2021.03.08-Oneida

ForgeOps Release Notes

Documentation

The ForgeOps documentation for this release is in the attached [forgeops-docs-oneida.zip] file. To view the documentation, download the zip file, extract the content, and access the forgeops/index.html file in your browser.

Features

• Create separate release assets for components [CLOUD-2936]
• Clone rcs-agent and ui images, and run releases on cloudbuild [CLOUD-2939]
• Add alpha/bravo realm to ds-idrepo profile
• Enable support for cdkv2 (alpha) [CLOUD-2904,CLOUD-2903,CLOUD-2902]
• Add patch to enable platform transaction tracing [CLOUD-2183]
• Initiate istio multicluster support [CLOUD-2907]
• Add ps and top commands to java base [OPENDJ-7809]
• Add a sidecar for am and idm to provide a slimmed down development instance [CLOUD-2847]
• Improve cluster-down.sh script ux [CLOUD-2871]
• Deploy Git server and kustomize manifests in Kubernetes [CLOUD-2868]
• Add support for ds proxy server [CLOUD-2827]
• Move smoke pipeline to use nightly pipeline [CLOUD-2864]
• Add http git server and remove dead weight containers [CLOUD-2841]
• Add GKE cluster labelling - per enterprise security requirements [CLOUD-2850]
• Disable the kubescheduler scraper from prometheus [CLOUD-2842]
• Apply consistent and recommended labels to resources [CLOUD-2811]
• Update prometheus helm chart [CLOUD-2726]
• Move nightly deploy to ds-operator [CLOUD-2785]
• Update prod pipeline to incrementally deploy the applications [CLOUD-2785]
• Add ds-operator support to forgeops [CLOUD-2785]
• Improve health check in eks medium cdm [CLOUD-2598]
• Add amster import option to config.sh [CLOUD-2721]
• Add default global secret mappings for session service [AME-16544]
• Add metrics-server to eks clusters [CLOUD-2727]
• Add hpa autoscaling to am deployment [CLOUD-1434]
• Add debug output to init script, and additional commands to ds.sh [CLOUD-2494]
• Update idm-only config to allow users to authenticated via idm
• Add a new script for changing product base images [CLOUD-2593]
• Add pruning of block storage devices, better cli handling
• Improve reliability of the nightly pipelines [CLOUD-2646]
• Add filter routing, by adding forgeops public and engineeringpit pruning rules [CLOUD-2574]
• Switching lodestar profile to dev profile ref: lodestar-468
• Add new quickstart.sh script [CLOUD-2625]
• Add am config upgrader job to update config and restore placeholders after am config export [CLOUD-2568]
• Increase idm resources for medium profile ref: lodestar-467
• Add secret agent object in "all" profile [CLOUD-2213]
• Create and attach cdq manifests in github releases [CLOUD-2559]
• Add tekton pipeline to build images, bump skaffold version [CLOUD-2561]
• Provide an option to create a static ip [CLOUD-2558]
• Add new aks cluster provisioning bash scripts [CLOUD-2550]
• Add gke medium size [CLOUD-2557]
• Enable external access by default to Prometheus, Grafana alertmanager [CLOUD-2552]
• Deprecate cluster/pulumi
• Add debug pod for diagnosing ldap or connectivity problems [CLOUD-1981]
• Preserve configuration on am pod restart [CLOUD-2498]
• Add sample schema update [FRAAS-3977]
• Increase the scope of dynamic configurations exported by amster [CLOUD-2419]
• Add script to install, update, and remove secret agent operator [CLOUD-2514]
• Simplify the scripts to deploy on GKE [CLOUD-2484]
• Upgrade nginx chart to the kubernetes cncf version at https://kubernetes.github.io/ingress-nginx [CLOUD-2492]
• Adding build argument in cli containers for registry [CLOUD-2184]
• Add new eksctl script for provisioning eks clusters [CLOUD-2483]

Fixes

• Remove un-tagged images from forgeops-public [CLOUD-2870]
• Remove OIDC config from amster [CLOUD-2955]
• Set the default directory in the cloud build of cli-tools
• Update prod jobs to use namespace
• Set proper profiles for ds setup [CLOUD-2909]
• Adding platform and idm long test to perf release test suite
• Resolve cross version and platform issues [CLOUD-2892]
• Correct tier names in network policies example ref: cloud-984
• Lower jvm to 65 to avoid oom [OPENIDM-16100]
• Resolve issueswith bash3
• Adjusting baseline and removing set options for long duration test
• Changing perf node to long sprint release long duration tests
• Don't push result of perf tests from pr/postcommit to elasticsearch
• Enabling access token long duration test for sprint testing
• Pit2 upgrade workaround using a most recent amster image
• Add filter in image pruner to not prune images tagged *-stable in enginneeringpit project
• Update nighlty.yaml to only build relevant docker images [CLOUD-2785]
• Adding backup and restore to authn test and disabling access token test until tested properly
• Remove am entries in ds keystore [CLOUD-2775]
• Simplify filtering [CLOUD-2756]
• Run apt-get update before installs and remove cache [CLOUD-2778]
• Update am-config-upgrader to use an image tag not an image sha
• Limit pipeline release builds to cloud team tags [CLOUD-2765]
• Remove scale up and down as its now in lodestar
• Default global secret mappings for session service correction [AME-16544]
• Update regex used to extract amster version
• Update the 'stable' helm repo [CLOUD-2713]
• Update eks to 1.18, fix schedule-backups.sh
• Add missing am to rm docker/7.0/config command [CLOUD-2718]
• Remove ds node selector [CLOUD-2717]
• Change password and kba [CLOUD-2692]
• Add set options and remove long duration test references
• Add find_packages to setup.py for proper install
• Set es512test key to be size of 521 [AME-20457]
• Add timestamps in amster import.sh and ldif-importer ds-password.sh script [CLOUD-2651]
• Add debug traces in amster import script when the user password is not correct [CLOUD-2651]
• Install secret-agent only if it is not present
• Add exit statement to condition in ds-password.sh [CLOUD-2651]
• Use 'bash -x' in amster import.sh and ldif-importer ds-password.sh script to investigate random issue with incorrect ds password
• Add the name of the module cloud_utils containing scaleclusternodepo...

2020.10.28-AlSugoDiNoci

ForgeOps Release Notes

Documentation

The ForgeOps documentation for this release is in the attached [forgeops-docs.zip] file. To view the documentation, download the zip file, extract the content, and access the forgeops/index.html file in your browser.

Features

Significant features

• Deprecate cluster/pulumi Pulumi is no longer used for cluster configuration, instead shell scripts based on the cloud platform utilities are used for cluster configuration.

• Add new quickstart.sh script for deploying CDQ (Cloud Deployment Quickstart) [CLOUD-2625]. You can use the quickstart.sh to create a sample deployment of ForgeRock platform in your cluster, including a Minikube cluster.

Other features

• Add support for the DS operator [CLOUD-2667]
• New script for changing product base images [CLOUD-2593]
• Add pruning of block storage devices and better cli handling
• Improve reliability of the nightly pipelines [CLOUD-2646]
• Add filter routing and pruning rules [CLOUD-2574]
• Switch lodestar profile to dev profile [LODESTAR-468]
• Add AM configuration upgrader job to update config and restore placeholders after am config export [CLOUD-2568]
• Increase IDM resources for medium profile [LODESTAR-467]
• Add secret agent object in all profile [CLOUD-2213]
• Create and attach CDQ manifests in github releases [CLOUD-2559]
• Add Tekton pipeline to build images, bump skaffold version [CLOUD-2561]
• Provide option to create a static IP address [CLOUD-2558]
• Add capability to handle progressive login and updated readme for using load testing framework
• Set the nginx pod count based on the cluster type
• Add new AKS cluster provisioning bash scripts [CLOUD-2550]
• Add GKE medium size [CLOUD-2557]
• Enable prometheus/grafana/alertmanager external access by default [CLOUD-2552]
• Add debug pod for diagnosing ldap or connectivity problems [CLOUD-1981]
• Preserve configuration on AM pod restart [CLOUD-2498]
• Add sample schema update [FRAAS-3977]
• Increase the scope of dynamic configurations exported by amster [CLOUD-2419]
• Add script to install, update, and remove secret agent operator [CLOUD-2514]
• Simplify GKE scripts [CLOUD-2484]
• Upgrade nginx chart to the kubernetes cncf version at https://kubernetes.github.io/ingress-nginx [CLOUD-2492]
• Add build argument in cli containers for registry [CLOUD-2184]
• Add new eksctl script for provisioning EKS clusters [CLOUD-2483]

Fixes

• Install secret-agent only if it is not present
• Use 'bash -x' in amster import.sh and ldif-importer ds-password.sh script to investigate random issue with incorrect ds password
• Change the node pool names for perf sprint release cluster
• Add the glcoud authenticate call to scale node pools
• Add the name of the module cloud_utils containing scaleclusternodepool method
• Set skaffold docker tags to short git commit
• Update sleep in amster script to 200 secs to allow for am to be ready for import [CLOUD-2460]
• Correct ds monitor password in secret agent config [CLOUD-2643]
• Remove am_hmac_confirmation_id environment variable [CLOUD-2617]
• Update recon template from forgerock,dc=com to forgerock,dc=io
• Disable autoscaling in cluster-up.sh for AKS and GKE [CLOUD-2636]
• Increase the length of passphrase used as confirmation hmac signature [CLOUD-2617]
• Encode hmac confirmation id [CLOUD-2617]
• Remove push true for local contexts [CLOUD-2614]
• Add rbac permissions to manage sac for Tekton pipelines
• Retain forgeops secrets to support Identity Cloud Services
• Bump skaffold version [CLOUD-2561]
• Retrieve region for AKS/GKE scripts to user's default cli configuration [CLOUD-2577]
• Add recon association targets to ds repo config [OPENIDM-15491]
• Release GCP load balancer before deleting the cluster [CLOUD-2579]
• Add nginx class annotation to the ingress configs for the UIs
• Change CDM small to use prod.iam.example.com [CLOUD-2580]
• Remove dot from username as not supported by labels
• Inject dsbackup vars from the platform configmap [CLOUD-2496]
• Improve clusters generated by eksctl scripts [CLOUD-2520]
• Fix ingress deployment scripts for eksctl [CLOUD-2517]
• Update regex used to extract amster version
• Add capability to handle case where GCP config isn't mounted in CDM entrypoint [CLOUD-2500]
• Add kubeconfig directory which mounts config with proper permissions [CLOUD-2499]
• Add missing label to prod-ds deployment
• Set label on cluster-up.sh [CLOUD-2484]
• Remove s3 bucket from aws-infra config [CLOUD-2502]
• Resolve build parameters in google cloud build for cli.sh [CLOUD-2184]
• Update Tekton event listener to latest specification [CLOUD-2464]
• Update oidc claims script
• Repo tools handles multiple tags at a single commit

Docs

• Attach ForgeOps documentation in [forgeops-docs.zip] file
• Update GCP pruner readme for deployment [CLOUD-1571]
• Update sample sac to include language for azure [CLOUD-2148]
• Update readme.md secrets section for secret-agent [CLOUD-2639]

2020.07.15-alleVongole

ForgeOps Release Notes

Features

• Improve dsbackup scripts [CLOUD-2385]
• Improve dsbackup's UX [CLOUD-2383,CLOUD-2373]
• Toolbox improvements [CLOUD-2238]
• Add a new "No UI kustomize/skaffold" profile
• Enable AM file-based configuration[CLOUD-2309]

Fixes

• Update the config.sh script to save Amster exports
• Remove unused and incorrect jwk_uri values for Oauth 2.0 clients [OPENAM-14597]
• Update deployments to the apps/v1 spec [CLOUD-2361]
• Update nightly amadmin password notification [CLOUD-2272]
• Fix pull policy for Amster to work in Minikube
• Restore recurring tasks only for the first DS pod
• Schedule recurring backups only in pod zero

2020.06.24-laPaniscia

ForgeOps Release Notes

Features

• Automatically restore from cloud backups during init [CLOUD-2281]
• Revert the CTS storage model back to one to one due to regression seen [OPENAM-16365]
• Specify the openidm-authorized role as a default role to prepare for no longer requiring relationship creation on ever user [OPENIDM-14788]
• Make dsbackup schedule string configurable [CLOUD-2282]
• Change global OAuth 2.0 config to use the newer and more efficient "cts_grant_set_model" [PERF-1543]
• Change reaping to "mixed mode" in global advanced server properties[PERF-1543]
• Modify DS profile to use token expiration policy of "am-session-only"[PERF-1543]

Fixes

• Set storage size for DS in lodestar profile
• Replace 'set_uid_admin_and_monitor_passwords' with 'ds_set_uid_admin_and_monitor_passwords' to have DS passwords correctly set [CLOUD-2281]
• Fix the configuration for PIT2 upgrade
• Fix missing comma in JSON
• Set default locale to UTF-8 in base Java image [OPENDJ-7257]
• Increase timeout for PIT2 greenfield tests [PIT-318]
• Have Changelog.md use the proper revlist value

2020.06.03-PastaeCeci

ForgeOps Release Notes

Features

• Print-secrets.sh improvements [CLOUD-2197]
• Enable /openicf route for ICF connector server [CLOUD-2093]
• Enable DS to backup to cloud storage using dsbackup [CLOUD-2160]
• Toolbox enhancements to improve VSCode integration [CLOUD-2238]
• Add master-client for dynamic client registration [CLOUD-2250]
• Configure am with multiple id repos when we have more than one replica [LODESTAR-263]
• Add smoke test as a service; improve Tekton pipeline robustness [CLOUD-2235]

Fixes

• Release tool now properly handles null terminated strings
• Improve Tekton notifications
• Correct configuration in servletfilter-cors.json
• Introduce additional time for idm to stabilize -for Tekton [CLOUD-2235]

2020.05.13-AlPomodoro

ForgeOps Release Notes

Features

• Add openssh server to support vs code remote development extension [CLOUD-2104]
• Add pod disruption budgets for am, idm, ds and ig [CLOUD-1428]
• Create public loadbalancer for ds-idrepo. (disabled by default [CLOUD-2126]
• Include 'add' option to config.sh to support incremental configuration [[Cloud-2187] (https://bugster.forgerock.org/jira/browse/CLOUD-2187)]
• Trim all images and tags over 30 days for engineering-devops [CLOUD-2122]
• Upgrade kaniko builder to v0.20.0
• Enable local backups using dsbackup for ds 7.0 [CLOUD-1991]
• Include cluster install addons to the cdm tools container [CLOUD-1946]
• Update Tekton pipeline to create github draft release from a tag [CLOUD-2105]
• Cloud-2002 am fbc
• Add new trigger for bitbucket prs using pr notification plugin
• Adds tools to create release notes and create a github release [CLOUD-2105]
• Make backup sources optional in backup-loader.sh
• Add secrets for fbc [Cloud-2123]
• Add a simple easily deployable debug container
• Create Tekton pipeline with triggers for smoke tests
• Add defaults to toolbox and streamline setup, with help text [CLOUD-2080]
• Clean up and pare down print-secrets.sh output [Cloud-2073]
• Add a small script to build and run the forgeops toolbox [CLOUD-2080]
• Add script to pre-load backup pvcs for 6.5 [Cloud-2049]
• Add Kustomize and Kubernetes objects to run a toolbox that supports in cluster builds and deployments
• Improve nightly pipeline notifications [Cloud-1992]
• Add application definition to support the gke marketplace

Fixes

• Update correct css configuration for 6.5 [CLOUD-2260]
• Remove ssh public key as a hard requirement
• Delete samples that are no longer required [CLOUD-2134]
• Add the missing cron file for pruner
• Amster container build error
• Use changes registry for base images on 6.5 [CLOUD-2122]
• Remove need for fork to render-templates
• Use uid 101 for podsecuritypolicies on ui containers [CLOUD-2102]
• Label nodes on creation in Azure [CLOUD-2000]
• Add correct ds store values to amster configmap
• Unpin the am promotion [Cloud-2173]
• Correct prometheus base path
• Fix broken path to cluster addons
• Revise waitfor to an array
• Revise cloudbuild.yaml as helm --home is deprecated [CLOUD-2167]
• Am docker image now required tomcat logging and load balancer parameters to be set
• Remove backup volumes and related items for now to fix ds base
• Added workarounds for kaniko caching issues
• Increase skaffold timeout to 10mins
• Move all tekton resources to the tekton-pipelines ns
• Expand 6.5 am war file to make customization easier [CLOUD-2133]
• Remove quoting which causes undesired behavior with exec [CLOUD-2124]
• Fix ds-cts prometheus scraper
• Fix tekton smoke test trigger
• Remove random password from ds metrics endpoint
• Prune all images in repo [CLOUD-2118]
• Check to ensure the correct number of args is provided
• Fix cert-manager related issues
• Revised to ensure that credential helper for gcr.io locates application_default_credentials.json [CLOUD-1997]
• Revise print-secrets.sh to correctly print ds admin password. Also speed up forgeops-secrets generation
• Switch ui containers from 80 -> 8080 [CLOUD-2094]
• Remove oauth2 clients that are not relevant for 6.5. use the user store profile, not the admin account [CLOUD-2091]
• Merge kaniko.yaml into skaffold.yaml [CLOUD-2077]
• Revise kubernetes to 1.15.10 for windows
• Prevent double encoding pem value
• Revise clean.sh so that it exits with 0 code
• Use clean.sh in Tekton pipelines
• Change make-users.sh for ds 6.5. to use password file
• Fix random password issue in smoke tests [Cloud-2071]
• Remove getoutputsync from aks/index.ts to improve nodejs 12 support
• Cloud-2070 fix make-users.sh [Cloud-2070]

Docs

• Add readme.md for azure Pulumi stack [CLOUD-1871]
• Add readme for pod security polices and network policies Kustomization profiles [CLOUD-1998]

2020.04.22-SpaghettiOs

ForgeOps Release Notes

Features

• Enable local backups using dsbackup for DS 7.0 [CLOUD-1991]
• Add cluster install addons to the cdm tools container [CLOUD-1946]
• Automate tekton pipeline to create github draft release from a tag [CLOUD-2105]
• Test and POC of AM FBC [CLOUD-2002]
• Add new trigger for bitbucket PRs using PR notification plugin
• Add tools to create release notes and create a github release [CLOUD-2105]
• Make backup sources optional in backup-loader.sh
• Add secrets for FBC [CLOUD-2123]
• Add a simple easily deployable debug container
• Create a tekton pipeline with triggers for smoke tests
• Add defaults to toolbox and streamline setup, add docs/help text [CLOUD-2080]
• Simplify / clean up print-secrets.sh output [CLOUD-2073]
• Add a small script to build and run the forgeops toolbox [CLOUD-2080]
• Add script to pre-load backup PVCs for 6.5 [CLOUD-2049]
• Add kustomization and k8s objects to run a toolbox that supports in cluster builds and deployments
• Improve nightly pipeline notifications [CLOUD-1992]
• Add Application definition to support the GKE Marketplace

Fixes

• Revise waitFor to an array
• Revise to use Helm 3, and cloudbuild.yaml cant start with --- [CLOUD-2167]
• Revise AM docker image to set required tomcat logging and load balancer parameters.
• Revise the DS base. Remove backup volumes and related items for now
• Implement workarounds for Kaniko issues
• Increase skaffold timeout to 10mins
• Move all tekton resources to the tekton-pipelines ns
• Expand 6.5 AM war file to make customization easier [CLOUD-2133]
• removes quoting which causes undesired behavior with exec [CLOUD-2124]
• Fix ds-cts prometheus scraper
• Fix tekton smoke test trigger
• Remove random password from DS metrics endpoint
• Prune all images in repo [CLOUD-2118]
• Set up checks to ensure the correct number of args is provided
• Add cert-manager related fixes.
• Revise $HOME so credential helper for gcr.io now finds application_default_credentials.json [CLOUD-1997]
• Add fixes to print-secrets.sh for printing of ds admin password. and speed up forgeops-secrets generation
• Switch UI containers from 80 -> 8080 [CLOUD-2094]
• Remove OAuth2 clients that are not relevant for 6.5. Use the user store profile, not the admin account [CLOUD-2091]
• Merge kaniko.yaml into skaffold.yaml [CLOUD-2077]
• Revise aks kubernetes 1.15.5 -> 1.15.10
• Revise ca-secret.yaml used stringData and a secretGenerator which double encodes pem value
• Revise clean.sh should exit with 0 code
• Use clean.sh in tekton pipelines
• Change make-users.sh for DS 6.5. Now using password file
• Fix random password issue in smoke tests CLOUD-2071
• Remove getoutputsync from aks/index.ts to improve nodejs 12 support
• Fix make-users.sh CLOUD-2070

Docs

• Add readme for pod security polices and network policies kustomization profiles [CLOUD-1998]

6.5.1

Last release with 6.5.0 binaries before breaking changes are made for 7.x