cf-mysql/31
You can find the source of this version on GitHub at cloudfoundry/cf-mysql-release. It was created based on the commit 41fda3be.
Release Notes¶
General Security Improvements
This release focuses on addressing and improving the release to address general
security concerns. Many of the changes improved the logging of components in the
release in which we were logging credentials.
- Upgrade MariaDB to 10.1.18 [#131653751]
- Add the wsrep_debug patch to add additional logging levels for MariaDB 10.1 [#130335561]
- The service broker should not use root credentials to access MySQL [#129985945]
- route-registrar should stop logging NATS password [#130791609]
- cf-mysql-broker should not log credentials [#129474883]
Other Improvements
- Don’t prevent trigger creation when the binlog is enabled [#130568959]
Allows service broker created users to use mysql triggers - As an Operator, I’d like to specify a path to an executable to be run when my SST is interrupted. [#131763097]
Allows the operator to configure the execution of a collocated job when the interruptor is triggered - switchboard should only log useful statements at INFO [#131504989]
Community Involvement
- cloudfoundry/cf-mysql-release #104: Add openstack stub [#118640631]
- Merged a PR that adds an IaaS override stub for openstack
- cloudfoundry/cf-mysql-release #127: Specify the cf-mysql-broker ip via manifest [#130726653]
- The
./updatescript should work when checked out to a tag [#130536105]
Note The update script now lives in ./scripts/update to be consistent with other cloudfoundry releases
Bug Fixes
galera-healthcheckshould respect property to control which user is used to access MySQL [#128922163]
Previously, the galera-healthcheck process would ignore the manifest property and connect as root
- plan sizes in manifest stubs for bosh-lite are confusing [#129698189]
The manifest stubs now accurately reflect the actual size of the default plans in bosh-lite - cf_mysql.mysql.galera_healthcheck.db_password does not exist in standalone example stub file [#131179845]
Manifest Changes
- Add optional
cf_mysql.mysql.interrupt_notify_cmd- specifies a path to a file to run when the interruptor triggers
- Add
cf_mysql.broker.db_password- the password for the service broker to connect to the database with
- Add optional property
cf_mysql.broker.host- ip to be registered with the cf router for the broker; defaults to VM ip
Exploration
We have also taken time to find ways to improve the performance and our understanding
of different components in the cluster
- Explore ways to make the quota enforcer query less prone to blocking the service broker in a cluster with many tables [#131471503]
- The quota enforcer runs a query that locks the mysql.db table when finding
violators and reformers. This story investigated why it does this and how we can
improve it.
Usage¶
You can reference this release in your deployment manifest from the releases section:
- name: "cf-mysql" version: "31" url: "https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=31" sha1: "4f0a66f8e9c0c5ceb639f7a3fcb3d0e01514a31e"
Or upload it to your director with the upload-release command:
bosh upload-release --sha1 4f0a66f8e9c0c5ceb639f7a3fcb3d0e01514a31e \ "https://bosh.io/d/github.com/cloudfoundry/cf-mysql-release?v=31"
Jobs¶
- arbitrator
- bootstrap
- broker-deregistrar
- broker-registrar
- cf-mysql-broker
- mysql
- proxy
- rejoin-unsafe
- smoke-tests
- verify-cluster-schemas
Packages¶
- acceptance-tests
- boost
- bootstrap
- cf-mysql-broker
- cf-mysql-cluster-health-logger
- cf-mysql-common
- cf-mysql-route-registrar
- check
- cli
- cluster-schema-verifier
- galera
- galera-healthcheck
- golang
- gra-log-purger
- mariadb
- mariadb_ctrl
- mysqlclient
- python
- quota-enforcer
- ruby
- scons
- switchboard
- syslog_aggregator
- xtrabackup