Dear Cloud Foundry community,
TL;DR: Bionic stemcells are on their way to GA. Xenial stemcells in open-source will not receive security updates
after the end of April 2021. Act now and test your bosh releases and plan for migrating your systems, we’re doing it as well. Read on for context, open issues and migration caveats.
As part of an earlier mail to the
cf-bosh and cf-dev mailing lists, there was an announcement
around work to create a BOSH stemcell for Ubuntu 18.04 (code-named “Bionic Beaver”).
The background is that Ubuntu 16.04 (code-named “Xenial Xerus”) runs out of standard
support by the end of April 2021. We are already publishing beta versions of Bionic stemcells on bosh.io.
As announced earlier, VMware decided to continue
to support Xenial-based stemcells for their commercial distribution and is therefore transferring all open-source stemcell related work to the community – a team currently staffed by IBM and SAP. We’re stepping in to ensure that there will be a continuously
maintained Bionic stemcell available for the open-source community.
What does this mean for you as users of open-source Cloud Foundry?
You need to plan for switching to Bionic stemcells before the end of April 2021. Xenial stemcells will not get any security related updates after this date!
Test your bosh-releases! We found a few things that needed to be changed in existing releases to make them ready for Bionic – you should do the same
You will get a continuously maintained Bionic stemcell, for which Canonical offers standard support until the end of April 2023
What is the current state?
How do you migrate from Xenial to Bionic?
Upload the new stemcell to your BOSH director in addition to the existing Xenial stemcell
Add the new stemcell to your cloud-config
Update your runtime-config in case you’re using the stemcell key in the
placement rules to ensure addons are installed on the new stemcell as well
Switch the referenced stemcell for each deployment manifest and re-deploy
Deploy bosh itself with the new stemcell. If you’re using bosh-deployment, there are
cpi-specific ops-files for this available
How can you help?
There are a number of ways you can get involved:
Depending on your configuration of Cloud Foundry, the open issues listed above might be blockers for you or not. Please help us prioritizing this with the teams if your
migration to Bionic is blocked by any of these issues by commenting on the issue – except for the garden-runc issue, I’m not aware of any work on resolving them right now
Test your bosh-releases and provide feedback on things that work or don’t. Please note: the fact that you’re finding things we didn’t find in our tests most likely means
that we’re requiring contributions from your side to successfully fix things
Scanning of stemcells (nessus, malware, etc) is something which quite often comes up in certifications. Setting this up in the open-source community would benefit everyone
to check some boxes without investing in their own setup. Any help with getting this done in the community is highly appreciated!
Please reply to this mail on the list and/or send us a message in
#bosh on Cloud Foundry slack. Don’t hesitate to DM me or send me
a mail if you want to reach out privately.
Thanks in advance,