LATEST VERSION: 1.9 - CHANGELOG
IPsec Add-On for PCF v1.7

Upgrading the IPsec Add-on for PCF

Page last updated:

This topic describes how to upgrade the IPsec Add-on for PCF.

To upgrade the IPsec add-on to a later version, do the following:

  1. Retrieve the latest runtime config by running one of the following commands:

    • For Ops Manager v1.10 or earlier: bosh runtime-config > PATH-TO-SAVE-THE-RUNTIME-CONFIG
    • For Ops Manager v1.11 or later: bosh2 -e BOSH_ENVIRONMENT runtime-config > PATH-TO-SAVE-THE-RUNTIME-CONFIG
  2. Upload the latest IPsec Release:

    • For Ops Manager v1.10 or earlier: bosh upload release PATH-TO-NEW-IPSEC-RELEASE
    • For Ops Manager v1.11 or later: bosh2 -e BOSH_ENVIRONMENT upload-release PATH-TO-NEW-IPSEC-RELEASE
  3. Change the release version.

    releases:
    - {name: ipsec, version: NEW_VERSION}
    

  4. For Ops Manager v1.10 or earlier, update the runtime config by running the following command: bosh update runtime-config PATH-TO-SAVE-THE-RUNTIME-CONFIG

  5. For Ops Manager v1.11 or later, update the runtime config by doing the following:

    1. Run: bosh2 -e BOSH-ENVIRONMENT update-runtime-config --name=ipsec PATH-TO-SAVE-THE-RUNTIME-CONFIG
    2. Run: bosh2 -e BOSH-ENVIRONMENT runtime-config > /tmp/runtime-config
    3. Edit /tmp/runtime-config to remove IPsec references from the file.

      Under releases, remove:

      - name: ipsec
        version: 1.X.X
      
      Under addons, find and remove the entire block that has the ipsec job:
      - name: ipsec-addon
        jobs:
        - name: ipsec
          release: ipsec
        include:
          stemcell:
          - os: ubuntu-trusty
        properties:
          ipsec:
            optional: false
            ipsec_subnets:
            - 10.0.1.1/20
            no_ipsec_subnets:
            - 10.0.1.10/32  # bosh director
            - 10.0.1.4/32 # ops manager
            instance_certificate: |
              -----BEGIN CERTIFICATE-----
              EXAMPLExINSTANCExCERTIFICATExEXAMPLExINSTANCExCERTIFICATExxxxxxx
              ...
              -----END CERTIFICATE-----
            instance_private_key: |
              -----BEGIN EXAMPLE RSA PRIVATE KEY-----
              EXAMPLExRSAxPRIVATExKEYxDATAxEXAMPLExRSAxPRIVATExKEYxDATA
              ...
              -----END EXAMPLE RSA PRIVATE KEY-----
            ca_certificates:
              - |
                -----BEGIN CERTIFICATE-----
                EXAMPLExCAxCERTIFICATExEXAMPLExCAxCERTIFICATExEXAMPLExCAxCERTIFI
                ...
                -----END CERTIFICATE-----
              - |
                -----BEGIN CERTIFICATE-----
                CAxCERTIFICATExEXAMPLExCAxCERTIFICATExEXAMPLExCAxCERTIFICATExEXA
                ...
                -----END CERTIFICATE-----
            prestart_timeout: 30
            esp_proposals: aes128gcm16!
            ike_proposals: aes128-sha256-modp2048!
            log_level: 1
            ike_version: ike
            optional_warn_interval: 1
            force_udp_encapsulation: false
      

    4. Run: bosh2 -e BOSH-ENVIRONMENT update-runtime-config /tmp/runtime-config

  6. Navigate to your Installation Dashboard in Ops Manager.

  7. Click Apply Changes.

Create a pull request or raise an issue on the source for this page in GitHub