Skip to main content

· 14 min read

Added

  • breaking change a9s MariaDB: Release a9s MariaDB 10.6 as GA. In order to use a9s MariaDB you have to set the following properties:
    • mariadb_service.services.a9s-mariadb106.name
    • mariadb_service.services.a9s-mariadb106.guid
    • mariadb_service.services.a9s-mariadb106.description
    • mariadb_service.services.a9s-mariadb106.label
    • mariadb_service.services.a9s-mariadb106.version
    • mariadb_service.services.a9s-mariadb106.bindable
    • mariadb_service.services.a9s-mariadb106.requires
    • mariadb_service.services.a9s-mariadb106.tags
    • mariadb_service.services.a9s-mariadb106.documentation_url
    • mariadb_service.services.a9s-mariadb106.metadata
    • mariadb_service.services.a9s-mariadb106.dashboard_client.id
    • mariadb_service.services.a9s-mariadb106.plans For more information see a9s Platform Operator - Sunrise Sunset.
  • breaking change a9s Search: Release a9s Search 2 as GA. In order to use a9s Search you have to set the following properties:
    • search_service.services.a9s-search2.name
    • search_service.services.a9s-search2.guid
    • search_service.services.a9s-search2.description
    • search_service.services.a9s-search2.label
    • search_service.services.a9s-search2.version
    • search_service.services.a9s-search2.bindable
    • search_service.services.a9s-search2.requires
    • search_service.services.a9s-search2.tags
    • search_service.services.a9s-search2.documentation_url
    • search_service.services.a9s-search2.metadata
    • search_service.services.a9s-search2.dashboard_client.id
    • search_service.services.a9s-search2.plans For more information see a9s Platform Operator - Sunrise Sunset.
  • a9s Backup Manager: Add /metrics endpoint to return basic information about the backup and queue states.
  • a9s Backup Monit: Consumes the new /metrics endpoint from the a9s Backup Manager, parses them for the Logstash a9s Backup Monit plugin, and offers them at the /v1/backup_manager endpoint.
  • a9s LogMe2: Release a9s LogMe2 as RC. For more information see a9s Platform Operator - Sunrise Sunset
  • all services: a9s Logstash: Consumes the /v1/backup_manager endpoint from the a9s Backup Monit and sends the metrics to the graphite exporter.
  • all services: a9s Service Dashboard: a9s PostgreSQL: Add the end date as the default date picker value during restore operation.
  • all services: consul-dns: Add script to remove the stale node entries for the primary aliases to post-start of the bootstrap node. The execution of this script happens only once and only in the bootstrap node of the a9s Consul Cluster. To avoid issues deleting entries for existing deployment, make sure that no deployment has all nodes stopped during the consul-dns update.
  • a9s Elasticsearch: Add custom parameter force_certificate_rotation for SSL service plans. This change enables the Application Developer to rotate the leaf certificate but not the CA.
  • a9s LogMe2: Enable OpenSearch Alerting and OpenSearch Notifications plugins for OpenSearch Dashboards.
  • a9s LogMe2: Enable metrics and logs streaming from OpenSearch nodes in an a9s LogMe2 service instance to a configured sink.
  • a9s LogMe2: Add encrypted TCP endpoint for Fluentd.
  • a9s LogMe2: Add support for SMTP notifications.
  • a9s LogMe2: Add syslog custom parameter to stream OpenSearch and Fluentd logs to third-party log-sink(s).
  • a9s LogMe2: Add custom parameter force_certificate_rotation for SSL service plans. This change enables the Application Developer to rotate the leaf certificate but not the CA.
  • a9s MariaDB: Add custom parameter force_certificate_rotation for SSL service plans. This change enables the Application Developer to rotate the leaf certificate but not the CA.
  • a9s MongoDB: Add custom parameter force_certificate_rotation for SSL service plans. This change enables the Application Developer to rotate the leaf certificate but not the CA.
  • a9s MySQL: Add custom parameter force_certificate_rotation for SSL service plans. This change enables the Application Developer to rotate the leaf certificate but not the CA.
  • a9s PostgreSQL: Add custom parameter force_certificate_rotation for SSL service plans. This change enables the Application Developer to rotate the leaf certificate but not the CA. For more information see PostgreSQL TLS/SSL Configuration.
  • a9s Search: Add custom parameter force_certificate_rotation for SSL service plans. This change enables the Application Developer to rotate the leaf certificate but not the CA.
  • INTERNAL RELEASE a9s Service Broker: Add finish_undeployment step to request the cleanup of deleted service instances.
  • docs: Application Developer: Add a disclaimer to the "a9s SSL/TLS Service Plans" page to explain that the a9s Data Services do not support plan upgrades from Non-SSL instances into SSL ones. For more information see a9s SSL/TLS Service Plans
  • docs: Application Developer: a9s Elasticsearch: Add a disclaimer specifying the known limitations of a9s Elasticsearch's Backups, to match the updated information included in the a9s Data Services Installation guide. For more information see the Backup and Restore Service Instances section of Using a9s Elasticsearch.
  • docs: Application Developer: a9s LogMe: Add a disclaimer specifying the known limitations of a9s Elasticsearch's Backups, to match the updated information included in the a9s Data Services Installation guide. For more information see the Backup and Restore Service Instances section of Using a9s LogMe.
  • docs: Application Developer: a9s LogMe2: Add information on how to set a syslog and graphite endpoint. For more information see Using a9s LogMe2 and a9s LogMe2.
  • docs: Application Developer: a9s LogMe2: New custom parameters:
    • opensearch-tls-protocols
    • opensearch-tls-ciphers
    • fluentd-udp
    • fluentd-tcp
    • fluentd-tls
    • fluentd-tls-ciphers
    • fluentd-tls-version
    • fluentd-tls-min-version
    • fluentd-tls-max-version
  • docs: Application Developer: a9s LogMe2: Add documentation for OpenSearch's Alerts creation/usage, as a step-by-step guide. For more information see the "Creating an Alert (Monitor)" section of Alerting and Notifications Plugins.
  • docs: Application Developer: a9s LogMe2: Add documentation for OpenSearch's Notification Channels creation/usage, as a step-by-step guide. For more information see the "Creating a Notification Channel" section of Alerting and Notifications Plugins.
  • docs: Application Developer: a9s LogMe2: Add a warning, explaining the current limitations when restoring an instance with ISM configured. For more information see Using a9s LogMe2.
  • docs: Application Developer: a9s LogMe2: Add a warning to the explaining that the indices of the alertingDashboards and notificationsDashboards plugins cannot be deleted or removed. For more information see Alerting and Notifications Plugins.
  • docs: Application Developer: a9s Search: Add a disclaimer specifying the known limitations of a9s Search's Backups, to match the updated information included in the a9s Data Services Installation guide. For more information see the Backup and Restore Service Instances section of Using a9s Search.
  • docs: Application Developer: a9s Search: Add a warning to explain that the disk space for the same indexes may be different between Elasticsearch and OpenSearch, which is why data cannot be checked by index size after migration. For more information see a9s Search Migration
  • docs: Platform Operator: Add detailed information about the a9s Data Services release policy. For more information see a9s Data Service Sunrise/Sunset for Major Versions.
  • docs: Platform Operator: Move the Release Lifecycle Table information to the a9s Data Service Sunrise/Sunset for Major Versions page. For more information see a9s Data Service Sunrise/Sunset for Major Versions.
  • docs: Platform Operator: Add a disclaimer to the "a9s SSL/TLS Service Plans" and "Service Plans" pages to explain that the a9s Data Services do not support plan upgrades from Non-SSL instances into SSL ones. For more information see Service Plans and Securing the a9s Framework with TLS.
  • docs: Platform Operator: a9s Backup Manager: Add a new page to the current a9s Backup Manager's documentation, as part of making the section visible on the website's sidebar. For more information see a9s Backup Manager BOSH Properties
  • docs: Platform Operator: a9s Backup Monit: Extend the documentation with the new metrics provided by the a9s Backup Monit service. For more information see a9s Backup Manager Metrics.
  • docs: Platform Operator: a9s Backup Services: Add a disclaimer to the relevant "a9s Backup Services" documentation pages to explicitly state the supported AWS S3 Storage Classes. For more information see a9s Backup Process, a9s Backup Service, a9s Data Services Installation and Disaster Recovery.
  • docs: Platform Operator: a9s Elasticsearch: Add a disclaimer specifying the known limitations of a9s Elasticsearch's Backups, to match the updated information included in the a9s Data Services Installation guide. For more information see the Backup and Restore Service Instances section of a9s Elasticsearch Resources Considerations.
  • docs: Platform Operator: a9s LogMe: Add a disclaimer specifying the known limitations of a9s Elasticsearch's Backups, to match the updated information included in the a9s Data Services Installation guide. For more information see the Backup and Restore Service Instances section of a9s LogMe Resources Considerations.
  • docs: Platform Operator: a9s LogMe2: Add new custom parameters to section Default Custom Parameter Configuration on the page a9s LogMe2 SPI Configuration.
  • docs: Platform Operator: a9s LogMe2: Add a warning explaining that the indices of the alertingDashboards and notificationsDashboards plugins cannot be deleted or removed. For more information see a9s LogMe2 SPI Configuration.
  • docs: Platform Operator: a9s PostgreSQL: Add a disclaimer to the "a9s PostgreSQL Manual Point-in-Time Recovery" page to explicitly state the supported AWS S3 Storage Classes. For more information see a9s PostgreSQL Manual Point-in-Time Recovery.
  • docs: Platform Operator: a9s Search: Add a disclaimer specifying the known limitations of a9s Search's Backups, to match the updated information included in the a9s Data Services Installation guide. For more information see the Backup and Restore Service Instances section of a9s Search Resources Considerations.

Updated

  • all services: Update routing BOSH release to latest version 0.254.0.
  • all services: Update bpm BOSH release to latest version 1.1.21.
  • all services: a9s Dashboard: Update AntD and ReactScripts.
  • all services: a9s Dashboard: Update UX with minor improvements.
  • all services: Template Uploader Errand: Update templates for a9s LogMe2 to support individual certificates for the dedicated components in an a9s LogMe2 service instance.
  • a9s Backup Manager: Add field backup_type to the backups configuration of the V1 API. For more information see a9s Service Dashboard - API V1.
  • a9s Harbor: PostgreSQL 10.23
  • a9s LogMe2: OpenSearch 2.4.1
  • a9s Messaging:
    • a9s Messaging 3.10
      • RabbitMQ 3.10.14
      • Erlang 24.3.4.8
  • a9s PostgreSQL:
    • a9s PostgreSQL 13
      • PostgreSQL 13.9
    • a9s PostgreSQL 11
      • PostgreSQL 11.18
    • a9s PostgreSQL 10
      • PostgreSQL 10.23
  • a9s Prometheus: promgraf2 BOSH release now includes:
    • Prometheus 2.41.0
    • Grafana 8.5.15
    • graphite_exporter 0.13.1
    • blackbox_exporter 0.23.0
    • cadvisor 0.47.1
    • consul_exporter 0.9.0
    • haproxy_exporter 0.14.0
    • alertmanager 0.25.0
    • statsd_exporter 0.23.0
    • influxdb_exporter 0.11.1
  • a9s Prometheus: prometheus2 BOSH release now includes:
    • Prometheus 2.41.0
    • graphite_exporter 0.13.1
    • blackbox_exporter 0.23.0
    • cadvisor 0.47.1
    • consul_exporter 0.9.0
    • haproxy_exporter 0.14.0
    • influxdb_exporter 0.11.1
    • statsd_exporter 0.23.0
    • alertmanager 0.25.0
  • a9s Redis:
    • a9s Redis 6
      • Redis 6.2.10
  • a9s Search:
    • a9s Search 2:
      • OpenSearch 2.4.1
    • a9s Search 1:
      • OpenSearch 1.3.7
  • addons/mongodbsspl: MongoDB 5.0.14
  • INTERNAL RELEASE all services: a9s Backup Agent: Simplify logger configuration.
  • INTERNAL RELEASE all services: a9s Backup Agent: Improve a9s Backup Agent logs by logging more information during the backup/restore process, and adding additional debug and info messages.
  • INTERNAL RELEASE a9s Backup Manager: Improve a9s Backup Manager logs by separating the API logs from the worker logs, and adding additional debug and info messages.
  • docs: Application Developer: Make the a9s Dashboard API's deprecation notice more prominent. For more information see a9s Service Dashboard - API.
  • docs: Application Developer: Update the documentation regarding TLS/SSL Plans. For more information see SSL Plans.
  • docs: Platform Operator: Extend the "Known Limitations of a9s Backup Service" section in the a9s Data Services Installation guide. For more information see Known Limitations of a9s Backup Service.
  • docs: Platform Operator: Up-to-date Vendor DS Version on the a9s Data Services Release Lifecycle page
  • docs: Platform Operator: Update the documentation regarding TLS/SSL Plans. For more information see SSL Plans.
  • docs: Platform Operator: Simplify the a9s Data Service Release Lifecycle Table by changing the a9s Non-GA column into the Introduced column and removing the a9s GA column, since the DS State column provides concise information already. For more information see a9s Data Service Sunrise/Sunset for Major Versions.

Deprecated

  • a9s Harbor: Deprecate a9s Harbor. For more information see a9s Platform Operator - Sunrise Sunset

Removed

  • breaking change all services: Remove the Ops-file enable-production-ready-services-only.yml. This Ops-file was used to remove the Non-GA services from their corresponding a9s Data Service. Instead of this opt-out solution, an explicit opt-in solution for Non-GA services is now used. For more information see Enable Non-GA Services.
  • breaking change a9s Harbor: Remove deprecated Harbor from the service catalog.
  • breaking change a9s Kubernetes: Remove deprecated Kubernetes from the service catalog.
  • breaking change a9s LogMe2: Remove LogMe2 from the service catalog. For information on how to enable release candidate services, see Enable Release Candidates Services.
  • breaking change a9s MariaDB: Remove MariaDB 10.6 from the service catalog. For information on how to release candidate services, see Enable Release Candidates Services.
  • breaking change a9s Messaging: Remove Messaging 3.10 from the service catalog. For information on how to enable release candidate services, see Enable Release Candidates Services.
  • breaking change a9s PostgreSQL: Remove deprecated PostgreSQL 9.4 from the service catalog. This removal follows the deprecation process started in version 16.0.0.
  • breaking change a9s Prometheus: Remove Prometheus from the service catalog. For information on how to enable beta services, see Enable Beta Services.
  • breaking change a9s Search: Remove deprecated Search 1 from the service catalog. This removal follows the deprecation process started in version 33.0.0.
  • docs: Platform Operator: Remove a9s Data Services Release Lifecycle page.

Fixed

  • all services: SSO-Proxy: Redirect to the Cloud Foundry Authentication page when the CF Token is no longer valid or it is not possible to refresh the token.
  • a9s Elasticsearch: a9s Backup Agent: Make the a9s Backup Agent backup process fail when it reaches the PARTIAL or INCOMPATIBLE snapshot state.
  • a9s Harbor: Remove the node entries for the primary aliases from a9s Consul when the service instance is deleted.
  • a9s LogMe2: a9s Backup Agent: Fix an issue that causes restore operations to fail when OpenSearch Alerting and Notifications are configured.
  • a9s Messaging: Fix custom param roles during service binding creation.
  • a9s Messaging: Emit backing_queue_status metrics only if available.
  • a9s Messaging: Fix force_certificate_rotation for SSL service plans. This change ensures that only the leaf certificate is rotated and not the CA.
  • a9s PostgreSQL: Remove the node entries for the primary alias from a9s Consul when the service instance is deleted.
  • a9s PostgreSQL: Fix force_certificate_rotation for SSL service plans. This change ensures that only the leaf certificate is rotated and not the CA.
  • a9s PostgreSQL: Fix WAL archival backing up files with huge commit entries when enabling continuous_archiving. When the huge commit entry would fill the buffer, the archival process would get stuck, blocking any WAL file from being archived and preventing base backups to finish executing.
  • a9s Redis: Remove the node entries for the primary alias from a9s Consul when the service instance is deleted.
  • a9s Redis: Fix force_certificate_rotation for SSL service plans. This change ensures that only the leaf certificate is rotated and not the CA.
  • a9s Search: a9s Backup Agent: Make the a9s Backup Agent backup process fail when it reaches the PARTIAL or INCOMPATIBLE snapshot state.
  • a9s Service Guard: Fix the security_groups:remove Rake task so it does not remove security groups that are in use.
  • a9s Service Guard: Run only one SyncSharedInstancesJob at a time.
  • INTERNAL RELEASE a9s-pg: Fix WAL archival backing up files with huge commit entries when enabling continuous_archiving. When the huge commit entry would fill the buffer, the archival process would get stuck, blocking any WAL file from being archived and preventing base backups to finish executing.
  • INTERNAL RELEASE a9s Harbor: a9s PostgreSQL: Fix WAL archival backing up files with huge commit entries when enabling continuous_archiving. When the huge commit entry would fill the buffer, the archival process would get stuck, blocking any WAL file from being archived and preventing base backups to finish executing.
  • docs: Application Developer: Fix typos, formatting mistakes, and metadata issues across the entire documentation.
  • docs: Application Developer: Add note backing_queue_metrics are optional.
  • docs: Platform Operator: Fix typos, formatting mistakes, and metadata issues across the entire documentation.
  • docs: Platform Operator: a9s Backup Manager: Fix the a9s Backup Manager documentation to that it is visible on the website's sidebar. For more information see a9s Backup Manager

Security

  • all services: a9s Backup Agent: Fix CVEs:
    • CVE-2022-29181
    • GHSA-2qc6-mcvw-92cw
    • GHSA-cgx6-hpwq-fhv5
  • all services: a9s Dashboard: Fix CVEs:
    • CVE-2022-37601
    • CVE-2021-3918
    • CVE-2021-42740
    • CVE-2021-23436
  • a9s Backup Manager: Fix CVEs:
    • CVE-2022-29181
    • GHSA-2qc6-mcvw-92cw
    • GHSA-cgx6-hpwq-fhv5
  • a9s Backup Monit: Fix CVEs:
    • CVE-2022-29181
    • GHSA-2qc6-mcvw-92cw
    • GHSA-cgx6-hpwq-fhv5

· 9 min read

Fixed

  • breaking change a9s Backup Monit: The metric last_backup_status was adapted from a string value into a numeric value. This change was required because graphite metric values are numeric values, thus the graphite endpoints could not receive this metric as they expect numeric values. For more information see a9s Backup Monit Metrics.
  • all services: a9s Logstash: Update the logstash-output-graphite plugin from version 3.1.5 to version 3.1.6. This was necessary as the plugin was not handling IOException exceptions safely, which could in turn crash Logstash under certain situations.
  • all services: a9s BOSH Deployer: Fix the Recreate button on the a9s Service Dashboard. This was caused by a missing --fix flag within the validation conditions of the recreate subcommand.
  • a9s Backup Manager: Extend the error management inside the Backup Manager to catch the 'host unreachable' error when communicating with the Service Broker. This was necessary since the previous error management did not allow the search for further brokers to continue if any given broker listed was deemed unreachable (even if temporarily); thus causing an early end and potentially causing issues with the related backup.
  • a9s Search: Disable all non-mandatory OpenSearch plugins from a9s Search. This was always the intended functionality.
  • a9s Search: Add missing deployment variable, /search_service_broker_password, to the a9s Search manifest.
  • docs: all services: Fix the documentation sidebar's ordering by adding the sidebar=1 property to the metadata of the intro.md file. For more information see Introduction.
  • docs: Application Developer: Remove duplicate section on the page Using a9s LogMe.
  • docs: Platform Operator: Fix the title of the "a9s-pg Upgrade from 9.4" page. For more information see a9s-pg Upgrade from 9.4.
  • docs: Platform Operator: Fix the title of the "a9s Redis Resources Considerations" page. For more information see a9s Redis Resources Considerations.
  • docs: Platform Operator: Fix the title of the "Service Instance Resource Usage" page. For more information see Service Instance Resource Usage.
  • docs: Platform Operator: Fix the title of the "a9s Data Services Configuration" page. For more information see a9s Data Services Configuration.
  • docs: Platform Operator: Corrected the Non-GA version of a9s MariaDB. It was mistankenly set to v33.0.0 although it was already released as RC in v32.0.0. For more information see Release Lifecycle Information.
  • INTERNAL RELEASE a9s PostgreSQL: Improve a9s postgresql-info-webservice component logs.

Added

  • breaking change a9s Redis: We now consider Redis 6 as stable. The following properties must be set:
    • redis_service.services.a9s-redis6.name
    • redis_service.services.a9s-redis6.guid
    • redis_service.services.a9s-redis6.description
    • redis_service.services.a9s-redis6.label
    • redis_service.services.a9s-redis6.version
    • redis_service.services.a9s-redis6.bindable
    • redis_service.services.a9s-redis6.requires
    • redis_service.services.a9s-redis6.tags
    • redis_service.services.a9s-redis6.documentation_url
    • redis_service.services.a9s-redis6.metadata
    • redis_service.services.a9s-redis6.dashboard_client.id
    • redis_service.services.a9s-redis6.plans
  • breaking change a9s LogMe: Make the Cloud Foundry NATS credentials used by the Route Register configurable via template uploader variables. Moreover, the Cloud Foundry NATS credentials property have changed from /cf_nats_user and /cf_nats_password to /cf_nats_credentials of CredHub type User. You can check how to migrate the NATS credentials to the new variable in Upgrading to v33. The new properties are documented in Template Uploader Errand Properties.
  • breaking change a9s Harbor: Make the Cloud Foundry NATS credentials used by the Route Register configurable via template uploader variables. Moreover, the Cloud Foundry NATS credentials property have changed from /cf_nats_user and /cf_nats_password to /cf_nats_credentials of CredHub type User. You can check how to migrate the NATS credentials to the new variable in Upgrading to v33. The new properties are documented in Template Uploader Errand Properties.
  • breaking change a9s Prometheus: Make the Cloud Foundry NATS credentials used by the Route Register configurable via template uploader variables. Moreover, the Cloud Foundry NATS credentials property have changed from /cf_nats_user and /cf_nats_password to /cf_nats_credentials of CredHub type User. You can check how to migrate the NATS credentials to the new variable in Upgrading to v33. The new properties are documented in Template Uploader Errand Properties.
  • breaking change a9s Messaging: Make the Cloud Foundry NATS credentials used by the Route Register configurable via Ops File. Moreover, the Cloud Foundry NATS credentials property have changed from /cf_nats_user and /cf_nats_password to /cf_nats_credentials of CredHub type User. You can check how to migrate the NATS credentials to the new variable in Upgrading to v33. The new properties are documented in Template Uploader Errand Properties.
  • breaking change a9s Search: Release a9s Search 2 as a Release Candidate, see the Upgrade Guide for a9s Search 2 and Release Lifecycle Information.
  • all services: Add consul job to the smoke-tests instance group inside the deployment manifests. This ensures that all BOSH VMs are able to resolve hostnames via the a9s Consul, and do not need to rely on default DNS servers inside the cloud_config.
  • a9s LogMe2: Release the first Beta Release of a9s LogMe2. a9s LogMe2 enables on demand provisioning of a pre-configured OpenSearch and Fluentd Stack. This service is a successor to a9s LogMe.
  • a9s PostgreSQL: Add default configuration for continuous archiving. Now it is possible to specify default values globally or per plan for this property. It is also possible to specify if it is modifiable or not. For more information see Continuous Archiving.
  • a9s Billing: Add consul job to the sameness instance group to ensure that all BOSH VMs are able to resolve hostnames via the a9s Consul. This ensures that all BOSH VMs are able to resolve hostnames via the a9s Consul, and do not need to rely on default DNS servers inside the cloud_config.
  • a9s Search: Add the consul domains of a9s Elasticsearch to the whitelist of the reindex operation of OpenSearch. This is necessary in order to allow the migration from a9s Elasticsearch 7 to a9s Search 2 instances. For more infomation see Migrate a9s Elasticsearch 7 To a9s Search 2
  • a9s Smoke Tests: Extend the functionality of the smoke tests to incorporate support for a9s Search 2.
  • docs: Platform Operator: Add column DS State to the "Release Lifecycle Information" table to better visualize the current state of the a9s Data Service versions. For more information see a9s Data Services Release Lifecycle.
  • docs: Platform Operator: Add a disclaimer specifying that a9s MariaDB does not support plan updates from non-ssl plans to ssl plans. For more information see a9s Data Services Installation and a9s MariaDB Resources Considerations.
  • docs: Platform Operator: Add the anynines Data Services Base64 encoded icons to the "a9s Service Catalog" page. For more information see Service Catalog.
  • docs: Platform Operator: Update installation guide to explicitly say that the backups of a9s Elasticsearch and a9s LogMe are not encrypted.
  • docs: Application Developer: Add "Migrate a9s Elasticsearch 7 To a9s Search 2" page to the a9s Search documentation. For more information see Migrate a9s Elasticsearch 7 To a9s Search 2.

Updated

  • breaking change a9s Search: Enable the section in charge of testing the service instance's backup within the smoke tests by default. The property service-smoke-tests.service.do_check_backup has been set to true.
  • all services: Update routing BOSH release to latest version 0.246.0.
  • all services: a9s Dashboard: Upgrade Node version to v16.18.0
  • all services: a9s Dashboard: Several CVE fixes:
    • Update eventsource to 1.1.2
      • CVE-2022-1650
    • Update merge-deep to 3.0.3
      • CVE-2021-26707
    • Update minimist to 1.1.1
      • CVE-2021-44906
    • Update url-parse to 1.5.10
      • CVE-2022-0686
  • a9s Harbor: Harbor 1.10.14
  • a9s Messaging:
    • a9s Messaging 3.10
      • RabbitMQ 3.10.9
      • Erlang 24.3.4.6
    • a9s Messaging 3.8
      • Erlang 23.3.4.18
  • a9s Prometheus: promgraf2 BOSH release now includes:
    • Grafana 8.5.13
    • statsd_exporter 0.22.8
  • a9s Prometheus: prometheus2 BOSH release now includes:
    • Prometheus 2.40.0
    • statsd_exporter 0.22.8
  • a9s Prometheus: promgraf2 raises open file limit to 65536 via ulimit in the ctl script.
  • a9s Prometheus: prometheus2 raises open file limit to 65536 via ulimit in the ctl script.
  • a9s MariaDB: MariaDB 10.6.11 and Mariadb 10.4.27
  • a9s Search: OpenSearch 1.3.6
  • a9s Elasticsearch: elasticsearch7 BOSH release now includes:
    • OpenJDK 11.0.16_9
  • a9s Elasticsearch: elasticsearch6 BOSH release now includes:
    • OpenJDK 11.0.16_9
  • a9s Elasticsearch: elasticsearch5 BOSH release now includes:
    • OpenJDK 8u345-b01
  • a9s Elasticsearch: elasticsearch2 BOSH release now includes:
    • OpenJDK 8u345-b01
  • a9s LogMe: elasticsearch5 BOSH release now includes:
    • OpenJDK 8u345-b01
  • a9s Billing: Update omniauth-keycloak gem to version 2.1.0. Fixes:
    • CVE-2020-36599
  • addons/mongodbsspl: MongoDB 5.0.13
  • docs: Platform Operator: Renamed the column a9s Beta Release to a9s Non-GA in the Release Lifecycle Information table to better reflect the intent of the release; as the service is either meant to be in the beta phase, or it can be the next release candidate. For more information see Release Lifecycle Information.
  • docs: Platform Operator: Renamed the column a9s Stable Release to a9s GA in the Release Lifecycle Information table to better reflect the current nomenclature. For more information see Release Lifecycle Information.

Removed

  • breaking change a9s Search: Deprecate the Beta release of a9s Search 1. This deprecation is done in favor of a9s Search 2, but without any migration path because a9s Search 1 is a Beta product. The removal of this Beta service has been initiated and will be finalized in v36.0.0. Please be aware that if your instances still exist by v36.0.0 it will break your deployment.
  • INTERNAL RELEASE a9s MariaDB: Remove the consul-master-registrator job from the templates of a9s MariaDB cluster plans. Since a9s MariaDB cluster instances are configured with a master-master setup, and accessed via a Consul service DNS entry that points to all nodes in the cluster. The primary alias provided by this job is not used nor is available to the end user in any way.
  • INTERNAL RELEASE a9s MySQL: Remove the consul-master-registrator job from the templates of a9s MySQL cluster plans. Since a9s MySQL cluster instances are configured with a master-master setup, and accessed via a Consul service DNS entry that points to all nodes in the cluster. The primary alias provided by this job is not used nor is available to the end user in any way.
  • INTERNAL RELEASE all services: a9s Logstash: Remove unused plugin logstash-output-kafka in version 7.0.10 from the offline package to avoid vulnerability scanner hints.

· 7 min read

Fixed

  • all services: a9s Dashboard: Fix link url when using 'Disable Automatic Update Modal' dialog.
  • a9s-pg: Fix PostgreSQL network relocation that would fail during pre-start and would break the update in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s-pg: Fix drain script that would fail to execute when the start-up lock dir does not exist, causing a stop operation to fail.
  • a9s Backup Manager: Adjust the ops file backup-on-alicloud.yml to remove the configuration for a9s Search service.
  • a9s Backup Manager: Adjust the ops file backup-on-generic-s3.yml to remove the configuration for a9s Search service.
  • a9s Service Guard: Fix an issue when the created security groups are not applied to the diego-cells and therefore connections between the app and the service instance were still blocked. This was caused because Cloud Foundry is moving away from CC API v2 to CC API v3. As a result, some operations are executed only against CC API v2 are not working as expected. Now operations regarding security groups also support CC API v3. You can choose the version of the API via the a9s Service Guard property cf_service_guard.cloud_foundry.api_version. The default is v3.
  • a9s PostgreSQL: Fix PostgreSQL network relocation that would fail during pre-start and would break the update in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s PostgreSQL: Fix drain script that would fail to execute when the start-up lock dir does not exist, causing a stop operation to fail.
  • a9s Messaging: SPI: Fix binding to include Stomp and MQTT information.
  • a9s Messaging: SPI: Fix Subject Alternative Names for RabbitMQ Management UI when using SSL Plans.
  • a9s Harbor: Fix PostgreSQL network relocation that would fail during pre-start and would break the update in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s Harbor: Fix drain script that would fail to execute when the start-up lock dir does not exist, causing a stop operation to fail.
  • a9s Harbor: Remove broken link to Harbor log directory, so that bosh logs works again.

Added

  • breaking change all services: a9s BOSH Deployer: Provide a configuration for the deployment updater to force a recreation of all VMs. Additionally, instances that are not responsive and would result in an error are now recovered instead. See Platform Operator documentation.
  • breaking change a9s PostgreSQL: We consider PostgreSQL 13 as stable now. You have to set the following properties:
    • postgresql_service.services.a9s-postgresql13.name
    • postgresql_service.services.a9s-postgresql13.guid
    • postgresql_service.services.a9s-postgresql13.description
    • postgresql_service.services.a9s-postgresql13.label
    • postgresql_service.services.a9s-postgresql13.version
    • postgresql_service.services.a9s-postgresql13.bindable
    • postgresql_service.services.a9s-postgresql13.requires
    • postgresql_service.services.a9s-postgresql13.tags
    • postgresql_service.services.a9s-postgresql13.documentation_url
    • postgresql_service.services.a9s-postgresql13.metadata
    • postgresql_service.services.a9s-postgresql13.dashboard_client.id
    • postgresql_service.services.a9s-postgresql13.plans-to-test
    • postgresql_service.services.a9s-postgresql13.planupdates-to-test
  • all services: a9s Dashboard: Add 'Restored From' column on Restores table for the a9s Postgresql service instances with PITR enabled. This column shows the point in time used to generate the restores.
  • all services: a9s Dashboard: Disable 'Set Encryption Key' button on the backups menu when backups download is not allowed (allow_downloads is set to false).
  • all services: a9s Backup Agent: Support backup and restore for a9s MariaDB.
  • all services: a9s Logstash: Add a new plugin for a9s MariaDB metrics.
  • a9s Service Guard: Add platform operator tasks to cleanup unused security groups and truncate approvals. For more information see use_dns_addresses
  • a9s Search: Add support for TLS communication. Documentation can be found here.
  • a9s MariaDB: Add a9s MariaDB data service. The a9s MySQL service is being replaced in favor of the a9s MariaDB data service. The new data service starts with MariaDB 10.6. See the platform operator documentation and application developer documentation.
  • a9s Prometheus: Add a9s MariaDB metrics.
  • docs: Application Developer: Add a9s MariaDB migration page. For more information see a9s MariaDB Migration.
  • docs: Platform Operator: Add missing 4444 and 4568 ports to a9s MySQL ports list. See more here
  • docs: Platform Operator: Add more information on how to configure the wildcard certificate correctly. See the Wildcard Certificate section.
  • docs: Platform Operator: Add note to installation instructions informing clients to disable use_dns_addresses. and additional section to explain issue with use_dns_addresses property.
  • docs: Platform Operator: Add missing information regarding the configuration of cdns_encrypt key, which is needed to deploy a9s Consul, to the a9s Data Services Installation Guide.
  • INTERNAL RELEASE a9s Harbor: Add dns_servers BOSH property to the docker job to configure custom DNS servers.

Updated

  • all services: Update bpm BOSH release to latest version 1.1.19.
  • all services: Update routing BOSH release to latest version 0.238.0.
  • a9s Search: Update repository-azure and repository-s3 plugins to latest version 1.3.4.
  • a9s Prometheus: promgraf2 BOSH release now includes:
    • Prometheus 2.38.0
    • Grafana 8.5.11
    • blackbox_exporter 0.22.0
    • bosh_exporter 3.4.0
    • cadvisor 0.45.0
    • elasticsearch_exporter 1.5.0
    • graphite_exporter 0.12.3
    • influxdb_exporter 0.10.0
    • postgres_exporter 0.11.1
    • statsd_exporter 0.22.7
  • a9s Prometheus: prometheus2 BOSH release now includes:
    • Prometheus 2.37.0
    • blackbox_exporter 0.22.0
    • bosh_exporter 3.4.0
    • cadvisor 0.45.0
    • elasticsearch_exporter 1.5.0
    • graphite_exporter 0.12.3
    • influxdb_exporter 0.10.0
    • postgres_exporter 0.11.0
    • statsd_exporter 0.22.7
  • a9s Messaging:
    • a9s Messaging 3.10
      • Erlang 24.3.4.3
      • RabbitMQ 3.10.7
  • a9s MySQL: MariaDB 10.4.26
  • a9s Backup Agent: Several CVE fixes:
    • Update puma to version 4.3.12. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update tzinfo to version 1.2.10. Fixes:
      • CVE-2022-31163
  • a9s Backup Manager: Several CVE fixes:
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update puma to version 4.3.12. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
  • a9s Backup Monit: Several CVE fixes:
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update puma to version 4.3.12. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
  • a9s SSO Proxy: Several CVE fixes
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update puma to version 5.6.5. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
    • Update sinatra to version 2.2.2. Fixes:
      • CVE-2022-29970
  • a9s Smoke Tests: Several CVE fixes:
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30122
      • CVE-2022-30123
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
  • a9s Harbor SPI: Several CVE fixes:
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update jmespath to version 1.6.1. Fixes:
      • CVE-2022-32511
  • a9s BOSH Deployer: Several CVE fixes:
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
  • a9s Service Broker: Several CVE fixes:
    • Update nokogiri to version 1.13.8. Fixes:
      • GHSA-cgx6-hpwq-fhv5
      • GHSA-gx8x-g87m-h5q6
      • GHSA-xxx9-3xcr-gjj3
      • GHSA-fq42-c5rg-92c2
      • GHSA-v6gp-9mmm-c6p5
      • CVE-2022-29181
      • CVE-2022-24836
    • Update rack to version 2.2.4. Fixes:
      • CVE-2022-30123
      • CVE-2022-30122
    • Update rails-html-sanitizer to version 1.4.3. Fixes:
      • CVE-2022-32209
    • Update puma to version 5.6.5. Fixes:
      • CVE-2022-24790
      • CVE-2022-23634
  • addons/mongodbsspl: MongoDB 5.0.12
  • docs: Application Developer: Move a9s MySQL documentation to a9s MariaDB documentation. For more information see a9s MySQL.
  • docs: Platform Operator: Move a9s MySQL documentation to a9s MariaDB documentation. For more information see a9s MySQL.
  • INTERNAL RELEASE a9s Messaging SPI: Consolidate Code of Service Bindings for non-SSL and SSL Plans.

Removed

  • docs: Platform Operator: Remove hints about a9s Cloud Config Wizard.
  • docs: Platform Operator: Remove --vars-store secrets/creds.yml usage from installation instructions.
  • docs: Platform Operator: Remove all documentation about setting backup stores for a9s-pg deployment. This is not needed anymore as backups of a9s-pg are managed by a9s Backup Manager.
  • docs: Platform Operator: Remove incorrect statement from page Cleanup Purged Service Instances

· 2 min read

Fixed

  • a9s Backup Manager: Adjust the ops file backup-on-alicloud.yml to remove the configuration for a9s Search service.
  • docs: Platform Operator: Add more information on how to configure the wildcard certificate correctly. See the Wildcard Certificate section.
  • docs: Platform Operator: Fixed missing 4444 and 4568 ports to a9s MySQL ports list. See more here

Added

  • all services: a9s Dashboard: Add 'Restored From' column on Restores table for the a9s Postgresql service instances with PITR enabled. This column shows the point in time used to generate the restores.
  • a9s Search: Add support for TLS communication. Documentation can be found here.
  • a9s Service Guard: Add platform operator tasks to cleanup unused security groups and truncate approvals.
  • docs: Platform Operator: Add note on installation file informing clients to disable use_dns_addresses.
  • docs: Platform Operator: Add section to explain issue with use_dns_addresses property. For more information see use_dns_addresses
  • all services: a9s BOSH Deployer: Provide a configuration for the deployment updater to force a recreation of all VMs. Additionally, instances that are not responsive and would result in an error are now recovered instead. See Platform Operator documentation.

Updated

  • all services: Update bpm BOSH release to latest version 1.1.19.
  • a9s Search: Update repository-azure and repository-s3 plugins to latest version 1.3.4.
  • a9s Prometheus: promgraf2 BOSH release now includes:
    • Prometheus 2.38.0
    • Grafana 8.5.10
    • blackbox_exporter 0.22.0
    • bosh_exporter 3.4.0
    • cadvisor 0.45.0
    • elasticsearch_exporter 1.5.0
    • graphite_exporter 0.12.3
    • influxdb_exporter 0.10.0
    • postgres_exporter 0.11.1
    • statsd_exporter 0.22.7
  • a9s Prometheus: prometheus2 BOSH release now includes:
    • Prometheus 2.37.0
    • blackbox_exporter 0.22.0
    • bosh_exporter 3.4.0
    • cadvisor 0.45.0
    • elasticsearch_exporter 1.5.0
    • graphite_exporter 0.12.3
    • influxdb_exporter 0.10.0
    • postgres_exporter 0.11.0
    • statsd_exporter 0.22.7
  • a9s Messaging:
    • a9s Messaging 3.10
      • Erlang 24.3.4.3
      • RabbitMQ 3.10.7
  • a9s MySQL: MariaDB 10.4.26
  • INTERNAL RELEASE a9s Messaging SPI: Consolidate Code of Service Bindings for non-SSL and SSL Plans.

· 6 min read

Fixed

  • a9s Harbor: Fix stop procedure for the consul-master-registrator component when stopping the a9s Harbor service instance.
  • a9s Kubernetes: Fix stop procedure for the consul-master-registrator component when stopping the a9s Kubernetes service instance.
  • a9s MySQL: Fix stop procedure for the consul-master-registrator component when stopping the a9s MariaDB service instance.
  • a9s PostgreSQL: SPI: Allow certificates rotation when certificates are provided via custom parameters. The provided certificates won't be ignored anymore, instead they will be applied on the service instance.
  • a9s Redis: SPI: Allow certificates rotation when certificates are provided via custom parameters. The provided certificates won't be ignored anymore, instead they will be applied on the service instance.
  • a9s Search: SPI: Allow certificates rotation when certificates are provided via custom parameters. The provided certificates won't be ignored anymore, instead they will be applied on the service instance.
  • a9s MongoDB: SPI: Allow certificates rotation when certificates are provided via custom parameters. The provided certificates won't be ignored anymore, instead they will be applied on the service instance.
  • a9s Elasticsearch: SPI: Allow certificates rotation when certificates are provided via custom parameters. The provided certificates won't be ignored anymore, instead they will be applied on the service instance.
  • a9s Messaging: SPI: Allow certificates rotation when certificates are provided via custom parameters. The provided certificates won't be ignored anymore, instead they will be applied on the service instance.
  • all services: a9s BOSH Deployer: Make BOSH director cloud-config request fault tolerant.
  • all services: a9s Backup Agent: Fix issue with the PITR plugin that would not wait for PostgreSQL to fully stop before going ahead restoring the base backup, this caused PostgreSQL to corrupt the base backup and fail to find the required WAL files, causing the operation to get stuck.
  • all services: a9s Service Broker: Ensure the metadata will have all the parameters. Fixes an issue with the a9s Service Dashboard and a9s PostgreSQL service instances that lose the Continuous Archiving view after updating custom parameters.
  • docs: Platform Operator: Fix broken table in the a9s Platform Required Ports documentation. See a9s Platform Required Ports.
  • docs: Application Developer: Fix example for customer-provided Certificates for a Service Instance. See here.
  • docs: Application Developer: Extend documentation explaining how to fork an a9s Messaging service instance with the intention to restore.
  • docs: Platform Operator: Fix curl commands to use JSON formatting on the page anynines Data Services Administrative Tasks. Improve the wording regarding some required params for a restore call.
  • docs: Platform Operator: Fix curl commands to use JSON formatting on the page a9s-pg Backup.
  • INTERNAL RELEASE a9s MySQL: SPI: Improve the certificate generation inside the used library.

Added

  • a9s Backup Manager: Add support for independent certificates for each configured a9s Service Broker. Add ops files to configure the ca and skip_ssl_validation for each service. See ops/tls_configurations/backup-service/add_broker_to_backup_service
  • a9s Backup Manager: Make the a9s Backup Agent job max_attempts property configurable.
  • a9s Dashboard: Add configurable confirmation panel when disabling automatic updates. You can find more information about this in Configure Disable Automatic Update Modal.
  • docs: Application Developer: Extend the a9s SSL/TLS Service Plans documentation to explain how to do certificate rotation for customer-provided certificates. For more information see: Certificate Rotation.
  • docs: Platform Operator: Add information about the a9s Backup Agent job max_attempts property and how to configure it. For more information see a9s Backup Manager.
  • docs: Platform Operator: Extend the TLS configuration documentation to include a step-by-step guide on how to rotate wildcard certificates and their CA. For more information see Common SSL/TLS configuration
  • docs: Application Developer: Add missing contraints for a9s MySQL and a9s Search when using SSL plans. See here for further information.
  • docs: Platform Operator: Add missing documentation on how to use force_certificate_rotation for a9s Redis. See here for further information.
  • docs: Platform Operator: Add missing contraints for a9s Search when configuring TLS. See here for further information. For more information see Common SSL/TLS configuration.
  • INTERNAL RELEASE a9s-pg: Add TLS for the postgresql-backup-endpoint.
  • INTERNAL RELEASE a9s Backup Manager: Add TLS support for the a9s Backup Manager. Create an ops file to configure a9s Backup Manager to support TLS connections.
  • INTERNAL RELEASE a9s Backup Monit: Create an ops file to let the a9s Backup Monit communicate with the a9s Backup Manager via TLS.
  • INTERNAL RELEASE all services: a9s DS API Gateway: Create an ops file to let the a9s DS API Gateway communicate with the a9s Backup Manager via TLS.
  • INTERNAL RELEASE all services: a9s Backup Monit: Update Storage Handler gem to version 1.2.5.

Updated

  • a9s Backup Monit: Ruby 3.0.4. The Ruby bump addresses internal Ruby issues when using the resolv library, which would trigger an infinite loop when creating a random number during host resolution.
  • a9s Messaging: RabbitMQ 3.10.6 and RabbitMQ 3.8.35
  • stemcell: We've tested our release with Ubuntu Bionic stemcell 1.88.
  • a9s PostgreSQL: a9s PostgreSQL 13: Update the repmgr user to a role with less privileges, now it is a normal user that it is able to create replication connections. This change is made for a9s PostgreSQL 13 only as there are operational repmgr impediments for the older versions. We recommend migrating your data from the previous version to the latest version of a9s PostgreSQL 13.
  • a9s Search: OpenSearch 1.3.4
  • all services: a9s Backup Agent: Update the a9s PostgreSQL plugin for logical backups to drop the repmgr database before registering again to ensure the repmgr extension is recreated with the correct owner.
  • all services: SPIs: Ruby 3.0.4 and rack 2.2.4. The Ruby bump addresses internal Ruby issues when using the resolv library, which would trigger an infinite loop when creating a random number during host resolution.
  • all services: Update routing BOSH release to latest version 0.236.0.
  • all services: Update routing BOSH release to latest version 0.237.0.
  • docs: all services: Change the documentation tooling from Zola to Docusaurus. This changes the user interface of our customer facing documentation at https://docs.anynines.com and it will apply to all anynines-deployment versions starting from v31.0.0. For documentation older than v31.0.0 please visit https://legacy-docs.anynines.com
  • docs: all services: Update documentation's markdown files' metadata from Zola standards to Docusaurus standards. This change affects every markdown in our docs folder.
  • addons/mongodbsspl: MongoDB 5.0.10
  • a9s Backup Manager: Create an ops file to use the a9s Backup Manager with OpenStack.
  • a9s Backup Manager: Remove aliyun_oss_location property from ops file It is not used internally and so it can be removed.
  • a9s Backup Manager: Remove the opensearch-backup properties for the backup-on-alicloud ops file and the backup-on-generic-s3 ops file. These properties are not used internally by these backup stores and so they can be removed.

Removed

  • breaking change stemcell: We do not test anymore against Ubuntu Bionic stemcell 1.51 and 1.54.
  • a9s PostgreSQL: Remove PostgreSQL 13 from enable-production-ready-services-only.yml because it's production ready.

· 7 min read

Fixed

  • a9s Backup Manager: Add a meaningful error message for instances that are not provisioned and for which a restoration of a backup has been triggered.
  • a9s Harbor: Fix PostgreSQL cloning during pre-start that would never happen in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s MySQL: Restoring an empty backup didn't delete existing databases. Now all non system databases are going to be deleted before the restore to allow a restore to an empty database.
  • a9s PostgreSQL: Fix PostgreSQL cloning during pre-start that would never happen in environments relying only on BOSH DNS, as DNS resolution is not available during pre-start.
  • a9s Redis: Fix unnecessary downtime during update run.
  • all services: a9s Service Broker: Fix force_update custom parameter while using cf update-service.
  • all services: a9s Backup Agent: Add log file paths for the aliyun, azure and swift plugins.
  • a9s PostgreSQL: Fix the temp_file_limit custom parameter that was not applied to the deployment, and therefore did not take effect.
  • docs: Application Developer: Fix links on the a9s Redis Migration page.
  • INTERNAL RELEASE docs: Application Developer: a9s Elasticsearch: Fix typos in a9s Elasticsearch's documentation and the current header levels. For further details see a9s Elasticsearch.
  • INTERNAL RELEASE docs: Platform Operator: a9s Elasticsearch: Fix typos in a9s Elasticsearch's documentation and the current header levels. For further details see Creating Backups with Elasticsearch on Azure.

Added

  • breaking change a9s-pg: Add property iaas.a9s_pg.network to configure the network name for the a9s-pg deployment. You must add a corresponding entry to your IaaS configuration file. The previous value for this property was dynamic.
  • breaking change consul-dns: Add property iaas.consul.network to configure the network name for the consul-dns deployment. You must add a corresponding entry to your IaaS configuration file. The previous value for this property was static.
  • breaking change a9s Backup Manager: Add property iaas.backup_service.network to configure the network name for the backup-service deployment. You must add a corresponding entry to your IaaS configuration file. The previous value for this property was dynamic.
  • breaking change a9s Service Guard: Add property iaas.service_guard.network to configure the network name for the service-guard deployment. You must add a corresponding entry to your IaaS configuration file. The previous value for this property was dynamic.
  • breaking change a9s Router: Add property iaas.a9s_router.router.network to configure the network name for the a9s-router deployment. You must add a corresponding entry to your IaaS configuration file. The previous value for this property was static.
  • breaking change a9s Billing: Add property iaas.billing.network to configure the network name for the a9s-billing deployment. You must add a corresponding entry to your IaaS configuration file. The previous value for this property was dynamic.
  • breaking change a9s Backup Monit: Add iaas.backup_service.graphite_endpoints property to the IaaS config file to configure the graphite endpoints to stream the backup metrics to. The graphite endpoint was previously configured via the /global_graphite_endpoint property, which was stored in the corresponding CredHub of the BOSH director used.
  • breaking change a9s Backup Monit: Add iaas.backup_service.metrics_prefix property to the IaaS config file to configure the prefix for the graphite compliant metrics emitted by the a9s Backup Monit. The prefix was previously configured via the /<director_name>/backup-service/backup_monit_graphite_endpoint_metrics_prefix property, which was stored in the corresponding CredHub of the BOSH director used.
  • breaking change a9s Messaging: Release a9s Messaging 3.10 Beta Release, see the Upgrade Guide for a9s Messaging 3.10
  • breaking change a9s Harbor: Change vm_type for the instance group broker from nano to small.
  • breaking change a9s Kubernetes: Change vm_type for the instance group broker from nano to small.
  • breaking change a9s MongoDB: Change vm_type for the instance group broker from nano to small.
  • breaking change a9s PostgreSQL: Change vm_type for the instance group broker from nano to small.
  • a9s Search: The first a9s Search 1 Beta Release.
  • a9s Backup Manager: Rename the migrate-encrypted-database-fields errand to migrate-backup-manager-encrypted-database-fields to make its name more specific. Moreover, add the feature to rotate the encryption key for the a9s Service Broker password.
  • a9s Elasticsearch: Add all a9s trust certificates on the Java keytool.
  • a9s Elasticsearch: Add missing variables to manifest, so that all variables that are used inside the manifest are autogenerated, if possible.
  • a9s MongoDB: Add missing variables to manifest, so that all variables that are used inside the manifest are autogenerated, if possible.
  • a9s PostgreSQL: Add missing variables to manifest, so that all variables that are used inside the manifest are autogenerated, if possible.
  • a9s Messaging: Add missing variables to manifest, so that all variables that are used inside the manifest are autogenerated, if possible.
  • a9s Prometheus: Add a9s Search metrics.
  • a9s Redis: Add missing variables to manifest, so that all variables that are used inside the manifest are autogenerated, if possible.
  • docs: Platform Operator: Add information regarding the use of a backup storage with self-signed certificates into the a9s Search documentation, see a9s Search Resources Considerations.
  • docs: Platform Operator: Add information regarding the use of a backup storage with self-signed certificates into the a9s Elasticsearch documentation, see a9s Elasticsearch Resources Considerations
  • docs: Application Developer: Add information regarding the database use and a note specifying the postgres database for administration purposes only. For more details, see Obtain Service Instance Access Credentials.
  • docs: Platform Operator: Add information regarding the database use and reserves the postgres database for administration purposes only. For more details, see The postgres Database.
  • docs: Platform Operator: a9s PostgreSQL: Add temp_file_limit information to the SPI Custom Parameters configuration secton. For more see temp_file_limit.
  • docs: Platform Operator: Add page a9s Messaging SPI Configuration. See a9s Messaging SPI Configuration for more information.
  • docs: Application Developer: Add information about new TLS custom parameters tls-protocols and tls-ciphers. See tls-protocols and tls-ciphers sections for more information.
  • docs: Platform Operator: Add a9s MongoDB and a9s MySQL to the list of Services supporting TLS.
  • docs: Application Developer: Extend the a9s Service Dashboard documentation to include information on the backup duration, that currently includes the time the task is queued. For more information see Perform a Backup.

Updated

  • docs: Platform Operator: Adapt the information from release date to release version in the following columns from the Release Lifecycle documentation:
    • a9s Beta Release
    • a9s Release Candidate For more details, see a9s Data Services Release Lifecycle
  • all services: Update routing BOSH release to latest version 0.235.0.
  • all services: Update bpm BOSH release to latest version 1.1.18.
  • all services: SPIs: Update puma to 4.3.12. Fixes CVE-2022-23634 and CVE-2022-24790.
  • a9s-pg: PostgreSQL 11.16.
  • a9s PostgreSQL: PostgreSQL 10.21, PostgreSQL 11.16 and PostgreSQL 13.7.
  • a9s Harbor: PostgreSQL 10.21.
  • addons/mongodbsspl: MongoDB 5.0.9
  • a9s Messaging:
    • a9s Messaging 3.8
      • RabbitMQ 3.8.34
      • Erlang 23.3.4.15
    • a9s Messaging 3.10
      • RabbitMQ 3.10.5
      • Erlang 24.3.4.2
  • a9s MySQL: MariaDB 10.4.25
  • a9s Prometheus: promgraf2 BOSH release now includes:
    • graphite_exporter 0.12.1
    • influxdb_exporter 0.9.1
    • statsd_exporter 0.22.5
    • Grafana 8.5.6
    • blackbox_exporter 0.21.1
    • memcached_exporter 0.10.1
    • prometheus 2.36.2
  • a9s Prometheus: prometheus2 BOSH release now includes:
    • graphite_exporter 0.12.1
    • influxdb_exporter 0.9.1
    • statsd_exporter 0.22.5
    • blackbox_exporter 0.21.1
    • memcached_exporter 0.10.0
    • prometheus 2.36.2
  • INTERNAL RELEASE all services: a9s Dashboard: a9s SSO Proxy: Update token handling.
  • INTERNAL RELEASE all services: SPIs: Run puma in --daemon mode.

Removed

  • a9s Elasticsearch: Remove obsolete variables from manifest.
  • a9s Messaging: Remove obsolete variables from manifest.
  • a9s Redis: Remove obsolete variables from manifest.
  • all services: Removed all nano plan examples from the config files.
  • all services: Removed ops/README.md.