You can find new releases of BOSH in the BOSH repository. Once you have decided on which version to use, carry out the following steps:
In cloudfoundry/bosh-deployment, identify the commit that uses the version of BOSH you want to upgrade to. You can do this by checking the releases in the
bosh.yml. For example, the following snippet from bosh.yml uses version
- name: bosh sha1: f9f7d13df4384c0562e1fd31431053d705326f64 url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-273.1.0-ubuntu-jammy-1.8-20220822-191956-046681798-20220822191957.tgz version: 273.1.0
The corresponding commit is
Update the submodule
upstreamin alphagov/paas-bootstrap/manifests/bosh-manifest to point to the commit identified in the previous step.
Determine if you need to make any other changes to ops files, based on the release changes.
Testing the upgrade
You should test the changes in a development environment by doing the following:
Claim one of the team development environments (
dev03) by sending a message to the #paas-internal channel on GDS Slack, tagging @paas-devs.
Make sure the current branch of
paas-bootstrapdeployed by the
create-bosh-concoursepipeline to the environment is
mainand has been run with the latest commit. If not, do it yourself:
gds aws paas-dev-admin -- make dev01 deployer-concourse pipelines BRANCH=main
create-cloudfoundrypipeline in the dev environment.
create-bosh-concoursepipeline to deploy your
paas-bootstrapbranch to the dev environment. You can update it by running:
gds aws paas-dev-admin -- make dev01 deployer-concourse pipelines BRANCH=UPGRADE_BRANCH_NAME
UPGRADE_BRANCH_NAMEis the name of the branch you created for the upgrade.
concourse-deployjob may fail because Concourse rolls itself. If this happens, you will need to trigger a new build for the
create-bosh-concoursepipeline finishes, run the
create-cloudfoundrypipeline. Make sure you use the
Checking credential rotation
Carry out the following steps to make sure our process for rotating credentials continues to work:
- Run the
- Rotate the BOSH credentials and certificates.
- Rotate the broker credentials.
Merging the upgrade
If the previous steps succeed, you can open a PR for review. Once it has been approved, do the following:
Tell people you will be upgrading BOSH and pausing the
create-cloudfoundrypipelines by sending a message to the #paas-internal channel on GDS Slack, tagging @paas-devs.
Make sure nothing is being deployed and pause the
prod-lon. You can do this by pausing the
pipeline-lockjob for each environment in Concourse.
Merge-sign the PR. The gds-cli has a useful utility for this:
gds git merge-sign alphagov/paas-cf <PR_NUMBER>
staging. You can do this by triggering a new build of the
init-bucketjob in Concourse. When it finishes, do the same for the
Unpause all the