Ops Manager v2.10 Release Notes

Page last updated:

This topic contains release notes for Ops Manager v2.10.

Ops Manager v2.10 is the long-term supported (LTS) version of Ops Manager. For more information, see Long-Term Support for Ops Manager v2.10. Starting with v2.10.2, you can jump upgrade directly from previous versions of Ops Manager to the long-term support (LTS) version of Ops Manager. For more information, see Jump Upgrading to Ops Manager v2.10.

For the feature highlights of this release, read the blog post VMware Tanzu Application Service 2.10 Adds New CLI, Eases Upgrades with More Flexible Control Plane or see New Features in Ops Manager v2.10.

Ops Manager is certified by the Cloud Foundry Foundation for 2020.

For more information about the Cloud Foundry Certified Provider Program, see How Do I Become a Certified Provider? on the Cloud Foundry website.


Releases

v2.10.3

Release Date: November 18, 2020

  • [Feature] A yellow banner in the Ops Manager UI shows the number of days until a certificate expires. The banner appears when a certificate expires soon.
  • [Feature] When you export a installation.zip file, a new metadata.json file includes timestamp, version, and product GUID.
  • [Feature] API endpoints default to application/json content type
  • [Feature]: You can use the Ops Manager UI or API to set Azure Generation 2 VMs as the default VM type. For more information, see Azure Generation 2 VM Types in Configuring BOSH Director on Azure Manually.

    Consider the following before using Azure Generation 2 VM types:
    • If you use Availability Sets, you cannot use Generation 2 VM types.
    • Ensure that Generation 2 VM types are available in your Azure regions.
    • Switching to Generation 2 VM types causes all tiles to re-deploy.
    • If you have custom VM types set, your custom VMs are still used even if you switch to Generation 2. To use Generation 2 VMs in your custom VM types:
      1. Back up your current custom VM types.
      2. Delete the custom VM types.
      3. Switch to Generation 2 using either the Ops Manager API or UI.
      4. Re-add your custom VM types. For information about adding or deleting custom VM types, see How to Create or Remove a custom VM_TYPE template in Pivotal Cloud Foundry (PCF) using the Operations Manager API in the Knowledge Base.
  • [Feature] You can use IAM instance profiles when configuring the S3 blobstore for the BOSH Director. To use this feature, you must select Enable signed URLs.
  • [Feature] Upgrade NGINX
  • [Bug Fix] Repeated calls to DELETE /api/v0/installation_asset_collection deletes any deployed products
  • [Bug Fix] Safety check for BOSH product certificates on DELETE only includes the system_metrics_certificate
  • [Bug Fix] Clusters in an AZ are validated based on cluster name, resource pool, host group, and VM host affinity rule
  • [Bug Fix] The AZ and Network configuration pane does not error when properties are missing
Component Version
Tanzu Ops Manager2.10.3-build.127*
Stemcell (Bosh Director and Ops Manager)621.90*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.27.0*
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.21*
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.1*
Credhub CLI2.8.0
BBR CLI1.8.1*
Telemetry1.1.2*
* Components marked with an asterisk have been updated.

v2.10.2

Release Date: September 25, 2020

  • [Bug Fix]: IaasConfigurationVerifier no longer fails on Azure deployments with a 500 error when you click Apply Changes or modify IaaS settings.

  • [Bug Fix]: Actions that require Instance Metadata Service (IMDS), such as configuring antivirus or adding SSH keys, no longer fail on Ops Manager instances deployed in AWS regions that do not have Instance Metadata Service Version 2 (IMDSv2).

  • [Bug Fix]: If you added or activated a CA on Ops Manager v2.7 or earlier, you can then activate or delete that CA after upgrading to Ops Manager v2.9 or later as expected.

  • [Bug Fix]: The Settings page no longer crashes when you attempt to save a long LDAP admin group name that contains spaces. The following error message is associated with this bug: NoMethodError: undefined method<’ for nil:NilClass`.

  • [Bug Fix]: On the Certificates page, the Excluded Certificates section is updated to correctly list all certificates that the Ops Manager API does not attempt to rotate.

  • [Bug Fix]: The /api/v0/certificate_authorities/active/regenerate API endpoint rotates all leaf certificates as expected when a CA certificate rotation is in progress.

  • [Feature]: You can use the Ops Manager API to rotate certificates managed by CredHub if you have the following versions of Pivotal Application Service (PAS), Pivotal Isolation Segment tile, Small Footprint PAS, or Pivotal Application Service for Windows (PASW) installed:

    • PAS v2.7.21 or later
    • PAS v2.8.2 or later
    • Pivotal Isolation Segment tile v2.7.21 or later
    • Pivotal Isolation Segment tile v2.8.2 or later
    • Small Footprint PAS v2.7.21 or later
    • Small Footprint PAS v2.8.2 or later
    • PASW v2.7.17 or later
    • PASW v2.8.2 or later

    For more information, see Overview of Certificate Rotation.

  • [Feature]: IPsec for VMware Tanzu certificates are excluded from certificate rotation with the Ops Manager API. To rotate IPsec certificates, see Rotating Active IPsec Certificates in the IPsec for VMware Tanzu documentation.

  • [Feature]: Ops Manager is rebranded to VMware Tanzu Operations Manager. This rebrand is reflected in the VMware Tanzu Operations Manager UI and on VMware Tanzu Network.

  • [Feature]: You can use the /api/v0/staged/products/{product_guid}/overrides Ops Manager API endpoint to edit the update and features sections in the manifest for an Ops Manager tile while you are in Advanced Mode. For more information, see Provide a new list of overrides for the given Product in the Ops Manager API documentation.

  • [Feature]: You can jump upgrade directly to the long-term support (LTS) version of Ops Manager, which is v2.10.2. For more information, see Jump Upgrading to Ops Manager v2.10.

Ops Manager v2.10.2 uses the following component versions:

Component Version
Tanzu Ops Manager2.10.2-build.90*
Stemcell (Bosh Director and Ops Manager)621.84*
BBR SDK1.18.0
BOSH Director271.2.0
BOSH DNS1.24.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.9.0*
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.0*
Credhub CLI2.8.0
BBR CLI1.8.0*
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.10.1

Release Date: September 1, 2020

  • [Feature]: If you click the Support link in the Ops Manager UI, information about expired certificates appears in the Platform Information Bundle.
  • [Bug Fix]: The regenerate API endpoint does not exclude any leaf certificates from rotation.
  • [Bug Fix]: Ops Manager does not crash after you change the LDAP authentication group.
  • [Bug Fix]: The Support Bundle downloads successfully for deploy records that do not have timestamps.
  • [Bug Fix]: TKGi users can deploy Ops Manager v2.10 with the BOSH metrics server feature enabled.
  • [Bug Fix]: The Revert Changes button does not appear when there are no pending changes.
  • [Bug Fix]: If you have a tile that is not configured and you apply changes, you receive a warning message but changes to other configured tiles are applied. In earlier patches, the apply changes failed. This only happened on vSphere environments.
  • [Bug Fix]: For Redis for VMware Tanzu v2.4 and later, certificates can be rotated by CredHub Maestro.
  • [Bug Fix]: When the Enable additional System Metrics checkbox is cleared on the tile UI, the loggr-system-metrics-agent and loggr-system-metrics-agent-windows jobs of the system-metrics release are removed from the product tile.
  • [Bug Fix]: For the hm_emailer_options.recipients key, the PUT /api/v0/staged/director/properties endpoint accepts the format used by GET /api/v0/staged/director/properties endpoint for this key in addition to the existing format accepted.

Ops Manager v2.10.1 uses the following component versions:

Component Version
Ops Manager2.10.1-build.69*
Stemcell621.82*
BBR SDK1.18.0
BOSH Director271.2.0*
BOSH DNS1.24.0*
Metrics Server0.1.0*
System Metrics2.0.11
CredHub2.8.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9*
Networking9
OS Conf22.1.0*
AWS CPI81
Azure CPI37.3.0*
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.8.0*
BBR CLI1.7.2
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.10.0

Release Date: July 31, 2020

Ops Manager v2.10.0 uses the following component versions:

Component Version
Ops Manager2.10.0-build.48
Stemcell621.77
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.8.0
CredHub Maestro8.0.1
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.1

How to Upgrade

To upgrade to Ops Manager v2.10, see Upgrading Ops Manager.

New Features in Ops Manager v2.10

Ops Manager v2.10 includes the following major features:

Long-Term Support for Ops Manager v2.10

Ops Manager v2.10 is the long-term supported (LTS) version of Ops Manager. Ops Manager v2.10 will be supported through April 2024.

Over the lifecycle of Ops Manager v2.10, VMware will release security patches that occasionally include feature enhancements and maintenance updates.

The migration period for upgrading to Ops Manager v2.10 is from August 2020 to March 2021. To accommodate this migration and provide customers with additional time to upgrade to Ops Manager v2.10, Ops Manager v2.7 will be supported through March 31, 2021.

For more information about Ops Manager v2.10 LTS, please reach out to your Account Team.

BOSH Director Manifest Overrides

In Ops Manager v2.10, you can use the /api/v0/staged/director/overrides Ops Manager API endpoint to override properties in the BOSH Director manifest. With this endpoint, you can only override properties that appear in the instance groups and networks sections of the manifest.

You must be in Advanced Mode to use this feature.

For more information about this feature, see Overriding Manifest Properties in Advanced Mode.

For information on the Ops Manager API endpoints related to this feature, see Advanced Manifest Configuration in Ops Manager API Documentation.

Override Runtime Config Properties

In Ops Manager v2.10, you can override the runtime config properties for BOSH DNS and System Metrics.

You must be in Advanced Mode to use this feature.

You use the /api/v0/staged/director/runtime_configs/overrides endpoint in the runtime configs to override properties:

Runtime Config Names Add-on Names
ops_manager_dns_runtime
  • bosh_dns
  • bosh_dns_windows
ops_manager_system_metrics_runtime
  • system_metrics_agent
  • system_metrics_agent_windows

For example, although you cannot change the log level for the BOSH DNS logs through the Ops Manager UI, you can change the log level using the /api/v0/staged/director/runtime_configs/overrides endpoint. Increase the log level to DEBUG for more information or decrease the level for less verbose logs.

For more information, see:

View Certificates in the Ops Manager UI

The Ops Manager UI introduces a new page called Certificates. This page displays all the certificates listed by the /api/v0/deployed/certificates endpoint, as well as the following details:

  • Certificate name: The name of the certificate.
  • Product GUID: The product for which the certificate is issued, such as BOSH or MySQL.
  • Location: Whether the certificate is stored in Ops Manager or CredHub.
  • Type: Whether the certificate is a leaf certificate or a certificate authority (CA).
  • Configurable: Whether the certificate is configurable.
  • Valid until: The expiration date of the certificate and the number of days before expiration.

For more information, see Using the Ops Manager Interface.

CredHub Maestro Runs Safety Checks During Certificate Rotation

CredHub Maestro v8.0, which is included in Ops Manager v2.10, performs basic safety checks when rotating certificates to prevent unsafe operations.

The Ops Manager API invokes the CredHub Maestro CLI when rotating certificates. If an Ops Manager API certificate rotation command is out-of-order or unsafe, CredHub Maestro stops the command and returns one or more safety violation errors.

To observe this feature in Ops Manager v2.10 certificate rotation API calls, you must have Pivotal Application Service (PAS) v2.8.2 and later or TAS for VMs v2.9 and later installed, and you must not have any version of VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) installed. If you are using an earlier version of PAS or have any version of TKGI installed, Ops Manager still runs safety checks, but they are not as comprehensive as CredHub Maestro safety checks.

For more information, see Troubleshooting CredHub Maestro Safety Violations During Certificate Rotation, Overview of Certificate Rotation, and Advanced Certificate Rotation with CredHub Maestro.

Breaking Changes in Ops Manager v2.10

Ops Manager v2.10 includes the following breaking changes:

CredHub Maestro Removes the “update-transitional latest” Command

Ops Manager v2.10 includes CredHub Maestro v8.0. In this version of CredHub Maestro, the maestro update-transitional latest command is removed.

If you have scripts that rely on the maestro update-transitional latest command, remove references to the command before you upgrade to Ops Manager v2.10.

In CredHub Maestro v8.0, you run maestro regenerate ca to regenerate a certificate authority (CA) and mark the latest version of the CA as transitional. This command performs both actions, while previous versions of CredHub Maestro use a separate command for each task.

For information about rotating CAs and certificates using CredHub Maestro, see Advanced Certificate Rotation with CredHub Maestro.

Metrics Server Configuration Causes BOSH Director Deployment to Fail During Upgrade

During an upgrade to Ops Manager v2.10, the BOSH Director deployment and subsequent upgrade may fail due to the default enablement of the metrics-server job.

The cause of this upgrade failure is the presence of a tile, such as any version of Tanzu Kubernetes Grid Integrated Edition (TKGI), that is incompatible with Ops Manager v2.10 due to its default metrics-server enablement.

To work around this issue, see the BOSH Director fails with non-running job during upgrade to Ops Manager 2.10 Knowledge Base article.

Known Issues

Ops Manager v2.10 includes the following known issue:

Metrics Server Configuration Causes BOSH Director Deployment to Fail During Upgrade

During an upgrade to Ops Manager v2.10, the BOSH Director deployment and subsequent upgrade may fail due to the default enablement of the metrics-server job. An error similar to the following appears in the metrics-server logs.

Required property 'networks' was not specified in object ({"vm_extensions"=>[{"cloud_properties"=>{"vmx_options"=>{"disk.enableUUID"=>"1"}}, "name"=>"disk_enable_uuid"}, {"cloud_properties"=>{"upgrade_hw_version"=>true}, "name"=>"set_version_hardware"}]}) (Bosh::Director::ValidationMissingField)

The cause of this upgrade failure is the presence of a tile, such as any version of Tanzu Kubernetes Grid Integrated Edition (TKGI), that is incompatible with Ops Manager v2.10 due to its default metrics-server enablement.

To workaround this issue, see the BOSH Director fails with non-running job during upgrade to Ops Manager 2.10 Knowledge Base article.

This issue is resolved in Ops Manager v2.10.1.

Increased Logging Slows Platform Functions

If your Loggregrator does not have sufficient memory to handle the increased system metrics emitted in Ops Manager v2.8 and later, you may experience dropped logs and slow consumers. This can impact logging and metrics platform functions.

To solve this issue, do the following:

  • If you have TAS for VMs, scale Loggregrator to handle the increased volume. See Scaling Up TAS for VMs.

  • In Ops Manager v2.9 or later, you can disable these system metrics if you don’t need them. To do this, disable Enable additional System Metrics in the Director Config pane of the BOSH Director tile. For a list of metrics collected, see System Metrics Agent in GitHub.

For more information on this feature, see All Platform VMs Emit System Metrics.

Reset Manually Set Certificates in CredHub Before Rotating Certificates with the Ops Manager API

If you have manually set any certificates in CredHub on Ops Manager v2.6 or earlier, you need to reset those certificates before using the Ops Manager API to rotate CredHub certificates.

Resetting these certificates is not a required condition for the Ops Manager v2.10 upgrade. You can reset them either before or after the upgrade.

To reset a certificate in CredHub, see Reviewing and Resetting Manually Set Certificates in CredHub.

For more information about rotating certificates using the Ops Manager API, see Overview of Certificate Rotation. For more information about the certificate_authorities/active/regenerate endpoint, see Rotate Certificates in the Ops Manager API documentation.