Releases: cloudfoundry/diego-release
Releases · cloudfoundry/diego-release
Diego v0.1441.0
Changes from v0.1440.0 to v0.1441.0
- Depends on garden-linux-release v0.327.0.
- Depends on etcd-release 18.
Significant changes
- Some docker apps fail to start with command detected from image metadata
- Cell rep state requests should not take longer than 1s to complete (in flight)
- cloudfoundry-incubator/diego-release #97: Ability to set datacenter in templates (defaulting to "dc1")
- cloudfoundry-incubator/diego-release #100: clean up manifest generation, and a couple other things
- As a Diego operator, I would like to be able to configure the rep/executor's memory and disk capacity via the spiff-based manifest-generation tools
- All ports in diego-release should be configurable via BOSH properties
- Update cf cli in diego-release to 6.13.0+
- Update cflinuxfs2 rootfs to 1.16.0+
- Update cflinuxfs2 stack to 1.17.0+
BOSH job changes
None.
BOSH property changes
- Replace
diego.nsync.nsync_urlwithdiego.nsync.listen_addr: This is now the address on which the nsync-listener listens for requests, instead of the URL other services use to communicate with the nsync-listener. - Replace
diego.stager.stager_urlwithdiego.stager.listen_addr: This is now the address on which the stager listens for requests, instead of the URL other services use to communicate with the stager. - Add
diego.stager.staging_task_callback_url: This is the URL of the stager service, used to receive staging task completion callbacks from the BBS. - Add
diego.tps.listener.listen_addr: Address on which the TPS listener receives requests. - Rename
diego.cc_uploader.addresstodiego.cc_uploader.listen_addr. - Rename
diego.file_server.addresstodiego.file_server.listen_addr. - Remove
acceptance_tests.skip_ssh_without_plugin_tests: The Diego Acceptance Tests suite now uses only the core CF CLI, at version 6.13.0, and not the separate SSH CLI plugin.
Diego v0.1440.0
Changes from v0.1439.0 to v0.1440.0
- Depends on garden-linux-release v0.326.0.
- Depends on etcd-release 18.
Important changes
The recommended version of garden-linux-release, v0.326.0, has changed its backing layer system to use aufs instead of btrfs. Please see the notes for this Garden-Linux final release for more details.
If you are upgrading from garden-linux-release v0.316.0 or earlier, we recommend you recreate your Diego Cells during the upgrade to v0.326.0 and later, to avoid issues with residual containers on the btrfs volume that garden-linux will be unable to delete. You can do this intentionally with the --recreate flag on bosh deploy, or incidentally by deploying a new stemcell at the same time. If you've been waiting to upgrade your stemcell, now's a great time!
Also, if you are using the generate-deployment-manifest script to produce your Diego deployment manifest, please be aware that it has incorporated a few changes to its arguments:
- The optional 'director-uuid' stub argument is now removed, as the BOSH director UUID will be taken from the CF manifest.
- There is a new required argument that expects a stub optionally specifying the versions of the Diego, Garden-Linux, and ETCD releases to deploy. If any of these versions are missing, they will default to 'latest'.
Other significant changes
- Errors about invalid DesiredLRPs should not prevent the nsync-bulker from bumping the cf-apps domain
- As a Diego developer, I would like documentation about which BBS API endpoints are public or private
- If the rep gets an unrecoverable error from garden when starting up, it should exit immediately
- Diego ssh proxy template should not require
ssh_proxy.diego_credentialsto be set if the diego authenticator is not enabled - environment variables from the default running group sometimes do not appear in the apps environment
- Remove director_uuid argument from generate-deployment-manifest
- diego manifest generation should use the cf release version specified in the cf-release manifest used as a stub rather than defaulting to latest
- As a Diego operator, I should be able to specify versions of the diego, etcd, and garden-linux releases when generating a manifest
- cloudfoundry-incubator/diego-release #85: Enables other stub configurations to be merged in after the enable_ss…
- cloudfoundry-incubator/consuladapter #1: Add KillWithFire func
- cloudfoundry-incubator/candiedyaml #16: Fix panic for strings less than 3 chars
- cloudfoundry-incubator/executor #15: Fix race condition in run step test
- Roll back garden-linux-release on CI to 0.316
- enable aufs on ci
- Enable aufs on CI
BOSH property changes
None.
Diego v0.1439.0
Changes from v0.1438.0 to v0.1439.0
- Depends on garden-linux-release v0.316.0.
- Depends on etcd-release 18.
Significant changes
- Errors about invalid DesiredLRPs should not prevent the nsync-bulker from bumping the cf-apps domain
- Auctioneer should distribute tasks as evenly as possible
- Auction state requests should time out after 1s by default
- As a Diego developer, I expect to run the 'upgrade-from-stable' suite in CI against a new BOSH-Lite instance provisioned on AWS
- pivotal-golang/lager #16: Use Reader instead of Scanner to avoid large token issue
- Update cflinuxfs2 rootfs to 1.15.0+
BOSH property changes
- Add
diego.auctioneer.cell_state_timeout: Duration for the auctioneer to wait before timing out state requests to cells. Defaults to "1s". - Add
diego.executor.max_concurrent_downloads: Number of concurrent downloads/stream-ins to allow the executor to perform at once. Defaults to "5".
Diego v0.1438.0
Changes from v0.1437.0 to v0.1438.0
- Depends on garden-linux-release v0.316.0.
- Depends on etcd-release 18.
Significant changes
- As a CF app developer, I would like to be able to stage Docker images from registries that present only the v2 registry API
- The BBS should retry a DesiredLRP update if it fails because of a CAS error
- Auction state requests should be resilient to network errors
- auctioneer should log the ids of the work it assigns to cell reps and the ids of any work rejected
- As a Diego operator, I would like to see the rep emit container creation time as a metric
- BBS should emit metrics for unclaimed, claimed, missing, and extra LRPs
- As a Diego developer, I would like a CONTRIBUTING document in diego-release instead of instructions in the main README
- As a Diego operator or developer, I would like instructions for deploying CF+Diego at various states of stability
- As a Diego team member, I would like to run the bbs benchmark suite in CI
- As a Diego developer, I would like a benchmark suite for retrieval of DesiredLRP and ActualLRP data by the route-emitter
- TPS listener should have logging around calls to external services
- Tune taskCBWorkPool and createActualMaxWorkers workpool sizes
- expose workpool sizes as command line arguments
- Investigate the time it takes to schedule task auctions for 4000 tasks
- cloudfoundry-incubator/diego-release #82: Allow skipping of acceptance tests by using regex
- cloudfoundry-incubator/diego-release #84: Re-enable btrfs and disk quotas on BOSH lite
BOSH job changes
None.
BOSH property changes
- Add
acceptance_tests.skip_regex: Skip tests with descriptions matching this regular expression. - Add
benchmark-bbs.log_file: File name for benchmark log output.
Diego v0.1437.0
Changes from v0.1436.0 to v0.1437.0
- Depends on garden-linux-release v0.308.0.
- Depends on etcd-release 16.
Other significant changes
- As a Diego developer, I would like a benchmark suite for the nsync-bulker's retrieval of DesiredLRP data (in flight)
- As a Diego team member, I would like to run the bbs benchmark suite in CI (in flight)
- Include bosh-lite versions of manifests for the DATs and Diego Smoke Test errands in diego-release
- Bump cflinuxfs2 stack to 1.11.0+
- Auction state requests should be resilient to network errors
- Flakey diego-ssh/scp/scp_test
- cloudfoundry-incubator/rep #4: fixes the tests on windows
BOSH job changes
None.
BOSH property changes
- Add
benchmark-bbs.log_level: Control log level of test suite in BBS benchmark errand.
Diego v0.1436.0
Changes from v0.1435.0 to v0.1436.0
- Depends on garden-linux-release v0.308.0.
- Depends on etcd-release 15.
Significant changes
- As a Diego operator, I would like the README to use customary methods of generating CF manifests for bosh-lite
- As a Diego developer, I would like a benchmark suite for the nsync-bulker's retrieval of DesiredLRP data
- BBS migration 1441411196 panics if deserializing encrypted data
- flake: encryption format.Encoding on unencrypted data
- Tune nf_conntrack_max value on Diego cells
BOSH job changes
- Add
benchmark-bbsjob for certain Diego benchmarks against the BBS API. As with the acceptance-tests and smoke-tests jobs, this is an errand that runs a test suite. It is not presently suitable to run against a production deployment, as the benchmark suite will alter the BBS database.
BOSH property changes
- Add properties under
benchmark-bbs.*for the BBS-benchmarking errand.
Diego v0.1435.0
Changes from v0.1434.0 to v0.1435.0
- Depends on garden-linux-release v0.307.0.
- Depends on etcd-release 14.
Significant changes
- Pair with MEGA to incorporate etcd-release into diego-release
- As a Diego operator, I would like to allow developers to stage images from insecure private registries specified in my deployment manifest (in flight)
- As a Diego operator, I would like the README to use customary methods of generating CF manifests for bosh-lite
- Diego manifest generation should extract the director_uuid from the CF manifest
- Include bosh-lite versions of manifests for the DATs and Diego Smoke Test errands in diego-release (in flight)
- Re-run 10-cell performance experiment
- As a Diego developer, I would like a benchmark suite for the BBS's retrieval of DesiredLRP and ActualLRP data during LRP convergence
- A latency metric should not be emitted for requests to the BBS's events endpoints
- cloudfoundry-incubator/route-emitter #2: Include Route Service URL in Route Registration
- cloudfoundry-incubator/executor #14: fixes a typo, err -> info.Err
- Explore a minimal Diego deployment on AWS with continual stress to reproduce auction communication failures
- Update golang.org/x/crypto
- bump gomega in diego-release to include VerifyProtoRepresenting and RespondWithProto
- replace db/consul with locket
- remove garden-linux support blobs from diego-release
- remove dead code from runtime-schema
BOSH job changes
etcdjob removed from diego-release in favor of the same job from etcd-release.
BOSH property changes
- Add
diego.stager.insecure_docker_registry_list: List of insecure Docker registries to allow access to when staging. - Remove
diego.stager.insecure_docker_registry.
Diego 0.1434.0
Changes from 0.1432.0 to 0.1434.0
- Depends on garden-linux-release v0.307.0.
Breaking changes from 0.1432.0
Buildpack Staging Response
- The staging response from Diego to CC has changed format to be better suited for the process-types work coming in the v3 CC API. Once the CF deployment has been updated to a version past commit ea88d1e, which will be in CF v219, CC and Diego will be able to communicate correctly during staging. Associated to CAPI story "the buildpack lifecycle should return all process types in the staging response".
Other significant changes
- Garden's Ping method should return an error if the btrfs graph path is not writable
- Diego should not set CF_STACK env var for running CF instances
- The BBS's etcd clients should avoid doing SSL handshakes with etcd unnecessarily
- BBS clients should avoid doing SSL handshakes with the BBS server unnecessarily
- cloudfoundry-incubator/windows_app_lifecycle #3: OutputMetadata conforms to Buildpack Staging Response protocol
- Update diego-release to golang 1.4.3
- Bump cloudfoundry-incubator/garden in diego-release
- The Diego BOSH manifest should configure garden to enable graph cleanup by default
BOSH job changes
None.
BOSH property changes
- Add parameters for tuning SSL connections between BBS clients and servers:
- Properties:
diego.*.bbs.client_session_cache_size: Size of session ID cache for component's BBS client to maintain.diego.*.bbs.max_idle_conns_per_host: Number of idle connections for each BBS client to maintain to BBS servers
- Jobs:
- auctioneer
- converger
- nsync
- rep
- route_emitter
- ssh_proxy
- stager
- tps
- Properties:
- Add
diego.bbs.etcd.client_session_cache_size: Size of session ID cache for BBS's etcd client to maintain. - Add
diego.bbs.etcd.max_idle_conns_per_host: Number of idle connections for BBS's etcd client to maintain to etcd.
Overrides of garden-linux-release property defaults
The spiff-based manifest-generation templates in diego-release provide values for the following properties in garden-linux-release:
garden.enable_graph_cleanup: Default totrue.garden.persistent_image_list: Default to["/var/vcap/packages/rootfs_cflinuxfs2/rootfs"]
Values in the property-overrides.yml stub can override both of these defaults.
Diego 0.1433.0
Create final release 0.1433.0
Diego 0.1432.0
Changes from 0.1431.0 to 0.1432.0
- Depends on garden-linux-release v0.306.0.
Breaking changes from 0.1431.0
SSH Authentication to CF Instances
Associated to Diego story "The Diego SSH Proxy no longer accepts a user's access token as an SSH password for CF app instances".
Diego's SSH proxy no longer accepts a CF user's access token as a password for access to a CF app instance. It will instead accept only a one-time authorization code issued by UAA for its client. This client must also be registered with the UAA: for example, this client is registered for BOSH-lite deployments. As long as the name of the client is ssh-proxy, CC will advertise the correct client name in its /v2/info endpoint, and the Diego manifest-generation templates will flow the client secret to the SSH Proxy job.
For SSH access to CF app instances running on this release, we recommend you upgrade to version 0.2.0 or later of the Diego SSH plugin, or consult the diego-ssh repo for the current curl-based instructions to request a code from UAA.
Other significant changes
SSH
- The Diego SSH Proxy can receive an authorization code as the SSH password to access a CF app instance
- The SSH plugin provides a command to print a one-time authorization code issued for the SSH proxy client
- The SSH plugin establishes SSH connections to CF app instances by sending an authorization code as the SSH password
- As a CF user, when I establish a port-forwarding session with the SSH plugin, I expect it not to drop when going through a load balancer with an idle timeout
- Audit records for SSH access to CF instances should include which index was accessed
Performance
- BBS clients should avoid doing SSL handshakes with the BBS server unnecessarily (still in flight)
- The BBS's etcd clients should avoid doing SSL handshakes with etcd unnecessarily (still in flight)
- Change default route-emitter communication timeout to 30s
Misc
- Remove the Receptor
- Merge PRs for Routing info change
- operator should be able to verify that when mapping apps to a route already bound to a service instance for which the broker returned a route_service_url, CC sends updateDesiredLRP calls to Diego
- Merge PRs for CAPI backwards-incompatible change to Diego staging response
- the buildpack lifecycle should return all process types in the staging response
- The Diego BOSH manifest should include the cflinuxfs2 rootfs path in the
garden.persistent_image_listproperty - As a Diego operator, if a cell rep fails to start because it cannot ping Garden successfully, I can see a metric reporting how long the rep has been stalled
- Bump cflinuxfs2 stack to 1.9.0+
- Document how to secure BBS with mutual SSL auth in the diego-release README
- cloudfoundry-incubator/rep #3: Update client test to mach go 1.5 http errors
- cloudfoundry-incubator/executor #13: Improve leak detection in keyed lock test
- cloudfoundry/dropsonde #10: Added HasValue to FakeMetricSender
BOSH job changes
- Remove
receptorjob. The Lattice team has taken ownership of the receptor component and will be maintaining it from now on.
BOSH property changes
- Add
diego.ssh_proxy.uaa_token_url: URL for the SSH proxy to use to request an access token from the UAA in exchange for its one-time auth code. - Add
diego.ssh_proxy.uaa_secret: Client secret for the SSH proxy to supply to UAA. - Remove all properties under
diego.receptor.