release: github.com/cloudfoundry/cf-release / 214

Github source: 71b46fd6 or master branch

The cf-release v214 was released on July 29, 2015.

Important: - This release includes a migration that modifies the events table. This table may be very large, and the migration may cause the deployment to fail if it takes too long to run. If the migration causes the deployment to fail, the api_z1/0 job will fail to start. If this happens, do not restart the deploy until the migration has finished running. The deploy can be restarted once the space_id foreign key constraint has been removed from the events table. - To avoid the possibility of the migration causing a failure, truncate the events table before the deployment starts. The data in the events table are considered to be audit and log data, and Cloud Foundry can function if it is removed.

Contents: - CC and Service Broker APIs - Runtime - Buildpacks and Stacks - Routing - Loggregator - Internal Components - Job Spec Changes - Recommended BOSH Release and Stemcell Versions - Recommended Diego Version

CC and Service Broker APIs

CC API Version: 2.33.0

Service Broker API Version: 2.6

Cloud Controller

  • Fixed backwards incompatible ccdb migration introduced in cf-release 213 details
  • [Experimental] Work continues on /v3 and Application Process Types details
  • [Experimental] Work continues on Private Brokers details
  • [Experimental] Work continues on Dashboard Clients per Service Instance details
  • Truncate the billing_events table to complete the deprecation details
  • Support for app instance limit on Org Quota details
  • cloudfoundry/cloud_controller_ng #402: Enlarge Service Keys Credentials details
  • Audit events for service key create and delete details
  • vendor/errors is no longer a submodule details
  • use cf.internal for internal domain for consul details
  • SSH access requires app update access details
  • Create service usage event upon plan update details
  • hm9k fetcher to only select the columns that are needed details

Runtime

DEA

  • Fix race condition where DEA was sending heartbeat before UUID had been generated. details

Warden

  • Use wait-for-lock when invoking iptables. details
  • Keep track of containers when destroy fails. details

HM9000

Buildpacks and Stacks

rootfs

updated cflinuxfs2 to v1.1.0

v1.1.0

Notably, this release addresses USN-2670-1: “libwmf vulnerabilitites”, which is related to: - CVE-2015-0848 - CVE-2015-4588 - CVE-2015-4695 - CVE-2015-4696

go-buildpack

updated to v1.5.0 (from v1.4.0)

v1.5.0

  • Basic Godeps/Godeps.json validation

Note that ./Godeps and .godir are deprecated.

(See README.md for additional notes about the Godeps upgrade.) - Include current stack in unsupported stack message (https://www.pivotaltracker.com/story/show/98579464) - Remove vendored python interpreter (https://www.pivotaltracker.com/story/show/94532204) - Defaults for GOMAXPROCS - Update godep

Includes at least: - 64k line fixes - godep diff - Cross compiled with go 1.4.2 / gox (statically linked) - GOPATH “g” -> “go”

Packaged binaries:

name version cf_stacks
go 1.1.1 cflinuxfs2
go 1.1.2 cflinuxfs2
go 1.2.1 cflinuxfs2
go 1.2.2 cflinuxfs2
go 1.3.2 cflinuxfs2
go 1.3.3 cflinuxfs2
go 1.4.1 cflinuxfs2
go 1.4.2 cflinuxfs2

nodejs-buildpack

updated to v1.5.0 (from v1.4.0)

v1.5.0

Packaged binaries:

name version cf_stacks
node 0.10.38 cflinuxfs2
node 0.10.40 cflinuxfs2
node 0.11.15 cflinuxfs2
node 0.11.16 cflinuxfs2
node 0.12.6 cflinuxfs2
node 0.12.7 cflinuxfs2

v1.4.2

v1.4.1

php-buildpack

updated to v4.0.0 (from v3.3.0)

v4.0.0

Instead of downloading PHP modules individually, include all modules in a single tarball to make the manifest more manageable. (https://www.pivotaltracker.com/story/show/95473520) - Package all httpd modules in a single tarball

Instead of downloading httpd modules individually, include all modules in a single tarball to make the manifest more manageable. (https://www.pivotaltracker.com/story/show/95473520) - Add nginx 1.9.2, upgrade to 1.6.3; drop 1.7.x (https://www.pivotaltracker.com/story/show/98855608) - Include current stack in unsupported stack message (https://www.pivotaltracker.com/story/show/98579464)

Packaged binaries:

name version cf_stacks
php 5.4.42 cflinuxfs2
php 5.4.43 cflinuxfs2
php 5.5.26 cflinuxfs2
php 5.5.27 cflinuxfs2
php 5.6.10 cflinuxfs2
php 5.6.11 cflinuxfs2
hhvm 3.5.0 cflinuxfs2
hhvm 3.5.1 cflinuxfs2
hhvm 3.6.0 cflinuxfs2
hhvm 3.6.1 cflinuxfs2
composer 1.0.0-alpha10 cflinuxfs2
httpd 2.4.12 cflinuxfs2
newrelic 4.20.2.95 cflinuxfs2
nginx 1.6.3 cflinuxfs2
nginx 1.8.0 cflinuxfs2
nginx 1.9.2 cflinuxfs2

v3.3.1

python-buildpack

updated to v1.5.0 (from v1.4.0)

v1.5.0

Packaged binaries:

name version cf_stacks
python 2.7.10 cflinuxfs2
python 2.7.9 cflinuxfs2
python 3.3.5 cflinuxfs2
python 3.3.6 cflinuxfs2
python 3.4.2 cflinuxfs2
python 3.4.3 cflinuxfs2
libffi 3.1 cflinuxfs2
libmemcache 1.0.18 cflinuxfs2

ruby-buildpack

updated to v1.6.1 (from v1.5.0)

v1.6.1

  • Fix issues with the ‘including unsupported’ manifest
    • Fix incorrect md5 checksum for node version 0.12.7
    • Remove merge conflict annotations

Packaged binaries:

name version cf_stacks
ruby 2.0.0 cflinuxfs2
ruby 2.1.5 cflinuxfs2
ruby 2.1.6 cflinuxfs2
ruby 2.2.1 cflinuxfs2
ruby 2.2.2 cflinuxfs2
jruby ruby-1.9.3-jruby-1.7.21 cflinuxfs2
jruby ruby-2.0.0-jruby-1.7.21 cflinuxfs2
jruby ruby-2.2.2-jruby-9.0.0.0.rc2 cflinuxfs2
node 0.12.7 cflinuxfs2
bundler 1.9.7 cflinuxfs2
libyaml 0.1.6 cflinuxfs2
openjdk1.8-latest - cflinuxfs2
rails3_serve_static_assets - cflinuxfs2
rails_log_stdout - cflinuxfs2

v1.6.0

v1.5.2

v1.5.1

staticfile-buildpack

updated to v1.2.1 (from v1.2.0)

v1.2.1

Packaged binaries:

name version cf_stacks
nginx 1.8.0 cflinuxfs2

Identity

No Changes

Routing

  • Work continues on support for route services details
  • Bug fix: Correct context path was not included in cookie returned to client when backend returns JSESSIONID details
  • Optional routing test suite added to cf-acceptance-tests details
  • Oauth client arguments for rtr CLI changed to –client-id and –client-secret details
  • Submodule name of gorouter and routing api now matches path details
  • Moved two gorouter property defaults into spec file details

Loggregator

Loggregator Release Tag

Loggregator Features

  • Metron refactoring complete, benchmarked at ~30% performance increase. details
  • Metron now uses dropsonde for metrics instead of /varz. details
  • PR -Add logpath flag support to syslog drain binder. details
  • Internal: Improved CI
    • Cleanup gems during deploy details
    • Auto-stop pipeline for lost metrics details
    • Benchmark Metron during CI test details
    • Steel thread integration suite details
    • Integration suite test burst performance of metron details
    • Document build process details
    • New integration testing for data race conditions details
    • Parallelize unit tests for performance details
    • New integration testing for concurrent loads on legacy ports details
    • General metron pipeline cleanup details

Loggregator Bugs

  • Invalid null pointer during TC runtime details
  • PR - Fix format strings details

Internal Components

etcd

etcd can now be configured to support SSL communication between clients and servers, and amongst etcd servers themselves. The Diego team currently maintains their own packaging of etcd, but we are in the process of extracting a common etcd-release that can be consumed by both CF and Diego deployments. The etcd packaging within cf-release has been brought in line with the diego-release packaging to validate that a common etcd-release will work for both deployments. - Diego story for client SSL communication - Diego story for peer SSL communication - Story to make cf-release etcd packaging compatible with diego-release packaging

consul

The cluster management of consul has been made more robust by making sure that consul server nodes have fully synced up with the rest of the cluster before moving on to add another node to the cluster. details

Job Spec Changes

  • Removed login job entirely. details
  • Changed acceptance_tests.oauth_password to acceptance_tests.client_secret. details
  • Changed acceptance_tests.include_routing_api to acceptance_tests.include_routing. details
  • Added router.route_service_secret and router.route_service_timeout. details
  • Changed default value for uaa.zones.internal.hostnames from [uaa.service.consul] to [uaa.service.cf.internal].details
  • Added login.saml.signMetaData and login.saml.signRequest.
  • Changed etcd.machines to be a list of addresses instead of just a list of IPs, and added etcd.require_ssl, etcd.ca_cert, etcd.server_cert, etcd.server_key, etcd.client_cert, etcd.client_key, etcd.peer_require_ssl, etcd.peer_ca_cert, etcd.peer_cert, etcd.peer_key to support SSL for all communication between etcd clients and servers, and amongst etcd servers. diego client SSL story diego peer SSL story cf compatibility story
  • Added consul.agent.sync_timeout_in_seconds. details

Recommended BOSH Release and Stemcell Versions

  • BOSH Release Version: bosh 176
  • BOSH Stemcell Version:
  name: small_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: small_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: medium_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: medium_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: large_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: large_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: runner_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: runner_z2
    name: bosh-aws-xen-ubuntu-trusty-go_agent
    version: 3026
  name: router_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: router_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: small_errand
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: xlarge_errand
    name: bosh-aws-xen-ubuntu-trusty-go_agent
    version: 3026

These are soft recommendations; several different versions of the BOSH release and stemcell are likely to work fine. In future deployments, we will be migrating all Runner VMs to the new HVM instance types.

Recommended Diego Version

Diego final release 0.1398.0 · release notes

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=214

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: cf, version: "214"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 986803f16fe95c2ed2aa199a72b4f73e7bb9da89 release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-release?v=214

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-release?v=214