LATEST VERSION: 1.12 - CHANGELOG

Pivotal Cloud Foundry

Download Ask for Help PCF Knowledge Base PDF

Pivotal Cloud Foundry Ops Manager v1.11 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2017.

Read more about the certified provider program and the requirements of providers.

How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v1.11.

1.11.12

[Security Fix] Bumps stemcell to 3421.26 to address USN-3420-2.

Bumps CredHub to 1.0.6.

Component	Version
Stemcell	3421.26*
BOSH Director	262.4
`bosh-init`	0.0.103
CredHub	1.0.6*
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.11

[Bug Fix] If a job is configured to use the default number of instances, a request to the resource_config API endpoint now returns "instances": "automatic".

Component	Version
Stemcell	3421.20
BOSH Director	262.4
`bosh-init`	0.0.103
CredHub	1.0.4
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.10

[Security Fix] Bumps stemcell to 3421.20 to address USN-3392-2.

Bumps BOSH Director to 262.4.

Component	Version
Stemcell	3421.20*
BOSH Director	262.4*
`bosh-init`	0.0.103
CredHub	1.0.4
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.9

Bumps CredHub to 1.0.4.

Component	Version
Stemcell	3421.19
BOSH Director	262.3
`bosh-init`	0.0.103
CredHub	1.0.4*
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.8

[Security Fix] Bumps stemcell to 3421.19 to address USN-3385-2.

Component	Version
Stemcell	3421.19*
BOSH Director	262.3
`bosh-init`	0.0.103
CredHub	1.2.0
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.7

[Security Fix] Bumps stemcell to 3421.18 to address USN-3378-2.
Bumps CredHub to 1.2.0.
[Feature] Adds the GET api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint when upgrading a tile that contains CredHub variable migrations.

[Feature] Adds the DELETE api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint to delete credentials staged in installation.yml after migrating them to CredHub.

Component	Version
Stemcell	3421.18*
BOSH Director	262.3
`bosh-init`	0.0.103
CredHub	1.2.0*
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.6

[Feature] AWS operators can use IAM instance profiles in the ap-south-1, ca-central-1, eu-west-2, and us-east-2 regions.
[Bug Fix] Configuring a thin-provisioned ephemeral disk in Ops Manager now creates a thin-provisioned disk in vSphere. In the vSphere Config section of the Director tile, if you set the Virtual Disk Type to Thin for any ephemeral disks, Ops Manager redeploys the disks after applying this patch.
[Bug Fix] Ops Manager no longer hard-codes the entity_ID when configuring UAA with SAML.
[Bug Fix] POST /api/v0/setup now exposes the http, https, and no_proxy fields.

[Feature Improvement] The cache-control header value in Ops Manager HTTP responses now includes no-store.

Component	Version
Stemcell	3421.9
BOSH Director	262.3
`bosh-init`	0.0.103
CredHub	1.0.1
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.5

Bumps BOSH Director to 262.3.

Component	Version
Stemcell	3421.9
BOSH Director	262.3*
`bosh-init`	0.0.103
CredHub	1.0.1
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.4

[Feature] Adds support for Google Shared Virtual Private Cloud (VPC) networks on GCP. For more information, see Configuring a Shared VPC on GCP.
[Bug Fix] The Resource Config page no longer returns a 500 error when importing an installation with non-default VM sizes.
[Bug Fix] Ops Manager deploys Diego cells using the correct AWS VM types when upgrading.
[Bug Fix] Cleaning up unused products should no longer remove a currently-configured stemcell.

Bumps BOSH Director to 262.2.

Component	Version
Stemcell	3421.9
BOSH Director	262.2*
`bosh-init`	0.0.103
CredHub	1.0.1
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.3

[Bug Fix] Configures BOSH Director memory to a minimum of 6 GB to mitigate the deployment hanging issue.

Component	Version
Stemcell	3421.9
BOSH Director	262.1
`bosh-init`	0.0.103
CredHub	1.0.1
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.2

[Security Fix] Bumps stemcell to 3421.9 to address USN-3334-1.
Bumps bosh-init to 0.0.103.

Bumps CredHub to 1.0.1.

Component	Version
Stemcell	3421.9*
BOSH Director	262.1
`bosh-init`	0.0.103*
CredHub	1.0.1*
UAA	41
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.1

[Feature] Tile Authors can migrate an existing non-configurable secret to CredHub and delete the secret from installation.yml.
[Feature] The api/v0/installations/commit API endpoint returns an error if credentials are staged.
[Bug Fix] Corrects NSX password help text.
[Bug Fix] For deployments that include more than one tile, clicking Changelog no longer results in a 500 error.

Bumps UAA to 41.

Component	Version
Stemcell	3421.3
BOSH Director	262.1
`bosh-init`	0.0.101
CredHub	1.0.0
UAA	41*
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.0

Version 1.11.0 of Ops Manager consists of the following component versions:

Component	Version
Stemcell	3421.3
BOSH Director	262.1
`bosh-init`	0.0.101
CredHub	1.0.0
UAA	40
AWS CPI	65
Azure CPI	24
GCP CPI	25.9.0
OpenStack CPI	27
vSphere CPI	41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

New Features in Ops Manager v1.11.0

Ops Manager API

Operators can now use the Ops Manager API to trigger an installation process for Ops Manager Director only, skipping the deployment of all other products that have pending changes in Ops Manager. The Ops Manager Director tile must be configured to be deployed. For more information about using this Ops Manager API feature, see the Applying Changes to Ops Manager Director topic.

Ops Manager VM Improved Logging

Ops Manager v1.11.0 logs all activity of commands on the Ops Manager VM using Audit D.

Ops Manager VM Hardening

The Ops Manager VM is now built on the stemcell. For enhanced security to maintain consistency with industry standards, Ops Manager VMs should now pass security scans with the same success rates as other BOSH-deployed VMs.

As of v1.11.0, sudo without a password is disabled by default on the Ops Manager VM. Customers that have scripts that SSH into the Ops Manager VM and perform tasks as sudo should update their scripts.

NSX Integration

Operators can use Ops Manager v1.11 to configure their BOSH Director to talk to NSX. Ops Manager v1.11 supports NSX-V 6.2+.

Ops Manager has API endpoints to configure NSX security groups and load balancers per job on vSphere appliances. For more information about this feature, see the Configuring Ops Manager Director for VMware vSphere topic.

Azure Managed Disk

Ops Manager now allows operators to deploy using Azure’s new fully managed storage service. With this new service, users no longer have to manually manage their storage capacity. For more information about how to use the managed disk feature, see the Configuring Ops Manager Director on Azure topic.

BOSH CLI v2

The Ops Manager VM includes the BOSH CLI v2. For more information about the BOSH CLI v2, see the BOSH documentation topic.

Introducing CredHub

CredHub is a centralized credential management component for your PCF deployment. CredHub secures credential generation, storage, lifecycle management, and access.

Ops Manager v1.11 deploys CredHub co-located on the BOSH Director VM.

Learn more about CredHub in the PCF Tile Developers Guide CredHub topic.

All Director Logs Go to Syslog

The BOSH Director now sends all logs to syslog, to preserve logs in case of catastrophic deployment loss.

Learn more about Pivotal’s log format in the Logs, Metrics, and Nozzles topic.

Learn how to set up syslog in the Configuring Ops Manager Director topic specific to your IaaS.

Your IaaS provider	Configuration topic
AWS	Configuring Ops Manager Director on AWS
Azure	Configuring Ops Manager Director on Azure
GCP	Configuring Ops Manager Director on GCP
OpenStack	Configuring Ops Manager Director on OpenStack
vSphere	Configuring Ops Manager Director on vSphere

Worker Configuration

Operators can now configure the number of workers that are available on the BOSH Director. For more information, see the Director Config Page section of the Configuring Ops Manager Director topic specific to your IaaS.

JMX Provider IP Address

The Director Configuration form in Ops Manager now includes a new field called JMX Provider IP Address that configures the JMX JSON plugin for the secure transportation of metrics. For more information, see the Director Config Page section of the Configuring Ops Manager Director topic specific to your IaaS.

Updated VM Catalog

Ops Manager v1.11 has an updated VM catalog for the AWS appliances that includes the new m4, c4, and r4 instance types. For more information, see the Resource Config Page section of the Configuring Ops Manager Director topic for AWS.

BOSH Updates

The following list sections updates in the new BOSH version that are not exposed by Ops Manager, but may be helpful for operators and tile developers for improving their workflows.

BOSH Director

Ops Manager v1.11.0 uses BOSH v262.1, which includes the following changes to the BOSH Director:

Integration with upcoming bbr binary for backups/restore
- Added bin/bbr/backup and bin/bbr/restore scripts to director and blobstore jobs
Integration with CredHub for secure configuration management
- Added variables CLI command to list which variables are in use by a deployment
Added bosh.releases.upload and bosh.stemcells.upload UAA scopes to allow release and stemcell uploads

For a full list of updates and fixes in the new BOSH version that Ops Manager uses, see the BOSH release notes, beginning with v262.

Stemcell

Ops Manager 1.11.0 uses Stemcell 3421.3. Below is the major change in Stemcell 3421.3:

Bump Ubuntu stemcells for USN-3304-1: Sudo vulnerability

To view the release page for this stemcell, see the stemcell 3421.3 release notes page.

Bug Fixes

Ops Manager 1.11.0 fixes a bug where Ops Manager was incorrectly setting the signature algorithm when configured with SAML.
The signature algorithm is now defaulted to SHA256.
Ops Manager 1.11.0 fixes a bug where Ops Manager was incorrectly setting the redirect URI for the BOSH UAA.

Known Issues

This section lists known issues for Ops Manager 1.11.

On-Demand Services Require Dedicated Service Networks

If you use any service tile that offers both on-demand and not on-demand modes of operation, clicking Apply Changes in Ops Manager fails if you did not define a dedicated service network for the tile.

To work around this issue, use one of the following methods:

Create a services network on your IaaS for each affected service tile
Create a dummy network in Ops Manager, reserve a block of IP ranges, and disable smoke tests for the on-demand service