# AMP Release 6.2.0

* [Introduction](#introduction)
* [Major New Features](#major-new-features)
* [Other Enhancements](#other-enhancements)
* [Bug And Vulnerability Fixes](#bug-and-vulnerability-fixes)
* [Deprecation Announcements](#deprecation-announcements)
* [Known Issues](#known-issues)
* [Backwards Compatibility](#backwards-compatibility)
* [Installation and Upgrade Instructions](#installation-and-upgrade-instructions)

## Introduction

Thank you to our community who have contributed a lot of improvements and feedback! Thanks also go to Apache Brooklyn's
commercial users who have funded this development and made some major contributions.

For more information, please visit https://cloudsoft.io/amp, https://docs.cloudsoft.io and https://brooklyn.apache.org

This is a major upgrade from AMP version 6.1.1 and includes a number of extra improvements on the top of version 6.1.1.

## Major New Features

* New node type `nginx-multi`, `nginx-multi-upstream-sync` policy and `RepaveBatchEffector` added to facilitate rolling
  upgrades and blue-green deployments. Find details in the 'Application Management Techniques' chapter of AMP docs.

* New `ContainerSensor` can be declared on an entity that exposes a value produced by command in Kubectl Job on a
  container of interest.

* New `ContainerEffector` can be declared on an entity that allows to run a command in Kubectl Job on a container of
  interest.

* New container based Ansible effector `AnsibleContainerEffector` allows applying playbook to an entity, or a group of
  entities from an existing container.

* New SSH based Ansible effector `AnsibleSshEffector` allows applying playbook to an entity, or a group of entities from
  an existing Ansible host - Ansible control node.

* A simplified YAML DSL can be used for `DslPredicate` and `DslEntityPredicate`, find more in "YAML Blueprint Reference"
  guide.

* The Terraform entity has been changed to use the new container support by default.
  * To use the new container feature, ensure `kubectl` is set up on the AMP server to continue and
    a `cloudsoft/terraform` image installed. See the Terraform integration docs for more information.
  * To continue to use SSH mode, add a config key `tf.execution.mode: ssh`.

## Other Enhancements

* Change an already existing TF deployment in AMP.
  * Allow changing the Terraform configuration (e.g. to resize, or upgrade, or other architectural change, etc).
  * Ensure discovered topology model in AMP and associated sensors (i.e. item 2 above) and any config are updated.

* ITSM policy allows closing/opening incidents by watching a `sensor` of a particular sensor producer. Similar to
  raising an incident, incident details can be collected by configuring a `details.sensor` of a particular details
  sensor producer.

* Logbook allows querying logs of subtasks recursively.

* In Blueprint Composer:
  * Versions are not inserted into blueprint unless explicitly set or selected.
  * Personalised ID is used as a default display name of the node if not explicitly set.
  * Backspace does not delete entity from the graph anymore, as it clashes with configuration key editing actions.
  * Adding new versions of a type to existing bundles is blocked if conflict identified elsewhere in the catalog.

* In Inspector:
  * Each line in the multi-line environment variable now sanitized individually.
    * TOSCA Ansible artifact now passes inputs via multi-line environment variable, and can be masked if sensitive.
  * `winrm` stream is optimized to process large volume of CLI-XML log content.
  * Effectors of a deployed application:
    * Are searchable, if there are a lot of effectors.
    * Provide a direct link for invoking an effector.
    * Provide generated CLI commands for invoking: br and curl.
    * `ui-effector-hints` tag can be used to declare a pattern what effectors to include or exclude in the Inspector.
    * Activities view task list allows filtering by "effectors (top-level)".

## Bug and Vulnerability Fixes

* `com.thoughtworks.xstream:xstream` upgraded to 1.4.19, as version 1.4.18 flagged with a HIGH graded vulnerability.

* `com.fasterxml.jackson.core` upgraded from 2.11.3 to 2.13.3, as versions up to 2.12 flagged with a HIGH graded vulnerability.

* In Blueprint Composer:
  * Relationship from the group member node is now displayed correctly when the group node has children.
  * Version selector is not displayed for a node that does not exist in the catalog.
  * Graphical Designer does not break on a complex multi-group.
  * Quick fixes displays correctly reference to ancestor and count of errors.
  * "regex" constraint of the parameter is validated correctly in the Graphical Designer.

* Kubernetes type now correctly handles effector failures.

* For VMware vSphere locations verification of server certificates can be configured in the location declaration as well
  as globally via `etc/brooklyn.cfg`.

* Now error modal is displayed in High Availability widget if "Remove Terminated Nodes" requested with wrong permissions.

* Inputs configured as "required" and with a "constraint" are now tagged correctly as "required" in the interface.

* Readonly user cannot initiate deployments anymore.

* Config value declared in `brooklyn.config` now takes precedence over default parameter value in the quick launch, if
  both defined.

* AMP cleans temporary brooklyn-bundle-transient-xxx.zip and zip-bundle-detector-xxx.zip bundle files.

* In TOSCA:
  * Ansible artifact does not fail with concurrent installs if multiple launched on the same target.
  * Inspector `host_for/hosted_on` hierarchy view displays `hosted_on` nodes correctly.
  * Deployment is fixed for templates edited from the quick-launch bar.

* HA Persistence State import does not if custom types in the imported archive.

* The location version is now taken into account when deploying from the catalog.

## Known Issues

* Confirmed regression in JVM code, in builds after 8u322, until fixed in 8u333, affecting File on Windows environments.
  We recommend either using 8u333 or later or 8u322 or earlier. If 8u332 is required, we may be able to arrange a
  workaround patch in AMP but our preferred advice is to avoid the problematic Java versions on Windows. The most
  recent [Oracle critical patch update (CPU)](https://www.oracle.com/security-alerts/cpuapr2022.html) uses 8u321, and
  the next CPU is scheduled for 19 July, so if following their Java CPU schedule, the recommendation is to stay with
  most recent CPU 8u321 until the next one is released in July. Please confirm if this can be closed or if you require a
  workaround patch.

* Some versions of Windows Defender falsely flag `br.exe` as matching known malware signatures. This can be ignored and
  Defender disabled temporarily as needed in order to install this software to Windows. If in doubt, compare the
  checksums as advertised in the download page.

## Backwards Compatibility

* From 6.2.0, the default place that Terraform is run is using a docker container via the new kubernetes support. In
  6.1.x, the Terraform entity needed an SSH location (or a cloud or localhost where it could get one), to get that
  behavior in 6.2, it will be necessary to set configuration key `tf.execution.mode: ssh`. It is recommended instead to
  configure Kubernetes support for 6.2.0 and use the new default.

* In response to some potential vulnerabilities, AMP 6.2.0 updates to the latest Jackson serialization libraries. This
  can change the way some complex Java objects are returned by the REST API, passed to shell commands, and processed
  from blueprints. This mainly affects complex JDK classes such as date/time objects and input streams, and in all known
  cases the formats are either unchanged or improved. Any blueprints which rely on complex types (excluding maps, lists,
  strings and primitives) should be tested prior to upgrading to 6.2.0.

## Installation and Upgrade Instructions

To install see https://docs.cloudsoft.io/operations/production-installation.html

To upgrade existing installations see https://docs.cloudsoft.io/operations/upgrades/