Sep 22, 2017
- Upgrade Notes
Apcera Platform release 3.0.0 is an LTS release with significant platform changes. Before upgrading to this release, be sure to read the upgrade instructions.
The Apcera-provided Terraform modules have been updated, including the retirement of previous generation instance types in favor of new ones (for example,replacing the M3 type with T2 for AWS). Note that these will be destructive changes if you download and use these updated modules to perform the upgrade. The recommendation is to upgrade using your existing Terraform modules and then migrate to the new instance types over time.
If you previously enabled local IPAM (beta) for your 2.6.x installation, you will need to disable local IPAM (by commenting it out) and revert to global IPAM before upgrading to release 3.0.
Apcera Platform release 3.0.0 features a new component store component that improves availability. If you want to migrate from Store 2 to Store 3, you should upgrade the 3.0.0 first, then migrate at a later time.
- Cluster changes
Added container log truncation which prevents logs from growing more than 10MB.
Job Autoscaling added as part of the platform.
Added subnet pools for virtual networks.
Fixed an issue where the JM would incorrectly state a job update contained no changes when certain environment variable changes were made.
Fixed an issue where soft negative scheduling tags were not being applied correctly.
Added new OvS driver for virtual networks.
Integrated with Hashicorp Vault backed by Consul for secure storage of cluster secrets. This first phase of integration stores component keys, database passwords and (optionally) external auth server connection credentials.
Return empty HTML pages on HTTP Router errors. Previously used Apcera-branded pages.
Fixed issue where instance errors could permanently penalize IM and introduce scheduling artifacts.
Added an event message for decreasing a job's instance count. (there was only one for increasing before).
Added the "domain" endpoints for installing, uninstalling and listing (POST, DELETE and GET, respectively) certificates and private-keys for domains on the router.
Added the subnet pool resource for configurable virtual networks. Supports POST, DELETE and GET actions on the resource.
Significantly sped up the /v1/version endpoint.
When updating a job (i.e. PUT /v1/jobs/:uuid:), if there are no changes to the job, you receive an HTTP 200 response with the unmodified job instead of an error.
Added the 'secret' set of endpoints for certificate/secret functionality. Supports POST, GET and DELETE actions for the importation, listing and deletion of secrets/certificates.
- Chef changes
If you have deployed an APCFS high-availability file system, this release will upgrade GlusterFS from version 3.7.8 to version 3.8.12 and Ganesha NFS from version 2.3.0 to version 2.4.5.
Added some missing certificate authorities to the system CA list, requiring for validating connections to some external services signed by those CAs.
Correct typo in splunk-forwarder tag, when untagging.
Deploy, configure and populate Hashicorp Vault. Migrates component keys and database password out of orchestrator/chef database and cluster file system and into Vault.
Orchestrator version updated to 2.0. This version of orchestrator includes Vault support.
Introduce new dynamic taint adjustment options.
Allow for the forced rotation of router http access logs.
Updated Splunk (where used) to version 6.5.3.
Improved 'Downloading' progress message.
Retained CA key and database password between multiple deploys.
Deploy command outputs a warning message if audit logging on Vault cannot be enabled.
Fixed an issue vault status check during deploy.
Enable vault audit logging to syslog.
Fixed an issue in orchestrator agent that causes the agent process to panic.
Fixed an issue in teardown command when machine number cannot be reclaimed.
Reusable valut token is employed to replace one-time use vault token during deploy.
Enabled Consul backend functionality, set comp ACL.
Add secret/encfs to jm and im vault permissions.
Updated the Zabbix token on deploy and refresh commands.
Updated Component secret reliability
Fixed a bug in deploy. Orchestrator does not exit after a Chef error.
Fixed an issue in reclaiming machine number when rescaling cluster down.
Enable Consul secret backend functionality.
Add secret encfs to JM and IM Vault permissions.
Increased IM ID limit to 4096.
Added the ability to store component secrets in vault.
Fixed an issue in log collection.
Fixed an issue in backup command.
Support components revoking already-used tokens.
Removes the refresh-vault-token command and implements the security command.
Added configuration of Vault, including enforcement of cluster passphrase and encryption/decryption of persisted answers.
Fixed chef output log collection issue.
Added multiple commands (apc subnet pool create/delete/list/show) associated with the newly defined subnet pool resource.
apc network createcommand to take in a user specified subnet pool (
Fixed an issue where
apc job listoutput would be indeterministic of a job was an more than one of app
gateway stager pipeline.
Fixed a bug where apc app delete would consider the app name in a manifest file, but not the namespace.
Fixed a bug which caused temporary files to be left on the user's machine after updating APC.
Updated multiple APC commands to consistently use flags -i, –instance-id when specifying an instance id.
Fixed an issue where app deploy –keep-previous=false would not remove the old package if the app was stopped.
Updated APC help for default route naming scheme.
Add ANSI terminal emulation support on Windows for a better experience, especially when connected to a Linux container.
Web Console (9.0.0)
Added new UI for creating routes and mapping routes to jobs.
Added new ability to manage secrets/certificates.
Added UI for configuring job auto-scaling.
Docker launcher UI does not include a curated list of Docker images, in prior releases.
Added the cluster OS version to the Help popup menu.
New API documentation generated from OpenAPI specification.
Updated API documentation to include "v2" endpoints and new API features, including for managing secrets and routes.
API documentation is now auto-generated from the OpenAPI specification.
Added documentation for configuring and managing secret storage and encryption.
Added documentation for managing SSL certificates and keys.
Added documentation for data encryption at rest.
Added new architecture diagram.
Added documentation for configurable networks.
Added documentation for configuring job auto-scaling.