Pivotal Cloud Foundry Ops Manager v1.12 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2017.

Read more about the certified provider program and the requirements of providers.


How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v1.12.

1.12.2

  • [Feature] Ops Manager supports uploading Windows 2016 stemcells.
  • [Feature] Tile Authors can set the default instance count for an errand to zero.

    Component Version
    Stemcell3445.11
    BOSH Director263.2
    CredHub1.3.2
    UAA45
    AWS CPI66
    Azure CPI27
    GCP CPI25.9.0
    OpenStack CPI32
    vSphere CPI44
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.12.1

  • [Security Fix] Bumps stemcell to 3445.11 to address USN-3420-2.
  • Bumps CredHub to 1.3.2.

    Component Version
    Stemcell3445.11*
    BOSH Director263.2
    CredHub1.3.2*
    UAA45
    AWS CPI66
    Azure CPI27
    GCP CPI25.9.0
    OpenStack CPI32
    vSphere CPI44
    * Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.

1.12.0

Version 1.12.0 of Ops Manager consists of the following component versions:

Component Version
Stemcell3445.7
BOSH Director263.2
CredHub1.3.0
UAA45
AWS CPI66
Azure CPI27
GCP CPI25.9.0
OpenStack CPI32
vSphere CPI44
* Components marked with an asterisk have been patched to resolve security vulnerabilities or fix component behavior.


New Features in Ops Manager v1.12.0

Google Shared Virtual Private Cloud

Google Shared Virtual Private Cloud (VPC), formerly known as Google Cross-Project Networking (XPN), enables you to assign GCP resources to individual projects within an organization but allows communication and shared services between projects. For more information about this feature, see the Configuring a Shared VPC on GCP topic.

AWS GovCloud (US)

Operators can deploy Ops Manager v1.12 to AWS GovCloud (US). For more information about deploying AWS GovCloud (US), see the following AWS installation topics:

Migrate Non-Configurable Secrets to CredHub

Tile Authors can write a JavaScript migration to move their existing non-configurable secrets into CredHub. Ops Manager v1.12 supports migrating secret, simple_credential, rsa_pkey_credential, and salted_credential types.

For more information about this feature, see the Migrating Existing Credentials to CredHub topic in the PCF Tile Developers Guide.

Commit GET and DELETE Endpoints

Ops Manager v1.12.0 adds two API endpoints for operators who deploy PCF manually. If you use Ops Manager to generate manifests that you deploy on your own with BOSH, the /commit endpoint fails when a tile upgrade contains CredHub credential variables.

Before upgrading a tile, use the GET endpoint to retrieve a file that contains the credentials. Migrate the credentials to CredHub using the CredHub CLI, then use the DELETE endpoint to delete the credentials staged in installation.yml.

For more information, see the corresponding Knowledge Base article.

BOSH CLI v2

Ops Manager v1.12.0 uses the new version of the BOSH CLI.

Breaking Change: BOSH CLI output formatting has changed. If your deployment uses scripts that rely on BOSH output, you must refactor them to interpret BOSH CLI v2 command output.

The Ops Manager VM includes both versions of the BOSH CLI. You can run BOSH CLI v1 commands using bosh and BOSH CLI v2 commands using bosh2, but many BOSH CLI v1 commands are incompatible with the BOSH Director. See the corresponding Knowledge Base article for more information.

In the Credentials tab in Ops Manager, click the link to Bosh2 Commandline Credentials for a command that you can copy and paste to log in to the bosh2 CLI.

For more information about the differences between the old and new versions of the BOSH CLI, see the BOSH documentation.

OpenStack Network Changes

Ops Manager v1.12.0 uses OpenStack CPI v32. In this version, you must select either Nova or Neutron as the Network Type on the OpenStack Config page of the Director tile. Pivotal recommends that you use Neutron for compatibility with future versions of the OpenStack CPI.

For more information about the two network types, see the OpenStack documentation.

Bug Fixes

  • Ops Manager v1.12.0 fixes a bug where configuring a thin-provisioned ephemeral disk in Ops Manager created a thick-provisioned disk in vSphere.
  • Ops Manager v1.12.0 fixes a bug where the entity ID was not unique if UAA was configured with SAML.
  • Ops Manager v1.12.0 fixes a bug where POST /api/v0/setup did not expose the http, https, and no_proxy fields.

Known Issues

CredHub Requires Director Certificate Rotation

If your original Elastic Runtime deploy was PCF 1.6 or earlier, you must regenerate the non-configurable Director certificates to deploy CredHub. CredHub attempts to verify the connection to UAA on the BOSH Director with the Ops Manager certificate Subject Alternative Name (SAN) during a deploy. Ops Manager 1.6 and earlier generated non-configurable certificate SANs in a format CredHub does not understand.

For more information, see the corresponding Knowledge Base article.

For more information about certificate rotation, see Regenerating and Rotating Non-Configurable TLS/SSL Certificates.

PCF Log Search Unsupported

If your deployment contains PCF Log Search, you must remove the product tile before upgrading. Failure to remove this product prior to upgrade may cause issues with your deployment.

For more information, see the Upgrading Pivotal Cloud Foundry topic.

On-Demand Services Require Dedicated Service Networks

If you use any service tile that offers both on-demand and not on-demand modes of operation, clicking Apply Changes in Ops Manager fails if you did not define a dedicated service network for the tile.

To work around this issue, use one of the following methods:

  • Create a services network on your IaaS for each affected service tile
  • Create a dummy network in Ops Manager, reserve a block of IP ranges, and disable smoke tests for the on-demand service

For more information, see the corresponding Knowledge Base article.

Create a pull request or raise an issue on the source for this page in GitHub