Ops Manager v2.10 Release Notes

Page last updated:

This topic contains release notes for Ops Manager v2.10.

Ops Manager v2.10 is the long-term supported (LTS) version of Ops Manager. For more information, see Long-Term Support for Ops Manager v2.10. Starting with v2.10.2, you can jump upgrade directly from previous versions of Ops Manager to the long-term support (LTS) version of Ops Manager. For more information, see Jump Upgrading to Ops Manager v2.10.

For the feature highlights of this release, read the blog post VMware Tanzu Application Service 2.10 Adds New CLI, Eases Upgrades with More Flexible Control Plane or see New Features in Ops Manager v2.10.

Ops Manager is certified by the Cloud Foundry Foundation for 2022.

For more information about the Cloud Foundry Certified Provider Program, see How Do I Become a Certified Provider? on the Cloud Foundry website.


Releases

v2.10.26

Release Date: January 13, 2022

  • [Bug Fix] Ops Manager OpenAPI documentation fixes:
    • Sample URLs in the documentation no longer have a duplicate and erroneous “/api/v0” component in their path.
    • The hostname in the URLs is corrected and is no longer “{opsmanager-installation}}”.
    • The warning in the API documentation about unsupported parallel API calls is clearer. Additional words added to mention that calls made by different users, but at the same time are just as unsupported as calls by the same user.
  • [Bug Fix] Includes BOSH Director v271.18.0. This fixes the incorrect handling of the NO_PROXY setting in Ops Manager that might have been introduced in Ops Manager v2.10.16. You can now enter hosts in the No Proxy field of the Ops Manager’s Proxy Settings dialog and have Ops Manager, BOSH, and BOSH-deployed VMs reach out to those hosts directly.
Component Version
Tanzu Ops Manager2.10.26-build.365*
Stemcell (Bosh Director and Ops Manager)621.196*
BBR SDK1.18.31*
BOSH Director271.18.0*
BOSH DNS1.30.0
Metrics Server0.1.2*
System Metrics2.0.13
CredHub2.9.9*
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.31*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI92
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.11*
Credhub CLI2.9.1
BBR CLI1.9.21*
Telemetry1.2.2*
* Components marked with an asterisk have been updated.

v2.10.25

Release Date: December 22, 2021

  • [Security Fix] Upgrades the included versions of CredHub and UAA to fix a potential Denial of Service vulnerability caused by Log4j2. (CVE-2021-45105)
Component Version
Tanzu Ops Manager2.10.25-build.362*
Stemcell (Bosh Director and Ops Manager)621.192*
BBR SDK1.18.29
BOSH Director271.17.0
BOSH DNS1.30.0
Metrics Server0.1.1*
System Metrics2.0.13
CredHub2.9.8*
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.30*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI92*
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.8
Credhub CLI2.9.1
BBR CLI1.9.20
Telemetry1.2.1
* Components marked with an asterisk have been updated.

v2.10.24

Release Date: December 16, 2021

Warning:

See the following warnings:

  • [Security Fix] Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
Component Version
Tanzu Ops Manager2.10.24-build.360*
Stemcell (Bosh Director and Ops Manager)621.183
BBR SDK1.18.29
BOSH Director271.17.0
BOSH DNS1.30.0
Metrics Server0.1.0
System Metrics2.0.13
CredHub2.9.7*
CredHub Maestro8.0.1
Syslog11.7.7
Windows Syslog1.1.4
UAA74.5.29*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI91
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.8
Credhub CLI2.9.1
BBR CLI1.9.20
Telemetry1.2.1
* Components marked with an asterisk have been updated.

v2.10.23

Release Date: December 12, 2021

Warning: This patch upgrades components using Log4j to version 2.15 in order to mitigate CVE-2021-44228. VMware recommends upgrading to Ops Manager v2.10.24, which uses Log4j version 2.16 instead. If you are unable to upgrade, you can mitigate this CVE manually. See Instructions to address CVE-2021-44228 in Tanzu Operations Manager.

  • [Incomplete Security Fix] Fix remote code execution vulnerability related to Log4j (CVE-2021-44228)
  • [Feature] Allow configuration of OM UAA’s password policies
Component Version
Tanzu Ops Manager2.10.23-build.356*
Stemcell (Bosh Director and Ops Manager)621.183*
BBR SDK1.18.29*
BOSH Director271.17.0
BOSH DNS1.30.0*
Metrics Server0.1.0
System Metrics2.0.13*
CredHub2.9.6*
CredHub Maestro8.0.1
Syslog11.7.7*
Windows Syslog1.1.4*
UAA74.5.28*
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI91
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72
BOSH CLI6.4.8
Credhub CLI2.9.1
BBR CLI1.9.20*
Telemetry1.2.1
* Components marked with an asterisk have been updated.

v2.10.22

Release Date: November 29, 2021

  • [Feature] The IMDS Hop Limit can now be configured on AWS. See the metadata_options property on the bosh.io AWS CPI documentation
  • [Bug Fix] Ops Manager does not re-apply Identification Tags to VMs on every deploy. This issue was introduced in v2.10.20. The tags must be applied one final time for any VMs deployed using Ops Manager v2.10.20 or v2.10.21.
  • [Bug Fix] Ops Manager scales the maximum database connections on the BOSH Director database with the number of BOSH workers specified. Previously, scaling the workers could lead to running out of database connections.
Component Version
Tanzu Ops Manager2.10.22-build.344*
Stemcell (Bosh Director and Ops Manager)621.176*
BBR SDK1.18.28*
BOSH Director271.17.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.5
CredHub Maestro8.0.1
Syslog11.7.6
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI91*
Azure CPI37.6.0
Google CPI41.0.0
OpenStack CPI46
vSphere CPI72*
BOSH CLI6.4.8*
Credhub CLI2.9.1
BBR CLI1.9.19*
Telemetry1.2.1*
* Components marked with an asterisk have been updated.

v2.10.21

Release Date: November 10, 2021

  • [Feature] Operators can clear the default trusted certificates store on BOSH-deployed VMs.
  • [Feature] Operators can specify trusted certificates for use with S3-compatible blobstores.
  • [Bug Fix] Root disks in AWS respect the AWS EBS disk type setting.
  • [Known Issue] If you use Identification Tags, Ops Manager re-applies the tags on every deploy. This does not cause the VMs to be restarted, but causes slow deployments.
Component Version
Tanzu Ops Manager2.10.21-build.330*
Stemcell (Bosh Director and Ops Manager)621.171
BBR SDK1.18.26*
BOSH Director271.15.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.5
CredHub Maestro8.0.1
Syslog11.7.6*
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.15
Networking9
OS Conf22.1.2
AWS CPI90*
Azure CPI37.6.0
Google CPI41.0.0*
OpenStack CPI46
vSphere CPI70
BOSH CLI6.4.7
Credhub CLI2.9.1
BBR CLI1.9.17
Telemetry1.2.0
* Components marked with an asterisk have been updated.

v2.10.20

Release Date: November 2, 2021

  • [Feature] Operators can rotate CAs without having to re-create affected VMs. This requires stemcells Xenial 621.171 or later and Windows 2019.41 or later. For more information, see Rotating CAs and Leaf Certificates.
  • [Feature] Include uaa.log files in support bundle.
  • [Known Issue] If Prometheus alerting rules are configured on this version of Ops Manager, Healthwatch versions 2.0.0 to 2.1.4 fail to deploy.
  • [Known Issue] If you use Identification Tags, Ops Manager re-applies the tags on every deploy. This does not cause the VMs to be restarted, but causes slow deployments.
Component Version
Tanzu Ops Manager2.10.20-build.323*
Stemcell (Bosh Director and Ops Manager)621.171*
BBR SDK1.18.23*
BOSH Director271.14.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.5*
CredHub Maestro8.0.1
Syslog11.7.5
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.15*
Networking9
OS Conf22.1.2*
AWS CPI89
Azure CPI37.6.0
Google CPI40.0.5*
OpenStack CPI46*
vSphere CPI70
BOSH CLI6.4.7
Credhub CLI2.9.1
BBR CLI1.9.17*
Telemetry1.2.0*
* Components marked with an asterisk have been updated.

v2.10.19

Release Date: October 12, 2021

  • [Feature] Operators can choose between gp2 and gp3 for the default AWS disk type.
  • [Feature] Operators can override certificate durations. See Override Duration for Certificates below.
  • [Feature] Operators can configure additional SSH users on the BOSH Director.
  • [Feature] The BOSH Director accepts TLS v1.2 connections only.
  • [Known Issue] If Prometheus alerting rules are configured on this version of Ops Manager, Healthwatch versions 2.0.0 to 2.1.4 fail to deploy.
Component Version
Tanzu Ops Manager2.10.19-build.314*
Stemcell (Bosh Director and Ops Manager)621.160*
BBR SDK1.18.21*
BOSH Director271.11.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.4*
CredHub Maestro8.0.1
Syslog11.7.5
Windows Syslog1.1.3
UAA74.5.26
BPM1.1.14*
Networking9
OS Conf22.1.1
AWS CPI89*
Azure CPI37.6.0
Google CPI40.0.4
OpenStack CPI45
vSphere CPI70
BOSH CLI6.4.7
Credhub CLI2.9.1*
BBR CLI1.9.16*
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.18

Release Date: September 28, 2021

  • [Bug Fix] BOSH Director disk is no longer re-created when its size and properties have not changed. See BOSH Director Disk Is Re-Created Unnecessarily below.
  • [Bug Fix] Fixes potential issue with the vSphere CPI where disk UUIDs might not be correctly returned, causing the wrong disk to be attached.
Component Version
Tanzu Ops Manager2.10.18-build.301*
Stemcell (Bosh Director and Ops Manager)621.154*
BBR SDK1.18.19*
BOSH Director271.9.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.7.5
Windows Syslog1.1.3
UAA74.5.26*
BPM1.1.13
Networking9
OS Conf22.1.1
AWS CPI88
Azure CPI37.6.0
Google CPI40.0.4
OpenStack CPI45
vSphere CPI70*
BOSH CLI6.4.7*
Credhub CLI2.9.0
BBR CLI1.9.15*
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.17

Release Date: September 16, 2021

  • [Known Issue] TKGI customers are recommended to skip this version. Deployments using the disk.enableUUID vmx option and attaching additional SCSI devices, for example, TKGI clusters using persistent volumes, might experience data loss if the VM is powered off and powered on again. This is due to a functional regression causing the VM to mount the wrong disk at startup. This regression is fixed in v2.10.18.

  • [Bug Fix] Operators can configure NSX-T server pools without a port.

  • [Bug Fix] The API returns an error when using duplicate GUIDs while updating vSphere clusters.

Component Version
Tanzu Ops Manager2.10.17-build.293*
Stemcell (Bosh Director and Ops Manager)621.151*
BBR SDK1.18.18*
BOSH Director271.9.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.7.5*
Windows Syslog1.1.3
UAA74.5.25*
BPM1.1.13
Networking9
OS Conf22.1.1
AWS CPI88*
Azure CPI37.6.0
Google CPI40.0.4
OpenStack CPI45
vSphere CPI69*
BOSH CLI6.4.6*
Credhub CLI2.9.0
BBR CLI1.9.11
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.16

Release Date: July 22, 2021

  • [Bug Fix] BOSH Backup and Restore works correctly when using AWS IAM Profiles.
  • [Bug Fix] vSphere unexpected VM and persistent disk re-creations no longer occur. However, if you have installed Ops Manager v2.10.15 and already re-created all VMs and disks, they are re-created again after you click Apply Changes in Ops Manager v2.10.16.
Component Version
Tanzu Ops Manager2.10.16-build.269*
Stemcell (Bosh Director and Ops Manager)621.135*
BBR SDK1.18.13*
BOSH Director271.9.0*
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.1.3*
UAA74.5.24*
BPM1.1.13*
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.6.0*
Google CPI40.0.4
OpenStack CPI45*
vSphere CPI63*
BOSH CLI6.4.4
Credhub CLI2.9.0
BBR CLI1.9.11*
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.15

Release Date: June 30, 2021

Warning: This release shipped with a change that affects vSphere users. This change causes unintended recreation of all VMs and disks on the next Apply Changes. This issue is fixed in v2.10.16. However, if you have already re-created all VMs and disks, they are re-created again when you click Apply Changes on v2.10.16.

  • [Known Issue] Foundations that use multiple vCenter Configs might encounter failures when applying changes with the message No valid placement found for VM compute and storage requirement. A bug was introduced in Ops Manager v2.10.15 that requires the following workaround: the datastores listed in the Ephemeral and/or Persistent Datastore Names field of the first vCenter Config must be the union of all Ephemeral or Persistent Datastore Names across all vCenter Configs.

  • [Feature] Support for vSphere datastore clusters.

  • [Feature] A section in the BOSH Director manifest makes obvious which additional_cloud_properties overrides are used.

  • [Bug Fix] Resolved issue with support bundle creation that could cause Apply Changes to fail with the error No such file or directory - getcwd.

Ops Manager v2.10.15 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.15-build.255*
Stemcell (Bosh Director and Ops Manager)621.131*
BBR SDK1.18.11*
BOSH Director271.8.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.23
BPM1.1.12
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.5.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI60
BOSH CLI6.4.4
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.14

Release Date: June 16, 2021

  • [Known Issue Fix] NSX-T Certificate Authentication does not cause Apply Changes to fail. Issue is introduced in v2.10.12.

Ops Manager v2.10.14 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.14-build.248*
Stemcell (Bosh Director and Ops Manager)621.130
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.23*
BPM1.1.12
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.5.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI60*
BOSH CLI6.4.4*
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.7
* Components marked with an asterisk have been updated.

v2.10.13

Release Date: June 10, 2021

  • [Known Issue] NSX-T Certificate Authentication causes Apply Changes to fail with the following error: uninitialized constant VSphereCloud::Cloud::Tempfile.

Ops Manager v2.10.13 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.13-build.243*
Stemcell (Bosh Director and Ops Manager)621.130*
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.29.0
Metrics Server0.1.0
System Metrics2.0.12
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.12
Networking9
OS Conf22.1.1
AWS CPI87
Azure CPI37.5.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI59
BOSH CLI6.4.3
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.7*
* Components marked with an asterisk have been updated.

v2.10.12

Release Date: June 7, 2021

  • [Known Issue] NSX-T Certificate Authentication causes Apply Changes to fail with the following error: uninitialized constant VSphereCloud::Cloud::Tempfile.
  • [Bug Fix] Removes an unnecessary vSphere privilege.

Ops Manager v2.10.12 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.12-build.240*
Stemcell (Bosh Director and Ops Manager)621.129*
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.29.0*
Metrics Server0.1.0
System Metrics2.0.12*
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.12*
Networking9
OS Conf22.1.1
AWS CPI87*
Azure CPI37.5.0*
Google CPI40.0.4
OpenStack CPI44
vSphere CPI59*
BOSH CLI6.4.3
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.5
* Components marked with an asterisk have been updated.

v2.10.11

Release Date: May 11, 2021

  • [Feature] You can distinguish between fixed and floating stemcells on the Stemcells in the Ops Manager UI.
  • [Feature] Maestro topology output is included in the support bundle.
  • [Feature] us-gov-east-1 region is available in AWS GovCloud.

Ops Manager v2.10.11 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.11-build.222*
Stemcell (Bosh Director and Ops Manager)621.125*
BBR SDK1.18.9
BOSH Director271.8.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.1
AWS CPI86*
Azure CPI37.3.1
Google CPI40.0.4
OpenStack CPI44
vSphere CPI57*
BOSH CLI6.4.3*
Credhub CLI2.9.0
BBR CLI1.9.7
Telemetry1.1.5*
* Components marked with an asterisk have been updated.

v2.10.10

Release Date: April 27, 2021

  • [Known Issue Fix] Ops Manager does not overwrite UAAC. Known issue is introduced in Ops Manager v2.10.9.
  • [Bug Fix] Regenerating leaf certificates succeeds when CredHub server certificate is expired.

Ops Manager v2.10.10 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.10-build.206*
Stemcell (Bosh Director and Ops Manager)621.123*
BBR SDK1.18.9*
BOSH Director271.8.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.1*
AWS CPI85
Azure CPI37.3.1*
Google CPI40.0.4
OpenStack CPI44
vSphere CPI55
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.7*
Telemetry1.1.4*
* Components marked with an asterisk have been updated.

v2.10.9

Release Date: April 13, 2021

  • [Breaking Change] On Apply Changes, Ops Manager generates new BOSH DNS certificates with a subject alternative name (SAN). On upgrade to v2.10.9 and later, you must run the Upgrade service instances errand on service tiles and Apply Changes to all tiles. Upgrading Ops Manager while a CA rotation is in progress results in the inability to Apply Changes due to safety violations.
  • [Known Issue] Due to permission changes, running uaac as the ubuntu user results in the error /home/tempest-web/tempest/web/vendor/uaac/Gemfile not found. To work around this issue, run unalias uaac as the ubuntu user before running uaac. Ops Manager v2.10.10 and later fixes this issue.
  • [Feature] vSphere users have the option to use the Policy API when placing VMs in policy NSX-T groups by enabling Use NSX-T Policy API in the vCenter Config pane of the BOSH Director tile
  • [Feature] The Putting Tile Credentials into CredHub step of Apply Changes produces more diagnostic output
  • [Bug Fix] The Internet Connected checkbox appears on the Resource Config pane for AWS
  • [Bug Fix] Copying credentials to CredHub during Apply Changes does not fail due to volume or slowness
  • [Bug Fix] NATS leaf certificates shows on /api/v0/deployed/certificates endpoint
  • [Bug Fix] Ops Manager UAA logs are log rotated
  • [Bug Fix] Restrict permissions on the /home/tempest-web and /home/ubuntu directories to 750
  • [Bug Fix] The service tempest-web restart command reliably connects with Ops Manager without frequent 502 gateway errors

Ops Manager v2.10.9 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.9-build.195*
Stemcell (Bosh Director and Ops Manager)621.117*
BBR SDK1.18.6*
BOSH Director271.7.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI85*
Azure CPI37.3.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI55*
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.5*
Telemetry1.1.3*
* Components marked with an asterisk have been updated.

v2.10.8

Release Date: February 23, 2021

  • [Known Issue Fix] Resolves issue discovered in v2.10.7 with sending BOSH System metrics to the Firehose

Ops Manager v2.10.8 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.8-build.168*
Stemcell (Bosh Director and Ops Manager)621.101
BBR SDK1.18.3
BOSH Director271.6.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI84
Azure CPI37.3.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.1
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.7

Release Date: February 11, 2021

  • [Known Issue] Ops Manager v2.10.7 has an issue sending BOSH System metrics to the Firehose. This causes a loss of monitoring for systems relying on metrics including Healthwatch and other downstream monitoring implementations. For more information on these metrics, see System (BOSH) Metrics.

    For more information, see Healthwatch smoke test failing with Ops Manager v2.10.7 in the Tanzu Community Knowledge Base.
  • [Bug Fix] Signature version is included in S3 CLI on BOSH Director
  • [Bug Fix] 10.x.x.x IP addresses are recorded in the audit log under a new field called forwarded_for
  • [Bug Fix] Improve performance speed of streaming the manifest diff

Ops Manager v2.10.7 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.7-build.163*
Stemcell (Bosh Director and Ops Manager)621.101*
BBR SDK1.18.3*
BOSH Director271.5.0*
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI84
Azure CPI37.3.0
Google CPI40.0.4
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.1
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.6

Release Date: January 29, 2021

Ops Manager v2.10.6 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.6-build.154*
Stemcell (Bosh Director and Ops Manager)621.99*
BBR SDK1.18.1
BOSH Director271.2.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.22*
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI84*
Azure CPI37.3.0
Google CPI40.0.4*
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0
BBR CLI1.9.1
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.5

Release Date: January 25, 2021

  • [Bug Fix] Unnecessary Host.Inventory.EditCluster permission check for vSphere is removed
  • [Bug Fix] You can apply NSX settings to BOSH Director when using Principal Identity Certificate authorization with NSX-T

Ops Manager v2.10.5 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.5-build.147*
Stemcell (Bosh Director and Ops Manager)621.97*
BBR SDK1.18.1*
BOSH Director271.2.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.21
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.1
BOSH CLI6.4.1
Credhub CLI2.9.0*
BBR CLI1.9.1*
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.4

Release Date: December 10, 2020

  • [Feature] BlobstoreVerifier has improved logging and error messaging.
  • [Feature] Operators can use the Ops Manager API to rotate certificates on Redis for Pivotal Platform v2.3 and later.
  • [Bug Fix] Ops Manager no longer returns an error when uploading a stemcell twice.
  • [Bug Fix] Ops Manager no longer publishes images to the us-gov-east-1 region in AWS.
  • [Bug Fix] BlobstoreVerifier no longer defaults to domain-style access when the path-style parameter is absent in tiles.

Ops Manager v2.10.4 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.4-build.137*
Stemcell (Bosh Director and Ops Manager)621.94*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.27.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.21
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.1*
BOSH CLI6.4.1
Credhub CLI2.8.0
BBR CLI1.9.0*
Telemetry1.1.2
* Components marked with an asterisk have been updated.

v2.10.3

Release Date: November 18, 2020

  • [Feature] A yellow banner in the Ops Manager UI shows the number of days until a certificate expires. The banner appears when a certificate expires soon.
  • [Feature] When you export a installation.zip file, a new metadata.json file includes timestamp, version, and product GUID. The metadata.json file can be used to identify when the export was created, which foundation the export represents, and to ensure that you are using the correct export file during an upgrade.
  • [Feature] API endpoints default to application/json content type
  • [Feature]: You can use the Ops Manager UI or API to set Azure Generation 2 VMs as the default VM type. For more information, see Azure Generation 2 VM Types in Configuring BOSH Director on Azure Manually.

    Consider the following before using Azure Generation 2 VM types:
    • If you use Availability Sets, you cannot use Generation 2 VM types.
    • Ensure that Generation 2 VM types are available in your Azure regions.
    • Switching to Generation 2 VM types causes all tiles to re-deploy.
    • If you have custom VM types set, your custom VMs are still used even if you switch to Generation 2. To use Generation 2 VMs in your custom VM types:
      1. Back up your current custom VM types.
      2. Delete the custom VM types.
      3. Switch to Generation 2 using either the Ops Manager API or UI.
      4. Re-add your custom VM types. For information about adding or deleting custom VM types, see How to Create or Remove a custom VM_TYPE template in Pivotal Cloud Foundry (PCF) using the Operations Manager API in the Knowledge Base.
  • [Feature] You can use IAM instance profiles when configuring the S3 blobstore for the BOSH Director. To use this feature, you must select Enable signed URLs.
  • [Feature] Upgrade NGINX
  • [Bug Fix] Repeated calls to DELETE /api/v0/installation_asset_collection deletes any deployed products
  • [Bug Fix] Safety check for BOSH product certificates on DELETE only includes the system_metrics_certificate
  • [Bug Fix] Clusters in an AZ are validated based on cluster name, resource pool, host group, and VM host affinity rule
  • [Bug Fix] The AZ and Network configuration pane does not error when properties are missing

Ops Manager v2.10.3 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.3-build.127*
Stemcell (Bosh Director and Ops Manager)621.90*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.27.0*
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.21*
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.1*
Credhub CLI2.8.0
BBR CLI1.8.1*
Telemetry1.1.2*
* Components marked with an asterisk have been updated.

v2.10.2

Release Date: September 25, 2020

  • [Bug Fix]: IaasConfigurationVerifier no longer fails on Azure deployments with a 500 error when you click Apply Changes or modify IaaS settings.

  • [Bug Fix]: Actions that require Instance Metadata Service (IMDS), such as configuring antivirus or adding SSH keys, no longer fail on Ops Manager instances deployed in AWS regions that do not have Instance Metadata Service Version 2 (IMDSv2).

  • [Bug Fix]: If you added or activated a CA on Ops Manager v2.7 or earlier, you can then activate or delete that CA after upgrading to Ops Manager v2.9 or later as expected.

  • [Bug Fix]: The Settings page no longer crashes when you attempt to save a long LDAP admin group name that contains spaces. The following error message is associated with this bug: NoMethodError: undefined method<’ for nil:NilClass`.

  • [Bug Fix]: On the Certificates page, the Excluded Certificates section is updated to correctly list all certificates that the Ops Manager API does not attempt to rotate.

  • [Bug Fix]: The /api/v0/certificate_authorities/active/regenerate API endpoint rotates all leaf certificates as expected when a CA certificate rotation is in progress.

  • [Feature]: You can use the Ops Manager API to rotate certificates managed by CredHub if you have the following versions of Pivotal Application Service (PAS), Pivotal Isolation Segment tile, Small Footprint PAS, or Pivotal Application Service for Windows (PASW) installed:

    • PAS v2.7.21 or later
    • PAS v2.8.2 or later
    • Pivotal Isolation Segment tile v2.7.21 or later
    • Pivotal Isolation Segment tile v2.8.2 or later
    • Small Footprint PAS v2.7.21 or later
    • Small Footprint PAS v2.8.2 or later
    • PASW v2.7.17 or later
    • PASW v2.8.2 or later

    For more information, see Overview of Certificate Rotation.

  • [Feature]: IPsec for VMware Tanzu certificates are excluded from certificate rotation with the Ops Manager API. To rotate IPsec certificates, see Rotating Active IPsec Certificates in the IPsec for VMware Tanzu documentation.

  • [Feature]: Ops Manager is rebranded to VMware Tanzu Operations Manager. This rebrand is reflected in the VMware Tanzu Operations Manager UI and on VMware Tanzu Network.

  • [Feature]: You can use the /api/v0/staged/products/{product_guid}/overrides Ops Manager API endpoint to edit the update and features sections in the manifest for an Ops Manager tile while you are in Advanced Mode. For more information, see Provide a new list of overrides for the given Product in the Ops Manager API documentation.

  • [Feature]: You can jump upgrade directly to the long-term support (LTS) version of Ops Manager, which is v2.10.2. For more information, see Jump Upgrading to Ops Manager v2.10.

Ops Manager v2.10.2 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.2-build.90*
Stemcell (Bosh Director and Ops Manager)621.84*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.24.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0*
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.0*
Credhub CLI2.8.0
BBR CLI1.8.0*
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.10.1

Release Date: September 1, 2020

  • [Feature]: Addition of tasks_cleanup_schedule, a scheduled task that cleans up completed BOSH tasks to reduce memory consumption. This task runs weekly by default.
  • [Feature]: If you click the Support link in the Ops Manager UI, information about expired certificates appears in the Platform Information Bundle.
  • [Bug Fix]: The regenerate API endpoint does not exclude any leaf certificates from rotation.
  • [Bug Fix]: Ops Manager does not crash after you change the LDAP authentication group.
  • [Bug Fix]: The Support Bundle downloads successfully for deploy records that do not have timestamps.
  • [Bug Fix]: TKGI users can deploy Ops Manager v2.10 with the BOSH metrics server feature enabled.
  • [Bug Fix]: The Revert Changes button does not appear when there are no pending changes.
  • [Bug Fix]: If you have a tile that is not configured and you apply changes, you receive a warning message but changes to other configured tiles are applied. In earlier patches, the apply changes failed. This only happened on vSphere environments.
  • [Bug Fix]: For Redis for VMware Tanzu v2.4 and later, certificates can be rotated by CredHub Maestro.
  • [Bug Fix]: When the Enable additional System Metrics checkbox is cleared on the tile UI, the loggr-system-metrics-agent and loggr-system-metrics-agent-windows jobs of the system-metrics release are removed from the product tile.
  • [Bug Fix]: For the hm_emailer_options.recipients key, the PUT /api/v0/staged/director/properties endpoint accepts the format used by GET /api/v0/staged/director/properties endpoint for this key in addition to the existing format accepted.

Ops Manager v2.10.1 uses the following component versions:

Component Version
Ops Manager2.10.1-build.69*
Stemcell621.82*
BBR SDK1.18.0
BOSH Director271.2.0*
BOSH DNS1.24.0*
Metrics Server0.1.0*
System Metrics2.0.11
CredHub2.8.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9*
Networking9
OS Conf22.1.0*
AWS CPI81
Azure CPI37.3.0*
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.8.0*
BBR CLI1.7.2
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.10.0

Release Date: July 31, 2020

Ops Manager v2.10.0 uses the following component versions:

Component Version
Ops Manager2.10.0-build.48
Stemcell621.77
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.8.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.1

How to Upgrade

To upgrade to Ops Manager v2.10, see Upgrading Ops Manager.

New Features in Ops Manager v2.10

Ops Manager v2.10 includes the following major features:

Long-Term Support for Ops Manager v2.10

Ops Manager v2.10 is the long-term supported (LTS) version of Ops Manager. Ops Manager v2.10 will be supported through April 2024.

Over the lifecycle of Ops Manager v2.10, VMware will release security patches that occasionally include feature enhancements and maintenance updates.

The migration period for upgrading to Ops Manager v2.10 is from August 2020 to March 2021. To accommodate this migration and provide customers with additional time to upgrade to Ops Manager v2.10, Ops Manager v2.7 will be supported through March 31, 2021.

For more information about Ops Manager v2.10 LTS, please reach out to your Account Team.

BOSH Director Manifest Overrides

In Ops Manager v2.10, you can use the /api/v0/staged/director/overrides Ops Manager API endpoint to override properties in the BOSH Director manifest. With this endpoint, you can only override properties that appear in the instance groups and networks sections of the manifest.

You must be in Advanced Mode to use this feature.

For more information about this feature, see Overriding Manifest Properties in Advanced Mode.

For information on the Ops Manager API endpoints related to this feature, see Advanced Manifest Configuration in Ops Manager API Documentation.

Override Runtime Config Properties

In Ops Manager v2.10, you can override the runtime config properties for BOSH DNS and System Metrics.

You must be in Advanced Mode to use this feature.

You use the /api/v0/staged/director/runtime_configs/overrides endpoint in the runtime configs to override properties:

Runtime Config Names Add-on Names
ops_manager_dns_runtime
  • bosh_dns
  • bosh_dns_windows
ops_manager_system_metrics_runtime
  • system_metrics_agent
  • system_metrics_agent_windows

For example, although you cannot change the log level for the BOSH DNS logs through the Ops Manager UI, you can change the log level using the /api/v0/staged/director/runtime_configs/overrides endpoint. Increase the log level to DEBUG for more information or decrease the level for less verbose logs.

For more information, see:

View Certificates in the Ops Manager UI

The Ops Manager UI introduces a new page called Certificates. This page displays all the certificates listed by the /api/v0/deployed/certificates endpoint, as well as the following details:

  • Certificate name: The name of the certificate.
  • Product GUID: The product for which the certificate is issued, such as BOSH or MySQL.
  • Location: Whether the certificate is stored in Ops Manager or CredHub.
  • Type: Whether the certificate is a leaf certificate or a certificate authority (CA).
  • Configurable: Whether the certificate is configurable.
  • Valid until: The expiration date of the certificate and the number of days before expiration.

For more information, see Using the Ops Manager Interface.

CredHub Maestro Runs Safety Checks During Certificate Rotation

CredHub Maestro v8.0, which is included in Ops Manager v2.10, performs basic safety checks when rotating certificates to prevent unsafe operations.

The Ops Manager API invokes the CredHub Maestro CLI when rotating certificates. If an Ops Manager API certificate rotation command is out-of-order or unsafe, CredHub Maestro stops the command and returns one or more safety violation errors.

To observe this feature in Ops Manager v2.10 certificate rotation API calls, you must have Pivotal Application Service (PAS) v2.8.2 and later or TAS for VMs v2.9 and later installed, and you must not have any version of VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) installed. If you are using an earlier version of PAS or have any version of TKGI installed, Ops Manager still runs safety checks, but they are not as comprehensive as CredHub Maestro safety checks.

For more information, see Troubleshooting CredHub Maestro Safety Violations During Certificate Rotation, Overview of Certificate Rotation, and Advanced Certificate Rotation with CredHub Maestro.

Override Duration for Certificates

Ops Manager v2.10.19 introduces the ability to override duration for both CA and leaf certificates.

By default, Ops Manager and CredHub generate certificates using the duration requested by the product that creates the certificate. This duration can vary from product to product. In Ops Manager v2.10.19 and later, you can set values to override the duration for CA and leaf certificates. This gives the you the option to increase certificate durations to reduce the frequency of required certificate rotations.

If you enable this feature and you configure a duration that is shorter than the minimum set for the product, the certificate is generated with the duration you set instead. If you configure a duration that is longer than the minimum setting, the certificate is generated with the longer duration.

After enabling the duration override feature, you must take additional steps to apply the setting to existing certificates, as well as any new certificates generated by CredHub. For more information, see Overriding Duration for Certificates.

IMDSv2 Support for AWS

In Ops Manager v2.10.23 and later, you can require that IMDSv2 is used on all VMs deployed in AWS. This security feature requires users to send a signed token header with any request to the instance metadata endpoint provided on AWS VMs.

After enabling IMDSv2, you must re-create all VMs for the setting to take effect. For more information, see Enabling IMDSv2 in Ops Manager.

Breaking Changes in Ops Manager v2.10

Ops Manager v2.10 includes the following breaking changes:

BOSH DNS Certificates Regeneration

In Ops Manager v2.10.9 and later, BOSH DNS leaf certificates are automatically regenerated to include the SAN field. On upgrade, you must redeploy all tiles and upgrade all service instances to distribute the BOSH DNS leaf certificates to all VMs.

To allow DNS certificate regeneration and avoid communication issues between system components:

  1. On upgrade, run the Upgrade service instances errand on all service tiles.

  2. Apply Changes to all tiles.

If you do not redeploy all tiles and upgrade all service instances, you can experience downtime.

CredHub Maestro Removes the “update-transitional latest” Command

Ops Manager v2.10 includes CredHub Maestro v8.0. In this version of CredHub Maestro, the maestro update-transitional latest command is removed.

If you have scripts that rely on the maestro update-transitional latest command, remove references to the command before you upgrade to Ops Manager v2.10.

In CredHub Maestro v8.0, you run maestro regenerate ca to regenerate a certificate authority (CA) and mark the latest version of the CA as transitional. This command performs both actions, while previous versions of CredHub Maestro use a separate command for each task.

For information about rotating CAs and certificates using CredHub Maestro, see Advanced Certificate Rotation with CredHub Maestro.

Known Issues

Ops Manager v2.10 includes the following known issues:

BOSH Director Disk Is Re-Created Unnecessarily

Due to an issue with the BOSH CLI, the BOSH Director disk can be re-created even when the size and properties for it have not changed. This issue does not cause data loss, but can slow the deployment time while the data migrates from the old disk to the new disk.

This issue is resolved in Ops Manager v2.10.18.

Metrics Server Configuration Causes BOSH Director Deployment to Fail During Upgrade

During an upgrade to Ops Manager v2.10, the BOSH Director deployment and subsequent upgrade may fail due to the default enablement of the metrics-server job. An error similar to the following appears in the metrics-server logs.

Required property 'networks' was not specified in object ({"vm_extensions"=>[{"cloud_properties"=>{"vmx_options"=>{"disk.enableUUID"=>"1"}}, "name"=>"disk_enable_uuid"}, {"cloud_properties"=>{"upgrade_hw_version"=>true}, "name"=>"set_version_hardware"}]}) (Bosh::Director::ValidationMissingField)

The cause of this upgrade failure is the presence of a tile, such as any version of Tanzu Kubernetes Grid Integrated Edition (TKGI), that is incompatible with Ops Manager v2.10 due to its default metrics-server enablement.

To workaround this issue, see the BOSH Director fails with non-running job during upgrade to Ops Manager 2.10 Knowledge Base article.

This issue is resolved in Ops Manager v2.10.1.

Increased Logging Slows Platform Functions

If your Loggregrator does not have sufficient memory to handle the increased system metrics emitted in Ops Manager v2.8 and later, you may experience dropped logs and slow consumers. This can impact logging and metrics platform functions.

To solve this issue, do the following:

  • If you have TAS for VMs, scale Loggregrator to handle the increased volume. See Scaling Up TAS for VMs.

  • In Ops Manager v2.9 or later, you can disable these system metrics if you don’t need them. To do this, disable Enable additional System Metrics in the Director Config pane of the BOSH Director tile. For a list of metrics collected, see System Metrics Agent in GitHub.

For more information on this feature, see All Platform VMs Emit System Metrics.

Reset Manually-Set Certificates in CredHub Before Rotating Certificates with the Ops Manager API

If you have manually set any certificates in CredHub on Ops Manager v2.6 or earlier, you need to reset those certificates before using the Ops Manager API to rotate CredHub certificates.

Resetting these certificates is not a required condition for the Ops Manager v2.10 upgrade. You can reset them either before or after the upgrade.

To reset a certificate in CredHub, see Reviewing and Resetting Manually Set Certificates in CredHub.

For more information about rotating certificates using the Ops Manager API, see Overview of Certificate Rotation. For more information about the certificate_authorities/active/regenerate endpoint, see Rotate Certificates in the Ops Manager API documentation.

Maestro Garbage Collection Error

When running maestro garbage collect, you might see an error like this:

$ maestro garbage-collect ca --all
not_deleted:
    - name: /services/tls_ca
      certificate_id: aaaaaaaa-bbbb-cccc-1111-aaaaaaaaaaa
      version_ids:
        - aaaaaaa-11111-22222-33333-bbbbbbbbbb
error: could not delete some certificate versions

You can ignore this error. The certificate should not be deleted.