versions for TimescaleDB. Only available with PostgreSQL 16 (not 17 or 18 at the moment) (CLUS-6589)
• Address an issue with node removal with Redis / Valkey cluster (CLUS-6464)
• Address an issue when upgrading CMON 2.3.1 to 2.3.4 during DB migration (CLUS-6559)
• Address an issue with pg_BackRest when the env MODULSHOME is used (CLUS-6562)
• Address an issue with partial backup restore with pg_dump when using sudo user (CLUS-6538)
• Address an improvement to support LDAP_OPT_REFERRALS with LDAP (CLUS-6355)
• Address an issue with running CMON jobs being purged (CLUS-6520) 
• Address an improvement to support Redis 8 (CLUS-6496)
• Address an improvement to support PostgreSQL 18 (CLUS-6497)
  Limitations (will be addressed with a future patch):
  - Major upgrade from 17 to 18 is not currently supported
  - Logical Replication Deployments / Imports is not currently supported

UI

• Enable TimescaleDB as an PostgreSQL action/job has been deprecated - not supported. Please deploy a TimescaleDB cluster or manually enable the extension if required (CLUS-6598)
• Address an issue with the tooltip for pg_dumpall (CLUS-6582)
• Address an issue with Query Monitor / Agents with Group Replication (CLUS-6525)
• Address an issue with missing 'bootstrap' option when restoring MySQL backups (CLUS-6513)
• Address an issue with PostgreSQL backup schedules where 'verify backup' option was not persisted / correctly set (CLUS-6535)
• Address an issue with missing partial backup options when selecting 'mariadb-dump’ as backup method (CLUS-6485)
• Address an issue with a broken cluster list filter dialog (CLUS-6500)
• Address minor cosmetic with the CMON pool wizard and UI (CLUS-6435, CLUS-6507)

====

2025-10-21

clustercontrol-controller-2.3.3-16553

• Address an issue with pg_BackRest when the env MODULSHOME is used (CLUS-6562)
• Address an issue with partial backup restore with pg_dump when using sudo user (CLUS-6538)
• Address an improvement to support LDAP_OPT_REFERRALS with LDAP (CLUS-6355)

==

2025-09-29
clustercontrol-controller-2.3.4-16521
clustercontrol-mcc-2.3.4-613
clustercontrol2-2.3.4-2143

• Address an issue with partial backup restore with pg_dump when using sudo user (CLUS-6538) 
• Address an issue when rebuilding replica nodes on Galera cluster after restoring a backup (CLUS-6440)
  
  UI
• Address an issue with pgBackRest backup schedules and enabling 'verify backup' (CLUS-6535)
• Address an issue when trying to open the Performance->Query Monitor with a Group Replication cluster (CLUS-6525)
• Address an issue with the license page when using 'unlimited' number of nodes

==============

ClusterControl Ops-C v2.3.4
2025-10-07

clustercontrol-mcc-2.3.4-604
clustercontrol2-2.3.4-2138
clustercontrol-controller-2.3.4-16304
clustercontrol-kuber-proxy-0.1.0-589
clustercontrol-proxy-2.3.4-129
clustercontrol-cloud-2.3.4-446
clustercontrol-clud-2.3.4-446
clustercontrol-notifications-2.3.4-388
clustercontrol-ssh-2.3.4-229
s9s-tools 1.9.2025100710-release1

We’re pleased to announce the release of ClusterControl v2.3.4 which adds support for:

• MySQL Group Replication for native multi-primary HA
• Percona Server Pro 8.4
• Backup&restore improvements specifically with external and partial backups for MySQL/PostgreSQL
• Preview of a scalable CMON Controller pool

New Feature Highlights

• MySQL Group Replication
  • ClusterControl now supports MySQL Group Replication, a native high-availability solution that enables multi-primary configurations and automated fault tolerance out of the box.
• Percona Server Pro 8.4
  • We’ve added support for Percona Server Pro 8.4, expanding your choice of enterprise-grade MySQL variants with enhanced performance and observability features.
• Backup & Restore
  • Restore external and partial backups operations for both MySQL and PostgreSQL have been improved.
• PostgreSQL Custom Data Directory
  • Use any custom data directory location for your database nodes. 
• Preview: CMON Controller Pool for ClusterControl Scalability
  • A new scaling method using a CMON controller pool is now available, offering a flexible path to manage large-scale deployments and environments with high node counts.

MySQL Group Replication

Whether you’re building a high-availability service or planning for zero-downtime operations, Group Replication offers a robust, MySQL-native solution that minimizes operational overhead while maximizing resilience.

• Automatic failover with built-in consensus-based membership and leader election
• Synchronous replication using Paxos-like protocols to ensure strong consistency across nodes
• Multi-primary support for concurrent writes on multiple nodes with conflict detection
• Seamless scaling of reads and writes without manual topology management
• Self-healing clusters, with automatic member rejoin and state reconciliation
• Load balancing, with HAProxy and Keepalived for high availability routing

Backup and Restore

• Restore external backup
  • Various improvements / fixes for MySQL Replication & PostgreSQL
• Partial Backup & Restore
  • Supported now with Percona Xtrabackup, MariaDB mariadb-backup and pg_dump

Scaling and  High Availability - ClusterControl CMON Controller Pool

This update brings a preview of CMON controller pooling, dynamic cluster assignment, and Kubernetes-native configuration storage for K8s and non-K8s environments.

• Controller Pooling: You can now run multiple collocated controllers (on the same or different hosts) with isolated configs and coordinated cluster ownership.
• Cluster Auto-Assignment: Clusters are dynamically and transactionally assigned across active controllers. The system ensures no cluster is ever left orphaned. Ensures zero downtime and failover with minimal manual intervention
• Graceful Scaling: When scaling your controller pool up/down, CC automatically redistributes clusters while preserving service continuity.

Kubernetes-Native Configuration via Secrets

We’re providing Kubernetes-native secure storage in favor of traditional file-based configuration with Kubernetes environments. The entire /etc/cmon.d/, /var/lib/cmon/, and even license and credential management now live safely inside K8s secrets.

• Migrate legacy config to K8s
• Store cmon.cnf & cmon_<CID>.conf in secrets
• Store TLS certs, cloud credentials, and license info
• Run controllers fully from secrets with --k8s flag

Misc

• Support for Percona Server Pro 8.4

====

2025-09-29
clustercontrol-controller-2.3.3-16002
clustercontrol-mcc-2.3.3-588
clustercontrol2-2.3.3-2120

• Address an issue with the cc-logrotate configuration which conflicts with the existing logrotate configuration (CCX)(CLUS-5368)
• Address additional improvements to properly update the Prometheus configuration when a node is removed  (CLUS-5040, CLUS-6467, CLUS-6056)

UI

• Address an improvement to provide a custom data and configuration file path when adding or importing a node (CLUS-3441)
• Address an improvement to expose advanced options for partial backup with pg_dump (CLUS-6392, CLUS-6393)
  - include / exclude
  - "Structure only" (schema_only)
  - "Data only" (data_only)
  - "Skip ownership" (no_owner)
  - "Skip privileges" (no_privileges)
  - Formats: Plain (default), Custom, Directory, Tar
• Expose 'cloud only' storage backup option. Supported with custom S3 and AWS S3 cloud storage (CLUS-6365, CLUS-6405)
  The following backup methods are currently supported:
  - xtrabackup full and incremental
  - mariabackup full and incremental
  - pg_basebackup
• Address an improvement to support custom data directory per node when scaling PostgreSQL (CLUS-6371)
• Address an improvement to only need to provide a (optional) service name when importing a PostgreSQL cluster (CLUS-6372)

2025-09-24
clustercontrol-controller-2.3.3-15819

• Address an issue with DB growth and MS SQL Server (CLUS-6401)
• Address an issue with MariaDB Galera deployment when using a single node with CCX (CLUS-6416)
• Address an issue Redis/Valkey backup and restore with sharded clusters (CLUS-6406)
• Address an improvement to select the correct replica for promotion and set promotion priority accordingly on the new candidate (CLUS-6414)
• Address an issue when promoting a Valkey replica (CLUS-6398)
• Address issues when setting a custom data directory with PostgreSQL deployments (CLUS-6288)

• Address an issue with differential backups for MSSQL when there is no full backup available (CLUS-6361)

   

2025-09-05
clustercontrol-controller-2.3.3-14847
s9s-tools 1.9.2025090415

• Address an improvement to support partial backups with pg_dump (CLUS-6315)
  
  NOTE: Currently, this is only available through the S9S CLI. UI enhancements will be included in an upcoming patch.

The CMON controller and s9s-cli now supports:

• Automatic method selection (pgdump vs pgdumpall based on database selection)
• Schema-level backup parameters (include/exclude)
• Advanced backup options (schema-only, data-only, no-owner, no-privileges)
• Multiple backup formats (plain, custom, directory, tar)

# Single database backup (uses pg_dump)
s9s backup --create \
    --cluster-id=1 \
    --backup-method=pgdump \
    --databases="app_db" \
    --backup-dir=/tmp \
    --wait

# Multiple databases (uses pg_dump for each)
s9s backup --create \
    --cluster-id=1 \
    --backup-method=pgdump \
    --databases="app_db,user_db,config_db" \
    --backup-dir=/tmp

# Include specific schemas only
s9s backup --create \
    --cluster-id=1 \
    --backup-method=pgdump \
    --databases="production_db" \
    --schemas="public,app_data,user_profiles" \
    --backup-dir=/var/backups \
    --wait

# Exclude temporary/audit schemas
s9s backup --create \
    --cluster-id=1 \
    --backup-method=pgdump \
    --databases="production_db" \
    --exclude-schemas="temp,audit_logs,staging" \
    --backup-dir=/var/backups

# Structure-only backup
s9s backup --create \
    --cluster-id=1 \
    --backup-method=pgdump \
    --databases="app_db" \
    --schema-only \
    --backup-format=plain \
    --backup-dir=/tmp/schema_backups

# Data-only backup for specific tables
s9s backup --create \
    --cluster-id=1 \
    --backup-method=pgdump \
    --databases="app_db" \
    --schemas="lookup_data" \
    --data-only \
    --backup-dir=/tmp/data_backups

# Remove ownership
s9s backup --create \
    --cluster-id=1 \
    --backup-method=pgdump \
    --databases="app_db" \
    --no-owner \
    --no-privileges \
    --backup-format=custom \
    --backup-dir=/var/backups

# Available options (from s9s backup --help)
--databases=LIST           Comma separated list of databases to archive
--schemas=LIST             Include specific schemas (PostgreSQL only)
--exclude-schemas=LIST     Exclude specific schemas (PostgreSQL only)
--schema-only              Backup structure only, no data (PostgreSQL)
--data-only                Backup data only, no structure (PostgreSQL)
--no-owner                 Skip ownership information (PostgreSQL)
--no-privileges            Skip privilege information (PostgreSQL)
--backup-format=FORMAT     Format string

2025-09-04
clustercontrol2-2.3.3-2101
clustercontrol-2.3.3-mcc-554
clustercontrol-controller-14793

• Address an issue with the audit log only showing the last 7 days (CLUS-6327)
• Address an issue when installing Keepalived with Percona XtraDB Cluster 5.7  (CLUS-6284)
• Address an issue with database parameters being set outside a valid group (CLUS-6386)
• Address additional issues with the Prometheus configuration when removing a node (CLUS-5040, CLUS-6056)
• Address an issue with backup retention not working properly with MS SQL Server (CLUS-6298)

UI

• Address an issue with the audit log only showing the last 7 days (CLUS-6327)

2025-08-29
clustercontrol-mcc-2.3.3-547

• Address an improvement to support a custom data directory for the backup verification node with PostgreSQL (CLUS-6126)

2025-08-20

clustercontrol-controller-2.3.3-14470
clustercontrol2-2.3.3-2095
clustercontrol-mcc-2.3.3-541

• Address an issue with SELinux on the CMON Controller node and Prometheus server setup (CLUS-5759)

• Address an improvement to enable HTTPS only software repositories with a new configuration parameter 'force_https_repos' (CLUS-6194)
  
  Force HTTPS Repository URLs:
  The force_https_repos cluster parameter automatically converts HTTP repository URLs to HTTPS during package repository setup operations, including epel and our repositories. When enabled, ClusterControl replaces any http:// URLs with https:// when configuring package repositories on database nodes.
  
  Configuration Steps:
  - Access a cluster configuration
  - Set force_https_repos = true
  - Apply the configuration changes by restarting CMON
  - Quick check after CMON is restarted: s9s cluster --list-config --cluster-id=<your_cluster_id> | grep force_https_repos
  
  Note: This only affects future repository setup operations.
   

  UI

• Address an improvement to show the same backup titled in UI as was used with the s9s CLI when a backup job was created (CLUS-2990)
• Address an improvement to support a custom data directory for the backup verification node with PostgreSQL (CLUS-6126)
• Address an issue with re-direct loop if UI and backend versions differ (CLUS-6276)

2025-08-04

clustercontrol-controller-2.3.3-13907
clustercontrol-controller-2.3.2-13906
clustercontrol-proxy-2.3.3-104

• Address anAddress an issue when deploying Elasticsearch on Debian 12 (CLUS-5151)
• Address an issue with MSSQL exporters in a container env (CLUS-5405)
• Address an issue with PostgreSQL major upgrade and sudo user with password (CLUS-6072)

cmon-proxy

• Address an improvement to support Letsencrypt with CC Ops-C/MCC (CLUS-6083)

2025-07-23

clustercontrol-controller-2.3.3-13762
clustercontrol-controller-2.3.2-13761

• Address an issue with expired repository key for S9S CLI (CLUS-6211)
• [Only in v2.3.3] Address an issue when upgrading MySQL where the CC provided 'my.cnf' file was overwritten by the new package (CLUS-5403)

2025-07-22

clustercontrol-controller-2.3.3-13748
clustercontrol2-2.3.3-2075
clustercontrol-mcc-2.3.3-518

• Address an issue with DB Growth reports with data range not being properly accounted for (CLUS-5729)
• Address an improvement to allow the default CMON->Prometheus port 9090 to be configurable (CLUS-5979)
• Address an issue to properly cleanup the Prometheus configuration file when removing a node (CLUS-6056, CLUS-5040)

UI

• Address an improvement to allow the default CMON->Prometheus port 9090 to be configurable (CLUS-5979)
• Address minor issues with watchlist in dark mode (CLUS-5780)
• Address improvements to the 'Add Controller' wizard (CLUS-6089)
• Address improvements for the 'Import MongoDB' wizard (CLUS-6040)
   

2025-07-09

clustercontrol-controller-2.3.3-13682
clustercontrol-controller-2.3.2-13683

• Address improvement to disable the mail queue at CMON start for improved startup performance (CLUS-6167)
  A new CMON configuration is available to control the mail thread starting up with:
  
  "mail_queue_disabled=true    #default is false"
   
• Address an issue importing Elasticsearch where a node has other roles than 'master' (CLUS-5940)
• Address an issue when adding a replica to MariaDB Galera cluster with a sudo user (CLUS-6140)

2025-07-09

clustercontrol-controller-2.3.3-13633

• Address an issue to correctly remove PostgreSQL users from the pg_hba.conf file (CLUS-6014)
• Address an issue where PostgreSQL extensions on new replicas are not installed properly (CLUS-6146)

2025-07-08
clustercontrol-controller-2.3.2-13612
clustercontrol-controller-2.3.3-13613

• Address an issue with the URL in email notifications not using 'https’ (CLUS-6106)
• Address an issue when editing HAProxy configuration not being reflected in the actual configuration file (CLUS-4782)

2025-07-02
clustercontrol2-2.3.2-2059
clustercontrol2-2.3.3-2060
clustercontrol-mcc-2.3.2-501
clustercontrol-mcc-2.3.3-502

• Support for a new dark mode theme with watch lists (CLUS-5780, ONLY in v2.3.3)
• Address an issue with the logs being spammed with 'User ccsetup was not found on LDAP'  (CLUS-5937)

2025-06-30
clustercontrol-controller-2.3.2-13534
clustercontrol-controller-2.3.3-13535

• Address a regression with MySQL PITR with binary logs not being downloaded based on parent backup ID (CLUS-6130)
• Address an potential improvement using the s9s cli when CMON is not responding during high load by ignoring SIGPIPE signal (CLUS-6117)
• Address an issue with the logs being spammed with 'User ccsetup was not found on LDAP'  (CLUS-5937)
  Address an issue with Elasticsearch deployments with a non-root user (CLUS-6033, CLUS-5677)

ClusterControl Ops-C v2.3.3
2025-06-25

clustercontrol2-2.3.3-2051
clustercontrol-mcc-2.3.3-491 clustercontrol-controller-2.3.3-13489
clustercontrol-kuber-proxy-0.1.0-589
clustercontrol-proxy-2.3.3-96
clustercontrol-cloud-2.3.3-432
clustercontrol-clud-2.3.3-423
clustercontrol-notifications-2.3.3-379
clustercontrol-ssh-2.3.3-221
s9s-tools 1.9.2025062518-release1

We’re pleased to announce the release of ClusterControl v2.3.3. This update introduces enhancements for elevated user privileges with Privileged Access Management integration of PowerBroker’s ‘pbrun’ as well as support for MongoDB 8.0 and MariaDB 11.8 LTS.

PowerBroker’s pbrun Integration
A replacement for sudo, offering more flexibility and control.

• Enhanced Security — Enables secure execution of privileged commands without exposing root credentials.
  • Granular privilege delegation — users can be permitted to run specific commands only under controlled conditions.
  • Centralized policy enforcement — access and permissions are defined by administrators in a central policy file, rather than on individual systems.
  • Audit trails and logging — all actions taken via pbrun are logged for accountability and compliance.
  • Role-based access control (RBAC) — different users or roles can be given distinct levels of privilege.
  • Seamless Integration: Easily use pbrun within ClusterControl for consistent and secure database management workflows.
  • This integration adds an additional layer of security and control for organizations with stringent privileged access requirements.

MongoDB 8.0

MongoDB 8.0, released in October 2024, introduces significant enhancements across performance, security, scalability, and developer experience.

MariaDB 11.8

This is the latest Long-Term Support (LTS) version, now generally available. This release brings major improvements in performance, observability, and AI-readiness.

• 🧠 AI-Ready with Native Vector Search - Unlock the power of generative AI and semantic search:
  • New VECTOR data type to store ML embeddings directly in tables
  • Vector indexing & distance functions (Cosine, Euclidean) for fast nearest-neighbor queries
• Ideal for RAG pipelines, personalized search, and recommendation engines—right inside your database.

Misc CC Ops-C / MCC UI improvements

• Admin User Registration Form - 'Advanced Self-Serve' intent and new 'Feedback' input
• Improvements to multi-cmon controller registration and authentication process

==

ClusterControl v2.3.2 releases and older