PCF Isolation Segment v2.6 Release Notes

Page last updated:

Known Issues

Releases

2.6.9

Release Date: 11/19/2019

  • [Security Fix] Address CVE-2019-17596
  • [Security Fix] Improve Gorouter resiliency to panics
  • Bump ubuntu-xenial stemcell to version 315.133
  • Bump cflinuxfs3 to version 0.143.0
  • Bump mapfs to version 1.2.1
  • Bump nfs-volume to version 2.3.2
  • Bump routing to version 0.188.4
  • Bump smb-volume to version 2.0.4
Component Version
ubuntu-xenial stemcell315.133
bpm1.1.1
cf-networking2.22.6
cflinuxfs30.143.0
diego2.30.5
garden-runc1.19.8
haproxy9.5.2
loggregator-agent3.16.2
mapfs1.2.1
nfs-volume2.3.2
routing0.188.4
silk2.22.2
smb-volume2.0.4
syslog11.4.0

2.6.8

Release Date: 10/31/2019

  • [Security Fix] Upgrade Go, runc and containerd to latest to include security fixes
  • [Security Fix] CVE-2019-17596 bump Go
  • [Bug Fix] Fix goroutine leak for websockets.
  • Bump ubuntu-xenial stemcell to version 315.114
  • Bump cflinuxfs3 to version 0.137.0
  • Bump garden-runc to version 1.19.8
  • Bump loggregator-agent to version 3.16.2
  • Bump routing to version 0.188.3
Component Version
ubuntu-xenial stemcell315.114
bpm1.1.1
cf-networking2.22.6
cflinuxfs30.137.0
diego2.30.5
garden-runc1.19.8
haproxy9.5.2
loggregator-agent3.16.2
mapfs1.1.5
nfs-volume2.3.0
routing0.188.3
silk2.22.2
smb-volume2.0.3
syslog11.4.0

2.6.7

Release Date: 10/16/2019

  • [Security Fix] Bump Go to address CVE-2019-16276
  • [Security Fix] Improve redaction of sensitive data in SMB driver bosh logs
  • [Bug Fix] Fix defect disallowing “domain” option in SMB volume service
  • Bump ubuntu-xenial stemcell to version 315.103
  • Bump cflinuxfs3 to version 0.133.0
  • Bump smb-volume to version 2.0.3
Component Version
ubuntu-xenial stemcell315.103
bpm1.1.1
cf-networking2.22.6
cflinuxfs30.133.0
diego2.30.5
garden-runc1.19.7
haproxy9.5.2
loggregator-agent3.14.3
mapfs1.1.5
nfs-volume2.3.0
routing0.188.2
silk2.22.2
smb-volume2.0.3
syslog11.4.0

2.6.6

Release Date: 10/08/2019

  • [Security Fix] Upgrade Diego Components to Use grpc v1.23.0 and Go 1.12.9 to Fix HTTP2 CVEs
  • [Security Fix] Bump garden-runc release to take Go HTTP/2 and containerd gRPC fixes
  • [Bug Fix] Fix issue where some metrics were incorrectly aggregated
  • Bump windows2019 stemcell to version 2019.11
  • Bump cf-windows-smoke-tests to version 40.0.119
  • Bump diego to version 2.30.5
  • Bump garden-runc to version 1.19.7
  • Bump loggregator-agent to version 3.16
  • Bump loggregator to version 105.6
  • Bump winc to version 2.0.0
  • Bump windowsfs-release to version 2.0.0
Component Version
windows2019 stemcell2019.11
cf-windows-smoke-tests40.0.119
diego2.30.5
event-log0.8.0
garden-runc1.19.7
hwc-offline-buildpack3.1.10
loggregator-agent3.16
loggregator105.6
winc2.0.0
windows-utilities0.11.0
windowsfs-release2.0.0

2.6.5

Release Date: 09/24/2019

  • [Bug Fix] Fixes a regression bug causing mounts for applications bound to smb volume services with an older version of the smbbroker to fail on restart or upgrade
  • Bump ubuntu-xenial stemcell to version 315.97
  • Bump cflinuxfs3 to version 0.128.0
  • Bump smb-volume to version 2.0.1
Component Version
ubuntu-xenial stemcell315.97
bpm1.1.1
cf-networking2.22.5
cflinuxfs30.128.0
diego2.30.4
garden-runc1.19.5
haproxy9.5.2
loggregator-agent3.14
mapfs1.1.5
nfs-volume2.3.0
routing0.188.2
silk2.22.2
smb-volume2.0.1
syslog11.4.0

2.6.4

Release Date: 09/17/2019

  • [Security Fix] Improve LDAP username validation for NFS LDAP integration
  • [Feature Improvement] Add configuration for router balancing algorithm
  • [Bug Fix] Fix race condition in garden-external-networker
  • [Bug Fix] Keep resending route unregistration message to prevent application misrouting in case of NATS routing tier instability
  • Bump ubuntu-xenial stemcell to version 315.89
  • Bump cf-networking to version 2.22.5
  • Bump cflinuxfs3 to version 0.123.0
  • Bump diego to version 2.30.4
  • Bump nfs-volume to version 2.3.0
Component Version
ubuntu-xenial stemcell315.89
bpm1.1.1
cf-networking2.22.5
cflinuxfs30.123.0
diego2.30.4
garden-runc1.19.5
haproxy9.5.2
loggregator-agent3.14
mapfs1.1.5
nfs-volume2.3.0
routing0.188.2
silk2.22.2
smb-volume1.3.0
syslog11.4.0

2.6.3

Release Date: 08/15/2019

  • [Security Fix] Upgrade libseccomp in bpm to 2.4.1 to address CVE-2019-9893
  • [Bug Fix] Improve output of Garden diagnostic tool (i.e. dontpanic) and increase resiliency in edge cases through improvements in containerd
  • Bump ubuntu-xenial stemcell to version 315.72
  • Bump bpm to version 1.1.1
  • Bump garden-runc to version 1.19.5
Component Version
ubuntu-xenial stemcell315.72
bpm1.1.1
cf-networking2.22.2
cflinuxfs30.118.0
diego2.30.1
garden-runc1.19.5
haproxy9.5.2
loggregator-agent3.14
mapfs1.1.5
nfs-volume2.2.2
routing0.188.2
silk2.22.2
smb-volume1.3.0
syslog11.4.0

2.6.2

Release Date: 08/01/2019

  • [Bug Fix] Fixes a regression causing mount bind configuration to be rejected by the SMB volume service broker
  • [Bug Fix] Fix issue in SMB startup scripts that can cause restart failure or inadvertent application data permission change
  • Bump ubuntu-xenial stemcell to version 315.70
  • Bump cflinuxfs3 to version 0.118.0
  • Bump nfs-volume to version 2.2.2
  • Bump smb-volume to version 1.3.0
Component Version
ubuntu-xenial stemcell315.70
bpm1.0.4
cf-networking2.22.2
cflinuxfs30.118.0
diego2.30.1
garden-runc1.19.1
haproxy9.5.2
loggregator-agent3.14
mapfs1.1.5
nfs-volume2.2.2
routing0.188.2
silk2.22.2
smb-volume1.3.0
syslog11.4.0

2.6.1

  • [Bug Fix] Add optional TTL pruning for TLS routes
  • Bump ubuntu-xenial stemcell to version 315.45
  • Bump cflinuxfs3 to version 0.109.0
  • Bump diego to version 2.30.1
  • Bump routing to version 0.188.2
Component Version
ubuntu-xenial stemcell315.45
bpm1.0.4
cf-networking2.22.2
cflinuxfs30.109.0
diego2.30.1
garden-runc1.19.1
haproxy9.5.2
loggregator-agent3.14
mapfs1.1.5
nfs-volume2.1.0
routing0.188.2
silk2.22.2
smb-volume1.1.0
syslog11.4.0

2.6.0

  • See New Features in PCF Isolation Segment v2.6
  • [Feature] Add optional System Metric Agent to allow monitoring a more complete set of metrics for all VMs in the deployment
  • [Feature] Improve scalability of application syslog drain system with new syslog agent architecture
  • [Feature Improvement] Increase default number of CPUs for router from 1 to 2
  • [Feature Improvement] Garden will now delegate container creates and destroys to containerd, an industry standard container runtime.
  • [Feature Improvement] Update default polling interval and idle connection limits for networking components to reduce resource contention on PAS database
  • [Security Fix] Introduce and trust new Diego “root CA” in advance of existing CA expiration
  • Removed loggregator release

PCF Isolation Segment v2.6 includes the following component versions:

Component Version
ubuntu-xenial stemcell315.36
bpm1.0.4
cf-networking2.22.2
cflinuxfs30.101.0
diego2.30.0
garden-runc1.19.1
haproxy9.5.2
loggregator-agent3.14
mapfs1.1.5
nfs-volume2.1.0
routing0.188.1
silk2.22.2
smb-volume1.1.0
syslog11.4.0

About PCF Isolation Segment

The PCF Isolation Segment v2.6 tile is available for installation with PCF v2.6.

Isolation segments provide dedicated pools of resources where you can deploy apps and isolate workloads. Using isolation segments separates app resources as completely as if they were in different CF deployments but avoids redundant management and network complexity.

For more information about using isolation segments in your deployment, see the Managing Isolation Segments topic.

How to Install

The procedure for installing PCF Isolation Segment v2.6 is documented in the Installing PCF Isolation Segment topic.

To install a PCF Isolation Segment, you must first install PCF v2.6.

New Features in PCF Isolation Segment v2.6

See the following new features for PCF Isolation Segment v2.6:

Monitor System Metrics with System Metrics Agent

System Metrics Agent provides more visibility into VM compute, network, and storage metrics. These VM metrics help with troubleshooting and diagnosing issues for potential infrastructure problems.

When enabled, the metrics are emitted through Loggregator. For more information about viewing logs and metrics, see the Platform components row of Viewing Logs and Metrics.

For a list of the VM metrics that the System Metric Agent emits, see VM Metrics in GitHub.

To enable the System Metric Agent, go to the System Logging pane in the PCF Isolation Segment tile and select Enable System Metrics.

Garden Delegates Container Creation and Destruction to containerd by Default

Traditionally, Garden uses runc to create, delete, and run container processes. Garden v1.15.0 and later support delegating the creation and destruction of some container processes through containerd instead of runc.

To disable containerd mode, deselect the Enable Containerd Delegation checkbox in the Application Containers pane of the PCF Isolation Segment tile.

Increased CPUs for Router VMs

To improve reliability, PAS v2.6 increases the default and minimum CPU core count from one to two for Router VMs.

PAS migrates Router VMs with a single core to a VM type with two CPU cores during the upgrade.

Loggregator Syslog Agent Increases Scale For Syslog Drains

The Loggregator architecture in PAS v2.6 includes optional Syslog Agents through the Enable agent-based syslog egress for app logs field in the System Logging configuration pane.

Note: Enabling this feature disables the Syslog Adapter and Syslog Scheduler to avoid log duplication.

WARNING: See the following known issue related to this feature: App Syslog Drains Fail After Enabling Agent-Based Syslog.

Syslog Agents run on PCF component VMs and host VMs to manage connections with and write to syslog drains for app logs. The addition of Syslog Agents increases the number of syslog drain service bindings supported by the Loggregator system and reduces the workload for Loggregator VMs.

This update resolves a known issue where app log loss occurs at 10,000 syslog drain service bindings. For more information about the known issue, see the Known Loggregator Scaling Issues knowledge base article.

For more information about Syslog Agents, see Loggregator Architecture.

About Advanced Features

The Advanced Features section of the PCF Isolation Segment v2.6 tile includes new functionality that may have certain constraints.

Although these features are fully supported, Pivotal recommends caution when using them in production.

Known Issues

There are no known issues for PCF Isolation Segment v2.6 at this time.