GRR v1.12.1: Someone needs a timeout

Sets a more generous monit timeout (2 minutes) since the startup script could sometimes fail to complete in the default 30 seconds on slow environments

GRR v1.12.0: Don't Quota Me On This

Lots of good stuff in this release, unless you really love trying to guess the right number to set garbage collection thresholds to:

Better Garbage Collection!

Garbage collection of root filesystem layers:

• Now bases the collection threshold on actual downloaded layer sizes plus reserved disk quotas (i.e. it accounts for the maximum amount of actually-used space in the grootfs store).
• Sensibly defaults to the size of the data disk minus a reserved amount for other jobs in the same cell (15GB, by default). If this is lower than the disk size then we run garbage collection on every create, which is the Right Thing To Do in this case (being over threshold does not cause creates to fail, it just causes GC to run).
• Should not require operator interaction to do the Right Thing
• Has lots more documentation here.

Action Required For Existing Consumers: If you are manually setting graph_cleanup_threshold_in_mb you should remove this property to allow garden to calculate the threshold for you. If you would like to specify a different amount of reserved space for other jobs, you can set grootfs.reserved_space_for_other_jobs_in_mb.

Image Management Improvements

• Layers with Opaque Whiteouts are now properly supported. This previously caused a small number of docker images to have empty directories which should not have been empty.
• Grootfs is now used by default in the standalone gdn binary
• Layer sizes are now properly validated in all places
• Fixed support for Azure docker image repositories

Miscellaneous Good Things

• Processes with their own Image and the OverrideContainerLimits field specified can now override cpu and memory limits
• Removed the AllowNetworks property since it never worked (setting it will continue to do nothing, as before- but at least we no longer advertise a property that doesn't do anything)
• Ensured GraceTime works for existing connections (#58)
• Richer errors when a process fails to launch due to the requested binary not being present in the container (useful for e.g. falling back from bash to sh)

GRR v1.11.1: This One Goes To 11.1

This one..

• Bumps runC to fix issue with concurrent creation/deletion of containers (opencontainers/runc#1698)
• Fixes regression on raw:/// rootfs paths support (cloudfoundry/guardian#108)
• Fixes behaviour of SetGraceTime on existing connections (cloudfoundry/garden#58)
• Removes some over-enthusiastic logging of benign errors in groot

GRR v1.11.0: This One Goes To Eleven

UPGRADE NOTE, ADDED 6/3/18: the previous rootfs management code had a bug where it considered compressed layer sizes rather than uncompressed sizes when calculating docker image quota usage. This means after upgrading to this version of garden docker images that used to fit in to quota (due to the bug) may no longer fit in to the same quota size

This release integrates grootfs and makes it the default filesystem manager for garden. You can still opt back in to garden-shed using the deprecated_use_garden_shed property. Grootfs uses overlay+xfs rather than aufs and supports running without root privileges.

Action Required: If you were using the separate grootfs-release, you can now just use this release. cf-deployment users do not need to take any action.

Action Required: If you weren't using grootfs-release please try to combine this deploy with a stemcell update or do a --recreate of your cells to clean up extra space from the old rootfs management code.

Other Noteworthy Changes:

• A number of fixes to grootfs, including fixing a leak in GC and removing an overbroad log line that could lead to passwords being logged.
• Fixes for creating processes with their own root filesystem in privileged containers
• Garden's init process now properly reaps processes. This avoids zombies on more recent kernels.
• Rootless mode is now supported on stemcells with hardened umask settings.

Bosh Property Updates

• As part of merging grootfs in to garden, the grootfs.* properties are now available in this release. Existing garden.* properties related to rootfs management are deprecated but still work to set the corresponding grootfs properties.
• It is now possible to ask for additional DNS entries to be supplied via the additional_host_entries bosh property (#54)

Dependency Updates:

• tar bumped to 1.30
• libnftnl bumped to 1.0.9

GRR v1.10.0: Peas Release Me

• Verified with grootfs-release v0.30.0

Major Changes:

• It is now possible to specify a ProcessSpec.Image. This causes a Process to have its own filesystem view (mount namespace) and base root filesystem. Processes with their own filesystem view share other namespaces (in particular, they share the same network) and resource limits (i.e. cgroups)
• A process can additionally request independent resource limits from the rest of the container by specifying ProcessSpec.OverrideContainerLimits{}.

Limitations:

• Currently it is only possible to use ProcessSpec.Image and ProcessSpec.OverrideContainerLimits with unprivileged containers. This will be fixed in future releases.
• The only currently meaningful values for ProcessSpec.OverrideContainerLimits are nil (share limits with sandbox container - i.e. current behaviour) and Limits{} (opt-out of resource limits for this process). Future releases will add the ability to specify specific, separate memory/cpu limits for processes using this API.
• APIs such as BulkMetrics and Process.Signal may not work immediately after container.Run(ProcessSpec) returns for processes with Image and/or OverrideContainerLimits specified. This will be fixed in future releases.

Other Changes:

• We've lessened the amount of logging we do in BulkMetrics to reduce log volume in large environments
• We're now masking some more places in /proc
• Garden now correctly declares that the bundles it creates are OCI Runtime Spec version 1.0.0 compliant.

GRR v1.9.5: Please Peas Me

• Verified with grootfs-release v0.28.1

Minor and experimental changes (including the start of the "garden peas" track of work) plus a golang bump.

• Bumped go to 1.9.1
• Tightened ownership/permissions of some directories
• Experimental: initial support for "garden peas" -- container processes supplying their own rootfs (but sharing namespaces/cgroups with a sandbox container)
• Experimental: uid range in rootless mode now starts at 65536 to avoid any container uid overlapping any regular bosh user id.

Bosh Property Changes

• provides a rootless_link so that co-located plugin releases (e.g. grootfs-release) can auto-configure rootless mode

GRR v1.9.4: The Sisyphus Cgroup

• Verified with grootfs-release v0.26.0

The release mounts the container's cgroups at /sys/fs/cgroup inside the container, in read-only mode, to allow containers to introspect their resource limits and usage.

Additionally, the permissions and ownership of /var/vcap/data/garden have been hardened to work as securely as possible in combination with umask hardened stemcells.

GRR v1.9.3: Patch me if you can

• Verified with grootfs-release v0.25.0

Minor changes:

• some updates to the experimental windows job
• bumped go version to 1.9
• bosh release now generated (hopefully) with a sha256 digest
• garden now returns a specific ProcessNotFound error when attaching to a process which doesn't exist
• under the covers, work to be able to run without root in real environments is nearing completion

GRR v1.9.2: We did a patch release

• Verified with grootfs-release v0.24.0

Patch release with some bug fixes and some API changes for experimental image and runtime plugins. This release also includes substantial updates for the new rootfs+layer image scheme and the rootless mode which are both still considered undocumented and experimental.

Noteworthy Bug Fixes

• Previously if the container crashed before the network was configured a pid of zero could be passed to the network plugin resulting in confusing error messages (https://www.pivotaltracker.com/story/show/150078138).
• It is now possible to use bind mounts that have a MNT_SHARED propagation type. This would previously be overriden by runc which was a change of behaviour from garden-linux and broke attached disks in bosh-lite (https://www.pivotaltracker.com/story/show/149995674).

Updates to Experimental Features

• A new preloaded+layer:// scheme for the ContainerSpec.Image property allows a client to request a droplet layer be added to the rootfs in the create call (rather than via a separate StreamIn call). This allows the final rootfs to be pre-created via copy-on-write in the layered filesystem rather than by extracting the droplet tarball in to a running container. (Note: this API is currently experimental and subject to change).
• The Experimental Rootless Mode is nearing completion and now supports limiting cpu and memory usage for created containers.
• Numerous updates have been made to the windows job to enable Garden-on-Windows support
• Garden now reports metrics for StreamIn and Create to aid in debugging performance of image plugins (https://www.pivotaltracker.com/story/show/149914457).

Bosh Property Changes

• Garden's default port-pool range now starts from 61001 rather than 60000 to avoid colliding with the top of the ephemeral port range. This reduces the number of ports in the pool to 4534 but avoids potential conflicts with OS-assigned ports. Operators can use the garden.port_pool.start and garden.port_pool.size properties to change this range (https://www.pivotaltracker.com/story/show/117415775).

GRR v1.9.0: Private Registry Reporting For Duty

• Verified with grootfs-release v0.20.0

Resolves a problem where after multiple invocations of Attach some output would be lost. Also fixes private image support for various non-docker docker registries.

Major Fixes:

• Fixes calls to the docker /v2 endpoints, this was previously breaking support for private images in various registries ECR (AWS EC2 Container Registry), GCR (Google Container Registry) and JFrog Artifactory.
• Multiple invocations of Attach no longer lose output (#144412999 )

Minor Fixes:

• http_proxy property is now properly escaped (#147667115)
• Less noisy logging on start (#146489225)

Changed Bosh Properties:

• The http_proxy property is now properly escaped before being used (#147667115)
• The garden_windows job now exposes various new flags (we will start listing these when Windows is officially supported).