PCF Ops Manager v1.11 Release Notes

Page last updated:

Warning: Pivotal Cloud Foundry (PCF) v1.11 is no longer supported because it has reached the End of General Support (EOGS) phase. To stay up to date with the latest software and security updates, upgrade to a supported version.

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2017.

Read more about the certified provider program and the requirements of providers.

How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v1.11.

1.11.29

• [Bug Fix]: You can now delete an unused AZ in an installation after clicking Apply Changes.
• [Security Fix]: Bumps Nogokiri to 1.8.4 to remediate CVE-2017-15412.
• [Security Fix]: Bumps Sprokets to 3.72 or later to remediate CVE-2018-3760.
• [Security Fix]: Files on Ops Manager VM are no longer world-writeable
• [Security Fix]: On vSphere, ubuntu users are now required to enter their password when using sudo.

Ops Manager v1.11.29 uses the following component versions:

1.11.28

• [Security Fix] Bumps stemcell to 3421.63.
• [Bug Fix] Helps alleviate Ruby’s susceptibility to high memory usage. May prevent the Ops Manager VM from running out of memory during a long VM lifecycle.
• [Bug Fix] Ops Manager UI shows product job log download link only once per instance group rather than for all instances.
• [Bug Fix] The Ops Manager API endpoint /api/v0/deployed/certificates now lists all RSA certificates.

Ops Manager v1.11.28 uses the following component versions:

1.11.27

• [Feature] Makes Azure network and resource group matchers case-insensitive.
• [Bug Fix] Backports GET /api/v0/staged/director/networks to older releases.

Ops Manager v1.11.27 uses the following component versions:

1.11.26

• [Security Fix] Bumps stemcell to 3421.59
• [Bug Fix] The credentials API endpoints for deployed products do not include secrets. For more information about these API endpoints, see Viewing available credentials and Fetching credentials in the Ops Manager API documentation.

Ops Manager v1.11.26 uses the following component versions:

1.11.25

• [Security Fix] Bumps stemcell to 3421.46
• [Feature] You are now able to fetch availability zones (AZs) from the Ops Manager API. For more information, see Fetching availability zones in the Ops Manager API documentation.

Ops Manager v1.11.25 uses the following component versions:

1.11.24

• [Security Fix] Bumps stemcell to 3421.44
• [Bug Fix] When the operator scales down or deletes instance groups, Ops Manager now gives BOSH enough IPs to always successfully deploy.

Ops Manager v1.11.24 uses the following component versions:

1.11.23

• Bumps Ruby to 2.3.6 and Rubygems to 2.6.14.

Ops Manager v1.11.23 uses the following component versions:

1.11.22

• [Security Fix] Bumps stemcell to 3421.42.
• Bumps BOSH Director to 262.7.

Ops Manager v1.11.22 uses the following component versions:

1.11.21

• [Security Fix] Bumps stemcell to 3421.38.
• Increases connection timeout to accommodate large installation exports.

Ops Manager v1.11.21 uses the following component versions:

1.11.20

• [Security Fix] Bumps stemcell to 3421.37.

Ops Manager v1.11.20 uses the following component versions:

1.11.19

• [Security Fix] Bumps stemcell to 3421.36.
• Bumps UAA to v45.7.

Ops Manager v1.11.19 uses the following component versions:

1.11.18

• On Azure, the Internet Connected checkboxes in the Resource Config pane are now deselected by default. Pivot al recommends keeping these checkboxes deselected. For more information, see Step 8: Resource Config Page 19 .
• Bumps AWS CPI to v69.
• Bumps OpenStack CPI to v35.
• Bumps vSphere CPI to v45.1.0.
• Bumps Bosh Director to 262.6

Ops Manager v1.11.18 uses the following component versions:

1.11.17

• Bumps Azure CPI to v34.

Ops Manager v1.11.17 uses the following component versions:

1.11.16

• [Security Fix] Bumps stemcell to 3421.34.

Ops Manager v1.11.16 uses the following component versions:

1.11.15

• [Security Fix] Bumps stemcell to 3421.32.
• Bumps BOSH Director to 262.5.
• Bumps CredHub to 1.0.11.
• Bumps UAA to 45.5.

Ops Manager v1.11.15 uses the following component versions:

1.11.14

• Bumps vSphere CPI to 44.

Ops Manager v1.11.14 uses the following component versions:

1.11.13

• [Bug Fix] Allows the network to ping the Ops Manager VM when installing a tile.
• [Security Fix] Bumps stemcell to 3421.31.
• Bumps CredHub to 1.0.8.
• Bumps UAA to 45.4.

Ops Manager v1.11.13 uses the following component versions:

1.11.12

• [Security Fix] Bumps stemcell to 3421.26 to address USN-3420-2.
• Bumps CredHub to 1.0.6.

Ops Manager v1.11.12 uses the following component versions:

1.11.11

• [Bug Fix] If a job is configured to use the default number of instances, a request to the resource_config API endpoint now returns "instances": "automatic".

Ops Manager v1.11.11 uses the following component versions:

1.11.10

• [Security Fix] Bumps stemcell to 3421.20 to address USN-3392-2.
• Bumps BOSH Director to 262.4.

Ops Manager v1.11.10 uses the following component versions:

1.11.9

• Bumps CredHub to 1.0.4.

Ops Manager v1.11.9 uses the following component versions:

1.11.8

• [Security Fix] Bumps stemcell to 3421.19 to address USN-3385-2.

Ops Manager v1.11.8 uses the following component versions:

1.11.7

• [Security Fix] Bumps stemcell to 3421.18 to address USN-3378-2.
• Bumps CredHub to 1.2.0.
• [Feature] Adds the GET api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint when upgrading a tile that contains CredHub variable migrations.
• [Feature] Adds the DELETE api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint to delete credentials staged in installation.yml after migrating them to CredHub.

Ops Manager v1.11.7 uses the following component versions:

1.11.6

• [Feature] AWS operators can use IAM instance profiles in the ap-south-1, ca-central-1, eu-west-2, and us-east-2 regions.
• [Bug Fix] Configuring a thin-provisioned ephemeral disk in Ops Manager now creates a thin-provisioned disk in vSphere. In the vSphere Config section of the Director tile, if you set the Virtual Disk Type to Thin for any ephemeral disks, Ops Manager redeploys the disks after applying this patch.
• [Bug Fix] Ops Manager no longer hard-codes the entity_ID when configuring UAA with SAML.
• [Bug Fix] POST /api/v0/setup now exposes the http, https, and no_proxy fields.
• [Feature Improvement] The cache-control header value in Ops Manager HTTP responses now includes no-store.

Ops Manager v1.11.6 uses the following component versions:

1.11.5

• Bumps BOSH Director to 262.3.

Ops Manager v1.11.5 uses the following component versions:

1.11.4

• [Feature] Adds support for Google Shared Virtual Private Cloud (VPC) networks on GCP. For more information, see Configuring a Shared VPC on GCP.
• [Bug Fix] The Resource Config page no longer returns a 500 error when importing an installation with non-default VM sizes.
• [Bug Fix] Ops Manager deploys Diego cells using the correct AWS VM types when upgrading.
• [Bug Fix] Cleaning up unused products should no longer remove a currently-configured stemcell.
• Bumps BOSH Director to 262.2.

Ops Manager v1.11.4 uses the following component versions:

1.11.3

• [Bug Fix] Configures BOSH Director memory to a minimum of 6 GB to mitigate the deployment hanging issue.

Ops Manager v1.11.3 uses the following component versions:

1.11.2

• [Security Fix] Bumps stemcell to 3421.9 to address USN-3334-1.
• Bumps bosh-init to 0.0.103.
• Bumps CredHub to 1.0.1.

Ops Manager v1.11.2 uses the following component versions:

1.11.1

• [Feature] Tile Authors can migrate an existing non-configurable secret to CredHub and delete the secret from installation.yml.
• [Feature] The api/v0/installations/commit API endpoint returns an error if credentials are staged.
• [Bug Fix] Corrects NSX password help text.
• [Bug Fix] For deployments that include more than one tile, clicking Changelog no longer results in a 500 error.
• Bumps UAA to 41.

Ops Manager v1.11.1 uses the following component versions:

1.11.0

Version 1.11.0 of Ops Manager consists of the following component versions:

New Features in Ops Manager v1.11

Ops Manager API

Operators can now use the Ops Manager API to trigger an installation process for Ops Manager Director only, skipping the deployment of all other products that have pending changes in Ops Manager. The Ops Manager Director tile must be configured to be deployed. For more information about using this Ops Manager API feature, see the Applying Changes to Ops Manager Director topic.

Ops Manager VM Improved Logging

Ops Manager v1.11 logs all activity of commands on the Ops Manager VM using Audit D.

Ops Manager VM Hardening

The Ops Manager VM is now built on the stemcell. For enhanced security to maintain consistency with industry standards, Ops Manager VMs should now pass security scans with the same success rates as other BOSH-deployed VMs.

As of v1.11, sudo without a password is disabled by default on the Ops Manager VM. Customers that have scripts that SSH into the Ops Manager VM and perform tasks as sudo should update their scripts.

NSX Integration

Operators can use Ops Manager v1.11 to configure their BOSH Director to talk to NSX. Ops Manager v1.11 supports NSX-V v6.2+.

Ops Manager has API endpoints to configure NSX security groups and load balancers per job on vSphere appliances. For more information about this feature, see the Configuring Ops Manager Director for VMware vSphere topic.

Azure Managed Disk

Ops Manager now allows operators to deploy using Azure’s new fully managed storage service. With this new service, users no longer have to manually manage their storage capacity. For more information about how to use the managed disk feature, see the Configuring Ops Manager Director on Azure topic.

BOSH CLI v2

The Ops Manager VM includes the BOSH CLI v2. For more information about the BOSH CLI v2, see the BOSH documentation topic.

Introducing CredHub

CredHub is a centralized credential management component for your PCF deployment. CredHub secures credential generation, storage, lifecycle management, and access.

Ops Manager v1.11 deploys CredHub co-located on the BOSH Director VM.

Learn more about CredHub in the PCF Tile Developers Guide CredHub topic.

All Director Logs Go to Syslog

The BOSH Director now sends all logs to syslog, to preserve logs in case of catastrophic deployment loss.

Learn more about Pivotal’s log format in the Logs, Metrics, and Nozzles topic.

For more information, see the Syslog Page section of the Ops Manager Director installation topic for your IaaS.

Worker Configuration

Operators can now configure the number of workers that are available on the BOSH Director. For more information, see the Director Config Page section of the Ops Manager Director installation topic for your IaaS.

JMX Provider IP Address

The Director Configuration form in Ops Manager now includes a new field called JMX Provider IP Address that configures the JMX JSON plugin for the secure transportation of metrics. For more information, see the Director Config Page section of the Ops Manager Director installation topic for your IaaS.

Updated VM Catalog

Ops Manager v1.11 has an updated VM catalog for the AWS appliances that includes the new m4, c4, and r4 instance types. For more information, see the Resource Config Page section of the Configuring Ops Manager Director for AWS topic.

BOSH Updates

The following list sections updates in the new BOSH version that are not exposed by Ops Manager, but may be helpful for operators and tile developers for improving their workflows.

BOSH Director

Ops Manager v1.11 uses BOSH v262.1, which includes the following changes to the BOSH Director:

• Integration with upcoming bbr binary for backups/restore
  • Added bin/bbr/backup and bin/bbr/restore scripts to director and blobstore jobs
• Integration with CredHub for secure configuration management
  • Added variables CLI command to list which variables are in use by a deployment
• Added bosh.releases.upload and bosh.stemcells.upload UAA scopes to allow release and stemcell uploads

For a full list of updates and fixes in the new BOSH version that Ops Manager uses, see the BOSH release notes, beginning with v262.

Stemcell

Ops Manager v1.11 uses Stemcell 3421.3. Below is the major change in Stemcell 3421.3:

• Bump Ubuntu stemcells for USN-3304-1: Sudo vulnerability

To view the release page for this stemcell, see the stemcell 3421.3 release notes page.

Bug Fixes

• Ops Manager v1.11 fixes a bug where Ops Manager was incorrectly setting the signature algorithm when configured with SAML.
• The signature algorithm is now defaulted to SHA256.
• Ops Manager v1.11 fixes a bug where Ops Manager was incorrectly setting the redirect URI for the BOSH UAA.

Known Issues

This section lists known issues for Ops Manager v1.11.

Missing Stemcell Causes Failure to Deploy

In PCF v1.12 and earlier, the BOSH Director may delete stemcells required by errands. This causes deployments or upgrades to fail with Error: Stemcell doesn't exist. To prevent this error, do the following before you click Apply changes in Ops Manager to upgrade:

1. Download a current stemcell from Pivotal Network.

2. Upload the stemcell by clicking Import a Product in Ops Manager, or by manually running bosh upload-stemcell with the BOSH CLI.

See the Pivotal Knowledge Base article Deploy fails with Error: Stemcell doesn’t exist for details.

This known issue has been fixed in Ops Manager v2.0 and later.

Stemcells Not Included in Installation Export

Ops Manager no longer includes stemcells in the installation export zip file. You may need to re-upload stemcells when importing the installation file into a new Ops Manager instance. You can see product configuration as incomplete if you do not have the appropriate stemcell uploaded. Incomplete tiles that need stemcells are indicated by an orange tile.

This known issue has been fixed in Ops Manager v1.12 and later.

On-Demand Services Require Dedicated Service Networks

If you use any service tile that offers both on-demand and not on-demand modes of operation, clicking Apply Changes in Ops Manager fails if you did not define a dedicated service network for the tile.

To work around this issue, use one of the following methods:

• Create a services network on your IaaS for each affected service tile
• Create a dummy network in Ops Manager, reserve a block of IP ranges, and disable smoke tests for the on-demand service

For more information, see the corresponding Knowledge Base article.

Diego VM Type Defaults to m4 After Upgrading on AWS

If you deployed Diego cells with Ops Manager v1.10, by default AWS deployed them as type r3 with 32 GB RAM. When you upgrade to Ops Manager v1.11, by default the r3 VMs become m4 VMs with only 16 GB RAM. The reduced Diego cell memory can cause insufficient memory issues.

To work around this issue, go to the Resource Config tab and manually select a VM type with at least 32 GB RAM. You can also increase the number of Diego cells to give apps greater memory capacity.

For more information, see the corresponding Knowledge Base article.

Ops Manager Fails to Connect to Newly Supported AWS Regions

Ops Manager v1.11.1 publishes AMIs to the following newly supported AWS regions:

• ap-south-1
• ca-central-1
• eu-west-2
• us-east-2

If you deploy Ops Manager using one of the new regions above and select Use AWS Instance Profile in the AWS Config tab, Ops Manager displays a network connectivity issue.

To work around this issue, go to the AWS Config tab and select the Use AWS Keys option.

For more information, see the corresponding Knowledge Base article.

Changelog Does Not Display

When your deployment includes more than one tile, viewing the logs for your deploy by clicking Changelog on the Ops Manager Installation Dashboard fails.

To view the logs, add .txt to the URL for the log to download it as a raw text file.

For more information, see the corresponding Knowledge Base article.

Incorrect Help Text

For operators using vSphere, the vCenter Config section in Ops Manager v1.11 provides incorrect help text under NSX Networking. Enter your username and password for the NSX manager, not vCenter.

Deployment Hangs or Times Out on vSphere

When deploying with Ops Manager on vSphere, after clicking Apply Changes the deployment either hangs indefinitely or returns Task NUMBER timeout, where NUMBER is the deployment task number.

To work around this issue, navigate to the Resource Config tab in the Ops Manager tile. For the Ops Manager Director job, select a VM type that has at least 8 GB of memory and retry the deployment.

For more information, see the corresponding Knowledge Base article.

Resource Config Page Returns a 500 Error

When importing previous versions of an installation with non-default VM sizes that Ops Manager v1.11 no longer supports, the Resource Config page returns a 500 error.

To work around this issue, use the API to export the list of supported VM types from the old Ops Manager installation and import the list to the new Ops Manager installation.

For more information, see the corresponding Knowledge Base article.