v1.10.2

Params Restoration and Retirements

• Restored support for *_vm_type parameters, including instance group name
  translations. If you are using an outdated instance group name, it will be
  translated to the appropriate one, but will also print out a warning to
  update it.

  The kit also preserves default vm types used with cf kit v1.x for ease of
  migration.

• Restore support for params.availability_zones.

  Also adds support for randomized az placement for any instances that are not
  a multiple of the number of availability zones. This is on by default if
  you explicitly set the availability zones, or can be enabled/disabled by
  setting params.randomize_az_placement to true/false respectively.

  Also fixes small-footprint for haproxy, which would continue using the
  default z1/z2/z3 while everything else used z1.

• Add params.api_domain to the retired environment parameters, and added a
  check for the retired parameters in the genesis check phase. The
  api_domain param was not actively being used, contrary to the
  documentation. It was using, and will continue to use api.<system_domain>

• Restored the cf-db network for migrated environments

  v1.x kits used a cf-db network, whereas v2.0 puts any internal database in
  the cf-core network. If using bare, everything gets put in the default
  network. This can be overridden by specifying params.cf_db_network

• Add skip_ssl_validation back in as a valid param

  The genesis new wizard would set the params.skip_ssl_validation, and
  then the user would be told that this wasn't a valid param. It was being
  done in the wizard to support self-signed certs.

  Rather than take it out of the wizard, it is now used to automatically add
  the cf-deployment/operations/stop-skipping-tls-validation TLS validation
  inforcement feature if explicitly set to fault, defaulting to skipping
  validation if true or unset.

New Features

• Added aws-blobstore-iam and no-nats-tls features

  Adds ability to connect to AWS blobstore via IAM configuration instead of
  credentials. To connect with IAM, users should use aws-blobstore-iam
  instead of the aws-blobstore.

  Adds nats-tls job to nats instance by default, but allows users to turn off
  this feature via the no-nats-tls feature (which will be discontinued in an
  upcoming release when nats-tls becomes required)

• Add ssh-proxy-on-routers feature

  Moves ssh-proxy job from scheduler to routers, better allowing for scaling
  and putting it on the edge network (if used)

Improvements

• Support cached local ops features

  Genesis now fully supports the ops/ features natively, but this also has to
  be supported by the kits that provide for it. This kit now correctly draws
  any local ops features from the cache if they exist there before trying to
  use uncached versions.

• Defer the Cloud Config validation

  Because we don't know what upstream extensions, networks or vm types are
  going to be used, we now defer the cloud config checks to after the manifest
  is generated and check the values referenced in the manifest with those
  available in the cloud config in the pre-deploy hook.

  Also improves output format and uses stderr in check and pre-deploy hooks,
  and requires Genesis v2.7.23.

• Suppress error when detecting external_db_user presence

  If external_db_user is present, we need to warn users that they need to set
  params.external_db_user to that value, as it is not picked up by default in
  cf kit v2.x. However, while it can be normal for that value not to be
  present, the detection would log an extraneous warning that it couldn't be
  found. This fixes that issue.

• Improve pre-deploy manifest check

  Now detects incomplete instance groups. This is crucial for warning the
  user if they have left instance group overrides that use the old v1.x names
  in their environment file.

• Updated post-deploy hook to support v2.x

Bug Fixes:

• Override NATS, diego and routing release from the upstream cf-deployment
  v12.45.0 to resolve a NATS outage (Fixes #156).

• Bump migrate-postgres to 1.0.1 for migrating the postgres database
  configuration used by the v1.10.1 cf kit to what v2.0.x requires. This
  fixes the postgres version mismatch issue encountered when upgrating from
  v1.10.1 to 2.0.0 if a local postgres database was in use.

• Fix variables for aws blobstore

• Remove *-network-properties vm extensions from router and tcp-router when
  haproxy feature is enabled.

• randomize_az_placement want boolean and not string

Release updates:

Name	Version	Changed
binary-buildpack	1.0.36	no
bosh-dns-aliases	0.0.3	no
bpm	1.1.8	no
capi	1.92.0	no
cf-cli	1.26.0	no
cf-networking	2.28.0	no
cf-smoke-tests	40.0.127	no
cf-syslog-drain	10.2.11	no
cflinuxfs3	0.175.0	no
credhub	2.6.0	no
diego	2.48.0	no
dotnet-core-buildpack	2.3.9	no
garden-runc	1.19.11	no
go-buildpack	1.9.11	no
haproxy	9.8.0	no
java-buildpack	4.29.1	no
log-cache	2.7.0	no
loggregator	106.3.11	no
loggregator-agent	5.3.8	no
nats	38	no
nginx-buildpack	1.1.7	no
nodejs-buildpack	1.7.17	no
php-buildpack	4.4.12	no
postgres	41	no
pxc	0.24.0	no
python-buildpack	1.7.12	no
r-buildpack	1.1.3	no
routing	0.208.0	no
ruby-buildpack	1.8.15	no
silk	2.28.0	no
staticfile-buildpack	1.5.5	no
statsd-injector	1.11.15	no
uaa	74.17.0	no

v2.0.0

Major Release: 2.0.0

This is the official v2.0.0 release of the cf-genesis-kit, the Genesis kit for Cloud Foundry, and the first to be based on the cf-deployment de-facto method for deploying Cloud Foundry. Previous v1.x kit releases were originally based on cf-release but heavily curated by Stark & Wayne.

This release is based on upstream cf-deployment v12.45.0.

See MANUAL.md for full details of the release, but the following are specific highlights and caveats, particularly for migration of existing v1 deployments:

• You will need to be on v1.10.1 of the cf-genesis-kit to upgrade.

• App Autoscaler is no longer part of the cf-genesis-kit. Please use the standalone cf-app-autoscaler-genesis-kit. If using external database, you can migrate by simply disabling the feature in cf kit, deploying, then deploying the cf-app-autoscaler kit using the same configuration. If using internal databse for the app autoscaler, you will need to dump and restore the database as appropriate.

• NFS volume services is now part of the kit, thanks to upstream operations file. Note, this is currently only compatible with local MySQL database.

• Most of the existing kit features are still available. See MANUAL.md for details.

• New explicit Minio blobstore support. If you are currently using the aws-blobstore feature and overriding the endpoint, please switch to using minio-blobstore and configuring params.blobstore_minio_endpoint. No need to set params.aws_region anymore, or specify a fog configuration block.

• Users of external databases, special action may be needed on your part during the migration. See MANUAL.md for details regarding correct method to ensure access to the External Database after migrating to v2.0.0.

• Upstream cf-deployment uses a very concise set of vm_types and availability zones. If you currently specify overrides to these, please be advised that they will not work as-is in 2.0.0 -- you will need to modify your cloud config to match what cf-deployment expects, or add instance_groups overrides in your environment file; setting params will not have any effect.

• For the most part, secrets stored in Vault are seamlessly migrated into Credhub. The exception of course if for any non-default secrets that are specified in your environment file, such as per-database user passwords for external database. These will have to be manually transferred into Credhub and the environment file updated to reflect the new location.

• Compiled release can now be used, but are opt-in.

• In addition to the normal features provided by the kit, you can now specify upstream cf-deployment operations as features, as well as your own operation files (using either go-patch or spruce overlay syntax).

• The following features are now included by default and do not need to be specified:

  • loggregator-forwarder-agent
  • local-blobstore
  • container-routing-integrity
  • routing-api
  • omit-haproxy

• The old kit acquired a cruft of feature renames, which are being dropped, as
  well as some features that no longer make sense:

  • shield-dbs, shield-blobstores: These features have been deprecated, in favor of BOSH add-ons

  • blobstore-*: these have been renamed *-blobstore

  • db-external-*: renamed *-db

  • db-internal-postgres, local-db: these were changed to local-postgres-db, as we now have a corresponding local-mysql-db

  • haproxy-tls, haproxy-notls, haproxy-self-signed: These are now compound features of haproxy, tls and self-signed, the latter two only having effect if haproxy feature is specified.

  • minimum-vms: this has been renamed small-footprint

  • azure: automatically used when deploying to MS Azure CPI

  • cflinuxfs2 is no longer supported

  • local-ha-db is no longer supported - please use an external High Availability Database if this function is desired.

  • autoscaler, autoscaler-postgres - autoscaler is no longer included in the kit, please use the cf-app-autoscaler genesis kit.

  • native-garden-runc: replaced by the upstream cf-deployment/operations/experimental/use-native-garden-runc-runner feature

  • app-bosh-dns, dns-service-discovery: These features are now implemented as cf-deployment/operations/enable-service-discovery from the upstream

  • Additional feature: bare

    By default, the v2.0.0 kit is meant to be as close to the 1.x predecessor as possible, just based on upstream cf-deployment. To this end, the default best-practices hat were built into it are maintained going forward. This includes the separation of concerns regarding network subnets (cf-core, cf-edge, and cf-runtime instead of everything in default), usage of postgres, and a different domain for apps instead of putting them in system., automatic azure tweaks when azure cpi is detected, etc. However, if you want a deployment as close to upstream as possible, we offer the the bare feature: this feature limits the default configuration to the base minimum required to support being deployed by genesis. Do not use this feature for existing v1.0 migrations.

As with any major upgrade, it is highly recommended that you test this with your configuration in a sandbox or lab environment thoroughly before applying it to your developer or production environments. All care has been taken to ensure this product is fit for usability, but the shear complexity and permutations of configurations make it impossible to account for every possible scenario. If you find an issue, please reach out to us on the Genesis Slack #help channel, or by opening a GitHub issue.

v2.0.0-rc12 Preview Release

Incremental release from rc11 preview. Contains the following enhancements:

• Support for small-footprint haproxy (single vm) when small-footprint and haproxy features are both selected.

• Generated unique blobstore bucket names for IaaS blobstores that have a global namespace

• Better upgrade compatibility check

v2.0.0-rc11

Incremental release from rc7 preview (rc8-10 were internal-only). Contains the following enhancements:

• Better support for remote blobstore bucket name default

  Will now be <env>-<bucket-type>-<random-key>, but if the env name contains characters that are not lowercase letters, numbers or dashes, it must be overwritten using the params.blobstore_bucket_prefix parameter. This is done automatically if using the new script.

• Custom feature small-footprint internally replaced with upstream operations/scale-to-one-az

• Credhub operations in new hook are silent unless there's an error

• Compiled release can be enabled feature is now opt-in instead of opt-out

• Support for custom names for internal database names and users

• Populate the api identity info based on the deployment in non-bare deployments

• Check VM extensions on deployment

• Migration from 1.x kits WIP:

  • migrating secrets
  • managing blobstore name differences
  • managing internal postgres database differences

v2.0.0-rc7

Incremental release from rc6 preview. Contains the following enhancements:

• new hook updated to support all v2.0 functionality

• Fix aws blobstore missing in new and network check

• Correct service discovery feature was missing

  If you specified outdated methods of turning on service discovery, the
  blueprint script would tell you to use enable-service-discover while
  making the change internally for the current run, but the correct
  version was not actually ever whitelisted, so if you did correct it, it
  would just fail.

• Add vm extensions check

• Initial WIP for upgrading from 1.x versions

  • Migration of vault to credhub hook
  • Check will see if the previous version is too old, and should check if
    the secrets are in the vault (TODO)
  • Blueprint will add the manifest fragments for migrating
  • Pre-deploy will move the secrets to credhub (and whatever else it
    needs to do)

v2.0.0-rc6 Preview Release

Incremental release from rc5 preview. Contains the following enhancements:

• No longer have to have the move_secrets_to_credhub function as it has been made generally available via the bash helpers script

• Fixed info hook script, as it was hardcoding the system domain due to a misunderstanding how the lookup of exodus values works.

• Added Prometheus kit integration feature: prometheus-integration to add the needed uaa components and exodus data.

• Fixed issues found in rc5

  • fixed defaults for loadbalancer and blobstore prompts
  • updated to use genesis_config_block
  • added missing api_domain params and exodus data

v2.0.0-rc5 Preview Release

Incremental preview from rc4, primarily concerned with fixing issues discovered in the external db support. See previous preview release for broader details.

v2.0.0-rc4 Preview Release

Updated preview release of the CF Genesis kit as we approach v2.0.0 based on cf-deployment. Most things have been updated and are working, as well as backwards compatibility with the features available in the v1.x branch.

Out of the box, works as is with most existing environment files, with some caveats:

• App Autoscaler is not bundled inside this release, instead this has been extracted to its own kit cf-app-autoscaler. However, the feature app-autoscaler-integration is provided to add the uaa role and other integration points.

• Ships with v12.29.0 of cf-deployment, and will most likely be updated to v12.4x.0 prior to v2.0.0 GA, but contains an experimental feature of cf-deployment-version-X.X.X where X.X.X is replaced with the desired version, which will replace the embedded version. As any non-embedded version is not vetted with this kit, it may lead to unexpected results, so not intended for production environment.

• Many old features have been discontinued or renamed, as they didn't make sense in the new context of cf-deployment:

  • shield-dbs

  • shield-blobstores

    • These features have been deprecated, in favor of BOSH add-ons

  • omit-haproxy

  • local-blobstore

  • blobstore-webdav

  • container-routing-integrity

  • routing-api

  • loggregator-forwarder-agent

    • These features are now the default behaviour and don't need to be specified in the environment file

  • blobstore-aws

  • blobstore-azure

  • blobstore-gcp

    • These were renamed *-blobstore from blobstore-*, to match other feature naming conventions

  • db-external-mysql

  • db-external-postgres

    • These were renamed mysql-db and postgres-db respectively.

  • db-internal-postgres

  • local-db

    • These both are now are represented by the local-postgres-db feature

  • haproxy-tls

  • haproxy-notls

  • haproxy-self-signed

    • This has been replaced with a single haproxy feature to specify you want haproxy, and secondary features tls and self-signed to indicate you want those extra options

  • minimum-vms

    • This has been renamed small-footprint

  • azure

    • This feature does not have to be specified, as it will automatically be applied when deploying via an Azure CPI

  • cflinuxfs2 *

    • The cflinuxfs2 feature is no longer able to be supported on cf-deployment

  • local-ha-db *

    • This feature is no longer able to be supported. If you need High Availability Database, it is recommended you use an external database using the mysql-db or postgres-db feature.

  • autoscaler *

  • autoscaler-postgres *

    • As mentioned above, autoscaler is no longer part of this kit.

  • native-garden-runc

    • This feature is no longer supported; it has been replaced by the upstream cf-deployment/operations/experimental/use-native-garden-runc-runner feature, and can simply be specified as such in the feature list.

  • app-bosh-dns

  • dns-service-discovery

    • These features are now implemented as cf-deployment/operations/enable-service-discovery from the upstream **

  With the exception of the features marked with asterisks, using the above features will automatically convert to the new feature behind the scenes and gives you a warning to update your environment file. Those marked with a single asterisk will cause the deployment to abort.

  ** Note: While ideally the dns feature should be using the upstream enable-service-discovery ops file, a conflict with the apps-domain changes in the override-apps-domain.yml overlay requires it to be implemented in an overlay derived from the upstream ops file. Specifying the upstream ops file will seamlessly use this overlay instead without any impact to the deployment, or a warning to fix your env file.

• Additional feature: bare

  By default, the v2.0.0 kit is meant to be as close to the 1.x predecessor as possible, just based on upstream cf-deployment. To this end, the default best-practices hat were built into it are maintained going forward. This includes the separation of concerns regarding network subnets (cf-core, cf-edge, and cf-runtime instead of everything in default), usage of postgres, and a different domain for apps instead of putting them in system.<base-domain>, automatic azure tweaks when azure cpi is detected, etc. However, if you want a deployment as close to upstream as possible, we offer the the bare feature: this feature limits the default configuration to the base minimum required to support being deployed by genesis. This is basically limited to changing the deployment name to match the environment, setting the

As was the case in RC1, this is not a drop-in replacement -- it uses a different instance-group scheme, so do NOT deploy this over-top of an existing cf 1.x kit deployment. We are working on a solution to migrate 1.x to a point where you can do this.

Documentation will be forthcoming regarding how to use cf-deployment and your own custom ops files as features.

V2.0.0-rc1 Preview Release

While not a true Release Candidate, this preview release will allow you to take a look at where we are with cf v2 line, which is based on upstream cf-deployment, while keeping most of what you love about Genesis.

Out of the box, works as is with most existing environment files, with some caveats:

• Autoscaler is being moved into its own release
• Does not support the following features yet, but hope to soon (or they may be just new defaults):
  • container-routing-integrity
  • native-garden-runc
  • loggregator-forwarder-agent
  • dns-service-discovery
  • routing-api
• cflinuxfs2 is discontinued

Also, this is not a drop-in replacement -- it uses a different instance-group scheme, so do NOT deploy this overtop of an existing cf 1.x kit deployment. We are working on a solution to migrate 1.x to a point where you can do this.

Further details will be made available shortly regarding extended usage and using cf-deployment and custom ops files in conjunction (spoiler: its insanely easy)

v1.10.1

Bug Fixes

• Fixes DNS issue where cell.service.cf.internal is not found.

• Fixes default value for temporary_disable_deployments in cloud controller.

Core Components (no changes since last release)

Release	Version	Release Date
bpm	1.1.6	05 December 2019
capi	1.89.0	06 December 2019
cf-networking	2.27.0	02 December 2019
cf-smoke-tests	40.0.125	03 January 2020
cflinuxfs3	0.154.0	14 January 2020
cf-cli	1.24.0	08 January 2020
diego	2.42.0	14 January 2020
garden-runc	1.19.9	21 November 2019
loggregator	106.3.5	13 January 2020
loggregator-agent	5.3.4	13 January 2020
log-cache	2.6.8	30 December 2019
nats	32	11 December 2019
routing	0.196.0	05 December 2019
statsd-injector	1.11.13	13 January 2020
cf-syslog-drain	10.2.9	13 January 2020
uaa	74.13.0	13 January 2020
silk	2.27.0	02 December 2019
bosh-dns-aliases	0.0.3	24 October 2018
cflinuxfs2	1.286.0	12 June 2019
app-autoscaler	2.0.0	15 August 2019
nfs-volume	2.3.0	21 August 2019
mapfs	1.2.0	15 July 2019
postgres	3.2.0	19 September 2019
haproxy	9.7.1	05 September 2019

Buildpacks (no changes since last release)

Release	Version	Release Date
binary	1.0.36	08 January 2020
dotnet-core	2.3.3	08 January 2020
go	1.9.4	08 January 2020
java	4.26	21 November 2019
nginx	1.1.3	08 January 2020
nodejs	1.7.8	08 January 2020
php	4.4.5	08 January 2020
python	1.7.5	08 January 2020
r	1.1.1	08 January 2020
ruby	1.8.6	08 January 2020
staticfile	1.5.3	08 January 2020