Skip to content

Releases: EngineerBetter/control-tower

control-tower 0.12.3

30 Jul 18:26
@EngineerBetterCI EngineerBetterCI
0.12.3
050431b
Compare
Choose a tag to compare
control-tower 0.12.3

Concourse 6.4.0

Also contains a fix for a bug that would prevent commands like control-tower info from working on AWS when there are multiple "All traffic" rules on the director security group even if the machine running the command is whitelisted #70. Thanks to @davajdosvidaniya for the PR.

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.258) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.12.2

15 Jun 16:41
@EngineerBetterCI EngineerBetterCI
0.12.2
dce2088
Compare
Choose a tag to compare
control-tower 0.12.2
  • Bumps the version of Concourse from 6.0.0 to 6.3.0 (See Concourse release notes for the list of changes including rate limiting resource checks and improved authentication with fly
  • Bumps the version of UAA from 74.17.0 to 74.21.0
  • Bumps bosh-google-kvm-ubuntu-xenial-go_agent stemcell (used for Bosh Director and Concourse) from 621.71 to 621.75

⚠️ The format of fly authentication token was changed in Concourse 6.0.1. After you have upgraded to this version of Control Tower, please first log out with fly to get rid of the old, incompatible tokens, then fly sync -c <concourse-url> to upgrade fly and then log in as usual. More info here ⚠️

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.238) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.12.1

28 Apr 08:47
@EngineerBetterCI EngineerBetterCI
0.12.1
dce2088
Compare
Choose a tag to compare
control-tower 0.12.1
  • Deploys 74.17.0 of UAA
  • Bumps the version of bosh-dns from 1.10 to the latest (1.21).

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.227) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.12.0

21 Apr 16:50
@EngineerBetterCI EngineerBetterCI
0.12.0
dce2088
Compare
Choose a tag to compare
control-tower 0.12.0

This release deploys Concourse 6.0.0

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.220) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.11.0

21 Apr 07:45
@EngineerBetterCI EngineerBetterCI
0.11.0
84fb83c
Compare
Choose a tag to compare
control-tower 0.11.0
  • Adds a --enable-global-resources boolean flag to the deploy command to enable Global Resources (an experimental feature as of Concourse v.5.0.0)

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.218) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.10.0

04 Feb 17:42
@EngineerBetterCI EngineerBetterCI
0.10.0
87f551c
Compare
Choose a tag to compare
control-tower 0.10.0
  • Deploys the documented versions of the Director Stemcell, bosh, bpm, bosh-google-cpi and bosh-aws-cpi, which has not been the case in prior releases (see below).

Skip to the bottom for included versions.

Misreported Versions

Oops. We discovered a bug whereby BOSH-related dependencies were not being updated, but were being reported as changed in the release notes generator.

This means that the director stemcell and the bosh, bpm, bosh-google-cpi, and bosh-aws-cpi were not being updated properly for at least the last year, and so the release notes have not been correct for these items. All the other components (those used in Concourse itself) are correct in the release notes.

As a result this release contains the following updates:

component old version new version
bosh-google-kvm-ubuntu-xenial-go_agent 97.12 621.51
bosh 268.5.0 270.11
bpm 0.12.3 1.1.6
bosh-google-cpi 27.0.1 30.0.0
bosh-aws-xen-hvm-ubuntu-xenial-go_agent 170.9 621.51
bosh-aws-cpi 73 81

The versions listed in the release notes will be correct going forward.

⚠️ Attention manually-upgrading GCP users ⚠️

The below issue won't occur if the upgrade is done by the self-update pipeline since that deploy runs in a new container.

If you are updating to this version manually and you encounter an error during CPI compilation similar to:

Installing CPI:
  Compiling job package dependencies for installation:
    Compiling job package dependencies:
      Compiling package:
        Running command: 'bash -x packaging', stdout: 'go build -mod=vendor -ldflags="-X bosh-google-cpi/google/config.cpiRelease=`cat release 2>/dev/null`" -o out/cpi bosh-google-cpi/main
Makefile:5: recipe for target 'build' failed
...
+ cd /root/.bosh/installations/d01b611e-4988-446e-73eb-fde1bb58e704/tmp/bosh-release-pkg584323452/bosh-google-cpi
+ make build
# runtime
../../../packages/golang/src/runtime/map.go:65:2: bucketCntBits redeclared in this block

Then you can resolve it by deleting ~/.bosh/installations/* on your local machine then running the deploy again.

We think the problem is that our large version jump of the Google CPI effectively bumps its version of Golang from 1.8 to 1.12. The error above appears to be related to having parts of different versions of Go on the path. Our best guess is that the previously compiled Golang package in the ~/.bosh directory doesn't play nice with the newer release.

Deploys (really, it does now):

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.204) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.9.1

29 Jan 13:53
@EngineerBetterCI EngineerBetterCI
0.9.1
48d7b2f
Compare
Choose a tag to compare
control-tower 0.9.1
  • Long-overdue stemcell bumps
  • Deploy now invites folks to answer our survey so EngineerBetter can understand how Control Tower is used.

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.203) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.9.0

10 Jan 14:51
@EngineerBetterCI EngineerBetterCI
0.9.0
d0832d7
Compare
Choose a tag to compare
control-tower 0.9.0
  • Deploys Concourse 5.8.0
  • Fixes an important AWS RDS issue (see below)

Important notes for AWS users:

  • All AWS deployments must upgrade to this release by 5th February 2020, or your deployment will cease to function.
  • This release trusts the 2019 AWS RDS CA certificate.
  • Releases of the Control Tower binary prior to this will not be able make new deployments as of 14th January 2020.

On 5th February, AWS will begin to update RDS instances to use certificates signed by a new CA certificate. This new CA is not trusted by older versions of Control Tower. The new CA is trusted by this latest release. If you do not update to this latest release, stuff will break. If you do not update, then when AWS updates your RDS instance, your Control Tower VMs will not be able to communicate with the RDS database as the database will present a TLS certificate that is signed by a CA that the older version of Control Tower do not recognise.

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.191) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.8.3

14 Oct 10:55
@EngineerBetterCI EngineerBetterCI
0.8.3
297c326
Compare
Choose a tag to compare
control-tower 0.8.3

This release contains a number of bug fixes. Sorry for the delay in getting it out - we've been very busy recently at EngineerBetter.

  • Reworked how we determine hosted zone/record prefixes which should resolve #32
  • Changed AWS Name tags to have a capital N for consistency thanks to a PR (#42) from @scarytom
  • Fixed a bug with bucket name resolution when using namespaces thanks to a PR (#45) from @gramidt

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.154) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading

control-tower 0.8.2

30 Aug 12:51
@EngineerBetterCI EngineerBetterCI
0.8.2
82cf357
Compare
Choose a tag to compare
control-tower 0.8.2

AWS fixes:

  • When calling control-tower info we do a check to see if your IP address is whitelisted for ports 22, 6868, and 25555 as these are needed for the command to work. Previously having an "All traffic" allow rule for your IP resulted in a segfault and having a port range (i.e. what you get from "All TCP") would erroneously say you weren't whitelisted. These cases now work as expected.
  • In 0.8.1 we fixed an issue where the web vm wasn't being put on the static IP allocated for it in the Cloud Config. We discovered that in some cases the AWS NAT Gateway sits on the 7th IP of the public subnet which clashed with the web. As a result we now put the web vm on the 8th IP again on AWS (except this IP is now defined as static in the Cloud Config).

Deploys:

AWS

GCP

Note to build locally you will need to clone control-tower-ops (version 0.0.122) to the same level as control-tower to get the required manifests and ops files.

Assets 4
Loading