Upgrading Pivotal Cloud Foundry

Page last updated:

This topic describes upgrading Pivotal Cloud Foundry (PCF) to v1.11. The upgrade procedure below describes upgrading Pivotal Cloud Foundry Operations Manager (Ops Manager), Pivotal Elastic Runtime, and product tiles.

The apps in your deployment continue to run during the upgrade. However, you cannot write to your deployment or make changes to apps during the upgrade.

Important: Read the Release Notes for this release, including the Known Issues sections, before starting the upgrade process.

For more details about the impact of upgrading on individual PCF components, see the Understanding the Effects of Single Components on a Pivotal Cloud Foundry Upgrade topic.

Before You Upgrade

This section contains important preparation steps, Preps, that you must follow before beginning an upgrade to Ops Manager v1.11. Failure to follow these instructions may jeopardize your existing deployment data and cause your upgrade to fail.

Prep 1: Review File Storage IOPS and Other Upgrade Limiting Factors

During the PCF upgrade process, a large quantity of data is moved around on disk.

To ensure a successful upgrade of PCF, verify that your underlying Elastic Runtime file storage is performant enough to handle the upgrade. For more information about the configurations to evaluate, see Upgrade Considerations for Selecting Pivotal Cloud Foundry Storage.

In addition to file storage IOPS, consider additional existing deployment factors that can impact overall upgrade duration and performance:

Factor Impact
Network latency Network latency can contribute to how long it takes to move app instance data to new containers.
Number of ASGs A large number of Application Security Groups in your deployment can contribute to an increase in app instance container startup time.
Number of app instances and application growth A large increase in the number of app instances and average droplet size since the initial deployment can increase the upgrade impact on your system.

To review example upgrade-related performance measurements of an existing production Cloud Foundry deployment, see the Pivotal Web Services Performance During Upgrade topic.

Prep 2: Verify App Usage Service Remedial Steps

If you are upgrading from a PCF deployment that at one point included Elastic Runtime v1.7.16 or earlier, you must perform the remedial steps outlined in App Usage Data and Events Data Become Corrupted After Upgrade or Install before proceeding with this upgrade.

Warning: If you fail to perform the remedial steps for this issue, this upgrade process may corrupt your existing usage data.

Prep 3: Review Partner Service Tiles

Some partner service tiles may be incompatible with PCF v1.11. Pivotal is working with partners to ensure their tiles are updated to work with the latest versions of PCF. For information about which partner service releases are currently compatible with PCF v1.11, review the appropriate partners services release documentation at http://docs.pivotal.io, or contact the partner organization that produces the service tile.

Prep 4: Download Upgrade Versions

To minimize disruptions to your deployment during the upgrade, and to satisfy any simultaneous upgrade requirements, download the version of the product files you wish to upgrade from Pivotal Network.

At the minimum, you must download Elastic Runtime v1.11.x.

Prep 5: Check Certificate Authority Expiration Dates

Depending on the requirements of your deployment, you may need to rotate your Certificate Authority (CA) certificates. The non-configurable certificates in your deployment expire every two years. You must regenerate and rotate them so that critical components do not face a complete outage.

To retrieve information about all the RSA and CA certificates for the BOSH Director and other products in your deployment, you can use the GET /api/v0/deployed/certificates?expires_within=TIME request of the Ops Manager API.

In this request, the expires_within parameter is optional. Valid values for this parameter are d for days, w for weeks, m for months, and y for years. For example, to search for certificates expiring within one month, replace TIME with 1m:

$ curl "https://OPS-MAN-FQDN/api/v0/deployed/certificates?expires_within=1m" \
 -X GET \
 -H "Authorization: Bearer UAA_ACCESS_TOKEN"

For information about how to regenerate and rotate CA certificates, see Managing TLS Certificates.

Prep 6: Prepare Your Environment

  1. Install the releases from your currently deployed version to the target version in sequential order. For example, if your deployment uses Ops Manager v1.8 and you are upgrading to v1.11, you must sequentially install v1.9 and v1.10 before proceeding with the upgrade to v1.11.

  2. IMPORTANT: Back up all critical data prior to upgrading to Ops Manager v1.11. For example, to back up a v1.10 environment, follow the instructions in the v1.10 Backing Up Pivotal Cloud Foundry topic.

  3. If you have disabled lifecycle errands for any installed product to reduce deployment time, Pivotal recommends that you re-enable these errands before upgrading. For more information, see the Adding and Deleting Products topic.

  4. Confirm that you have adequate disk space for your upgrades. You need at least 20 GB of free disk space to upgrade PCF Ops Manager and Elastic Runtime. If you plan to upgrade other products, the amount of disk space required depends on how many tiles you plan to deploy to your upgraded PCF deployment.

    To check current persistent disk usage, select the Ops Manager Director tile from the Installation Dashboard. Select Status and review the value of the PERS. DISK column. If persistent disk usage is higher than 50%, select Settings > Resource Config, and increase your persistent disk space to handle the size of the resources. If you do not know how much disk space to allocate, set the value to at least 100 GB.

  5. If not already disabled, disable the VM Resurrector:

    1. From your Installation Dashboard, select the Ops Manager Director tile.
    2. Click Director Config.
    3. Clear the Enable VM resurrector plugin checkbox.
    4. Click Save.
    5. Return to the Installation Dashboard and click Apply Changes.
  6. Check the required machine specifications for Ops Manager v1.11. These specifications are specific to your IaaS. If these specifications do not match your existing Ops Manager, modify the values of your Ops Manager VM instance. For example, if the boot disk of your existing Ops Manager is 50 GB and the new Ops Manager requires 100 GB, then increase the size of your Ops Manager boot disk to 100 GB.

  7. If you are upgrading a vSphere environment, ensure that you have the following information about your existing environment before starting the upgrade:

    • Record the following IP addresses, which you can find in the vSphere web client under Manage > Settings > vApp Options. This is the same information you entered at the end of deploying Ops Manager on vSphere.
      • IP Address of the Ops Manager
      • Netmask
      • Default Gateway
      • DNS Servers
      • NTP Servers
    • Record the following VM hardware information so you can configure the new VM with similar settings. You can find this information in the vSphere web client under Manage > Settings > VM Hardware.
      • CPU
      • Memory
      • Hard Disk 1
      • Network Adapter 1. When you configure the new VM, ensure your network adapters are configured properly and are on the same network.

Prep 7: Upgrade and Configure RabbitMQ for PCF

If your PCF deployment contains RabbitMQ for PCF, download and upgrade RabbitMQ for PCF to v1.8.19 or v1.9.x.

For upgrade instructions, see the RabbitMQ for PCF documentation.

Ensure that you complete the following as part of the upgrade:

  • Firewall rules on your Rabbit VM instances must allow inbound traffic on port 8301.
  • In the RabbitMQ metrics configuration screen, deselect the Use non-secure communication for metrics checkbox. This checkbox must be unchecked for metrics to be emitted to the Firehose.

Prep 8: Upgrade and Configure Redis for PCF

If your PCF deployment contains Redis for PCF, download and upgrade to Redis for PCF v1.9 or later.

For upgrade instructions, see the Redis for PCF documentation.

Ensure that you complete the following as part of the upgrade:

  • When performing the upgrade process, ensure that persistent disk is set to 3.5x the amount of RAM.
  • Firewall rules on your Redis VM instances must allow inbound traffic on port 8301.

Prep 9: Check OS Compatibility of PCF and BOSH-Managed Add-Ons

Before upgrading to PCF v1.11, operators who have deployed any PCF add-ons (such as ClamAV for PCF, IPsec for PCF, or File Integrity Monitoring for PCF) and who have deployed or are planning to deploy PCF Runtime for Windows must modify the add-on manifest to specify a compatible OS stemcell.

For example, ClamAV for PCF is not supported on Windows. Therefore, the manifest must use an include directive to specify the target OS stemcell of ubuntu-trusty.

Note: IPsec for PCF is not compatible with the RabbitMQ for PCF tile. For more information, see the Best Practices section of the Installing the Pivotal Cloud Foundry IPsec Add-On topic.

To update an add-on manifest, perform the following steps:

  1. Locate your existing add-on manifest file. For example, for ClamAV, locate the clamav.yml you uploaded to the Ops Manager VM.

  2. Modify the manifest to include following include directive to your manifest:

          - os: ubuntu-trusty
  3. Re-upload the manifest file to your PCF deployment. For example instructions, see Create the ClamAV Manifest.

If you are using any other BOSH-managed add-ons in your deployment, you should verify OS compatibility for those component as well. For more information about configuring BOSH add-on manifests, see the BOSH documentation.

Prep 10: Scale Down App Autoscaler

Before upgrading to PCF v1.11, if you are using App Autoscaler, operators must scale down the service to one instance. Otherwise, the App Autoscaler may panic and fail due to leader elections conflicts.

Perform the following steps:

  1. Target the Cloud Controller of your PCF deployment:
    $ cf api api.YOUR-SYSTEM-DOMAIN
  2. Log in:
    $ cf login
  3. Target the system org and the autoscaling space:
    $ cf target -s system -o autoscaling
  4. Scale the App Autoscaler down to one instance:
    $ cf scale autoscale -i 1

Prep 11: Check System Health Before Upgrade

  1. Run bosh cloudcheck to confirm that the VMs are healthy. For more information, see the BOSH Cloudcheck topic.

  2. Check the system health of installed products. In the Installation Dashboard, select the Status tab for each service tile. Confirm that all jobs are healthy.

  3. (Optional) Check the logs for errors before proceeding with the upgrade. For more information, see the Viewing Logs in the Command Line Interface topic.

  4. Confirm there are no outstanding changes in Ops Manager or any other tile. All tiles should be green. Click Apply Changes if necessary.

  5. After applying changes, click Recent Install Logs to confirm that the changes completed cleanly:

    Cleanup complete
    {"type": "step_finished", "id": "clean_up_bosh.cleaning_up"}
    Exited with 0.

Upgrade Ops Manager and Installed Products to v1.11

Step 1: Export Your Installation

  1. In your Ops Manager v1.10.x Installation Dashboard, click the account dropdown and select Settings.

    Upgrade to 1.9

  2. On the Settings screen, select Export Installation Settings from the left menu, then click Export Installation Settings.

    Export install settings

This exports the current PCF installation with all of its assets.

When you export an installation, the export contains the base VM images and necessary packages, and references to the installation IP addresses. As a result, an exported file can be very large, 5 GB or more.

  • The export time depends on the size of the exported file.
  • Some browsers do not provide feedback on the status of the export process and might appear to hang.

Note: Some operating systems automatically unzip the exported installation. If this occurs, create a ZIP file of the unzipped export. Do not start compressing at the “installation” folder level. Instead, start compressing at the level containing the config.yml file:


Step 2: Upgrade to Ops Manager v1.11

  1. Download the Ops Manager VM Template v1.11.x from the Pivotal Network site.

  2. Record the FQDN address of the existing Ops Manager VM.

  3. To avoid conflicts, power off the existing Ops Manager VM.

  4. Deploy the new Ops Manager VM by following the steps in one of these topics:

  5. When redirected to the Welcome to Ops Manager page, select Import Existing Installation.


  6. When prompted, enter the Decryption Passphrase for this Ops Manager installation. You set this passphrase during your initial installation of Ops Manager.

    Note: If lost, the Decryption Passphrase cannot be recovered.

  7. Click Choose File and browse to the installation ZIP file exported in Step 1 above.

    Decryption passphrase

  8. Click Import.

    Note: Some browsers do not provide feedback on the status of the import process, and might appear to hang.

  9. A “Successfully imported installation” message appears upon completion.


Step 3: Upgrade Elastic Runtime and Product Tiles

  1. After upgrading to Ops Manager v1.11, upgrade your product versions.

  2. Import the product file to your Ops Manager Installation Dashboard.

  3. Hover over the product name in Available Products and click Add.

  4. Click the newly added tile to review any configurable options.

  5. (Optional) If you are using other service tiles, you can upgrade them following the same procedure. See the Upgrading Elastic Runtime and Other Pivotal Cloud Foundry Products topic for more information.

Step 4: Complete Your Installation

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Click Apply Changes. This immediately imports and applies upgrades to all tiles in a single transaction.

    WARNING: If the installation fails or returns errors, contact Support. Do not attempt to roll back the upgrade by restarting the previous (v1.10.x) Ops Manager VM.

  3. Click each service tile, select the Status tab, and confirm that all VMs appear and are in good health.

  4. After confirming that the new installation functions correctly, remove the previous (v1.10.x) Ops Manager VM.

Step 5: Disable Consul Locks

After deploying PCF, you must disable Consul locks.

In previous versions of PCF, Consul performed service discovery and provided a distributed locking system. In PCF 1.11, Consul continues to perform service discovery but PCF deploys a new distributed locking system called Locket alongside Consul.

In a fresh install, Consul is disabled by default as the distributed locking system and Locket is enabled. In upgrades, however, operators must disable Consul locks manually to ensure that Locket is the only component that handles distributed locking.

Perform the following steps:

  1. Click the Elastic Runtime tile.
  2. Click Advanced Features.
  3. Select the Skip Consul Locks checkbox. Consul locks
  4. Click Save.
  5. Navigate back to the Ops Manager Installation Dashboard and click Apply Changes to redeploy.

After You Upgrade

Check Loggregator Throughput and Scale Dopplers if Necessary

Since Loggregator now uses the gRPC protocol, your deployment may see an increase in Loggregator message throughput.

Pivotal recommends that you monitor throughput in case you need to scale up Dopplers.

As an example, the following metrics equation measures the percentage of message loss in a deployment using a DataDog nozzle.

100 * ( rate(sum:datadog.nozzle.doppler.loggregator.ingress{*}) +
rate(sum:datadog.nozzle.DopplerServer.listeners.receivedEnvelopes{*}) ) /
(rate(sum:datadog.nozzle.MetronAgent.DopplerForwarder.sentMessages{*}) +
rate(sum:datadog.nozzle.metron.loggregator.egress{*}) )

To measure Loggregator message loss in your deployment, substitute the nozzle configured for your deployment in the above equation.

If you notice an increase in loss percentage, then scale up your Doppler instances.

For more information about monitoring and scaling Loggegrator, see the following documents:

Upgrade cf CLI

To avoid connection issues when tailing logs on the command line, users should upgrade to cf CLI v6.23 or later. This version is the minimum recommended version for use with PCF v1.11.

After you upgrade the cf CLI, if you still encounter a connection issue, make sure you log in and log out again using cf logout and cf login.

Create a pull request or raise an issue on the source for this page in GitHub