chore(*): bump CoreOS to 509.1.0 for Docker vulnerability

carmstrong · carmstrong · commit fbb7b35f245d · 2014-11-24T17:14:25.000-08:00
This PR updates CoreOS to include [Docker 1.3.2](https://github.com/docker/docker/blob/master/CHANGELOG.md#132-2014-11-20) which includes [important security fixes](https://groups.google.com/forum/#!msg/docker-user/IrjXTHA6jJc/ZToMGL2yG_AJ). In addition to upgrading to Docker 1.3.2, we are addressing the secure-by-default registry settings in #2578 (these changes were introduced in Docker 1.3.1). Note that DigitalOcean and Rackspace do not yet have CoreOS 509.1.0.
diff --git a/Vagrantfile b/Vagrantfile
@@ -35,7 +35,7 @@ else
   $vb_cpus = 1
 end
 
-COREOS_VERSION = "494.0.0"
+COREOS_VERSION = "509.1.0"
 
 if File.exist?(CONFIG)
   require CONFIG
diff --git a/contrib/ec2/deis.template.json b/contrib/ec2/deis.template.json
@@ -84,15 +84,15 @@
 
   "Mappings" : {
     "CoreOSAMIs" : {
-      "eu-central-1"   : { "PV" : "ami-0cae9811", "HVM" : "ami-12ae980f" },
-      "ap-northeast-1" : { "PV" : "ami-9f60599e", "HVM" : "ami-9d60599c" },
-      "sa-east-1"      : { "PV" : "ami-21ca7c3c", "HVM" : "ami-23ca7c3e" },
-      "ap-southeast-2" : { "PV" : "ami-adb9d697", "HVM" : "ami-afb9d695" },
-      "ap-southeast-1" : { "PV" : "ami-0eebc85c", "HVM" : "ami-0cebc85e" },
-      "us-east-1"      : { "PV" : "ami-30058d58", "HVM" : "ami-3e058d56" },
-      "us-west-2"      : { "PV" : "ami-b34f0483", "HVM" : "ami-b14f0481" },
-      "us-west-1"      : { "PV" : "ami-ff7264ba", "HVM" : "ami-f97264bc" },
-      "eu-west-1"      : { "PV" : "ami-1e47f269", "HVM" : "ami-1c47f26b" }
+      "eu-central-1"   : { "PV" : "ami-9623128b", "HVM" : "ami-94231289" },
+      "ap-northeast-1" : { "PV" : "ami-d6999dd7", "HVM" : "ami-d8999dd9" },
+      "sa-east-1"      : { "PV" : "ami-79a41564", "HVM" : "ami-7fa41562" },
+      "ap-southeast-2" : { "PV" : "ami-e1dfb1db", "HVM" : "ami-e3dfb1d9" },
+      "ap-southeast-1" : { "PV" : "ami-7598ba27", "HVM" : "ami-7b98ba29" },
+      "us-east-1"      : { "PV" : "ami-00158768", "HVM" : "ami-0215876a" },
+      "us-west-2"      : { "PV" : "ami-d92377e9", "HVM" : "ami-d72377e7" },
+      "us-west-1"      : { "PV" : "ami-a7adbce2", "HVM" : "ami-a5adbce0" },
+      "eu-west-1"      : { "PV" : "ami-c6e858b1", "HVM" : "ami-d8e858af" }
 
     },
     "RootDevices" : {
diff --git a/contrib/rackspace/provision-rackspace-cluster.sh b/contrib/rackspace/provision-rackspace-cluster.sh
@@ -48,9 +48,9 @@ $CONTRIB_DIR/util/check-user-data.sh
 
 i=1 ; while [[ $i -le $DEIS_NUM_INSTANCES ]] ; do \
     echo_yellow "Provisioning deis-$i..."
-    # TODO: update to CoreOS 494.0.0 when it is available at Rackspace
-    # This image is CoreOS 490.0.0
-    supernova $ENV boot --image 3c7e97fa-a9f5-4b09-97aa-c94e66dbbfeb --flavor $FLAVOR --key-name $1 --user-data ../coreos/user-data --no-service-net --nic net-id=$NETWORK_ID --config-drive true deis-$i ; \
+    # TODO: update to CoreOS 509.1.0 when it is available at Rackspace
+    # This image is CoreOS 494.0.0
+    supernova $ENV boot --image 1c423602-ea76-4263-b56b-0a2fa3e8c663 --flavor $FLAVOR --key-name $1 --user-data ../coreos/user-data --no-service-net --nic net-id=$NETWORK_ID --config-drive true deis-$i ; \
     ((i = i + 1)) ; \
 done
 
diff --git a/docs/installing_deis/baremetal.rst b/docs/installing_deis/baremetal.rst
@@ -96,8 +96,9 @@ Start the installation
     coreos-install -C alpha -c /tmp/config -d /dev/sda
 
 
-This will install the latest `CoreOS`_ alpha release to disk. To specify a specific CoreOS version,
-append the ``-V`` parameter to the install command, e.g. ``-V 494.0.0``.
+This will install the latest `CoreOS`_ alpha release to disk. The Deis provision scripts for other
+platforms typically specify a CoreOS version - currently, ``509.1.0``. To specify a specific CoreOS
+version, append the ``-V`` parameter to the install command, e.g. ``-V 509.1.0``.
 
 After the installation has finished, reboot your server. Once your machine is back up, you should
 be able to log in as the `core` user using the `deis` ssh key.
diff --git a/docs/installing_deis/gce.rst b/docs/installing_deis/gce.rst
@@ -119,7 +119,7 @@ Launch 3 instances. You can choose another starting CoreOS image from the listin
 
 .. code-block:: console
 
-    $ for num in 1 2 3; do gcutil addinstance --image projects/coreos-cloud/global/images/coreos-alpha-494-0-0-v20141108 --persistent_boot_disk --zone us-central1-a --machine_type n1-standard-2 --tags deis --metadata_from_file user-data:gce-user-data --disk cored${num},deviceName=coredocker --authorized_ssh_keys=core:~/.ssh/deis.pub,core:~/.ssh/google_compute_engine.pub core${num}; done
+    $ for num in 1 2 3; do gcutil addinstance --image projects/coreos-cloud/global/images/coreos-alpha-509-1-0-v20141124 --persistent_boot_disk --zone us-central1-a --machine_type n1-standard-2 --tags deis --metadata_from_file user-data:gce-user-data --disk cored${num},deviceName=coredocker --authorized_ssh_keys=core:~/.ssh/deis.pub,core:~/.ssh/google_compute_engine.pub core${num}; done
 
     Table of resources:
 
