Upgrading Pivotal Cloud Foundry

Page last updated:

This topic describes upgrading Pivotal Cloud Foundry (PCF) to v1.12. The upgrade procedure below describes upgrading Pivotal Cloud Foundry Operations Manager (Ops Manager), Pivotal Elastic Runtime, and product tiles.

The apps in your deployment continue to run during the upgrade. However, you cannot write to your deployment or make changes to apps during the upgrade.

Important: Read the Release Notes and Breaking Changes for this release, including the Known Issues sections, before starting the upgrade process.

For more details about the impact of upgrading on individual PCF components, see the PAS Component Behavior During Upgrade topic.

Before You Upgrade

This section contains important preparation steps, Preps, that you must follow before beginning an upgrade to Ops Manager v1.12. Failure to follow these instructions may jeopardize your existing deployment data and cause your upgrade to fail.

Pivotal recommends backing up your PCF deployment before upgrading, to restore in the case of failure. To back up a PCF 1.11 deployment, follow the instructions in the Backing Up Pivotal Cloud Foundry with BBR topic.

Prep 1: Migrate the CC and UAA Databases from Postgres to MySQL

Prior to PCF 1.6, Postgres was the default database for Cloud Controller and UAA. PCF 1.6 introduced MySQL as the default database and PCF 1.12 removes the legacy Postgres database VMs.

If your deployment was originally installed before PCF 1.6 and still uses Postgres, you must contact your dedicated Support Engineer or Platform Architect for assistance migrating your Cloud Controller and UAA databases to MySQL. They will have access to the PostgreSQL-to-MySQL Migrator tool and instructions on Pivotal Network.

If you do not migrate to MySQL before upgrading to PCF 1.12, the upgrade will fail during the deployment of the Elastic Runtime tile.

Prep 2: Review File Storage IOPS and Other Upgrade Limiting Factors

During the PCF upgrade process, a large quantity of data is moved around on disk.

To ensure a successful upgrade of PCF, verify that your underlying Elastic Runtime file storage is performant enough to handle the upgrade. For more information about the configurations to evaluate, see Upgrade Considerations for Selecting Pivotal Cloud Foundry Storage.

In addition to file storage IOPS, consider additional existing deployment factors that can impact overall upgrade duration and performance:

Factor Impact
Network latency Network latency can contribute to how long it takes to move app instance data to new containers.
Number of ASGs A large number of Application Security Groups in your deployment can contribute to an increase in app instance container startup time.
Number of app instances and application growth A large increase in the number of app instances and average droplet size since the initial deployment can increase the upgrade impact on your system.

To review example upgrade-related performance measurements of an existing production Cloud Foundry deployment, see the Pivotal Web Services Performance During Upgrade topic.

Prep 3: Verify App Usage Service Remedial Steps

If you are upgrading from a PCF deployment that at one point included Elastic Runtime v1.7.16 or earlier, you must perform the remedial steps outlined in App Usage Data and Events Data Become Corrupted After Upgrade or Install before proceeding with this upgrade.

Warning: If you fail to perform the remedial steps for this issue, this upgrade process may corrupt your existing usage data.

If your deployment contains PCF Log Search, you must remove the product tile before upgrading. Failure to remove this product prior to upgrade may cause issues with your deployment.

Prep 5: Check Certificate Authority Expiration Dates

Depending on the requirements of your deployment, you may need to rotate your Certificate Authority (CA) certificates. The non-configurable certificates in your deployment expire every two years. You must regenerate and rotate them so that critical components do not face a complete outage.

To retrieve information about all the RSA and CA certificates for the BOSH Director and other products in your deployment, you can use the GET /api/v0/deployed/certificates?expires_within=TIME request of the Ops Manager API.

In this request, the expires_within parameter is optional. Valid values for this parameter are d for days, w for weeks, m for months, and y for years. For example, to search for certificates expiring within one month, replace TIME with 1m:

$ curl "https://OPS-MAN-FQDN/api/v0/deployed/certificates?expires_within=1m" \
 -X GET \
 -H "Authorization: Bearer UAA_ACCESS_TOKEN"

For information about how to regenerate and rotate CA certificates, see Managing TLS Certificates.

Prep 6: Review Partner Service Tiles

Some partner service tiles may be incompatible with PCF v1.12. Pivotal is working with partners to ensure their tiles are updated to work with the latest versions of PCF. For information about which partner service releases are currently compatible with PCF v1.12, review the appropriate partners services release documentation at http://docs.pivotal.io, or contact the partner organization that produces the service tile.

Prep 7: Download Upgrade Versions

To minimize disruptions to your deployment during the upgrade, and to satisfy any simultaneous upgrade requirements, download the version of the product files you wish to upgrade from Pivotal Network.

At the minimum, you must download Elastic Runtime v1.12.x.

Prep 8: Prepare Your Environment

  1. Install the releases from your currently deployed version to the target version in sequential order. For example, if your deployment uses Ops Manager v1.8 and you are upgrading to v1.12, you must sequentially install v1.9, v1.10, and v1.11 before proceeding with the upgrade to v1.12.

  2. If you have disabled lifecycle errands for any installed product to reduce deployment time, Pivotal recommends that you re-enable these errands before upgrading. For more information, see the Adding and Deleting Products topic.

  3. Confirm that you have adequate disk space for your upgrades. You need at least 20 GB of free disk space to upgrade PCF Ops Manager and Elastic Runtime. If you plan to upgrade other products, the amount of disk space required depends on how many tiles you plan to deploy to your upgraded PCF deployment.

    To check current persistent disk usage, select the Ops Manager Director tile from the Installation Dashboard. Select Status and review the value of the PERS. DISK column. If persistent disk usage is higher than 50%, select Settings > Resource Config, and increase your persistent disk space to handle the size of the resources. If you do not know how much disk space to allocate, set the value to at least 100 GB.

  4. If not already disabled, disable the VM Resurrector:

    1. From your Installation Dashboard, select the Ops Manager Director tile.
    2. Click Director Config.
    3. Clear the Enable VM resurrector plugin checkbox.
    4. Click Save.
    5. Return to the Installation Dashboard and click Apply Changes.
  5. If your original Elastic Runtime deploy was PCF 1.6 or earlier, rotate non-configurable Director certificates using the Ops Manager API. Follow Step 3 of the Managing TLS Certificates topic to regenerate certificates, or begin with Step 1 to also update the certificate authority (CA).

  6. Check the required machine specifications for Ops Manager v1.12. These specifications are specific to your IaaS. If these specifications do not match your existing Ops Manager, modify the values of your Ops Manager VM instance. For example, if the boot disk of your existing Ops Manager is 50 GB and the new Ops Manager requires 100 GB, then increase the size of your Ops Manager boot disk to 100 GB.

  7. If you are upgrading a vSphere environment, ensure that you have the following information about your existing environment before starting the upgrade:

    • Record the following IP addresses, which you can find in the vSphere web client under Manage > Settings > vApp Options. This is the same information you entered at the end of deploying Ops Manager on vSphere.
      • IP Address of the Ops Manager
      • Netmask
      • Default Gateway
      • DNS Servers
      • NTP Servers
    • Record the following VM hardware information so you can configure the new VM with similar settings. You can find this information in the vSphere web client under Manage > Settings > VM Hardware.
      • CPU
      • Memory
      • Hard Disk 1
      • Network Adapter 1. When you configure the new VM, ensure your network adapters are configured properly and are on the same network.

Prep 9: Upgrade MySQL for PCF

If your PCF deployment includes MySQL for PCF v1.x, download and upgrade to MySQL for PCF v1.10.3 or later. For instructions on how to upgrade MySQL for PCF, see the MySQL for PCF documentation.

Prep 10: Upgrade PCF Metrics for PCF

If your PCF deployment includes PCF Metrics, download and upgrade to PCF Metrics v1.4.0 or later. For instructions on how to upgrade PCF Metrics, see the PCF Metrics documentation.

Prep 11: Upgrade and Configure RabbitMQ for PCF

If your PCF deployment contains RabbitMQ for PCF, download and upgrade RabbitMQ for PCF to v1.9.6 or later. For upgrade instructions, see the RabbitMQ for PCF documentation. As part of the upgrade, ensure that the firewall rules on your Rabbit VM instances allow inbound traffic on port 8301.

Prep 12: Upgrade and Configure Redis for PCF

If your PCF deployment contains Redis for PCF, download and upgrade to Redis for PCF v1.10 or later. Ensure that you complete the following as part of the upgrade:

  • If your PCF deployment currently uses Redis v1.7 or earlier, you must set up a service network to use Redis v1.10.
  • When performing the upgrade, ensure that persistent disk is set to 3.5x the amount of RAM for your Dedicated-VM Redis instances.
  • Ensure you have configured firewall rules on your Redis VM instances.

For upgrade instructions, see the Redis for PCF documentation.

Prep 13: Check OS Compatibility of PCF and BOSH-Managed Add-Ons

Before upgrading to PCF v1.12, operators who have deployed any PCF add-ons such as ClamAV for PCF, IPsec for PCF, or File Integrity Monitoring for PCF, and who have deployed or are planning to deploy PCF Runtime for Windows, must modify the add-on manifest to specify a compatible OS stemcell.

For example, ClamAV for PCF is not supported on Windows. Therefore, the manifest must use an include directive to specify the target OS stemcell of ubuntu-trusty.

To update an add-on manifest, perform the following steps:

  1. Locate your existing add-on manifest file. For example, for ClamAV, locate the clamav.yml you uploaded to the Ops Manager VM.

  2. Modify the manifest to include following include directive to your manifest:

          - os: ubuntu-trusty
  3. Re-upload the manifest file to your PCF deployment. For example instructions, see Create the ClamAV Manifest.

If you are using any other BOSH-managed add-ons in your deployment, you should verify OS compatibility for those component as well. For more information about configuring BOSH add-on manifests, see the BOSH documentation.

Prep 14: Check System Health Before Upgrade

  1. Run bosh cloudcheck to confirm that the VMs are healthy. For more information, see the BOSH Cloudcheck topic.

  2. Check the system health of installed products. In the Installation Dashboard, select the Status tab for each service tile. Confirm that all jobs are healthy.

  3. (Optional) Check the logs for errors before proceeding with the upgrade. For more information, see the Viewing Logs in the Command Line Interface topic.

  4. Confirm there are no outstanding changes in Ops Manager or any other tile. All tiles should be green. Click Apply Changes if necessary.

  5. After applying changes, click Recent Install Logs to confirm that the changes completed cleanly:

    Cleanup complete
    {"type": "step_finished", "id": "clean_up_bosh.cleaning_up"}
    Exited with 0.

Upgrade Ops Manager and Installed Products to v1.12

Step 1: Export Your Installation

  1. In your Ops Manager v1.11.x Installation Dashboard, click the account dropdown and select Settings.

    Upgrade to 1.9

  2. On the Settings screen, select Export Installation Settings from the left menu, then click Export Installation Settings.

    Export install settings

This exports the current PCF installation with all of its assets.

When you export an installation, the export contains the base VM images, necessary packages, and configuration settings, but does not include releases between upgrades if Ops Manager has already uploaded them to BOSH. When backing up PCF, you must take this into account by backing up the BOSH blobstore that contains the uploaded releases. BOSH Backup and Restore (BBR) backs up the BOSH blobstore. For more information, see Backing Up Pivotal Cloud Foundry with BBR.

  • The export time depends on the size of the exported file.
  • Some browsers do not provide feedback on the status of the export process and might appear to hang.

Note: Some operating systems automatically unzip the exported installation. If this occurs, create a ZIP file of the unzipped export. Do not start compressing at the “installation” folder level. Instead, start compressing at the level containing the config.yml file:


Step 2: Upgrade to Ops Manager v1.12

  1. Download the Ops Manager VM Template v1.12.x from the Pivotal Network site.

  2. Record the FQDN address of the existing Ops Manager VM.

  3. To avoid conflicts, power off the existing Ops Manager VM.

  4. Deploy the new Ops Manager VM by following the steps in one of these topics:

  5. When redirected to the Welcome to Ops Manager page, select Import Existing Installation.


  6. When prompted, enter the Decryption Passphrase for this Ops Manager installation. You set this passphrase during your initial installation of Ops Manager.

    Note: If lost, the Decryption Passphrase cannot be recovered.

  7. Click Choose File and browse to the installation ZIP file exported in Step 1 above.

    Decryption passphrase

  8. Click Import.

    Note: Some browsers do not provide feedback on the status of the import process, and might appear to hang.

  9. A “Successfully imported installation” message appears upon completion.


Step 3: Upgrade Elastic Runtime and Product Tiles

  1. After upgrading to Ops Manager v1.12, upgrade your product versions.

  2. Import the product file to your Ops Manager Installation Dashboard.

  3. Hover over the product name in Available Products and click Add.

  4. Click the newly added tile to review any configurable options.

  5. (Optional) If you are using other service tiles, you can upgrade them following the same procedure. See the Upgrading Elastic Runtime and Other Pivotal Cloud Foundry Products topic for more information.

Step 4: Perform Your Upgrade

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Click Apply Changes. This immediately imports and applies upgrades to all tiles in a single transaction.

    WARNING: If the installation fails or returns errors, contact Support. Do not attempt to roll back the upgrade by restarting the previous (v1.11.x) Ops Manager VM.

  3. Click each service tile, select the Status tab, and confirm that all VMs appear and are in good health.

  4. After confirming that the new installation functions correctly, remove the previous (v1.11.x) Ops Manager VM.

Step 5: Secure the Cloud Controller

After deploying PCF, you must secure the Cloud Controller and redeploy.

In previous versions of PCF, the Cloud Controller and Diego communicated insecurely and indirectly through the Cloud Controller Bridge. As of PCF v1.12, the Cloud Controller and Diego can communicate directly over secure TLS, without a bridge component. The Enable button selects this new option, enabling direct, secure communications and deactivating the Cloud Controller Bridge.

In a fresh install of PCF v1.12, the Enable option is selected by default. In upgrades, operators must manually select Enable to deactivate the Cloud Controller Bridge and make the internal communications secure.

Perform the following steps:

  1. Click the Elastic Runtime tile.
  2. Click Cloud Controller.
  3. Under Enable secure communication between Diego and Cloud Controller?, select Enable. Secure cc

  4. Click Save.

Step 6: Complete Your Installation

  1. Navigate to the Ops Manager Installation Dashboard.

  2. Click Apply Changes. This immediately imports and applies upgrades to all tiles in a single transaction.

    WARNING: If the installation fails or returns errors, contact Support. Do not attempt to roll back the upgrade by restarting the previous (v1.11.x) Ops Manager VM.

  3. Click each service tile, select the Status tab, and confirm that all VMs appear and are in good health.

Step 7: Upgrade PCF Isolation Segment

If your deployment contains the PCF Isolation Segment tile, perform the following steps:

Note: For upgrades from PCF v1.11 to v1.12, the Shared and Segment router sharding mode is selected in the PCF Isolation Segment tile by default. This fixes the Apps Deployed to PCF Isolation Segment Unreachable issue. For more information about router sharding, see Sharding Routers for Isolation Segments in Routing for Isolation Segments.

  1. To prepare for switching from the Shared and Segment to the Isolation Segment Only router sharding mode in step 2, do one of the following:

    • (Recommended) Map an arbitrary route to your apps deployed to spaces that are associated with PCF Isolation Segment using the cf map-route command and then unmap the route using the cf unmap-route command. For more information about these cf CLI commands, see Map a Route to Your Application and Unmap a Route in Routes and Domains.
    • Restart your apps deployed to spaces that are associated with PCF Isolation Segment using the cf restart command. For more information about this cf CLI command, see Restart Your Application in Starting, Restarting, and Restaging Applications.

      Note: To avoid app downtime, Pivotal recommends using the cf map-route and cf unmap-route option instead of cf restart.

  2. In the Networking pane of the PCF Isolation Segment tile, select the Isolation Segment Only router sharding mode and click Save. Isolation segment only

  3. (Optional) If you want to configure the Elastic Runtime routers to reject requests for apps within isolation segments, select the Routers reject requests for Isolation Segments checkbox in the Networking pane of the Elastic Runtime tile and click Save.

  4. Navigate to the Ops Manager Installation Dashboard and click Apply Changes.

After you Upgrade

Upgrade cf CLI

To use the experimental push commands, multiple buildpack support, and container networking commands in PCF 1.12, users must upgrade to cf CLI v6.30 or later.

Create a pull request or raise an issue on the source for this page in GitHub