LATEST VERSION: 2.0 - CHANGELOG
Pivotal Cloud Foundry v1.11
Download Ask for Help PCF Knowledge Base PDF

PCF Ops Manager v1.11 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2017.

Read more about the certified provider program and the requirements of providers.

How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v1.11.

1.11.25

  • [Security Fix] Bumps stemcell to 3421.46

  • [Feature] You are now able to fetch availability zones (AZs) from the Ops Manager API. For more information, see Fetching availability zones in the Ops Manager API documentation.

    Component Version
    Stemcell3421.46*
    BOSH Director262.7
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.7
    AWS CPI69
    Azure CPI35
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI45.1.0
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.24

  • [Security Fix] Bumps stemcell to 3421.44

  • [Bug Fix] When the operator scales down or deletes instance groups, Ops Manager now gives BOSH enough IPs to always successfully deploy.

    Component Version
    Stemcell3421.44*
    BOSH Director262.7
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.7
    AWS CPI69
    Azure CPI35
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI45.1.0
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.23

  • Bumps Ruby to 2.3.6 and Rubygems to 2.6.14.

    Component Version
    Stemcell3421.42
    BOSH Director262.7
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.7
    AWS CPI69
    Azure CPI35
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI45.1.0
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.22

  • [Security Fix] Bumps stemcell to 3421.42.

  • Bumps BOSH Director to 262.7.

    Component Version
    Stemcell3421.42*
    BOSH Director262.7*
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.7
    AWS CPI69
    Azure CPI35
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI45.1.0
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.21

  • [Security Fix] Bumps stemcell to 3421.38.

  • Increases connection timeout to accommodate large installation exports.

    Component Version
    Stemcell3421.38*
    BOSH Director262.6
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.7
    AWS CPI69
    Azure CPI35
    GCP CPI25.9.0
    OpenStack CPI27
    vSphere CPI45.1.0
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.20

  • [Security Fix] Bumps stemcell to 3421.37.

    Component Version
    Stemcell3421.37*
    BOSH Director262.6
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.7
    AWS CPI69
    Azure CPI35
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI45.1
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.19

  • [Security Fix] Bumps stemcell to 3421.36.

  • Bumps UAA to v45.7.

    Component Version
    Stemcell3421.36*
    BOSH Director262.6
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.7*
    AWS CPI69*
    Azure CPI35
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI45.1
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.18

  • On Azure, the Internet Connected checkboxes in the Resource Config pane are now deselected by default. Pivot al recommends keeping these checkboxes deselected. For more information, see Step 8: Resource Config Page 19 .
  • Bumps AWS CPI to v69.
  • Bumps OpenStack CPI to v35.
  • Bumps vSphere CPI to v45.1.0.

  • Bumps Bosh Director to 262.6

    Component Version
    Stemcell3421.34
    BOSH Director262.6
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.5
    AWS CPI69*
    Azure CPI35*
    GCP CPI25.9.0
    OpenStack CPI27
    vSphere CPI45.1*
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.17

  • Bumps Azure CPI to v34.

    Component Version
    Stemcell3421.34
    BOSH Director262.5
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.5
    AWS CPI65
    Azure CPI34*
    GCP CPI25.9.0
    OpenStack CPI27
    vSphere CPI44
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.16

  • [Security Fix] Bumps stemcell to 3421.34.

    Component Version
    Stemcell3421.34*
    BOSH Director262.5
    bosh-init0.0.103
    CredHub1.0.11
    UAA45.5
    AWS CPI65
    Azure CPI24
    GCP CPI25.9.0
    OpenStack CPI27
    vSphere CPI44
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.15

  • [Security Fix] Bumps stemcell to 3421.32.
  • Bumps BOSH Director to 262.5.
  • Bumps CredHub to 1.0.11.

  • Bumps UAA to 45.5.

    Component Version
    Stemcell3421.32*
    BOSH Director262.5*
    bosh-init0.0.103
    CredHub1.0.11*
    UAA45.5*
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI44
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.14

  • Bumps vSphere CPI to 44.

    Component Version
    Stemcell3421.31
    BOSH Director262.4
    bosh-init0.0.103
    CredHub1.0.8
    UAA45.4
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI44*
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.13

  • [Bug Fix] Allows the network to ping the Ops Manager VM when installing a tile.
  • [Security Fix] Bumps stemcell to 3421.31.
  • Bumps CredHub to 1.0.8.

  • Bumps UAA to 45.4.

    Component Version
    Stemcell3421.31*
    BOSH Director262.4
    bosh-init0.0.103
    CredHub1.0.8*
    UAA45.4*
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.12

  • [Security Fix] Bumps stemcell to 3421.26 to address USN-3420-2.

  • Bumps CredHub to 1.0.6.

    Component Version
    Stemcell3421.26*
    BOSH Director262.4
    bosh-init0.0.103
    CredHub1.0.6*
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.11

  • [Bug Fix] If a job is configured to use the default number of instances, a request to the resource_config API endpoint now returns "instances": "automatic".

    Component Version
    Stemcell3421.20
    BOSH Director262.4
    bosh-init0.0.103
    CredHub1.0.4
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.10

  • [Security Fix] Bumps stemcell to 3421.20 to address USN-3392-2.

  • Bumps BOSH Director to 262.4.

    Component Version
    Stemcell3421.20*
    BOSH Director262.4*
    bosh-init0.0.103
    CredHub1.0.4
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.9

  • Bumps CredHub to 1.0.4.

    Component Version
    Stemcell3421.19
    BOSH Director262.3
    bosh-init0.0.103
    CredHub1.0.4*
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.8

  • [Security Fix] Bumps stemcell to 3421.19 to address USN-3385-2.

    Component Version
    Stemcell3421.19*
    BOSH Director262.3
    bosh-init0.0.103
    CredHub1.2
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.7

  • [Security Fix] Bumps stemcell to 3421.18 to address USN-3378-2.
  • Bumps CredHub to 1.2.0.
  • [Feature] Adds the GET api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint when upgrading a tile that contains CredHub variable migrations.

  • [Feature] Adds the DELETE api/v0/staged/products/credhub_credentials Ops Manager API endpoint. Operators who deploy PCF manually can use this endpoint to delete credentials staged in installation.yml after migrating them to CredHub.

    Component Version
    Stemcell3421.18*
    BOSH Director262.3
    bosh-init0.0.103
    CredHub1.2*
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.6

  • [Feature] AWS operators can use IAM instance profiles in the ap-south-1, ca-central-1, eu-west-2, and us-east-2 regions.
  • [Bug Fix] Configuring a thin-provisioned ephemeral disk in Ops Manager now creates a thin-provisioned disk in vSphere. In the vSphere Config section of the Director tile, if you set the Virtual Disk Type to Thin for any ephemeral disks, Ops Manager redeploys the disks after applying this patch.
  • [Bug Fix] Ops Manager no longer hard-codes the entity_ID when configuring UAA with SAML.
  • [Bug Fix] POST /api/v0/setup now exposes the http, https, and no_proxy fields.

  • [Feature Improvement] The cache-control header value in Ops Manager HTTP responses now includes no-store.

    Component Version
    Stemcell3421.9
    BOSH Director262.3
    bosh-init0.0.103
    CredHub1.0.1
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.5

  • Bumps BOSH Director to 262.3.

    Component Version
    Stemcell3421.9
    BOSH Director262.3*
    bosh-init0.0.103
    CredHub1.0.1
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.4

  • [Feature] Adds support for Google Shared Virtual Private Cloud (VPC) networks on GCP. For more information, see Configuring a Shared VPC on GCP.
  • [Bug Fix] The Resource Config page no longer returns a 500 error when importing an installation with non-default VM sizes.
  • [Bug Fix] Ops Manager deploys Diego cells using the correct AWS VM types when upgrading.
  • [Bug Fix] Cleaning up unused products should no longer remove a currently-configured stemcell.

  • Bumps BOSH Director to 262.2.

    Component Version
    Stemcell3421.9
    BOSH Director262.2*
    bosh-init0.0.103
    CredHub1.0.1
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.3

  • [Bug Fix] Configures BOSH Director memory to a minimum of 6 GB to mitigate the deployment hanging issue.

    Component Version
    Stemcell3421.9
    BOSH Director262.1
    bosh-init0.0.103
    CredHub1.0.1
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.2

  • [Security Fix] Bumps stemcell to 3421.9 to address USN-3334-1.
  • Bumps bosh-init to 0.0.103.

  • Bumps CredHub to 1.0.1.

    Component Version
    Stemcell3421.9*
    BOSH Director262.1
    bosh-init0.0.103*
    CredHub1.0.1*
    UAA41
    AWS CPI65
    Azure CPI24
    GCP CPI25.9.0
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.1

  • [Feature] Tile Authors can migrate an existing non-configurable secret to CredHub and delete the secret from installation.yml.
  • [Feature] The api/v0/installations/commit API endpoint returns an error if credentials are staged.
  • [Bug Fix] Corrects NSX password help text.
  • [Bug Fix] For deployments that include more than one tile, clicking Changelog no longer results in a 500 error.

  • Bumps UAA to 41.

    Component Version
    Stemcell3421.3
    BOSH Director262.1
    bosh-init0.0.101
    CredHub1.0.0
    UAA41*
    AWS CPI65
    Azure CPI24
    GCP CPI25.9.0
    OpenStack CPI27
    vSphere CPI41
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.11.0

Version 1.11.0 of Ops Manager consists of the following component versions:

Component Version
Stemcell3421.3
BOSH Director262.1
bosh-init0.0.101
CredHub1.0.0
UAA40
AWS CPI65
Azure CPI24
GCP CPI25.9.0
OpenStack CPI27
vSphere CPI41
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

New Features in Ops Manager v1.11.0

Ops Manager API

Operators can now use the Ops Manager API to trigger an installation process for Ops Manager Director only, skipping the deployment of all other products that have pending changes in Ops Manager. The Ops Manager Director tile must be configured to be deployed. For more information about using this Ops Manager API feature, see the Applying Changes to Ops Manager Director topic.

Ops Manager VM Improved Logging

Ops Manager v1.11.0 logs all activity of commands on the Ops Manager VM using Audit D.

Ops Manager VM Hardening

The Ops Manager VM is now built on the stemcell. For enhanced security to maintain consistency with industry standards, Ops Manager VMs should now pass security scans with the same success rates as other BOSH-deployed VMs.

As of v1.11.0, sudo without a password is disabled by default on the Ops Manager VM. Customers that have scripts that SSH into the Ops Manager VM and perform tasks as sudo should update their scripts.

NSX Integration

Operators can use Ops Manager v1.11 to configure their BOSH Director to talk to NSX. Ops Manager v1.11 supports NSX-V 6.2+.

Ops Manager has API endpoints to configure NSX security groups and load balancers per job on vSphere appliances. For more information about this feature, see the Configuring Ops Manager Director for VMware vSphere topic.

Azure Managed Disk

Ops Manager now allows operators to deploy using Azure’s new fully managed storage service. With this new service, users no longer have to manually manage their storage capacity. For more information about how to use the managed disk feature, see the Configuring Ops Manager Director on Azure topic.

BOSH CLI v2

The Ops Manager VM includes the BOSH CLI v2. For more information about the BOSH CLI v2, see the BOSH documentation topic.

Introducing CredHub

CredHub is a centralized credential management component for your PCF deployment. CredHub secures credential generation, storage, lifecycle management, and access.

Ops Manager v1.11 deploys CredHub co-located on the BOSH Director VM.

Learn more about CredHub in the PCF Tile Developers Guide CredHub topic.

All Director Logs Go to Syslog

The BOSH Director now sends all logs to syslog, to preserve logs in case of catastrophic deployment loss.

Learn more about Pivotal’s log format in the Logs, Metrics, and Nozzles topic.

Learn how to set up syslog in the Configuring Ops Manager Director topic specific to your IaaS.

Your IaaS provider Configuration topic
AWS Configuring Ops Manager Director on AWS
Azure Configuring Ops Manager Director on Azure
GCP Configuring Ops Manager Director on GCP
OpenStack Configuring Ops Manager Director on OpenStack
vSphere Configuring Ops Manager Director on vSphere

Worker Configuration

Operators can now configure the number of workers that are available on the BOSH Director. For more information, see the Director Config Page section of the Configuring Ops Manager Director topic specific to your IaaS.

JMX Provider IP Address

The Director Configuration form in Ops Manager now includes a new field called JMX Provider IP Address that configures the JMX JSON plugin for the secure transportation of metrics. For more information, see the Director Config Page section of the Configuring Ops Manager Director topic specific to your IaaS.

Updated VM Catalog

Ops Manager v1.11 has an updated VM catalog for the AWS appliances that includes the new m4, c4, and r4 instance types. For more information, see the Resource Config Page section of the Configuring Ops Manager Director topic for AWS.

BOSH Updates

The following list sections updates in the new BOSH version that are not exposed by Ops Manager, but may be helpful for operators and tile developers for improving their workflows.

BOSH Director

Ops Manager v1.11.0 uses BOSH v262.1, which includes the following changes to the BOSH Director:

  • Integration with upcoming bbr binary for backups/restore
    • Added bin/bbr/backup and bin/bbr/restore scripts to director and blobstore jobs
  • Integration with CredHub for secure configuration management
    • Added variables CLI command to list which variables are in use by a deployment
  • Added bosh.releases.upload and bosh.stemcells.upload UAA scopes to allow release and stemcell uploads

For a full list of updates and fixes in the new BOSH version that Ops Manager uses, see the BOSH release notes, beginning with v262.

Stemcell

Ops Manager 1.11.0 uses Stemcell 3421.3. Below is the major change in Stemcell 3421.3:

  • Bump Ubuntu stemcells for USN-3304-1: Sudo vulnerability

To view the release page for this stemcell, see the stemcell 3421.3 release notes page.

Bug Fixes

  • Ops Manager 1.11.0 fixes a bug where Ops Manager was incorrectly setting the signature algorithm when configured with SAML.
  • The signature algorithm is now defaulted to SHA256.
  • Ops Manager 1.11.0 fixes a bug where Ops Manager was incorrectly setting the redirect URI for the BOSH UAA.

Known Issues

This section lists known issues for Ops Manager 1.11.

Stemcells Not Included in Installation Export

Ops Manager no longer includes stemcells in the installation export zip file. You may need to re-upload stemcells when importing the installation file into a new Ops Manager instance. You can see product configuration as incomplete if you do not have the appropriate stemcell uploaded. Incomplete tiles that need stemcells are indicated by an orange tile.

This known issue has been fixed in Ops Manager v1.12 and later.

On-Demand Services Require Dedicated Service Networks

If you use any service tile that offers both on-demand and not on-demand modes of operation, clicking Apply Changes in Ops Manager fails if you did not define a dedicated service network for the tile.

To work around this issue, use one of the following methods:

  • Create a services network on your IaaS for each affected service tile
  • Create a dummy network in Ops Manager, reserve a block of IP ranges, and disable smoke tests for the on-demand service

For more information, see the corresponding Knowledge Base article.

Diego VM Type Defaults to m4 After Upgrading on AWS

If you deployed Diego cells with Ops Manager 1.10, by default AWS deployed them as type r3 with 32 GB RAM. When you upgrade to Ops Manager 1.11, by default the r3 VMs become m4 VMs with only 16 GB RAM. The reduced Diego cell memory can cause insufficient memory issues.

To work around this issue, go to the Resource Config tab and manually select a VM type with at least 32 GB RAM. You can also increase the number of Diego cells to give apps greater memory capacity.

For more information, see the corresponding Knowledge Base article.

Ops Manager Fails to Connect to Newly Supported AWS Regions

Ops Manager 1.11.1 publishes AMIs to the following newly supported AWS regions:

  • ap-south-1
  • ca-central-1
  • eu-west-2
  • us-east-2

If you deploy Ops Manager using one of the new regions above and select Use AWS Instance Profile in the AWS Config tab, Ops Manager displays a network connectivity issue.

To work around this issue, go to the AWS Config tab and select the Use AWS Keys option.

For more information, see the corresponding Knowledge Base article.

Changelog Does Not Display

When your deployment includes more than one tile, viewing the logs for your deploy by clicking Changelog on the Ops Manager Installation Dashboard fails.

To view the logs, add .txt to the URL for the log to download it as a raw text file.

For more information, see the corresponding Knowledge Base article.

Incorrect Help Text

For operators using vSphere, the vCenter Config section in Ops Manager 1.11.0 provides incorrect help text under NSX Networking. Enter your username and password for the NSX manager, not vCenter.

Deployment Hangs or Times Out on vSphere

When deploying with Ops Manager on vSphere, after clicking Apply Changes the deployment either hangs indefinitely or returns Task NUMBER timeout, where NUMBER is the deployment task number.

To work around this issue, navigate to the Resource Config tab in the Ops Manager tile. For the Ops Manager Director job, select a VM type that has at least 8 GB of memory and retry the deployment.

For more information, see the corresponding Knowledge Base article.

Resource Config Page Returns a 500 Error

When importing previous versions of an installation with non-default VM sizes that Ops Manager 1.11 no longer supports, the Resource Config page returns a 500 error.

To work around this issue, use the API to export the list of supported VM types from the old Ops Manager installation and import the list to the new Ops Manager installation.

For more information, see the corresponding Knowledge Base article.

Create a pull request or raise an issue on the source for this page in GitHub