Skip to content

v2.0.0
Compare
Choose a tag to compare
@heyjcollins heyjcollins released this 19 Jun 00:13
v2.0.0
73244d3

Skip directly to release v2.1.0

This release contains a diego bug described in the diego release v2.9.0 release notes.

❗💥Major release containing breaking changes💥❗

Summary:

  1. There is now support for custom external blobstores. There is still ops-file support for IaaS-specific blobstores, but they now require the use of a generic use-external-blobstore.yml ops file. See the bottom of the release notes for a usage example.
  2. The NFS broker is now deployed as a CF application via a BOSH errand to reduce VM footprint.
    • You must use the nfsbrokerpush errand to cf push the nfs broker after your bosh deploy completes.
  3. TLS is now enabled by default for component syslogs.
    • If your syslog target uses a custom CA, you must now use the component-syslog-custom-ca.yml.
  4. CF Networking release has been upgraded from 1.13.0 to 2.4.0. Silk release 2.4.0 is now the default container networking interface plugin.
    • The experimental cf-networking 2.0 ops files have been deleted.
    • Custom ops files changing cf-networking configuration need to be updated as necessary to support job and property changes included in cf-networking and silk releases 2.x.
  5. CredHub is recommended as the default credential store for deployment variables rather than var stores.
    Note:⚡ Starting with cf-deployment 3.0 all integration testing/validation will be executed against CredHub-enabled CF installs. We recommend migrating your credentials to CredHub as soon as you can.
  6. metron_agent job has been split out into the Loggregator Agent release and is now the default logs and metrics system.
  7. All deprecated ops files have been deleted.

Manifest Updates

  • Removed UAA port from Diego SSH-proxy job. Starting with Diego v2.5.0, the default value for this property is 8443 so including it in the manifest is redundant.

Ops-files

New Ops-files

  • operations/use-external-blobstore.yml
  • operations/addons/component-syslog-custom-ca.yml
    • The syslog_forwarder job will only trust certs signed by the provided cert chain. Requires enable-component-syslog.yml. This file isn't necessary if your syslog target has a cert signed by a public CA.
  • operations/backup-and-restore/enable-backup-restore-azure.yml
    • Enables the backup and restore of Azure blobstores with soft delete enabled. Requires enable-backup-restore.yml and use-azure-storage-blobstore.yml.
  • operations/backup-and-restore/enable-restore-azure-clone.yml
    • Deploy with this ops file when restoring to a different Azure storage account. Requires enable-backup-restore.yml and use-azure-storage-blobstore.yml
  • operations/experimental/use-compiled-releases-xenial-stemcell.yml
    • Use releases compiled for Xenial stemcell, as opposed to Trusty. Requires operations/experimental/use-xenial-stemcell.yml
  • operations/experimental/windows-component-syslog-ca.yml
    • Forces windows component syslog to respect only the provided CA for cert validation. Requires windows-enable-component-syslog.yml. Can also be applied to runtime config, in the manner of operations/addons/component-syslog-custom-ca.yml.
  • operations/use-gcs-blobstore-access-key.yml replaces the operations/use-gcs-blobstore.yml ops file and requires operations/use-external-blobstore.yml.

Updated Ops-files

  • operations/bosh-lite.yml
    • Removed redundant UAA port from Diego SSH-proxy job.
  • operations/addons/enable-component-syslog.yml
    • TLS is enabled by default for added security.
  • operations/backup-and-restore/enable-backup-restore-credhub.yml
    • Moves CredHub backup and restore job into the backup-restore VM.
  • operations/experimental/enable-service-discovery.yml
    • Service Discovery is now in the cf-networking release.
  • operations/experimental/migrate-cf-mysql-to-pxc.yml, operations/experimental/use-pxc.yml, and operations/experimental/secure-service-credentials-with-pxc-release.yml
    • Renames mysql-clustered job to pxc-mysql. Also, renames the corresponding BOSH link.
    • Disables TLS between pxc and UAA.
  • operations/experimental/perm-service.yml
    • Configures Perm with UAA.
  • operations/experimental/use-log-cache.yml
    • Fix how SHA is specified for the log-cache-release.
  • operations/use-external-dbs.yml drops unused locket database link (#525).
  • operations/windows2016-cell.yml
    • Enable instance identity credentials by default for windows 2016 Diego cells.

Deleted Ops-files

Files that were previously released with symlinks to their GA'd equivalent or updated as empty to support backward compatibility, or obviated by a new feature or feature enhancement, have been removed in cf-deployment v2.0.0.
Any cf-deployment that has relied on any of the files below will need to be updated.

  • operations/use-gcs-blobstore.yml
  • operations/use-s3-custom-blobstore.yml
  • operations/backup-and-restore/enable-backup-restore-credhub-external-db.yml
  • operations/backup-and-restore/enable-backup-restore-credhub-postgres.yml
  • operations/experimental/disable-consul-service-registrations-locket.yml
  • operations/experimental/disable-consul-service-registrations-windows.yml
  • operations/experimental/disable-consul-service-registrations.yml
  • operations/experimental/enable-backup-restore-credhub.yml
  • operations/experimental/enable-backup-restore-s3.yml
  • operations/experimental/enable-backup-restore.yml
  • operations/experimental/enable-bits-service-https.yml
  • operations/experimental/enable-instance-identity-credentials-windows.yml
  • operations/experimental/enable-instance-identity-credentials-windows2016.yml
  • operations/experimental/enable-instance-identity-credentials.yml
  • operations/experimental/enable-iptables-logger-with-networking-2.yml
  • operations/experimental/enable-nfs-broker-backup.yml
  • operations/experimental/enable-prefer-declarative-healthchecks-windows.yml
  • operations/experimental/enable-prefer-declarative-healthchecks-windows2016.yml
  • operations/experimental/enable-prefer-declarative-healthchecks.yml
  • operations/experimental/use-bosh-dns-for-containers-with-networking-2.yml
  • operations/experimental/use-bosh-dns-for-containers-with-silk-release.yml
  • operations/experimental/use-cf-networking-2.yml
  • operations/experimental/use-external-dbs-with-networking-2.yml
  • operations/experimental/use-latest-windows2016-stemcell.yml
  • operations/experimental/use-offline-windows2016fs.yml
  • operations/experimental/use-postgres-with-networking-2.yml
  • operations/experimental/use-silk-release-external-db.yml
  • operations/experimental/use-silk-release-postgres.yml
  • operations/experimental/use-silk-release.yml
  • operations/experimental/windows-component-syslog-ca.yml
  • operations/experimental/windows2016-cell.yml
  • operations/test/use-gcs-blobstore.yml

Other Updates

Release and Stemcell Updates

Release New Version Old Version
binary-buildpack 1.0.21 1.0.19
cf-networking 2.4.0 1.13.0
silk 2.4.0 0.3.0
cflinuxfs2 1.219.0 1.212.0
diego 2.9.0 2.8.0
garden-runc 1.15.0 1.14.0
routing 0.179.0 0.178.0
uaa 60 59
backup-and-restore-sdk 1.8.0 1.7.1
windows2016 1709.8 1709.7
windows2016fs 1.4.0 1.3.0
pxc 0.10.0 0.7.0
ubuntu-trusty 3586.23 3586.16
cf-app-sd x 0.6.0
os-conf x 20
loggregator-agent 1.0 x
ubuntu-xenial 60 x

External Blobstore Usage Example

If you are using s3 as your external blobstore, your BOSH deploy command might look something like this:

bosh deploy -d cf cf-deployment.yml \
  -o operations/use-s3-blobstore.yml \
  -l s3-vars.yml
  ...

As of this release, your BOSH deploy command will need to be updated to:

bosh deploy -d cf cf-deployment.yml \
  -o operations/use-external-blobstore.yml \
  -o operations/use-s3-blobstore.yml \
  -l s3-vars.yml
  ...
Assets 2
Loading