release: github.com/cloudfoundry/cf-mysql-release / 31

Github source: 41fda3be or master branch

General Security Improvements

This release focuses on addressing and improving the release to address general security concerns. Many of the changes improved the logging of components in the release in which we were logging credentials. - Upgrade MariaDB to 10.1.18 [#131653751] - Add the wsrep_debug patch to add additional logging levels for MariaDB 10.1 [#130335561] - The service broker should not use root credentials to access MySQL [#129985945] - route-registrar should stop logging NATS password [#130791609] - cf-mysql-broker should not log credentials [#129474883]

Other Improvements

  • Don’t prevent trigger creation when the binlog is enabled [#130568959]

Allows service broker created users to use mysql triggers - As an Operator, I’d like to specify a path to an executable to be run when my SST is interrupted. [#131763097]

Allows the operator to configure the execution of a collocated job when the interruptor is triggered - switchboard should only log useful statements at INFO [#131504989]

Community Involvement

  • cloudfoundry/cf-mysql-release #104: Add openstack stub [#118640631]
    • Merged a PR that adds an IaaS override stub for openstack
  • cloudfoundry/cf-mysql-release #127: Specify the cf-mysql-broker ip via manifest [#130726653]
  • The ./update script should work when checked out to a tag [#130536105]

Note The update script now lives in ./scripts/update to be consistent with other cloudfoundry releases

Bug Fixes

  • galera-healthcheck should respect property to control which user is used to access MySQL [#128922163]

Previously, the galera-healthcheck process would ignore the manifest property and connect as root - plan sizes in manifest stubs for bosh-lite are confusing [#129698189]

The manifest stubs now accurately reflect the actual size of the default plans in bosh-lite - cf_mysql.mysql.galera_healthcheck.db_password does not exist in standalone example stub file [#131179845]

Manifest Changes

  • Add optional cf_mysql.mysql.interrupt_notify_cmd
    • specifies a path to a file to run when the interruptor triggers
  • Add cf_mysql.broker.db_password
    • the password for the service broker to connect to the database with
  • Add optional property cf_mysql.broker.host
    • ip to be registered with the cf router for the broker; defaults to VM ip

Exploration

We have also taken time to find ways to improve the performance and our understanding of different components in the cluster - Explore ways to make the quota enforcer query less prone to blocking the service broker in a cluster with many tables [#131471503] - The quota enforcer runs a query that locks the mysql.db table when finding violators and reformers. This story investigated why it does this and how we can improve it.

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=31

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: cf-mysql, version: "31"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 4f0a66f8e9c0c5ceb639f7a3fcb3d0e01514a31e release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=31

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=31