Ops Manager v2.10 Release Notes

Page last updated:

This topic contains release notes for VMware Tanzu Operations Manager v2.10.

Ops Manager v2.10 is the long-term supported (LTS) version of Ops Manager. For more information, see Long-Term Support for Ops Manager v2.10. Starting with v2.10.2, you can jump upgrade directly from previous versions of Ops Manager to the long-term support (LTS) version of Ops Manager. For more information, see Jump Upgrading to Ops Manager v2.10.

For the feature highlights of this release, read the blog post VMware Tanzu Application Service 2.10 Adds New CLI, Eases Upgrades with More Flexible Control Plane or see New Features in Ops Manager v2.10.

Ops Manager is certified by the Cloud Foundry Foundation for 2022.

For more information about the Cloud Foundry Certified Provider Program, see How Do I Become a Certified Provider? on the Cloud Foundry website.


Releases

v2.10.50

Release Date: November 19, 2022

Warning: This release includes a new version of System Metrics, which will cause all VMs to redeploy.
  • [Bug Fix] WildcardDomainResolver should not cause timeouts when remote DNS server is unresponsive
  • [Feature] Improve UI feedback when deleting unused products
Component Version
Tanzu Ops Manager2.10.50-build.622*
Stemcell (Bosh Director and Ops Manager)621.330*
BBR SDK1.18.58*
BOSH Director273.1.2*
BOSH DNS1.34.0
Metrics Server0.1.8*
System Metrics2.2.2*
CredHub2.12.14*
CredHub Maestro8.0.7
Syslog11.8.5*
Windows Syslog1.1.11*
UAA74.5.58*
BPM1.1.19
Networking9
OS Conf22.1.2
AWS CPI95*
Azure CPI41.0.0*
Google CPI45.0.0
OpenStack CPI51*
vSphere CPI87*
BOSH CLI7.0.1
Credhub CLI2.9.8*
BBR CLI1.9.38
Telemetry1.2.4
* Components marked with an asterisk have been updated.

v2.10.49

Release Date: November 02, 2022

  • [Bug Fix] Metrics server should continue to accept old leaf certificate for mutual TLS during a CA rotation
Component Version
Tanzu Ops Manager2.10.49-build.594*
Stemcell (Bosh Director and Ops Manager)621.305
BBR SDK1.18.56*
BOSH Director273.1.1
BOSH DNS1.34.0
Metrics Server0.1.7
System Metrics2.0.18
CredHub2.12.12
CredHub Maestro8.0.7
Syslog11.8.0
Windows Syslog1.1.10
UAA74.5.56*
BPM1.1.19
Networking9
OS Conf22.1.2
AWS CPI94
Azure CPI40.0.0
Google CPI45.0.0
OpenStack CPI50
vSphere CPI85*
BOSH CLI7.0.1
Credhub CLI2.9.7
BBR CLI1.9.38
Telemetry1.2.4
* Components marked with an asterisk have been updated.

v2.10.48

Release Date: October 27, 2022

Warning: This release includes a new version of BOSH DNS, which will cause all VMs to redeploy.
Warning: This release contains a new end-user license agreement which must be manually accepted when downloading the release binaries from Tanzu Network.
  • [Feature] Improve accessibility within Ops Manager UI
  • [Known Issue Fix] Upgrading from below Ops Manager v2.10.9 should not default to using the Policy API for NSX-T on vSphere
  • [Known Issue Fix] The issue beginning in 2.10.41 that caused some Ops Manager users to experience slow VM creation times has been resolved with the vSphere CPI included in this release
Component Version
Tanzu Ops Manager2.10.48-build.590*
Stemcell (Bosh Director and Ops Manager)621.305*
BBR SDK1.18.55*
BOSH Director273.1.1*
BOSH DNS1.34.0*
Metrics Server0.1.7*
System Metrics2.0.18
CredHub2.12.12*
CredHub Maestro8.0.7*
Syslog11.8.0
Windows Syslog1.1.10*
UAA74.5.55*
BPM1.1.19
Networking9
OS Conf22.1.2
AWS CPI94
Azure CPI40.0.0
Google CPI45.0.0*
OpenStack CPI50*
vSphere CPI81*
BOSH CLI7.0.1
Credhub CLI2.9.7*
BBR CLI1.9.38
Telemetry1.2.4
* Components marked with an asterisk have been updated.

v2.10.47

Release Date: September 28, 2022

  • [Bug Fix] OpsManager correctly removes temporary files created during an export
  • [Known Issue Fix] Fixes a bug preventing Azure configurations from being correctly saved/deployed when Storage Accounts are used for Cloud Storage (problem introduced in 2.10.44)
  • [Known Issue] vSphere deployments may create VMs much more slowly than OpsManager versions prior to 2.10.41 if there are multiple datastores attached to the target AZs.
Component Version
Tanzu Ops Manager2.10.47-build.562*
Stemcell (Bosh Director and Ops Manager)621.280*
BBR SDK1.18.53*
BOSH Director273.1.0
BOSH DNS1.31.0
Metrics Server0.1.6*
System Metrics2.0.18
CredHub2.12.9*
CredHub Maestro8.0.4
Syslog11.8.0
Windows Syslog1.1.9*
UAA74.5.51*
BPM1.1.19*
Networking9
OS Conf22.1.2
AWS CPI94*
Azure CPI40.0.0*
Google CPI44.0.0*
OpenStack CPI49*
vSphere CPI80*
BOSH CLI7.0.1
Credhub CLI2.9.4*
BBR CLI1.9.38*
Telemetry1.2.4
* Components marked with an asterisk have been updated.

v2.10.46

Release Date: August 25, 2022

Warning: This release includes an unintended breaking change. When upgrading from Ops Manager versions before 2.10.9 on vSphere, the NSX-T Policy API mode will be enabled by default. Customers that are not using the NSX-T Policy API will need to uncheck the “Use NSX-T Policy API” checkbox on the vSphere Config page, or set the `nsx_t_use_policy_api` API field to false. This issue will be fixed in a later patch.
  • [Feature] Ops Manager generated leaf certificates includes the keyEncipherment extension
  • [Change] New installs of OM on vSphere default to use policy-api
  • [Bug Fix] Upgrading stemcell, then upgrading Ops Manager to version that does not include that stemcell does not fail
  • [Bug Fix] UI Fixes:
    • Datastore cluster/datastore configuration form fields have been adjusted for clarity.
    • Expired certificates do not display negative values for “expires in”
  • [Known Issue] Azure configurations cannot be correctly saved/deployed when Storage Accounts are used for Cloud Storage (this issue first appears in OpsManager 2.10.44)
  • [Known Issue] vSphere deployments may create VMs much more slowly than OpsManager versions prior to 2.10.41 if there are multiple datastores attached to the target AZs.
Component Version
Tanzu Ops Manager2.10.46-build.541*
Stemcell (Bosh Director and Ops Manager)621.265*
BBR SDK1.18.50*
BOSH Director273.1.0*
BOSH DNS1.31.0
Metrics Server0.1.5*
System Metrics2.0.18
CredHub2.12.8*
CredHub Maestro8.0.4*
Syslog11.8.0
Windows Syslog1.1.8*
UAA74.5.48*
BPM1.1.18
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI39.0.0*
Google CPI43.0.0
OpenStack CPI48*
vSphere CPI79*
BOSH CLI7.0.1
Credhub CLI2.9.3
BBR CLI1.9.37*
Telemetry1.2.4*
* Components marked with an asterisk have been updated.

v2.10.45

Release Date: July 27, 2022

Warning: This release includes a new version of System Metrics, which will cause all VMs to redeploy.
  • [Fix] BOSH task cleanup occurs daily (rather than weekly). This change may alleviate issues seen in deployments where the BOSH Director runs tasks frequently (e.g. for monitoring).
  • [Known Issue] Azure configurations cannot be correctly saved/deployed when Storage Accounts are used for Cloud Storage (this issue first appears in OpsManager 2.10.44)
  • [Known Issue] vSphere deployments may create VMs much more slowly than OpsManager versions prior to 2.10.41 if there are multiple datastores attached to the target AZs.
Component Version
Tanzu Ops Manager2.10.45-build.512*
Stemcell (Bosh Director and Ops Manager)621.256
BBR SDK1.18.47*
BOSH Director272.6.0
BOSH DNS1.31.0
Metrics Server0.1.4*
System Metrics2.0.18*
CredHub2.12.6
CredHub Maestro8.0.3
Syslog11.8.0
Windows Syslog1.1.7
UAA74.5.46
BPM1.1.18
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI43.0.0
OpenStack CPI47*
vSphere CPI76
BOSH CLI7.0.1
Credhub CLI2.9.3
BBR CLI1.9.35*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.44

Release Date: July 14, 2022

  • [Security Fix] Remediated CVE-2022-23923 in the tile JavaScript migration process.
  • [Known Issue] Azure configurations cannot be correctly saved/deployed when Storage Accounts are used for Cloud Storage (this issue first appears in OpsManager 2.10.44)
  • [Known Issue] vSphere deployments may create VMs much more slowly than OpsManager versions prior to 2.10.41 if there are multiple datastores attached to the target AZs.
Component Version
Tanzu Ops Manager2.10.44-build.502*
Stemcell (Bosh Director and Ops Manager)621.256*
BBR SDK1.18.46*
BOSH Director272.6.0*
BOSH DNS1.31.0
Metrics Server0.1.3
System Metrics2.0.17
CredHub2.12.6*
CredHub Maestro8.0.3
Syslog11.8.0*
Windows Syslog1.1.7*
UAA74.5.46*
BPM1.1.18
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI43.0.0
OpenStack CPI46
vSphere CPI76*
BOSH CLI7.0.1
Credhub CLI2.9.3
BBR CLI1.9.34*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.43

Release Date: June 16, 2022

  • [Known Issue Fix] Certificates endpoint no longer returns a 500 error due to “nested asn” error. Issue is introduced in v2.10.40.
  • [Known Issue Fix] Deleting VM types using the API endpoint is allowed even when VMs are deployed with those types. Issue is introduced in v2.10.40.
  • [Known Issue Fix] Content-Security-Policy header should not prevent users logging in with SAML. Issue is introduced in v2.10.40.
  • [Known Issue] vSphere deployments may create VMs much more slowly than OpsManager versions prior to 2.10.41 if there are multiple datastores attached to the target AZs.
Component Version
Tanzu Ops Manager2.10.43-build.494*
Stemcell (Bosh Director and Ops Manager)621.251*
BBR SDK1.18.43
BOSH Director272.5.0
BOSH DNS1.31.0
Metrics Server0.1.3
System Metrics2.0.17
CredHub2.12.5
CredHub Maestro8.0.3
Syslog11.7.11
Windows Syslog1.1.6
UAA74.5.41
BPM1.1.18
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI43.0.0
OpenStack CPI46
vSphere CPI74
BOSH CLI7.0.1
Credhub CLI2.9.3
BBR CLI1.9.32
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.42

Release Date: June 11, 2022

  • [Known Issue Fix] The expiring certificates API should not return a 500 status error when syslog certificates are not configured. Issue is introduced in v2.10.40.
  • [Known Issue Fix] The VM type deletion API endpoint should not return a 500 status error. Issue is introduced in v2.10.40.
  • [Known Issue] vSphere deployments may create VMs much more slowly than OpsManager versions prior to 2.10.41 if there are multiple datastores attached to the target AZs.
Component Version
Tanzu Ops Manager2.10.42-build.491*
Stemcell (Bosh Director and Ops Manager)621.245
BBR SDK1.18.43*
BOSH Director272.5.0
BOSH DNS1.31.0
Metrics Server0.1.3
System Metrics2.0.17
CredHub2.12.5
CredHub Maestro8.0.3
Syslog11.7.11
Windows Syslog1.1.6
UAA74.5.41
BPM1.1.18
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI43.0.0
OpenStack CPI46
vSphere CPI74
BOSH CLI7.0.1
Credhub CLI2.9.3
BBR CLI1.9.32*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.41

Release Date: June 07, 2022

  • [Bug Fix] The BOSH Director would fail to deploy if the persistent disk still contained the postgres 9 data directory. This data has not been in use since Ops Manager 2.4, but there was no automated cleanup process.
  • [Known Issue] The expiring certificates API endpoint will return a 500 status error for customers that have the syslog feature configured without entering an SSL certificate. Additionally, attempting to generate a support bundle will return an error. To workaround this issue, see Support bundle download gives error undefined method strip and Ops Manager certificate pane does not load
  • [Known Issue] Deleting custom VM types using the API always returns a 500 status error.
  • [Known Issue] vSphere deployments may create VMs much more slowly than OpsManager versions prior to 2.10.41 if there are multiple datastores attached to the target AZs.
Component Version
Tanzu Ops Manager2.10.41-build.487*
Stemcell (Bosh Director and Ops Manager)621.245
BBR SDK1.18.42
BOSH Director272.5.0*
BOSH DNS1.31.0
Metrics Server0.1.3
System Metrics2.0.17
CredHub2.12.5
CredHub Maestro8.0.3
Syslog11.7.11*
Windows Syslog1.1.6
UAA74.5.41
BPM1.1.18
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI43.0.0
OpenStack CPI46
vSphere CPI74
BOSH CLI7.0.1
Credhub CLI2.9.3
BBR CLI1.9.31
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.40

Release Date: June 03, 2022

Warning:

There is a known issue with the BOSH Director when upgrading from an Ops Manager installation that was created before March of 2019. If your Ops Manager installation was originally created before 2.5.0, even if you are now on a current patch, you should not upgrade to 2.10.40.

This issue has been resolved in 2.10.41.

Warning: This release includes a new version of System Metrics, which will cause all VMs to redeploy.
  • [Feature] The Certificates page and expiring certificates API endpoint now include configurable certificates that were not previously displayed. The new certificates include IaaS and trusted certificates within the BOSH Director tile, the Ops Manager SSL certificate, syslog certificates, and certificates in plain-text fields within other tiles. After upgrading to this patch, the expiring certificates warning banner may appear if any of these certificates are close to their expiration date.
  • [Feature] Allow users to select a stemcell for the BOSH Director tile. This allows you to redeploy the BOSH Director with newer stemcells without upgrading to a new Ops Manager patch. Users still need to upgrade to the latest Ops Manager patch to receive CVE fixes for the Ops Manager VM itself.
  • [Feature] Add Content-Security-Policy headers are returned when accessing Ops Manager. These headers replace the previously used X-XSS-Protection headers to protect against cross-site scripting attacks.
  • [Feature] Ops Manager no longer deploys the deprecated BOSH registry on the BOSH Director.
  • [Bug Fix] The BOSH Director on vSphere uses the selected CPI config instead of first CPI config.
  • [Bug Fix] Deleting in-use custom VM types no longer causes Ops Manager to return 500 status code errors until you restart it.
  • [Bug Fix] Tile properties that have been frozen due to a deploy now remain frozen after upgrading that tile.
  • [Bug Fix] Principal Identity (certificate-based) authentication for NSX-T works when Policy API mode is activated.
  • [Bug Fix] BOSH Health Monitor will no longer continue to report that a VM is unresponsive after it has been deleted.
  • [Known Issue] The expiring certificates API endpoint will return a 500 status error for customers that have the syslog feature configured without entering an SSL certificate. Additionally, attempting to generate a support bundle will return an error. To workaround this issue, see Support bundle download gives error undefined method strip and Ops Manager certificate pane does not load
  • [Known Issue] Deleting custom VM types using the API always returns a 500 status error.
Component Version
Tanzu Ops Manager2.10.40-build.482*
Stemcell (Bosh Director and Ops Manager)621.245*
BBR SDK1.18.42*
BOSH Director272.4.0*
BOSH DNS1.31.0
Metrics Server0.1.3
System Metrics2.0.17*
CredHub2.12.5*
CredHub Maestro8.0.3
Syslog11.7.10*
Windows Syslog1.1.6*
UAA74.5.41*
BPM1.1.18*
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI43.0.0
OpenStack CPI46
vSphere CPI74*
BOSH CLI7.0.1*
Credhub CLI2.9.3
BBR CLI1.9.31*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.39

Release Date: April 25, 2022

Warning: This release includes a new version of System Metrics, which will cause all VMs to redeploy.
  • [Bug Fix] Changes to /api/v0/installation_asset_collection in 2.10.37 were inconsistent with Ops Manager RBAC documentation. The endpoint is now unavailable for users without access to view credentials.
  • [Feature] Allow users to downgrade stemcells for Tiles. This will make it easier to recover from a stemcell/Tile compatibility problem.
Component Version
Tanzu Ops Manager2.10.39-build.450*
Stemcell (Bosh Director and Ops Manager)621.236*
BBR SDK1.18.39*
BOSH Director271.20.0
BOSH DNS1.31.0
Metrics Server0.1.3*
System Metrics2.0.14*
CredHub2.9.9
CredHub Maestro8.0.3
Syslog11.7.8*
Windows Syslog1.1.5*
UAA74.5.37
BPM1.1.17*
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI43.0.0*
OpenStack CPI46
vSphere CPI73
BOSH CLI6.4.17
Credhub CLI2.9.3
BBR CLI1.9.28*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.38 - Withdrawn

Release Date: April 09, 2022

Warning:

This release has been removed from VMware Tanzu Network because it included an unpublished stemcell. This stemcell is testing new security enhancements and we have had reports of issues with Tanzu Application Service diego cell VMs becoming unresponsive. If you are experiencing problems caused by the 621.230 stemcell, please upgrade to Ops Manager 2.10.39.

This release is primarily intended for OpenStack users as images are not available for 2.10.37. There are no major functionality changes in this release.

  • [Bug Fix] Update dependencies in systemd config for the Ops Manager VM. This was causing error messages to appear in /var/log/syslog
Component Version
Tanzu Ops Manager2.10.38-build.448*
Stemcell (Bosh Director and Ops Manager)621.230*
BBR SDK1.18.38*
BOSH Director271.20.0
BOSH DNS1.31.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.3
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.37
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI42.0.0
OpenStack CPI46
vSphere CPI73
BOSH CLI6.4.17
Credhub CLI2.9.3
BBR CLI1.9.27
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.37

Release Date: April 06, 2022

  • [Security Fix] This release addresses CVE-2022-22965. We now consider this update necessary for secure operation, and recommend installation ASAP. We previously believed this was fixed in 2.10.35 but further investigation found it was not.
  • [Known Issue] OpenStack images are currently unavailable for 2.10.37. It’s recommended to follow the workaround instructions for OpenStack environments until we are able to publish the updated image.
  • [Breaking Change] [Security Fix] Restricted View users can no longer access the /api/v0/installation_asset_collection API endpoint. The output contains hashed credentials.
  • [Known Issue] Full View users cannot access the /api/v0/installation_asset_collection API endpoint.
Component Version
Tanzu Ops Manager2.10.37-build.445*
Stemcell (Bosh Director and Ops Manager)621.224
BBR SDK1.18.36
BOSH Director271.20.0
BOSH DNS1.31.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.3
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.37*
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI42.0.0
OpenStack CPI46
vSphere CPI73
BOSH CLI6.4.17
Credhub CLI2.9.3
BBR CLI1.9.27*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.36

Release Date: April 01, 2022

  • [Known Issue] This release is impacted by CVE-2022-22965. Please upgrade to 2.10.37 or higher.
  • [Known Issue Fix] Reverts Azure CPI to v38 to address a bug that required internet connectivity.
Component Version
Tanzu Ops Manager2.10.36-build.441*
Stemcell (Bosh Director and Ops Manager)621.224
BBR SDK1.18.36
BOSH Director271.20.0
BOSH DNS1.31.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.3
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.36
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0*
Google CPI42.0.0
OpenStack CPI46
vSphere CPI73
BOSH CLI6.4.17
Credhub CLI2.9.3
BBR CLI1.9.26
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.35

Release Date: April 01, 2022

  • [Known Issue] This release originally addressed CVE-2022-22965. After additional investigation we found this vulnerability still exists. Please upgrade to 2.10.37 or higher.
  • [Known Issue] On Azure, BOSH may fail to deploy if it does not have internet access due to a problem with Azure CPI v39.
Component Version
Tanzu Ops Manager2.10.35-build.439*
Stemcell (Bosh Director and Ops Manager)621.224
BBR SDK1.18.36
BOSH Director271.20.0
BOSH DNS1.31.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.3
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.36*
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI39.0.0*
Google CPI42.0.0
OpenStack CPI46
vSphere CPI73
BOSH CLI6.4.17
Credhub CLI2.9.3
BBR CLI1.9.26
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.34

Release Date: March 28, 2022

Warning: Ops Manager v2.10.33 included a new version of BOSH DNS that requires Ops Manager to redeploy all VMs. For important information, see v2.10.33 below.
Component Version
Tanzu Ops Manager2.10.34-build.436*
Stemcell (Bosh Director and Ops Manager)621.224*
BBR SDK1.18.36*
BOSH Director271.20.0
BOSH DNS1.31.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.3
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.35
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI42.0.0
OpenStack CPI46
vSphere CPI73*
BOSH CLI6.4.17
Credhub CLI2.9.3
BBR CLI1.9.26*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.33

Release Date: March 07, 2022

Warning: This release includes a new version of BOSH DNS that requires Ops Manager to redeploy all VMs.

This version of BOSH DNS requires every BOSH DNS certificate to have a Subject Alternative Name (SAN). A migration was introduced in Ops Manager v2.10.9 to add SANs to these certificates. Upgrade to v2.10.9 or later and do an **Apply Changes** on all VMs before you upgrade to this patch. If you do not complete this migration first, you might experience BOSH DNS resolution issues until the change is rolled out to all VMs.

To check whether the migration has been succesfully run on all VMs, see How to Verify Bosh DNS Certificates Have Correct SAN Fields.
  • [Feature] Certificate rotation procedures appear on the Certificates page and API endpoint
  • [Feature] The Certificates page can be filtered by both expiration date and rotation procedure
  • [Feature] Added support for Jammy Jellyfish (Ubuntu 22.04) stemcells.
Component Version
Tanzu Ops Manager2.10.33-build.426*
Stemcell (Bosh Director and Ops Manager)621.211
BBR SDK1.18.35*
BOSH Director271.20.0
BOSH DNS1.31.0*
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.3
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.35
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI42.0.0*
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.17
Credhub CLI2.9.3
BBR CLI1.9.25
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.32

Release Date: February 25, 2022

  • [Bug Fix] An additional BOSH CLI issue introduced in v2.10.28 is resolved in this release. This issue caused deployment failures if a tile used a BOSH release with source packages that shared some packages with a BOSH release that was already uploaded to the BOSH Director. This was most commonly seen in BOSH releases for Windows components.
Component Version
Tanzu Ops Manager2.10.32-build.420*
Stemcell (Bosh Director and Ops Manager)621.211
BBR SDK1.18.34
BOSH Director271.20.0
BOSH DNS1.30.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.3*
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.35*
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.17*
Credhub CLI2.9.3
BBR CLI1.9.25*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.31

Release Date: February 23, 2022

  • [Bug Fix] Ops Manager pre_deploy_check fails on vSphere
Component Version
Tanzu Ops Manager2.10.31-build.414*
Stemcell (Bosh Director and Ops Manager)621.211*
BBR SDK1.18.34*
BOSH Director271.20.0
BOSH DNS1.30.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.2
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.34
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.16
Credhub CLI2.9.3
BBR CLI1.9.24
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.30

Release Date: February 16, 2022

  • [Known Issue] The API endpoint /api/v0/staged/director/pre_deploy_check fails in vSphere environments with an Internal Server Error.
  • [Bug Fix] An additional BOSH CLI issue introduced in v2.10.28 is resolved in this release. This issue caused deployment failures if a tile used a BOSH release with source packages that shared some packages with a BOSH release that was already uploaded to the BOSH Director.
  • [Bug Fix] BOSH deployments failing when enabling Spot Instances with VM Extensions is resolved in this release.
  • [Feature] The BOSH Blobstore is configured to allow TLS communication only. Communication was previously done via TLS, but non-TLS requests were still allowed.
Component Version
Tanzu Ops Manager2.10.30-build.408*
Stemcell (Bosh Director and Ops Manager)621.208
BBR SDK1.18.33
BOSH Director271.20.0
BOSH DNS1.30.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.2
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.34
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.16*
Credhub CLI2.9.3
BBR CLI1.9.24
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.29

Release Date: February 11, 2022

  • [Known Issue] The API endpoint /api/v0/staged/director/pre_deploy_check fails in vSphere environments with an Internal Server Error.
  • [Bug Fix] The UAA issue introduced in v2.10.27 causing UAA startup to fail on air-gapped environments is resolved in this release.
  • [Bug Fix] An additional BOSH CLI issue introduced in v2.10.27 is resolved in this release. This issue caused deployment failures if a BOSH release that includes compiled packages was uploaded, and an identical BOSH release that includes source packages already existed on the BOSH Director.
Component Version
Tanzu Ops Manager2.10.29-build.402*
Stemcell (Bosh Director and Ops Manager)621.208*
BBR SDK1.18.33
BOSH Director271.20.0
BOSH DNS1.30.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.2*
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.34*
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93
Azure CPI38.0.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.15*
Credhub CLI2.9.3*
BBR CLI1.9.24
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.28

Release Date: February 04, 2022

  • [Known Issue] UAA fails to start in air-gapped Ops Manager environments.
  • [Known Issue] The API endpoint /api/v0/staged/director/pre_deploy_check fails in vSphere environments with an Internal Server Error.
  • [Bug Fix] The BOSH CLI issue introduced in v2.10.27 is resolved in this release.
  • [Feature] The Azure CPI has been updated to allow load balancers to be specified using an array of hashes. This is not available in the UI, but can be configured manually with BOSH.
Component Version
Tanzu Ops Manager2.10.28-build.393*
Stemcell (Bosh Director and Ops Manager)621.198
BBR SDK1.18.33*
BOSH Director271.20.0
BOSH DNS1.30.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.33
BPM1.1.16
Networking9
OS Conf22.1.2
AWS CPI93*
Azure CPI38.0.0*
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.14*
Credhub CLI2.9.1
BBR CLI1.9.24*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.27

Release Date: February 02, 2022

  • [Known Issue] UAA fails to start in air-gapped Ops Manager environments.
  • [Known Issue] The BOSH CLI included on the Ops Manager VM can cause deployment failures in certain circumstances. If a BOSH release that includes compiled packages is uploaded, and an identical BOSH release that includes source packages already exists on the BOSH Director, the deployment might fail. If you run into this situation, please contact support.
  • [Known Issue] The API endpoint /api/v0/staged/director/pre_deploy_check fails in vSphere environments with an Internal Server Error.

  • [Security Fix] Upgrades the Ops Manager PostgreSQL to 13.5 and the BOSH Director PostgreSQL to 10.19 to fix a potential MITM vulnerability. (CVE-2021-23214)

  • [Bug Fix] For Azure deployments, Ops Manager correctly respects the storage type you set in the UI.

  • [Bug Fix] For vSphere deployments, Ops Manager does not generate a Too many open file handles error due to open vCenter connections.

  • [Feature] BOSH Director templating rendering speed up for large deployments.

Component Version
Tanzu Ops Manager2.10.27-build.387*
Stemcell (Bosh Director and Ops Manager)621.198*
BBR SDK1.18.32*
BOSH Director271.20.0*
BOSH DNS1.30.0
Metrics Server0.1.2
System Metrics2.0.13
CredHub2.9.9
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.33*
BPM1.1.16*
Networking9
OS Conf22.1.2
AWS CPI92
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.13*
Credhub CLI2.9.1
BBR CLI1.9.22*
Telemetry1.2.2
* Components marked with an asterisk have been updated.

v2.10.26

Release Date: January 13, 2022

  • [Bug Fix] Ops Manager OpenAPI documentation fixes:
    • Sample URLs in the documentation no longer have a duplicate and erroneous “/api/v0” component in their path.
    • The hostname in the URLs is corrected and is no longer “{opsmanager-installation}}”.
    • The warning in the API documentation about unsupported parallel API calls is clearer. Additional words added to mention that calls made by different users, but at the same time are just as unsupported as calls by the same user.
  • [Bug Fix] Includes BOSH Director v271.18.0. This fixes the incorrect handling of the NO_PROXY setting in Ops Manager that might have been introduced in Ops Manager v2.10.16. You can now enter hosts in the No Proxy field of the Ops Manager’s Proxy Settings dialog and have Ops Manager, BOSH, and BOSH-deployed VMs reach out to those hosts directly.
Component Version
Tanzu Ops Manager2.10.26-build.365*
Stemcell (Bosh Director and Ops Manager)621.196*
BBR SDK1.18.31*
BOSH Director271.18.0*
BOSH DNS1.30.0
Metrics Server0.1.2*
System Metrics2.0.13
CredHub2.9.9*
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.31*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI92
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.11*
Credhub CLI2.9.1
BBR CLI1.9.21*
Telemetry1.2.2*
* Components marked with an asterisk have been updated.

v2.10.25

Release Date: December 22, 2021

  • [Security Fix] Upgrades the included versions of CredHub and UAA to fix a potential Denial of Service vulnerability caused by Log4j2. (CVE-2021-45105)
Component Version
Tanzu Ops Manager2.10.25-build.362*
Stemcell (Bosh Director and Ops Manager)621.192*
BBR SDK1.18.29
BOSH Director271.17.0
BOSH DNS1.30.0
Metrics Server0.1.1*
System Metrics2.0.13
CredHub2.9.8*
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.30*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI92*
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.8
Credhub CLI2.9.1
BBR CLI1.9.20
Telemetry1.2.1
* Components marked with an asterisk have been updated.

v2.10.24

Release Date: December 16, 2021

Warning:

See the following warnings:

  • [Security Fix] Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
Component Version
Tanzu Ops Manager2.10.24-build.360*
Stemcell (Bosh Director and Ops Manager)621.183
BBR SDK1.18.29
BOSH Director271.17.0
BOSH DNS1.30.0
Metrics Server0.1.0
System Metrics2.0.13
CredHub2.9.7*
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.29*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI91
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.8
Credhub CLI2.9.1
BBR CLI1.9.20
Telemetry1.2.1
* Components marked with an asterisk have been updated.

v2.10.23

Release Date: December 12, 2021

Warning: This patch upgrades components using Log4j to version 2.15 in order to mitigate CVE-2021-44228. VMware recommends upgrading to Ops Manager v2.10.24, which uses Log4j version 2.16 instead. If you are unable to upgrade, you can mitigate this CVE manually. See Instructions to address CVE-2021-44228 in Tanzu Operations Manager.

  • [Incomplete Security Fix] Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
  • [Feature] Allow configuration of OM UAA’s password policies
  • [Feature] Allow operators to require IMDSv2 in AWS. For more information, see Enable IMDSv2 in Ops Manager.
Component Version
Tanzu Ops Manager2.10.23-build.356*
Stemcell (Bosh Director and Ops Manager)621.183*
BBR SDK1.18.29*
BOSH Director271.17.0
BOSH DNS1.30.0*
Metrics Server0.1.0
System Metrics2.0.13*
CredHub2.9.6*
CredHub Maestro8.0.1
Syslog11.7.7*
Windows Syslog1.1.4*
UAA74.5.28*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI91
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.8
Credhub CLI2.9.1
BBR CLI1.9.20*
Telemetry1.2.1
* Components marked with an asterisk have been updated.

v2.10.22

Release Date: November 29, 2021

  • [Feature] The IMDS Hop Limit can now be configured on AWS. See the metadata_options property on the bosh.io AWS CPI documentation
  • [Bug Fix] Ops Manager does not re-apply Identification Tags to VMs on every deploy. This issue was introduced in v2.10.20. The tags must be applied one final time for any VMs deployed using Ops Manager v2.10.20 or v2.10.21.
  • [Bug Fix] Ops Manager scales the maximum database connections on the BOSH Director database with the number of BOSH workers specified. Previously, scaling the workers could lead to running out of database connections.
Component Version
Tanzu Ops Manager2.10.22-build.344*
Stemcell (Bosh Director and Ops Manager)621.176*
BBR SDK1.18.28*
BOSH Director271.17.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.5
CredHub Maestro8.0.1
Syslog11.7.6
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI91*
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72*
BOSH CLI6.4.8*
Credhub CLI2.9.1
BBR CLI1.9.19*
Telemetry1.2.1*
* Components marked with an asterisk have been updated.

v2.10.21

Release Date: November 10, 2021

  • [Feature] Operators can clear the default trusted certificates store on BOSH-deployed VMs.
  • [Feature] Operators can specify trusted certificates for use with S3-compatible blobstores.
  • [Bug Fix] Root disks in AWS respect the AWS EBS disk type setting.
  • [Known Issue] If you use Identification Tags, Ops Manager re-applies the tags on every deploy. This does not cause the VMs to be restarted, but causes slow deployments.
Component Version
Tanzu Ops Manager2.10.21-build.330*
Stemcell (Bosh Director and Ops Manager)621.171
BBR SDK1.18.26*
BOSH Director271.15.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.5
CredHub Maestro8.0.1
Syslog11.7.6*
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI90*
Azure CPI37.6.0
Google CPI41.0.0*
OpenStack CPI46
vSphere CPI70
BOSH CLI6.4.7
Credhub CLI2.9.1
BBR CLI1.9.17
Telemetry1.2.0
* Components marked with an asterisk have been updated.

v2.10.20

Release Date: November 2, 2021

  • [Feature] Operators can rotate CAs without having to re-create affected VMs. This requires stemcells Xenial 621.171 or later and Windows 2019.41 or later. For more information, see Rotating CAs and Leaf Certificates.
  • [Feature] Include uaa.log files in support bundle.
  • [Known Issue] If Prometheus alerting rules are configured on this version of Ops Manager, Healthwatch versions 2.0.0 to 2.1.4 fail to deploy.
  • [Known Issue] If you use Identification Tags, Ops Manager re-applies the tags on every deploy. This does not cause the VMs to be restarted, but causes slow deployments.
Component Version
Tanzu Ops Manager2.10.20-build.323*
Stemcell (Bosh Director and Ops Manager)621.171*
BBR SDK1.18.23*
BOSH Director271.14.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.5*
CredHub Maestro8.0.1
Syslog11.7.5
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.15*
Networking9
OS Conf22.1.2*
AWS CPI89
Azure CPI37.6.0
Google CPI40.0.5*
OpenStack CPI46*
vSphere CPI70
BOSH CLI6.4.7
Credhub CLI2.9.1
BBR CLI1.9.17*
Telemetry1.2.0*
* Components marked with an asterisk have been updated.

v2.10.19

Release Date: October 12, 2021

  • [Feature] Operators can choose between gp2 and gp3 for the default AWS disk type.
  • [Feature] Operators can override certificate durations. See Override Duration for Certificates below.
  • [Feature] Operators can configure additional SSH users on the BOSH Director.
  • [Feature] The BOSH Director accepts TLS v1.2 connections only.
  • [Known Issue] If Prometheus alerting rules are configured on this version of Ops Manager, Healthwatch versions 2.0.0 to 2.1.4 fail to deploy.
Component Version
Tanzu Ops Manager2.10.19-build.314*
Stemcell (Bosh Director and Ops Manager)621.160*
BBR SDK1.18.21*
BOSH Director271.11.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.4*
CredHub Maestro8.0.1
Syslog11.7.5
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.14*
Networking9
OS Conf22.1.1
AWS CPI89*
Azure CPI37.6.0
Google CPI40.0.4
OpenStack CPI45
vSphere CPI70
BOSH CLI6.4.7
Credhub CLI2.9.1*
BBR CLI1.9.16*
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.18

Release Date: September 28, 2021

  • [Bug Fix] BOSH Director disk is no longer re-created when its size and properties have not changed. See BOSH Director Disk Is Re-Created Unnecessarily below.
  • [Bug Fix] Fixes potential issue with the vSphere CPI where disk UUIDs might not be correctly returned, causing the wrong disk to be attached.
Component Version
Tanzu Ops Manager2.10.18-build.301*
Stemcell (Bosh Director and Ops Manager)621.154*
BBR SDK1.18.19*
BOSH Director271.9.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.7.5
Windows Syslog1.1.3
UAA74.5.26*
BPM1.1.13
Networking9
OS Conf22.1.1
AWS CPI88
Azure CPI37.6.0
Google CPI40.0.4
OpenStack CPI45
vSphere CPI70*
BOSH CLI6.4.7*
Credhub CLI2.9.0
BBR CLI1.9.15*
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.17

Release Date: September 16, 2021

  • [Known Issue] TKGI customers are recommended to skip this version. Deployments using the disk.enableUUID vmx option and attaching additional SCSI devices, for example, TKGI clusters using persistent volumes, might experience data loss if the VM is powered off and powered on again. This is due to a functional regression causing the VM to mount the wrong disk at startup. This regression is fixed in v2.10.18.

  • [Bug Fix] Operators can configure NSX-T server pools without a port.

  • [Bug Fix] The API returns an error when using duplicate GUIDs while updating vSphere clusters.

Component Version
Tanzu Ops Manager2.10.17-build.293*
Stemcell (Bosh Director and Ops Manager)621.151*
BBR SDK1.18.18*
BOSH Director271.9.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.7.5*
Windows Syslog1.1.3
UAA74.5.25*
BPM1.1.13
Networking9
OS Conf22.1.1
AWS CPI88*
Azure CPI37.6.0
Google CPI40.0.4
OpenStack CPI45
vSphere CPI69*
BOSH CLI6.4.6*
Credhub CLI2.9.0
BBR CLI1.9.11
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.16

Release Date: July 22, 2021

  • [Bug Fix] BOSH Backup and Restore works correctly when using AWS IAM Profiles.
  • [Bug Fix] vSphere unexpected VM and persistent disk re-creations no longer occur. However, if you have installed Ops Manager v2.10.15 and already re-created all VMs and disks, they are re-created again after you click Apply Changes in Ops Manager v2.10.16.
Component Version
Tanzu Ops Manager2.10.16-build.269*
Stemcell (Bosh Director and Ops Manager)621.135*
BBR SDK1.18.13*
BOSH Director271.9.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.1.3*
UAA74.5.24*
BPM1.1.13*
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.6.0*
Google CPI40.0.4
OpenStack CPI45*
vSphere CPI63*
BOSH CLI6.4.4
Credhub CLI2.9.0
BBR CLI1.9.11*
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.15

Release Date: June 30, 2021

Warning: This release shipped with a change that affects vSphere users. This change causes unintended recreation of all VMs and disks on the next Apply Changes. This issue is fixed in v2.10.16. However, if you have already re-created all VMs and disks, they are re-created again when you click Apply Changes on v2.10.16.

  • [Known Issue] Foundations that use multiple vCenter Configs might encounter failures when applying changes with the message No valid placement found for VM compute and storage requirement. A bug was introduced in Ops Manager v2.10.15 that requires the following workaround: the datastores listed in the Ephemeral and/or Persistent Datastore Names field of the first vCenter Config must be the union of all Ephemeral or Persistent Datastore Names across all vCenter Configs.

  • [Feature] Support for vSphere datastore clusters.

  • [Feature] A section in the BOSH Director manifest makes obvious which additional_cloud_properties overrides are used.

  • [Bug Fix] Resolved issue with support bundle creation that could cause Apply Changes to fail with the error No such file or directory - getcwd.

Ops Manager v2.10.15 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.15-build.255*
Stemcell (Bosh Director and Ops Manager)621.131*
BBR SDK1.18.11*
BOSH Director271.8.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.23
BPM1.1.12
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.5.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI60
BOSH CLI6.4.4
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.14

Release Date: June 16, 2021

  • [Known Issue Fix] NSX-T Certificate Authentication does not cause Apply Changes to fail. Issue is introduced in v2.10.12.

Ops Manager v2.10.14 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.14-build.248*
Stemcell (Bosh Director and Ops Manager)621.130
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.23*
BPM1.1.12
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.5.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI60*
BOSH CLI6.4.4*
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.13

Release Date: June 10, 2021

  • [Known Issue] NSX-T Certificate Authentication causes Apply Changes to fail with the following error: uninitialized constant VSphereCloud::Cloud::Tempfile.

Ops Manager v2.10.13 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.13-build.243*
Stemcell (Bosh Director and Ops Manager)621.130*
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.12
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.5.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI59
BOSH CLI6.4.3
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.7*
* Components marked with an asterisk have been updated.

v2.10.12

Release Date: June 7, 2021

  • [Known Issue] NSX-T Certificate Authentication causes Apply Changes to fail with the following error: uninitialized constant VSphereCloud::Cloud::Tempfile.
  • [Bug Fix] Removes an unnecessary vSphere privilege.

Ops Manager v2.10.12 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.12-build.240*
Stemcell (Bosh Director and Ops Manager)621.129*
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.29.0*
Metrics Server0.1.0
System Metrics2.0.12*
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.12*
Networking9
OS Conf22.1.1
AWS CPI87*
Azure CPI37.5.0*
Google CPI40.0.4
OpenStack CPI44
vSphere CPI59*
BOSH CLI6.4.3
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.5
* Components marked with an asterisk have been updated.

v2.10.11

Release Date: May 11, 2021

  • [Feature] You can distinguish between fixed and floating stemcells on the Stemcells in the Ops Manager UI.
  • [Feature] Maestro topology output is included in the support bundle.
  • [Feature] us-gov-east-1 region is available in AWS GovCloud.

Ops Manager v2.10.11 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.11-build.222*
Stemcell (Bosh Director and Ops Manager)621.125*
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.1
AWS CPI86*
Azure CPI37.3.1
Google CPI40.0.4
OpenStack CPI44
vSphere CPI57*
BOSH CLI6.4.3*
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.5*
* Components marked with an asterisk have been updated.

v2.10.10

Release Date: April 27, 2021

  • [Known Issue Fix] Ops Manager does not overwrite UAAC. Known issue is introduced in Ops Manager v2.10.9.
  • [Bug Fix] Regenerating leaf certificates succeeds when CredHub server certificate is expired.

Ops Manager v2.10.10 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.10-build.206*
Stemcell (Bosh Director and Ops Manager)621.123*
BBR SDK1.18.9*
BOSH Director271.8.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.1*
AWS CPI85
Azure CPI37.3.1*
Google CPI40.0.4
OpenStack CPI44
vSphere CPI55
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.7*
Telemetry1.1.4*
* Components marked with an asterisk have been updated.

v2.10.9

Release Date: April 13, 2021

  • [Breaking Change] On Apply Changes, Ops Manager generates new BOSH DNS certificates with a subject alternative name (SAN). On upgrade to v2.10.9 and later, you must run the Upgrade service instances errand on service tiles and Apply Changes to all tiles. Upgrading Ops Manager while a CA rotation is in progress results in the inability to Apply Changes due to safety violations.
  • [Known Issue] Due to permission changes, running uaac as the ubuntu user results in the error /home/tempest-web/tempest/web/vendor/uaac/Gemfile not found. To work around this issue, run unalias uaac as the ubuntu user before running uaac. Ops Manager v2.10.10 and later fixes this issue.
  • [Feature] vSphere users have the option to use the Policy API when placing VMs in policy NSX-T groups by enabling Use NSX-T Policy API in the vCenter Config pane of the BOSH Director tile
  • [Feature] The Putting Tile Credentials into CredHub step of Apply Changes produces more diagnostic output
  • [Bug Fix] The Internet Connected checkbox appears on the Resource Config pane for AWS
  • [Bug Fix] Copying credentials to CredHub during Apply Changes does not fail due to volume or slowness
  • [Bug Fix] NATS leaf certificates shows on /api/v0/deployed/certificates endpoint
  • [Bug Fix] Ops Manager UAA logs are log rotated
  • [Bug Fix] Restrict permissions on the /home/tempest-web and /home/ubuntu directories to 750
  • [Bug Fix] The service tempest-web restart command reliably connects with Ops Manager without frequent 502 gateway errors

Ops Manager v2.10.9 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.9-build.195*
Stemcell (Bosh Director and Ops Manager)621.117*
BBR SDK1.18.6*
BOSH Director271.7.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI85*
Azure CPI37.3.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI55*
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.5*
Telemetry1.1.3*
* Components marked with an asterisk have been updated.

v2.10.8

Release Date: February 23, 2021

  • [Known Issue Fix] Resolves issue discovered in v2.10.7 with sending BOSH System metrics to the Firehose

Ops Manager v2.10.8 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.8-build.168*
Stemcell (Bosh Director and Ops Manager)621.101
BBR SDK1.18.3
BOSH Director271.6.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI84
Azure CPI37.3.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.1
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.7

Release Date: February 11, 2021

  • [Known Issue] Ops Manager v2.10.7 has an issue sending BOSH System metrics to the Firehose. This causes a loss of monitoring for systems relying on metrics including Healthwatch and other downstream monitoring implementations. For more information on these metrics, see System (BOSH) Metrics.

    For more information, see Healthwatch smoke test failing with Ops Manager v2.10.7 in the Tanzu Community Knowledge Base.
  • [Bug Fix] Signature version is included in S3 CLI on BOSH Director
  • [Bug Fix] 10.x.x.x IP addresses are recorded in the audit log under a new field called forwarded_for
  • [Bug Fix] Improve performance speed of streaming the manifest diff

Ops Manager v2.10.7 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.7-build.163*
Stemcell (Bosh Director and Ops Manager)621.101*
BBR SDK1.18.3*
BOSH Director271.5.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI84
Azure CPI37.3.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.1
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.6

Release Date: January 29, 2021

Ops Manager v2.10.6 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.6-build.154*
Stemcell (Bosh Director and Ops Manager)621.99*
BBR SDK1.18.1
BOSH Director271.2.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22*
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI84*
Azure CPI37.3.0
Google CPI40.0.4*
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.1
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.5

Release Date: January 25, 2021

  • [Bug Fix] Unnecessary Host.Inventory.EditCluster permission check for vSphere is removed
  • [Bug Fix] You can apply NSX settings to BOSH Director when using Principal Identity Certificate authorization with NSX-T

Ops Manager v2.10.5 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.5-build.147*
Stemcell (Bosh Director and Ops Manager)621.97*
BBR SDK1.18.1*
BOSH Director271.2.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.21
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0*
BBR CLI1.9.1*
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.4

Release Date: December 10, 2020

  • [Feature] BlobstoreVerifier has improved logging and error messaging.
  • [Feature] Operators can use the Ops Manager API to rotate certificates on Redis for Pivotal Platform v2.3 and later.
  • [Bug Fix] Ops Manager no longer returns an error when uploading a stemcell twice.
  • [Bug Fix] Ops Manager no longer publishes images to the us-gov-east-1 region in AWS.
  • [Bug Fix] BlobstoreVerifier no longer defaults to domain-style access when the path-style parameter is absent in tiles.

Ops Manager v2.10.4 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.4-build.137*
Stemcell (Bosh Director and Ops Manager)621.94*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.21
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.1*
BOSH CLI6.4.1
Credhub CLI2.8.0
BBR CLI1.9.0*
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.3

Release Date: November 18, 2020

  • [Feature] A yellow banner in the Ops Manager UI shows the number of days until a certificate expires. The banner appears when a certificate expires soon.
  • [Feature] When you export a installation.zip file, a new metadata.json file includes timestamp, version, and product GUID. The metadata.json file can be used to identify when the export was created, which foundation the export represents, and to ensure that you are using the correct export file during an upgrade.
  • [Feature] API endpoints default to application/json content type
  • [Feature]: You can use the Ops Manager UI or API to set Azure Generation 2 VMs as the default VM type. For more information, see Azure Generation 2 VM Types in Configuring BOSH Director on Azure Manually.

    Consider the following before using Azure Generation 2 VM types:
    • If you use Availability Sets, you cannot use Generation 2 VM types.
    • Ensure that Generation 2 VM types are available in your Azure regions.
    • Switching to Generation 2 VM types causes all tiles to re-deploy.
    • If you have custom VM types set, your custom VMs are still used even if you switch to Generation 2. To use Generation 2 VMs in your custom VM types:
      1. Back up your current custom VM types.
      2. Delete the custom VM types.
      3. Switch to Generation 2 using either the Ops Manager API or UI.
      4. Re-add your custom VM types. For information about adding or deleting custom VM types, see How to Create or Remove a custom VM_TYPE template in Pivotal Cloud Foundry (PCF) using the Operations Manager API in the Knowledge Base.
  • [Feature] You can use IAM instance profiles when configuring the S3 blobstore for the BOSH Director. To use this feature, you must select Enable signed URLs.
  • [Feature] Upgrade NGINX
  • [Bug Fix] Repeated calls to DELETE /api/v0/installation_asset_collection deletes any deployed products
  • [Bug Fix] Safety check for BOSH product certificates on DELETE only includes the system_metrics_certificate
  • [Bug Fix] Clusters in an AZ are validated based on cluster name, resource pool, host group, and VM host affinity rule
  • [Bug Fix] The AZ and Network configuration pane does not error when properties are missing

Ops Manager v2.10.3 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.3-build.127*
Stemcell (Bosh Director and Ops Manager)621.90*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.27.0*
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.21*
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.1*
Credhub CLI2.8.0
BBR CLI1.8.1*
Telemetry1.1.2*
* Components marked with an asterisk have been updated.

v2.10.2

Release Date: September 25, 2020

  • [Bug Fix]: IaasConfigurationVerifier no longer fails on Azure deployments with a 500 error when you click Apply Changes or modify IaaS settings.

  • [Bug Fix]: Actions that require Instance Metadata Service (IMDS), such as configuring antivirus or adding SSH keys, no longer fail on Ops Manager instances deployed in AWS regions that do not have Instance Metadata Service Version 2 (IMDSv2).

  • [Bug Fix]: If you added or activated a CA on Ops Manager v2.7 or earlier, you can then activate or delete that CA after upgrading to Ops Manager v2.9 or later as expected.

  • [Bug Fix]: The Settings page no longer crashes when you attempt to save a long LDAP admin group name that contains spaces. The following error message is associated with this bug: NoMethodError: undefined method<’ for nil:NilClass`.

  • [Bug Fix]: On the Certificates page, the Excluded Certificates section is updated to correctly list all certificates that the Ops Manager API does not attempt to rotate.

  • [Bug Fix]: The /api/v0/certificate_authorities/active/regenerate API endpoint rotates all leaf certificates as expected when a CA certificate rotation is in progress.

  • [Feature]: You can use the Ops Manager API to rotate certificates managed by CredHub if you have the following versions of Pivotal Application Service (PAS), Pivotal Isolation Segment tile, Small Footprint PAS, or Pivotal Application Service for Windows (PASW) installed:

    • PAS v2.7.21 or later
    • PAS v2.8.2 or later
    • Pivotal Isolation Segment tile v2.7.21 or later
    • Pivotal Isolation Segment tile v2.8.2 or later
    • Small Footprint PAS v2.7.21 or later
    • Small Footprint PAS v2.8.2 or later
    • PASW v2.7.17 or later
    • PASW v2.8.2 or later

    For more information, see Overview of Certificate Rotation.

  • [Feature]: IPsec for VMware Tanzu certificates are excluded from certificate rotation with the Ops Manager API. To rotate IPsec certificates, see Rotating Active IPsec Certificates in the IPsec for VMware Tanzu documentation.

  • [Feature]: Ops Manager is rebranded to VMware Tanzu Operations Manager. This rebrand is reflected in the VMware Tanzu Operations Manager UI and on VMware Tanzu Network.

  • [Feature]: You can use the /api/v0/staged/products/{product_guid}/overrides Ops Manager API endpoint to edit the update and features sections in the manifest for an Ops Manager tile while you are in Advanced Mode. For more information, see Provide a new list of overrides for the given Product in the Ops Manager API documentation.

  • [Feature]: You can jump upgrade directly to the long-term support (LTS) version of Ops Manager, which is v2.10.2. For more information, see Jump Upgrading to Ops Manager v2.10.

Ops Manager v2.10.2 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.2-build.90*
Stemcell (Bosh Director and Ops Manager)621.84*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.24.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0*
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.0*
Credhub CLI2.8.0
BBR CLI1.8.0*
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.10.1

Release Date: September 1, 2020

  • [Feature]: Addition of tasks_cleanup_schedule, a scheduled task that cleans up completed BOSH tasks to reduce memory consumption. This task runs weekly by default.
  • [Feature]: If you click the Support link in the Ops Manager UI, information about expired certificates appears in the Platform Information Bundle.
  • [Bug Fix]: The regenerate API endpoint does not exclude any leaf certificates from rotation.
  • [Bug Fix]: Ops Manager does not crash after you change the LDAP authentication group.
  • [Bug Fix]: The Support Bundle downloads successfully for deploy records that do not have timestamps.
  • [Bug Fix]: TKGI users can deploy Ops Manager v2.10 with the BOSH metrics server feature enabled.
  • [Bug Fix]: The Revert Changes button does not appear when there are no pending changes.
  • [Bug Fix]: If you have a tile that is not configured and you apply changes, you receive a warning message but changes to other configured tiles are applied. In earlier patches, the apply changes failed. This only happened on vSphere environments.
  • [Bug Fix]: For Redis for VMware Tanzu v2.4 and later, certificates can be rotated by CredHub Maestro.
  • [Bug Fix]: When the Enable additional System Metrics checkbox is cleared on the tile UI, the loggr-system-metrics-agent and loggr-system-metrics-agent-windows jobs of the system-metrics release are removed from the product tile.
  • [Bug Fix]: For the hm_emailer_options.recipients key, the PUT /api/v0/staged/director/properties endpoint accepts the format used by GET /api/v0/staged/director/properties endpoint for this key in addition to the existing format accepted.

Ops Manager v2.10.1 uses the following component versions:

Component Version
Ops Manager2.10.1-build.69*
Stemcell621.82*
BBR SDK1.18.0
BOSH Director271.2.0*
BOSH DNS1.24.0*
Metrics Server0.1.0*
System Metrics2.0.11
CredHub2.8.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9*
Networking9
OS Conf22.1.0*
AWS CPI81
Azure CPI37.3.0*
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.8.0*
BBR CLI1.7.2
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.10.0

Release Date: July 31, 2020

Ops Manager v2.10.0 uses the following component versions:

Component Version
Ops Manager2.10.0-build.48
Stemcell621.77
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.8.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.1

How to Upgrade

To upgrade to VMware Tanzu Operations Manager v2.10, see Upgrading Ops Manager.

New Features in Ops Manager v2.10

Ops Manager v2.10 includes the following major features:

Long-Term Support for Ops Manager v2.10

Ops Manager v2.10 is the long-term supported (LTS) version of Ops Manager. Ops Manager v2.10 will be supported through April 2024.

Over the lifecycle of Ops Manager v2.10, VMware will release security patches that occasionally include feature enhancements and maintenance updates.

The migration period for upgrading to Ops Manager v2.10 is from August 2020 to March 2021. To accommodate this migration and provide customers with additional time to upgrade to Ops Manager v2.10, Ops Manager v2.7 will be supported through March 31, 2021.

For more information about Ops Manager v2.10 LTS, please reach out to your Account Team.

BOSH Director Manifest Overrides

In Ops Manager v2.10, you can use the /api/v0/staged/director/overrides Ops Manager API endpoint to override properties in the BOSH Director manifest. With this endpoint, you can only override properties that appear in the instance groups and networks sections of the manifest.

You must be in Advanced Mode to use this feature.

For more information about this feature, see Overriding Manifest Properties in Advanced Mode.

For information on the Ops Manager API endpoints related to this feature, see Advanced Manifest Configuration in Ops Manager API Documentation.

Override Runtime Config Properties

In Ops Manager v2.10, you can override the runtime config properties for BOSH DNS and System Metrics.

You must be in Advanced Mode to use this feature.

You use the /api/v0/staged/director/runtime_configs/overrides endpoint in the runtime configs to override properties:

Runtime Config Names Add-on Names
ops_manager_dns_runtime
  • bosh_dns
  • bosh_dns_windows
ops_manager_system_metrics_runtime
  • system_metrics_agent
  • system_metrics_agent_windows

For example, although you cannot change the log level for the BOSH DNS logs through the Ops Manager UI, you can change the log level using the /api/v0/staged/director/runtime_configs/overrides endpoint. Increase the log level to DEBUG for more information or decrease the level for less verbose logs.

For more information, see:

View Certificates in the Ops Manager UI

The Ops Manager UI introduces a new page called Certificates. This page displays all the certificates listed by the /api/v0/deployed/certificates endpoint, as well as the following details:

  • Certificate name: The name of the certificate.
  • Product GUID: The product for which the certificate is issued, such as BOSH or MySQL.
  • Location: Whether the certificate is stored in Ops Manager or CredHub.
  • Type: Whether the certificate is a leaf certificate or a certificate authority (CA).
  • Configurable: Whether the certificate is configurable.
  • Valid until: The expiration date of the certificate and the number of days before expiration.

For more information, see Using the Ops Manager Interface.

CredHub Maestro Runs Safety Checks During Certificate Rotation

CredHub Maestro v8.0, which is included in Ops Manager v2.10, performs basic safety checks when rotating certificates to prevent unsafe operations.

The Ops Manager API invokes the CredHub Maestro CLI when rotating certificates. If an Ops Manager API certificate rotation command is out-of-order or unsafe, CredHub Maestro stops the command and returns one or more safety violation errors.

To observe this feature in Ops Manager v2.10 certificate rotation API calls, you must have Pivotal Application Service (PAS) v2.8.2 and later or TAS for VMs v2.9 and later installed, and you must not have any version of VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) installed. If you are using an earlier version of PAS or have any version of TKGI installed, Ops Manager still runs safety checks, but they are not as comprehensive as CredHub Maestro safety checks.

For more information, see Troubleshooting CredHub Maestro Safety Violations During Certificate Rotation, Overview of Certificate Rotation, and Advanced Certificate Rotation with CredHub Maestro.

Override Duration for Certificates

Ops Manager v2.10.19 introduces the ability to override duration for both CA and leaf certificates.

By default, Ops Manager and CredHub generate certificates using the duration requested by the product that creates the certificate. This duration can vary from product to product. In Ops Manager v2.10.19 and later, you can set values to override the duration for CA and leaf certificates. This gives the you the option to increase certificate durations to reduce the frequency of required certificate rotations.

If you enable this feature and you configure a duration that is shorter than the minimum set for the product, the certificate is generated with the duration you set instead. If you configure a duration that is longer than the minimum setting, the certificate is generated with the longer duration.

After enabling the duration override feature, you must take additional steps to apply the setting to existing certificates, as well as any new certificates generated by CredHub. For more information, see Overriding Duration for Certificates.

IMDSv2 Support for AWS

In Ops Manager v2.10.23 and later, you can require that IMDSv2 is used on all VMs deployed in AWS. This security feature requires users to send a signed token header with any request to the instance metadata endpoint provided on AWS VMs.

After enabling IMDSv2, you must re-create all VMs for the setting to take effect. For more information, see Enabling IMDSv2 in Ops Manager.

Breaking Changes in Ops Manager v2.10

Ops Manager v2.10 includes the following breaking changes:

BOSH DNS Certificates Regeneration

In Ops Manager v2.10.9 and later, BOSH DNS leaf certificates are automatically regenerated to include the SAN field. On upgrade, you must redeploy all tiles and upgrade all service instances to distribute the BOSH DNS leaf certificates to all VMs.

To allow DNS certificate regeneration and avoid communication issues between system components:

  1. On upgrade, run the Upgrade service instances errand on all service tiles.

  2. Apply Changes to all tiles.

If you do not redeploy all tiles and upgrade all service instances, you can experience downtime.

CredHub Maestro Removes the “update-transitional latest” Command

Ops Manager v2.10 includes CredHub Maestro v8.0. In this version of CredHub Maestro, the maestro update-transitional latest command is removed.

If you have scripts that rely on the maestro update-transitional latest command, remove references to the command before you upgrade to Ops Manager v2.10.

In CredHub Maestro v8.0, you run maestro regenerate ca to regenerate a certificate authority (CA) and mark the latest version of the CA as transitional. This command performs both actions, while previous versions of CredHub Maestro use a separate command for each task.

For information about rotating CAs and certificates using CredHub Maestro, see Advanced Certificate Rotation with CredHub Maestro.

Known Issues

Ops Manager v2.10 includes the following known issues:

BOSH Director Disk Is Re-Created Unnecessarily

Due to an issue with the BOSH CLI, the BOSH Director disk can be re-created even when the size and properties for it have not changed. This issue does not cause data loss, but can slow the deployment time while the data migrates from the old disk to the new disk.

This issue is resolved in Ops Manager v2.10.18.

Metrics Server Configuration Causes BOSH Director Deployment to Fail During Upgrade

During an upgrade to Ops Manager v2.10, the BOSH Director deployment and subsequent upgrade may fail due to the default enablement of the metrics-server job. An error similar to the following appears in the metrics-server logs.

Required property 'networks' was not specified in object ({"vm_extensions"=>[{"cloud_properties"=>{"vmx_options"=>{"disk.enableUUID"=>"1"}}, "name"=>"disk_enable_uuid"}, {"cloud_properties"=>{"upgrade_hw_version"=>true}, "name"=>"set_version_hardware"}]}) (Bosh::Director::ValidationMissingField)

The cause of this upgrade failure is the presence of a tile, such as any version of Tanzu Kubernetes Grid Integrated Edition (TKGI), that is incompatible with Ops Manager v2.10 due to its default metrics-server enablement.

To workaround this issue, see the BOSH Director fails with non-running job during upgrade to Ops Manager 2.10 Knowledge Base article.

This issue is resolved in Ops Manager v2.10.1.

Increased Logging Slows Platform Functions

If your Loggregrator does not have sufficient memory to handle the increased system metrics emitted in Ops Manager v2.8 and later, you may experience dropped logs and slow consumers. This can impact logging and metrics platform functions.

To solve this issue, do the following:

  • If you have TAS for VMs, scale Loggregrator to handle the increased volume. See Scaling Up TAS for VMs.

  • In Ops Manager v2.9 or later, you can deactivatee these system metrics if you do not need them. To do this, deactivate Enable additional System Metrics in the Director Config pane of the BOSH Director tile. For a list of metrics collected, see System Metrics Agent in GitHub.

For more information about this feature, see All Platform VMs Emit System Metrics.

Reset Manually-Set Certificates in CredHub Before Rotating Certificates with the Ops Manager API

If you have manually set any certificates in CredHub on Ops Manager v2.6 or earlier, you need to reset those certificates before using the Ops Manager API to rotate CredHub certificates.

Resetting these certificates is not a required condition for the Ops Manager v2.10 upgrade. You can reset them either before or after the upgrade.

To reset a certificate in CredHub, see Reviewing and Resetting Manually Set Certificates in CredHub.

For more information about rotating certificates using the Ops Manager API, see Overview of Certificate Rotation. For more information about the certificate_authorities/active/regenerate endpoint, see Rotate Certificates in the Ops Manager API documentation.

Maestro Garbage Collection Error

When running maestro garbage collect, you might see an error like this:

$ maestro garbage-collect ca --all
not_deleted:
    - name: /services/tls_ca
      certificate_id: aaaaaaaa-bbbb-cccc-1111-aaaaaaaaaaa
      version_ids:
        - aaaaaaa-11111-22222-33333-bbbbbbbbbb
error: could not delete some certificate versions

You can ignore this error. The certificate should not be deleted.