Open beyhan opened 1 year ago
Yea, it seems counterproductive to let people run droplets that were staged on an incompatible stack.
Funnily enough, @dsboulder and I were chatting earlier about having divergent "build" and "run" stacks, like they do with Paketo. That could help reduce the number of OS packages included in the run container.
If we do something like that in the future (maybe along with CNB support), then running with a different stack than the droplet's stack would be desirable.
Having "build" and "run" stacks will be another step into improving the hardening of the app container. The information regarding the OS on which the stacks are based on will be still available and for me it make sense to support running apps on "run" stacks which were built with "build" stacks based on the same OS version. Finding the root cause of this issue could be challenging for none experience users.
As a follow-up to my comment above, we ended up making it so a single stack can use different run and build rootFSs: https://v3-apidocs.cloudfoundry.org/version/3.164.0/index.html#the-stack-object. This is an alternative to using differnt stacks for run & build, which makes it easier to enforce compatibility.
Issue
Using the CF APIs it is possible to launch an application droplet with a CF
stack
which is different than thestack
supported by the buildpack used to produce the droplet.Steps to Reproduce
Prerequisite is a CF offering two different stacks. E.g.
cflinuxfs3
andcflinuxfs4
. For the steps below we want to switch an application from thecflinuxfs3
tocflinuxfs4
stack.cf curl "/v3/packages?app_guids=<app-guid>&order_by=-created_at&states=READY"
cflinuxfs4
stack and the corresponding buildpack supporting thecflinuxfs4
stack:cf curl "/v3/builds/<build-guid>"
cf curl "/v3/apps/<guid>/actions/stop" -X POST"
cf curl "/v3/apps/[guid]/actions/restart" -X POST"
Expected result
CF restart request fails because the current stack of the application configured in its lifecycle is
cflinuxfs3
but the current droplet is built for thecflinuxfs4
stack.Current result
The application is restarted with its configured stack which is
cflinuxfs3
and e.g. node apps are crashing with strange errors like:This is happening because the droplet has dependencies to the CF
stack
and they can't be resolved.Possible Fix
Possible fix could be to reject such a start/restart request when the droplet stack is different than the app lifecycle stack. Such an error is happening when you try to push an app with a buildpack which doesn't support the current lifecycle stack of the app: