Update to cloudfoundry/bosh-deployment@c8698ef

bosh-deployment/README.md

@@ -73,23 +73,39 @@ Other releases such as [UAA](https://github.com/cloudfoundry/uaa-release), [Cred
 - `local-dns.yml`: Enables Director DNS beta functionality
 - `misc/config-server.yml`: Deploys config-server (see `credhub.yml`)
 - `misc/proxy.yml`: Configure HTTP proxy for Director and CPI
+- `misc/dns.yml`: Configure your upstream DNS (NOTE: by default bosh-deployment uses Google DNS: 8.8.8.8)
+- `misc/ntp.yml`: Configure your NTP Servers (NOTE: by default bosh-deployment uses Google NTP servers: time{1-4}.google.com
 - `runtime-configs/syslog.yml`: Runtime config to enable syslog forwarding
 
 See [tests/run-checks.sh](tests/run-checks.sh) for example usage of different ops files.
 
+### Runtime Config Files
+
+The director can optionally add configuration to all VMs in all deployments. The YAML defines an IaaS agnostic configuration that applies to all deployments. (See [Director Runtime Config](https://bosh.io/docs/runtime-config/).)
+
+- `dns.yml`: Install bosh defined dns release in every deployed VM. This allows bosh VMs to use the VM name as a FQDN. *It is extremely common for deployments require this addon*. (eg concourse-ci with UAA). For more information see [Native DNS Support](https://bosh.io/docs/dns/).
+- `bpm.yml`: Install bosh process manager on every VM (see [BPM-Release](https://github.com/cloudfoundry/bpm-release))
+- `syslog.yml`: Install a syslog forwarder agent in every VM.
+
+Runtime config files are applied after bosh director has been deployed:
+```
+bosh -n -e bosh-1 update-runtime-config bosh-deployment/runtime-configs/dns.yml
+```
+
+See [runtime-configs/](runtime-configs/) for examples of different runtime configs.
+Other uses include installation of prometheus exporters, os-conf (to modify os level configurations), virus scanning, compliance agents.
+
 ### Security Groups
 
 Please ensure you have security groups setup correctly. i.e:
 
 ```
 Type                 Protocol Port Range  Source                     Purpose
-SSH                  TCP      22          <IP you run bosh CLI from> SSH (if Registry is used)
 Custom TCP Rule      TCP      6868        <IP you run bosh CLI from> Agent for bootstrapping
 Custom TCP Rule      TCP      25555       <IP you run bosh CLI from> Director API
 Custom TCP Rule      TCP      8443        <IP you run bosh CLI from> UAA API (if UAA is used)
 Custom TCP Rule      TCP      8844        <IP you run bosh CLI from> CredHub API (if CredHub is used)
 SSH                  TCP      22          <((internal_cidr))>        BOSH SSH (optional)
 Custom TCP Rule      TCP      4222        <((internal_cidr))>        NATS
 Custom TCP Rule      TCP      25250       <((internal_cidr))>        Blobstore
-Custom TCP Rule      TCP      25777       <((internal_cidr))>        Registry if enabled
 ```

bosh-deployment/alicloud/cpi.yml

@@ -3,15 +3,15 @@
   type: replace
   value:
     name: bosh-alicloud-cpi
-    sha1: 4a21b34b67bd14f8ef01799fe9edf8cec0c5ba97
-    url: https://github.com/cloudfoundry/bosh-alicloud-cpi-release/releases/download/v49.0.0/bosh-alicloud-cpi-release-49.0.0.tgz
-    version: 49.0.0
+    sha1: cdb04d0a6ff6947fc6f7ece106fd65c49d960179
+    url: https://github.com/cloudfoundry/bosh-alicloud-cpi-release/releases/download/v51.0.0/bosh-alicloud-cpi-release-51.0.0.tgz
+    version: 51.0.0
 - name: stemcell
   path: /resource_pools/name=vms/stemcell?
   type: replace
   value:
-    sha1: 00b698a285e149f3ace12a2f6e5f6a6858cc3e94
-    url: https://bosh-alicloud-light-stemcells-cn.oss-cn-hangzhou.aliyuncs.com/light-bosh-stemcell-1.439-alicloud-kvm-ubuntu-jammy-go_agent.tgz
+    sha1: 77863ab6c915a893a18ae7aca67d64d9d42d730b
+    url: https://bosh-alicloud-light-stemcells-cn.oss-cn-hangzhou.aliyuncs.com/light-bosh-stemcell-1.621-alicloud-kvm-ubuntu-jammy-go_agent.tgz
 - path: /resource_pools/name=vms/cloud_properties?
   type: replace
   value:

bosh-deployment/aws/cpi.yml

@@ -3,15 +3,15 @@
   type: replace
   value:
     name: bosh-aws-cpi
-    sha1: 34691190b0ed5c5f81ddc051aa899f20102a5dc2
-    url: https://bosh.io/d/github.com/cloudfoundry/bosh-aws-cpi-release?v=104
-    version: 104
+    sha1: 0ac6ba198e1956af43480f0cf12629b28c38cc29
+    url: https://bosh.io/d/github.com/cloudfoundry/bosh-aws-cpi-release?v=105
+    version: 105
 - name: stemcell
   path: /resource_pools/name=vms/stemcell?
   type: replace
   value:
-    sha1: 7dcc086ee9cb803e40ec4011e4555078d634e651
-    url: https://storage.googleapis.com/bosh-aws-light-stemcells/1.439/light-bosh-stemcell-1.439-aws-xen-hvm-ubuntu-jammy-go_agent.tgz
+    sha1: ad86a75f53803d140f40c282e39a7a44391bc37e
+    url: https://storage.googleapis.com/bosh-aws-light-stemcells/1.621/light-bosh-stemcell-1.621-aws-xen-hvm-ubuntu-jammy-go_agent.tgz
 - path: /resource_pools/name=vms/cloud_properties?
   type: replace
   value:

bosh-deployment/azure/cpi.yml

@@ -3,15 +3,15 @@
   type: replace
   value:
     name: bosh-azure-cpi
-    sha1: c516559c248562854e89a22f37fd163b079b7d8f
-    url: https://bosh.io/d/github.com/cloudfoundry/bosh-azure-cpi-release?v=49.0.0
-    version: 49.0.0
+    sha1: 1201a31572f0b8485f2320750bf5ed261da29ece
+    url: https://bosh.io/d/github.com/cloudfoundry/bosh-azure-cpi-release?v=50.0.0
+    version: 50.0.0
 - name: stemcell
   path: /resource_pools/name=vms/stemcell?
   type: replace
   value:
-    sha1: 462c9d8c1106abceb9aeac62a14e40ebb3be3cc1
-    url: https://storage.googleapis.com/bosh-core-stemcells/1.439/bosh-stemcell-1.439-azure-hyperv-ubuntu-jammy-go_agent.tgz
+    sha1: a603f401e326a04e3c87f6ee8f682d81ce3db3a0
+    url: https://storage.googleapis.com/bosh-core-stemcells/1.621/bosh-stemcell-1.621-azure-hyperv-ubuntu-jammy-go_agent.tgz
 - path: /resource_pools/name=vms/cloud_properties?
   type: replace
   value:

bosh-deployment/bbr.yml

@@ -3,9 +3,9 @@
   type: replace
   value:
     name: backup-and-restore-sdk
-    sha1: 67b53a0c959aee164cacc09607d345b199e1d518
-    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/backup-and-restore-sdk-1.19.14-ubuntu-jammy-1.439-20240507-220022-117270229-20240507220024.tgz
-    version: 1.19.14
+    sha1: a4890bba37c3c6e26cbc3545163aeab7a692b563
+    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/backup-and-restore-sdk-1.19.36-ubuntu-jammy-1.621.tgz
+    version: 1.19.36
 - path: /instance_groups/name=bosh/jobs/-
   type: replace
   value:

bosh-deployment/bosh-lite-docker.yml

@@ -3,8 +3,8 @@
   type: replace
   value:
     name: bosh-docker-cpi
-    sha1: f628d47e22c612aeab184d5463424f5af5e215f0
-    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-docker-cpi-0.0.13-ubuntu-jammy-1.439-20240507-215622-372374429-20240507215623.tgz
+    sha1: d07ec44667c8254cfa0fba064ebffb22f14cdbf0
+    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-docker-cpi-0.0.13-ubuntu-jammy-1.621.tgz
     version: 0.0.13
 - path: /releases/-
   type: replace

bosh-deployment/bosh-lite.yml

@@ -3,16 +3,16 @@
   type: replace
   value:
     name: garden-runc
-    sha1: c612984492a62b0342d960bb999b6d3d4e177bc6
-    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.52.0-ubuntu-jammy-1.439-20240507-220104-843105182-20240507220109.tgz
-    version: 1.52.0
+    sha1: b74b9b2ea41b04e334a5bbb942a2a2653b32b2b3
+    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/garden-runc-1.57.0-ubuntu-jammy-1.621.tgz
+    version: 1.57.0
 - path: /releases/-
   release: bosh-warden-cpi
   type: replace
   value:
     name: bosh-warden-cpi
-    sha1: fe500566507544b5055dc899a544ebaae70d6d8b
-    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-warden-cpi-44-ubuntu-jammy-1.439-20240507-215205-813380076-20240507215207.tgz
+    sha1: 1f53fa56fd372e2e2383cec3a560b442f878cda0
+    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-warden-cpi-44-ubuntu-jammy-1.621.tgz
     version: 44
 - path: /instance_groups/name=bosh/jobs/-
   type: replace

bosh-deployment/bosh.yml

@@ -144,13 +144,13 @@ networks:
   type: manual
 releases:
 - name: bosh
-  sha1: f1037d820e8ca95a6cafbcf960e5fe60a08846cc
-  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-280.0.23-ubuntu-jammy-1.439-20240507-220907-148982428-20240507220908.tgz
-  version: 280.0.23
+  sha1: e2452aa0d02713303c74e5bdde8b64aba23292a2
+  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-280.1.9-ubuntu-jammy-1.621.tgz
+  version: 280.1.9
 - name: bpm
-  sha1: e7367480526938da89807efafd671c3df1c20418
-  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bpm-1.2.19-ubuntu-jammy-1.439-20240507-215357-108905653-20240507215358.tgz
-  version: 1.2.19
+  sha1: 4c93ea118fce40ec46dda83569f56bb6d8d809d0
+  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bpm-1.4.1-ubuntu-jammy-1.621.tgz
+  version: 1.4.1
 resource_pools:
 - env:
     bosh:

bosh-deployment/credhub.yml

@@ -3,9 +3,9 @@
   type: replace
   value:
     name: credhub
-    sha1: 38d8cd7073d51265635903a95c2d6177385283d9
-    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/credhub-2.12.73-ubuntu-jammy-1.439-20240507-215546-800819645-20240507215548.tgz
-    version: 2.12.73
+    sha1: 3c413e5fd17c8bd78f9bd544abecec1990bab4db
+    url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/credhub-2.12.93-ubuntu-jammy-1.621.tgz
+    version: 2.12.93
 - path: /instance_groups/name=bosh/jobs/-
   type: replace
   value:

bosh-deployment/docker/cpi.yml

@@ -10,8 +10,8 @@
   path: /resource_pools/name=vms/stemcell?
   type: replace
   value:
-    sha1: 70bad9e3c0097557946dff358bc6a22f8de50d33
-    url: https://storage.googleapis.com/bosh-core-stemcells/1.439/bosh-stemcell-1.439-warden-boshlite-ubuntu-jammy-go_agent.tgz
+    sha1: 197b08e2dac363ff02e5327f33082e0363bf5137
+    url: https://storage.googleapis.com/bosh-core-stemcells/1.621/bosh-stemcell-1.621-warden-boshlite-ubuntu-jammy-go_agent.tgz
 - path: /networks/name=default/subnets/0/cloud_properties?
   type: replace
   value:

bosh-deployment/experimental/registry-db-enable-tls.yml

@@ -1,6 +0,0 @@
-- type: replace
-  path: /instance_groups/name=bosh/properties/registry/db/tls?
-  value:
-    enabled: true
-    cert:
-      ca: ((db_ca))

bosh-deployment/gcp/cpi.yml

@@ -3,15 +3,15 @@
   type: replace
   value:
     name: bosh-google-cpi
-    sha1: 081b0aa7ad1c3ce5d0ffd83580217256b8e6e73c
-    url: https://bosh.io/d/github.com/cloudfoundry/bosh-google-cpi-release?v=49.0.18
-    version: 49.0.18
+    sha1: 9c80c70b826ed40935cfcaed2d8fa576737fa9b0
+    url: https://bosh.io/d/github.com/cloudfoundry/bosh-google-cpi-release?v=50.0.5
+    version: 50.0.5
 - name: stemcell
   path: /resource_pools/name=vms/stemcell?
   type: replace
   value:
-    sha1: 9d5ae478a1c6ebe3f4d79115f45fcb9b4d6445f7
-    url: https://storage.googleapis.com/bosh-gce-light-stemcells/1.439/light-bosh-stemcell-1.439-google-kvm-ubuntu-jammy-go_agent.tgz
+    sha1: 7f794d8368cb592bd0e7de581e6940796f4de8b2
+    url: https://storage.googleapis.com/bosh-gce-light-stemcells/1.621/light-bosh-stemcell-1.621-google-kvm-ubuntu-jammy-go_agent.tgz
 - path: /resource_pools/name=vms/cloud_properties?
   type: replace
   value:

bosh-deployment/jumpbox-user.yml

@@ -3,9 +3,9 @@
   type: replace
   value:
     name: os-conf
-    sha1: daf34e35f1ac678ba05db3496c4226064b99b3e4
-    url: https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=22.2.1
-    version: 22.2.1
+    sha1: 0f88a29315d8d9f900bb30a81c0eaf6d34a61639
+    url: https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=22.3.0
+    version: 22.3.0
 - path: /instance_groups/0/properties/director/default_ssh_options?/gateway_user
   type: replace
   value: jumpbox

bosh-deployment/local-dns.yml

@@ -1,3 +1,7 @@
-# Now default in bosh.yml.
-# This ops-file is temporarily here for backwards compatibility
+# This file was used to enable the local_dns feature of bosh.
+# bosh dns is now the default in bosh.yml.
+#
+# This ops-file is temporarily here for backwards compatibility to ensure no pipelines are broken.
+#
+# To configure your upstream DNS provider please use the misc/dns.yml ops file to override the default (Google DNS).
 ---

bosh-deployment/misc/external-db.yml

@@ -19,13 +19,3 @@
     password: ((external_db_password))
     adapter: ((external_db_adapter))
     database: ((external_db_name))
-
-- type: replace
-  path: /instance_groups/name=bosh/properties/registry?/db
-  value:
-    host: ((external_db_host))
-    port: ((external_db_port))
-    user: ((external_db_user))
-    password: ((external_db_password))
-    adapter: ((external_db_adapter))
-    database: ((external_db_name))

bosh-deployment/misc/ipv6/bosh.yml

@@ -31,3 +31,11 @@
 - type: replace
   path: /instance_groups/name=bosh/properties/agent/env/bosh/blobstores/0/options/endpoint
   value: "http://[((internal_ip))]:25250"
+
+- type: replace
+  path: /instance_groups/name=bosh/properties/nats/address
+  value: "[((internal_ip))]"
+
+- type: replace
+  path: /resource_pools/name=vms/env/bosh/ipv6?/enable?
+  value: true

bosh-deployment/misc/source-releases/bbr.yml

@@ -3,6 +3,6 @@
   type: replace
   value:
     name: backup-and-restore-sdk
-    sha1: b4697d86afe02b68bc1ea35ba91a6ff7762517ae
-    url: https://bosh.io/d/github.com/cloudfoundry-incubator/backup-and-restore-sdk-release?v=1.19.14
-    version: 1.19.14
+    sha1: 817a1c6ad5d23a5adea1ada52bfa13543392a11b
+    url: https://bosh.io/d/github.com/cloudfoundry-incubator/backup-and-restore-sdk-release?v=1.19.36
+    version: 1.19.36

bosh-deployment/misc/source-releases/bosh.yml

@@ -3,14 +3,14 @@
   type: replace
   value:
     name: bosh
-    sha1: bcd3bc5958275d74d5246c166ad908683a507529
-    url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=280.0.23
-    version: 280.0.23
+    sha1: 6792ac12b59d3a14352ae37b66eb6bdfb35516c1
+    url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=280.1.9
+    version: 280.1.9
 - path: /releases/name=bpm?
   release: bpm
   type: replace
   value:
     name: bpm
-    sha1: 8052def173f1e1d87dcbbce353dd2e6d1df96177
-    url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.2.19
-    version: 1.2.19
+    sha1: 1d2f22a5d024cb34f6d7d2da3f1ee95e4a8cdd61
+    url: https://bosh.io/d/github.com/cloudfoundry/bpm-release?v=1.4.1
+    version: 1.4.1

bosh-deployment/misc/source-releases/credhub.yml

@@ -3,6 +3,6 @@
   type: replace
   value:
     name: credhub
-    sha1: 37239a90096f1d347c2cd7471fca1ffd3de42df8
-    url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=2.12.73
-    version: 2.12.73
+    sha1: 839113e27736a71972f8c44362ed3f1cbc0f5720
+    url: https://bosh.io/d/github.com/pivotal-cf/credhub-release?v=2.12.93
+    version: 2.12.93

bosh-deployment/misc/source-releases/uaa.yml

@@ -3,6 +3,6 @@
   type: replace
   value:
     name: uaa
-    sha1: 4f5a6a733ee87775fcd284dd42d51d6f57b1c927
-    url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=77.8.0
-    version: 77.8.0
+    sha1: b617ba847bbe05c5c3e31f3f3a5cb50e732992c7
+    url: https://bosh.io/d/github.com/cloudfoundry/uaa-release?v=77.17.0
+    version: 77.17.0

bosh-deployment/openstack/cpi.yml

@@ -3,15 +3,15 @@
   type: replace
   value:
     name: bosh-openstack-cpi
-    sha1: 119855d0e917eabfb50f1e72f78cd88f3852fab8
-    url: https://bosh.io/d/github.com/cloudfoundry/bosh-openstack-cpi-release?v=54
-    version: 54
+    sha1: 8fe5580212626407c772d244909126a78a2d78ab
+    url: https://bosh.io/d/github.com/cloudfoundry/bosh-openstack-cpi-release?v=55
+    version: 55
 - name: stemcell
   path: /resource_pools/name=vms/stemcell?
   type: replace
   value:
-    sha1: 5882b6293fbd63eb4b0b5ee6fd8e78e49db04e5f
-    url: https://storage.googleapis.com/bosh-core-stemcells/1.439/bosh-stemcell-1.439-openstack-kvm-ubuntu-jammy-go_agent.tgz
+    sha1: 6928bcf6c63f0ef9e151dff4229a823a5a38a566
+    url: https://storage.googleapis.com/bosh-core-stemcells/1.621/bosh-stemcell-1.621-openstack-kvm-ubuntu-jammy-go_agent.tgz
 - path: /resource_pools/name=vms/cloud_properties?
   type: replace
   value:

bosh-deployment/openstack/use-openstack-raw-stemcell.yml

@@ -2,5 +2,5 @@
   path: /resource_pools/name=vms/stemcell?
   type: replace
   value:
-    sha1: e8056baf52502e5d037f0db4fe1940a9bea7b17e
-    url: https://storage.googleapis.com/bosh-core-stemcells/1.439/bosh-stemcell-1.439-openstack-kvm-ubuntu-jammy-go_agent-raw.tgz
+    sha1: 22582ae4e942ef96a545dfca3de1fc3cc3e0a7c1
+    url: https://storage.googleapis.com/bosh-core-stemcells/1.621/bosh-stemcell-1.621-openstack-kvm-ubuntu-jammy-go_agent-raw.tgz