Ops Manager v2.9 Release Notes

Page last updated:

Note: Pivotal Platform is now part of VMware Tanzu. In v2.9 and later, Pivotal Operations Manager is named Ops Manager.

This topic contains release notes for Ops Manager v2.9.

For the feature highlights of this release, read the blog post VMware Tanzu Application Service 2.9: Key Enhancements for Transformation at Scale, or see New Features in Ops Manager v2.9.

Ops Manager is certified by the Cloud Foundry Foundation for 2020.

Read more about the certified provider program and the requirements of providers.


Releases

2.9.11

Release Date: September 25, 2020

  • [Bug Fix]: IaasConfigurationVerifier no longer fails on Azure deployments with a 500 error when you click Apply Changes or modify IaaS settings.

  • [Bug Fix]: Actions that require Instance Metadata Service (IMDS), such as configuring antivirus or adding SSH keys, no longer fail on Ops Manager instances deployed in AWS regions that do not have Instance Metadata Service Version 2 (IMDSv2).

  • [Bug Fix]: If you added or activated a CA on Ops Manager v2.7 or earlier, you can then activate or delete that CA after upgrading to Ops Manager v2.9 or later as expected.

  • [Bug Fix]: The Settings page no longer crashes when you attempt to save a long LDAP admin group name that contains spaces.

  • [Feature]: IPsec for VMware Tanzu certificates are excluded from certificate rotation with the Ops Manager API. To rotate IPsec certificates, see Rotating Active IPsec Certificates in the IPsec for VMware Tanzu documentation.

Ops Manager v2.9.11 uses the following component versions:

Component Version
Tanzu Ops Manager2.9.11-build.186*
Stemcell (Bosh Director and Ops Manager)621.84*
BBR SDK1.18.0
BOSH Director270.11.2
BOSH DNS1.24.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.5.13
CredHub Maestro6.0.0
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9
Networking9
OS Conf22.1.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.0
Credhub CLI2.8.0
BBR CLI1.8.0*
Telemetry1.1.1
* Components marked with an asterisk have been updated.

2.9.10

Release Date: September 1, 2020

  • [Feature]: If you click the Support link in the Ops Manager UI, information about expired certificates appears in the Platform Information Bundle.
  • [Bug Fix]: The regenerate API endpoint does not exclude any leaf certificates from rotation.
  • [Bug Fix]: Ops Manager does not crash after you change the LDAP authentication group.
  • [Bug Fix]: The Support Bundle downloads successfully for deploy records that do not have timestamps.

Ops Manager v2.9.10 uses the following component versions:

Component Version
Ops Manager2.9.10-build.177*
Stemcell621.82*
BBR SDK1.18.0
BOSH Director270.11.2*
BOSH DNS1.24.0
Metrics Server0.1.0
System Metrics2.0.11
CredHub2.5.13*
CredHub Maestro6.0.0
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.9*
Networking9
OS Conf22.1.0*
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.4.0*
Credhub CLI2.8.0
BBR CLI1.7.2
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.9.9

Release Date: August 19, 2020

Ops Manager v2.9.9 uses the following component versions:

Component Version
Ops Manager2.9.9-build.164*
Stemcell621.78
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.24.0*
Metrics Server0.1.0*
System Metrics2.0.11
CredHub2.5.12
CredHub Maestro6.0.0
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.3.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.8.0
BBR CLI1.7.2
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.9.8

Release Date: August 7, 2020

  • [Bug Fix]: The Revert Changes button does not appear when there are no pending changes.

Ops Manager v2.9.8 uses the following component versions:

Component Version
Ops Manager2.9.8-build.160*
Stemcell621.78*
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.12
CredHub Maestro6.0.0
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.3.0*
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1
Credhub CLI2.8.0
BBR CLI1.7.2
Telemetry1.1.1
* Components marked with an asterisk have been updated.

v2.9.7

Release Date: July 31, 2020

  • [Bug Fix]: If you have a tile that is not configured and you apply changes, you receive a warning message but changes to other configured tiles are applied. In earlier patches, the apply changes failed. This only happened on vSphere environments.

  • [Bug Fix]: For Redis for VMware Tanzu v2.4 and later, certificates can be rotated by CredHub Maestro.

  • [Bug Fix]: When the Enable additional System Metrics checkbox is cleared on the tile UI, the loggr-system-metrics-agent and loggr-system-metrics-agent-windows jobs of the system-metrics release are removed from the product tile.

  • [Bug Fix]: For the hm_emailer_options.recipients key, the PUT /api/v0/staged/director/properties endpoint accepts the format used by GET /api/v0/staged/director/properties endpoint for this key in addition to the existing format accepted.

  • [Bug Fix]: Version checks for tile dependencies confirm the major, minor, and patch numbers but not build numbers.

Ops Manager v2.9.7 uses the following component versions:

Component Version
Ops Manager2.9.7-build.157*
Stemcell621.77*
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.12
CredHub Maestro6.0.0
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18*
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.1*
Credhub CLI2.8.0*
BBR CLI1.7.2
Telemetry1.1.1*
* Components marked with an asterisk have been updated.

v2.9.6

Release Date: July 1, 2020

  • [Feature]: Operators can rotate Redis certificates.
  • [Feature]: Operators can rotate RabbitMQ certificates.
  • [Bug Fix]: NSX configuration settings are applied to jobs defined in the BOSH Director manifest, including the BOSH Director VM.
  • [Bug Fix]: BOSH Director can deploy on Openstack environments with multiple regions.
  • [Bug Fix]: The Ops Manager /api/v0/staged/director/properties endpoint returns S3 and GCS blobstore credentials.
  • [Bug Fix]: IaasConfigurationVerifier connects to the correct authentication endpoint on Azure Government environments.

Ops Manager v2.9.6 uses the following component versions:

Component Version
Ops Manager2.9.6-build.148*
Stemcell621.76*
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.12
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.17
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0
BOSH CLI6.3.0*
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.0
* Components marked with an asterisk have been updated.

v2.9.5

Release Date: June 11, 2020

  • [Bug Fix]: Ops Manager writes to local log file /var/log/auth.log whether or not remote syslog sink is configured.
  • [Bug Fix]: Ops Manager UAA allows spaces and escaped characters in LDAP external group names.
  • [Bug Fix]: Users can disable the Enable additional System Metrics checkbox added in v2.9.4.

Ops Manager v2.9.5 uses the following component versions:

Component Version
Ops Manager2.9.5-build.144*
Stemcell621.75*
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.12
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.17*
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI54.1.0*
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.0
* Components marked with an asterisk have been updated.

v2.9.4

Release Date: June 4, 2020

  • [Feature]: Adds an Enable additional System Metrics checkbox to the Director Config screen and adds metrics_server_enabled and system_metrics_runtime_enabled accessors to $director. These configurations are used by Tanzu Application Service for VMs (TAS for VMs) deployments.

    Note: The checkbox and accessors are currently placeholders and will only be functional with a future release of TAS for VMs.

  • [Bug Fix]: Tiles that fail to deploy do not appear twice in the GET /api/v0/staged/pending_changes API endpoint output.

Ops Manager v2.9.4 uses the following component versions:

Component Version
Ops Manager2.9.4-build.137*
Stemcell621.74
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.12*
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.16
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI53.0.11
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.0
* Components marked with an asterisk have been updated.

v2.9.3

Release Date: May 22, 2020

Ops Manager v2.9.3 uses the following component versions:

Component Version
Ops Manager2.9.3-build.131*
Stemcell621.74
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.16*
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI53.0.11
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.0
* Components marked with an asterisk have been updated.

v2.9.2

Release Date: May 18, 2020

  • [Bug Fix]: Ensure that the BOSH Director and BOSH Agent use the same keys for S3 Blobstores.
  • [Bug Fix]: Generate the UaaConfig.restricted_view_api_access_client_secret field with a restricted UAA client secret upon upgrade if the field was null prior to upgrade. The Telemetry tile uses this client secret.
  • [Feature Improvement]: The GET /api/v0/deployed/certificates API call returns a list of all the products associated with each certificate, including the product GUIDs.

Ops Manager v2.9.2 uses the following component versions:

Component Version
Ops Manager2.9.2-build.129*
Stemcell621.74*
BBR SDK1.18.0*
BOSH Director270.11.1
BOSH DNS1.21.0*
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.15
BPM1.1.8
Networking9
OS Conf22.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI53.0.11*
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.0
* Components marked with an asterisk have been updated.

v2.9.1

Release Date: May 4, 2020

  • [Feature]: Ops Manager and BOSH Director support the Hong Kong region in AWS.
  • [Feature]: In the Ops Manager UI, the text of the Pivotal Network link is updated to VMware Tanzu Network.
  • [Bug Fix]: Fixes issue where rsyslog stops forwarding logs after first log rotation.
  • [Bug Fix]: Fixes issue where CredHub-generated variables are displayed in plain text on the streaming and historical log pages.
  • [Bug Fix]: Fixes issue in Ops Manager UI where stemcell versions are compared as strings and incorrectly report stemcell out-of-date messages. This resolves Stemcell Library Warns That Stemcells with Triple-Digit Minor Release Numbers Are Out of Date known issue.
  • [Bug Fix]: Fixes issue where Ops Manager API did not mark products as having an update when staged version differs from last successful deploy.
  • [Bug Fix]: Fixes issue where the configurable field incorrectly displays true for auto-generated certificates in CredHub. This issue affected CredHub certificates that set generated to null during the upgrade from Ops Manager v2.6 to v2.7.

Ops Manager v2.9.1 uses the following component versions:

Component Version
Ops Manager2.9.1-build.121*
Stemcell621.71*
BBR SDK1.17.4*
BOSH Director270.11.1
BOSH DNS1.17.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.15*
BPM1.1.8*
Networking9
OS Conf22.0.0*
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI53.0.9
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.0
* Components marked with an asterisk have been updated.

v2.9.0

Release Date: April 10, 2020

Ops Manager v2.9.0 uses the following component versions:

Component Version
Ops Manager2.9.0-build.106*
Stemcell621.59
BBR SDK1.17.2
BOSH Director270.11.1
BOSH DNS1.17.0*
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.11*
BPM1.1.7
Networking9
OS Conf21.0.0
AWS CPI81
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI44
vSphere CPI53.0.9
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.1.0
* Components marked with an asterisk have been updated.

How to Upgrade

To upgrade to Ops Manager v2.9, see Upgrading Ops Manager.

New Features in Ops Manager v2.9

Ops Manager v2.9 includes the following major features:

Ops Manager API Rotates BOSH CredHub Certificates and Certificate Authorities

The certificate_authorities API endpoints in Ops Manager rotates certificates in BOSH CredHub as well as in Ops Manager if the following conditions are met:

  • VMware Tanzu Application Service for VMs (TAS for VMs) v2.9 or later is installed.
  • VMware Tanzu Kubernetes Grid Integrated Edition (TKGI) is not installed.

The Ops Manager API rotates both certificate authorities (CAs) and leaf certificates. However, some certificates in MySQL for VMware Tanzu and VMware Tanzu GemFire are not rotated.

After rotating certificates using the certificate_authorities Ops Manager API endpoints, review the output list of rotated certificates for missing CredHub certificates.

For information about rotating Ops Manager- and BOSH CredHub-managed certificates with the Ops Manager API, see Rotating Certificates.

For information about rotating only CredHub-managed certificates, see Advanced Certificate Rotation with CredHub Maestro.

For more information about the certificate_authorities Ops Manager API endpoint, see the Ops Manager API documentation.

View and Update Ops Manager Authentication Settings

Operators can view and update the current authentication settings through the Ops Manager UI and API.

To view and update authentication settings through the Ops Manager UI:

  1. Go to the Ops Manager Installation Dashboard Settings pane.

  2. Select Internal Authentication Settings.

  3. Edit the current settings.

  4. Click Update.

For more information about accessing the Settings pane, see Setting Page in Using the Ops Manager Interface.

To view and update authentication settings through the Ops Manager API, you can send a valid JSON object to the /api/v0/settings/authentication endpoint. For more information, see Authentication Settings in the Ops Manager API Reference (2.9).

Update the Ops Manager Decryption Passphrase

Operators can update the Ops Manager decryption passphrase by using the /api/v0/settings/decryption-passphrase Ops Manager API endpoint.

View and Update Ops Manager Proxy Settings

Operators can view and update proxy settings in Ops Manager by using the /api/v0/settings/proxy_settings Ops Manager API endpoint.

Advanced Mode UI Banner

Ops Manager displays a banner in the UI when you are in Advanced Mode. This helps you understand when you are in Advanced Mode. It also helps ensure that you remember to exit Advanced Mode.

For more information about how to enable Advanced Mode in Ops Manager, see How to Enable Advanced Mode in the Ops Manager in the Knowledge Base.

Modifications to Locked and Unlockable Fields

Ops Manager v2.9 changes which fields are locked after you deploy the BOSH Director.

You can access these fields in the Ops Manager Director Config pane. For unlockable fields, you can also modify the values of these settings by using the /api/v0/staged/director/properties Ops Manager API endpoint in Advanced Mode.

Standard Field Changes

The following fields are not locked after BOSH Director deployment. You can modify these fields at anytime without entering Advanced Mode.

  • Under S3 Compatible Blobstore:
    • Under S3 Signature Version:
      • S3 Signature Version
      • Under V4 Signature
        • Region
    • Under S3 Backup Strategy:
      • Under Copy into an additional bucket:
        • Backup Bucket Region
        • Backup Bucket Name
  • In the GCS Blobstore section:
    • Bucket Name
    • Storage Class
    • Service Account Key

Unlockable Field Changes

The following fields are locked and you can unlock them in Advanced Mode:

  • Blobstore Location
  • In the S3 Compatible Blobstore section:
    • S3 Endpoint
    • S3 Bucket Name

Permanently Locked Field Changes

The following fields are locked and you cannot unlock them, even in Advanced Mode:

  • Database Location
  • In the CredHub Encryption Provider section:
    • Encryption Key Name
    • Provider Partition

For more information about fields that can be unlocked in Advanced Mode, see the Unlockable Fields section in Ops Manager Fields That Lock On Deploy.

Support for Virtual-Hosted-Style URLs for AWS S3 Blobstores

Ops Manager supports virtual-hosted-style, or domain-style, URLs for AWS S3-compatible blobstores. This allows you to use virtual-hosted-style URLs for S3-compatible blobstores before AWS ends support for path-style URLs after September 30, 2020.

For more information about the end of support for path-style S3 bucket URLs, see Amazon S3 Path Deprecation Plan – The Rest of the Story in the AWS News Blog.

You can specify either path-style or domain-style URLs for S3-compatible blobstores in the S3 URLs Style dropdown in the Ops Manager Director Config pane.

If you used S3-compatible blobstores on Ops Manager v2.8, Ops Manager specifies path-style URLs for the blobstores Ops Manager v2.9 by default. This helps ensure compatibility on upgrade to Ops Manager v2.9.

To specify domain-style URLs for an S3-compatible blobstore:

  1. Go to the Ops Manager Director Config pane.

  2. For Blobstore Location, select S3 Compatible Blobstore.

  3. For the S3 URLs Style dropdown, select domain-style URL.

For more information about the difference between path-style and virtual-hosted-style URLs, see Virtual Hosting of Buckets in the AWS documentation.

Ops Manager API Documentation Uses the Open API Specification

In Ops Manager v2.9, Ops Manager API documentation adopts the Open API Specification (OAS). In addition to general format improvements, this update provides operators with a machine-parsable version of the Ops Manager API docs.

For more information about OAS, see the OpenAPI Specification repository on GitHub.

Ops Manager Enforces Persistent Active CredHub Encryption Key

Ops Manager places extra safeguards around the /api/v0/staged/director/properties API endpoint to ensure that you cannot accidentally delete active CredHub encryption keys through the Ops Manager API:

  • You must always have an active key.
  • You cannot remove keys that are currently active. You can only remove keys after they have been deactivated.

To delete an active CredHub key, you must first deactivate it and activate a new or existing key.

For more information, see Delete Key in Preparing CredHub HSMs for Configuration.

Recreate All VMs Checkbox is Renamed

In the Director Config pane of the BOSH Director tile, the Recreate All VMs checkbox is renamed to Recreate VMs deployed by the BOSH Director.

This new name clarifies which VMs are recreated when you enable this checkbox. The functionality of the checkbox is not changed, and the bosh_recreate_on_next_deploy property remains the same.

For more information, see the BOSH Director configuration topic for your IaaS.

Recreate BOSH Director VM

You can recreate the BOSH Director VM in one of two ways:

  • In the Director Config pane of the BOSH Director tile.

  • With the /api/v0/staged/director/properties Ops Manager API endpoint.

To recreate the BOSH Director VM in the BOSH Director tile:

  1. Go to the Director Config pane.

  2. Enable the Recreate BOSH Director VM checkbox.

  3. Click Apply Changes in the Ops Manager Installation Dashboard.

The checkbox clears after you apply changes. For more information, see the BOSH Director configuration topic for your IaaS.

To recreate the BOSH Director VM through the Ops Manager API, use the /api/v0/staged/director/properties endpoint to set the bosh_recreate_director_on_next_deploy property to true.

This property is set to false by default. For more information about using the api/v0/staged/director/properties endpoint, see Updating director and Iaas properties (Experimental) in the Ops Manager API documentation.

Improved Deployment Log Display

Ops Manager v2.9 includes UI and performance improvements to the deployment log display:

  • Deployment logs render more quickly
  • Stages are more clearly delineated
  • Erroring stage is accessible with one click
  • Start and end time are clearly displayed

Ability to Set the VM-Host Affinity Rule to “Should” for Clusters in vSphere

In Ops Manager v2.9.0 and later, you can modify the VM-Host Affinity Rule for a cluster in the Availability Zones pane.

By default, VM-Host Affinity Rule is set to MUST, which means that all VMs in the cluster must run on hosts in the specified host group. There are no exceptions.

Changing the value to SHOULD means that during normal operations, VMs in the cluster are run on hosts in the specified host group. However, vSphere can start these VMs in another host group in the event of an AZ failure. This flexibility helps ensure high availability for stretched cluster topologies in vSphere.

For information on changing this setting in the Ops Manager UI, see Configuring BOSH Director on vSphere. To change the setting with the Ops Manager API, see Ops Manager API Documentation.

For more information about VM-Host Affinity Rules, see VM-Host Affinity Rules in the vSphere documentation.

For more information about stretched clusters, see Introduction to Stretched Clusters in the vSphere documentation.

Breaking Changes

Ops Manager v2.9 includes the following breaking changes:

Rotating Certificates in Ops Manager

Before performing certificate rotation with Ops Manager v2.9, you must first upgrade both Ops Manager and VMware Tanzu Application Service for VMs (TAS for VMs) to v2.9.

If you rotate certificates with Ops Manager v2.9 and Pivotal Application Service (PAS) v2.8, you can orphan VMs.

Service TLS CA Rotation

Not all Ops Manager service tiles are compatible with CredHub Maestro. If you use CredHub Maestro to rotate the services TLS certificate authority (CA) and you have incompatible tiles in your deployment, then you may experience services downtime or data loss.

Before rotating the services TLS CA with CredHub Maestro, you must check that the tiles in your deployment are compatible. For compatibility information, see CredHub Maestro Tile Compatibility.

To rotate the services TLS CA, see Advanced Certificate Rotation with CredHub Maestro.

Ops Manager v2.9 Incompatible with vSphere Data Center NSX-T v2.2 and Earlier

The BOSH vSphere CPI included with Ops Manager v2.9 does not support NSX-T v2.2 or earlier.

If you are running NSX-T v2.2 or earlier, you must upgrade NSX-T before deploying Ops Manager v2.9.

Known Issues

Ops Manager v2.9 includes the following known issues:

BOSH VMs Report Unresponsive Agent After Activating New Root CA

After activating a new root CA in Ops Manager, some BOSH VMs report an unresponsive agent. This error occurs if you do not recreate all service instances for a service tile when rotating the root CA.

You can recreate all service instances by enabling the Recreate all service instance errand in the service tile before applying changes.

For service tiles that do not have this errand, first apply changes in Ops Manager and then run the following BOSH command manually for each service instance deployment:

bosh -d SERVICE-INSTANCE-DEPLOYMENT recreate

Where SERVICE-INSTANCE-DEPLOYMENT is the BOSH deployment name of the service instance.

For more information, see Rotate CAs and Leaf Certificates.

The services tiles that do not have the Recreate all service instance errand include:

  • VMware Tanzu GemFire
  • MySQL for Pivotal Platform v2.7.5 and earlier
  • MySQL for PCF v2.6.6 and earlier
  • MySQL for PCF v2.5.10 and earlier
  • RabbitMQ for PCF v1.15.4 and earlier
  • Redis for PCF v2.0.22 and earlier

Reset Manually Set Certificates in CredHub Before Rotating Certificates with the Ops Manager API

If you have manually set any certificates in CredHub on Ops Manager v2.6 or earlier, you need to reset those certificates before using the Ops Manager API to rotate CredHub certificates.

Resetting these certificates is not a required condition for the Ops Manager v2.9 upgrade. You can reset them either before or after the upgrade.

To reset a certificate in CredHub, see Reviewing and Resetting Manually Set Certificates in CredHub.

For more information about rotating certificates using the Ops Manager API, see Rotating Certificates. For more information about the certificate_authorities/active/regenerate endpoint, see Rotate Certificates in the Ops Manager API documentation.

Increased Logging Slows Platform Functions

If your Loggregrator does not have sufficient memory to handle the increased system metrics emitted in Ops Manager v2.8 and later, you may experience dropped logs and slow consumers. This can impact logging and metrics platform functions.

To solve this issue, do the following:

  • If you have TAS for VMs, scale Loggregrator to handle the increased volume. See Scaling Up TAS for VMs.

  • In Ops Manager v2.9 or later, you can disable these system metrics if you don’t need them. To do this, disable Enable additional System Metrics in the Director Config pane of the BOSH Director tile. For a list of metrics collected, see System Metrics Agent in GitHub.

For more information on this feature, see All Platform VMs Emit System Metrics.

Stemcell Library Warns That Stemcells with Triple-Digit Minor Release Numbers Are Out of Date

In Ops Manager v2.9.0, when you upload a stemcell with a triple-digit minor release number to the Ops Manager Stemcell Library, you see a warning that the stemcell is out of date.

This is because Ops Manager erroneously interprets triple-digit minor release numbers, such as Ubuntu Xenial stemcell 456.100, as being older than double-digit minor release numbers, such as Ubuntu Xenial stemcell 456.98. The Stemcell Library then erroneously lists the most recent double-digit minor release stemcell you uploaded as the required stemcell.

You can use stemcells with triple-digit minor release numbers and ignore the warning.

This is resolved in Ops Manager v2.9.1.