Skip to content
This repository has been archived by the owner on Sep 21, 2022. It is now read-only.

v31
Compare
Choose a tag to compare
@pcf-core-services-writer pcf-core-services-writer released this 09 Oct 03:59
v31
a3d4269

General Security Improvements

This release focuses on addressing and improving the release to address general
security concerns. Many of the changes improved the logging of components in the
release in which we were logging credentials.

  • Upgrade MariaDB to 10.1.18 [#131653751]
  • Add the wsrep_debug patch to add additional logging levels for MariaDB 10.1 [#130335561]
  • The service broker should not use root credentials to access MySQL [#129985945]
  • route-registrar should stop logging NATS password [#130791609]
  • cf-mysql-broker should not log credentials [#129474883]

Other Improvements

  • Don't prevent trigger creation when the binlog is enabled [#130568959]

    Allows service broker created users to use mysql triggers

  • As an Operator, I'd like to specify a path to an executable to be run when my SST is interrupted. [#131763097]

    Allows the operator to configure the execution of a collocated job when the interruptor is triggered

  • switchboard should only log useful statements at INFO [#131504989]

Community Involvement

  • cloudfoundry/cf-mysql-release #104: Add openstack stub [#118640631]

    • Merged a PR that adds an IaaS override stub for openstack

  • cloudfoundry/cf-mysql-release #127: Specify the cf-mysql-broker ip via manifest [#130726653]

  • The ./update script should work when checked out to a tag [#130536105]

    Note The update script now lives in ./scripts/update to be consistent with other cloudfoundry releases

Bug Fixes

  • galera-healthcheck should respect property to control which user is used to access MySQL [#128922163]

    Previously, the galera-healthcheck process would ignore the manifest property and connect as root

  • plan sizes in manifest stubs for bosh-lite are confusing [#129698189]

    The manifest stubs now accurately reflect the actual size of the default plans in bosh-lite

  • cf_mysql.mysql.galera_healthcheck.db_password does not exist in standalone example stub file [#131179845]

Manifest Changes

  • Add optional cf_mysql.mysql.interrupt_notify_cmd
    • specifies a path to a file to run when the interruptor triggers
  • Add cf_mysql.broker.db_password
    • the password for the service broker to connect to the database with
  • Add optional property cf_mysql.broker.host
    • ip to be registered with the cf router for the broker; defaults to VM ip

Exploration

We have also taken time to find ways to improve the performance and our understanding
of different components in the cluster

  • Explore ways to make the quota enforcer query less prone to blocking the service broker in a cluster with many tables [#131471503]
    • The quota enforcer runs a query that locks the mysql.db table when finding
      violators and reformers. This story investigated why it does this and how we can
      improve it.
Assets 3
Loading