Update regarding Bionic Stemcells
Dear Cloud Foundry community,
TL;DR: Bionic stemcells are on their way to GA. Xenial stemcells in open-source will not receive security updates after the end of April 2021. Act now and test your bosh releases and plan for migrating your systems, we’re doing it as well. Read on for context, open issues and migration caveats.
As part of an earlier mail to the cf-bosh and cf-dev mailing lists, there was an announcement around work to create a BOSH stemcell for Ubuntu 18.04 (code-named “Bionic Beaver”). The background is that Ubuntu 16.04 (code-named “Xenial Xerus”) runs out of standard support by the end of April 2021. We are already publishing beta versions of Bionic stemcells on bosh.io.
As announced earlier, VMware decided to continue to support Xenial-based stemcells for their commercial distribution and is therefore transferring all open-source stemcell related work to the community – a team currently staffed by IBM and SAP. We’re stepping in to ensure that there will be a continuously maintained Bionic stemcell available for the open-source community.
What does this mean for you as users of open-source Cloud Foundry?
- You need to plan for switching to Bionic stemcells before the end of April 2021. Xenial stemcells will not get any security related updates after this date!
- Test your bosh-releases! We found a few things that needed to be changed in existing releases to make them ready for Bionic – you should do the same
- You will get a continuously maintained Bionic stemcell, for which Canonical offers standard support until the end of April 2023
What is the current state?
- Since cf-deployment version 16.5.0, version 0.18 of the Bionic stemcell has passed the regular cf-deployment CATS pipeline using the available ops-file
- There are some open issues on open-source projects, namely garden-runc-release, nfs-volume-release, backup-and-restore-sdk-release, smb-volume-release, syslog-release
- SAP is currently rolling out the most recent Bionic stemcell in their own staging environments. Diego cells still run on Xenial due to above issue in garden-runc-release, though
- Once this is fixed (and if we don’t encounter additional unexpected issues), the ‘beta’ label will be removed and we will work towards promoting the ops-file currently marked as ‘experimental’ to the default in cf-deployment
- Similarly, we’ll work towards making Bionic the default for bosh-deployment
How do you migrate from Xenial to Bionic?
- Upload the new stemcell to your BOSH director in addition to the existing Xenial stemcell
- Add the new stemcell to your cloud-config
- Update your runtime-config in case you’re using the stemcell key in the placement rules to ensure addons are installed on the new stemcell as well
- Switch the referenced stemcell for each deployment manifest and re-deploy
- Deploy bosh itself with the new stemcell. If you’re using bosh-deployment, there are cpi-specific ops-files for this available
How can you help?
There are a number of ways you can get involved:
- Depending on your configuration of Cloud Foundry, the open issues listed above might be blockers for you or not. Please help us prioritizing this with the teams if your migration to Bionic is blocked by any of these issues by commenting on the issue – except for the garden-runc issue, I’m not aware of any work on resolving them right now
- Test your bosh-releases and provide feedback on things that work or don’t. Please note: the fact that you’re finding things we didn’t find in our tests most likely means that we’re requiring contributions from your side to successfully fix things
- Scanning of stemcells (nessus, malware, etc) is something which quite often comes up in certifications. Setting this up in the open-source community would benefit everyone to check some boxes without investing in their own setup. Any help with getting this done in the community is highly appreciated!
Please reply to this mail on the list and/or send us a message in #bosh on Cloud Foundry slack. Don’t hesitate to DM me or send me a mail if you want to reach out privately.
Thanks in advance,
|1 - 1 of 1|