Release v214 · cloudfoundry-attic/cf-release

The cf-release v214 was released on July 29, 2015.

Important:

This release includes a migration that modifies the events table. This table may be very large, and the migration may cause the deployment to fail if it takes too long to run. If the migration causes the deployment to fail, the api_z1/0 job will fail to start. If this happens, do not restart the deploy until the migration has finished running. The deploy can be restarted once the space_id foreign key constraint has been removed from the events table.
To avoid the possibility of the migration causing a failure, truncate the events table before the deployment starts. The data in the events table are considered to be audit and log data, and Cloud Foundry can function if it is removed.

Contents:

CC and Service Broker APIs
Runtime
Buildpacks and Stacks
Routing
Loggregator
Internal Components
Job Spec Changes
Recommended BOSH Release and Stemcell Versions
Recommended Diego Version

CC and Service Broker APIs

CC API Version: 2.33.0

Service Broker API Version: 2.6

Cloud Controller

Fixed backwards incompatible ccdb migration introduced in cf-release 213 details
[Experimental] Work continues on /v3 and Application Process Types details
[Experimental] Work continues on Private Brokers details
[Experimental] Work continues on Dashboard Clients per Service Instance details
Truncate the billing_events table to complete the deprecation details
Support for app instance limit on Org Quota details
cloudfoundry/cloud_controller_ng #402: Enlarge Service Keys Credentials details
Audit events for service key create and delete details
vendor/errors is no longer a submodule details
use cf.internal for internal domain for consul details
SSH access requires app update access details
Create service usage event upon plan update details
hm9k fetcher to only select the columns that are needed details

Runtime

DEA

Fix race condition where DEA was sending heartbeat before UUID had been generated. details

Warden

Use wait-for-lock when invoking iptables. details
Keep track of containers when destroy fails. details

Buildpacks and Stacks

rootfs

updated cflinuxfs2 to v1.1.0

v1.1.0

Notably, this release addresses USN-2670-1: "libwmf vulnerabilitites", which is related to:

go-buildpack

updated to v1.5.0 (from v1.4.0)

v1.5.0

Basic Godeps/Godeps.json validation

Note that ./Godeps and .godir are deprecated.

(See README.md for additional notes about the Godeps upgrade.)
Include current stack in unsupported stack message
(https://www.pivotaltracker.com/story/show/98579464)
Remove vendored python interpreter
(https://www.pivotaltracker.com/story/show/94532204)
Defaults for GOMAXPROCS
Update godep

Includes at least:
- 64k line fixes
- godep diff
- Cross compiled with go 1.4.2 / gox (statically linked)
GOPATH "g" -> "go"

Packaged binaries:

name	version	cf_stacks
go	1.1.1	cflinuxfs2
go	1.1.2	cflinuxfs2
go	1.2.1	cflinuxfs2
go	1.2.2	cflinuxfs2
go	1.3.2	cflinuxfs2
go	1.3.3	cflinuxfs2
go	1.4.1	cflinuxfs2
go	1.4.2	cflinuxfs2

nodejs-buildpack

updated to v1.5.0 (from v1.4.0)

v1.5.0

remove versions 0.8.x and 0.9.x from manifest
(https://www.pivotaltracker.com/story/show/97770112)
Include CF built binaries
(https://www.pivotaltracker.com/story/show/97136960)

Packaged binaries:

name	version	cf_stacks
node	0.10.38	cflinuxfs2
node	0.10.40	cflinuxfs2
node	0.11.15	cflinuxfs2
node	0.11.16	cflinuxfs2
node	0.12.6	cflinuxfs2
node	0.12.7	cflinuxfs2

v1.4.2

Security upgrade to nodejs 0.12.7
Add support for node version 0.10.40
Remove support for node version 0.10.37
(https://www.pivotaltracker.com/story/show/98855140)

v1.4.1

Security upgrade to nodejs 0.12.6
(https://www.pivotaltracker.com/story/show/98683546)

php-buildpack

updated to v4.0.0 (from v3.3.0)

v4.0.0

upgrade PHP 5.6.11, 5.5.27, and 5.4.43
(https://www.pivotaltracker.com/story/show/98855368)
Package all PHP modules in a single tarball

Instead of downloading PHP modules individually, include all modules in a
single tarball to make the manifest more manageable.
(https://www.pivotaltracker.com/story/show/95473520)
Package all httpd modules in a single tarball

Instead of downloading httpd modules individually, include all modules
in a single tarball to make the manifest more manageable.
(https://www.pivotaltracker.com/story/show/95473520)
Add nginx 1.9.2, upgrade to 1.6.3; drop 1.7.x
(https://www.pivotaltracker.com/story/show/98855608)
Include current stack in unsupported stack message
(https://www.pivotaltracker.com/story/show/98579464)

Packaged binaries:

name	version	cf_stacks
php	5.4.42	cflinuxfs2
php	5.4.43	cflinuxfs2
php	5.5.26	cflinuxfs2
php	5.5.27	cflinuxfs2
php	5.6.10	cflinuxfs2
php	5.6.11	cflinuxfs2
hhvm	3.5.0	cflinuxfs2
hhvm	3.5.1	cflinuxfs2
hhvm	3.6.0	cflinuxfs2
hhvm	3.6.1	cflinuxfs2
composer	1.0.0-alpha10	cflinuxfs2
httpd	2.4.12	cflinuxfs2
newrelic	4.20.2.95	cflinuxfs2
nginx	1.6.3	cflinuxfs2
nginx	1.8.0	cflinuxfs2
nginx	1.9.2	cflinuxfs2

v3.3.1

Include php versions 5.6.10, 5.5.26, 5.4.42
Remove support for 5.4.39, 5.5.23, 5.6.7
Change the default PHP version to 5.5.26
(https://www.pivotaltracker.com/story/show/98547428)
Support nginx 1.8
(https://www.pivotaltracker.com/story/show/96911902)
Fix boolean values in options.json
(https://www.pivotaltracker.com/story/show/98199628)

python-buildpack

updated to v1.5.0 (from v1.4.0)

v1.5.0

Include CF built binaries
(https://www.pivotaltracker.com/story/show/97136960)
Include current stack in unsupported stack message
(https://www.pivotaltracker.com/story/show/98579464)
Update pip to 7.1.0
Update setuptools to 18.0.1
Set xtrace if $BUILDPACK_XTRACE set

Packaged binaries:

name	version	cf_stacks
python	2.7.10	cflinuxfs2
python	2.7.9	cflinuxfs2
python	3.3.5	cflinuxfs2
python	3.3.6	cflinuxfs2
python	3.4.2	cflinuxfs2
python	3.4.3	cflinuxfs2
libffi	3.1	cflinuxfs2
libmemcache	1.0.18	cflinuxfs2

ruby-buildpack

updated to v1.6.1 (from v1.5.0)

v1.6.1

Fix issues with the 'including unsupported' manifest
- Fix incorrect md5 checksum for node version 0.12.7
- Remove merge conflict annotations

Packaged binaries:

name	version	cf_stacks
ruby	2.0.0	cflinuxfs2
ruby	2.1.5	cflinuxfs2
ruby	2.1.6	cflinuxfs2
ruby	2.2.1	cflinuxfs2
ruby	2.2.2	cflinuxfs2
jruby	ruby-1.9.3-jruby-1.7.21	cflinuxfs2
jruby	ruby-2.0.0-jruby-1.7.21	cflinuxfs2
jruby	ruby-2.2.2-jruby-9.0.0.0.rc2	cflinuxfs2
node	0.12.7	cflinuxfs2
bundler	1.9.7	cflinuxfs2
libyaml	0.1.6	cflinuxfs2
openjdk1.8-latest	-	cflinuxfs2
rails3_serve_static_assets	-	cflinuxfs2
rails_log_stdout	-	cflinuxfs2

v1.6.0

Include CF built binaries
(https://www.pivotaltracker.com/story/show/97136960)

v1.5.2

Update 1.7.* jrubies to 1.7.21 in response to CVE-2015-4020
Add support for JRuby 9.0.0.0.rc2
Remove support for JRuby 9.0.0.0.rc1
(https://www.pivotaltracker.com/story/show/98856174)
Add support for node version 0.12.7
(https://www.pivotaltracker.com/story/show/98855140)

v1.5.1

Update error message in the event of deploying this buildpack on
an unsupported stack
(https://www.pivotaltracker.com/story/show/98579464)
Security upgrade to NodeJS 0.12.6
(https://www.pivotaltracker.com/story/show/98683546)
Updating to buildpack-packager v2.2.2
Now supports printing out buildpack dependencies via buildpack-packager list
(https://www.pivotaltracker.com/story/show/98588996)
Upgrade JRuby 9000 support to rc1
(https://www.pivotaltracker.com/story/show/97566746)

staticfile-buildpack

updated to v1.2.1 (from v1.2.0)

v1.2.1

Adding helpful message for unsupported stack
(https://www.pivotaltracker.com/story/show/98579464)
Compress nginx response body for more MIME types
(https://www.pivotaltracker.com/story/show/98128132)
Update nginx to version 1.8.0
(https://www.pivotaltracker.com/story/show/97663450)

Packaged binaries:

name	version	cf_stacks
nginx	1.8.0	cflinuxfs2

Identity

No Changes

Routing

Work continues on support for route services details
Bug fix: Correct context path was not included in cookie returned to client when backend returns JSESSIONID details
Optional routing test suite added to cf-acceptance-tests details
Oauth client arguments for rtr CLI changed to --client-id and --client-secret details
Submodule name of gorouter and routing api now matches path details
Moved two gorouter property defaults into spec file details

Loggregator

Loggregator Release Tag

Loggregator Features

Metron refactoring complete, benchmarked at ~30% performance increase. details
Metron now uses dropsonde for metrics instead of /varz. details
PR -Add logpath flag support to syslog drain binder. details
Internal: Improved CI
- Cleanup gems during deploy details
- Auto-stop pipeline for lost metrics details
- Benchmark Metron during CI test details
- Steel thread integration suite details
- Integration suite test burst performance of metron details
- Document build process details
- New integration testing for data race conditions details
- Parallelize unit tests for performance details
- New integration testing for concurrent loads on legacy ports details
- General metron pipeline cleanup details

Loggregator Bugs

Invalid null pointer during TC runtime details
PR - Fix format strings details

Internal Components

etcd

etcd can now be configured to support SSL communication between clients and servers, and amongst etcd servers themselves. The Diego team currently maintains their own packaging of etcd, but we are in the process of extracting a common etcd-release that can be consumed by both CF and Diego deployments. The etcd packaging within cf-release has been brought in line with the diego-release packaging to validate that a common etcd-release will work for both deployments.

consul

The cluster management of consul has been made more robust by making sure that consul server nodes have fully synced up with the rest of the cluster before moving on to add another node to the cluster. details

Job Spec Changes

Removed login job entirely. details
Changed acceptance_tests.oauth_password to acceptance_tests.client_secret. details
Changed acceptance_tests.include_routing_api to acceptance_tests.include_routing. details
Added router.route_service_secret and router.route_service_timeout. details
Changed default value for uaa.zones.internal.hostnames from [uaa.service.consul] to [uaa.service.cf.internal].details
Added login.saml.signMetaData and login.saml.signRequest.
Changed etcd.machines to be a list of addresses instead of just a list of IPs, and added etcd.require_ssl, etcd.ca_cert, etcd.server_cert, etcd.server_key, etcd.client_cert, etcd.client_key, etcd.peer_require_ssl, etcd.peer_ca_cert, etcd.peer_cert, etcd.peer_key to support SSL for all communication between etcd clients and servers, and amongst etcd servers. diego client SSL story diego peer SSL story cf compatibility story
Added consul.agent.sync_timeout_in_seconds. details

Recommended BOSH Release and Stemcell Versions

BOSH Release Version:
bosh 176
BOSH Stemcell Version:

  name: small_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: small_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: medium_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: medium_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: large_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: large_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: runner_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: runner_z2
    name: bosh-aws-xen-ubuntu-trusty-go_agent
    version: 3026
  name: router_z1
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: router_z2
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: small_errand
    name: bosh-aws-xen-hvm-ubuntu-trusty-go_agent
    version: 3026
  name: xlarge_errand
    name: bosh-aws-xen-ubuntu-trusty-go_agent
    version: 3026

These are soft recommendations; several different versions of the BOSH release and stemcell are likely to work fine. In future deployments, we will be migrating all Runner VMs to the new HVM instance types.

Recommended Diego Version

Diego final release 0.1398.0 · release notes