release: / 0.1454.0

Github source: 72b65532 or master branch

Changes from v0.1453.0 to v0.1454.0

Significant changes

Operators can now install a set of trusted system certificates in the default /etc/ssl/certs trust store of the cflinuxfs2 rootfs. This is particularly useful if your cflinuxfs2-based instances communicate with external services signed by a custom CA, in which case you can use this feature to install that CA certificate in all the instances.

To install the certificates, supply the contents of the PEM-encoded certificates in the diego.rootfs_cflinuxfs2.trusted_certs property in the Diego deployment manifest. As with other PEM-encoded manifest data, you may wish to use the YAML | block-literal syntax to specify the property, as follows:

      trusted_certs: |
        -----BEGIN CERTIFICATE-----
        (cert number 1 data)
        -----END CERTIFICATE-----
        # comments outside the PEM boundaries will be ignored
        -----BEGIN CERTIFICATE-----
        (cert number 2 data)
        -----END CERTIFICATE-----

If you are using the spiff-based manifest-generation scripts, this property can also be specified in the property-overrides stub.

Custom CAs



Manifest Generation


Test Suites and Tooling



BOSH job changes


BOSH property changes

  • Added diego.rootfs_cflinuxfs2.trusted_certs: Bundle of certificates to install in the cflinuxfs2 rootfs default trust store (/etc/ssl/certs).

Upload this release version to the Director:

$ bosh upload release

Modify deployment manifest to use this release in addition to any other used releases:

- {name: diego, version: "0.1454.0"}

Finally add needed deployment jobs and specify values for required properties.

Optionally download sha1: 4175435ff2e5c81494a0398f93c53807424edb0c release tarball locally:

# ...or download it directly using curl
$ curl -L -J -O

# or with wget...
$ wget --content-disposition