Release Notes for 1.11.2

Release notes for DC/OS 1.11.2

DC/OS 1.11.2 was released on May 18, 2018.

DC/OS 1.11.2 includes the following:

Issues Fixed in DC/OS 1.11.2

  • COPS-3195 - Mesos: Fixed an issue where the authentication token refresh would not be performed. Enterprise
  • DCOS-14199 - Consolidated the Exhibitor bootstrapping shortcut by atomically reading and writing the ZooKeeper PID file.
  • DCOS-20514 - Added licensing information to the diagnostics bundle. Enterprise
  • DCOS-20568 - Fixed diagnostics bundle creation bug regarding insufficient service account permissions. Enterprise
  • DCOS-21596 - If a local user account matches an LDAP username that exists within an LDAP group, the local user account is now automatically added to the LDAP group. Enterprise
  • DCOS-21611 - The IP detect script and fault domain detect script can be changed with a config upgrade.
  • DCOS-22128 - Fixed an issue in the Service view of DC/OS UI, when cluster has pods with not every container mounting a volume Enterprise
  • DCOS-22041 - Admin Router: Fixed a race condition in the permission data cache. Enterprise
  • DCOS-22133 - DC/OS IAM: Fixed a rare case where the database bootstrap transaction would not insert some data. Enterprise
  • DCOS_OSS-2317 - Consolidated pkgpanda’s package download method.
  • DCOS_OSS-2335 - Increased the Mesos executor re-registration timeout to consolidate an agent failover scenario.
  • DCOS_OSS-2360 - DC/OS Metrics: metric names are sanitized for better compatibility with Prometheus.
  • DCOS_OSS-2378 - DC/OS Net: Improved stability of distribution protocol over TLS.
  • DC/OS UI: Incorporated multiple fixes and improvements.

Notable Changes in DC/OS 1.11.2

  • MARATHON-8090 - Reverted the Marathon configuration change for GPU resources which was introduced in 1.11.1 release.
  • QUALITY-2006 - RHEL 7.4 with Docker EE 17.06.2 is supported.
  • QUALITY-2007 - RHEL 7.4 with Docker 17.12.1-ce is supported.
  • QUALITY-2057 - CentOS 7.4 with Docker EE 17.06.2 is supported.

Security Enhancements in DC/OS 1.11.2

  • DCOS-21465 - Updated python3-saml for CVE-2017-11427. Enterprise
  • DCOS-21958 - Admin Router on master nodes no longer supports the older TLS 1.1 protocol and 3DES encryption algorithm by default. Enterprise

Note: New Docker versions are supported on RHEL 7.4. See compatibility matrix for further information.

About DC/OS 1.11

DC/OS 1.11 includes many new capabilities, with a focus on:

  • Managing clusters across multiple clouds Enterprise
  • Production Kubernetes-as-a-service
  • Enhanced data security Enterprise
  • Updated data services

Provide feedback on the new features and services at: support.mesosphere.com.

New Features and Capabilities

Platform

  • Multi-region management - Enables a DC/OS Cluster to span multiple datacenters, clouds, and remote branches while providing a unified management and control cluster. View the documentation. Enterprise
  • Linked clusters - A cluster link is a unidirectional relationship between one cluster and another. You add and remove links from one cluster to another cluster using the DC/OS CLI. Once a link is set up, you can easily switch between clusters using the CLI or UI. View the documentation. Enterprise
  • Fault domain awareness - Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. View the documentation. Enterprise
  • Decommission node - Support for permanently decommissioning nodes makes it easier to manage “spot” cloud instances, allowing for immediate task rescheduling. View the documentation
  • UCR

Networking

  • Edge-LB 1.0. View the documentation. Enterprise
  • IPv6 is now supported for Docker containers.
  • Performance improvements to the DC/OS network stack - All networking components (minuteman, navstar, spartan) are aggregated into a single systemd unit called dcos-net. Read this note to learn more about the re-factoring of the network stack.
  • The configuration parameter dns_forward_zones now takes a list of objects instead of nested lists (DCOS_OSS-1733). View the documentation to understand its usage.

Security Enterprise

  • Secrets Management Service
    • Secrets can now be binary files in addition to environment variables.
    • Hierarchical access control is now supported.

Monitoring

Storage

  • DC/OS Storage Service 0.1 (beta) - DSS users will be able to dynamically create volumes based upon profiles or policies to fine-tune their applications storage requirements. This feature leverages the industry-standard Container Storage Interface (CSI) to streamline the development of storage features in DC/OS by Mesosphere and our community and partner ecosystems. View the documentation.Beta Enterprise
  • Pods now support persistent volumes. View the documentation.Beta

Note: Because these storage features are beta in 1.11, they must be explicitly enabled in the config.yaml file when installing DC/OS. Beta features are not recommended for production usage, but are a good indication of the direction the project is headed.

Updated DC/OS Data Services

  • TLS encryption for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS is now supported. Enterprise
  • Fault domain awareness for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic and DC/OS HDFS. Use fault domain awareness to make your services highly available and to allow for increased capacity when needed. Enterprise
  • New API endpoint to pause a node for DC/OS Kafka, DC/OS Cassandra, DC/OS Elastic, and DC/OS HDFS. Use this endpoint to relaunch a node in an idle command state for debugging purposes.
  • New DC/OS Kafka ZooKeeper service. View the documentation.
  • You can now select a DC/OS data service version from a dropdown menu in the DC/OS UI.
  • Improved scalability for all DC/OS data services.