v2.0.4

Bug Fixes for v1.x Migrated Environments:

• Environments migrated from v1.x were suppose to retain the blobstore name
  for the app packages blobstore (was -packages- in v1.x,
  moved to -app-packages- to better match canonical in
  v2.0.x for new environment). This has been restored.

  If you upgraded to v2.0.x, you can keep the new blobstore name by adding the
  following to your environment:

  meta:
    blobstore_bucket_path:
      app-packages: (( concat meta.blobstore_bucket_prefix "-app-packages-" meta.blobstore_bucket_suffix ))
  

• Environment migrated from v1.x now correctly retain the original NATS user
  credentials. Upstream used a different username, and as such, when
  upgrading to v2.0.x, there was a loss of connectivity to NATS. Migrated
  environments now retain the original v1.x username.

  If you have already upgraded your environment from v1.x to 2.0.x, you can
  specify feature v2-nats-credentials to prevent NATS username from
  switching back and causing further availability outage during deployment.

Release updates:

Name	Version	Changed
binary-buildpack	1.0.36	no
bosh-dns-aliases	0.0.3	no
bpm	1.1.8	no
capi	1.92.0	no
cf-cli	1.26.0	no
cf-networking	2.28.0	no
cf-smoke-tests	40.0.127	no
cf-syslog-drain	10.2.11	no
cflinuxfs3	0.175.0	no
credhub	2.6.0	no
diego	2.48.0	no
dotnet-core-buildpack	2.3.9	no
garden-runc	1.19.11	no
go-buildpack	1.9.11	no
haproxy	9.8.0	no
java-buildpack	4.29.1	no
log-cache	2.7.0	no
loggregator	106.3.11	no
loggregator-agent	5.3.8	no
migrate-postgres	1.0.1	no
nats	38	no
nginx-buildpack	1.1.7	no
nodejs-buildpack	1.7.17	no
php-buildpack	4.4.12	no
postgres	41	no
pxc	0.24.0	no
python-buildpack	1.7.12	no
r-buildpack	1.1.3	no
routing	0.208.0	no
ruby-buildpack	1.8.15	no
silk	2.28.0	no
staticfile-buildpack	1.5.5	no
statsd-injector	1.11.15	no
uaa	74.17.0	no

v1.10.5

Improvements

• Added support for dynamic X.509 certificates TTL. You can specify
  ca_validity_period and cert_validity_period under params in your
  environment file. These default to 10y and 1y respectively. This
  changes the previous default of 1 year for both.

v2.1.1

Known Issue

⚠️
This release of cf-genesis-kit uses version v0.212.0 of Cloud Foundry's routing release, which has an identified issue that affects Spring applications: https://github.com/cloudfoundry/routing-release/releases/tag/0.209.0

The Fix:

Genesis users can change the version of the routing release to v0.208.0 (which does not have the issue) by simply placing the following block at the top level of the Genesis CF environment yml file:

releases:
- name: "routing"
  version: "0.208.0"
  url: "https://bosh.io/d/github.com/cloudfoundry/routing-release?v=0.208.0"
  sha1: "537d8303a083fb4efa5dadf24411fa4758e25b68"

Improvements

• Adds no-tcp-routers feature for systems that don't need TCP routing.

Bug Fix

• Adds to vm_extension list instead of overwrite existing extensions when specifying ssh-proxy-on-routers feature

Release updates:

Name	Version	Changed
binary-buildpack	1.0.36	no
bosh-dns-aliases	0.0.3	no
bpm	1.1.9	no
capi	1.107.0	no
cf-cli	1.32.0	no
cf-networking	2.35.0	no
cf-smoke-tests	41.0.2	no
cflinuxfs3	0.229.0	no
credhub	2.9.0	no
diego	2.49.0	no
dotnet-core-buildpack	2.3.24	no
garden-runc	1.19.19	no
go-buildpack	1.9.27	no
haproxy	9.8.0	no
java-buildpack	4.36	no
log-cache	2.10.0	no
loggregator	106.5.0	no
loggregator-agent	6.2.0	no
metrics-discovery	3.0.3	no
nats	39	no
nginx-buildpack	1.1.21	no
nodejs-buildpack	1.7.44	no
php-buildpack	4.4.33	no
postgres	43	no
pxc	0.33.0	no
python-buildpack	1.7.32	no
r-buildpack	1.1.13	no
routing	0.212.0	no
ruby-buildpack	1.8.33	no
silk	2.35.0	no
staticfile-buildpack	1.5.16	no
statsd-injector	1.11.15	no
uaa	75.0.0	no

v2.1.0

Upgrade from v12.45.0 to v16.7.0

New Features

• New Feature Service Discovery is enabled by default.

  operations/enable-service-discovery.yml Inlined into manifest and emptied this ops file. see Manifest Updates section on the service discovery feature

Changes

• Fixed cc_deployment_updater issue where it always refers to only one MySQL instance even if the ccdb is scaled out. The change updates cc_deployment_updater to refer to CCDB using BOSH DNS record sql-db.service.cf.internal

• Added support for the new (pre 1.0) bionic stemcell by way of an experimental ops file

• Defaults to syslog agents and remove syslog adapters

  Replaces the scalable syslog architecture with the shared-nothing syslog architecture. This architecture is more efficient and will enable the usage of the aggregate drains feature. This change adds two new add-ons to every VM in Cloud Foundry. Operator impact: If your VMs are operating at full or near capacity, you may need to increase the VM resources. If you want this change to occur without logs on app syslog drains being duplicated or dropped for much of the duration of the deploy, we recommend deploying v12 with the operations/experimental/add-disabled-syslog-agent-for-upgrade.yml ops file before deploying v13. This ops file is only needed for your last deployment of v12, and is not needed when deploying v13.

Breaking changes

• This release re-defines all certificates to define a set of subject alternative names that at least includes the common name, as mandated by changes in Golang 1.15. As a result, if you generate your own deployment certificates, you must ensure they include the common name in the list of subject alternative names. If you are using a BOSH-deployed Credhub instance to manage your credentials, please ensure that you are running at least v270.4.0 of BOSH, which includes support for the per-variable update_mode option.

• Removed the ubuntu-trusty stemcell from the colocation criteria of the bosh deployment addons included in cf-deployment by default. If you are still using ubuntu-trusty and rely on the colocation of these addons, you will need to re-add ubuntu-trusty to the criteria with an ops-file. Fixes #918 .

Security Fixes

• Security Fix: Fix for CVE-2020-5416. Improve websocket error handling.

Release updates:

Name	Version	Changed
binary-buildpack	1.0.36	no
bosh-dns-aliases	0.0.3	no
bpm	1.1.9	yes
capi	1.107.0	yes
cf-cli	1.32.0	yes
cf-networking	2.35.0	yes
cf-smoke-tests	41.0.2	yes
cflinuxfs3	0.229.0	yes
credhub	2.9.0	yes
diego	2.49.0	yes
dotnet-core-buildpack	2.3.24	yes
garden-runc	1.19.19	yes
go-buildpack	1.9.27	yes
haproxy	9.8.0	no
java-buildpack	4.36	yes
log-cache	2.10.0	yes
loggregator	106.5.0	yes
loggregator-agent	6.2.0	yes
metrics-discovery	3.0.3	yes
nats	39	yes
nginx-buildpack	1.1.21	yes
nodejs-buildpack	1.7.44	yes
php-buildpack	4.4.33	yes
postgres	43	yes
pxc	0.33.0	yes
python-buildpack	1.7.32	yes
r-buildpack	1.1.13	yes
routing	0.212.0	yes
ruby-buildpack	1.8.33	yes
silk	2.35.0	yes
staticfile-buildpack	1.5.16	yes
statsd-injector	1.11.15	no
uaa	75.0.0	yes

v2.0.3

Improvements

• Adds no-tcp-routers feature for systems that don't need TCP routing.

• Better support for vm_types, especially in context of upgrading from v1 environments.

  New feature v1-vm-types sets up the manifest to use the same VM types as was used in the v1.x versions of the kit, or as close to possible. This allows you to use your existing cloud config and tuning. Where the instance group name changes, it will use the vm type that the instance group was migrated from.

  The exceptions are tcp-router, which will use the router vm type, and cc-worker and credhub, which continue to use minimum as there was no prevous instance group for these functions.

Bug Fix

• Adds to vm_extension list instead of overwrite existing extensions when specifying ssh-proxy-on-routers feature

• Supplied missing params.*_vm_types, warn instead of error if an unknown instance group is specified, so that custom instance groups can be managed in the same way.

  Note: For known instance groups, the underscores are automatically converted to hyphens to determine the matching instance_group for the specified *_vm_type params. For user specified, you must specify the hyphen or underscore as used in the instance_group.

  Known instance groups are:
  adapter, api, cc-worker, credhub, database, diego-api, diego-cell, doppler, errand, haproxy, log-api, nats, rotate-cc-database-key, router, scheduler, singleton-blobstore, smoke-tests, tcp-router, and uaa

Release updates:

Name	Version	Changed
binary-buildpack	1.0.36	no
bosh-dns-aliases	0.0.3	no
bpm	1.1.8	no
capi	1.92.0	no
cf-cli	1.26.0	no
cf-networking	2.28.0	no
cf-smoke-tests	40.0.127	no
cf-syslog-drain	10.2.11	no
cflinuxfs3	0.175.0	no
credhub	2.6.0	no
diego	2.48.0	no
dotnet-core-buildpack	2.3.9	no
garden-runc	1.19.11	no
go-buildpack	1.9.11	no
haproxy	9.8.0	no
java-buildpack	4.29.1	no
log-cache	2.7.0	no
loggregator	106.3.11	no
loggregator-agent	5.3.8	no
migrate-postgres	1.0.1	yes
nats	38	no
nginx-buildpack	1.1.7	no
nodejs-buildpack	1.7.17	no
php-buildpack	4.4.12	no
postgres	41	no
pxc	0.24.0	no
python-buildpack	1.7.12	no
r-buildpack	1.1.3	no
routing	0.208.0	no
ruby-buildpack	1.8.15	no
silk	2.28.0	no
staticfile-buildpack	1.5.5	no
statsd-injector	1.11.15	no
uaa	74.17.0	no

v2.0.2

Params Restoration and Retirements

• Restored support for *_vm_type parameters, including instance group name
  translations. If you are using an outdated instance group name, it will be
  translated to the appropriate one, but will also print out a warning to
  update it.

  The kit also preserves default vm types used with cf kit v1.x for ease of
  migration.

• Restore support for params.availability_zones.

  Also adds support for randomized az placement for any instances that are not
  a multiple of the number of availability zones. This is on by default if
  you explicitly set the availability zones, or can be enabled/disabled by
  setting params.randomize_az_placement to true/false respectively.

  Also fixes small-footprint for haproxy, which would continue using the
  default z1/z2/z3 while everything else used z1.

• Add params.api_domain to the retired environment parameters, and added a
  check for the retired parameters in the genesis check phase. The
  api_domain param was not actively being used, contrary to the
  documentation. It was using, and will continue to use api.<system_domain>

• Restored the cf-db network for migrated environments

  v1.x kits used a cf-db network, whereas v2.0 puts any internal database in
  the cf-core network. If using bare, everything gets put in the default
  network. This can be overridden by specifying params.cf_db_network

• Add skip_ssl_validation back in as a valid param

  The genesis new wizard would set the params.skip_ssl_validation, and
  then the user would be told that this wasn't a valid param. It was being
  done in the wizard to support self-signed certs.

  Rather than take it out of the wizard, it is now used to automatically add
  the cf-deployment/operations/stop-skipping-tls-validation TLS validation
  enforcement feature if explicitly set to fault, defaulting to skipping
  validation if true or unset.

New Features

• Added aws-blobstore-iam and no-nats-tls features

  Adds ability to connect to AWS blobstore via IAM configuration instead of
  credentials. To connect with IAM, users should use aws-blobstore-iam
  instead of the aws-blobstore.

  Adds nats-tls job to nats instance by default, but allows users to turn off
  this feature via the no-nats-tls feature (which will be discontinued in an
  upcoming release when nats-tls becomes required)

• Add ssh-proxy-on-routers feature

  Moves ssh-proxy job from scheduler to routers, better allowing for scaling
  and putting it on the edge network (if used)

Improvements

• Support cached local ops features

  Genesis now fully supports the ops/ features natively, but this also has to
  be supported by the kits that provide for it. This kit now correctly draws
  any local ops features from the cache if they exist there before trying to
  use uncached versions.

• Defer the Cloud Config validation

  Because we don't know what upstream extensions, networks or vm types are
  going to be used, we now defer the cloud config checks to after the manifest
  is generated and check the values referenced in the manifest with those
  available in the cloud config in the pre-deploy hook.

  Also improves output format and uses stderr in check and pre-deploy hooks,
  and requires Genesis v2.7.23.

• Suppress error when detecting external_db_user presence

  If external_db_user is present, we need to warn users that they need to set
  params.external_db_user to that value, as it is not picked up by default in
  cf kit v2.x. However, while it can be normal for that value not to be
  present, the detection would log an extraneous warning that it couldn't be
  found. This fixes that issue.

• Improve pre-deploy manifest check

  Now detects incomplete instance groups. This is crucial for warning the
  user if they have left instance group overrides that use the old v1.x names
  in their environment file.

• Updated post-deploy hook to support v2.x

Bug Fixes:

• Override NATS, diego and routing release from the upstream cf-deployment
  v12.45.0 to resolve a NATS outage (Fixes #156).

• Bump migrate-postgres to 1.0.1 for migrating the postgres database
  configuration used by the v1.10.1 cf kit to what v2.0.x requires. This
  fixes the postgres version mismatch issue encountered when upgrating from
  v1.10.1 to 2.0.0 if a local postgres database was in use.

• Fix variables for aws blobstore

• Remove *-network-properties vm extensions from router and tcp-router when
  haproxy feature is enabled.

• randomize_az_placement want boolean and not string

Release updates:

Name	Version	Changed
binary-buildpack	1.0.36	no
bosh-dns-aliases	0.0.3	no
bpm	1.1.8	no
capi	1.92.0	no
cf-cli	1.26.0	no
cf-networking	2.28.0	no
cf-smoke-tests	40.0.127	no
cf-syslog-drain	10.2.11	no
cflinuxfs3	0.175.0	no
credhub	2.6.0	no
diego	2.48.0	no
dotnet-core-buildpack	2.3.9	no
garden-runc	1.19.11	no
go-buildpack	1.9.11	no
haproxy	9.8.0	no
java-buildpack	4.29.1	no
log-cache	2.7.0	no
loggregator	106.3.11	no
loggregator-agent	5.3.8	no
nats	38	no
nginx-buildpack	1.1.7	no
nodejs-buildpack	1.7.17	no
php-buildpack	4.4.12	no
postgres	41	no
pxc	0.24.0	no
python-buildpack	1.7.12	no
r-buildpack	1.1.3	no
routing	0.208.0	no
ruby-buildpack	1.8.15	no
silk	2.28.0	no
staticfile-buildpack	1.5.5	no
statsd-injector	1.11.15	no
uaa	74.17.0	no

v1.10.4

Bug Fix

• Use genesis.env, not params.env

  Once we updated the min genesi version to above 2.6.13, the
  autopopulation of params.env has been removed. Therefore, v1.10.2
  causes genesis to complain that params.env exists, but won't work
  without it.

  The resolution is to use genesis.env instead of the outdated params.env
  in the kit's manifest fragments, which is only needed in the blobstore
  directory key settings.

• Properly handle internal domains for dns_service_discovery

  Due to some quirks of spruce, the apps.internal domain wasn't being applied
  by the inclusion of the dns_service_discovery feature; it had to be
  explicitly added to params.apps_domains. This is no longer necessary and
  should be removed

v0.1.11

A simple release that just unbreaks the nfs-volume-services subkit.

Requires bosh director on v262+.

v1.10.3 - Special Pre-migration Release #2

Bug Fix

• Use genesis.env, not params.env

  Once we updated the min genesis version to above 2.6.13, the
  auto-population of params.env has been removed. Therefore, v1.10.2
  causes genesis to complain that params.env exists, but won't work
  without it.

  The resolution is to use genesis.env instead of the outdated params.env
  in the kit's manifest fragments, which is only needed in the blobstore
  directory key settings.

• Properly handle internal domains for dns_service_discovery

  Due to some quirks of spruce, the apps.internal domain wasn't being applied
  by the inclusion of the dns_service_discovery feature; it had to be
  explicitly added to params.apps_domains. This is no longer necessary and
  should be removed

v2.0.1

Bug Fixes

• Override NATS, diego and routing release from the upstream cf-deployment
  v12.45.0 to resolve a NATS outage (Fixes #156).

• Add params.api_domain to the retired environment parameters, and added a
  check for the retired parameters in the genesis check phase. The
  api_domain param was not actively being used, contrary to the
  documentation. It was using, and will continue to use api.<system_domain>

• Bump migrate-postgres to 1.0.1 for migrating the postgres database
  configuration used by the v1.10.1 cf kit to what v2.0.x requires. This
  fixes the postgres version mismatch issue encountered when upgrating from
  v1.10.1 to 2.0.0 if a local postgres database was in use.

• fix variables for aws blobstore