Isolation Segment v2.9 Release Notes

Note: Pivotal Platform is now part of VMware Tanzu. In v2.9 and later, Pivotal Isolation Segment is renamed to Isolation Segment.

This topic contains release notes for Isolation Segment v2.9.


Releases

2.9.9

Release Date: 08/07/2020

  • [Bug Fix] Fix issue where requests to internal routes could fail due to incorrect case-sensitivity in DNS lookup in the service discovery controller.
  • [Bug Fix] System Metrics Scraper/Prom Scraper — Fixes a bug that causes excess log volume and increases scrape interval to reduce metric volume
  • Bump ubuntu-xenial stemcell to version 621.77
  • Bump cf-networking to version 2.31.0
  • Bump cflinuxfs3 to version 0.202.0
  • Bump garden-runc to version 1.19.14
  • Bump silk to version 2.31.0
Component Version
ubuntu-xenial stemcell621.77
bpm1.1.6
cf-networking2.31.0
cflinuxfs30.202.0
diego2.47.0
garden-runc1.19.14
haproxy9.8.0
loggregator-agent5.3.10
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.203.0
silk2.31.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.9.8

Release Date: 07/16/2020

  • [Security Fix] Fix for CVE-2020-15586: Bump golang to version 1.14.5 with a fix in the net/http/httputil package for an issue which could cause the Gorouter to crash if a malicious client sends specially crafted HTTP requests.
  • Bump cflinuxfs3 to version 0.198.0
  • Bump routing to version 0.203.0
Component Version
ubuntu-xenial stemcell621.76
bpm1.1.6
cf-networking2.30.0
cflinuxfs30.198.0
diego2.47.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.10
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.203.0
silk2.30.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.9.7

Release Date: 07/09/2020

  • Bump cflinuxfs3 to version 0.197.0
Component Version
ubuntu-xenial stemcell621.76
bpm1.1.6
cf-networking2.30.0
cflinuxfs30.197.0
diego2.47.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.10
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.201.0
silk2.30.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.9.6

Release Date: 06/25/2020

  • [Breaking Change] Incorrect HTTP(S) Proxy configuration breaks CredHub interpolation for apps. For more information, see Isolation Segment v2.9 Breaking Changes.
  • [Breaking Change]: If you use the NSX-T Container Plugin (NCP) tile v3.0.1 or earlier, do not upgrade to this patch. The stemcell in this patch is not compatible with the NCP tile v3.0.1 and causes the openvswitch job to fail when you deploy.
  • [Bug Fix] Remove invalid characters in hostnames in outgoing application syslog messages to comply with RFC 5424
  • Bump ubuntu-xenial stemcell to version 621.76
  • Bump cflinuxfs3 to version 0.195.0
  • Bump diego to version 2.47.0
  • Bump loggregator-agent to version 5.3.10
  • Bump smoke-tests to version 2.2.0
Component Version
ubuntu-xenial stemcell621.76
bpm1.1.6
cf-networking2.30.0
cflinuxfs30.195.0
diego2.47.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.10
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.201.0
silk2.30.0
smb-volume3.0.1
smoke-tests2.2.0
syslog11.6.1

2.9.5

Release Date: 06/11/2020

  • [Bug Fix] Gorouter - Drain timeout always uses configured value
  • [Bug Fix] Silk - Continue container networking during cell drain
  • [Bug Fix] Loggregator Agent - Fix certificate issues for all agent metrics
  • Bump cf-networking to version 2.30.0
  • Bump cflinuxfs3 to version 0.191.0
  • Bump routing to version 0.201.0
  • Bump silk to version 2.30.0
Component Version
ubuntu-xenial stemcell621.74
bpm1.1.6
cf-networking2.30.0
cflinuxfs30.191.0
diego2.44.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.9
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.201.0
silk2.30.0
smb-volume3.0.1
smoke-tests2.0.6
syslog11.6.1

2.9.4

Release Date: 06/02/2020

  • [Feature] Allow egress traffic from apps to addresses on host via host_tcp_services
  • [Bug Fix] Migrate services/intermediate_tls_ca to /services/tls_leaf for Maestro
  • [Bug Fix] Add a new cache configuration to the NFS service allowing service instances to enable file attribute caching and achieve directory listing performance similar to the nfs-legacy service
  • Bump cflinuxfs3 to version 0.189.0
  • Bump metrics-discovery to version 3.0.0
  • Bump nfs-volume to version 7.0.3
Component Version
ubuntu-xenial stemcell621.74
bpm1.1.6
cf-networking2.28.0
cflinuxfs30.189.0
diego2.44.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.9
mapfs1.2.4
metrics-discovery3.0.0
nfs-volume7.0.3
routing0.199.0
silk2.28.0
smb-volume3.0.1
smoke-tests2.0.6
syslog11.6.1

2.9.3

Release Date: 05/18/2020

  • [Bug Fix] Fix scheduling bug in loggregator agent by upgrading to Go 1.14.2
  • Bump ubuntu-xenial stemcell to version 621.74
  • Bump cflinuxfs3 to version 0.179.0
  • Bump loggregator-agent to version 5.3.9
Component Version
ubuntu-xenial stemcell621.74
bpm1.1.6
cf-networking2.28.0
cflinuxfs30.179.0
diego2.44.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.9
mapfs1.2.4
metrics-discovery2.0.2
nfs-volume7.0.2
routing0.199.0
silk2.28.0
smb-volume3.0.1
smoke-tests2.0.6
syslog11.6.1

2.9.2

Release Date: 05/05/2020

  • [Security Fix] Update debian packages and source libraries in nfs and mapfs releases
  • Bump ubuntu-xenial stemcell to version 621.71
  • Bump cflinuxfs3 to version 0.178.0
  • Bump mapfs to version 1.2.4
  • Bump nfs-volume to version 7.0.2
  • Bump smb-volume to version 3.0.1
Component Version
ubuntu-xenial stemcell621.71
bpm1.1.6
cf-networking2.28.0
cflinuxfs30.178.0
diego2.44.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.8
mapfs1.2.4
metrics-discovery2.0.2
nfs-volume7.0.2
routing0.199.0
silk2.28.0
smb-volume3.0.1
smoke-tests2.0.6
syslog11.6.1

2.9.1

Release Date: 04/22/2020

  • [Feature] HAProxy can now be configured with custom certificate authorities
  • [Bug Fix] Fix server_name value to use Common Name as metrics_agent_metrics_tls
  • Bump ubuntu-xenial stemcell to version 621.64
  • Bump cflinuxfs3 to version 0.175.0
Component Version
ubuntu-xenial stemcell621.64
bpm1.1.6
cf-networking2.28.0
cflinuxfs30.175.0
diego2.44.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.8
mapfs1.2.3
metrics-discovery2.0.2
nfs-volume6.0.0
routing0.199.0
silk2.28.0
smb-volume2.1.1
smoke-tests2.0.6
syslog11.6.1

v2.9.0

Release Date: April 10, 2020

Component Version
ubuntu-xenial stemcell621.61
bpm1.1.6
cf-networking2.28.0
cflinuxfs30.174.0
diego2.44.0
garden-runc1.19.10
haproxy9.8.0
loggregator-agent5.3.8
mapfs1.2.3
metrics-discovery2.0.2
nfs-volume6.0.0
routing0.199.0
silk2.28.0
smb-volume2.1.1
smoke-tests2.0.6
syslog11.6.1

About Isolation Segment

The Isolation Segment v2.9 tile is available for installation with Ops Manager v2.9.

Isolation segments provide dedicated pools of resources where you can deploy apps and isolate workloads. Using isolation segments separates app resources as completely as if they were in different Ops Manager deployments but avoids redundant management and network complexity. For more information about isolation segments, see Isolation Segments in TAS for VMs Security.

For more information about using isolation segments in your deployment, see Managing Isolation Segments.

How to Install

To install Isolation Segment v2.9, see Installing Isolation Segment.

To install Isolation Segment v2.9, you must first install Ops Manager v2.9.

New Features in Isolation Segment v2.9

Isolation Segment v2.9 includes the following major features.

Increase App Graceful Shutdown Period

You can increase the graceful shutdown period for your apps.

When VMware Tanzu Application Service for VMs (TAS for VMs) requests a shutdown of app instances, the processes in app containers have a period of time to gracefully shut down before the processes are forcefully terminated. The default, minimum graceful shutdown period is 10 seconds. If your apps require a longer period of time to finish in-flight jobs and gracefully shutdown, you can increase the graceful shutdown period in the Advanced Features pane of the TAS for VMs tile.

For more information, see Shutdown in App Container Lifecycle and Configure Advanced Features in Installing Isolation Segment.

Run Smoke Tests for Isolation Segment

The Smoke Tests pane is added to the Isolation Segment tile. This pane allows you to specify an org and space where smoke tests are run.

In the org and space that you specify, the Smoke Test errand pushes an app to an Ops Manager org. The app runs basic functionality tests against both the TAS for VMs and Isolation Segment tiles after an installation or update.

The Smoke Test errand is on by default. You can turn off the Smoke Test errand in the Errands pane.

For more information, see Configure Smoke Tests in Installing Isolation Segment.

Warning: If you configure the Compute and Networking Isolation pane and the Gorouters reject requests for isolation segments checkbox in the TAS for VMs tile in a manner other than the use cases that VMware recommends, the smoke tests fail. For more information, see Options for Configuring Compute and Networking Isolation in Installing Isolation Segment.

Manage Errands in Isolation Segment

The Errands pane is added to the Isolation Segment tile. In the Errands pane, you can select On to always run an errand or Off to never run it.

Errands are scripts that Ops Manager runs automatically when it installs or uninstalls a product, such as a new version of TAS for VMs. By default, Ops Manager always runs all errands. For more information about how Ops Manager manages errands, see Managing Errands in Ops Manager.

This pane allows you to configure whether the Smoke Test errand runs. For more information, see Configure Errands in Installing Isolation Segment.

Configure App Log Rate Limit (Beta)

You can limit the number of log lines each app instance in your isolation segment generates per second by configuring the App log rate limit (beta) section in the App Containers pane of the Isolation Segment tile.

This feature is disabled by default. Enabling this feature prevents app instances from overloading the Loggregator Agent with logs, so the Loggregator Agent does not drop logs for other app instances. Enabling this feature also prevents apps from reporting inaccurate app metrics in the Cloud Foundry Command Line Interface (cf CLI) or increasing the CPU usage on the Diego Cell VM.

For more information, see Configure App Containers in Installing Isolation Segment.

Known Issues

Isolation Segment v2.9 includes the following known issue.

Smoke Test Fails When Isolation Segment Name Begins with Hyphen

The Smoke Test errand fails for an isolation segment when the isolation segment name begins with a hyphen.

To fix this issue, you must rename the isolation segment to remove the hyphen at the beginning of the name. To rename the isolation segment:

  1. In the Isolation Segment tile, navigate to the Compute and Networking Isolation pane.

  2. Under Compute isolation, edit the name in the Segment name field.

  3. Click Save.

  4. Return to the Ops Manager Installation Dashboard.

  5. Click Review Pending Changes

  6. Click Apply Changes.

For more information about isolation segment names, see Configure Pane in Installing Isolation Segment. For more information about the Smoke Test errand, see Configure Smoke Tests and Configure Errands in Installing Isolation Segment.