Concourse Release Notes
February 1, 2018
If you are currently running a version of Concourse that is older than v3.6.0 and are planning to upgrade to v3.8.0, you must first upgrade to v3.6.0 before upgrading past it!
- When configuring CredHub to Concourse, you may encounter a
certificate signed by unkown authorityerror. Please see GH Issue #1873 for more details
- Concourse now support both up and down migrations. In the future, this will allow you to back out of an upgrade and revert back to a previous version of Concourse. However, this work required us to squash our migrations, so you will need to first upgrade to Concourse v3.6.0 before upgrading to v3.8.0
- If you are upgrading from v3.6.0 you will be required to execute certain changes to your Concourse BOSH manifest.:
- New required
- New required
- New required
tsa.private_key, which was just the private key portion
host_key, which is now of type
ssh, containing both the public and private portion.
host_public_key; superseded by the above property
authorize_generated_worker_key; no longer means anything
- The tsa
authorized_keysproperty must now be specified. No workers are automatically authorized anymore.
- New required
You can consult our canges to
manifests/single-vm.yml as a reference
Please also refer to Concourse BOSH release documentation on
- The ATC can now be configured with an idle
timeoutfor intercept sessions
- The Generic oAuth provider can now be configured with a CA certificate
- The Concourse Dashboard has been updated and has a new home under
beta/dashboard. Tell us what you think about the new dashboard by commenting on our GitHub issue #1829
executecommand will now default to
-x, which has been replaced with a new flag,
--include-ignored, to rever to the old behavior. In addition,
flywill gracefully handle executions with an input that doesn’t have a
.gitignore. It will also gracefully handle inputs that are files and not directories.
- The ATC will now use a separate database connection pool for the API and the pipeline scheduling work. This will make it so that slow API requests won’t starve critical functionality.
- Pipeline-provided resource types will no longer fail for the first two mintues after configuration
- Jobs and steps now support
- ATC can be configured with a pure-random worker selection strategy. This can be configured by passing
jobscommand now has a column indicating whether any builds are pending or started for each job
- The S3 resource now supports being configured with a session token
- Git repos encrypted with
git-cryptwill now be automatically decrypted by the Git resource
- The ATC can now be configured to serve a metrics endpoint for Prometheus
- Teams now support BitBucked-based auth
- The Git resource can now be configured with a HTTPS proxy
- Inline task configs are now validated as part of pipeline validation
- The CF resource can now be configured with a Docker username/password for pushing an app using a private repository
- The Github Release resource now supports being configured with insecure: true to support private GitHub Enterprise installations
- The Semver resource now supports being configured with skip_ssl_verification: true to support private S3-compatible blobstores
- ATC now has a flag for using k8s secrets when running in a cluster. This change makes using the k8s credential manager an explicit choice when running inside k8s, and also allows you to use a different credential manager when running in a cluster
- When the ATC is configured with multiple metrics emitters, it will now error, rather than silently picking one
- Fixed an issue where selecting/copying the build output would also select the timestamp on the left.
fly loginwill now error if arguments are mistakenly given to it
- Turns out you could easily spam the build page by holding
Tto trigger multiple builds. We’ve fixed that now so it only triggers a build once.
- Fixed the web UI so that it appropriately shows that you are logged out when your session expires.
- The deprecated Bosh Deployment resource resource contains the bosh CLI again
- Fixed an issue with the CredHub integration that made it necessary to configure
November 9, 2017
Concourse 3.6.0 now requires you to install and manage an external PostgreSQL database (v9.5+). We have enabled an upgrade path to the CloudFoundry Postgres BOSH release for your convenience.
Note: You do not need to follow these instructions if your Concourse deployment already connects to an external PostgreSQL database (v9.5+).
If you have not done so already, upgrade your Concourse to 3.5.0. Concourse 3.5.0 includes a change to the postgres job that moves its data to a new location where the Cloud Foundry Postgres release will detect and upgrade from.
Upload the Cloud Foundry Postgres release to your BOSH Director. Pivotal tested this upgrade path with version 20, currently available on bosh.io
Once the release is uploaded, add a reference to the job in your Concourse deployment manifest. You can do this by swapping out the
In the same Concourse deployment manifest, update the ATC properties to explicilty configure the database name and role. These values will vary based on your deployment preferences. You can refer to our changes on the single-vm Concourse manifest as a reference point.
Note that the Postgres DB upgrade must not be combined in the same deployment operation as a stemcell update
Concourse 3.6.0 now requires Garden runC 1.9.0. Make sure you download the appropriate version of Garden runC and recreate your workers.
fly validate-pipelinewill now validate the
configfield on embedded tasks. As a part of this change we have removed support for configuring both
file, which has been depracated.
- Build logs now have timestamps. You can find more about it on the feature post here
- Build page now supports keyboard shortcuts. You can find more about it on the feature post here. There is a known issue where keyboard shortcuts are non-functional on Firefox browsers. This should be fixed in a subsequent release.
- Fixed an issue with pipeline scheduling that would result in high database connection usage.
- Fixed an issue where clicking and dragging on the pipeline view would send you to the job details page.
September 25, 2017
- Support for CredHub for external credential management
- BaggageClaim volume creation APIs are now asynchronous
- Parallelized garbage collection. This should make things more durable to a slow worker, and make it harder for containers and volumes to “pile up” when the ATC is out of service briefly (i.e. during a deploy)
- BaggageClaim’s response header timeout is now configurable, which should help those with large images that they’re using for privileged tasks.
- When using groups in pipelines,
flywill now let you know when you forgot to assign a job to a group
flynow prints a URL to your build page when you run
- The fly command for
destroy-teamnow lets you supply the flag
- Jobs with a pending build now have a static halo to better represent its waiting state
flyCLI can now format a pipeline configuration into its ‘canonical form’ using the new
abort-buildcommand can now abort by build ID
- The Semver resource now supports Google Cloud Storage
- The Bosh Deployment resource now uses the latest BOSH CLI
- The Semver resource now supports Server Side Encryption
- The Git resource will now save the committer email to
- The legend on the pipeline page will now auto-hide after 10 seconds.
- When switiching between pipelines, the UI will now fit the pipeline in view.
- You can also press 'F’ center a pipeline in view.
- Jobs and resources with a forward slash in their name no longer error out when loading their details.
- Fixed a leak with goroutines that happens from
- Check containers will no longer be brutally destroyed if they’re used too close to their expiration time.
- Previously, if a resource or resource type was parameterized via a credential manager, its check containers and caches would be mistakenly garbage-collected. They will now be kept around.
- Fixed an issue where the pipeline view will reset after a state change on the pipeline.
- Added the appropriate headers to stop GitHub from caching badges
- Fixed an issue with the garbage collector that happens when deleting teams
- Files with the
setgidpermissions set on them will no longer have them removed. This used to be lost with the
chownperformed for namespacing the files. We’ll now restore it after the
- The flags for configuring GitLab oAuth are now present in
- Fixed an underflow in BaggageClaim’s volume size detection
unpackparameter in S3 resource will no longer load the entire archive into memory, so it can be used for larger archives
- A migration introduced in
v3.3.0would load all the builds into memory and then process them, causing a lot of issues when upgrading. We optimized this migration to migrate build plans in batches, rather than all at once.
July 31, 2017
Concourse for PCF is the first version of Concourse that is eligible for Pivotal Support. Concourse v3.3.3 was selected for this release because it addresses crucial issues from the Concourse for PCF tile beta program. Some of the new features in this version are:
- Major changes to the lifecycle management of workers, containers and volumes. For more details please refer to issue #629
- Support for web hooks
- Pipeline config and team auth settings can now be encrypted in the database. See Encrypting Concourse Databases
- Workers now use
btrfsfor their filesystems. For more details please refer to issue #1045
- New templating syntax for pipeline parameterization. See Using ((parameters))
- Performance and stability enhancements from schema optimizations, and parallelized ATC garbage collection
- Credential Management with Vault
- Support for GitLab oAuth configurations
- …and so much more! For a full history of features please visit the official Concourse Release Notes
- Misc bug fixes and stability improvements
- For a full history of bug fixes and known issues please visit the official Concourse Release Notes
- Operators may encounter memory issues on the ATC while upgrading from a version of Concourse older than 3.3.0.