VMware Tanzu Application Service for VMs [Windows] v3.0 Release Notes

Page last updated:

This topic contains release notes for VMware Tanzu Application Service for VMs [Windows] (TAS for VMs [Windows]) v3.0.

Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs [Windows] containing that patch.

Before you install the tile, review the Windows Stemcell Compatibility Matrix.


Releases

3.0.1

Release Date: 11/15/2022

  • Bump envoy-nginx to version 0.13.0
  • Bump garden-runc to version 1.22.5
  • Bump hwc-offline-buildpack to version 3.1.26
  • Bump windowsfs-release to version 2.39.0
Component Version Release Notes
windows2019 stemcell2019.44
diego2.66.3
envoy-nginx0.13.0
garden-runc1.22.5
hwc-offline-buildpack3.1.26
3.1.26
  * Update libbuildpack
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 20.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 20.0.0 |
  * Uncached buildpack SHA256: b9b2cec9ada73d9a2933a14e8e56f025c35b02d8bed7e74e20b093a23e13ec43
  * Uncached buildpack SHA256: f633f0f686fc9539ec8f4ef205e778c820602e51434730fd69f7caad4cfb3d4f
          
3.1.25
  * Update libbuildpack
  * Bump github.com/onsi/gomega from 1.19.0 to 1.20.2
  Packaged binaries:
  | name | version | cf_stacks |
  |-|-|-|
  | hwc | 20.0.0 | windows, windows2016 |
  Default binary versions:
  | name | version |
  |-|-|
  | hwc | 20.0.0 |
  * Uncached buildpack SHA256: 5a0c73cda7fe06118e554a93d78b0587f581e3eb2a4d108274814d372935469b
  * Uncached buildpack SHA256: fa7565740a5f73f2b87cbce06104517fcbc69bb513497ed8db492cb7d42f3dd1
          
loggregator-agent6.5.0
metrics-discovery3.2.0
smoke-tests4.5.0
winc2.7.0
windows-syslog1.1.7
windows-utilities0.17.0
windowsfs-release2.39.0

v3.0.0

Release Date: 10/06/2022

  • [Feature Improvement] Bump golang to 1.18 for diego, routing, cf-networking, and silk
  • [Known Issue] If Git is not installed in the PATH environment variable for your Windows stemcell when you deploy TAS for VMs [Windows], you may encounter a version control system (VCS) stamping failure. For more information, see Windows Stemcells Without Git Installed Cause VSC Stamping Failures below.
Component Version
windows2019 stemcell2019.44
diego2.66.3
envoy-nginx0.11.0
garden-runc1.22.2
hwc-offline-buildpack3.1.24
loggregator-agent6.5.0
metrics-discovery3.2.0
smoke-tests4.5.0
winc2.7.0
windows-syslog1.1.7
windows-utilities0.17.0
windowsfs-release2.36.0

How to Upgrade

The TAS for VMs [Windows] v3.0 tile is available with the release of VMware Tanzu Application Service for VMs (TAS for VMs) v3.0. To use the TAS for VMs [Windows] v3.0 tile, you must install VMware Tanzu Operations Manager v2.10 or later and TAS for VMs v3.0 or later.

New Features in TAS for VMs [Windows] v3.0

TAS for VMs [Windows] v3.0 includes the following major feature:

TAS for VMs [Windows] Uses windows-syslog for Syslog Forwarding

TAS for VMs [Windows] v3.0 uses windows-syslog to forward logs from BOSH jobs on TAS for VMs [Windows] VMs to the syslog endpoint you configure.

windows-syslog also allows you to configure TAS for VMs [Windows] VMs to connect to the syslog endpoint over TLS.

If you are upgrading to TAS for VMs [Windows] v3.0 from TAS for VMs [Windows] v2.13, and you manually added windows-syslog as a BOSH add-on to the runtime configuration for your TAS for VMs [Windows] v2.13 deployment, you must remove the add-on before you upgrade.

For more information, see the windows-syslog-release on GitHub.

Breaking Changes

TAS for VMs [Windows] v3.0 includes the following breaking changes:

Global Log Rate Limit is Deprecated

The global log rate limit that measures app log rates in lines per second is deprecated in favor of per-app log rate limits that measure app log rates in bytes per second.

If you have configured a global log rate limit in lines per second, VMware recommends that you re-configure your apps to use log rate limits in bytes per second.

If you still want to use the global log rate limit, logs that exceed the log rate limit are immediately dropped. Previously, logs that exceeded the log rate limit were buffered and released at the configured log rate.

For more information about app log rate limits, see App Log Rate Limiting.

windows-syslog Uses a Different Log Format

The logs that windows-syslog forwards to the configured syslog endpoint for your TAS for VMs [Windows] deployment follow a different format from that of previous logs.

If your observability platform is configured to gather data by parsing forwarded system logs, you may need to re-configure your rules to accommodate the following format changes:

  • The priority is changed from kernel/debug(7) to user/info(14).

  • The app name is changed from Microsoft-Windows-Security-Auditing to event_logger.

  • The process number is changed from a numerical process ID to rs2.

  • Logs contain structured data for instance and deployment details.

  • The event log JSON string includes additional fields.

  • In the event log JSON string, field names are written in camel case.

  • In the event log JSON string, fields may appear in a different order.

The following example shows the previous log format:

<7>1 2022-07-06T22:19:38.1413061Z 10.0.4.14 Microsoft-Windows-Security-Auditing 160 - - {"message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-7F65ECCF-0D0$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1f7c\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x248\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","source":"Microsoft-Windows-Security-Auditing"}

The following example shows the new log format:

<14>1 2022-07-11T22:27:08.279742Z 10.0.4.12 event_logger rs2 - [instance@47450 az="us-central1-b" deployment="pas-windows-dfc8956c7081f9369571" director="" group="windows_diego_cell" id="d0564a0e-684f-4b58-99ee-6a59d1e7caf8"] {"MachineName":"vm-c5547227-c4fa-44ae-79d0-ee56f96e82a4","Data":[],"Index":162257,"Category":"(13312)","CategoryNumber":13312,"EventID":4688,"EntryType":8,"Message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-C5547227-C4F$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1590\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x1120\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled.  A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled.  An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator.  An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled.  The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","Source":"Microsoft-Windows-Security-Auditing","ReplacementStrings":["S-1-5-18","VM-C5547227-C4F$","WORKGROUP","0x3e7","0x1590","C:\\Windows\\System32\\wbem\\WMIC.exe","%%1936","0x1120","","S-1-0-0","-","-","0x0","C:\\bosh\\bosh-agent.exe","S-1-16-16384"],"InstanceId":4688,"TimeGenerated":"\/Date(1657578421000)\/","TimeWritten":"\/Date(1657578421000)\/","UserName":null,"Site":null,"Container":null}

Known Issues

TAS for VMs [Windows] v3.0 includes the following known issue:

Windows Stemcells Without Git Installed Cause VSC Stamping Failures

If Git is not installed either on your Windows stemcell or in the PATH environment variable for your Windows stemcell when you deploy TAS for VMs [Windows] v3.0.0, you may see the following error:

Stderr:   Use -buildvcs=false to disable VCS stamping.

This occurs because some TAS for VMs [Windows] v3.0.0 use Go v1.18, which embeds VSC information in binaries. As a result, releases that contain .git files require that Git is installed either on your Windows stemcell or in the PATH for your Windows stemcell. If you do not have Git installed in either location and have not set the buildvcs property to false, Go v1.18 fails to build the release.

TAS for VMs [Windows] v3.0.0 contains windows2019fs-release. Because windows2019fs-release contains .git files, deployments of TAS for VMs [Windows] v3.0.0 using Windows stemcells that do not have Git installed on them or in their PATH fail with the VSC stamping error above.