release: github.com/cloudfoundry/cf-release / 254

Github source: 646e1471 or master branch

Contents - Notices - Job Spec Changes - CVEs - Compatible Releases and Stemcells - Subcomponent Updates

Notices

  • Upcoming changes may require an update to your BOSH Director. Please update to BOSH v261.3 to ensure that future versions of cf-release can successfully deploy. Details: Specifically, if your BOSH director uses a MySQL database as its data store, a version of cf-release that contains links for consul jobs will fail to deploy due to a bug in the database schema. BOSH v261.3 contains the necessary fix. We will likely wait until CF v256 to introduce the breaking change, so that operators can update their BOSH directors to 261.3 or greater.
  • This release adds functionality to allow multiple instances of the Cloud Controller clock job. If you’re using the spiff templates, you’ll see clock_global job replaces by clock_z1 and clock_z2 jobs.
  • This release is using an experimental new Loggreator-API when deploying to bosh-lite. It has been noted that metron is using unusually high CPU when utilizing this new API. This does not normal bosh deployments.
  • The included version of Loggregator restricts ciphers to use only the following 4 ciphers. This is a breaking change for some operators and a configurable property for opting into more cipher suites was introduced in Loggregator 85 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Job Spec Changes

  • Cloud Controller Clock now requires SSL configuration with the following properties, these properties became required for Cloud Controller in CF 253 so they may already be present in your deployment:
    • cc.mutual_tls.ca_cert: PEM-encoded CA certificate for secure, mutually authenticated TLS communication
    • cc.mutual_tls.public_cert: PEM-encoded certificate for secure, mutually authenticated TLS communication
    • cc.mutual_tls.private_key: PEM-encoded key for secure, mutually authenticated TLS communication

CVEs

  • None

Subcomponent Updates

Compatible Releases and Stemcells

Upload this release version to the Director:

$ bosh upload release https://bosh.io/d/github.com/cloudfoundry/cf-release?v=254

Modify deployment manifest to use this release in addition to any other used releases:

releases:
- {name: cf, version: "254"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 2b1b4de54927fb0b92c6ace83df353969b1fa69b release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/github.com/cloudfoundry/cf-release?v=254

# or with wget...
$ wget --content-disposition https://bosh.io/d/github.com/cloudfoundry/cf-release?v=254