The cf-release v217 was released on September 09, 2015.
- This release introduces significant improvements to the security of the consul cluster, however the operator must introduce these changes over the course of multiple deployments. If you are not running any consul servers as part of your deployment, you can ignore these instructions. Otherwise, please do the following:
1. Scale the number of consul servers in your existing deployment down to 1 instance. The
consul.agent.servers.lan property must be updated to reflect this; this should happen for free if you are using the standard tooling for manifest generation. If you are deploying Diego alongside CF, you must redeploy Diego as well to pick up the
consul.agent.servers.lan change; again, this should happen for free if using the standard manifest generation tooling.
2. Generate SSL certificates, keys, and a separate encryption key for the gossip protocol used by consul (instructions). Upload the v217 release and generate your manifest for CF (and then Diego, if also deploying Diego). 3. Deploy CF (and then Diego, if also deploying Diego). 4. Scale the number of consul servers back up to whatever you had it at before. Regenerate all relevant manifests and deploy. - cf-release v216 was skipped. After cutting a final release, the final release changes need to be committed back to the repo. We do one final deploy of the final release before committing its changes to master. In this case, a bug was found after doing the deploy, so we did not commit its changes. The bug was fixed, a new final release was deployed, and its changes have been committed. Since the director where the deploy was done already had a 216 deployed to it, we could not call the fixed release 216 as well, hence 217.
Contents: - CC and Service Broker APIs - Runtime - Buildpacks and Stacks - Routing - Loggregator - Internal Components - Job Spec Changes - Recommended BOSH Release and Stemcell Versions - Recommended Diego Version - Recommended Garden Linux Version
CC and Service Broker APIs
CC API Version: 2.35.0
Service Broker API Version: 2.6
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Private Brokers details
- [Experimental] Work reverted on Dashboard Clients per Service Instance details
- [Experimental] Work started on Route Services details
- cloudfoundry/cloud_controller_ng #411: Update cf-message-bus which includes latest NATS client details
- Add a description to the Resource Match API page to apidocs details
- Add description for recursive delete flag on Orgs and Spaces to apidocs details
- Update ruby version to 2.1.7 details
- Remove experimental flags for
app_instance_limitin Creating a Organization Quota Definition details
- Added new endpoint to get number of started instances by Org
GET /v2/organizations/:guid/instance_usageapidoc details
- Remove guard against using aufs for nested warden containers to match current garden behavior. details
- Bump ruby version to 2.1.7. details
No functional changes.
Buildpacks and Stacks
updated to 1.7.0 (from 1.4.0)
Notably, this release addresses USN-2722-1, “gdk-pixbuf vulnerability”.
in addition to two other vulnerabilities which do not yet have CVE numbers assigned.
updated to v1.6.0 (from v1.5.0)
- Output buildpack information in detect script. (https://www.pivotaltracker.com/story/show/100757820)
- Add go 1.5. Remove go 1.1.x, which hasn’t been updated since August 2013. (https://www.pivotaltracker.com/story/show/101620562)
updated to v1.6.5 (from v1.6.2)
- Change default Ruby version to ‘2.2.3’ (https://www.pivotaltracker.com/story/show/101779882)
Note that v1.6.3 was not released. - Add support for Ruby 2.1.7 and 2.0.0-p647, which addresses CVE-2015-3900. Remove support for Ruby 2.1.5 and 2.0.0-p645. (https://www.pivotaltracker.com/story/show/101589968)
Updated to UAA Release 2.6.1
- Work continues on support for Route Services details, more details
- Gorouter now logs X-Forwarded-Proto details
- Gorouter no longer responds to a publish NATS message with an empty subject details
- Work begun on support for TCP Routing in Routing API details
- Routing API no longer logs the Authorization header details
- A bug was introduced in v217 wherein gorouter logs are no longer rotated as frequently as they used to be. This could lead to failure if the disk fills up. A fix has been committed and will be included in v219 details.
No functional changes.
- Improve operability of consul cluster when scaling down. details
- Consul servers determine whether they are synced with the rest of the cluster in the officially recommended manner. details
- Consul agents and servers communicate securely with one another. details
- Consul servers leave and join the cluster more reliably during a rolling deploy. details
- Added new
route_registrarjob to centralize route registration logic in one place, and move it out of the source code of other components that aren’t primarily concerned with route registration. details
Job Spec Changes
networks.appsproperty from all jobs. details
- Removed numerous unused properties:
ccdb.max_ar_connectionsfrom all CC-related jobs.
cc.diego.tps_urlto all CC-related jobs. details
Recommended BOSH Release and Stemcell Versions
- BOSH Release Version: bosh/201
- BOSH Stemcell Version(s): bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3026
These are soft recommendations; several different versions of the BOSH release and stemcell are likely to work fine with this version of cf-release.
Recommended Diego Version
This is a soft recommendation; several different versions of the diego-release may work fine with this version of cf-release.
Recommended Garden Linux Version
- garden-linux Release Version: garden-linux/0.303.0
This is a soft recommendation; several different versions of the garden-linux release may work fine with this version of cf-release and the aforementioned version of diego-release.
Upload this release version to the Director:
$ bosh upload-release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=217 --sha1 6b41a35cf3f362f644ab0ce552d578dfd682e9a1
Modify deployment manifest to use this release in addition to any other used releases:
releases: - name: cf version: "217"
Finally add needed deployment jobs and specify values for required properties.
Optionally download sha1: 6b41a35cf3f362f644ab0ce552d578dfd682e9a1 release tarball locally:
# ...or download it directly using curl $ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-release?v=217 # or with wget... $ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-release?v=217