cf/217
You can find the source of this version on GitHub at cloudfoundry/cf-release. It was created based on the commit 68a2ec67.
Release Notes¶
The cf-release v217 was released on September 09, 2015.
Important:
- This release introduces significant improvements to the security of the consul cluster, however the operator must introduce these changes over the course of multiple deployments. If you are not running any consul servers as part of your deployment, you can ignore these instructions. Otherwise, please do the following:
1. Scale the number of consul servers in your existing deployment down to 1 instance. The consul.agent.servers.lan property must be updated to reflect this; this should happen for free if you are using the standard tooling for manifest generation. If you are deploying Diego alongside CF, you must redeploy Diego as well to pick up the consul.agent.servers.lan change; again, this should happen for free if using the standard manifest generation tooling.
2. Generate SSL certificates, keys, and a separate encryption key for the gossip protocol used by consul (instructions). Upload the v217 release and generate your manifest for CF (and then Diego, if also deploying Diego).
3. Deploy CF (and then Diego, if also deploying Diego).
4. Scale the number of consul servers back up to whatever you had it at before. Regenerate all relevant manifests and deploy.
- cf-release v216 was skipped. After cutting a final release, the final release changes need to be committed back to the repo. We do one final deploy of the final release before committing its changes to master. In this case, a bug was found after doing the deploy, so we did not commit its changes. The bug was fixed, a new final release was deployed, and its changes have been committed. Since the director where the deploy was done already had a 216 deployed to it, we could not call the fixed release 216 as well, hence 217.
Contents: - CC and Service Broker APIs - Runtime - Buildpacks and Stacks - Routing - Loggregator - Internal Components - Job Spec Changes - Recommended BOSH Release and Stemcell Versions - Recommended Diego Version - Recommended Garden Linux Version
CC and Service Broker APIs
CC API Version: 2.35.0
Service Broker API Version: 2.6
Cloud Controller
- [Experimental] Work continues on /v3 and Application Process Types details
- [Experimental] Work continues on Private Brokers details
- [Experimental] Work reverted on Dashboard Clients per Service Instance details
- [Experimental] Work started on Route Services details
- cloudfoundry/cloud_controller_ng #411: Update cf-message-bus which includes latest NATS client details
- Add a description to the Resource Match API page to apidocs details
- Add description for recursive delete flag on Orgs and Spaces to apidocs details
- Update ruby version to 2.1.7 details
- Remove experimental flags for
total_private_domainsandapp_instance_limitin Creating a Organization Quota Definition details - Added new endpoint to get number of started instances by Org
GET /v2/organizations/:guid/instance_usageapidoc details
Runtime
DEA
Warden
- Remove guard against using aufs for nested warden containers to match current garden behavior. details
- Bump ruby version to 2.1.7. details
HM9000
No functional changes.
Buildpacks and Stacks
stacks
updated to 1.7.0 (from 1.4.0)
1.7.0
Notably, this release addresses USN-2726-1, “Expat vulnerability”, which is related to CVE-2015-1283.
1.6.0
Notably, this release addresses USN-2722-1, “gdk-pixbuf vulnerability”.
1.5.0
Notably, this release addresses: - USN-2710-1, “OpenSSH vulnerabilities” - USN-2710-2, “openssh regression”
which are related to: - CVE-2015-5352 - CVE-2015-5600
in addition to two other vulnerabilities which do not yet have CVE numbers assigned.
go-buildpack
updated to v1.6.0 (from v1.5.0)
v1.6.0
- Output buildpack information in detect script. (https://www.pivotaltracker.com/story/show/100757820)
- Add go 1.5. Remove go 1.1.x, which hasn’t been updated since August 2013. (https://www.pivotaltracker.com/story/show/101620562)
Packaged binaries:
| name | version | cf_stacks |
|---|---|---|
| go | 1.2.1 | cflinuxfs2 |
| go | 1.2.2 | cflinuxfs2 |
| go | 1.3.2 | cflinuxfs2 |
| go | 1.3.3 | cflinuxfs2 |
| go | 1.4.1 | cflinuxfs2 |
| go | 1.4.2 | cflinuxfs2 |
| go | 1.5 | cflinuxfs2 |
ruby-buildpack
updated to v1.6.5 (from v1.6.2)
v1.6.5
- Change default Ruby version to ‘2.2.3’ (https://www.pivotaltracker.com/story/show/101779882)
Packaged binaries:
| name | version | cf_stacks |
|---|---|---|
| ruby | 2.0.0 | cflinuxfs2 |
| ruby | 2.1.6 | cflinuxfs2 |
| ruby | 2.1.7 | cflinuxfs2 |
| ruby | 2.2.2 | cflinuxfs2 |
| ruby | 2.2.3 | cflinuxfs2 |
| jruby | ruby-1.9.3-jruby-1.7.21 | cflinuxfs2 |
| jruby | ruby-2.0.0-jruby-1.7.21 | cflinuxfs2 |
| jruby | ruby-2.2.2-jruby-9.0.0.0 | cflinuxfs2 |
| node | 0.12.7 | cflinuxfs2 |
| bundler | 1.9.7 | cflinuxfs2 |
| libyaml | 0.1.6 | cflinuxfs2 |
| openjdk1.8-latest | 1.8.0_51 | cflinuxfs2 |
| rails3_serve_static_assets | - | cflinuxfs2 |
| rails_log_stdout | - | cflinuxfs2 |
v1.6.4
Note that v1.6.3 was not released. - Add support for Ruby 2.1.7 and 2.0.0-p647, which addresses CVE-2015-3900. Remove support for Ruby 2.1.5 and 2.0.0-p645. (https://www.pivotaltracker.com/story/show/101589968)
Identity
Updated to UAA Release 2.6.1
Routing
- Work continues on support for Route Services details, more details
- Gorouter now logs X-Forwarded-Proto details
- Gorouter no longer responds to a publish NATS message with an empty subject details
- Work begun on support for TCP Routing in Routing API details
- Routing API no longer logs the Authorization header details
- A bug was introduced in v217 wherein gorouter logs are no longer rotated as frequently as they used to be. This could lead to failure if the disk fills up. A fix has been committed and will be included in v219 details.
Loggregator
Internal Components
etcd
No functional changes.
consul
- Improve operability of consul cluster when scaling down. details
- Consul servers determine whether they are synced with the rest of the cluster in the officially recommended manner. details
- Consul agents and servers communicate securely with one another. details
- Consul servers leave and join the cluster more reliably during a rolling deploy. details
route_registrar
- Added new
route_registrarjob to centralize route registration logic in one place, and move it out of the source code of other components that aren’t primarily concerned with route registration. details
Job Spec Changes
- Removed
networks.appsproperty from all jobs. details - Removed numerous unused properties:
- Removed
cc.internal_service_hostname,cc.jobs.model_deletion.timeout_in_seconds,cc.info.support_address, andccdb.max_ar_connectionsfrom all CC-related jobs. - Removed
uaa.clients.cloud_controller_username_lookup.clientfromcloud_controller_ngspec. - Removed
nats_propsfromnats_stream_forwarderspec.
- Removed
- Added
cc.diego.nsync_url,cc.diego.stager_url, andcc.diego.tps_urlto all CC-related jobs. details - Added
consul.require_ssl,consul.ca_cert,consul.server_cert,consul.server_key,consul.agent_cert,consul.agent_key, andconsul.encrypt_keystoconsul_agentjob. details - Added
doppler.sink_dial_timeout_secondsanddoppler.sink_io_timeout_secondstodopplerspec. details - Added
router.logrotate.freq_min,router.logrotate.rotate,router.logrotate.size, androuter.extra_headers_to_logtogorouterspec. details - Removed
traffic_controller.hostandtraffic_controller.incoming_portfromloggregator_trafficcontrollerspec. details - Added
metron_agent.logrotate.freq_min,metron_agent.logrotate.rotate, andmetron_agent.logrotate.sizetometron_agentspec. details - Added
uaa.logging_leveltouaajob. details - Added
login.prompt.username.textandlogin.prompt.password.texttouaajob. details
Recommended BOSH Release and Stemcell Versions
- BOSH Release Version: bosh/201
- BOSH Stemcell Version(s): bosh-aws-xen-hvm-ubuntu-trusty-go_agent/3026
These are soft recommendations; several different versions of the BOSH release and stemcell are likely to work fine with this version of cf-release.
Recommended Diego Version
- Diego final release 0.1428.0 · release notes
This is a soft recommendation; several different versions of the diego-release may work fine with this version of cf-release.
Recommended Garden Linux Version
- garden-linux Release Version: garden-linux/0.303.0
This is a soft recommendation; several different versions of the garden-linux release may work fine with this version of cf-release and the aforementioned version of diego-release.
Usage¶
You can reference this release in your deployment manifest from the releases section:
- name: "cf" version: "217" url: "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=217" sha1: "6b41a35cf3f362f644ab0ce552d578dfd682e9a1"
Or upload it to your director with the upload-release command:
bosh upload-release --sha1 6b41a35cf3f362f644ab0ce552d578dfd682e9a1 \ "https://bosh.io/d/github.com/cloudfoundry/cf-release?v=217"
Jobs¶
- acceptance-tests
- cloud_controller_clock
- cloud_controller_ng
- cloud_controller_worker
- collector
- consul_agent
- dea_logging_agent
- dea_next
- debian_nfs_server
- doppler
- etcd
- etcd_metrics_server
- gorouter
- haproxy
- hm9000
- loggregator_trafficcontroller
- metron_agent
- nats
- nats_stream_forwarder
- nfs_mounter
- postgres
- route_registrar
- routing-api
- smoke-tests
- statsd-injector
- syslog_drain_binder
- uaa
Packages¶
- acceptance-tests
- buildpack_binary
- buildpack_go
- buildpack_java
- buildpack_java_offline
- buildpack_nodejs
- buildpack_php
- buildpack_python
- buildpack_ruby
- buildpack_staticfile
- cli
- cloud_controller_ng
- collector
- common
- consul
- dea_logging_agent
- dea_next
- debian_nfs_server
- doppler
- etcd
- etcd-common
- etcd_metrics_server
- gnatsd
- golang1.3
- golang1.4
- gorouter
- haproxy
- hm9000
- libpq
- loggregator_trafficcontroller
- metron_agent
- mysqlclient
- nats
- nginx
- nginx_newrelic_plugin
- postgres
- postgres-9.4.2
- rootfs_cflinuxfs2
- route_registrar
- routing-api
- rtr
- ruby-2.1.7
- smoke-tests
- statsd-injector
- syslog_drain_binder
- uaa
- warden