changes for 2.19.3

rosieyohannan · rosieyohannan · commit 63c9dc6b074b · 2020-05-19T15:29:24.000+01:00
diff --git a/jekyll/_cci2/aws.adoc b/jekyll/_cci2/aws.adoc
@@ -126,7 +126,7 @@ You will be asked to confirm if you wish to go ahead by typing `yes`.
 .SSL Security
 image::browser-warning.png[SSL Security]
 
-. Enter your hostname – this can be your domain name or public IP of the Services Machine instance. At this time you can also upload your SSL public key and certificate if you have them. To proceed without providing these click Use Self-Signed Cert – choosing this option will mean you will see security warnings each time you visit the Management Console.
+. Enter your hostname. This can be your domain name or public IP of the Services Machine instance. At this time you can also upload your SSL public key and certificate if you have them. To proceed without providing these click Use Self-Signed Cert – choosing this option will mean you will see security warnings each time you visit the Management Console.
 +
 .Hostname
 image::secure-management-console.png[Hostname]
@@ -152,67 +152,69 @@ You should now be on the Management Console settings page (your-circleci-hostnam
 
 WARNING: You can make changes to the settings on this page at any time but changes here will require *downtime* while the service is restarted. Some settings are covered in more detail in out Operations Guide.
 
-. The Hostname field should be pre-populated from earlier in the install process, but if you skipped that step, enter your domain or public IP of the Services machine instance. You can check this has been entered correctly by clicking Test Hostname Resolution.
+. **Hostname** – The Hostname field should be pre-populated from earlier in the install process, but if you skipped that step, enter your domain or public IP of the Services machine instance. You can check this has been entered correctly by clicking Test Hostname Resolution.
 
-. The Services section is only used when externalizing services. Externalization is available with a Platinum service contract. Contact support@circleci.com if you would like to find out more.
+. **Services** – The Services section is only used when externalizing services. Externalization is available with a Platinum service contract. Contact support@circleci.com if you would like to find out more.
 +
 .External Services
 image::hostname-services.png[Hostname and Services Settings]
 
-. Under Execution Engines, only select 1.0 Builders if you require them for a legacy project – most users will leave this unchecked.
+. **Execution Engines** – only select 1.0 Builders if you require them for a legacy project – most users will leave this unchecked.
 
-. Select Cluster in the 2.0 Builders Configuration section. The Single box option will run jobs on the Services machine, rather than a dedicated instance, so is only suitable for trialling the system, or for some small teams.
+. **Builders Configuration** – select Cluster in the 2.0 section. The Single box option will run jobs on the Services machine, rather than a dedicated instance, so is only suitable for trialling the system, or for some small teams.
 +
 .1.0 and 2.0 Builders
 image::builders.png[Execution Engine]
 
-. Register CircleCI as a new OAuth application in GitHub.com or GitHub Enterprise by following the instructions provided onscreen.
+. **GitHub Integration** – register CircleCI as a new OAuth application in GitHub.com or GitHub Enterprise by following the instructions provided on the page.
 +
 NOTE: If you get an "Unknown error authenticating via GitHub. Try again, or contact us." message, try using `http:` instead of `https:` for the Homepage URL and callback URL.
 
-. Copy the Client ID and Secret from GitHub and paste it into the relevant fields, then click Test Authentication.
+.. Copy the Client ID and Secret from GitHub and paste it into the relevant fields, then click Test Authentication.
 
-. If you are using GitHub.com, move on to the next step. If using Github Enterprise, you will also need to supply an API Token so we can verify your organization. To provide this, complete the following from your GitHub Enterprise dashboard:
-.. Navigate to Personal Settings (top right) > Developer Settings > Personal Access Tokens.
-.. Click “generate new token”. Name the token appropriately to prevent accidental deletion. Do not tick any of the checkboxes, we only require the default public read-level access so no extra permissions are required. We recommend this token should be shared across your organization rather than being owned by a single user.
-.. Copy the new token and paste it into the GitHub Enterprise Default API Token field.
+.. If you are using GitHub.com, move on to step 6. If using Github Enterprise, you will also need to follow some suplementary steps and supply an API Token so we can verify your organization. To provide this, complete the following from your GitHub Enterprise dashboard:
+... Navigate to Personal Settings (top right) > Developer Settings > Personal Access Tokens.
+... Click “generate new token”. Name the token appropriately to prevent accidental deletion. Do not tick any of the checkboxes, we only require the default public read-level access so no extra permissions are required. We recommend this token should be shared across your organization rather than being owned by a single user.
+... Copy the new token and paste it into the GitHub Enterprise Default API Token field.
 +
 .Enter Github Enterprise Token
 image::ghe_token.png[Github Integration]
 
-. If you wish to use LDAP authentication for your installation, enter the required details in the LDAP section. For a detailed runthrough of LDAP settings, see our https://circleci.com/docs/2.0/authentication/#ldap[LDAP authentication guide]
+. **LDAP** – if you wish to use LDAP authentication for your installation, enter the required details in the LDAP section. For a detailed runthrough of LDAP settings, see our https://circleci.com/docs/2.0/authentication/#ldap[LDAP authentication guide]
 
-. We recommend using an SSL certificate and key for your install. You can submit these in the Privacy section if this step was missed during the installation.
+. **Privacy** – We recommend using an SSL certificate and key for your install. You can submit these in the Privacy section if this step was missed during the installation.
 +
 .Privacy Settings
 image::privacy.png[]
 
-. We recommend using S3 for storage and all required fields for Storage are pre-populated. The IAM user, as referred to in the <<aws-prereq#planning,planning>> section of this document, is used here.
+. **Storage** – We recommend using S3 for storage and all required fields for Storage are pre-populated. The IAM user, as referred to in the <<aws-prereq#planning,planning>> section of this document, is used here.
 +
 .Storage Options
 image::storage.png[]
 
-. Complete enhanced AWS Integration options.
+. **Enhanced AWS Integration** – Complete this section if you are using 1.0 builders.
 // explain enhanced AWS integration 1.0 or just say ignore
 
-. Complete the Email section if you wish to configure your own email server for sending build update emails. Leave this section is you wish to use our default email server.
+. **Email** Complete the Email section if you wish to configure your own email server for sending build update emails. Leave this section is you wish to use our default email server.
 +
 NOTE: Due to an issue with our third party tooling, Replicated, the Test SMTP Authentication button is not currently working
 
-. Configure VM service if you plan to use https://circleci.com/docs/2.0/building-docker-images/[Remote Docker] or `machine` executor (Linux/Windows) features. We recommend using an IAM instance profile for authentication, as described in the <<aws-prereq#planning,planning>> section of this document. With this section completed, instances will automatically be provisioned to execute jobs in Remote Docker or use the `machine` executor. To use the Windows `machine` executor you will need to https://circleci.com/docs/2.0/vm-service/#creating-a-windows-ami[build an image]. For more information on VM Service and creating custom AMIs for remote Docker and `machine` executor jobs, see our https://circleci.com/docs/2.0/vm-service/#section=server-administration[VM service guide].
+. **VM Provider** – Configure VM service if you plan to use https://circleci.com/docs/2.0/building-docker-images/[Remote Docker] or `machine` executor (Linux/Windows) features. We recommend using an IAM instance profile for authentication, as described in the <<aws-prereq#planning,planning>> section of this document. With this section completed, instances will automatically be provisioned to execute jobs in Remote Docker or use the `machine` executor. To use the Windows `machine` executor you will need to https://circleci.com/docs/2.0/vm-service/#creating-a-windows-ami[build an image]. For more information on VM Service and creating custom AMIs for remote Docker and `machine` executor jobs, see our https://circleci.com/docs/2.0/vm-service/#section=server-administration[VM service guide].
 +
 You can preallocate instances to always be up and running, reducing the time taken for Remote Docker and `machine` executor jobs to start. If preallocation is set, a cron job will cycle through your preallocated instances once per day to prevent them getting into a bad/dead state.
 +
 CAUTION: If Docker Layer Caching (DLC) is to be used, VM preallocation should be set to `0`, forcing containers to be spun up on-demand for both `machine` and Remote Docker. It is worth noting here that if these fields are **not** set to `0` but all preallocated instances are in use, DLC will work correctly, as if preallocation was set to `0`.
 
-. If you wish to use AWS Cloudwatch or Datadog for collating metrics for your installation, set this up here. For more information see our https://circleci.com/docs/2.0/monitoring/[Monitoring guidance]:
+. **AWS Cloudwatch or Datadog Metrics** can be configured for your installation. Set either of these up in the relevant sections. For more information see our https://circleci.com/docs/2.0/monitoring/[Monitoring guidance]:
 +
 .Metrics
 image::metrics_setup.png[]
-+
-You can also customize the metrics received through Telegraf. For more on this see our https://circleci.com/docs/2.0/monitoring/#custom-metrics[Custom Metics] guide.
 
-. Artifacts persist data after a job is completed, and may be used for longer-term storage of your build process outputs. By default, CircleCI Server only allows approved types to be served. This is to protect users from uploading, and potentially executing malicious content. The **Artifacts** setting allows you to override this protection. For more information on safe/unsafe types see our https://circleci.com/docs/2.0/build-artifacts/[Build Artifacts guidance].
+. **Custom Metrics** are an alternative to Cloudwatch and Datadog metrics, you can also customize the metrics you recieve through Telegraf. For more on this see our https://circleci.com/docs/2.0/monitoring/#custom-metrics[Custom Metics] guide.
+
+. **Distributed Tracing** is used in our support bundles, and settings should remain set to default unless a change is requested by CircleCI Support.
+
+. **Artifacts** persist data after a job is completed, and may be used for longer-term storage of your build process outputs. By default, CircleCI Server only allows approved types to be served. This is to protect users from uploading, and potentially executing malicious content. The **Artifacts** setting allows you to override this protection. For more information on safe/unsafe types see our https://circleci.com/docs/2.0/build-artifacts/[Build Artifacts guidance].
 
 . After agreeing to the License Agreement and saving your settings, select Restart Now from the popup. You will then be redirected to start CircleCI and view the Management Console Dashboard. It will take a few minutes to download all of the necessary Docker containers.
 
diff --git a/jekyll/_cci2/v.2.19-overview.adoc b/jekyll/_cci2/v.2.19-overview.adoc
@@ -9,16 +9,30 @@ This document provides a summary of features and product notes for the release o
 
 ## Requirements for Upgrading
 
+WARNING: Before upgrading to 2.19.3, if you are using an IAM role scoped to a non-root path, you will need to unset the `OUTPUT_PROCESSOR_USE_NAIVE_ROLE_MAPPING` environment variable in your output processor customization script. See the https://circleci.com/docs/2.0/customizations/#service-configuration-overrides[Customizations Guide] in our documentation for more information on using customization scripts.
+
 WARNING: For AWS installs, *before upgrading* to v2.19.x, follow <<update-nomad-clients#important,this guide>> to update your nomad launch configuration.
 
-CAUTION: If at any time your organization name has been changed, there is a <<updating-server#org-rename-script,script>> that *must* be run before stating the upgrade process. If you are already running v2.18.x, you will have run this already.
+CAUTION: If you are upgrading from pre v2.18.x, and have at any time changed your organization name, there is a <<updating-server#org-rename-script,script>> that *must* be run before stating the upgrade process. If you are already running v2.18.x, you will have run this already.
 
 ## Notes and Best Practices
 
 * We now require a minimum 32GB of RAM for the Services Machine. 
 * We made some changes to our Redis configuration in v2.18. If you have externalized Redis then you’ll need to update your configuration. Please contact your Customer Success Manager if you are upgrading from pre v2.18 to v2.19.
 * We have made changes to our Postgres version and require at least postgreSQL v9.5.16. If you have externalized postgreSQL then please update to at least that version in 2.17.x before upgrading to {serverversion}.
 
+## What's New in v2.19.03
+
+* Removed the use of the depecated GitHub.com API endpoint `GET applications/%s/tokens/%s`.
+
+* Distributed tracing is now enabled by default for Server installations. Traces are used in CircleCI support bundles to improve our ability to troubleshoot Server issues. Options for the tracing sampling rate are displayed in the Replicated Management Console, but should only be changed from the default if requested by CircleCI Support.
+
+* Fixed an issue that was preventing `restore_cache` from working with the storage driver set to "none" - i.e not S3.
+
+* Fixed an issue that was preventing the `output_processor` service from using AWS AssumeRole when the role was located in a subfolder. This issue affected customers with security policies forcing the use of a subfolder in this case, and the symptoms included the inability to store artifacts or use timings-based test splitting.
+
+* JVM heap size can now be changed using the `JVM_HEAP_SIZE` environment variable for the following services: `vm-service`, `domain-service`, `permissions-service` and `federations-service`.
+
 ## What's New in v2.19.02
 
 * In the LDAP login flow we now use an anonymous form to `POST` LDAP auth state, rather than sending it as a `GET` parameter. Previously, when a user authenticated using LDAP, their username and password were sent in plaintext as part of a query parameter in a `GET` request. As requests are over HTTPS, this left usernames and passwords in request logs, etc. This issue is now fixed. 
diff --git a/jekyll/_config.yml b/jekyll/_config.yml
@@ -46,7 +46,7 @@ liquid:
 asciidoc:
   attributes:
       source-highlighter: rouge
-      serverversion: 2.19.2
+      serverversion: 2.19.3
 
 asciidoctor:
   base_dir: _cci2/
@@ -55,7 +55,7 @@ asciidoctor:
     imagesdir: /docs/assets/img/docs/
     relfileprefix: ../
     outfilesuffix: /index.html 
-    serverversion: 2.19.2
+    serverversion: 2.19.3
 
 collections:
   # this is named with an underscore because it needs to be processed
diff --git a/scripts/build_pdfs_local.sh b/scripts/build_pdfs_local.sh
@@ -4,9 +4,9 @@ OUT_DIR="release/tmp"
 
 DATE=$(date +"%m/%d/%Y")
 
-VERSION="2.19"
+VERSION="2.19.3"
 
-COMMENT="Final"
+COMMENT="DRAFT"
 
 echo "Building Ops Guide"
 
