PCF Ops Manager v1.10 Release Notes

Page last updated:

Warning: Pivotal Cloud Foundry (PCF) v1.10 is no longer supported because it has reached the End of General Support (EOGS) phase. To stay up to date with the latest software and security updates, upgrade to a supported version.

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2017.

Read more about the certified provider program and the requirements of providers.

How to Upgrade

The procedure for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v1.10 is documented in the Upgrading Pivotal Cloud Foundry topic.

1.10.27

• [Feature] Makes Azure network and resource group matchers case-insensitive.
• [Bug Fix] Backports GET /api/v0/staged/director/networks to older releases.
• [Bug Fix] Ops Manager gives BOSH sufficient IPs to deploy after scaling down or deleting instance groups.
• [Security Fix] Bumps nginx to 1.13.2.
• [Security Fix] Bumps rubygems to 2.6.13.
• [Security Fix] Bumps postgres to 9.4.16.

Ops Manager v1.10.27 uses the following component versions:

1.10.26

• Bumps Ruby to 2.3.6.

Ops Manager v1.10.26 uses the following component versions:

1.10.25

• Bumps stemcell to 3363.50.
• Bumps BOSH Director to 261.6.

Ops Manager v1.10.25 uses the following component versions:

1.10.24

• Bumps stemcell to 3363.48.
• Increases connection timeout to accommodate large installation exports.

Ops Manager v1.10.24 uses the following component versions:

1.10.23

• Bumps stemcell to 3363.47.

Ops Manager v1.10.23 uses the following component versions:

1.10.22

• Bumps stemcell to 3363.45.
• Bumps UAA to 30.8.

Ops Manager v1.10.22 uses the following component versions:

1.10.21

• On Azure, the Internet Connected checkboxes in the Resource Config pane are now deselected by default. Pivotal recommends keeping these checkboxes deselected. For more information, see Step 8: Resource Config Page .

Ops Manager v1.10.21 uses the following component versions:

1.10.20

• Bumps stemcell to 3363.44

Ops Manager v1.10.20 uses the following component versions:

1.10.19

• Bumps stemcell to 3363.42
• Bumps UAA to 30.7

Ops Manager v1.10.19 uses the following component versions:

1.10.18

• Bumps stemcell to 3363.41
• Bumps UAA to 30.6

Ops Manager v1.10.18 uses the following component versions:

1.10.17

• This release patches Ubuntu Security Notice USN-3420-2. Additional information can be found at https://pivotal.io/security.
• Bumps stemcell to 3363.37

Ops Manager v1.10.17 uses the following component versions:

1.10.16

• Fixes a bug where the resource_config API endpoint could return an inaccurate instance count. As a result of this patch, if a job is configured to use the default number of instances, a GET /api/v0/staged/products/:product_id/jobs/:job_id/resource_config request returns "instances": "automatic".

Ops Manager v1.10.16 uses the following component versions:

1.10.15

• Bumps stemcell to 3363.31
• Bumps BOSH Director to 261.5

Ops Manager v1.10.15 uses the following component versions:

1.10.14

• Bumps stemcell to 3363.30

Ops Manager v1.10.14 uses the following component versions:

1.10.13

• Bumps stemcell to 3363.29

Ops Manager v1.10.13 uses the following component versions:

1.10.12

• Fixes a bug where configuring a thin-provisioned ephemeral disk in Ops Manager created a thick-provisioned disk in vSphere. In the vSphere Config section of the Director tile, if you set the Virtual Disk Type to Thin for any ephemeral disks, Ops Manager redeploys the disks after applying this patch.
• Fixes a bug where Ops Manager hard-coded the entity_ID when configuring UAA with SAML.
• Fixes a bug where POST /api/v0/setup did not expose the http, https, and no_proxy fields.
• Updates the cache-control header value in Ops Manager HTTP responses to include no-store.
• Bumps UAA to 30.5

Ops Manager v1.10.12 uses the following component versions:

1.10.11

• Patches Ubuntu Security Notice USN-3334-1. Additional information can be found at https://pivotal.io/security.
• Bumps stemcell to 3363.26

Ops Manager v1.10.11 uses the following component versions:

1.10.10

• Patches Ubuntu Security Notice USN-3304-1. Additional information can be found at https://pivotal.io/security.
• Bumps stemcell to 3363.25

Ops Manager v1.10.10 uses the following component versions:

1.10.9

• Bumps UAA to 30.4

Ops Manager v1.10.9 uses the following component versions:

1.10.8

• Fixed a bug where Ops Manager was incorrectly setting the signature algorithm when configured with SAML. The signature algorithm is now defaulted to SHA256.
• Fixed a bug where Ops Manager was incorrectly setting the redirect URL for the BOSH UAA.
• Bumped stemcell to 3363.24.

Ops Manager v1.10.8 uses the following component versions:

1.10.7

• Patches CVE-2017-4992. Additional information can be found at https://pivotal.io/security.

Ops Manager v1.10.7 uses the following component versions:

1.10.6

• Bumped stemcell to 3363.20

Ops Manager v1.10.6 uses the following component versions:

1.10.5

• Bumped UAA to v30.1

Ops Manager v1.10.5 uses the following component versions:

1.10.4

• Patches CVE-2017-4972 and CVE-2017-4973. Additional information can be found at https://pivotal.io/security.
• Fixed a bug where public IPs were incorrectly being assigned to service networks on GCP
• Operators can now use the Ops Manager interface to configure the number of Director Worker threads.
• Fixed a bug where Ops Manager would display a 500 Internal Server Error when trying to export an installation.

Ops Manager v1.10.4 uses the following component versions:

1.10.3

• Bumped Azure CPI to v23 inorder to support light stemcells on Windows.

Ops Manager v1.10.3 uses the following component versions:

1.10.2

• Patches USN-3249-2. Additional information can be found at https://pivotal.io/security.

Ops Manager v1.10.2 uses the following component versions:

1.10.1

• Ops Manager can now be deployed in the Azure German Cloud. For detailed step-by-step instructions on how to deploy in the Azure German Cloud, please refer to the documentation here
• Fixed a bug where importing the installation.zip into 1.10.0 was failing with a Nil Class error.

Ops Manager v1.10.0 uses the following component versions:

1.10.0

Version 1.10.0 of Ops Manager consists of the following component versions:

New Features in Ops Manager v1.10

Ops Manager API

Operators can now use the API to automate more tasks, such as configuring tiles, uploading tiles, and fetching upgrades from Pivotal Network. To view the Ops Manager API documentation, browse to https://YOUR-OPS-MANAGER-FQDN/docs.

New Endpoints

The Ops Manager API adds the following endpoints:

• PUT /api/v0/staged/director/network_and_az: Operators can assign a network and singleton availability zone for the Ops Manager Director tile.
• GET /api/v0/staged/cloud_config: Operators can fetch a BOSH cloud config based on the staged state of Ops Manager.
• GET /api/v0/deployed/cloud_config: Operators can fetch a BOSH cloud config based on the deployed state of Ops Manager.
• GET /api/v0/certificate_authorities: Operators can list all root certificate authorities for Ops Manager.
• POST /api/v0/certificate_authorities: Operators can create a root certificate authority.
• POST /api/v0/certificate_authorities/active/regenerate: Operators can rotate non-configurable certificates by deleting all non-configuration certificates and then regenerating them.

  Note: For more information about using the Ops Manager API for certificate rotation, see the Certificate Rotation section below.

• POST /api/v0/certificate_authorities/generate: Operators can generate an additional root certificate authority.
• POST /api/v0/certificate_authorities/:certificate_authority_guid/activate: Operators can activate a root certificate authority, and make all others inactive.
• DELETE /api/v0/certificate_authorities/:certificate_authority_guid: Operators can delete a specific inactive certificate authority from Ops Manager.
• POST /api/v0/staged/installations/commit: Operators can save the installation state as if the deployment was triggered by clicking Apply Changes, preparing the installation manifest. Operators can then fetch the manifest using the /api/v0/deployed/product/[product_id]/manifest endpoint.

Certificate Rotation

Ops Manager ships with a Certificate Authority (CA). This CA generates certificates that are used for communication across various PCF components. These certificates are non-configurable.

Ops Manager now allows you to regenerate non-configurable TLS/SSL certs using the API. For more information, see Rotating Non-Configurable TLS/SSL Certificates.

Ops Manager also allows operators to use an API endpoint to add their own custom CA authority. If added, this custom CA will be used to sign all non-configurable certificates and deployed across all relevant PCF components.

SHA-2

Previous versions of PCF used SHA-1 hashes, while PCF v1.10 uses SHA-2 by default. Both Operations Manager installations and certificates provided by PCF use SHA-2 hashes.

You cannot obtain SHA-2 by upgrading existing environments to PCF v1.10. However, you can convert existing SHA-1 hashes into SHA-2 hashes by rotating your Ops Manager certificates by following the procedure in Regenerating and Rotating Non-Configurable TLS/SSL Certificates.

Azure Government Cloud

Operators can now deploy Ops Manager in an Azure Government Cloud environment. For more information, see Deploying PCF on Azure Government Cloud.

Smart Errands

Errands are scripts that Ops Manager runs to automate tasks. In PCF 1.10, Ops Manager provides three configurations for errands:

• On: The errand always runs.
• Off: The errand never runs.
• When Changed: The errand runs only if the errand configuration in the associated product deployment configuration has changed since the last successful errand run.

If a tile developer does not specify a default configuration for an errand, then Ops Manager applies the When Changed configuration.

Operators should set errand configurations to On for any tile that pushes apps. For example, if your deployment includes the Single Sign-On, Push Notification Service, or PCF Metrics tiles, the errands for these tiles must run automatically to keep up with buildpack patches.

For more information, see Managing Errands in Ops Manager.

BOSH Updates

The following list sections updates in the new BOSH version that are not exposed by Ops Manager, but may be helpful for operators and tile developers for improving their workflows.

BOSH Director

Ops Manager v1.10 uses BOSH v261, which includes the following changes to the BOSH Director:

• Context IDs for Tasks: The Tasks endpoint for the BOSH Director API includes a context_id property. This feature is particularly useful in tracking multiple BOSH tasks that are related. For example, PCF On-Demand Services uses it to track the multiple BOSH tasks involved in the cf create-service process.
• HM Alerts as BOSH Events: You can now view BOSH Health Monitor alerts, such as process restarts and monit alerts, with the bosh events command. The bosh events command provides a historic view of your system, including events such as the creation of VMs. For more information, see the BOSH Events documentation.
• Event filtering query parameters: If you use v2 of the BOSH CLI, you can now use filtering flags for detailed BOSH event recording and querying. For more information, see the BOSH Events documentation.

For a full list of updates and fixes in the new BOSH version that Ops Manager uses, see the BOSH release notes, beginning with v261.

Stemcell

Ops Manager v1.10 uses Stemcell 3363.10. Here are some of the major changes in Stemcell 3363:

• Additional auditd rules
• A new group, bosh_sshers, assigned to the vcap user. Users must belong to this group to use SSH.
• Log Agent API access events are sent in CEF format to syslog via the vcap.agent topic.

For a full list of updates and fixes in the new stemcell that Ops Manager uses, see the stemcell release notes.

Known Issues

This section lists known issues for Ops Manager v1.10.

Missing Stemcell Causes Failure to Deploy

In PCF v1.12 and earlier, the BOSH Director may delete stemcells required by errands. This causes deployments or upgrades to fail with Error: Stemcell doesn't exist. To prevent this error, do the following before you click Apply changes in Ops Manager to upgrade:

1. Download a current stemcell from Pivotal Network.

2. Upload the stemcell by clicking Import a Product in Ops Manager, or by manually running bosh upload-stemcell with the BOSH CLI.

For more information, see the Pivotal Knowledge Base article Deploy fails with Error: Stemcell doesn’t exist.

This known issue has been fixed in Ops Manager v2.0 and later.

Stemcells Not Included in Installation Export

Ops Manager no longer includes stemcells in the installation export zip file. You may need to re-upload stemcells when importing the installation file into a new Ops Manager instance. You can see product configuration as incomplete if you do not have the appropriate stemcell uploaded. Incomplete tiles that need stemcells are indicated by an orange tile.

This known issue has been fixed in Ops Manager v1.12 and later.

On-Demand Services Require Dedicated Service Networks

If you use any service tile that offers both on-demand and not on-demand modes of operation, clicking Apply Changes in Ops Manager fails if you did not define a dedicated service network for the tile.

To work around this issue, use one of the following methods:

• Create a services network on your IaaS for each affected service tile
• Create a dummy network in Ops Manager, reserve a block of IP ranges, and disable smoke tests for the on-demand service

For more information, see the corresponding Knowledge Base article.

Ops Manager Fails to Connect to Newly Supported AWS Regions

Ops Manager v1.10.1 publishes AMIs to the following newly supported AWS regions:

• ap-south-1
• ca-central-1
• eu-west-2
• us-east-2

If you deploy Ops Manager using one of the new regions above and select Use AWS Instance Profile in the AWS Config tab, Ops Manager displays a network connectivity issue.

To work around this issue, go to the AWS Config tab and select the Use AWS Keys option.

For more information, see the corresponding Knowledge Base article.