VMware Tanzu Application Service for VMs v2.9 Release Notes

Note: Pivotal Platform is now part of VMware Tanzu. In v2.9 and later, Pivotal Application Service is renamed to VMware Tanzu Application Service for VMs. Small Footprint PAS is renamed to VMware Tanzu Application Service for VMs [Small Footprint].

This topic contains release notes for VMware Tanzu Application Service for VMs (TAS for VMs) v2.9.

Ops Manager is certified by the Cloud Foundry Foundation for 2020.

Read more about the certified provider program and the requirements of providers.


Releases

2.9.3

Release Date: 05/18/2020

  • [Security Fix] Support various CVE impacted components
  • [Bug Fix] Fix scheduling bug in loggregator agent by upgrading to Go 1.14.2
  • Bump ubuntu-xenial stemcell to version 621.74
  • Bump cf-autoscaling to version 230
  • Bump cflinuxfs3 to version 0.180.0
  • Bump loggregator-agent to version 5.3.9
Component Version
ubuntu-xenial stemcell621.74
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.6
capi1.90.3
cf-autoscaling230
cf-cli1.26.0
cf-networking2.28.0
cflinuxfs30.180.0
credhub2.5.11
diego2.44.0
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.11
haproxy9.8.0
istio1.3.0
java-offline-buildpack4.29.1
log-cache2.6.14
loggregator-agent5.3.9
loggregator106.3.9
mapfs1.2.4
metric-registrar1.1.1
metrics-discovery2.0.2
mysql-monitoring9.10.0
nats34
nfs-volume7.0.2
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.17
notifications-ui37
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release672.0.7
push-usage-service-release672.0.7
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.199.0
ruby-offline-buildpack1.8.17
silk2.28.0
smb-volume3.0.1
smoke-tests2.0.5
staticfile-offline-buildpack1.5.6
statsd-injector1.11.15
syslog11.6.1
system-metrics-scraper2.0.9
uaa74.5.15

2.9.2

Release Date: 05/05/2020

  • [Security Fix] Update debian packages and source libraries in nfs and mapfs releases
  • [Feature Improvement] V1 Firehose is now disabled by default
  • [Feature Improvement] Improved access logging and bumped versions of Jackson and MariaDB
  • [Feature Improvement] NATS TLS server runs alongside NATS server
  • [Bug Fix] Performance and stability improvements in Log Cache
  • [Bug Fix] Cloud Controller only checks for bucket presence on startup instead of every call to blobstore
  • [Bug Fix] Fix bug that caused Apps Manager to error out on clicking into the search bar
  • [Bug Fix] Show full list of jobs for an app in Apps Manager
  • Bump ubuntu-xenial stemcell to version 621.71
  • Bump capi to version 1.90.3
  • Bump cflinuxfs3 to version 0.178.0
  • Bump dotnet-core-offline-buildpack to version 2.3.9
  • Bump go-offline-buildpack to version 1.9.11
  • Bump log-cache to version 2.6.14
  • Bump mapfs to version 1.2.4
  • Bump nats to version 34
  • Bump nfs-volume to version 7.0.2
  • Bump nginx-offline-buildpack to version 1.1.8
  • Bump nodejs-offline-buildpack to version 1.7.17
  • Bump php-offline-buildpack to version 4.4.13
  • Bump push-apps-manager-release to version 672.0.7
  • Bump python-offline-buildpack to version 1.7.13
  • Bump r-offline-buildpack to version 1.1.4
  • Bump ruby-offline-buildpack to version 1.8.17
  • Bump smb-volume to version 3.0.1
  • Bump staticfile-offline-buildpack to version 1.5.6
  • Bump uaa to version 74.5.15
Component Version
ubuntu-xenial stemcell621.71
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.6
capi1.90.3
cf-autoscaling226
cf-cli1.26.0
cf-networking2.28.0
cflinuxfs30.178.0
credhub2.5.11
diego2.44.0
dotnet-core-offline-buildpack2.3.9
garden-runc1.19.10
go-offline-buildpack1.9.11
haproxy9.8.0
istio1.3.0
java-offline-buildpack4.29.1
log-cache2.6.14
loggregator-agent5.3.8
loggregator106.3.9
mapfs1.2.4
metric-registrar1.1.1
metrics-discovery2.0.2
mysql-monitoring9.10.0
nats34
nfs-volume7.0.2
nginx-offline-buildpack1.1.8
nodejs-offline-buildpack1.7.17
notifications-ui37
notifications61
php-offline-buildpack4.4.13
push-apps-manager-release672.0.7
push-usage-service-release672.0.7
pxc0.22.0
python-offline-buildpack1.7.13
r-offline-buildpack1.1.4
routing0.199.0
ruby-offline-buildpack1.8.17
silk2.28.0
smb-volume3.0.1
smoke-tests2.0.5
staticfile-offline-buildpack1.5.6
statsd-injector1.11.15
syslog11.6.1
system-metrics-scraper2.0.9
uaa74.5.15

2.9.1

Release Date: 04/22/2020

  • [Feature] HAProxy can now be configured with custom certificate authorities
  • [Feature Improvement] Autoscaler uses TLS to communicate with its database
  • [Feature Improvement] Allow configuration of system metrics scrape interval
  • [Bug Fix] Fix Certificates in CredHub KMS Provider Interface
  • [Bug Fix] Fix server_name value to use Common Name as metrics_agent_metrics_tls
  • Bump ubuntu-xenial stemcell to version 621.64
  • Bump cf-cli to version 1.26.0
  • Bump cflinuxfs3 to version 0.175.0
Component Version
ubuntu-xenial stemcell621.64
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.6
capi1.90.2
cf-autoscaling226
cf-cli1.26.0
cf-networking2.28.0
cflinuxfs30.175.0
credhub2.5.11
diego2.44.0
dotnet-core-offline-buildpack2.3.7
garden-runc1.19.10
go-offline-buildpack1.9.8
haproxy9.8.0
istio1.3.0
java-offline-buildpack4.29.1
log-cache2.6.11
loggregator-agent5.3.8
loggregator106.3.9
mapfs1.2.3
metric-registrar1.1.1
metrics-discovery2.0.2
mysql-monitoring9.10.0
nats32
nfs-volume6.0.0
nginx-offline-buildpack1.1.6
nodejs-offline-buildpack1.7.15
notifications-ui37
notifications61
php-offline-buildpack4.4.9
push-apps-manager-release672.0.6
push-usage-service-release672.0.7
pxc0.22.0
python-offline-buildpack1.7.10
r-offline-buildpack1.1.2
routing0.199.0
ruby-offline-buildpack1.8.14
silk2.28.0
smb-volume2.1.1
smoke-tests2.0.5
staticfile-offline-buildpack1.5.5
statsd-injector1.11.15
syslog11.6.1
system-metrics-scraper2.0.9
uaa74.5.13

v2.9.0

Release Date: April 10, 2020

Component Version
ubuntu-xenial stemcell621.61
backup-and-restore-sdk1.17.4
binary-offline-buildpack1.0.36
bosh-dns-aliases0.0.3
bosh-system-metrics-forwarder0.0.18
bpm1.1.6
capi1.90.2
cf-autoscaling226
cf-cli1.25.0
cf-networking2.28.0
cflinuxfs30.174.0
credhub2.5.11
diego2.44.0
dotnet-core-offline-buildpack2.3.7
garden-runc1.19.10
go-offline-buildpack1.9.8
haproxy9.8.0
istio1.3.0
java-offline-buildpack4.29.1
log-cache2.6.11
loggregator-agent5.3.8
loggregator106.3.9
mapfs1.2.3
metric-registrar1.1.1
metrics-discovery2.0.2
mysql-monitoring9.10.0
nats32
nfs-volume6.0.0
nginx-offline-buildpack1.1.6
nodejs-offline-buildpack1.7.15
notifications-ui37
notifications61
php-offline-buildpack4.4.9
push-apps-manager-release672.0.6
push-usage-service-release672.0.7
pxc0.22.0
python-offline-buildpack1.7.10
r-offline-buildpack1.1.2
routing0.199.0
ruby-offline-buildpack1.8.14
silk2.28.0
smb-volume2.1.1
smoke-tests2.0.5
staticfile-offline-buildpack1.5.5
statsd-injector1.11.15
syslog11.6.1
system-metrics-scraper2.0.9
uaa74.5.13

How to Upgrade

To upgrade to TAS for VMs v2.9, see Upgrading Ops Manager.

When upgrading to TAS for VMs v2.9, be aware of the following upgrade considerations:

  • If you previously used an earlier version of TAS for VMs, you must first upgrade to TAS for VMs v2.8 to successfully upgrade to TAS for VMs v2.9.

  • Some partner service tiles may be incompatible with Ops Manager v2.9. VMware is working with partners to ensure their tiles are updated to work with the latest versions of Ops Manager.

    For information about which partner service releases are currently compatible with Ops Manager v2.9, review the appropriate partners services release documentation at https://docs.pivotal.io or contact the partner organization that produces the tile.

New Features in TAS for VMs v2.9

TAS for VMs v2.9 includes the following major features:

Increase App Graceful Shutdown Period

You can increase the graceful shutdown period for your apps.

When TAS for VMs requests a shutdown of app instances, the processes in app containers have a period of time to gracefully shut down before the processes are forcefully terminated. The default, minimum graceful shutdown period is 10 seconds. If your apps require a longer period of time to finish in-flight jobs and gracefully shutdown, you can increase the graceful shutdown period in the Advanced Features pane of the TAS for VMs tile.

For more information, see Shutdown in App Container Lifecycle and Configure Advanced Features in Configuring TAS for VMs.

Deploy Sidecar Processes for Java Apps with a Buildpack (Beta)

You can use a custom buildpack to deploy a sidecar process alongside your Java app.

Previously, you could only use an app manifest to deploy a sidecar for a Java app.

For more information, see Sidecar Buildpacks.

Configure App Log Rate Limit (Beta)

You can limit the number of log lines each app instance generates per second by configuring the App log rate limit (beta) section in the App Containers pane of the TAS for VMs tile.

This feature is disabled by default. Enabling this feature prevents app instances from overloading the Loggregator Agent with logs, so the Loggregator Agent does not drop logs for other app instances. Enabling this feature also prevents apps from reporting inaccurate app metrics in the Cloud Foundry Command Line Interface (cf CLI) or increasing the CPU usage on the Diego Cell VM.

For more information, see Configure App Containers in Configuring TAS for VMs.

Configure Buildpacks for Apps Manager

You can configure the Apps Manager, Search Server, and Invitations apps to deploy with buildpacks you specify. To specify which buildpacks you want these apps to use, enter them in the Apps Manager pane of the TAS for VMs tile. For more information, see Configure Custom Branding and Apps Manager in Configuring TAS for VMs.

If you do not specify a buildpack, TAS for VMs uses the detection process to determine a single buildpack to use. For more information about the detection process, see Buildpack Detection in How Buildpacks Work in TAS for VMs.

NATS Shares Messages with NATS TLS

The nats-tls job is added to the NATS VM. This job configures the Diego Route Emitter to send routing information to NATS, which then shares that information with NATS TLS.

For more information about routing architecture in TAS for VMs, see TAS for VMs Routing Architecture.

For more information about outbound network communication paths from Diego, see Outbound Communications in Diego Network Communications.

For more information about how NATS TLS affects routing in VMware Tanzu Application Service for VMs [Windows] (TAS for VMs [Windows]), see TAS for VMs [Windows] Uses Route Emitters to Communicate with NATS Over TLS in VMware Tanzu Application Service for VMs [Windows] v2.9 Release Notes.

Hostname Validation Enabled By Default for External Databases

An Enable hostname validation checkbox is added to the TAS for VMs Databases pane. When Enable hostname validation is selected for an external database with TLS enabled, TAS for VMs verifies the hostname of the external database for communication between TAS for VMs and the external database.

The Enable hostname validation checkbox is selected by default. For more information about enabling hostname validation or enabling TLS for external databases, see Configure Databases in Configure TAS for VMs.

Warning: If your deployment uses a GCP or Azure external database for TAS for VMs and TLS is enabled for the database, you must deselect the Enable hostname validation checkbox. For more information, see Disable Hostname Validation for External Databases on GCP and Azure in Upgrade Preparation Checklist.

Note: The Enable hostname validation checkbox does not enable hostname validation for communication between TAS for VMs components and external CredHub databases. To enable or disable hostname validation for CredHub external databases, see Configure CredHub in Configure TAS for VMs.

App Revisions Are Enabled by Default (Beta)

App revisions are enabled by default.

To disable revisions in an app, you must manually turn them off using your Cloud Foundry API (CAPI) endpoint. For more information, see Disable Revisions for an App in App Revisions.

View Sidecar Processes in Apps Manager (Beta)

You can view sidecar processes associated with your apps through the Apps Manager UI.

To view the sidecars for an app in Apps Manager:

  1. Go to the Overview page for the app.
  2. Under Processes and Instances, see Sidecars.

For more information about viewing sidecar processes in Apps Manager, see View Sidecar Processes in Managing Apps and Service Instances Using Apps Manager.

For more information about sidecar processes, see Pushing Apps with Sidecar Processes (Beta).

View Key Metrics in Apps Manager (Beta)

If Metric Store is installed, you can view key metrics for an app on the app Overview page in Apps Manager.

The key metrics are CPU, Memory, Disk, Request Latency, Request Rate, and Request Errors.

For each metric, the Overview page includes a graph that shows metric behavior over the past three hours. The page also displays the average value for the metric over the past three hours.

For information about how to install Metric Store, see Metric Store.

For more information about viewing key metrics for your apps, see Manage an App in Using Apps Manager.

Log and Metric Agent Architecture (Beta)

The Log and Metric Agent Architecture includes components that collect, store, and forward logs and metrics in your deployment. The components of the Log and Metric Agent Architecture use a shared-nothing architecture that requires several fewer VMs than the Loggregator system.

To use the Log and Metric Agent Architecture components, you must also configure Syslog Agents, aggregate drains, and Log Cache to send logs to a shared destination. To configure these components, see Configure System Logging in Configuring TAS for VMs.

For more information about the Log and Metric Agent Architecture, see Log and Metric Agent Architecture (Beta).

Known Issues

TAS for VMs v2.9 includes the following known issues:

Run NFS Broker Errand Before Upgrade

If you are using NFS Volume Services, you must run the NFS Broker Errand errand before upgrading to TAS for VMs v2.9. Running this errand in TAS for VMs v2.8 migrates existing service instances for NFS Volume Services from MySQL to CredHub.

If you do not run the errand in TAS for VMs v2.8, you may be unable to bind apps to existing NFS Volume Service service instances after upgrading to TAS for VMs v2.9.

Disable the Smoke Test Errand If You Disable the Firehose

If you disable the V1 or V2 Firehose in TAS for VMs v2.9, you must also disable the smoke test errand.

If you do not disable the smoke test errand, the deploy fails with an error similar to the following:

[91m[1m[Fail] [0m[90mLoggregator: [0m[0mcf logs [0m[90mlinux [0m[91m[1m[It] can see app messages in the logs [0m  
          [37m/var/vcap/packages/smoke_tests/src/github.com/cloudfoundry/cf-smoke-tests/smoke/logging/loggregator_test.go:42[0m  
          [1m[91mRan 1 of 2 Specs in 56.171 seconds[0m  
          [1m[91mFAIL![0m -- [32m[1m0 Passed[0m | [91m[1m1 Failed[0m | [33m[1m0 Pending[0m | [36m[1m1 Skipped[0m  
          --- FAIL: TestSmokeTests (56.17s)  
          FAIL  
          Ginkgo ran 2 suites in 1m7.050120251s  
          Test Suite Failed  
Stderr     Error: failed to run job-process: exit status 1 (exit status 1)

To disable the smoke test errand, see Errands Pane: Persistent Rules in Managing Errands in Ops Manager.

Errors Viewing App Logs after Disabling V1 and V2 Firehose

If you disable the V1 or V2 Firehose and you are using a version of the cf CLI earlier than v6.50, you may encounter errors when you push an app or view the logs for an app. The logs exist but are not visible from the cf CLI.

Running the following commands results in errors:

  • cf logs: Timeout trying to connect to NOAA
  • cf push: timeout connecting to log server, no log will be shown

Despite the log-related errors, cf push works correctly and pushes the app.

To avoid encountering errors after disabling the Loggregator V1 or V2 Firehose, upgrade to cf CLI v6.50 or later.

App Metrics v2.0.0 Is Incompatible with Apps Manager Integration

This issue affects App Metrics v2.0.0.

If the App Metrics v2.0.0 tile is installed on a foundation, then the View in Metrics link on the app Overview tab in Apps Manager does not appear or is broken.

App Metrics Route Change Results In “Unexpected error occurrence”

This issue affects you only if you upgrade from App Metrics v2.0.0 to App Metrics v2.0.1 or later.

The route to App Metrics moved from appmetrics.FOUNDATION_SYSTEM_DOMAIN.com in v2.0.0 to metrics.FOUNDATION_SYSTEM_DOMAIN in v2.0.1.

If you have set the Multi-foundation configuration (beta) field of the Apps Manager section in a PAS tile, you must update the metricsUrl field to reflect the route change. If the field is not updated, then clicking View in Metrics on the app Overview tab in Apps Manager results in an Unexpected error occurence message.