PCF Ops Manager v2.1 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2019.

Read more about the certified provider program and the requirements of providers.


How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v2.1.

Releases

2.1.20

  • [Security Fix]: A potential XSS vulnerability in the resource_config API endpoint is mitigated.
  • [New Feature]: You can now use the BOSH Backup and Restore (BBR) CLI from the Ops Manager VM. This means you no longer have to download or upgrade BBR when you upgrade the Ops Manager VM.
  • [New Feature]: Tile authors can now implement user-facing warnings that display when a pre-delete or post-deploy errand is implemented. Use the impact_warning key in pre_delete_errand or post_deploy_errands to specify a warning.
  • [Bug Fix]: Selectors without default values now return null in the Ops Manager API when you visit /api/v0/staged/products/PRODUCT-GUID/properties.
  • [Bug Fix]: Ops Manager now uses GCP images that are located in the United States. This should prevent image object generation problems sometimes seen in images based in Europe and Asia.
  • [Bug Fix]: Reverts the Azure CPI to 35.4 to resolve a customer issue.

Ops Manager v2.1.20 uses the following component versions:

Component Version
Ops Manager2.1-build.428*
Stemcell3541.77*
BBR SDK1.4.4
BOSH Director265.11.0
BOSH DNS1.10.0
Metrics Server0.0.22*
CredHub1.7.9*
UAA55.4
AWS CPI69
Azure CPI35.4*
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.19

  • [Security Fix]: Bumps active-job to 5.0.4 to resolve CVE-2018-16476.
  • [Security Fix]: Bumps Loofah to 2.2.3 to address a CVE.
  • [Security Fix]: Bumps Rack to 2.0.6 to address a CVE.
  • [Security Fix]: Bumps Nokogiri to address a CVE.
  • [New Feature]: You can download the product manifest for your last successful deployment.
  • [New Feature]: The expiring certificates endpoint, /api/v0/deployed/certificates, indicates when the saml_service_provider_cert certificate is about to expire.
  • [Feature Improvement]: When you import products that use the future Unified Syslog feature, you are warned that some syslog features will not be active in this version of Ops Manager.
  • [Feature Improvement]: Adds API docs for GET and PUT to the ssh_banner_contents endpoint.
  • [Feature Improvement]: When a user who has not logged into Ops Manager is prompted to log in to view a page, logging in returns them to the page they tried to access, rather than the Installation Dashboard.
  • [Bug Fix]: Operators can work around an expired SAML service provider cert by disabling and enabling SAML.
  • [Bug Fix]: Temporary nginx uploads are deleted from /var/tempest/tmp after stemcell upload completes.
  • [Bug Fix]: The Director Availability Zone (AZ) form displays when there are deployed runtime config tiles.
  • [Bug Fix]: Stemcells no longer accidentally downgrade when upgrading to a new Ops Manager. This rare bug occurred when a product had a newer stemcell patch than Ops Manager included during the upgrade.
  • [Bug Fix]: Application Load Balancers (ALBs) apply to the Director VM for AWS deployments.
  • [Bug Fix]: Operators can change the Director Hostname without losing connection between BOSH Director and VMs.
  • [Bug Fix]: The API docs show instance_groups in some locations where they previously referenced jobs.
  • [Bug Fix]: The SAML certificate regenerates when authentication method changes from SAML to internal, rather than when SAML is enabled. This facilitates a greater number of authentication method workflows, including those which change Ops Manager metadata.
  • [Bug Fix]: Ops Manager captures changes to the database, including reversions to old passwords, more completely.
  • [Bug Fix]: Corrects the link to Pivotal Network from the API docs.

Ops Manager v2.1.19 uses the following component versions:

Component Version
Ops Manager2.1-build.413*
Stemcell3541.65*
BBR SDK1.4.4
BOSH Director265.11.0
BOSH DNS1.10.0
Metrics Server0.0.21
CredHub1.7.7
UAA55.4*
AWS CPI69
Azure CPI35.4.0
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.18

  • [Security Fix]: Bumps Nokogiri to 1.8.5 to address CVE-2018-14404.
  • [Security Fix]: Bumps UAA to 55.4 to address CVE-2018-15761.
  • [Bug Fix]: Now Application Load Balancers (ALBs) also apply to the Director VM for AWS deployments.

Ops Manager v2.1.18 uses the following component versions:

Component Version
Ops Manager2.1-build.396*
Stemcell3541.57*
BBR SDK1.4.4
BOSH Director265.11.0
BOSH DNS1.10.0
Metrics Server0.0.21
CredHub1.7.7
UAA55.4*
AWS CPI69
Azure CPI35.4.0
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.17

  • [Security Fix]: Bumps stemcell to 3541.54 for periodic lower-severity security updates.
  • [Bug Fix]: Temporary NGINX uploads are now deleted from /var/tempest/tmp after stemcell upload completes.
  • [Bug Fix]: Operators can change the Director Hostname without losing connection between BOSH Director and VMs.
  • [Bug Fix]: Stemcells no longer accidentally downgrade in rare cases when upgrading to a new OpsManager. This happened previously when a product had a newer stemcell patch than Ops Manager included during the upgrade.
  • [Bug Fix]: Operators can work around an expired SAML service provider cert by disabling and enabling SAML.
  • [Feature Improvement]: The expiring certificates endpoint (/api/v0/deployed/certificates) includes information about the SAML service provider cert.
  • [Feature Improvement]: Importing products that use the future Unified Syslog feature warns operators that product syslog features will not be active in this version of Ops Manager.
  • [Bug Fix]: Dynamic JS pages now show the message from server-side errors instead of alert boxes with JavaScript errors (such as [Object object] or t.filter()).

Ops Manager v2.1.17 uses the following component versions:

Component Version
Ops Manager2.1-build.389*
Stemcell3541.54*
BBR SDK1.4.4
BOSH Director265.11.0
BOSH DNS1.10.0
Metrics Server0.0.21
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35.4.0
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.16

  • [Bug Fix]: You are now only prompted to unlock Ops Manager once when enabling Rescue Mode.

Ops Manager v2.1.16 uses the following component versions:

Component Version
Ops Manager2.1-build.277*
Stemcell3541.49*
BBR SDK1.4.4
BOSH Director265.11.0
BOSH DNS1.10.0*
Metrics Server0.0.21
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35.4.0*
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.15

  • [Security Fix]: clients.admin is no longer a default scope under user.authorities.
  • [Bug Fix]: You can now import Xenial stemcells when you are upgrading to a tile that requires Xenial. For more information, see Unable to import Xenial stemcell when upgrading to tile that requires Xenial in the Pivotal Knowledge Base.
  • [Bug Fix]: Ops Manager now sets the storage account type and ephemeral disk correctly for Azure deployments.
  • [Bug Fix]: Ops Manager no longer saves a DBinstance snapshot after cleaning up an AWS environment.
  • [UI Enhancement]: A 500 error appears when Ops Manager fails to import an installation.

Ops Manager v2.1.15 uses the following component versions:

Component Version
Ops Manager2.1-build.372*
Stemcell3541.48*
BBR SDK1.4.4
BOSH Director265.11.0
BOSH DNS1.8.0
Metrics Server0.0.21
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.14

  • [Security Fix]: Operators get new certificate authorities (CAs) for BOSH DNS healthiness and the DNS API that are valid for four years. Operators can rotate existing CAs to longer-lived CAs. New installations generate leaf certificates from that CA. Use POST /api/v0/certificate_authorities/active/regenerate to rotate DNS healthiness leaf certificates.
  • [Bug Fix]: Ops Manager verifiers no longer time out when Ops Manager is configured with a proxy.
  • [UI Enhancement]: An error message appears when a file downloaded from Pivotal Network is invalid or corrupt.

Ops Manager v2.1.14 uses the following component versions:

Component Version
Ops Manager2.1-build.*
Stemcell3541.46
BBR SDK1.4.4
BOSH Director265.11.0*
BOSH DNS1.8.0
Metrics Server0.0.21
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.13

  • [Security Fix] Bumps stemcell to 3541.46
  • [Bug Fix] Pivotal Network integrates successfully with Pivotal Application Service (PAS) tile and Small Footprint PAS.

Ops Manager v2.1.13 uses the following component versions:

Component Version
Ops Manager2.1-build.355*
Stemcell3541.46*
BBR SDK1.4.4
BOSH Director265.10*
BOSH DNS1.8.0
Metrics Server0.0.21*
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35
GCP CPI27.0.1
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.12

  • [Security Fix] Bumps stemcell to 3541.44

Ops Manager v2.1.12 uses the following component versions:

Component Version
Ops Manager2.1-build.350*
Stemcell3541.44*
BBR SDK1.4.4
BOSH Director265.9*
BOSH DNS1.8.0*
Metrics Server0.0.17
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35
GCP CPI27.0.1*
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.11

  • [Security Fix] Bumps stemcell to 3541.37
  • [Bug Fix] Private key is not returned when you GET the /iaas_configurations API endpoint.
  • [Bug Fix] UAA config remains mounted in RAM disk when image is recreated.
  • [Bug Fix] You can edit an Availability Zone (AZ) if it is unassociated with a product.
  • [Feature Improvement] Ops Manager verifies external databases with TLS.

Ops Manager v2.1.11 uses the following component versions:

Component Version
Ops Manager2.1-build.348*
Stemcell3541.37*
BBR SDK1.4.4
BOSH Director265.7*
BOSH DNS1.8.0*
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.10

  • [Security Fix] Bumps stemcell to 3541.35
  • [Bug Fix]: Fixes an error reading Unknown CPI error 'Unknown' with message 'execution expired' in 'create_vm' CPI method for deployments on Azure.

Ops Manager v2.1.10 uses the following component versions:

Component Version
Ops Manager2.1-build.341*
Stemcell3541.35*
BBR SDK1.4.4
BOSH Director265.4*
BOSH DNS1.6.0
CredHub1.7.7
UAA55.2
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.9

  • [Bug Fix]: Fixes critical manifest generation grammar issue introduced in v2.1.8.
  • [Bug Fix]: You can now delete an unused AZ in an installation after clicking Apply Changes.
  • [Feature Improvement]: Installation Dashboard and deployment status pages may load more quickly.
  • [Security Fix]: Bumps Nokogiri to 1.8.4 to remediate CVE-2017-15412.

Ops Manager v2.1.8 is no longer available.

Ops Manager v2.1.9 uses the following component versions:

Component Version
Ops Manager2.1-build.340*
Stemcell3541.35*
BBR SDK1.4.4
BOSH Director265.3.0
BOSH DNS1.6.0
CredHub1.7.7
UAA55.2*
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI35
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.8

WARNING: This release is no longer available for download. Upgrade to v2.1.9 instead. For more details, continue reading.

In Ops Manager v2.1.8, a bug caused PAS’s Diego cells to fail to trust all of the appropriate TLS certificates which were trusted previously.

The full impact of the bug has not yet been confirmed, but it is possible that it affects other tiles. Specifically, it affects tiles where the tile author used a multi-line string which contains multiple double-parenthesis expressions within the multi-line string inside the tile’s YAML definition file.

Tile authors often use multi-line strings containing multiple double-parenthesis expressions to construct certificate chains for their BOSH manifests. This bug causes these strings to render incorrectly in the manifests.

The following is an example of a portion of a tile’s YAML file which will be affected by this bug:

trusted_certs: |
((( /cf/diego-instance-identity-root-ca.certificate )))
(( $ops_manager.ca_certificate ))
(( $ops_manager.trusted_certificates ))

This version of Ops Manager is no longer available on Pivotal Network. Upgrade to v2.1.9 instead.

2.1.7

Ops Manager v2.1.7 uses the following component versions:

Component Version
Ops Manager Version2.1-build.335
Stemcell3541.34*
BBR SDK1.4.4*
BOSH Director265.3.0*
BOSH DNS1.6.0
CredHub1.7.7*
UAA55.1*
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI35
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.6

  • [Security] Remediates CVE-2018-11046.
  • [Bug Fix] You can now rotate SSL certificates without losing connection between BOSH Director and VMs.
  • [Bug Fix] You can now delete the only AZ in an installation.
  • [Bug Fix] You can now delete the only network in an installation.

Ops Manager v2.1.6 uses the following component versions:

Component Version
Ops Manager Version2.1-build.326
Stemcell3541.30
BBR SDK1.2.1
BOSH Director264.10.0
BOSH DNS1.6.0
CredHub1.6.5
UAA52.7
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI35
vSphere CPI45.1.0

2.1.5

  • [Bug Fix] Changes vSphere to v45.1
  • [Security Fix] Bumps stemcell to 3541.30

Ops Manager v2.1.5 uses the following component versions:

Component Version
Ops Manager Version2.1-build.318
Stemcell3541.30*
BBR SDK1.4.4
BOSH Director265.2
BOSH DNS1.6.0
CredHub1.7.5*
UAA55
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI45.1*
* Components marked with an asterisk are updated.

2.1.4

WARNING: If you use a vSphere environment, Pivotal recommends that you skip v2.1.4 due to a major bug.

  • [Feature Improvement] Upgrades BOSH System Metrics Server Release to v0.0.17. PAS for Windows 2012R2 now emits BOSH VM metrics.
  • [Feature Improvement] Decrease upload time for large tiles and stemcells.
  • [Bug Fix] Helps alleviate Ruby’s susceptibility to high memory usage. May prevent the Ops Manager VM from running out of memory during a long VM lifecycle.
  • [Bug Fix] Ops Manager UI shows product job log download link only once per instance group rather than for all instances.
  • [Bug Fix] The Ops Manager API endpoint /api/v0/deployed/certificates now lists all RSA certificates.
  • [Bug Fix] Azure network and resource group matchers are case insensitive.
  • [Bug Fix] The Ops Manager API no longer has the service_network key.
  • [Bug Fix] The menu links are clickable in all subpages.
  • [Bug Fix] In the Stemcell Library, stemcells only apply to the tiles you select regardless of compatibility.

Ops Manager v2.1.4 uses the following component versions:

Component Version
Ops Manager Version2.1-build.314
Stemcell3541.25
BBR SDK1.4.4
BOSH Director265.2
BOSH DNS1.6.0
CredHub1.7.1
UAA55
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI49*
* Components marked with an asterisk are updated.

2.1.3

  • [Security] Bumps stemcell to 3541.25
  • [Bug Fix] The credentials API endpoints for deployed products do not include secrets. For more information about these API endpoints, see Viewing available credentials and Fetching credentials in the Ops Manager API documentation.
  • Installation Dashboard includes new Azure logo when you have an Azure installation.

Ops Manager v2.1.3 uses the following component versions:

Component Version
Ops Manager Version2.1-build.304
Stemcell3541.25*
BBR SDK1.4.4
BOSH Director265.2
BOSH DNS1.6.0*
CredHub1.7.1
UAA55
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.2

  • [Security] Bumps stemcell to 3451.12
  • [Feature] You are now able to fetch availability zones (AZs) from the Ops Manager API. For more information, see Fetching availability zones in the Ops Manager API documentation.

Ops Manager v2.1.2 uses the following component versions:

Component Version
Ops Manager Version2.1-build.214
Stemcell3451.12*
BBR SDK1.4.4
BOSH Director265.2
BOSH DNS1.3.0
CredHub1.7.1
UAA55
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.1

  • [Security] Bumps stemcell to 3451.10
  • [Feature] The BOSH CLI is now upgraded to v3 in Ops Manager. You can split cloud configs and other configurations into multiple files. This change allows you to manage and evolve configurations separately. For more information on configuration management in BOSH, see Configs in the BOSH documentation.
  • [Feature] In the Director Config pane, you can now enter Excluded Recursors as a comma-separated list. This list specifies which IPs and ports you want to exclude from the DNS server. For more information, see Director Config Page.
  • [Bug Fix] Ops Manager sets a consistent entity ID in both SAML and non-SAML cases.

Ops Manager v2.1.1 uses the following component versions:

Component Version
Ops Manager Version2.1-build.212
Stemcell3451.10*
BBR SDK1.4.4
BOSH Director265.2*
BOSH DNS1.3.0
CredHub1.7.1
UAA55
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.

2.1.0

Ops Manager v2.1.0 uses the following component versions:

Component Version
Ops Manager Version2.1-build.204
Stemcell3541.8
BBR SDK1.4.4
BOSH Director265.1
BOSH DNS1.3.0
CredHub1.7.1
UAA55
AWS CPI69
Azure CPI35
GCP CPI27
OpenStack CPI37
vSphere CPI45.1.0
* Components marked with an asterisk are updated.


New Features in Ops Manager v2.1

Stemcell Library

Use the new Stemcell Library to import stemcells, stage stemcells, and view the stemcell versions associated with each product.

In Ops Manager v2.0 and earlier, stemcell management capabilities are located within each tile. For v2.1, the Stemcell Library provides centralized stemcell management from the Installation Dashboard used for all products.

For more information about the Stemcell Library, see Importing and Managing Stemcells.

Create Custom VM Extensions

You can create and manage custom VM extensions through the Ops Manager API. Custom VM extensions allow you to assign a group of IaaS-specific cloud_properties to a custom VM extension name. You can then assign this custom VM extension to jobs. For more information about custom VM extensions, see Managing Custom VM Extensions.

Azure Stack Support (Beta)

Operators can deploy Ops Manager v2.0 to Microsoft Azure in their own local datacenter using Azure Stack. Azure Stack support is in beta for Ops Manager v2.0 and should not be used in production.

AWS KMS Encryption Available for BOSH and Ops Manager VMs

Operators can specify a custom AWS Key Management Service (KMS) encryption key to encrypt all the Elastic Block Store (EBS) volumes in AWS for BOSH VMs and the Ops Manager VM. You can use this feature to meet data-at-rest encryption requirements or as a security best practice. There is no performance penalty for using encrypted EBS volumes. Pivotal advises all users of PCF on AWS to enable encryption.

To encrypt BOSH and all present and future product VMs, enable Encrypt EBS Volumes in the AWS Config pane of the BOSH Director. To encrypt the Ops Manager VM, you need to re-launch Ops Manager with a new Amazon Machine Image (AMI).

For more information about how to encrypt BOSH and Ops Manager VMs, see Configuring Amazon EBS Encryption.

Configure an External CredHub Encryption Provider

In the Director Config pane of an installation, you now have the option to select a CredHub Encryption Provider to store your encryption keys. For Ops Manager v2.1, you only have the option to select internal storage or a Luna Hardware Security Module (HSM). For more information about configuring your CredHub encryption provider, see the Director Config Page section of the Ops Manager Director installation topic for your IaaS.

Multiple Read-Only Users Can Be Logged In Simultaneously

Ops Manager users with Full View and Restricted View permissions can be logged in simultaneously. Previous to this change, only one user at a time could view Ops Manager.

For security purposes, operators with write access still cannot be logged into Ops Manager simultaneously. For more information about operator roles and permissions, see Configuring Role-Based Access Control (RBAC) in Ops Manager.

Create a Custom Banner

From the Ops Manager settings, you can now add a custom banner to communicate important messages to operators. In the new Custom Banner pane, enter text in the Banner UI field to create a banner that appears on each page of the Ops Manager UI. If you enter text in the SSH Banner field, that text appears to each operator who shells into Ops Manager. For more information about navigating Ops Manager settings, see the Settings Page of the Ops Manager Director installation topic for your IaaS.

GCS Blobstore Available for External File Storage

You now have the option to select a Google Cloud Storage (GCS) blobstore as your external file storage. With this new feature, Pivotal now recommends you select the GCS Blobstore option for the Blobstore Location if you install Ops Manager with GCP. For more information, see the Director Config Page section of the Configuring Ops Manager Director on GCP topic.

Note: After you deploy Ops Manager, you cannot change the blobstore location.

Integrate Azure Application Gateway Load Balancers

In the Resource Config pane of the Azure configuration dashboard, you can enter an Azure Application Gateway for your load balancer.

To learn more about Azure Application Gateway, see Overview of Application Gateway in the Azure documentation.

To learn more about configuring your load balancer for Azure, see the Resource Config Page section of the Configuring Ops Manager on Azure topic.

Note: This feature is not recommended for production use. The Azure load balancer does not support an override port in the healthcheck configuration.

Add Multiple Clusters to Availability Zones

In the vSphere configuration dashboard, you can now add multiple clusters to an Availability Zone (AZ) with the new Add Cluster button. For more information about configuring AZs, see the Create Availability Zone Page section of the Configuring Ops Manager on vSphere topic.

IP Address Management (IPAM) Removed

Ops Manager no longer reserves a range of IPs for dynamic allocation. Instead, only the BOSH Director manages IP allocation. This change is to keep IP management in a central location without redundancy.

As a result of removing IPAM from Ops Manager, see the following changes:

  • Ops Manager no longer picks and reserves a range of static IPs. IP allocation is handled by BOSH.
  • To optionally reserve specific IPs, enter IPs in the Static IPs pane of your product tile.
  • With restrictions now removed, you have more options to expand your network. See Expand Your Network with Additional Subnets below.
  • The Service Network checkbox in the Create Networks pane is removed.
  • You get an ignorable warning when you click Apply Changes if the Static IPs you enter for your tile are not in the same network or AZ that is assigned to the tile.
  • You get an ignorable warning when you click Apply Changes if the Static IPs you enter for your tile overlap with other tiles.
  • You get an ignorable warning when you click Apply Changes if you enter a CIDR range that is not large enough to deploy the staged tiles.
  • For tile authors, static_ip and dynamic_ip are now ignored. Ops Manager gets static IPs from the static_ips property.

Expand Your Network with Additional Subnets

In the Create Networks pane of Ops Manager, you can add additional subnets to your network. Each AZ can now have more than one subnet.

This feature is only available if you have already deployed Ops Manager. For more information, see Expanding Your Network with Additional Subnets.

VPC Verifier Removed from AWS Configuration

When you configure Ops Manager for AWS, you do not need to provide a Virtual Private Cloud (VPC) ID.

Associate AWS ALBs with Jobs

From the Resource Config pane of an AWS installation, you can associate an AWS Application Load Balancer (ALB) to a job. For more information, see Resource Config Page in the Configuring BOSH Director on AWS topic.

Known Issues

Error When Importing Xenial Stemcell

Ops Manager v2.1.6 and later support Xenial stemcells. However, in versions 2.1.6-2.1.14 of Ops Manager, the Ops Manager UI returns an error when you attempt to import a Xenial stemcell.

As a workaround, you can upload the stemcell and assign it to a product using the Ops Manager API.

For more information about this workaround, see Unable to import Xenial stemcell when upgrading to tile that requires Xenial in the Pivotal Knowledge Base.

Note: This issue is resolved in Ops Manager v2.1.15 and later.

DNS Server Hangs or DNS Lookups Fail

With BOSH DNS, every BOSH-deployed VM has a DNS server. In large PCF installations, this DNS server may hang or DNS lookups may fail when the VM experiences too many DNS lookups in a short amount of time.

This error is caused by a race condition and deadlock in the VM’s DNS server.

To fix this problem, run monit on the VM with failing DNS to restart its bosh-dns process.

Azure Load Balancer Does Not Support Override Port

The Azure Application Gateway feature is currently not recommended for production use. The Azure load balancer does not support an override port in the healthcheck configuration. For more information about this feature, see Integrate Azure Application Gateway Load Balancers above.

AWS KMS Encryption Requires Manual Refresh

If you select Encrypt EBS Volumes in the AWS Config pane of your AWS BOSH Director tile, only future BOSH-deployed VMs are encrypted. To manually trigger current BOSH VMs to encrypt their persistent disks, ephemeral disks, and the root separately, you must make the following changes:

For persistent disks In the Resource Config pane of your BOSH Director tile, bump the persistent disk of each job.
For ephemeral disks In the Director Config pane of your BOSH Director tile, enable Recreate all VMs for the next deployment.
For the root disk In the Stemcell Library, stage new stemcells for the next deployment.

This known issue does not affect you if you enable Encrypt EBS Volumes during your first deployment.

For more information about the AWS KMS feature, see AWS KMS Encryption Available for BOSH and Ops Manager VMs.

Ops Manager “Required Datacenter privileges” Error on vSphere

Ops Manager on vSphere 6.7 fails with an error message: “Could not log in: Required Datacenter privileges could not be verified: SystemError: A general system error occurred: Authorize Exception”

You can ignore this error message. Click “Ignore errors and start the install” to authenticate.

This issue is fixed in Ops Manager 2.3 and above.

Bug Fixes

  • Ops Manager now validates inventory service vSphere vCenter privileges. For more information about this breaking change, see Additional vSphere Permission Validation in the PCF v2.1 Breaking Changes release notes.

  • Ops Manager sets a consistent entity ID in both SAML and non-SAML cases.

Create a pull request or raise an issue on the source for this page in GitHub