Updating IPsec Add-on for PCF to Run with Xenial Stemcells
Page last updated:
Pivotal Cloud Foundry (PCF) products and tiles that are released after July 2018 require Ubuntu Xenial stemcells instead of Ubuntu Trusty stemcells. You need to verify that your IPsec Add-on for PCF deployment is configured correctly to support PCF products running on Xenial.
This topic describes how to determine if your existing deployment of IPsec Add-on can be deployed to VMs that run on Xenial. This topic also explains how to update your IPsec Add-on if it does not support Xenial.
Follow the instructions on this page if you use IPsec Add-on with any PCF products or tiles that use Xenial stemcells. See Product Tiles that Use Xenial Stemcells below.
Do I Need to Modify the IPsec Add-on?
IPsec Add-on v1.9.9 runs correctly on Xenial-based VMs if the IPsec runtime config
includes the ubuntu-xenial property.
Review the following table and make any required changes before you upgrade to Xenial stemcells.
| If you are using this version of the IPsec Add-on… | do the following… |
|---|---|
| 1.9.9 | Verify that your runtime config file, ipsec-addon.yml, includes
stemcell: - os: ubuntu-trusty - os: ubuntu-xenialIf it does not, then follow the procedure, Add the Xenial Stemcell Property to IPsec Add-on below. |
| v1.9.4 and earlier | Install IPsec Add-on v1.9.9. |
If you use IPsec Add-on without adding the ubuntu-xenial property to the runtime config,
the VMs running on Xenial are not able to communicate with the rest of the system.
Product Tiles that Use Xenial Stemcells
Ensure that you have added the ubuntu-xenial property to the IPsec Add-on runtime config
before you install any product tiles that use Xenial stemcells.
For a list of PCF tile releases that now use Xenial, see Tiles Using Xenial Stemcells in PCF.
Add the Xenial Stemcell Property to the IPsec Add-on
If you use IPsec Add-on v1.9.9 without the ubuntu-xenial
property in the runtime config, then you must add it to your
existing ipsec-addon.yml and redeploy. Follow these steps:
SSH into the Ops Manager VM. For how to do this, see SSH into Ops Manager.
To retrieve and save the IPsec add-on runtime config, run the following command:
bosh -e BOSH-ENVIRONMENT runtime-config –name ipsec > /tmp/ipsec-addon.ymlWhere
BOSH-ENVIRONMENTis the alias you set for the BOSH Director.For example:
$ bosh -e my-env runtime-config –name ipsec-addon > /tmp/ipsec-addon.yml
Edit the
ipsec-addon.ymlfile to add- os: ubuntu-xenialunderproperties: {}as shown below:addons: - name: ipsec-addon jobs: - name: ipsec release: ipsec properties: {} include: stemcell: - os: ubuntu-trusty - os: ubuntu-xenialTo update the runtime config, run the following command:
bosh -e BOSH-ENVIRONMENT update-runtime-config --name=ipsec /tmp/ipsec-addon.ymlFor example:
bosh -e my-env update-runtime-config --name=ipsec-addon /tmp/ipsec-addon.yml
Navigate to the Installation Dashboard in Ops Manager.
If you are using Ops Manager v2.3 or later, click Review Pending Changes. For more information about this Ops Manager page, see Reviewing Pending Product Changes.
Click Apply Changes.