tsurud 1.0.0 release notes

Welcome to tsurud 1.0.0!

These release notes cover the new features, bug fixes, general improvements and backward incompatible changes you’ll want to be aware of when upgrading from tsurud 0.13.x or older versions.

Main new features

  • Deploy applications using Docker image (#1314). Now it’s possible to deploy a Docker image as tsuru app using tsuru app-deploy -i command. This image should be in a registry and be accessible by tsuru api. Image should also have a Entrypoint or a Procfile at given paths, / or /app/user/ or /home/application/current. See more in tsuru-client app-deploy reference.
  • Improved application log handling. Besides several performance improvements in log handling, it’s now possible to configure tsuru to forward containers logs directly to an external log server.
  • API versioning. Now all API calls to tsuru may include a version prefix in the format /1.0/<request path>. Further changes to the API will be versioned accordingly.

Bug fixes

  • Correctly remove images from docker registry v2. tsuru was failing silently when trying to remove old images from docker registry v2. (#1361)

  • After a failure adding or removing routes from a router it was possible for applications to have incorrect route entries in the router. This happened because router failures generally also prevented rollback commands from successfully executing in the router. To prevent this problem from happening in the future tsuru will now check if the router is consistent after every operation that interacts with external routers. (app-deploy, app-swap, containers-move, healing process…)

    If this check is not successful tsuru will schedule a message in it’s internal queue system (monsterqueue) that will keep trying to ensure routers are consistent. This should completely remove the possibility of having incorrect route entries after failures.

  • Users are now dissociated from roles on role remove. Previously removing a role still being used would cause errors when checking permissions.

General improvements

  • projectid parameter is not mandatory in Apache CloudStack (#1260).

  • A new app description field, that can be used to describe the app objective (#1327).

  • New SAML V2 authentication scheme. See SAML authentication configuration for instructions on how to configure it.

  • Add new filters in the user list API endpoint: now it’s possible to filter users by role and e-mail (issue #1349).

  • Change user list filtering behavior. Consider users with permissions:

    A: app.create(team team1), app.create(team team2) B: app.create(team team1)

    The previous behavior was such as if user A called user-list they would see both users A and B. However user B calling user-list would only see themselves.

    Now user B will be able to see user A on user-list but only app.create(team team1) permission will show up.

  • Add a way to put units in sleep mode. Making possible external services to put units that are not used to “sleep”.

  • EC2 IaaS is now feature complete, supporting parameter such as IAM roles, extra volumes and multiple network interfaces. Since these parameters are composed of multiple values, users must provide a JSON for using them. It also supports using private DNS names now, as long as the user specifies the subnet-id and the index of the network interface that they want to use. For example, with IAM instance profiles, block devices and running on a private network:

% tsuru-admin docker-node-add iaas=ec2 'iaminstanceprofile={"name":"docker-instances"}' 'blockdevicemappings=[[{"DeviceName":"/dev/sda1","Ebs":{"VolumeSize":100}}]' subnetid=subnet-1234 network-index=0 ...
  • Digital Ocean IaaS now supports private networking. When the parameter private-networking is defined to true, Tsuru will attach a private network interface to the Droplet and use this address to communicate with the managed node. (#1345).
  • All long running API handlers for the Docker provisioner now use a keep-alive to keep the connection open, properly handling low network timeouts (specially with AWS Elastic Load Balancers).
  • A new service instance description field, that can be used to describe the service instance objective (#1335).
  • Add a new filter in the app listing API endpoint: now it’s possible to filter applications by unit status (issue #1360).
  • Add a new handler that returns the service instance info (issue #1331).
  • New deploy origins: image for image deploys and drag-and-drop that is used to identify deploys made from tsuru-dashboard.
  • A new handler that returns the role info (issue #1353).
  • New filters in the user list endpoint: now it’s possible to filter users by username and role.
  • A new handler to update service instance (issue #1336).
  • Add token authentication support in Galeb router backend.
  • Add AddRoutes and RemoveRoutes to router interface These methods allow adding and removing multiple routes at the same times. The idea is to start using these new methods when possible, specially in the deploy pipeline. A significant performance improvement is expected in the Galeb router after this change.
  • Several performance improvement changes receiving log messages from applications.
  • Add description flag to role-add command (–description/-d), allowing users to add a description for newly created roles.
  • It’s now possible to limit the number of simultaneous docker commands running on the same docker node. Check the config reference for more information.

Backward incompatible changes (action needed)

  • The way the bs container is managed has changed. If you have any configuration setting for bs that was added using tsuru-admin bs-env-set you must run tsurud migrate to ensure every config env has been copied to the new structure.

    bs containers should now be managed using tsuru-admin node-container-update big-sibling [options...]. See node containers reference for more information.