Pivotal Cloud Cache Release Notes

v1.5.4

Release Date: May 8, 2019

Features included in this release:

v1.5.3

Release Date: April 10, 2019

Features included in this release:

  • Breaking Change: This patch release increases system security by requiring TLS encryption for using gfsh and Pulse. Follow the steps within Preparing for TLS prior to installing the PCC tile.

  • If a ClamAV or File Integrity Monitor is detected, available memory for GemFire servers is reduced to allow enough memory for these PCF add-ons. This prevents a failure during PCC service instance creation.
  • PCC 1.5.3 uses Pivotal GemFire 9.6.1.

v1.5.2

Release Date: January 9, 2019

Features included in this release:

  • PCC now ships with OpenJDK 1.8_192 instead of the equivalent Oracle JDK.
  • PCC 1.5.2 uses Pivotal GemFire 9.6.

v1.5.1

Release Date: November 27, 2018

Features included in this release:

  • Security Vulnerability: PCC depends upon the Pivotal Cloud Foundry On Demand Services Broker, which addressed the following security vulnerability:

  • Security Vulnerability: PCC depends upon an included Java SE, which addressed the following security vulnerabilities:

  • PCC 1.5.1 uses Pivotal GemFire 9.6.0.

  • PCC now runs with a Xenial stemcell, version 170.9 or a more recent version.

v1.5.0

Release Date: October 22, 2018

Features included in this release:

  • TLS authentication and encryption may be enabled for all communication within a PCC service instance. The authentication is one way, with apps authenticating servers.
  • A PCC service instance stores credentials in CredHub when sharing the credentials with applications.
  • The upgrade of service instances can be executed in parallel, after trying the upgrade on a set of canary instances first.
  • BOSH errands are colocated with the Broker VM, which decreases the installation time for the tile.
  • The dev plan may be selected for use in smoke tests.
  • PCC 1.5.0 uses Pivotal GemFire 9.6.0. Using gfsh with this GemFire version requires a JDK or JRE with Java 8 release 121 or a more recent version 8 update.
  • The GemFire-Greenplum Connector v3.3.0 makes it possible to import and export PCC’s region entries from and to a Greenplum database table. See Use the GemFire-Greenplum Connector.
  • PCC now supports Pivotal Application Service (PAS) 2.3.
  • Users upgrading from the PCC limited availability v1.3.2 release will automatically upgrade to this PCC v1.5.0 release without upgrading to v1.4. Make sure to upgrade to PAS/Ops Manager v2.2 prior to doing the upgrade from PCC limited availability v1.3.2 to PCC v1.5.0.

Known Issues

  • Installations using HTTP session state replication have a known issue issue and workaround to correct the issue. The HTTP session module creates its region that holds metadata on only one server within a cluster. The region needs to be hosted on all the servers.

    To correct the issue on a running cluster, connect to the cluster using the GemFire cluster operator credentials, and run a single gfsh command to create the metadata region on all servers. The command has the form:

    create region --name=REGION-NAME --type=REGION-SHORTCUT \
     --enable-statistics \
     --entry-idle-time-custom-expiry=org.apache.geode.modules.util.SessionCustomExpiry
    

    If the metadata region’s name or type have not been changed from their default, use this gfsh command:

    gfsh>create region --name=gemfire_modules_sessions --type=PARTITION_REDUNDANT \
     --enable-statistics \
     --entry-idle-time-custom-expiry=org.apache.geode.modules.util.SessionCustomExpiry
    

    For installations that have changed the metadata region’s name or type, substitute the changed values for REGION-NAME and REGION-SHORTCUT in the command.

    You can verify that the region is hosted on all servers with the gfsh command:

    gfsh>describe region --name=gemfire_modules_sessions
    
  • The locator log of a TLS-enabled cluster will grow over time with repeated logging of this exception at 10-second intervals:

    [info 2018/08/14 23:28:41.343 UTC locator-ID
    <locator request thread[3]> tid=0x75] Exception in processing request
    from 127.0.0.1
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1002)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at org.apache.geode.internal.net.SocketCreator.configureServerSSLSocket
        (SocketCreator.java:1013)
        at org.apache.geode.distributed.internal.tcpserver.TcpServer
        .lambda$processRequest$0(TcpServer.java:367)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
        at java.lang.Thread.run(Thread.java:748)
    Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(InputRecord.java:505)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
        ... 8 more
    

    This exception from the monit port check of the locator process may be ignored.

  • If you upgrade to PCC v1.3 as part of the process of upgrading to this 1.5 release, and you created service keys on PCC before you installed v1.3: delete and recreate the service keys so that users are properly assigned roles for authentication and authorization within the cluster. Then, rebind all your apps. For information about how to perform these tasks, see Delete a Service Key, Create Service Keys, and Bind an App to a Service Instance.

  • Current versions of the Cloud Foundry Command Line Interface (CLI) tool have a known bug that omits the documentation URL when using the cf service command.