Pivotal Application Service v2.7 Breaking Changes

Page last updated:

This topic describes the breaking changes you need to be aware of when upgrading to Pivotal Platform v2.7. For more information about important preparation steps you must follow before beginning an upgrade, see Upgrading Pivotal Platform.

Pivotal Platform

See the following Pivotal Platform breaking changes:

Pivotal Spring Cloud Services v2.0.x Not Compatible with Pivotal Platform v2.7.

Pivotal Spring Cloud Services (SCS) v2.0.x is not compatible with Pivotal Platform v2.7. You cannot upgrade to Ops Manager v2.7. or PAS v2.7. without either removing SCS v2.0.x or upgrading from SCS v2.0.x to SCS v2.1.x first.

If you need to use the p-circuit-breaker-dashboard service in SCS v2.0.x, you must upgrade SCS v2.0.x to SCS v2.1.x before you upgrade to Pivotal Platform v2.7..

If you are running SCS v3.0.x or SCS v3.1.x alongside SCS v2.0.x and do not require p-circuit-breaker-dashboard functionality, you can remove SCS v2.0.x entirely after migrating completely to SCS v3.1.x. Follow the procedure in How to Upgrade to SCS v3.1.

After you successfully remove SCS v2.0.x or upgrade to SCS v2.1.x, you can proceed with the Pivotal Platform v2.7. upgrade procedure. For more information, see Upgrading Pivotal Platform.

Pivotal Application Service (PAS)

See the following PAS breaking changes:

Incorrect HTTP(S) Proxy Configuration Breaks CredHub Interpolation for Apps in PAS v2.7.18 and Later

In PAS v2.7.18 and later, apps that have an incorrect HTTP(S) Proxy configuration fail to stage or restart due to a CredHub interpolation error.

Before you upgrade to PAS v2.7.18 or later, you must fix the HTTP(S) Proxy configuration of any impacted applications:

  1. Determine whether your apps are impacted by following the resolution procedure in Knowledgebase Article 9305.
  2. Update all impacted apps to use the recommended proxy settings that are documented in Configuring Proxy Settings for All Apps.
  3. Restart modified apps.

You Cannot Install PAS v2.7.0 or PAS v2.7.1 with External Blobstores

You cannot install or deploy PAS v2.7.0 or v2.7.1 with external blobstores. For more information, see You Cannot Install PAS v2.7.0 or v2.7.1 with External Blobstores in Pivotal Application Service v2.7 Release Notes.

Consul Clients Not Supported in PAS

The Consul server instance is removed from PAS. Tile authors must remove any Consul clients from their products to avoid failed deployments.

To remove Consul clients from your products, make the following changes to any job_type that is colocated with consul_agent:

- name: consul_agent
    release: consul
    ...
    manifest: |
      ...
      consul:
        client:
          enabled: "(( $ops_manager.dns_enabled ? false : true ))"

For more information about removing Consul clients from your products, see Tile Authors Must Remove consul_agent in Pivotal Platform v2.4 Partner Release Notes.

Do Not Edit Syslog Agent Configuration When Upgrading from PAS v2.7.6 or Earlier

If you are upgrading from PAS v2.7.6 or earlier, do not change your Syslog Agent configuration when you stage PAS v2.7.7 or later for the first time. For example, if Syslog Agents are enabled on your current version of PAS, ensure that Syslog Agents are enabled when you stage PAS v2.7.7 or later for the first time.

If you change your Syslog Agent configuration after staging and before the first deploy of PAS v2.7.7 or later, there is a significant period of log loss or log duplication while BOSH enables or disables Syslog Agents. For more information about this log loss or duplication, see Duplicate or Missing Logs in Pivotal Application Service v2.7 Release Notes.

You can edit the Syslog Agent configuration in PAS v2.7.7 or later after the first deploy. To edit your Syslog Agent configuration, see Configure System Logging in Configuring PAS.

Metadata Tags for Metrics and App Logs

Agent-based syslog egress is enabled and non-configurable in PAS v2.7.6 and earlier, but can be disabled in PAS v2.7.7 and later. Syslog Agents forward logs to Loggregator and syslog drains that you configure.

If you enable Agent-based syslog egress in PAS v2.7.7 or later, your app logs and metrics include metadata tags. Tags appear after the header of each syslog message and before the syslog message text. You must update any external monitoring configuration you use to account for the new format and tags.

The new metadata tags appear in app logs in the following format:

956 <14>1 2020-03-31T12:11:02.529497+00:00 Tax_us-uat.AI.tax-plis-blue
ec3cd4e4-baf9-456d-965a-96bcb2c61a47 [APP/PROC/WEB/0]
[tags@47450 deployment="cf-78e7a9442158adb53366" index="c57b95c6-d79f-4cfb-b7f3-08a770946b7a"
instance_id="0" ip="10.214.110.84" job="diego_cell" origin="rep"
process_id="ec3cd4e4-baf9-456d-965a-96bcb2c61a47"
process_instance_id="1cf3854e-29d8-4825-7685-11ec" process_type="web"
product="Pivotal Application Service" source_id="ec3cd4e4-baf9-456d-965a-96bcb2c61a47"
source_type="APP/PROC/WEB" system_domain="example.my-domain.io"]
2020-03-31 07:11:02.529 INFO [tax-plis,B2347215-T21118008-COWF/35558169/38311791]
--- [http-nio-8080-exec-5] c.c.b.t.p.s.p.b.BatchPostProcessor :
Report file created in 47 ms

Changed Properties and Jobs

The following PAS tile properties and PAS jobs have changed in PAS v2.7.

Before upgrading to PAS v2.7, you must update any automation scripts to remove or change references to these properties and jobs.

  • UAA properties uaadb.tls_enabled and uaadb.skip_ssl_validation

  • Syslog jobs syslog_adapter and syslog_scheduler, and property syslog_metrics_to_syslog_enabled

    • The job instance groups syslog_adapter and syslog_scheduler, and the property syslog_metrics_to_syslog_enabled are removed.
    • Agent-based syslog egress renders these items unnecessary. For more information, see Agent-Based Syslog Egress Is Enabled by Default in Pivotal Application Service v2.7 Release Notes.
  • Container networking property cf_networking_internal_domains

    • The cf_networking_internal_domains is now an array.
  • Runtime CredHub property credhub_key_encryption_passwords

    • The credhub_key_encryption_passwords property is replaced by credhub_hsm_provider_encryption_keys for HSM-resident CredHub and credhub_internal_provider_keys for internal CredHub.

Pivotal Isolation Segment

See the following Pivotal Isolation Segment breaking changes:

Incorrect HTTP(S) Proxy Configuration Breaks CredHub Interpolation for Apps in Pivotal Isolation Segment v2.7.18 and Later

In Pivotal Isolation Segment v2.7.18 and later, apps that have an incorrect HTTP(S) Proxy configuration fail to stage or restart due to a CredHub interpolation error.

Before you upgrade to Pivotal Isolation Segment v2.7.18 or later, you must fix the HTTP(S) Proxy configuration of any impacted applications:

  1. Determine whether your apps are impacted by following the resolution procedure in Knowledgebase Article 9305.
  2. Update all impacted apps to use the recommended proxy settings that are documented in Configuring Proxy Settings for All Apps.
  3. Restart modified apps.

Changed Syslog Properties and Jobs

The following Pivotal Isolation Segment tile properties and jobs have been removed in Pivotal Application Service for Windows v2.7:

  • Syslog job syslog_adapter
  • Syslog job syslog_scheduler
  • Syslog property syslog_metrics_to_syslog_enabled

Before upgrading to PAS v2.7, you must update any automation scripts to remove or change references to these properties and jobs.

These changes mirror PAS tile changes described in Changed Properties and Jobs above.

For more information, see Agent-Based Syslog Egress Is Enabled by Default in Pivotal Isolation Segment v2.7 Release Notes.

Isolation Segment Diego Cells Update Diego Securely Over Port 8447

Diego Cells deployed by the Pivotal Isolation Segment tile communicate with the Diego file server with HTTPS over port 8447. Previously, Pivotal Isolation Segment Diego Cells communicated with HTTP over port 8080 like Diego Cells deployed by the PAS tile itself.

If you use isolation segments, you must ensure that port 8447 is open on the Diego Brain file server VM, which is deployed by the PAS tile.