Pivotal Cloud Foundry Ops Manager v1.11 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2017.

Read more about the certified provider program and the requirements of providers.


How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v1.11.

1.11.7

  • Adds the GET api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint when upgrading a tile that contains CredHub variable migrations.
  • Adds the DELETE api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint to delete credentials staged in installation.yml after migrating them to CredHub.
  • Bumps CredHub to v1.2.0.
  • Bumps stemcell to 3421.18.
Versions
BOSH Director: v262.3
bosh-init: v0.0.103
Stemcell: 3421.18
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 41
JMX: 3
CredHub: 1.2.0

1.11.6

  • Adds a feature that allows AWS operators to use IAM instance profiles in the ap-south-1, ca-central-1, eu-west-2, and us-east-2 regions.
  • Fixes a bug where configuring a thin-provisioned ephemeral disk in Ops Manager created a thick-provisioned disk in vSphere. In the vSphere Config section of the Director tile, if you set the Virtual Disk Type to Thin for any ephemeral disks, Ops Manager redeploys the disks after applying this patch.
  • Fixes a bug where Ops Manager hard-coded the entity_ID when configuring UAA with SAML.
  • Fixes a bug where POST /api/v0/setup did not expose the http, https, and no_proxy fields.
  • Updates the cache-control header value in Ops Manager HTTP responses to include no-store.
Versions
BOSH Director: v262.3
bosh-init: v0.0.103
Stemcell: 3421.9
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 41
JMX: 3
CredHub: 1.0.1

1.11.5

  • Bumps BOSH Director to v262.3
Versions
BOSH Director: v262.3
bosh-init: v0.0.103
Stemcell: 3421.9
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 41
JMX: 3
CredHub: 1.0.1

1.11.4

Versions
BOSH Director: v262.1
bosh-init: v0.0.103
Stemcell: 3421.9
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 41
JMX: 3
CredHub: 1.0.1


1.11.3

Versions
BOSH Director: v262.1
bosh-init: v0.0.103
Stemcell: 3421.9
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 41
JMX: 3
CredHub: 1.0.1


1.11.2

  • This release patches Ubuntu Security Notice USN-3334-1. Additional information can be found at https://pivotal.io/security.
  • Bumps stemcell to 3421.9
  • Bumps bosh-init to v0.0.103
  • Bumps CredHub to v1.0.1
Versions
BOSH Director: v262.1
bosh-init: v0.0.103
Stemcell: 3421.9
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 41
JMX: 2
CredHub: 1.0.1


1.11.1

  • Fixes a bug where NSX password help text was incorrect
  • Fixes a bug where for deployments that include more than one tile, clicking Changelog results in a 500 error
  • Adds a feature where api/v0/installations/commit errors when there are staged credentials to migrate to CredHub
  • Adds a feature where tile authors can migrate an existing non-configurable secret to CredHub and delete the secret from the installation
  • Bumps UAA to v41
  • Bumps JMX release to v2
Versions
BOSH Director: v262.1
bosh-init: v0.0.101
Stemcell: 3421.3
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 41
JMX: 2


1.11.0

Version 1.11.0 of Ops Manager consists of the following component versions:

Versions
BOSH Director: v262.1
bosh-init: v0.0.101
Stemcell: 3421.3
AWS CPI: 65
Azure CPI: 24
Google Cloud Platform CPI: 25.9.0
OpenStack CPI: 27
vSphere CPI: 41
UAA: 40


New Features in Ops Manager v1.11.0

Ops Manager API

Operators can now use the Ops Manager API to trigger an installation process for Ops Manager Director only, skipping the deployment of all other products that have pending changes in Ops Manager. The Ops Manager Director tile must be configured to be deployed. For more information about using this Ops Manager API feature, see the Applying Changes to Ops Manager Director topic.

Ops Manager VM Improved Logging

Ops Manager v1.11.0 logs all activity of commands on the Ops Manager VM using Audit D.

Ops Manager VM Hardening

The Ops Manager VM is now built on the stemcell. For enhanced security to maintain consistency with industry standards, Ops Manager VMs should now pass security scans with the same success rates as other BOSH-deployed VMs.

As of v1.11.0, sudo without a password is disabled by default on the Ops Manager VM. Customers that have scripts that SSH into the Ops Manager VM and perform tasks as sudo should update their scripts.

NSX Integration

Operators can use Ops Manager v1.11 to configure their BOSH Director to talk to NSX. Ops Manager v1.11 supports NSX-V 6.2+.

Ops Manager has API endpoints to configure NSX security groups and load balancers per job on vSphere appliances. For more information about this feature, see the Configuring Ops Manager Director for VMware vSphere topic.

Azure Managed Disk

Ops Manager now allows operators to deploy using Azure’s new fully managed storage service. With this new service, users no longer have to manually manage their storage capacity. For more information about how to use the managed disk feature, see the Configuring Ops Manager Director on Azure topic.

BOSH CLI v2

The Ops Manager VM includes the BOSH CLI v2. For more information about the BOSH CLI v2, see the BOSH documentation topic.

Introducing CredHub

CredHub is a centralized credential management component for your PCF deployment. CredHub secures credential generation, storage, lifecycle management, and access.

Ops Manager v1.11 deploys CredHub co-located on the BOSH Director VM.

Learn more about CredHub in the PCF Tile Developers Guide CredHub topic.

All Director Logs Go to Syslog

The BOSH Director now sends all logs to syslog, to preserve logs in case of catastrophic deployment loss.

Learn more about Pivotal’s log format in the Logs, Metrics, and Nozzles topic.

Learn how to set up syslog in the Configuring Ops Manager Director topic specific to your IaaS.

Your IaaS provider Configuration topic
AWS Configuring Ops Manager Director on AWS
Azure Configuring Ops Manager Director on Azure
GCP Configuring Ops Manager Director on GCP
OpenStack Configuring Ops Manager Director on OpenStack
vSphere Configuring Ops Manager Director on vSphere

Worker Configuration

Operators can now configure the number of workers that are available on the BOSH Director. For more information, see the Director Config Page section of the Configuring Ops Manager Director topic specific to your IaaS.

JMX Provider IP Address

The Director Configuration form in Ops Manager now includes a new field called JMX Provider IP Address that configures the JMX JSON plugin for the secure transportation of metrics. For more information, see the Director Config Page section of the Configuring Ops Manager Director topic specific to your IaaS.

Updated VM Catalog

Ops Manager v1.11 has an updated VM catalog for the AWS appliances that includes the new m4, c4, and r4 instance types. For more information, see the Resource Config Page section of the Configuring Ops Manager Director topic for AWS.

BOSH Updates

The following list sections updates in the new BOSH version that are not exposed by Ops Manager, but may be helpful for operators and tile developers for improving their workflows.

BOSH Director

Ops Manager v1.11.0 uses BOSH v262.1, which includes the following changes to the BOSH Director:

  • Integration with upcoming bbr binary for backups/restore
    • Added bin/bbr/backup and bin/bbr/restore scripts to director and blobstore jobs
  • Integration with CredHub for secure configuration management
    • Added variables CLI command to list which variables are in use by a deployment
  • Added bosh.releases.upload and bosh.stemcells.upload UAA scopes to allow release and stemcell uploads

For a full list of updates and fixes in the new BOSH version that Ops Manager uses, see the BOSH release notes, beginning with v262.

Stemcell

Ops Manager 1.11.0 uses Stemcell 3421.3. Below is the major change in Stemcell 3421.3:

  • Bump Ubuntu stemcells for USN-3304-1: Sudo vulnerability

To view the release page for this stemcell, see the stemcell 3421.3 release notes page.

Bug Fixes

  • Ops Manager 1.11.0 fixes a bug where Ops Manager was incorrectly setting the signature algorithm when configured with SAML.
  • The signature algorithm is now defaulted to SHA256.
  • Ops Manager 1.11.0 fixes a bug where Ops Manager was incorrectly setting the redirect URI for the BOSH UAA.

Known Issues

This section lists known issues for Ops Manager 1.11.

On-Demand Services Require Dedicated Service Networks

If you use any service tile that offers both on-demand and not on-demand modes of operation, clicking Apply Changes in Ops Manager fails if you did not define a dedicated service network for the tile.

To work around this issue, use one of the following methods:

  • Create a services network on your IaaS for each affected service tile
  • Create a dummy network in Ops Manager, reserve a block of IP ranges, and disable smoke tests for the on-demand service

For more information, see the corresponding Knowledge Base article.

Diego VM Type Defaults to m4 After Upgrading on AWS

If you deployed Diego cells with Ops Manager 1.10, by default AWS deployed them as type r3 with 32 GB RAM. When you upgrade to Ops Manager 1.11, by default the r3 VMs become m4 VMs with only 16 GB RAM. The reduced Diego cell memory can cause insufficient memory issues.

To work around this issue, go to the Resource Config tab and manually select a VM type with at least 32 GB RAM. You can also increase the number of Diego cells to give apps greater memory capacity.

For more information, see the corresponding Knowledge Base article.

Ops Manager Fails to Connect to Newly Supported AWS Regions

Ops Manager 1.11.1 publishes AMIs to the following newly supported AWS regions:

  • ap-south-1
  • ca-central-1
  • eu-west-2
  • us-east-2

If you deploy Ops Manager using one of the new regions above and select Use AWS Instance Profile in the AWS Config tab, Ops Manager displays a network connectivity issue.

To work around this issue, go to the AWS Config tab and select the Use AWS Keys option.

For more information, see the corresponding Knowledge Base article.

Changelog Does Not Display

When your deployment includes more than one tile, viewing the logs for your deploy by clicking Changelog on the Ops Manager Installation Dashboard fails.

To view the logs, add .txt to the URL for the log to download it as a raw text file.

For more information, see the corresponding Knowledge Base article.

Incorrect Help Text

For operators using vSphere, the vCenter Config section in Ops Manager 1.11.0 provides incorrect help text under NSX Networking. Enter your username and password for the NSX manager, not vCenter.

Deployment Hangs or Times Out on vSphere

When deploying with Ops Manager on vSphere, after clicking Apply Changes the deployment either hangs indefinitely or returns Task NUMBER timeout, where NUMBER is the deployment task number.

To work around this issue, navigate to the Resource Config tab in the Ops Manager tile. For the Ops Manager Director job, select a VM type that has at least 8 GB of memory and retry the deployment.

For more information, see the corresponding Knowledge Base article.

Resource Config Page Returns a 500 Error

When importing previous versions of an installation with non-default VM sizes that Ops Manager 1.11 no longer supports, the Resource Config page returns a 500 error.

To work around this issue, use the API to export the list of supported VM types from the old Ops Manager installation and import the list to the new Ops Manager installation.

For more information, see the corresponding Knowledge Base article.

Create a pull request or raise an issue on the source for this page in GitHub