bosh/256

New Features: - Enabled auditd on stemcells to satisfy several STIG requirements - Configured audisp syslog plugin to redirect auditd logs to local syslog - Hardened variety of OS configurations according to STIGS - See label:“medium:phase1” and label:“stig” in Tracker for more details - Example: Lock user account after 5 failed login attempts - Added director.log_access_events_to_syslog property (defaults to false) to enable Director to log all access to its API - Confirmed to work with syslog-release colocated on the Director VM - Access events are logged in common event format (CEF) under ‘vcap.bosh.director’ syslog topic - Added director.events.record_events property to automatically record high level deployment events - Exposed via bosh events command - Added director.flush_arp property (defaults to false) to enable aggressive ARP flushing - Especially useful on AWS since AWS disable gratuitous ARP messages - In summary, Director sends delete_arp_entries to all the Agents managed by the Director when new VMs come up - Switched to using delayed job instead of Resque for managing Director tasks - Warning: make sure to update your Director manifest (used with bosh-init) to remove mentions of redis. - Show start and end time for tasks via bosh tasks - Allow manual link configuration in the deployment manifest - Useful for when link provider is not a job in the Director - Include id, name and created_at when making set_vm_metadata CPI call - This information should aide discovery of VMs in the IaaS

Improvements: - Switched to using s3cli when Director is configured to use S3 blobstore - Agent has been using s3cli to access blobstore, so this change makes behaviour more consistent - Add instance.bootstrap indicator for instances in a link - Why: when looping through instances included in a link sometimes it’s necessary to know first instance - Allow job level properties for addons making property namespacing unnecessary - We have upcoming bosh-init change that adds support for this as well - Return better YAML error message for invalid manifest, cloud config, and runtime config files - Exposed blobstore.nginx.workers property to increase number of Nginx workers for local blobstore - Requested by one of the teams with large enough releases/packages that slowed down blobstore access - Stopped attempting to recreate VM when vSphere was not able to create disk in a datastore - Bumped CentOS 7.x packages - Also include dev_tools_file_list.txt in the stemcell tarball to easily identify which files will be removed by the Agent - Optimally order the files inside compiled release tarballs when using bosh export release

Fixes: - Possible conflicting SHA1 when finalizing release via bosh finalize release - Before this fix, issue was typically resolved by looking up correct SHA1 from .final_builds directory - Fixed removal of dev tools on CentOS stemcells - Backfill stemcells’ operating_system field for existing stemcells that do not have it - Necessary for working with compiled packages - Ignore snapshot when VM is missing

Dev: - Added BOSH_FINAL_RELEASE_VERSION env var in bosh-dev for Jenkins compatiblity - Include grub configuration in warden stemcell to make them more consistent - Bumped eventmachine to 1.0.4, sequel (3.43 -> 4.32.0), sqlite3 (1.3.10 -> 1.3.11), datadog_api (1.21)

This release includes 3232 stemcell series.