NAV
shell

THE BASICS

Welcome to the Ops Manager API! You can use our API to access endpoints, which can create, read, update, and delete resources in Ops Manager.

We have language bindings in cURL! You can view code examples in the dark area to the right.

Authentication

You must pass a token to each API endpoint. To get a token, and curl an API endpoint using that token, follow these instructions:

From a command line with Ruby installed, install the cf-uaac gem:

gem install cf-uaac

Target your Ops Manager IP:

uaac target https://YOUR_OPSMAN_IP/uaa

Log in to your Ops Manager with the Client name “opsman” and empty Client secret:

uaac token owner get

Client name: opsman
Client secret: JUST_PRESS_ENTER
User name: YOUR_USERNAME_HERE
Password: YOUR_PASSWORD_HERE

Retrieve your Ops Manager access token:

uaac context

Ops Manager uses authorization tokens to allow access to the API. You can get an authorization token from the settings page or by using the uaac command line tool (instructions to the right).

Ops Manager expects for the API key to be included in all API requests to the server in a header that looks like the following:

Authorization: Bearer YOUR_ACCESS_TOKEN

Workflow

Available —> Staged –Apply changes–> Deployed

Products (.pivotal files) can be uploaded or downloaded to the Available Products namespace.

They are then moved into the Staged Products namespace, which describes the desired state of the installation, and where configuration changes are made.

When queued changes are applied successfully, the Deployed products namespace mirrors the Staged Products namespace until further changes are made.

Status Codes

Ops Manager uses conventional HTTP response codes to indicate the success or failure of an API request. Generally, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted), and codes in the 5xx range indicate an error with the Ops Manager server.

Code Description
200 - OK Everything worked as expected
404 - not found The route requested does not exist
400 - bad request The request is syntactically incorrect
401 - unauthorized The access token has expired or is invalid
409 - conflict Another user is logged in
422 - unprocessable entity The request is syntactically correct but the supplied values do not work
500 - internal server error Something went wrong with our server
502 - bad gateway OpsManager is unable to talk to an underlying service such as credhub
503 - service unavailable The authentication service is not available yet

Pivotal Network API token

Adding or updating the Pivotal Network API token

You can add a Pivotal Network API Token to use Ops Manager’s PivNet integration. This features automatically finds updates to products and stemcells from PivNet which you can then stage and install.

You can find your API token under your profile settings in PivNet. Note that currently there are two API tokens listed. Ops Manager only works with one listed as “legacy API token.”

curl "https://example.com/api/v0/settings/pivotal_network_settings" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{ "pivotal_network_settings": { "api_token": "pivnet-api-token" }}'
Example Response
HTTP/1.1 200 OK
{
  "success": true
}

HTTP Request

PUT /api/v0/settings/pivotal_network_settings

Removing the Pivotal Network API token

You can delete your Pivotal Network API token to disable Ops Manager’s integration with PivNet. This also removes the current list of product and stemcell upgrades from PivNet on the Ops Manager dashboard.

curl "https://example.com/api/v0/settings/pivotal_network_settings" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

DELETE /api/v0/settings/pivotal_network_settings

COMMON TASKS

Setting up Ops Manager

Ops Manager can be set up with an internal user store or with an external identity provider.

Installing products

  1. Products can be uploaded to Ops Manager. Once the product has been uploaded, it is in the “Available Products” namespace.
  2. The product then needs to be added to the “Staged Products” namespace
  3. The product needs to be configured completely with all required fields
  4. Once all products in the installation have been completely configured, all changes can be applied by triggering an install process

Configuring products

Products staged on Ops Manager need to have the following properties configured before they can be deployed:

  1. Networks and AZs - Specify the networks and AZs to be used by the product
  2. Resource config (optional) - Edit the resource configuration of the product if desired
  3. Errands (optional) - Set whether errands for the product will run by default
  4. Product-specific properties - Vary by product, and can consist of simple properties, hashed properties, selector properties, and collection properties

Downloading product updates

Product Updates can be downloaded from Pivnet, instead of manually uploaded.

  1. First, make sure you have set your Pivotal Network API token
  2. Check for available upgrades to installed products
  3. Fetch and Accept the EULA for an available upgrade
  4. Download an available upgrade by product name and version
  5. Finally, you can check the status of a pending download if you need to

Upgrading products

  1. New versions of a product can be downloaded directly from Pivotal Network, or imported into the Ops Manager application
  2. The existing version of the product can then be upgraded
  3. Any necessary configuration changes are then made
  4. Changes can be applied by triggering an install process

Viewing logs and credentials

Multiple types of logs and credentials are available in Ops Manager. These are:

Upgrading Ops Manager

Upgrading Ops Manager is a two step process:

  1. Export your existing Ops Manager installation using the export installation asset collection endpoint

  2. After you have provisioned a fresh Ops Manager VM with a *.ova file corresponding to the latest version of Ops Manager, import the installation asset collection you exported previously, and trigger an install process.

CORE CONCEPTS

Info

Getting information about Ops Manager

curl "https://example.com/api/v0/info" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "info": {
    "version": "v2.1-build.79"
  }
}

HTTP Request

GET /api/v0/info

This endpoint returns information of the Ops Manager itself. Currently only version is returned.

Setup

Setting up with SAML

curl "https://example.com/api/v0/setup" \
    -X POST \
    -H "Content-Type: application/json" \
    -d '{ "setup": {
    "identity_provider": "saml",
    "decryption_passphrase": "example-passphrase",
    "decryption_passphrase_confirmation":"example-passphrase",
    "idp_metadata": "https://saml.example.com:8080",
    "bosh_idp_metadata": "https://bosh-saml.example.com:8080",
    "eula_accepted": "true",
    "http_proxy": "http://proxy.myenterprise.com",
    "https_proxy": "https://proxy.myenterprise.com",
    "no_proxy": "127.0.0.1",
    "rbac_saml_admin_group": "opsman.full_control",
    "rbac_saml_groups_attribute": "myenterprise"
  } }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/setup

Query Parameters

Parameter Description
setup[decryption_passphrase] Decryption passphrase
setup[decryption_passphrase_confirmation] Confirm decryption passphrase
setup[eula_accepted] Accept EULA
setup[identity_provider] Using SAML as our identity provider
setup[idp_metadata] XML, or URL to XML, for the IDP that Ops Manager should use
setup[bosh_idp_metadata] XML, or URL to XML, for the IDP that BOSH should use
setup[http_proxy] Proxy for outbound HTTP network traffic (optional)
setup[https_proxy] Proxy for outbound HTTPS network traffic (optional)
setup[no_proxy] Comma-separated list of hosts that do not go through the proxy (optional)
setup[rbac_saml_admin_group] If SAML is specified, please provide the admin group for your SAML.
setup[rbac_saml_groups_attribute] If SAML is specified, please provide the groups attribute for your SAML.

Setting up with an internal userstore

curl "https://example.com/api/v0/setup" \
    -X POST \
    -H "Content-Type: application/json" \
    -d '{ "setup": {
    "decryption_passphrase": "example-passphrase",
    "decryption_passphrase_confirmation":"example-passphrase",
    "eula_accepted": "true",
    "identity_provider": "internal",
    "admin_user_name": "user-ed942e358eb61868dc87",
    "admin_password": "example-password",
    "admin_password_confirmation": "example-password",
    "http_proxy": "http://proxy.myenterprise.com",
    "https_proxy": "https://proxy.myenterprise.com",
    "no_proxy": "127.0.0.1"
  } }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/setup

Query Parameters

Parameter Description
setup[decryption_passphrase] Decryption passphrase
setup[decryption_passphrase_confirmation] Confirm decryption passphrase
setup[eula_accepted] Accept EULA
setup[identity_provider] Using internal as our identity provider
setup[admin_user_name] User name
setup[admin_password] Password
setup[admin_password_confirmation] Confirm password
setup[http_proxy] Proxy for outbound HTTP network traffic (optional)
setup[https_proxy] Proxy for outbound HTTPS network traffic (optional)
setup[no_proxy] Comma-separated list of hosts that do not go through the proxy (optional)

Installations

View a list of pending changes

Listing of products and errands, and any pending changes that might be applied. Products will be listed in deployment order.

The action of a pending change will be one of the following:

In the case where the product’s stemcell has been updated (update_stemcell), that product will also be listed as a general update (update).

curl "https://example.com/api/v0/staged/pending_changes" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "product_changes": [
    {
      "guid": "p-bosh-guid",
      "action": "unchanged",
      "errands": [],
      "staged": {
        "guid": "p-bosh-guid",
        "identifier": "p-bosh",
        "label": "BOSH Director",
        "version": "2.2-build.000"
      },
      "deployed": {
        "guid": "p-bosh-guid",
        "identifier": "p-bosh",
        "label": "BOSH Director",
        "version": "2.2-build.000"
      },
      "completeness_checks": {
        "configuration_complete": false,
        "stemcell_present": false,
        "configurable_properties_valid": true
      }
    },
    {
      "guid": "example-product-1-guid",
      "action": "unchanged",
      "errands": [
        {
          "name": "example-errand",
          "label": "an errand to log properties",
          "post_deploy": true
        },
        {
          "name": "example_colocated_errand",
          "label": "colocated errand on web_server",
          "post_deploy": true
        }
      ],
      "staged": {
        "guid": "example-product-1-guid",
        "identifier": "example-product-1",
        "label": "Ops Manager: Example Product",
        "version": "1.0-build.0"
      },
      "deployed": {
        "guid": "example-product-1-guid",
        "identifier": "example-product-1",
        "label": "Ops Manager: Example Product",
        "version": "1.0-build.0"
      },
      "completeness_checks": {
        "configuration_complete": true,
        "stemcell_present": true,
        "configurable_properties_valid": true
      }
    },
    {
      "guid": "example-product-2-guid",
      "action": "update_stemcell",
      "errands": [{
        "name": "errand-3",
        "label": "Errand 3 label",
        "post_deploy": true
      }],
      "staged": {
        "guid": "example-product-2-guid",
        "identifier": "example-product-2",
        "label": "Ops Manager: Example Product 2",
        "version": "1.0-build.1"
      },
      "deployed": {
        "guid": "example-product-2-guid",
        "identifier": "example-product-2",
        "label": "Ops Manager: Example Product 2",
        "version": "1.0-build.0"
      },
      "completeness_checks": {
        "configuration_complete": true,
        "stemcell_present": true,
        "configurable_properties_valid": true
      }
    },
    {
      "guid": "example-product-2-guid",
      "action": "update",
      "errands": [],
      "staged": {
        "guid": "example-product-2-guid",
        "identifier": "example-product-2",
        "label": "Ops Manager: Example Product 2",
        "version": "1.0-build.1"
      },
      "deployed": {
        "guid": "example-product-2-guid",
        "identifier": "example-product-2",
        "label": "Ops Manager: Example Product 2",
        "version": "1.0-build.0"
      },
      "completeness_checks": {
        "configuration_complete": true,
        "stemcell_present": true,
        "configurable_properties_valid": true
      }
    },
    {
      "guid": "example-product-3-guid",
      "action": "install",
      "errands": [],
      "staged": {
        "guid": "example-product-3-guid",
        "identifier": "example-product-3",
        "label": "Ops Manager: Example Product 3",
        "version": "1.0-build.1"
      },
      "deployed": null,
      "completeness_checks": {
        "configuration_complete": true,
        "stemcell_present": true,
        "configurable_properties_valid": true
      }
    },
    {
      "guid": "example-product-4-guid",
      "action": "delete",
      "errands": [],
      "staged": null,
      "deployed": {
        "guid": "example-product-4-guid",
        "identifier": "example-product-4",
        "label": "Ops Manager: Example Product 4",
        "version": "1.0-build.1"
      },
      "completeness_checks": {
        "configuration_complete": true,
        "stemcell_present": true,
        "configurable_properties_valid": true
      }
    }
  ]
}

HTTP Request

GET /api/v0/staged/pending_changes

Triggering an install process

Applying all staged changes
curl "https://example.com/api/v0/installations" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
"deploy_products": "all",
"errands": {
    "product_1_guid": {
      "run_pre_delete": {
        "errand_a": true,
        "errand_b": false,
        "errand_c": "default"
      }
    },
    "product_2_guid": {
      "run_post_deploy": {
        "errand_e": true,
        "errand_f": false,
        "errand_g": true,
        "errand_h": "default"
      }
    }
  },
  "ignore_warnings": true
}'
Applying only changes to the director
curl "https://example.com/api/v0/installations" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
  "deploy_products": "none",
  "ignore_warnings": true
}'
Example Response
HTTP/1.1 200 OK
{
  "install": {
    "id": 1
  }
}
Applying changes to the director and products specified in `deploy_products` array
curl "https://example.com/api/v0/installations" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
  "deploy_products": ["product-guid-for-tile", "another-product-guid-for-different-tile"],
  "ignore_warnings": true
}'
Example Error Response
HTTP/1.1 422 Unprocessible Entity
{
  "errors" : [
    "'another-product-guid-for-different-tile' (specified in deploy_products) was not found in the product repository"
  ]
}
Example Error Response with Ignorable Warnings (note: ignorable warnings show up in both `errors` and `warnings`)
HTTP/1.1 422 Unprocessible Entity
{
  "errors" : [
    "Cannot reach gateway with IP 172.18.0.1 (ignorable if ICMP is disabled)"
  ],
  "warnings" : [
    "Cannot reach gateway with IP 172.18.0.1 (ignorable if ICMP is disabled)"
  ]
}

HTTP Request

POST /api/v0/installations

Transmits pending changes to BOSH. Submitting a POST request to this endpoint is equivalent to hitting the “Apply changes” button in the GUI.

Query Parameters

Parameter Description
ignore_warnings When true, bypass warnings from ignorable verifiers (Optional)
errands Hash of products with their enabled errands (Optional)

Post Deploy errands support the following states:
  • true
  • false
  • “default”
Pre Delete errands support the following states:
  • true
  • false
  • “default”
deploy_products Apply changes only for the specified products. Will always apply changes for the BOSH Director. Default is “all” (all staged products). Allowed are “all”, “none” (only the Director), or a collection of product GUIDs. (Optional)

Note: When deploy_products is an array of product guids ["my-guid", "another-guid"], it will deploy the director tile and all passed-in products. If there are any tiles being deployed, which are dependent on tiles with staged changes not being deployed, there will be validation errors and the deploy will not occur.

Getting the status of an install process

curl "https://example.com/api/v0/installations/4" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "status": "running"
}

HTTP Request

GET /api/v0/installations/:id

This endpoint returns the status of an install process. Possible values for “status” are ‘running’, ‘succeeded’, or ‘failed’.

Getting a list of recent install events

curl "https://example.com/api/v0/installations" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "installations": [
    {
      "user_name": "admin",
      "finished_at": "2018-04-26T03:27:54.035Z",
      "started_at": "2018-04-26T03:19:00.855Z",
      "status": "succeeded",
      "additions": [],
      "deletions": [
        {
          "identifier": "another-example-product",
          "label": "Another Example Product",
          "product_version": "2.1.4",
          "change_type": "deletion",
          "deployment_status": "successful",
          "guid": "another-example-product-1ba749ac9f6fcb7181ee"
        }
      ],
      "updates": [
        {
          "identifier": "example-product",
          "label": "Ops Manager: Example Product",
          "product_version": "2.1.6",
          "change_type": "update",
          "deployment_status": "successful",
          "guid": "example-product-4bf791dcdba551420a1f"
        }
      ],
      "unchanged": [],
      "id": 2
    },
    {
      "user_name": "admin",
      "finished_at": "2018-04-26T03:14:45.528Z",
      "started_at": "2018-04-26T02:35:43.175Z",
      "status": "succeeded",
      "additions": [
        {
          "identifier": "example-product",
          "label": "Ops Manager: Example Product",
          "product_version": "2.1.6",
          "change_type": "addition",
          "deployment_status": "successful",
          "guid": "example-product-4bf791dcdba551420a1f"
        },
        {
          "identifier": "another-example-product",
          "label": "Another Example Product",
          "product_version": "2.1.4",
          "change_type": "addition",
          "deployment_status": "successful",
          "guid": "another-example-product-1ba749ac9f6fcb7181ee"
        },
        {
          "identifier": "p-bosh",
          "label": "BOSH Director",
          "product_version": "2.2-build.96",
          "change_type": "addition",
          "deployment_status": "successful",
          "guid": "p-bosh-dd141cde18ccc883d542"
        }
      ],
      "deletions": [],
      "updates": [],
      "unchanged": [],
      "id": 1
    }
  ]
}

HTTP Request

GET /api/v0/installations

This endpoint returns a table containing a history of changes (i.e. each time the “Apply Changes” button was clicked in the UI or the installations controller was triggered via the API). Possible values for “status” are ‘running’, ‘succeeded’, or ‘failed’. All products which were deployed as part of an installation will be listed as either in “additions” (newly installed products), “updates” (settings were changed or the product was upgraded), “deletions” (the product was deleted), or or “unchanged” (none of the above, but the product was still redeployed). Each product also contains a “deployment_status” showing the status of bosh deploying the specific manifest for that product. Possible values are: “pending”, “running”, “successful”, “failed”, “skipped”.

Getting BOSH manifests from historical installations

curl "https://example.com/api/v0/installations/1/products/example-product-88b1515f1089d0eabdc9/manifest" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "manifest": {
    "name":"example-product-88b1515f1089d0eabdc9",
    "releases": [
      {
        "name":"example-release",
        "version":"2.2.release39"
      }
    ],
    "stemcells": [
      {
        "alias":"bosh-docker-boshlite-ubuntu-trusty-go_agent",
        "os":"ubuntu-trusty",
        "version":"3541.12"
      }
    ],
    "instance_groups": []
  }
}

HTTP Request

GET /api/v0/installations/:installation_id/products/:product_guid/manifest

This endpoint returns the BOSH manifest that was used for deploying a given product for a given installation id.

GET /api/v0/installations/:installation_id/products/director/manifest

This endpoint returns the BOSH manifest that was used for deploying the BOSH director for a given installation id.

Note: You can use GET /api/v0/installations to list the IDs and products guids of each historical installation.

Query Parameters

Parameter Description
installation_id ID of the installation (i.e. ID of the instance of Apply Changes)
product_guid The guid of the product which was deployed as part of the given installation

Fetching installation logs

curl "https://example.com/api/v0/installations/1/logs" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "logs": "some large text separated by newlines"
}

HTTP Request

GET /api/v0/installations/:installation_id/logs

This endpoint returns BOSH logs for a given installation id.

Query Parameters

Parameter Description
installation_id ID of the installation

Streaming current installation log

curl "https://example.com/api/v0/installations/current_log" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
Content-Type: text/event-stream
event:step_info
data:[{"id":"bosh_product.deploying","description":"Installing BOSH"},{"id":"bosh.uploading_runtime_config_releases","description":"Uploading runtime config releases to the director"},{"id":"bosh.updating_cloud_config","description":"Updating BOSH director with 2.0 cloud config"},{"id":"uaa_config.resetting","description":"Updating Internal UAA Configuration"},{"id":"example-product.runtime_configs","description":"Updating runtime configs for example-product"},{"id":"upload_assets.uploading_stemcell.example-product-f40a206c0af92de0ff9e","description":"Uploading stemcell for Ops Manager: Example Product"},{"id":"upload_assets.uploading_releases.example-product-f40a206c0af92de0ff9e","description":"Uploading releases for Ops Manager: Example Product"},{"id":"migrate_variables.migrating.example-product-f40a206c0af92de0ff9e","description":"Migrating credentials to director CredHub"},{"id":"bosh.deploying.example-product-f40a206c0af92de0ff9e","description":"Installing Ops Manager: Example Product"},{"id":"errands.running.example-product-f40a206c0af92de0ff9e.example-errand","description":"Running errand an errand to log properties for Ops Manager: Example Product"},{"id":"errands.running.example-product-f40a206c0af92de0ff9e.example_colocated_errand","description":"Running errand colocated errand on web_server for Ops Manager: Example Product"},{"id":"clean_up_bosh.cleaning_up","description":"Cleaning up BOSH director"}]

event:step_state_changed
data:{"type":"step_started","id":"bosh_product.deploying"}

data:===== 2018-02-16 22:25:47 UTC Running "/usr/local/bin/bosh --no-color --non-interactive --tty create-env /tempest_install_dir/default/deployments/bosh.yml"
data:Deployment manifest: '/tempest_install_dir/default/deployments/bosh.yml'

: keep alive

data:Deployment state: 'tempest_install_dir/default/deployments/bosh-state.json'

event:step_state_changed
data:{"type":"step_finished","id":"bosh_product.deploying"}

event:step_state_changed
data:{"type":"step_started","id":"clean_up_bosh.cleaning_up"}

data:===== 2018-02-16 22:27:18 UTC Finished "/usr/local/bin/bosh --no-color --non-interactive --tty --environment=172.18.0.10 clean-up"; Duration: 0s; Exit Status: 0

event:step_state_changed
data:{"type":"step_finished","id":"clean_up_bosh.cleaning_up"}

data:Exited with 0.

event:exit
data:{"type":"exit","code":0}


HTTP Request

GET /api/v0/installations/current_log

If there is no currently running Apply Changes then it returns 200 with an exit event of type “no install in progress”.

This endpoint streams the logs of the currently running Apply Changes using the Server Sent Events format.

It starts by streaming an event named step_info which includes an array of JSON data with the name and descriptions of each ordered install step. Next, it will stream all of the log which has already happened during this Apply Changes. Then, it will stream realtime events and logs as they happen.

Mixed in with lines of logs, it will send events for steps called step_started and step_finished, and an exit event at the end. The step_started and step_finished events have JSON data, that include an id key corresponding to the JSON sent in the step_info event. The exit event has JSON data which includes the exit code of the last command from the Apply Changes. A exit code of 0 means success, and any other exit code indicates failure.

When the Apply Changes ends, the server closes the client’s connection.

Note: The example response included in this documentation has been abbreviated for the sake of brevity.

Deployed BOSH Director

Note: If you are updating the configuration of a deployed director, in the s3_blobstore_options section, only access_key and secret_key are editable. If you do modify these, make sure to set bosh_recreate_on_next_deploy to true during the deploy of the credentials change. You can unset this once the deploy is complete.

Getting a list of available credentials

Note: the bosh2_commandline_credentials key is deprecated, please use bosh_commandline_credentials

curl "https://example.com/api/v0/deployed/director/credentials" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "credential_ids": [
    "vm_credentials",
    "agent_credentials",
    "registry_credentials",
    "director_credentials",
    "nats_credentials",
    "nats_client_ca",
    "nats_server_certificate",
    "nats_director_client_certificate",
    "nats_health_monitor_client_certificate",
    "postgres_credentials",
    "blobstore_credentials",
    "health_monitor_credentials",
    "uaa_admin_user_credentials",
    "uaa_login_client_credentials",
    "uaa_jwt_key",
    "bbr_ssh_credentials",
    "uaa_bbr_client_credentials",
    "bosh_commandline_credentials",
    "blobstore_certificate"
  ]
}

HTTP Request

GET /api/v0/deployed/director/credentials

Use this endpoint to discover available types of credentials.

Listing an rsa_key credential

curl "https://example.com/api/v0/deployed/director/credentials/uaa_jwt_key" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "credential": {
    "type": "rsa_cert_credentials",
    "value": {
      "private_key_pem": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/fakeSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
      "public_key_pem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
    }
  }
}

HTTP Request

GET /api/v0/deployed/director/credentials/:id

Listing a simple_credential

curl "https://example.com/api/v0/deployed/director/credentials/agent_credentials" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "credential": {
    "type": "simple_credentials",
    "value": {
      "identity": "vcap",
      "password": "example-agent-password"
    }
  }
}

HTTP Request

GET /api/v0/deployed/director/credentials/:id

Staged BOSH Director

Fetching director, IaaS, and security properties (Experimental)

curl "https://example.com/api/v0/staged/director/properties" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "iam_instance_profile": "my-instance-profile",
    "security_group": "my-security-group",
    "key_pair_name": "my-ssh-key",
    "region": "us-east-1",
    "encrypted": true,
    "kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456"
  },
  "director_configuration": {
    "ntp_servers_string": "us.pool.ntp.org, time.google.com",
    "metrics_ip": null,
    "resurrector_enabled": false,
    "director_hostname": "hal9000.tld",
    "max_threads": 5,
    "disable_dns_release": false,
    "allow_legacy_agents": true,
    "custom_ssh_banner": "Hello World!",
    "opentsdb_ip": "1.2.3.4",
    "director_worker_count": 5,
    "post_deploy_enabled": false,
    "bosh_recreate_on_next_deploy": false,
    "retry_bosh_deploys": false,
    "keep_unreachable_vms": false,
    "database_type": "external",
    "external_database_options": {
      "host": "1.1.1.1",
      "port": "8888",
      "user": "admin",
      "database": "external_db",
      "connection_options": {
        "max_connections": 5
      },
      "tls_enabled": true,
      "tls_ca": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
      "tls_certificate": "-----BEGIN CERTIFICATE-----\r\nJAEBsjadfARug...",
      "tls_private_key": "-----BEGIN RSA PRIVATE KEY----- ..."
    },
    "hm_pager_duty_options": {
      "enabled": true,
      "http_proxy":  "http://yourfavoriteproxy.fake"
     },
    "hm_emailer_options": {
      "enabled": true,
      "port": "9001",
      "domain": "domain.com",
      "host": "hostplace.com",
      "from": "youremail@realemailserver.com",
      "tls": true,
      "smtp_user": "admin",
      "recipients": "firstperson@work.com,secondperson@work.com"
    },
    "blobstore_type": "gcs",
    "gcs_blobstore_options": {
      "bucket_name": "gcs-blobstore",
      "storage_class": "REGIONAL"
    },
    "encryption": {
      "keys": [],
      "providers": []
    },
    "excluded_recursors": [],
    "identification_tags": {
      "project": "cf",
      "department": "hr"
    }
  },
  "security_configuration": {
    "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
    "generate_vm_passwords": true
  },
  "syslog_configuration": {
    "enabled": true,
    "address": "1.2.3.4",
    "port": "514",
    "transport_protocol": "tcp",
    "tls_enabled": true,
    "permitted_peer": "*.example.com",
    "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
  }
}
Example Response on Google Cloud Platform
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "project": "my-google-project",
    "associated_service_account": "my-google-service-account",
  },
  "director_configuration": {
    "ntp_servers_string": "us.pool.ntp.org, time.google.com",
    "metrics_ip": null,
    "resurrector_enabled": false,
    "director_hostname": "hal9000.tld",
    "max_threads": 5,
    "disable_dns_release": false,
    "allow_legacy_agents": true,
    "custom_ssh_banner": "Hello World!",
    "opentsdb_ip": "1.2.3.4",
    "director_worker_count": 5,
    "post_deploy_enabled": false,
    "bosh_recreate_on_next_deploy": false,
    "retry_bosh_deploys": false,
    "keep_unreachable_vms": false,
    "database_type": "internal",
    "hm_pager_duty_options": {"enabled": false},
    "hm_emailer_options": {"enabled": false},
    "blobstore_type": "local",
    "local_blobstore_options": {
      "tls_enabled": false
    },
    "encryption": {
      "keys": [],
      "providers": []
    },
    "excluded_recursors": [],
    "identification_tags": {
      "project": "cf",
      "department": "hr"
    }
  },
  "security_configuration": {
    "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
    "generate_vm_passwords": true
  },
  "syslog_configuration": {
    "enabled": true,
    "address": "1.2.3.4",
    "port": "514",
    "transport_protocol": "tcp",
    "tls_enabled": false
  }
}
Example Response on Azure
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "subscription_id": "my-subscription",
    "tenant_id": "my-tenant",
    "client_id": "my-client",
    "resource_group_name": "my-resource-group",
    "cloud_storage_type": "managed_disks",
    "bosh_storage_account_name": "storage-account-bosh",
    "storage_account_type": "Premium_LRS",
    "deployments_storage_account_name": null,
    "default_security_group": "my-security-group",
    "ssh_public_key": "ssh-rsa ...",
    "environment": "AzureCloud"
  },
  "director_configuration": {
    "ntp_servers_string": "us.pool.ntp.org, time.google.com",
    "metrics_ip": null,
    "resurrector_enabled": false,
    "allow_legacy_agents": true,
    "director_hostname": "hal9000.tld",
    "max_threads": 5,
    "disable_dns_release": false,
    "custom_ssh_banner": "Hello World!",
    "opentsdb_ip": "1.2.3.4",
    "director_worker_count": 5,
    "post_deploy_enabled": false,
    "bosh_recreate_on_next_deploy": false,
    "retry_bosh_deploys": false,
    "keep_unreachable_vms": false,
    "database_type": "internal",
    "hm_pager_duty_options": {"enabled": false},
    "hm_emailer_options": {"enabled": false},
    "blobstore_type": "local",
    "local_blobstore_options": {
      "tls_enabled": false
    },
    "encryption": {
      "keys": [],
      "providers": []
    },
    "excluded_recursors": [],
    "identification_tags": {
      "project": "cf",
      "department": "hr"
    }
  },
  "security_configuration": {
    "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
    "generate_vm_passwords": true
  },
  "syslog_configuration": {
    "enabled": false
  }
}
Example Response on Azure Stack
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "subscription_id": "my-subscription",
    "tenant_id": "my-tenant",
    "client_id": "my-client",
    "resource_group_name": "my-resource-group",
    "cloud_storage_type": "managed_disks",
    "bosh_storage_account_name": "storage-account-bosh",
    "storage_account_type": "Standard_LRS",
    "deployments_storage_account_name": null,
    "default_security_group": "my-security-group",
    "ssh_public_key": "ssh-rsa ...",
    "environment": "AzureStack",
    "azure_stack": {
      "resource": "https://management.somedomain.onmicrosoft.com/some-guid",
      "domain": "subdomain.somedomain.onmicrosoft.com",
      "authentication": "AzureAD",
      "endpoint_prefix": "management",
      "ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
    }
  },
  "director_configuration": {
    "ntp_servers_string": "us.pool.ntp.org, time.google.com",
    "metrics_ip": null,
    "resurrector_enabled": false,
    "allow_legacy_agents": true,
    "director_hostname": "hal9000.tld",
    "max_threads": 5,
    "disable_dns_release": false,
    "custom_ssh_banner": "Hello World!",
    "opentsdb_ip": "1.2.3.4",
    "director_worker_count": 5,
    "post_deploy_enabled": false,
    "bosh_recreate_on_next_deploy": false,
    "retry_bosh_deploys": false,
    "keep_unreachable_vms": false,
    "database_type": "internal",
    "hm_pager_duty_options": {"enabled": false},
    "hm_emailer_options": {"enabled": false},
    "blobstore_type": "local",
    "local_blobstore_options": {
      "tls_enabled": false
    },
    "encryption": {
      "keys": [],
      "providers": []
    },
    "excluded_recursors": ["8.8.8.8"],
    "identification_tags": {
      "project": "cf",
      "department": "hr"
    }
  },
  "security_configuration": {
    "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
    "generate_vm_passwords": true
  },
  "syslog_configuration": {
    "enabled": false
  }
}
Example Response on vSphere
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "vcenter_host": "10.10.10.0",
    "datacenter": "my-data-center",
    "ephemeral_datastores_string": "e-datastore-name",
    "persistent_datastores_string": "p-datastore-name",
    "vcenter_username": "my-user-name",
    "bosh_vm_folder": "bosh-folder",
    "bosh_template_folder": "my-bosh-template-folder",
    "bosh_disk_path": "my-disk-location",
    "ssl_verification_enabled": false,
    "nsx_networking_enabled": true,
    "nsx_mode": "nsx-v",
    "nsx_address": "10.10.10.10",
    "nsx_username": "mysterious-gremlin",
    "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARugmeow..."
  },
  "director_configuration": {
    "ntp_servers_string": "us.pool.ntp.org, time.google.com",
    "metrics_ip": null,
    "resurrector_enabled": false,
    "allow_legacy_agents": true,
    "director_hostname": "hal9000.tld",
    "max_threads": 5,
    "disable_dns_release": false,
    "custom_ssh_banner": "Hello World!",
    "opentsdb_ip": "1.2.3.4",
    "director_worker_count": 5,
    "post_deploy_enabled": false,
    "bosh_recreate_on_next_deploy": false,
    "retry_bosh_deploys": false,
    "keep_unreachable_vms": false,
    "database_type": "internal",
    "hm_pager_duty_options": {"enabled": false},
    "hm_emailer_options": {"enabled": false},
    "blobstore_type": "local",
    "local_blobstore_options": {
      "tls_enabled": false
    },
    "encryption": {
      "keys": [],
      "providers": []
    },
    "excluded_recursors": ["8.8.8.8"],
    "identification_tags": {
      "project": "cf",
      "department": "hr"
    }
  },
  "security_configuration": {
    "trusted_certificates": null,
    "generate_vm_passwords": true
  },
  "syslog_configuration": {
    "enabled": true,
    "address": "1.2.3.4",
    "port": "514",
    "transport_protocol": "tcp",
    "tls_enabled": true,
    "permitted_peer": "*.example.com",
    "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
  }
}
Example Response on Openstack
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "identity_endpoint": "http://identity-endpoint.yourcompany.com",
    "username": "admin",
    "tenant": "example-tenant",
    "security_group": "example-group",
    "key_pair_name": "example-keypair-name",
    "ssh_private_key": "-----BEGIN RSA PRIVATE KEY----- ...",
    "region": "example-region",
    "ignore_server_availability_zone": false,
    "disable_dhcp": true
  },
  "director_configuration": {
    "ntp_servers_string": "us.pool.ntp.org, time.google.com",
    "metrics_ip": null,
    "resurrector_enabled": false,
    "allow_legacy_agents": true,
    "director_hostname": "hal9000.tld",
    "max_threads": 5,
    "disable_dns_release": false,
    "custom_ssh_banner": "Hello World!",
    "opentsdb_ip": "1.2.3.4",
    "director_worker_count": 5,
    "post_deploy_enabled": false,
    "bosh_recreate_on_next_deploy": false,
    "retry_bosh_deploys": false,
    "keep_unreachable_vms": false,
    "database_type": "internal",
    "hm_pager_duty_options": {"enabled": false},
    "hm_emailer_options": {"enabled": false},
    "blobstore_type": "local",
    "local_blobstore_options": {
      "tls_enabled": false
    },
    "encryption": {
      "keys": [],
      "providers": []
    },
    "excluded_recursors": ["8.8.8.8"],
    "identification_tags": {
      "project": "cf",
      "department": "hr"
    }
  },
  "security_configuration": {
    "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
    "generate_vm_passwords": true
  },
  "syslog_configuration": {
    "enabled": true,
    "address": "1.2.3.4",
    "port": "514",
    "transport_protocol": "tcp",
    "tls_enabled": true,
    "permitted_peer": "*.example.com",
    "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
  }
}

HTTP Request

GET /api/v0/staged/director/properties

Fetch director, IaaS, and security properties.

Note: The property address field under syslog_configuration can be either a hostname or an IP address.

Note: The property opentsdb_ip field under director_configuration maps to the Bosh Health Monitor IP Address.

Note: On vSphere, the property metrics_ip under director_configuration maps to the JMX Provider IP Address.

Note: If there are multiple Iaas Configurations, the iaas_configuration key is omitted from the response.

Updating director and Iaas properties (Experimental)

Example Request on AWS
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "iaas_configuration": {
            "access_key_id": "example-access-key",
            "secret_access_key": "example-aws-secret-key",
            "iam_instance_profile": "example-instance-profile",
            "security_group": "example-security-group",
            "key_pair_name": "example-ssh-key",
            "ssh_private_key": "example-ssh-private-key",
            "region": "us-east-1",
            "encrypted": true,
            "kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456"
          },
          "director_configuration": {
            "ntp_servers_string": "us.pool.ntp.org, time.google.com",
            "metrics_ip": null,
            "resurrector_enabled": false,
            "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
            "max_threads": 5,
            "disable_dns_release": false,
            "allow_legacy_agents": true,
            "custom_ssh_banner": "Hello World!",
            "opentsdb_ip": "1.2.3.4",
            "director_worker_count": 5,
            "post_deploy_enabled": false,
            "bosh_recreate_on_next_deploy": false,
            "retry_bosh_deploys": false,
            "keep_unreachable_vms": false,
            "database_type": "internal",
            "hm_pager_duty_options": {"enabled": false},
            "hm_emailer_options": {"enabled": false},
            "blobstore_type": "local",
            "local_blobstore_options": {
              "tls_enabled": true
            },
            "excluded_recursors": ["8.8.8.8"],
            "identification_tags": {
              "division":"HR",
              "reimbursable":"true"
            }
          },
          "security_configuration": {
            "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
            "generate_vm_passwords": true
          },
          "syslog_configuration": {
            "enabled": true,
            "address": "1.2.3.4",
            "port": "514",
            "transport_protocol": "tcp",
            "tls_enabled": true,
            "permitted_peer": "*.example.com",
            "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
          }
        }'
Example Request on Google Cloud Platform
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "iaas_configuration": {
            "project": "my-google-project",
            "associated_service_account": "my-google-service-account",
            "auth_json": "****"
          },
          "director_configuration": {
            "ntp_servers_string": "us.pool.ntp.org, time.google.com",
            "metrics_ip": null,
            "resurrector_enabled": false,
            "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
            "max_threads": 5,
            "disable_dns_release": false,
            "allow_legacy_agents": true,
            "custom_ssh_banner": "Hello World!",
            "opentsdb_ip": "1.2.3.4",
            "director_worker_count": 5,
            "post_deploy_enabled": false,
            "bosh_recreate_on_next_deploy": false,
            "retry_bosh_deploys": false,
            "keep_unreachable_vms": false,
            "database_type": "internal",
            "hm_pager_duty_options": {"enabled": false},
            "hm_emailer_options": {"enabled": false},
            "blobstore_type": "local",
            "local_blobstore_options": {
              "tls_enabled": true
            },
            "excluded_recursors": [],
            "identification_tags": {
              "division":"HR",
              "reimbursable":"true"
            }
          },
          "security_configuration": {
            "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
            "generate_vm_passwords": true
          },
          "syslog_configuration": {
            "enabled": true,
            "address": "1.2.3.4",
            "port": "514",
            "transport_protocol": "tcp",
            "tls_enabled": false
          }
        }'
Example Request on Azure
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "iaas_configuration": {
            "subscription_id": "my-subscription",
            "tenant_id": "my-tenant",
            "client_id": "my-client",
            "client_secret": "super-duper-secret",
            "resource_group_name": "my-resource-group",
            "bosh_storage_account_name": "storage-account-bosh",
            "default_security_group": "my-security-group",
            "ssh_public_key": "ssh-rsa ...",
            "ssh_private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKgIBAAKCAgE...",
            "cloud_storage_type": "managed_disks",
            "storage_account_type": "Premium_LRS",
            "environment": "AzureCloud"
          },
          "director_configuration": {
            "ntp_servers_string": "us.pool.ntp.org, time.google.com",
            "metrics_ip": null,
            "resurrector_enabled": false,
            "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
            "max_threads": 5,
            "disable_dns_release": false,
            "allow_legacy_agents": true,
            "custom_ssh_banner": "Hello World!",
            "opentsdb_ip": "1.2.3.4",
            "director_worker_count": 5,
            "post_deploy_enabled": false,
            "bosh_recreate_on_next_deploy": false,
            "retry_bosh_deploys": false,
            "keep_unreachable_vms": false,
            "database_type": "internal",
            "hm_pager_duty_options": {"enabled": false},
            "hm_emailer_options": {"enabled": false},
            "blobstore_type": "local",
            "local_blobstore_options": {
              "tls_enabled": true
            },
            "excluded_recursors": ["8.8.8.8"],
            "identification_tags": {
              "division":"HR",
              "reimbursable":"true"
            }
          },
          "security_configuration": {
            "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
            "generate_vm_passwords": true
          },
          "syslog_configuration": {
            "enabled": false
          }
        }'
Example Request on Azure Stack
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "iaas_configuration": {
            "subscription_id": "my-subscription",
            "tenant_id": "my-tenant",
            "client_id": "my-client",
            "client_secret": "super-duper-secret",
            "resource_group_name": "my-resource-group",
            "bosh_storage_account_name": "storage-account-bosh",
            "default_security_group": "my-security-group",
            "ssh_public_key": "ssh-rsa ...",
            "ssh_private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKgIBAAKCAgE...",
            "cloud_storage_type": "managed_disks",
            "storage_account_type": "Standard_LRS",
            "environment": "AzureStack",
            "azure_stack": {
              "resource": "https://management.somedomain.onmicrosoft.com/some-guid",
              "domain": "subdomain.somedomain.onmicrosoft.com",
              "authentication": "AzureAD",
              "endpoint_prefix": "management",
              "ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
            }
          },
          "director_configuration": {
            "ntp_servers_string": "us.pool.ntp.org, time.google.com",
            "metrics_ip": null,
            "resurrector_enabled": false,
            "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
            "max_threads": 5,
            "disable_dns_release": false,
            "allow_legacy_agents": true,
            "custom_ssh_banner": "Hello World!",
            "opentsdb_ip": "1.2.3.4",
            "director_worker_count": 5,
            "post_deploy_enabled": false,
            "bosh_recreate_on_next_deploy": false,
            "retry_bosh_deploys": false,
            "keep_unreachable_vms": false,
            "database_type": "internal",
            "hm_pager_duty_options": {"enabled": false},
            "hm_emailer_options": {"enabled": false},
            "blobstore_type": "local",
            "local_blobstore_options": {
              "tls_enabled": true
            },
            "excluded_recursors": [],
            "identification_tags": {
              "division":"HR",
              "reimbursable":"true"
            }
          },
          "security_configuration": {
            "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
            "generate_vm_passwords": true
          },
          "syslog_configuration": {
            "enabled": false
          }
        }'
Example Request on vSphere with HSM (Hardware Security Module) Options
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "iaas_configuration": {
            "vcenter_host": "10.10.10.0",
            "datacenter": "my-data-center",
            "ephemeral_datastores_string": "e-datastore-name",
            "persistent_datastores_string": "p-datastore-name",
            "vcenter_username": "my-user-name",
            "vcenter_password": "fake-not-real-password",
            "nsx_networking_enabled": true,
            "nsx_mode": "nsx-v",
            "nsx_address": "10.10.10.10",
            "nsx_password": "fake-password",
            "nsx_username": "some-user",
            "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
            "bosh_vm_folder": "bosh-folder",
            "bosh_template_folder": "my-bosh-template-folder",
            "bosh_disk_path": "my-disk-location",
            "ssl_verification_enabled": false
          },
          "director_configuration": {
            "ntp_servers_string": "us.pool.ntp.org, time.google.com",
            "metrics_ip": null,
            "resurrector_enabled": false,
            "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
            "max_threads": 5,
            "disable_dns_release": false,
            "allow_legacy_agents": true,
            "custom_ssh_banner": "Hello World!",
            "opentsdb_ip": "1.2.3.4",
            "director_worker_count": 5,
            "post_deploy_enabled": false,
            "bosh_recreate_on_next_deploy": false,
            "retry_bosh_deploys": false,
            "keep_unreachable_vms": false,
            "database_type": "internal",
            "hm_pager_duty_options": {"enabled": false},
            "hm_emailer_options": {"enabled": false},
            "blobstore_type": "local",
            "local_blobstore_options": {
              "tls_enabled": true
            },
            "encryption": {
              "keys": [
                {
                  "provider_name": "luna-hsm",
                  "encryption_key_name": "pointer_to_key_on_HSM",
                  "active": true
                }
              ],
              "providers": [
                {
                  "name": "luna-hsm",
                  "type": "hsm",
                  "partition": "some_partition",
                  "partition_password": "some_password",
                  "client_certificate": "user_provided_cert",
                  "client_key": "user_provided_key",
                  "servers": [
                    {
                      "host": "hsm_ip_address",
                      "port": "port_number_optional_defaults_to_1792",
                      "partition_serial_number": "serial_number",
                      "certificate": "public_key_to_talk_to_hsm"
                    }
                  ]
                }
              ]
            },
            "excluded_recursors": [],
            "identification_tags": {
              "division":"HR",
              "reimbursable":"true"
            }
          },
          "security_configuration": {
            "trusted_certificates": null,
            "generate_vm_passwords": true
          },
          "syslog_configuration": {
            "enabled": true,
            "address": "my-syslog-address.com",
            "port": "514",
            "transport_protocol": "tcp",
            "tls_enabled": true,
            "permitted_peer": "*.example.com",
            "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
          }
        }'
Example Request on Openstack
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
         "iaas_configuration": {
           "identity_endpoint": "http://identity-endpoint.yourcompany.com",
           "username": "admin",
           "password": "super-secret",
           "tenant": "example-tenant",
           "security_group": "example-group",
           "key_pair_name": "example-keypair-name",
           "ssh_private_key": "-----BEGIN RSA PRIVATE KEY----- ...",
           "region": "example-region",
           "ignore_server_availability_zone": false,
           "disable_dhcp": true
         },
         "director_configuration": {
           "ntp_servers_string": "us.pool.ntp.org, time.google.com",
           "metrics_ip": null,
           "resurrector_enabled": false,
           "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
           "max_threads": 5,
           "disable_dns_release": false,
           "allow_legacy_agents": true,
           "custom_ssh_banner": "Hello World!",
           "opentsdb_ip": "1.2.3.4",
           "director_worker_count": 5,
           "post_deploy_enabled": false,
           "bosh_recreate_on_next_deploy": false,
           "retry_bosh_deploys": false,
           "keep_unreachable_vms": false,
           "database_type": "internal",
           "hm_pager_duty_options": {"enabled": false},
           "hm_emailer_options": {"enabled": false},
           "blobstore_type": "local",
           "local_blobstore_options": {
             "tls_enabled": true
           },
           "excluded_recursors": [],
           "identification_tags": {
             "division":"HR",
             "reimbursable":"true"
           }
         },
         "security_configuration": {
           "trusted_certificates": null,
           "generate_vm_passwords": true
         },
         "syslog_configuration": {
           "enabled": true,
           "address": "1.2.3.4",
           "port": "514",
           "transport_protocol": "tcp",
           "tls_enabled": true,
           "permitted_peer": "*.example.com",
           "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
         }
       }'
Example Request with External Database options
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
        "director_configuration": {
          "ntp_servers_string": "us.pool.ntp.org, time.google.com",
          "metrics_ip": null,
          "resurrector_enabled": false,
          "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
          "max_threads": 5,
          "disable_dns_release": false,
          "allow_legacy_agents": true,
          "custom_ssh_banner": "Hello World!",
          "opentsdb_ip": "1.2.3.4",
          "director_worker_count": 5,
          "post_deploy_enabled": false,
          "bosh_recreate_on_next_deploy": false,
          "retry_bosh_deploys": false,
          "keep_unreachable_vms": false,
          "database_type": "external",
          "hm_pager_duty_options": {"enabled": false},
          "hm_emailer_options": {"enabled": false},
          "blobstore_type": "local",
          "local_blobstore_options": {
             "tls_enabled": true
           },
          "excluded_recursors": [],
          "identification_tags": {
            "division":"HR",
            "reimbursable":"true"
          },
          "external_database_options": {
            "host": "db.mycompany.com",
            "port": 5000,
            "user": "admin",
            "password": "super-secret",
            "database": "production",
            "connection_options": {
              "max_connections": 5
            },
            "tls_enabled": true,
            "tls_ca": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
            "tls_certificate": "-----BEGIN CERTIFICATE-----\r\nJAEBsjadfARug...",
            "tls_private_key": "-----BEGIN RSA PRIVATE KEY----- ..."
             }
           }
         }'
Example Request with S3 Blobstore options
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
        "director_configuration": {
          "ntp_servers_string": "us.pool.ntp.org, time.google.com",
          "metrics_ip": null,
          "resurrector_enabled": false,
          "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
          "max_threads": 5,
          "disable_dns_release": false,
          "allow_legacy_agents": true,
          "custom_ssh_banner": "Hello World!",
          "opentsdb_ip": "1.2.3.4",
          "director_worker_count": 5,
          "post_deploy_enabled": false,
          "bosh_recreate_on_next_deploy": false,
          "retry_bosh_deploys": false,
          "keep_unreachable_vms": false,
          "database_type": "internal",
          "hm_pager_duty_options": {"enabled": false},
          "hm_emailer_options": {"enabled": false},
          "excluded_recursors": [],
          "identification_tags": {
            "division":"HR",
            "reimbursable":"true"
          },
          "blobstore_type": "s3",
          "s3_blobstore_options": {
             "endpoint": "http://some-s3-endpoint.com",
             "bucket_name": "bucket-name",
             "access_key": "the-access-key",
             "secret_key": "the-secret-key",
             "signature_version": "4",
             "region": "us-west-1"
            }
          }
        }'
Example Response
HTTP/1.1 200 OK

  {}
Example Request with GCS Blobstore options
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
        "director_configuration": {
          "ntp_servers_string": "us.pool.ntp.org, time.google.com",
          "metrics_ip": null,
          "resurrector_enabled": false,
          "allow_legacy_agents": true,
          "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
          "max_threads": 5,
          "custom_ssh_banner": "Hello World!",
          "opentsdb_ip": "1.2.3.4",
          "director_worker_count": 5,
          "post_deploy_enabled": false,
          "bosh_recreate_on_next_deploy": false,
          "retry_bosh_deploys": false,
          "keep_unreachable_vms": false,
          "database_type": "internal",
          "hm_pager_duty_options": {"enabled": false},
          "hm_emailer_options": {"enabled": false},
          "identification_tags": {
            "division":"HR",
            "reimbursable":"true"
          },
          "blobstore_type": "gcs",
          "gcs_blobstore_options": {
             "bucket_name": "bucket-name",
             "service_access_key": "{\"the-secret-key\":\"your-key\"}",
             "storage_class": "REGIONAL"
            }
          }
        }'
Example Response
HTTP/1.1 200 OK

  {}
Example Request with HM Emailer Options
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
         "director_configuration": {
           "ntp_servers_string": "us.pool.ntp.org, time.google.com",
           "metrics_ip": null,
           "resurrector_enabled": false,
           "allow_legacy_agents": true,
           "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
           "max_threads": 5,
           "disable_dns_release": false,
           "custom_ssh_banner": "Hello World!",
           "opentsdb_ip": "1.2.3.4",
           "director_worker_count": 5,
           "post_deploy_enabled": false,
           "bosh_recreate_on_next_deploy": false,
           "retry_bosh_deploys": false,
           "keep_unreachable_vms": false,
           "database_type": "internal",
          "hm_pager_duty_options": {"enabled": false},
          "excluded_recursors": [],
          "identification_tags": {
            "division":"HR",
            "reimbursable":"true"
          },
           "hm_emailer_options": {
            "enabled": true,
            "port": "9001",
            "domain": "domain.com",
            "host": "hostplace.com",
            "from": "youremail@realemailserver.com",
            "tls": true,
            "smtp_user": "admin",
            "smtp_password": "admin",
            "recipients": "firstperson@work.com,secondperson@work.com"
          },
           "blobstore_type": "local",
           "local_blobstore_options": {
             "tls_enabled": true
           }
         }
       }'
Example Response
HTTP/1.1 200 OK

  {}
Example Request with HM Pager Duty Options
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
         "director_configuration": {
           "ntp_servers_string": "us.pool.ntp.org, time.google.com",
           "metrics_ip": null,
           "resurrector_enabled": false,
           "allow_legacy_agents": true,
           "director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
           "max_threads": 5,
           "disable_dns_release": false,
           "custom_ssh_banner": "Hello World!",
           "opentsdb_ip": "1.2.3.4",
           "director_worker_count": 5,
           "post_deploy_enabled": false,
           "bosh_recreate_on_next_deploy": false,
           "retry_bosh_deploys": false,
           "keep_unreachable_vms": false,
           "database_type": "internal",
           "excluded_recursors": [],
           "identification_tags": {
             "division":"HR",
             "reimbursable":"true"
           },
           "hm_pager_duty_options": {
             "enabled": true,
             "service_key": "YOURSERVICEKEYHERE",
             "http_proxy":  "http://yourfavoriteproxy.fake"
           },
           "blobstore_type": "local",
           "local_blobstore_options": {
             "tls_enabled": true
           }
         }
       }'
Example Request with S3 Blobstore options
curl "https://example.com/api/v0/staged/director/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
        "director_configuration": {
          "ntp_servers_string": "us.pool.ntp.org, time.google.com",
          "metrics_ip": null,
          "resurrector_enabled": false,
          "allow_legacy_agents": true,
          "director_hostname": "hal9000.tld",
          "max_threads": 5,
          "bosh_recreate_on_next_deploy": false,
          "database_type": "internal",
          "excluded_recursors": [],
          "identification_tags": {
            "division":"HR",
            "reimbursable":"true"
          },
          "blobstore_type": "s3",
          "s3_blobstore_options": {
             "endpoint": "http://some-s3-endpoint.com",
             "bucket_name": "bucket-name",
             "access_key": "the-access-key",
             "secret_key": "the-secret-key",
             "signature_version": "4",
             "region": "us-west-1"
            }
          }
        }'
Example Response
HTTP/1.1 200 OK

  {}

HTTP Request

PUT /api/v0/staged/director/properties

Set director, IaaS, and security properties.

Note: The property address field under syslog_configuration can be either a hostname or an IP address.

Note: The property opentsdb_ip field under director_configuration maps to the Bosh Health Monitor IP Address.

Note: On vSphere, the property metrics_ip under director_configuration maps to the JMX Provider IP Address.

Note: Once a director is deployed, in the s3_blobstore_options section, only access_key and secret_key are editable. If you do modify these, make sure to set bosh_recreate_on_next_deploy to true during the deploy of the credentials change. You can unset this once the deploy is complete.

Note: Once a director is deployed, in the s3_blobstore_options section, only access_key and secret_key are editable. If you do modify these, make sure to set bosh_recreate_on_next_deploy to true during the deploy of the credentials change. You can unset this once the deploy is complete.

Note: The property disable_dns_release will be deprecated in future versions in favor of BOSH DNS release always being deployed.

Fields with a set list of values
Iaas Field Allowed Values
All blobstore_type “local”, “s3”, or “gcs”
All database_type “internal” or “external”
All blobstore_options[signature_version] “2” or “4”
Optional Fields
Iaas Optional Fields Notes
All local_blobstore_options Not required. Only meaningful if the blobstore_type is “local”.
local_blobstore_options[tls_enabled] Default false. Before switching to true, check docs.pivotal.io for Configuring BOSH director for your IaaS to see if this option is supported
s3_blobstore_options Only required if the blobstore_type is “s3”
s3_blobstore_options[signature_version] Can be “2” or “4”
s3_blobstore_options[region] Is required if the signature_version is “4”, and not necessary otherwise
gcs_blobstore_options Only required if the blobstore_type is “gcs”.
gcs_blobstore_options[bucket_name]
gcs_blobstore_options[service_account_key] This is the JSON file provided by GCP when you create a private key for the service account. It contains your service_account_key, project_id, etc. It must be passed as an escaped JSON string.
gcs_blobstore_options[storage_class] Defaults to “REGIONAL”. Can be set to “REGIONAL”, “MULTI_REGIONAL”, “NEARLINE”, “COLDLINE”, “STANDARD”.
external_database_options Only required if the database_type is “external”
director_hostname The externally accessible hostname for the BOSH Director. This must resolve to the director’s IP Address.
post_deploy_enabled Run Post Deploy errands
bosh_recreate_on_next_deploy Recreate all VMs on next deploy
retry_bosh_deploys Retry if there is an error during deploy
keep_unreachable_vms Keep VMs that fail their health check
director_worker_count Number of concurrent jobs a director can run
opentsdb_ip Maps to Bosh HM Forwarder. Only used if Bosh HM Forwarder job is deployed
encryption Optional external Hardware Security Module (HSM)
encryption[keys] List of keys to access the HSM Providers
encryption[keys][provider_name] Must match the name in the provider
encryption[keys][encryption_key_name] A pointer to a key on the HSM
encryption[keys][active] Boolean. If true, this is the provider used to encrypt CredHub. Only one can be true.
encryption[providers] List of providers. Currently only a single provider is allowed
encryption[providers][name] Must match a provider_name for a key
encryption[providers][type] Must be hsm
encryption[providers][partition] User-provided string, required
encryption[providers][partition_password] User-provided string, required
encryption[providers][client_certificate] User-provided certificate, required
encryption[providers][client_key] User-provided key, required
encryption[providers][servers] List of HSM servers
encryption[providers][servers][host] Host/IP address of HSM server, required
encryption[providers][servers][port] Optional, defaults to 1792
encryption[providers][servers][partition_serial_number] User-provided string, required
encryption[providers][servers][certificate] Public Key to talk to the HSM, user-provided, required
excluded_recursors Optional, defaults to []. Can be set to a list of IP:Port addresses for BOSH DNS to ignore.
identification_tags Optional, defaults to {}. Can be set to a collection of key value pairs to be sent to the CPI for VM tagging
allow_legacy_agents Optional, defaults to true. If you have any tile on stemcell versions less than 3468, keep this set to true.
AWS iam_instance_profile
encrypted Turn on EBS encryption for all disks. Defaults to false.
kms_key_arn Key used to encrypt all disks. Defaults to the account key.
Azure environment Defaults to “AzureCloud”. Can be set to “AzureCloud”, “AzureUSGovernment”, “AzureGermanCloud”, “AzureChinaCloud”, or “AzureStack”.
cloud_storage_type Defaults to “managed_disks”. Can be set to “storage_accounts”. To prevent data loss, once you have deployed using “managed_disks”, you cannot switch back to “storage_accounts”.
deployments_storage_account_name Only required if cloud_storage_type is “storage_accounts”
storage_account_type Only required if cloud_storage_type is “managed_disks”. Defaults to “Premium_LRS”. Can also be “Standard_LRS”.
azure_stack[authentication] Only required if environment is AzureStack. Must be AzureAD or AzureChinaCloudAD.
vSphere nsx_address Only required if nsx_networking_enabled is true.
nsx_password Only required if nsx_networking_enabled is true.
nsx_username Only required if nsx_networking_enabled is true.
nsx_ca_certificate Only required if nsx_networking_enabled is true.
nsx_mode Optional, only applicable if nsx_networking_enabled is true. Defaults to nsx-v. Options are nsx-v and nsx-t.

Fetching IaaS Configurations

curl "https://example.com/api/v0/staged/director/iaas_configurations" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
  "iaas_configurations": [{
    "guid": "some-guid",
    "name": "default",
    "iam_instance_profile": "my-instance-profile",
    "security_group": "my-security-group",
    "key_pair_name": "my-ssh-key",
    "region": "us-east-1",
    "encrypted": true,
    "kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456"
  }]
}
Example Response on Google Cloud Platform
HTTP/1.1 200 OK
{
  "iaas_configurations": [{
    "guid": "some-guid",
    "name": "default",
    "project": "my-google-project",
    "associated_service_account": "my-google-service-account",
    "auth_json": "****"
  }]
}
Example Response on Azure
HTTP/1.1 200 OK
{
  "iaas_configurations": [{
    "guid": "some-guid",
    "name": "default",
    "subscription_id": "my-subscription",
    "tenant_id": "my-tenant",
    "client_id": "my-client",
    "resource_group_name": "my-resource-group",
    "cloud_storage_type": "managed_disks",
    "bosh_storage_account_name": "storage-account-bosh",
    "storage_account_type": "Premium_LRS",
    "deployments_storage_account_name": null,
    "default_security_group": "my-security-group",
    "ssh_public_key": "ssh-rsa ...",
    "environment": "AzureCloud"
  }]
}
Example Response on Azure Stack
HTTP/1.1 200 OK
{
  "iaas_configurations": [{
    "guid": "some-guid",
    "name": "default",
    "subscription_id": "my-subscription",
    "tenant_id": "my-tenant",
    "client_id": "my-client",
    "resource_group_name": "my-resource-group",
    "cloud_storage_type": "managed_disks",
    "bosh_storage_account_name": "storage-account-bosh",
    "storage_account_type": "Standard_LRS",
    "deployments_storage_account_name": null,
    "default_security_group": "my-security-group",
    "ssh_public_key": "ssh-rsa ...",
    "environment": "AzureStack",
    "azure_stack": {
      "resource": "https://management.somedomain.onmicrosoft.com/some-guid",
      "domain": "subdomain.somedomain.onmicrosoft.com",
      "authentication": "AzureAD",
      "endpoint_prefix": "management",
      "ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
    }
  }]
}
Example Response on vSphere
HTTP/1.1 200 OK
{
  "iaas_configurations": [{
    "guid": "some-guid",
    "name": "default",
    "vcenter_host": "10.10.10.0",
    "datacenter": "my-data-center",
    "ephemeral_datastores_string": "e-datastore-name",
    "persistent_datastores_string": "p-datastore-name",
    "vcenter_username": "my-user-name",
    "bosh_vm_folder": "bosh-folder",
    "bosh_template_folder": "my-bosh-template-folder",
    "bosh_disk_path": "my-disk-location",
    "ssl_verification_enabled": false,
    "nsx_networking_enabled": true,
    "nsx_mode": "nsx-v",
    "nsx_address": "10.10.10.10",
    "nsx_username": "mysterious-gremlin",
    "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARugmeow..."
  }]
}
Example Response on Openstack
HTTP/1.1 200 OK
{
  "iaas_configurations": [{
    "guid": "some-guid",
    "name": "default",
    "identity_endpoint": "http://identity-endpoint.yourcompany.com",
    "username": "admin",
    "password": "super-secret",
    "tenant": "example-tenant",
    "security_group": "example-group",
    "key_pair_name": "example-keypair-name",
    "ssh_private_key": "-----BEGIN RSA PRIVATE KEY----- ...",
    "region": "example-region",
    "ignore_server_availability_zone": false,
    "disable_dhcp": true
  }]
}

HTTP Request

GET /api/v0/staged/director/iaas_configurations

Fetch list of all iaas configurations

Fetching single IaaS Configuration

curl "https://example.com/api/v0/staged/director/iaas_configurations/some-guid" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "guid": "some-guid",
    "name": "default",
    "iam_instance_profile": "my-instance-profile",
    "security_group": "my-security-group",
    "key_pair_name": "my-ssh-key",
    "region": "us-east-1",
    "encrypted": true,
    "kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456"
  }
}
Example Response on Google Cloud Platform
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "guid": "some-guid",
    "name": "default",
    "project": "my-google-project",
    "associated_service_account": "my-google-service-account",
    "auth_json": "****"
  }
}
Example Response on Azure
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "guid": "some-guid",
    "name": "default",
    "subscription_id": "my-subscription",
    "tenant_id": "my-tenant",
    "client_id": "my-client",
    "resource_group_name": "my-resource-group",
    "cloud_storage_type": "managed_disks",
    "bosh_storage_account_name": "storage-account-bosh",
    "storage_account_type": "Premium_LRS",
    "deployments_storage_account_name": null,
    "default_security_group": "my-security-group",
    "ssh_public_key": "ssh-rsa ...",
    "environment": "AzureCloud"
  }
}
Example Response on Azure Stack
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "guid": "some-guid",
    "name": "default",
    "subscription_id": "my-subscription",
    "tenant_id": "my-tenant",
    "client_id": "my-client",
    "resource_group_name": "my-resource-group",
    "cloud_storage_type": "managed_disks",
    "bosh_storage_account_name": "storage-account-bosh",
    "storage_account_type": "Standard_LRS",
    "deployments_storage_account_name": null,
    "default_security_group": "my-security-group",
    "ssh_public_key": "ssh-rsa ...",
    "environment": "AzureStack",
    "azure_stack": {
      "resource": "https://management.somedomain.onmicrosoft.com/some-guid",
      "domain": "subdomain.somedomain.onmicrosoft.com",
      "authentication": "AzureAD",
      "endpoint_prefix": "management",
      "ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
    }
  }
}
Example Response on vSphere
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "guid": "some-guid",
    "name": "default",
    "vcenter_host": "10.10.10.0",
    "datacenter": "my-data-center",
    "ephemeral_datastores_string": "e-datastore-name",
    "persistent_datastores_string": "p-datastore-name",
    "vcenter_username": "my-user-name",
    "bosh_vm_folder": "bosh-folder",
    "bosh_template_folder": "my-bosh-template-folder",
    "bosh_disk_path": "my-disk-location",
    "ssl_verification_enabled": false,
    "nsx_networking_enabled": true,
    "nsx_mode": "nsx-v",
    "nsx_address": "10.10.10.10",
    "nsx_username": "mysterious-gremlin",
    "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARugmeow..."
  }
}
Example Response on Openstack
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "guid": "some-guid",
    "name": "default",
    "identity_endpoint": "http://identity-endpoint.yourcompany.com",
    "username": "admin",
    "password": "super-secret",
    "tenant": "example-tenant",
    "security_group": "example-group",
    "key_pair_name": "example-keypair-name",
    "ssh_private_key": "-----BEGIN RSA PRIVATE KEY----- ...",
    "region": "example-region",
    "ignore_server_availability_zone": false,
    "disable_dhcp": true
  }
}

HTTP Request

GET /api/v0/staged/director/iaas_configurations/:guid

Fetch single iaas configuration by guid

Creating IaaS Configurations

Example Request on vSphere
curl "https://example.com/api/v0/staged/director/iaas_configurations" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "iaas_configuration": {
            "name": "vCenter_Floor1",
            "vcenter_host": "10.10.10.0",
            "datacenter": "my-data-center",
            "ephemeral_datastores_string": "e-datastore-name",
            "persistent_datastores_string": "p-datastore-name",
            "vcenter_username": "my-user-name",
            "vcenter_password": "fake-not-real-password",
            "nsx_networking_enabled": true,
            "nsx_mode": "nsx-v",
            "nsx_address": "10.10.10.10",
            "nsx_password": "fake-password",
            "nsx_username": "some-user",
            "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
            "bosh_vm_folder": "bosh-folder",
            "bosh_template_folder": "my-bosh-template-folder",
            "bosh_disk_path": "my-disk-location",
            "ssl_verification_enabled": false
          }
        }'
Example Response on vSphere
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "name": "vCenter_Floor1",
    "guid": "<autogenerated guid>",
    "vcenter_host": "10.10.10.0",
    "datacenter": "my-data-center",
    "ephemeral_datastores_string": "e-datastore-name",
    "persistent_datastores_string": "p-datastore-name",
    "vcenter_username": "my-user-name",
    "vcenter_password": "fake-not-real-password",
    "nsx_networking_enabled": true,
    "nsx_mode": "nsx-v",
    "nsx_address": "10.10.10.10",
    "nsx_password": "fake-password",
    "nsx_username": "some-user",
    "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
    "bosh_vm_folder": "bosh-folder",
    "bosh_template_folder": "my-bosh-template-folder",
    "bosh_disk_path": "my-disk-location",
    "ssl_verification_enabled": false
  }
}
Example Response on vSphere with Verification Warnings
HTTP/1.1 207 Multi-Status
{
  "iaas_configuration": {
    "name": "vCenter_Floor1",
    "guid": "some-guid",
    "vcenter_host": "10.10.10.0",
    "datacenter": "my-data-center",
    "ephemeral_datastores_string": "e-datastore-name",
    "persistent_datastores_string": "p-datastore-name",
    "vcenter_username": "my-user-name",
    "vcenter_password": "fake-not-real-password",
    "nsx_networking_enabled": true,
    "nsx_mode": "nsx-v",
    "nsx_address": "10.10.10.10",
    "nsx_password": "fake-password",
    "nsx_username": "some-user",
    "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
    "bosh_vm_folder": "bosh-folder",
    "bosh_template_folder": "my-bosh-template-folder",
    "bosh_disk_path": "my-disk-location",
    "ssl_verification_enabled": false
  },
  "verifications": {
    "warnings": {
      "base": [
        "IaaS Configuration was saved, but there were verification errors which may prevent you from deploying",
        "NSX Password does not work"
      ]
    }
  }
}

This feature is only enabled for the vSphere IaaS. All other IaaSes will receive a 501.

HTTP Request

POST /api/v0/staged/director/iaas_configurations

Create iaas configuration

Updating Single IaaS Configuration

Example Request on vSphere
curl "https://example.com/api/v0/staged/director/iaas_configurations/some-guid" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "iaas_configuration": {
            "name": "vCenter_Floor1",
            "vcenter_host": "10.10.10.0",
            "datacenter": "my-data-center",
            "ephemeral_datastores_string": "e-datastore-name",
            "persistent_datastores_string": "p-datastore-name",
            "vcenter_username": "my-user-name",
            "vcenter_password": "fake-not-real-password",
            "nsx_networking_enabled": true,
            "nsx_mode": "nsx-v",
            "nsx_address": "10.10.10.10",
            "nsx_password": "fake-password",
            "nsx_username": "some-user",
            "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
            "bosh_vm_folder": "bosh-folder",
            "bosh_template_folder": "my-bosh-template-folder",
            "bosh_disk_path": "my-disk-location",
            "ssl_verification_enabled": false
          }
        }'
Example Response on vSphere
HTTP/1.1 200 OK
{
  "iaas_configuration": {
    "name": "vCenter_Floor1",
    "guid": "some-guid",
    "vcenter_host": "10.10.10.0",
    "datacenter": "my-data-center",
    "ephemeral_datastores_string": "e-datastore-name",
    "persistent_datastores_string": "p-datastore-name",
    "vcenter_username": "my-user-name",
    "vcenter_password": "fake-not-real-password",
    "nsx_networking_enabled": true,
    "nsx_mode": "nsx-v",
    "nsx_address": "10.10.10.10",
    "nsx_password": "fake-password",
    "nsx_username": "some-user",
    "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
    "bosh_vm_folder": "bosh-folder",
    "bosh_template_folder": "my-bosh-template-folder",
    "bosh_disk_path": "my-disk-location",
    "ssl_verification_enabled": false
  }
}
Example Response on vSphere with Verification Warnings
HTTP/1.1 207 Multi-Status
{
  "iaas_configuration": {
    "name": "vCenter_Floor1",
    "guid": "some-guid",
    "vcenter_host": "10.10.10.0",
    "datacenter": "my-data-center",
    "ephemeral_datastores_string": "e-datastore-name",
    "persistent_datastores_string": "p-datastore-name",
    "vcenter_username": "my-user-name",
    "vcenter_password": "fake-not-real-password",
    "nsx_networking_enabled": true,
    "nsx_mode": "nsx-v",
    "nsx_address": "10.10.10.10",
    "nsx_password": "fake-password",
    "nsx_username": "some-user",
    "nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
    "bosh_vm_folder": "bosh-folder",
    "bosh_template_folder": "my-bosh-template-folder",
    "bosh_disk_path": "my-disk-location",
    "ssl_verification_enabled": false
  },
  "verifications": {
    "warnings": {
      "base": [
        "IaaS Configuration was saved, but there were verification errors which may prevent you from deploying",
        "NSX Password does not work"
      ]
    }
  }
}

HTTP Request

PUT /api/v0/staged/director/iaas_configurations/:guid

Update an iaas configuration

Creating availability zones

Example Request on AWS, Google, OpenStack
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -d '{
          "availability_zone": {
            "name": "Availability Zone 1"
          }
        }'
Example Response on AWS, Google, OpenStack
HTTP/1.1 200 OK
{
  "availability_zone": {
    "name": "Availability Zone 1",
    "iaas_configuration_guid": "iaas-configuration-guid",
    "guid": "guid-1"
  }
}
Example Request on vSphere (with Clusters)
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -d '{
          "availability_zone": {
            "name": "Availability Zone 1",
            "clusters": [
              {
                "cluster": "a-cluster",
                "resource_pool": "resource-pool-1"
              },
              {
                "cluster": "b-cluster",
                "resource_pool": "resource-pool-2"
              }
            ]
          }
        }'
Example Response on vSphere (with Clusters)
HTTP/1.1 200 OK
{
  "availability_zone": {
    "name": "Availability Zone 1",
    "guid": "guid-1",
    "iaas_configuration_guid": "iaas-configuration-guid",
    "clusters": [
      {
        "guid": "guid-2",
        "cluster": "a-cluster",
        "resource_pool": "resource-pool-1"
      },
      {
        "guid": "guid-3",
        "cluster": "b-cluster",
        "resource_pool": "resource-pool-2"
      }
    ]
  }
}
Example Request on vSphere for Multi-Datacenter
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -d '{
          "availability_zone": {
            "name": "Availability Zone 12",
            "iaas_configuration_guid": "iaas-configuration-guid-2",
            "clusters": [
              {
                "cluster": "a-cluster",
                "resource_pool": "resource-pool-1"
              },
              {
                "cluster": "b-cluster",
                "resource_pool": "resource-pool-2"
              }
            ]
          }
        }'
Example Response on vSphere for Multi-Datacenter with Verification Warnings
HTTP/1.1 207 OK
{
  "availability_zone": {
    "name": "Availability Zone 12",
    "guid": "guid-1",
    "iaas_configuration_guid": "iaas-configuration-guid-2",
    "clusters": [
      {
        "guid": "guid-2",
        "cluster": "a-cluster",
        "resource_pool": "resource-pool-1"
      },
      {
        "guid": "guid-3",
        "cluster": "b-cluster",
        "resource_pool": "resource-pool-2"
      }
    ]
  },
  "warnings": {
    "errors": {
      "base": [
        "Availability zone was saved but there are verification errors which may prevent you from deploying",
        "Cannot find availability zone 'Availability Zone 12'"
      ]
    }
  }
}
Example Response on vSphere with Verification Warnings
Example Response on Azure (no Availability Zones)
HTTP/1.1 405 Method Not Allowed
{
  "errors": [
    "This IaaS does not support availability zones"
  ]
}

HTTP Request

POST /api/v0/staged/director/availability_zones

This endpoint creates an availability zone.

iaas_configuration_guid is optional if you only have a single IaaS configuration. Multiple IaaS configurations are only supported on vSphere at this time.

Availability zones are not supported on Azure.

Fetching availability zones

Example Request
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS, Google, OpenStack
HTTP/1.1 200 OK
{
  "availability_zones": [
    {
      "name": "Availability Zone 1",
      "guid": "guid-1",
      "iaas_configuration_guid": "iaas-configuration-guid"
    },
    {
      "name": "Availability Zone 2",
      "guid": "guid-4",
      "iaas_configuration_guid": "iaas-configuration-guid"
    }
  ]
}
Example Response on vSphere (with Clusters and multi-datacenter)
HTTP/1.1 200 OK
{
  "availability_zones": [
    {
      "name": "Availability Zone 1",
      "guid": "guid-1",
      "clusters": [
        {
          "guid": "guid-2",
          "cluster": "a-cluster",
          "resource_pool": "resource-pool-1"
        },
        {
          "guid": "guid-3",
          "cluster": "b-cluster",
          "resource_pool": "resource-pool-2"
        }
      ],
      "iaas_configuration_guid": "iaas-configuration-guid"
    },
    {
      "name": "Availability Zone 2",
      "guid": "guid-4",
      "clusters": [
        {
          "guid": "guid-3",
          "cluster": "b-cluster",
          "resource_pool": "resource-pool-2"
        }
      ],
      "iaas_configuration_guid": "iaas-configuration-guid-2"
    }
  ]
}
Example Response on Azure (no Availability Zones)
HTTP/1.1 405 Method Not Allowed
{
  "errors": [
    "This IaaS does not support availability zones"
  ]
}

HTTP Request

GET /api/v0/staged/director/availability_zones

This endpoint fetches the collection of availability zones.

iaas_configuration_guid is optional if you only have a single IaaS configuration. Multiple IaaS configurations are only supported on vSphere at this time.

If the IaaS does not support availability zones an error will be returned.

Fetching single availability zone

Example Request
curl "https://example.com/api/v0/staged/director/availability_zones/guid-1" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS, Google, OpenStack
HTTP/1.1 200 OK
{
  "availability_zone": {
      "name": "Availability Zone 1",
      "guid": "guid-1",
      "iaas_configuration_guid": "iaas-configuration-guid"
    }
}
Example Response on vSphere (with Clusters)
HTTP/1.1 200 OK
{
  "availability_zone": {
    "name": "Availability Zone 1",
    "guid": "guid-1",
    "clusters": [
      {
        "guid": "guid-2",
        "cluster": "a-cluster",
        "resource_pool": "resource-pool-1"
      },
      {
        "guid": "guid-3",
        "cluster": "b-cluster",
        "resource_pool": "resource-pool-2"
      }
    ],
    "iaas_configuration_guid": "iaas-configuration-guid-1"
  }
}
Example Response on Azure (no Availability Zones)
HTTP/1.1 405 Method Not Allowed
{
  "errors": [
    "This IaaS does not support availability zones"
  ]
}

HTTP Request

GET /api/v0/staged/director/availability_zones/:az-guid

This endpoint fetches the availability zone.

iaas_configuration_guid is optional if you only have a single IaaS configuration. Multiple IaaS configurations are only supported on vSphere at this time.

If the IaaS does not support availability zones an error will be returned.

Updating availability zone

Example Request on AWS, Google, Openstack
curl "https://example.com/api/v0/staged/director/availability_zones/existing-guid" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "availability_zone": {
            "name": "us-west-1a",
            "guid": "existing-guid"
           }
        }'
Example Response on AWS, Google, OpenStack
HTTP/1.1 200 OK
{
  "availability_zone": {
    "name": "us-west-1a",
    "guid": "existing-guid",
    "iaas_configuration_guid": "iaas-configuration-guid"
  }
}
Example Request on vSphere
curl "https://example.com/api/v0/staged/director/availability_zones/existing-az-guid" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "availability_zone": {
            "guid": "existing-az-guid",
            "name": "AZ1",
            "clusters": [
              {
                "guid": "existing-cluster-guid",
                "cluster": "pizza-boxes",
                "resource_pool": "maraudon"
              },
              {
                "cluster": "marinara",
                "resource_pool": "maraudon"
              }
            ]
          }
        }'
Example Response on vSphere
HTTP/1.1 200 OK
{
  "availability_zone": {
    "name": "AZ1",
    "guid": "existing-az-guid",
    "iaas_configuration_guid": "iaas-configuration-guid",
    "clusters": [
      {
        "guid": "existing-cluster-guid",
        "cluster": "pizza-boxes",
        "resource_pool": "maraudon"
      },
      {
        "cluster": "marinara",
        "resource_pool": "maraudon"
      }
    ]
  }
}
Example Request on vSphere for Multi-Datacenter
curl "https://example.com/api/v0/staged/director/availability_zones/guid-1" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -d '{
          "availability_zone": {
            "guid": "guid-1",
            "name": "Availability Zone 12",
            "iaas_configuration_guid": "iaas-configuration-guid-2",
            "clusters": [
              {
                "guid": "guid-2",
                "cluster": "a-cluster",
                "resource_pool": "resource-pool-1"
              },
              {
                "guid": "guid-3",
                "cluster": "b-cluster",
                "resource_pool": "resource-pool-2"
              }
            ]
          }
        }'
Example Response on vSphere for Multi-Datacenter with Verification Warnings
HTTP/1.1 207 OK
{
  "availability_zone": {
    "name": "Availability Zone 12",
    "guid": "guid-1",
    "iaas_configuration_guid": "iaas-configuration-guid-2",
    "clusters": [
      {
        "guid": "guid-2",
        "cluster": "a-cluster",
        "resource_pool": "resource-pool-1"
      },
      {
        "guid": "guid-3",
        "cluster": "b-cluster",
        "resource_pool": "resource-pool-2"
      }
    ]
  },
  "warnings": {
    "errors": {
      "base": [
        "Availability zone was saved but there are verification errors which may prevent you from deploying",
        "Cannot find availability zone 'Availability Zone 12'"
      ]
    }
  }
}

HTTP Request

PUT /api/v0/staged/director/availability_zones/:az-guid

This endpoint allows you to update an availability zone.

There are different fields for availability zones per IaaS. Look at the examples to see the valid fields for each IaaS.

iaas_configuration_guid is optional if you only have a single IaaS configuration. Multiple IaaS configurations are only supported on vSphere at this time.

Availability zones are not supported on Azure.

Availability zones that are already on a deployed product cannot be updated.

Deleting single availability zone

Example Request
curl "https://example.com/api/v0/staged/director/availability_zones/guid-1" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on vSphere, AWS, Google, OpenStack
HTTP/1.1 200 OK
{
}
Example Response on Azure (no Availability Zones)
HTTP/1.1 405 Method Not Allowed
{
  "errors": [
    "This IaaS does not support availability zones"
  ]
}

HTTP Request

DELETE /api/v0/staged/director/availability_zones/:az-guid

This endpoint deletes the availability zone. If the IaaS does not support availability zones an error will be returned.

Availability zones that are already on a deployed product cannot be deleted.

Updating availability zones (Experimental)

Example Request on vSphere
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "availability_zones": [
            {
              "guid": "existing-az-guid",
              "name": "AZ1",
              "clusters": [
                {
                  "guid": "existing-cluster-guid",
                  "cluster": "pizza-boxes",
                  "resource_pool": "maraudon"
                },
                {
                  "cluster": "marinara",
                  "resource_pool": "maraudon"
                }
              ]
            }
          ]
        }'
Example Request on AWS
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "availability_zones": [
            { "name": "us-west-1a", "guid": "existing-guid" },
            { "name": "us-east-1a" }
          ]
        }'
Example Request on Google
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "availability_zones": [
            { "name": "us-west1-a", "guid": "existing-guid" },
            { "name": "us-east1-a" }
          ]
        }'
Example Request on OpenStack
curl "https://example.com/api/v0/staged/director/availability_zones" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "availability_zones": [
            { "name": "availability-zone-1", "guid": "existing-guid" },
            { "name": "availability-zone-2" }
          ]
        }'
Example Response on OpenStack with Verification Warnings
HTTP/1.1 207 OK
{
  "availability_zones": [
    { "name": "availability-zone-12", "guid": "existing-guid" },
    { "name": "availability-zone-2" }
  ],
  "warnings": {
    "errors": {
      "base": [
        "Availability zone(s) were saved but there are verification errors which may prevent you from deploying",
        "Cannot find availability zone 'availability-zone-12'"
      ]
    }
  }
}

HTTP Request

PUT /api/v0/staged/director/availability_zones

Use of this endpoint is not recommended. Please use create, update, or delete.

If you are using the multi-datacenter feature on vSphere, this endpoint is not available. On all other IaaS, the iaas_configuration_guid property of availability zones will be ignored and automatically set to the default configuration.

This endpoint allows you to completely replace the collection of availability zones. OpsManager uses GUIDs to match existing objects in the collection. Unmatched availability zones will be added, matched availability zones will be updated, and omitted availability zones will be deleted.

There are different fields for availability zones per IaaS. Look at the examples to see the valid fields for each IaaS. Availability zones are not supported on Azure.

Availability zones that are already on a deployed product cannot be updated or deleted.

Updating network and availability zone assignments

Example Request on Google, vSphere, or AWS
curl "https://example.com/api/v0/staged/director/network_and_az" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "network_and_az": {
             "network": {
               "name": "network_name"
             },
             "singleton_availability_zone": {
               "name": "availability_zone_name"
             }
          }
        }'
Example Request on Azure
curl "https://example.com/api/v0/staged/director/network_and_az" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "network_and_az": {
             "network": {
               "name": "network_name"
             }
          }
        }'

HTTP Request

PUT /api/v0/staged/director/network_and_az

This endpoint allows you to set the network and singleton availability zone for the bosh director. You cannot use this endpoint if the director is already deployed.

On infrastructures which do support availability zones, the parameters must match the names of an already created network and availability zone. The network must have at least one subnet on the singleton availability zone and cannot be a service network.

On Azure, which does not support availability zones, the singleton_availability_zone key is not required, and will be ignored. The network name must match the name of an already created network.

Fetching networks

Example Request
curl "https://example.com/api/v0/staged/director/networks" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
  "icmp_checks_enabled": true,
  "networks": [
    {
      "guid": "0d35c70db3c592cb1ac7",
      "name": "first-network",
      "subnets": [
        {
          "guid": "433d16d727706e3be752",
          "iaas_identifier": "hinterlands-1",
          "cidr": "10.85.41.0/24",
          "dns": "10.87.8.10",
          "gateway": "10.85.41.1",
          "reserved_ip_ranges": "10.85.41.1-10.85.41.97,10.85.41.117-10.85.41.255",
          "availability_zone_names": [
            "first-az",
            "second-az"
          ]
        }
      ]
    }
  ]
}

HTTP Request

GET /api/v0/staged/director/networks

This endpoint fetches the collection of networks (and subnets).

Updating networks (Experimental)

Example Request
curl "https://example.com/api/v0/staged/director/networks" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
                "icmp_checks_enabled": true,
                "networks": [
                  {
                    "name": "network-to-create",
                    "subnets": [{
                      "iaas_identifier": "subnet1",
                      "cidr": "10.0.0.0/24",
                      "reserved_ip_ranges": "10.0.0.1",
                      "dns": "8.8.8.8",
                      "gateway": "10.0.0.100",
                      "availability_zone_names": ["first-az", "second-az"]
                    }]
                  },
                  {
                    "name": "network-to-update",
                    "guid": "existing-network-guid",
                    "subnets": [{
                      "iaas_identifier": "subnet2",
                      "guid": "existing-subnet-guid",
                      "cidr": "10.0.1.0/24",
                      "reserved_ip_ranges": "10.0.1.1-10.0.1.15,10.0.1.20",
                      "dns": "8.8.8.8",
                      "gateway": "10.0.0.100",
                      "availability_zone_names": ["first-az", "second-az"]
                    }]
                  }
                ]
              }'

HTTP Request

PUT /api/v0/staged/director/networks

This endpoint allows you to completely replace the collection of networks (and subnets). OpsManager uses GUIDs to match existing objects in the collection. Unmatched networks will be added, matched networks will be updated, and omitted networks will be deleted.

There are different availability zone rules depending on IaaS, see table:

Iaas Value of availability_zone_names field
AWS An array with 1 AZ name only
Azure Completely omit the field
GCP An array with 1 or more AZ names
OpenStack An array with 1 or more AZ names
vSphere An array with 1 or more AZ names

The iaas_identifier field contains different values based on IaaS as well, identical to the UI.

Products

General information about products regardless of whether or not they are deployed

Get icon of product

curl "https://example.com/api/v0/products/product-guid/icon" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "icon": "iVBORw0KGgoAAAANSUhEUgAAAUIAAADcCAYAAAAFtqgbAAAAAXNS..."
}

HTTP Request

GET /api/v0/products/:product_guid/icon

Returns base64-encoded icon of the product.

Available Products

An available product is a product that has been uploaded into Ops Manager, or is available for download from Pivotal Network. Available products must be added to the Staged products namespace before configuration changes can be made.

Uploading a product

curl "https://example.com/api/v0/available_products" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -F 'product[file]=@/path/to/component.zip'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/available_products

Checking for product updates

curl "https://example.com/api/v0/pivotal_network/available_product_updates" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{ "product_name": "pivnet-product-name" }'
Example Response
HTTP/1.1 200 OK
{
  "versions": [
    "1.1.0",
    "1.0.10"
  ]
}

HTTP Request

GET /api/v0/pivotal_network/available_product_updates

Fetching EULA content for a given product

curl "https://example.com/api/v0/pivotal_network/eulas?product_name=example-product&version=1.0.1" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "eula": "Legalese..."
}

HTTP Request

GET /api/v0/pivotal_network/eulas?product_name=example-product-name&version=1.0.1

This retrieves the EULA for the version of the requested product

Accepting EULA for a given product

curl "https://example.com/api/v0/pivotal_network/eulas?product_name=example-product&version=1.0.1&accept=true" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK

PUT /api/v0/pivotal_network/eulas?product_name=example-product-name&version=1.0.1&accept=true

This accepts the EULA for the version of the requested product, on the Pivotal Network

Download a given product with version from Pivotal Network

curl "https://example.com/api/v0/pivotal_network/downloads" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{ "product_name": "pivnet-product-name", "version": "1.2.3" }'
Example Response
HTTP/1.1 200 OK
{
  "download_id": 1
}

HTTP Request

POST /api/v0/pivotal_network/downloads

You must have an Pivotal Network API token set for this endpoint to work. You must also have accepted the EULA for the provided version of the product.

Check the status of a download for Pivotal Network

curl "https://example.com/api/v0/pivotal_network/download/2" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "download": {
    "id": 2,
    "status": "DOWNLOADING",
    "product_identifier": "pivnet-product-name",
    "product_version": "1.2.3",
    "bytes_downloaded": 89,
    "total_bytes": 100
  }
}

HTTP Request

GET /api/v0/pivotal_network/download/:download_id

Potential values for status:

Checking for stemcell updates

curl "https://example.com/api/v0/pivotal_network/stemcell_updates" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "stemcell_updates": [
    {
      "stemcell_version": "100.10",
      "release_id": 100,
      "products": [
        {
          "product_id": "product1-id"
        },
        {
          "product_id": "product2-id"
        }
      ]
    },
    {
      "stemcell_version": "200.10",
      "release_id": 200,
      "products": [
        {
          "product_id": "product3-id"
        }
      ]
    }
  ]
}

HTTP Request

GET /api/v0/pivotal_network/stemcell_updates

Listing all available products

curl "https://example.com/api/v0/available_products" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
  {
    "name": "p-bosh",
    "product_version": "1.7.0.0"
  },
  {
    "name": "dummy",
    "product_version": "1.0.0.0"
  }
]

HTTP Request

GET /api/v0/available_products

Deleting a single unused product

Deletes a single unused product, and any stemcells and releases used only by it.

curl "https://example.com/api/v0/available_products?product_name=my-product&version=1.2.0" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

DELETE /api/v0/available_products?product_name=my-product&version=1.2.0

Deleting unused products

curl "https://example.com/api/v0/available_products" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

DELETE /api/v0/available_products

Deployed Products

The Deployed namespace represents the actual state of the installation and various deployment-specific attributes can be retrieved here.

Viewing a List of Deployed Products

curl "https://example.com/api/v0/deployed/products" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
  {
    "installation_name": "component-type1-installation-name",
    "guid": "component-type1-guid",
    "type": "component-type1",
    "product_version": "1.0",
    "stale": {
      "parent_products_deployed_more_recently": ["p-bosh-guid"]
    }
  },
  {
    "installation_name": "p-bosh-installation-name",
    "guid": "p-bosh-guid",
    "type": "p-bosh",
    "stale": {
      "parent_products_deployed_more_recently": []
    }
  }
]

HTTP Request

GET /api/v0/deployed/products

Adding an available product to the installation

Query Parameters

Parameter Description
name The name of the product as specified in the product template, e.g. ‘cf’ or 'p-mysql’
product_version The version of the product as specified in the product template, e.g. '1.2.0.0’
stale:parent_products_deployed_more_recently List of a product’s parent dependencies that were deployed without the product, resulting in potential staleness.

Viewing available credentials

curl "https://example.com/api/v0/deployed/products/product-guid/credentials" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "credentials": [
    ".properties.some-credentials",
    ".my-job.some-credentials"
  ]
}

HTTP Request

GET /api/v0/deployed/products/:product_guid/credentials

This endpoint returns a list of references for credential properties for the given deployed product, except for VM credentials. These references can be used to get the credentials themselves using the credentials endpoint.

Query Parameters

Parameter Description
product_guid A product guid

Fetching credentials

curl "https://example.com/api/v0/deployed/products/product-guid/credentials/.properties.some-credentials" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "credential": {
    "type": "simple_credentials",
    "value": {
      "identity": "carmen-sandiego",
      "password": "example-hiding-somewhere"
    }
  }
}

HTTP Request

GET /api/v0/deployed/products/:product_guid/credentials/:credential_reference

This endpoint returns the credentials for a specified credential reference as a hash.

Query Parameters

Parameter Description
credential_reference The credential reference string
product_guid A product guid

Fetching variables

curl "https://example.com/api/v0/deployed/products/product-guid/variables" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "variables": ["first-variable", "second-variable", "third-variable"]
}

HTTP Request

GET /api/v0/deployed/products/:product-guid/variables

This endpoint returns the list of variables that bosh director knows about for a product.

Query Parameters

Parameter Description
variable_name The name of the variable as a string
product_guid A product guid

Fetching variable values

curl "https://example.com/api/v0/deployed/products/product-guid/variables?name=credhub-password" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "credhub-password": "example-password"
}

HTTP Request

GET /api/v0/deployed/products/:product-guid/variables?name=:variable_name

This endpoint returns the current value for a specified variable stored in credhub. Note that some variables may not be stored in credhub.

Query Parameters

Parameter Description
variable_name The name of the variable as a string
product_guid A product guid

Listing VM credentials for product jobs

curl "https://example.com/api/v0/deployed/products/component-type1-guid/vm_credentials" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
  {
    "name": "compilation-guid",
    "identity": "vcap1",
    "password": "example-vm-password1"
  },
  {
    "name": "job-type1-guid",
    "identity": "vcap1",
    "password": "example-vm-password1"
  },
  {
    "name": "credentials-job-guid",
    "identity": "vcap",
    "password": "example-vm-password"
  }
]

HTTP Request

GET /api/v0/deployed/products/:product_guid/vm_credentials

Query Parameters

Parameter Description
product_guid Product ID

Retrieving status of product jobs

curl "https://example.com/api/v0/deployed/products/product-guid/status" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "status": [
    {
      "job-name": "web_server-7f841fc2af9c2b357cc4",
      "index": 0,
      "az_guid": "ee61aa1e420ed3fdf276",
      "az_name": "first-az",
      "ips": [
        "10.85.42.58"
      ],
      "cid": "vm-448ef313-86ee-4049-87cf-764ca2fa97e7",
      "load_avg": [
        "0.00",
        "0.01",
        "0.03"
      ],
      "cpu": {
        "sys": "0.1",
        "user": "0.2",
        "wait": "0.3"
      },
      "memory": {
        "kb": "60632",
        "percent": "6"
      },
      "swap": {
        "kb": "0",
        "percent": "0"
      },
      "system_disk": {
        "inode_percent": "31",
        "percent": "42"
      },
      "ephemeral_disk": {
        "inode_percent": "0",
        "percent": "1"
      },
      "persistent_disk": {
        "inode_percent": "0",
        "percent": "0"
      }
    }
  ]
}

HTTP Request

GET /api/v0/deployed/products/:product_guid/status

The information returned is based on the output of the bosh vms command, with some additional data added.

Listing static IP assignments for product jobs

curl "https://example.com/api/v0/deployed/products/component-type1-guid/static_ips" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
  {
    "name": "job-type1-guid",
    "ips": [
      "192.168.163.4"
    ]
  },
  {
    "name": "credentials-job",
    "ips": [
      "192.168.163.7"
    ]
  }
]

HTTP Request

GET /api/v0/deployed/products/:product_guid/static_ips

Query Parameters

Parameter Description
product_guid Product ID

Enqueueing log downloads for a given job

curl "https://example.com/api/v0/deployed/products/product-type1-guid/jobs/job-example-1-guid/logs" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "id": "3453589567389"
}

HTTP Request

POST /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs

This returns a task identifier for the async operation that performs log downloading from BOSH.

To track log download status, call GET /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs

Listing log download tasks for a given job

curl "https://example.com/api/v0/deployed/products/component-type1-guid/jobs/job-example-guid/logs" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "tasks": [
    {
      "guid": "3854e98d1378",
      "status": "downloaded",
      "timestamp": "2016-04-21 17:32:10 UTC"
    },
    {
      "guid": "b550456bddbc",
      "status": "downloaded",
      "timestamp": "2016-04-21 17:32:51 UTC"
    },
    {
      "guid": "816ae3784f94",
      "status": "downloaded",
      "timestamp": "2016-04-21 18:08:43 UTC"
    }
  ]
}

HTTP Request

GET /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs

ZIP files for tasks in the ‘downloaded’ stage are available at /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs/:task_guid

Download ZIP file with logs

curl -o logs.zip "https://example.com/api/v0/deployed/products/product-type1-guid/jobs/job-example-1-guid/logs/task-guid-example" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 70035    0 70035    0     0   348k      0 --:--:-- --:--:-- --:--:--  348k

HTTP Request

POST /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs/:task_id

List jobs for a given product

curl "https://example.com/api/v0/deployed/products/component-type1-guid/jobs" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "jobs": [
    {
      "guid": "web-server12345sdfk",
      "name": "web-server"
    },
    {
      "guid": "etcd12345sdfk",
      "name": "etcd"
    }
  ]
}

HTTP Request

GET /api/v0/deployed/products/:product_guid/jobs

Returns an array of the jobs on a deployed product by name and guid.

Staged Products

Staged Products are products that have been added to the Ops Manager Installation. The Staged namespace represents the desired state of the installation. Changes can be deployed by triggering the installations controller.

Listing all staged products

curl "https://example.com/api/v0/staged/products" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
  {
    "installation_name": "component-type1-installation-name",
    "guid": "component-type1-guid",
    "type": "component-type1"
  },
  {
    "installation_name": "p-bosh-installation-name",
    "guid": "p-bosh-guid",
    "type": "p-bosh"
  }
]

HTTP Request

GET /api/v0/staged/products

Adding an available product

curl "https://example.com/api/v0/staged/products" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"name": "component-type1", "product_version": "1.0.0.1"}'
Example Response
HTTP/1.1 200 OK

HTTP Request

POST /api/v0/staged/products

Query Parameters

Parameter Description
name The name of the product as specified in the product template, e.g. ‘cf’ or 'p-mysql’
product_version The version of the product as specified in the product template, e.g. '1.2.0.0’

Removing products

curl "https://example.com/api/v0/staged/products/component-type1-guid" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{}'
Example Response
HTTP/1.1 200 OK
{
  "component": {
    "guid": "component-type1-guid"
  }
}

HTTP Request

DELETE /api/v0/staged/products/:id

Query Parameters

Parameter Description
id The guid of the product to be removed from the installation

Upgrading a product

curl "https://example.com/api/v0/staged/products/dummy-guid" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"to_version": "2.0.0.0-alpha"}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:id

Query Parameters

Parameter Description
id The guid of the product to upgrade
to_version Version to which the product will be upgraded

Retrieving a list of jobs

curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "jobs": [
    {
      "name": "job-1-name",
      "guid": "job-1-guid"
    }
  ]
}

HTTP Request

GET /api/v0/staged/products/:product_guid/jobs

This endpoint returns a list of all jobs associated with a product.

Retrieving resource configuration for a product

curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/resources" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "resources": [
    {
      "identifier": "web_server",
      "description": "this is a web server job",
      "instances": "1",
      "instances_best_fit": 1,
      "instance_type_id": "micro",
      "instance_type_best_fit": "micro",
      "persistent_disk_mb": 1024,
      "persistent_disk_best_fit": 1024
    }
  ]
}

HTTP Request

GET /api/v0/staged/products/:product_guid/resources

This endpoint returns a list of the compute and disk configuration for all jobs on the product.

Retrieving resources for a job

curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
  "instances": 1,
  "instance_type": {
    "id": "m3.medium"
  },
  "persistent_disk": {
    "size_mb": "1024"
  },
  "internet_connected": true,
  "elb_names": ["my-elb"],
  "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
}
Example Response on Vsphere
HTTP/1.1 200 OK
{
  "instances": 1,
  "instance_type": {
    "id": "automatic"
  },
  "persistent_disk": {
    "size_mb": "1024"
  },
  "nsx_lbs": [
    {
      "edge_name": "edge-1",
      "pool_name": "pool-1",
      "security_group": "sg-1",
      "port": "5000"
    },
    {
      "edge_name": "edge-2",
      "pool_name": "pool-2",
      "security_group": "sg-2",
      "port": "5000"
    }
  ],
  "nsx_security_groups": ["sg-1", "sg-2"],
  "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
}
Example Response on Google
HTTP/1.1 200 OK
{
  "instance_type": {
    "id": "automatic"
  },
  "instances": "automatic",
  "internet_connected": true,
  "elb_names": [],
  "persistent_disk": {
    "size_mb": "automatic"
  },
  "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
}
Example Response on Azure
HTTP/1.1 200 OK
{
  "instance_type": {
    "id": "automatic"
  },
  "instances": "automatic",
  "internet_connected": false,
  "elb_names": [],
  "persistent_disk": {
    "size_mb": "automatic"
  },
  "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
}
Example Response on OpenStack
HTTP/1.1 200 OK
{
  "instance_type": {
    "id": "automatic"
  },
  "instances": "automatic",
  "persistent_disk": {
    "size_mb": "automatic"
  },
  "floating_ips": "1.1.1.1-1.1.1.2",
  "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
}

HTTP Request

GET /api/v0/staged/products/:product_guid/jobs/:job_id/resource_config

This endpoint returns compute and disk configuration for a job.

Field Descriptions

Parameter Description
instances The number of instances for the job or “automatic”
instance_type[id] The id of the instance type found in the instance type catalog or “automatic”
persistent_disk[size_mb] The mb size of persistent disk if configurable for the job found in the disk type catalog or “automatic”
internet_connected True if VM should be given an IP accessible on the public internet (AWS, Google, and Azure)
elb_names An array of elb names (AWS, Google, and Azure)
nsx_security_groups An array of security groups configured on NSX (vSphere)
nsx_lbs An array of load balancer attributes to be applied to the job (vSphere).
nsx_lbs[edge_name] Name of NSX edge (vSphere).
nsx_lbs[pool_name] Name of the NSX Edge’s Server Pool (vSphere)
nsx_lbs[security_group] Name of NSX Pool’s target Security Group (vSphere)
nsx_lbs[port] Name of the port that the VM’s service is listening on (vSphere)
floating_ips An IP range for floating ips (OpenStack)
additional_vm_extensions An array of additional VM extensions to apply on the job that you configured separately on the BOSH director.

Configuring resources for a job

Example Request on AWS or Azure
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "instances": 1,
          "instance_type": {
            "id": "automatic"
          },
          "persistent_disk": {
            "size_mb": "20480"
          },
          "internet_connected": true,
          "elb_names": ["my-elb"],
          "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
        }'
Example Request on Google
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "instances": 1,
          "instance_type": {
            "id": "automatic"
          },
          "persistent_disk": {
            "size_mb": "20480"
          },
          "internet_connected": true,
          "elb_names": ["tcp:load_balancer_1", "http:load_balancer_2"],
          "additional_vm_extensions": ["vm_ext_setting_automatic_restart", "vm_ext_setting_on_host_maintenance"]
        }'
Example Request on vSphere
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "instances": 1,
          "instance_type": {
            "id": "automatic"
          },
          "persistent_disk": {
            "size_mb": "20480"
          },
          "nsx_security_groups":["sg1", "sg2"],
          "nsx_lbs": [
          {
            "edge_name": "edge-1",
            "pool_name": "pool-1",
            "security_group": "sg-1",
            "port": "5000"
          },
          {
            "edge_name": "edge-2",
            "pool_name": "pool-2",
            "security_group": "sg-2",
            "port": "5000"
          }],
          "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
        }'
Example Request on OpenStack
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "instances": 2,
          "instance_type": {
            "id": "automatic"
          },
          "persistent_disk": {
            "size_mb": "automatic"
          },
          "floating_ips": "1.0.0.0-1.0.0.1",
          "additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"]
        }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:product_guid/jobs/:job_id/resource_config

This endpoint allows setting compute and disk configuration for a job.

Query Parameters

Parameter Description
instances The number of instances for the job or “automatic”
instance_type[id] The id of the instance type found in the instance type catalog or “automatic”
persistent_disk[size_mb] (Optional) The mb size of persistent disk if configurable for the job found in the disk type catalog or “automatic”
internet_connected (Optional) True if the VM is given an IP accessible on the public internet (AWS, Google, and Azure)
elb_names (Optional, see below.) An array of elb names (AWS, Google, and Azure).
nsx_security_groups (Optional) An array of security group names to be applied to the job (vSphere). Applies to both NSX-V and NSX-T configurations.
nsx_lbs (Optional, only applies to NSX-V configurations.) An array of load balancer attributes to be applied to the job (vSphere).
nsx_lbs[edge_name] Name of NSX edge, required if providing nsx_lbs (vSphere).
nsx_lbs[pool_name] Name of the NSX Edge’s Server Pool, required if providing nsx_lbs (vSphere)
nsx_lbs[security_group] Name of NSX Pool’s target Security Group, required if providing nsx_lbs (vSphere)
nsx_lbs[port] Name of the port that the VM’s service is listening on, required if providing nsx_lbs (vSphere)
floating_ips An IP range, e.g. “1.0.0.0-1.0.0.1” for floating ips (OpenStack)
additional_vm_extensions (Optional) Additional VM extensions to apply on the job that you configured separately on the BOSH director.

The value of elb_names may be specific to the infrastructure.

Retrieving the max_in_flight settings for a product’s jobs

curl "https://example.com/api/v0/staged/products/product-type1-guid/max_in_flight" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "max_in_flight": [
    {
      "example-job-guid-1": 5,
      "example-job-guid-2": "10%"
    }
  ]
}

HTTP Request

GET /api/v0/staged/products/:product_guid/max_in_flight

This endpoint returns a list of the max_in_flight setting for all of the product’s jobs.

Configuring the max_in_flight settings for a product’s jobs

curl "https://example.com/api/v0/staged/products/product-type1-guid/max_in_flight" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "max_in_flight": {
            "job_1_guid": 1,
            "job_2_guid": "20%",
            "job_3_guid": "default"
          }
        }'
Example Response
HTTP/1.1 200 OK

HTTP Request

PUT /api/v0/staged/products/:product_guid/max_in_flight

This endpoint allows configuration of max_in_flight settings for jobs on a product. This overrides product defaults.

Values can be a either a percentage, or an absolute count of configured instances. Example: In order to set max_in_flight to 2, given a job with 10 instances, set max_in_flight as 2 or “20%”.

To reset the max_in_flight value for a job to its default, use the string “default” as the value.

Listing currently assigned networks and azs

curl "https://example.com/api/v0/staged/products/product-type1-guid/networks_and_azs" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "networks_and_azs": {
    "singleton_availability_zone": {
      "name": "az-one"
    },
    "other_availability_zones": [
      { "name": "az-two" },
      { "name": "az-three" }
    ],
    "network": {
      "name": "network-one"
    }
  }
}

HTTP Request

GET /api/v0/staged/products/:product_guid/networks_and_azs

This endpoint returns the current network and AZ assignment.

Configuring networks and azs

curl "https://example.com/api/v0/staged/products/product-type1-guid/networks_and_azs" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "networks_and_azs": {
            "singleton_availability_zone": {
              "name": "az-one"
            },
            "other_availability_zones": [
              { "name": "az-two" },
              { "name": "az-three" }
            ],
            "network": {
              "name": "network-one"
            }
          }
        }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:product_guid/networks_and_azs

This endpoint allows assigning AZs and networks.

Viewing currently selected errands

curl "https://example.com/api/v0/staged/products/product-type1-guid/errands" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
    "errands": [
    {
      "name": "errand-1",
      "post_deploy": false,
      "label": "Errand 1 Label"
    },
    {
      "name": "errand-2",
      "pre_delete": true,
      "label": "Errand 2 Label"
    },
    {
      "name": "shared-errand",
      "post_deploy": false,
      "pre_delete": true,
      "label": "Shared Errand Label"
    }
    ]
}

HTTP Request

GET /api/v0/staged/products/:product_guid/errands

Errands allowed to run as post_deploy or pre_delete are determined by the product template.

The presence of the ‘post_deploy’ or 'pre_delete’ key in the response indicates the product author’s intent.

The boolean value indicates whether the errand is enabled for that lifecycle event by the operator.

Configuring errands

curl "https://example.com/api/v0/staged/products/product-type1-guid/errands" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "errands": [
            {
              "name": "example-errand1",
              "post_deploy": true,
              "pre_delete": true
            },
            {
              "name": "example-errand2",
              "post_deploy": true
            },
            {
              "name": "example-errand3",
              "post_deploy": false
            },
            {
              "name": "example-errand3",
              "post_deploy": "default"
            },
            {
              "name": "example-errand4",
              "post_deploy": true,
              "pre_delete": true
            },
            {
              "name": "example-errand5",
              "pre_delete": false
            },
            {
              "name": "example-errand6",
              "pre_delete": "default"
            }
          ]
        }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:product_guid/errands

Set enabled or disabled list of errands to run.

Query Parameters

Parameter Description
errands List of errands and the run state for the errand (Optional)

For post deploy, errands support the following states:
  • true
  • false
  • “default”
For pre delete, errands support the following states:
  • true
  • false
  • “default”

Viewing product properties

curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "properties": {
    ".properties.example_selector": {
      "type": "selector",
      "configurable": true,
      "credential": false,
      "value": "Pizza",
      "optional": false
    },
    ".properties.example_selector.pizza_option.pepperoni": {
      "type": "boolean",
      "configurable": true,
      "credential": false,
      "value": false,
      "optional": false
    },
    ".properties.example_selector.pizza_option.pineapple": {
      "type": "boolean",
      "configurable": true,
      "credential": false,
      "value": false,
      "optional": false
    },
    ".properties.example_selector.pizza_option.other_toppings": {
      "type": "string",
      "configurable": true,
      "credential": false,
      "value": null,
      "optional": true
    },
    ".properties.example_selector.filet_mignon_option.rarity_dropdown": {
      "type": "dropdown_select",
      "configurable": true,
      "credential": false,
      "value": "rare",
      "optional": false,
      "options": [
        {
          "label": "Rare (1)",
          "value": 1
        },
        {
          "label": "Medium (2)",
          "value": 2
        },
        {
          "label": "Well done (3)",
          "value": 3
        }
      ]
    },
    ".properties.example_selector.filet_mignon_option.review": {
      "type": "string",
      "configurable": true,
      "credential": false,
      "value": "A+++++ power seller of mail order steak",
      "optional": false
    },
    ".properties.example_selector.filet_mignon_option.secret_sauce": {
      "type": "secret",
      "configurable": true,
      "credential": true,
      "value": {
        "secret": "***"
      },
      "optional": true
    },
    ".properties.example_selector.beverage_option.cola": {
      "type": "string",
      "configurable": true,
      "credential": false,
      "value": null,
      "optional": true
    },
    ".properties.example_collection": {
      "type": "collection",
      "configurable": true,
      "credential": false,
      "value": [
        {
          "guid": {
            "type": "uuid",
            "configurable": false,
            "credential": false,
            "value": "b8c38874-bf7a-45ae-adba-705dabc5f6ef",
            "optional": false
          },
          "album": {
            "type": "string",
            "configurable": false,
            "credential": false,
            "value": "Christmas Carols",
            "optional": false
          },
          "artist": {
            "type": "string",
            "configurable": false,
            "credential": false,
            "value": "Ops Manatee",
            "optional": false
          },
          "explicit": {
            "type": "boolean",
            "configurable": false,
            "credential": false,
            "value": true,
            "optional": false
          },
          "secret_meaning": {
            "type": "secret",
            "configurable": true,
            "credential": true,
            "value": {
              "secret": "***"
            },
            "optional": true
          },
          "vm_type": {
            "type": "vm_type_dropdown",
            "configurable": true,
            "credential": false,
            "value": null,
            "optional": true
          },
          "disk_type": {
            "type": "disk_type_dropdown",
            "configurable": true,
            "credential": false,
            "value": null,
            "optional": true
          },
          "genre": {
            "type": "dropdown_select",
            "configurable": true,
            "credential": false,
            "value": "edm",
            "optional": true,
            "options": [
              {
                "label": "Rock",
                "value": "rock"
              },
              {
                "label": "Country",
                "value": "country"
              },
              {
                "label": "Beep Boop PSH",
                "value": "edm"
              }
            ]
          },
          "example_service_network_az_single_select": {
            "type": "service_network_az_single_select",
            "configurable": true,
            "credential": false,
            "value": null,
            "optional": true
          },
          "example_service_network_az_multi_select": {
            "type": "service_network_az_multi_select",
            "configurable": true,
            "credential": false,
            "value": null,
            "optional": true
          }
        }
      ],
      "optional": false
    },
    ".web_server.static_ips": {
      "type": "ip_ranges",
      "configurable": true,
      "credential": false,
      "value": null,
      "optional": true
    },
    ".web_server.generated_rsa_cert_credentials": {
      "type": "rsa_cert_credentials",
      "configurable": false,
      "credential": true,
      "value": {
        "private_key_pem": "***"
      },
      "optional": false
    },
    ".web_server.generated_rsa_pkey_credentials": {
      "type": "rsa_pkey_credentials",
      "configurable": false,
      "credential": true,
      "value": {
        "private_key_pem": "***"
      },
      "optional": false
    },
    ".web_server.generated_salted_credentials": {
      "type": "salted_credentials",
      "configurable": false,
      "credential": true,
      "value": {
        "password": "***",
        "salt": "***"
      },
      "optional": false
    },
    ".web_server.generated_simple_credentials": {
      "type": "simple_credentials",
      "configurable": false,
      "credential": true,
      "value": {
        "password": "***"
      },
      "optional": false
    },
    ".web_server.generated_secret": {
      "type": "secret",
      "configurable": false,
      "credential": true,
      "value": {
        "secret": "***"
      },
      "optional": false
    },
    ".web_server.generated_uuid": {
      "type": "uuid",
      "configurable": false,
      "credential": false,
      "value": null,
      "optional": false
    },
    ".web_server.configured_secret": {
      "type": "secret",
      "configurable": true,
      "credential": true,
      "value": {
        "secret": "***"
      },
      "optional": true
    },
    ".web_server.configured_simple_credentials": {
      "type": "simple_credentials",
      "configurable": true,
      "credential": true,
      "value": {
        "password": "***"
      },
      "optional": true
    },
    ".web_server.configured_rsa_cert_credentials": {
      "type": "rsa_cert_credentials",
      "configurable": true,
      "credential": true,
      "value": {
        "private_key_pem": "***"
      },
      "optional": true
    },
    ".web_server.example_string_with_placeholder": {
      "type": "string",
      "configurable": true,
      "credential": false,
      "value": null,
      "optional": true
    },
    ".web_server.example_string": {
      "type": "string",
      "configurable": true,
      "credential": false,
      "value": "Hello world",
      "optional": false
    },
    ".web_server.example_migrated_integer": {
      "type": "integer",
      "configurable": true,
      "credential": false,
      "value": 1,
      "optional": false
    },
    ".web_server.example_boolean": {
      "type": "boolean",
      "configurable": true,
      "credential": false,
      "value": true,
      "optional": false
    },
    ".web_server.example_dropdown": {
      "type": "dropdown_select",
      "configurable": true,
      "credential": false,
      "value": "kiwi",
      "optional": false,
      "options": [
        {
          "label": "label for kiwi",
          "value": "kiwi"
        },
        {
          "label": "label for lime",
          "value": "lime"
        },
        {
          "label": "label for avocado",
          "value": "avocado"
        }
      ]
    },
    ".web_server.example_domain": {
      "type": "domain",
      "configurable": true,
      "credential": false,
      "value": "www.example.com",
      "optional": false
    },
    ".web_server.example_wildcard_domain": {
      "type": "wildcard_domain",
      "configurable": true,
      "credential": false,
      "value": "example.com",
      "optional": false
    },
    ".web_server.example_string_list": {
      "type": "string_list",
      "configurable": true,
      "credential": false,
      "value": "a,list,of,strings",
      "optional": false
    },
    ".web_server.example_text": {
      "type": "text",
      "configurable": true,
      "credential": false,
      "value": "some_text",
      "optional": false
    },
    ".web_server.example_ldap_url": {
      "type": "ldap_url",
      "configurable": true,
      "credential": false,
      "value": "ldap://example.com",
      "optional": false
    },
    ".web_server.example_email": {
      "type": "email",
      "configurable": true,
      "credential": false,
      "value": "foo@example.com",
      "optional": false
    },
    ".web_server.example_http_url": {
      "type": "http_url",
      "configurable": true,
      "credential": false,
      "value": "http://www.example.com",
      "optional": false
    },
    ".web_server.example_ip_address": {
      "type": "ip_address",
      "configurable": true,
      "credential": false,
      "value": "192.168.0.1",
      "optional": false
    },
    ".web_server.example_ip_ranges": {
      "type": "ip_ranges",
      "configurable": true,
      "credential": false,
      "value": "1.1.1.1-1.1.1.4,2.2.2.1-2.2.2.4",
      "optional": false
    },
    ".web_server.example_multi_select_options": {
      "type": "multi_select_options",
      "configurable": true,
      "credential": false,
      "value": [
        "earth",
        "jupiter"
      ],
      "optional": false
    },
    ".web_server.example_network_address_list": {
      "type": "network_address_list",
      "configurable": true,
      "credential": false,
      "value": "1.1.1.1,example.com,foo.bar.example.com",
      "optional": false
    },
    ".web_server.example_network_address": {
      "type": "network_address",
      "configurable": true,
      "credential": false,
      "value": "1.1.1.1",
      "optional": false
    },
    ".web_server.example_port": {
      "type": "port",
      "configurable": true,
      "credential": false,
      "value": 1111,
      "optional": false
    },
    ".web_server.example_smtp_authentication": {
      "type": "smtp_authentication",
      "configurable": true,
      "credential": false,
      "value": "plain",
      "optional": false
    },
    ".web_server.client_certificate": {
      "type": "ca_certificate",
      "configurable": true,
      "credential": false,
      "value": null,
      "optional": true
    }
  }
}

HTTP Request

GET /api/v0/staged/products/:product_guid/properties

This endpoint returns a list of all of the product’s properties, along with currently set values.

Updating a simple property

# Simple Property
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "properties": {
            ".properties.top-level-property": {"value": "valid-data" },
            ".a-job.job-property": {"value": "new-job-data" }
          }
        }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:product_guid/properties

Updating a hashed property

# Hashed Property
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "properties": {
            ".a-job.job-property": {"value": {"identity": "username", "password": "example-new-password"} }
          }
        }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:product_guid/properties

Updating a selector property

# Selector Property
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "properties": {
            ".properties.example_selector": {
              "value": "Filet Mignon"
            },
            ".properties.example_selector.filet_mignon_option.review": {
              "value": "B-"
            }
          }
        }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:product_guid/properties

Updating a collection property

# Collection Property
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "properties": {
            ".top-level-property": {
              "value": [
                {
                  "guid": "66f94d18-e02f-4717-a8ac-121f2cead19c",
                  "name": "jesse",
                  "my-secret": {"secret": "example-secret"}
                }
              ]
            }
          }
        }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/products/:product_guid/properties

Deployed VM Extensions

VM Extensions are used to specify cloud properties specific to your IaaS for selected instance groups. They are detailed in the BOSH documentation: https://bosh.io/docs/cloud-config.html#vm-extensions

Retrieving all of the VM extensions

curl "https://example.com/api/v0/deployed/vm_extensions" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "vm_extensions": [
    {
      "name": "vm_ext1",
      "cloud_properties": {
        "source_dest_check": false
      }
    },
    {
      "name": "vm_ext2",
      "cloud_properties": {
        "key_name": "operations_keypair"
      }
    }
  ]
}

HTTP Request

GET /api/v0/deployed/vm_extensions

This endpoint returns a list of all of the deployed user-specified VM extensions.

Staged VM Extensions

VM Extensions are used to specify cloud properties specific to your IaaS for selected instance groups. They are detailed in the BOSH documentation: https://bosh.io/docs/cloud-config.html#vm-extensions

Creating a new VM extension

curl "https://example.com/api/v0/staged/vm_extensions" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"name": "vm_ext1", "cloud_properties": { "source_dest_check": false }}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/staged/vm_extensions

This endpoint creates a single user-specified VM extension.

Query Parameters

Parameter Description
name The name of the VM extension to create.
cloud_properties A hash of the cloud properties for the VM extension. Each IaaS allows different cloud properties, e.g. see Cloud Properties for AWS.
The full list of VM extension cloud properties is given here.

Updating or creating a new VM extension

curl "https://example.com/api/v0/staged/vm_extensions/example_vm_extension_name" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"name": "example_vm_extension_name", "cloud_properties": { "source_dest_check": false }}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/staged/vm_extensions/:name

This endpoint updates or creates a single user-specified VM extension.

Query Parameters

Parameter Description
name The name of the VM extension to create.
cloud_properties A hash of the cloud properties for the VM extension. Each IaaS allows different cloud properties, e.g. see Cloud Properties for AWS.
The full list of VM extension cloud properties is given here.

Retrieving a single VM extension

curl "https://example.com/api/v0/staged/vm_extensions/example_vm_extension_name" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "vm_extension": [
    {
      "name": "example_vm_extension_name",
      "cloud_properties": {
        "source_dest_check": false
      }
    }
  ]
}

HTTP Request

GET /api/v0/staged/vm_extensions/:vm_extension_name

This endpoint returns a user-specified VM extension.

Path Parameters

Parameter Description
name The name of the VM extension.

Retrieving all of the VM extensions

curl "https://example.com/api/v0/staged/vm_extensions" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "vm_extensions": [
    {
      "name": "vm_ext1",
      "cloud_properties": {
        "source_dest_check": false
      }
    },
    {
      "name": "vm_ext2",
      "cloud_properties": {
        "key_name": "operations_keypair"
      }
    }
  ]
}

HTTP Request

GET /api/v0/staged/vm_extensions

This endpoint returns a list of all of the user-specified VM extensions.

Deleting a VM extension

curl "https://example.com/api/v0/staged/vm_extensions/vm_ext1" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"name": "vm_ext1"}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

DELETE /api/v0/staged/vm_extensions/:name

This endpoint deletes a single user-specified VM extension.

Query Parameters

Parameter Description
name The name of the VM extension to delete.

Stemcell Assignments

Associate stemcells to products

curl "https://example.com/api/v0/stemcell_assignments" \
    -X PATCH \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
        "products": [
          {
            "guid":"product_template_for-product-1-b53ab52cd2c084ebcf6f",
            "staged_stemcell_version": "1.3"
          }
        ]
      }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PATCH /api/v0/stemcell_assignments

Associating a stemcell to products

Query Parameters

Parameter Description
products An array of products

Each product has the following attributes:
  • guid
  • staged_stemcell_version

Listing product-stemcell assignments

curl "https://example.com/api/v0/stemcell_assignments" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "products": [
    {
      "guid": "p-bosh-4e531084598242b05f9f",
      "type": "p-bosh",
      "label": "BOSH Director",
      "product_version": "2.0-build.213",
      "staged_stemcell_version": "3468.13",
      "deployed_stemcell_version": "3468.13",
      "available_stemcell_versions": [
        "3468.13"
      ],
      "required_stemcell_version": "3468.13",
      "required_stemcell_os": "ubuntu-trusty"
    },
    {
      "guid": "deployed-product-97b88e825c634e430a66",
      "type": "deployed-product",
      "label": "Deployed Product",
      "product_version": "1.0-build.1",
      "staged_stemcell_version": "3468.15",
      "deployed_stemcell_version": "3468.15",
      "is_staged_for_deletion": false,
      "available_stemcell_versions": [
        "3468.15",
        "3468.16"
      ],
      "required_stemcell_version": "3468.14",
      "required_stemcell_os": "ubuntu-trusty"
    },
    {
      "guid": "new-product-97b88e825c634e430a67",
      "type": "new-product",
      "label": "New Product",
      "product_version": "1.0-build.1",
      "staged_stemcell_version": "3468.16",
      "deployed_stemcell_version": null,
      "is_staged_for_deletion": false,
      "available_stemcell_versions": [
        "3468.15",
        "3468.16"
      ],
      "required_stemcell_version": "3468.14",
      "required_stemcell_os": "ubuntu-trusty"
    },
    {
      "guid": "product-staged-for-deletion-97b88e825c634e430a68",
      "type": "product-staged-for-deletion",
      "label": "Product Staged for Deletion",
      "product_version": "1.0-build.1",
      "staged_stemcell_version": null,
      "deployed_stemcell_version": "3468.14",
      "is_staged_for_deletion": true,
      "available_stemcell_versions": [],
      "required_stemcell_version": "3468.14",
      "required_stemcell_os": "ubuntu-trusty"
    }
  ],
  "stemcell_library": [
    {
      "version": "3468.13",
      "os": "ubuntu-trusty",
      "infrastructure": "google",
      "hypervisor": "kvm",
      "light": true
    },
    {
      "version": "3468.14",
      "os": "ubuntu-trusty",
      "infrastructure": "google",
      "hypervisor": "kvm",
      "light": true
    },
    {
      "version": "3468.15",
      "os": "ubuntu-trusty",
      "infrastructure": "google",
      "hypervisor": "kvm",
      "light": true
    }
  ]
}

HTTP Request

GET /api/v0/stemcell_assignments

This endpoint returns information for all products regarding which stemcells each product is assigned and which are available to upgrade to.

Stemcells

Uploading stemcells

curl "https://example.com/api/v0/stemcells" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -F 'stemcell[file]=@/path/to/stemcell/bosh-stemcell-3468.24-vsphere-esxi-ubuntu-trusty-go_agent.tgz' \
    -F 'stemcell[floating]=false'
Example Response
HTTP/1.1 200 OK
{
  "stemcell": {
    "infrastructure": "vsphere",
    "hypervisor":"esxi",
    "os":"ubuntu-trusty",
    "version":"3468.24",
    "file":"bosh-stemcell-3468.24-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
    "name":"bosh-vsphere-esxi-ubuntu-trusty-go_agent"
  }
}

HTTP Request

POST /api/v0/stemcells

Importing a stemcell

Query Parameters

Parameter Description
stemcell[file] Stemcell file
stemcell[floating] When set to true, OpsManager automatically assigns the new stemcell to all compatible products. Defaults to true.

Disk types

Returning all disk types

curl "https://example.com/api/v0/disk_types" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "disk_types": [
    {
      "name": "1024",
      "builtin": true,
      "size_mb": 1024
    },
    {
      "name": "2048",
      "builtin": true,
      "size_mb": 2048
    },
    {
      "name": "5120",
      "builtin": true,
      "size_mb": 5120
    }
  ]
}

HTTP Request

GET /api/v0/disk_types

When overridden by custom types, this endpoint returns the custom types and the response will include the dates that the custom disk types were created and modified.

Deleting all custom disk types

curl "https://example.com/api/v0/disk_types" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK

HTTP Request

DELETE /api/v0/disk_types

Returns available disk types to the default list

Overriding defaults with custom disk types

curl "https://example.com/api/v0/disk_types" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "disk_types": [
            { "size_mb":999 },
            { "size_mb":888 },
            { "size_mb":777 }
          ]
        }'
Example Response
HTTP/1.1 200 OK
{
  "disk_types": [
    {
      "size_mb": 999
    },
    {
      "size_mb": 888
    },
    {
      "size_mb": 777
    }
  ]
}

HTTP Request

PUT /api/v0/disk_types

When overridden, the default types will be replaced by operator provided sizes. Operators can repeatedly update the list of available sizes, and any jobs using no-longer-available-sizes will be returned to the default of “automatic”.

VM types

Returning all VM types

curl "https://example.com/api/v0/vm_types" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "vm_types": [
    {
      "name": "nano",
      "ram": 512,
      "cpu": 1,
      "ephemeral_disk": 1024,
      "builtin": true
    },
    {
      "name": "micro",
      "ram": 1024,
      "cpu": 1,
      "ephemeral_disk": 2048,
      "builtin": true
    },
    {
      "name": "small.disk",
      "ram": 2048,
      "cpu": 1,
      "ephemeral_disk": 16384,
      "builtin": true
      }
  ]
}

HTTP Request

GET /api/v0/vm_types

When not overridden by custom types, this endpoint returns all the default VM types for your IaaS

If you are on AWS, you will see an additional boolean field raw_instance_storage per vm_type.

Deleting all custom VM types

curl "https://example.com/api/v0/vm_types" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -d ''
Example Response
HTTP/1.1 200 OK

HTTP Request

DELETE /api/v0/vm_types

This will remove all custom vm_types that have been created.

Overriding defaults with custom VM types

curl "https://example.com/api/v0/vm_types" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "vm_types": [
            {
              "name": "mytype",
              "cpu": 1,
              "ram": 1024,
              "ephemeral_disk": 1024
            },
            {
              "name": "bigger",
              "cpu": 2,
              "ram": 2048,
              "ephemeral_disk": 2048
            }
          ]
        }'
Example Response
HTTP/1.1 200 OK
{
  "vm_types": [
    {
      "name": "mytype",
      "cpu": 1,
      "ram": 1024,
      "ephemeral_disk": 1024
    },
    {
      "name": "bigger",
      "cpu": 2,
      "ram": 2048,
      "ephemeral_disk": 2048
    }
  ]
}

HTTP Request

PUT /api/v0/vm_types

When overridden, the default types will be replaced by operator provided sizes. Operators can repeatedly update the list of available sizes, and any jobs using no-longer-available-sizes will be returned to the default of “automatic”.

AWS vm_types also have a raw_instance_storage boolean field. If you are on AWS, you can optionally provide one under each vm_type in your request body. If you do not supply it, it defaults to false.

Installation Asset Collection

Exporting an installation asset collection

curl "https://example.com/api/v0/installation_asset_collection" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

GET /api/v0/installation_asset_collection

Resetting an installation

curl "https://example.com/api/v0/installation_asset_collection" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
"errands": {
    "product_1_guid": {
      "run_pre_delete": {
        "errand_a": true,
        "errand_b": false,
        "errand_c": "default"
      }
    }
  }
}'
Example Response
HTTP/1.1 200 OK
{
  "install": {
    "id": 12
  }
}

HTTP Request

DELETE /api/v0/installation_asset_collection

This endpoint allows you to return your Ops Manager to its initial state. All products and BOSH configuration settings will be lost. Files uploaded or downloaded to the “Available Products” namespace will continue to be available. Hitting this endpoint does not reset your UAA login server and only affects Ops Manager, BOSH, and products installed on them.

Query Parameters

Parameter Description
errands Hash of products with their enabled errands to run before deleting (Optional)

Errands support the following states for pre delete:
  • true
  • false
  • “default”

Importing an installation asset collection

curl "https://example.com/api/v0/installation_asset_collection" \
    -X POST \
    -F 'installation[file]=@/path/to/installation.zip' \
    -F 'passphrase=example-passphrase'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/installation_asset_collection

Ops Manager is now protected by Cloud Foundry UAA for security and multi-user support.

When upgrading from a pre 1.7 version of Ops Manager, a username is automatically created for you, and is set to “admin”. Your password is unchanged. If you are importing a 1.7 or newer installation of Ops Manager, both the username and the password are carried over to the new installation.

In addition to usernames and passwords, Ops Manager will prompt users for a common decryption passphrase upon reboot. The decryption passphrase is currently the same as your password. Change the decryption passphrase before sharing it with other users.

Certificate Authorities

Listing the Root Certificate Authorities

curl "https://example.com/api/v0/certificate_authorities" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "certificate_authorities": [
    {
      "guid": "f7bc18f34f2a7a9403c3",
      "issuer": "Pivotal",
      "created_on": "2017-01-09",
      "expires_on": "2021-01-09",
      "active": true,
      "cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgI....etc"
    }
  ]
}

HTTP Request

GET /api/v0/certificate_authorities

This endpoint returns all of the root certificate authorities for OpsManager. The “active” certificate will be used for generating all certs which OpsManager generates.

Create Root Certificate Authorities

curl "https://example.com/api/v0/certificate_authorities" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwI...", "private_key_pem": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCA..."}'
Example Response
HTTP/1.1 200 OK
{
  "guid": "f7bc18f34f2a7a9403c3",
  "issuer": "Pivotal",
  "created_on": "2017-01-19",
  "expires_on": "2021-01-19",
  "active": false,
  "cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNzAxMTgyMTQyMjVaFw0yMTAxMTkyMTQyMjVa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAyV4OhPIIZTEym9OcdcNVip9Ev0ijPPLo9WPLUMzT\nIrpDx3nG/TgD+DP09mwVXfqwBlJmoj9DqRED1x/6bc0Ki/BAFo/P4MmOKm3QnDCt\no+4RUvLkQqgA++2HYrNTKWJ5fsXmERs8lK9AXXT7RKXhktyWWU3oNGf7zo0e3YKp\nl07DdIW7h1NwIbNcGT1AurIDsxyOZy1HVzLDPtUR2MxhJmSCLsOw3qUDQjatjXKw\n82RjcrswjG3nv2hvD4/aTOiHuKM3+AGbnmS2MdIOvFOh/7Y79tUp89csK0gs6uOd\nmyfdxzDihe4DcKw5CzUTfHKNXgHyeoVOBPcVQTp4lJp1iQIDAQABo0IwQDAdBgNV\nHQ4EFgQUyH4y7VEuImLStXM0CKR8uVqxX/gwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBALmHOPxdyBGnuR0HgR9V4TwJ\ntnKFdFQJGLKVT7am5z6G2Oq5cwACFHWAFfrPG4W9Jm577QtewiY/Rad/PbkY0YSY\nrehLThKdkrfNjxjxI0H2sr7qLBFjJ0wBZHhVmDsO6A9PkfAPu4eJvqRMuL/xGmSQ\ntVkzgYmnCynMNz7FgHyFbd9D9X5YW8fWGSeVBPPikcONdRvjw9aEeAtbGEh8eZCP\naBQOgsx7b33RuR+CTNqThXY9k8d7/7ba4KVdd4gP8ynFgwvnDQOjcJZ6Go5QY5HA\nR+OgIzs3PFW8pAYcvWrXKR0rE8fL5o9qgTyjmO+5yyyvWIYrKPqqIUIvMCdNr84=\n-----END CERTIFICATE-----\n"
}

HTTP Request

POST /api/v0/certificate_authorities

This endpoint creates a root certificate authority using the provided certificate pem and private key pem. It will be marked as inactive initially.

Rotate Certificates

curl "https://example.com/api/v0/certificate_authorities/active/regenerate" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/certificate_authorities/active/regenerate

This endpoint enables the rotation of the non-configurable certificates. A POST to this endpoint (see example above) will delete all non-configurable certificates. They will then be regenerated using the ACTIVE CA Cert upon the next apply changes or the next time a manifest is generated.

Generate Root Certificate Authorities

curl "https://example.com/api/v0/certificate_authorities/generate" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{}'
Example Response
HTTP/1.1 200 OK
{
  "guid": "f7bc18f34f2a7a9403c3",
  "issuer": "Pivotal",
  "created_on": "2017-01-19",
  "expires_on": "2021-01-19",
  "active": false,
  "cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNzAxMTgyMTQyMjVaFw0yMTAxMTkyMTQyMjVa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAyV4OhPIIZTEym9OcdcNVip9Ev0ijPPLo9WPLUMzT\nIrpDx3nG/TgD+DP09mwVXfqwBlJmoj9DqRED1x/6bc0Ki/BAFo/P4MmOKm3QnDCt\no+4RUvLkQqgA++2HYrNTKWJ5fsXmERs8lK9AXXT7RKXhktyWWU3oNGf7zo0e3YKp\nl07DdIW7h1NwIbNcGT1AurIDsxyOZy1HVzLDPtUR2MxhJmSCLsOw3qUDQjatjXKw\n82RjcrswjG3nv2hvD4/aTOiHuKM3+AGbnmS2MdIOvFOh/7Y79tUp89csK0gs6uOd\nmyfdxzDihe4DcKw5CzUTfHKNXgHyeoVOBPcVQTp4lJp1iQIDAQABo0IwQDAdBgNV\nHQ4EFgQUyH4y7VEuImLStXM0CKR8uVqxX/gwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBALmHOPxdyBGnuR0HgR9V4TwJ\ntnKFdFQJGLKVT7am5z6G2Oq5cwACFHWAFfrPG4W9Jm577QtewiY/Rad/PbkY0YSY\nrehLThKdkrfNjxjxI0H2sr7qLBFjJ0wBZHhVmDsO6A9PkfAPu4eJvqRMuL/xGmSQ\ntVkzgYmnCynMNz7FgHyFbd9D9X5YW8fWGSeVBPPikcONdRvjw9aEeAtbGEh8eZCP\naBQOgsx7b33RuR+CTNqThXY9k8d7/7ba4KVdd4gP8ynFgwvnDQOjcJZ6Go5QY5HA\nR+OgIzs3PFW8pAYcvWrXKR0rE8fL5o9qgTyjmO+5yyyvWIYrKPqqIUIvMCdNr84=\n-----END CERTIFICATE-----\n"
}

HTTP Request

POST /api/v0/certificate_authorities/generate

This endpoint generates an additional root certificate authority. It will be marked as inactive initially.

Activate a Root Certificate Authority

curl "https://example.com/api/v0/certificate_authorities/example-cert-guid/activate" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/certificate_authorities/:certificate_authority_guid/activate

This endpoint will make the specified root certificate authority active, and all others inactive.

Deleting a Root Certificate Authority

curl "https://example.com/api/v0/certificate_authorities/:guid" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

DELETE /api/v0/certificate_authorities/:certificate_authority_guid

This endpoint will delete a specific certificate authority OpsManager. Only “inactive” certificates can be deleted.

ADVANCED

UAA Settings

Viewing token expiration times

curl "https://example.com/api/v0/uaa/tokens_expiration" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "tokens_expiration": {
    "access_token_expiration": 100,
    "refresh_token_expiration": 1200
  }
}

HTTP Request

GET /api/v0/uaa/tokens_expiration

This endpoint allows you to view the currently set expiration times for UAA access and refresh tokens.

Changing token expiration times

curl "https://example.com/api/v0/uaa/tokens_expiration" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"tokens_expiration": {"access_token_expiration": 200, "refresh_token_expiration": 1400}}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/uaa/tokens_expiration

Changes the current access & refresh token expirations for Ops Manager UAA and restarts the UAA

Query Parameters

Parameter Description
tokens_expiration[access_token_expiration] Time in seconds until the access token expires
tokens_expiration[refresh_token_expiration] Time in seconds until the refresh token expires

RBAC Settings

Enabling Role-Based Access Controls (RBAC)

curl "https://example.com/api/v0/settings/rbac" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/settings/rbac

This endpoint allows you to enable Role-Based Access Controls (RBAC) for Ops Manager. Once Role Based Access Control has been enabled, the action cannot be undone. After enabling RBAC, only the Ops Manager’s Admin user will be able to log in. The admin user can then configure the access controls for other users.

Setting the SAML RBAC Configuration

curl "https://example.com/api/v0/settings/rbac" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"rbac_saml_admin_group": "example_group_name", "rbac_saml_groups_attribute": "example_attribute_name"}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/settings/rbac

When enabling RBAC for an Ops Manager which is configured to use SAML authentication, there are two additional required settings. You can use this API to configure these settings before enabling RBAC.

This endpoint is only available when you are using SAML authentication.

The rbac_saml_admin_group parameter should be the name of the group which is defined in your SAML server. Any user in this group will be granted admin privileges when they log in to Ops Manager. If you are not a member of this group, you will no longer be able to log in to Ops Manager after enabling RBAC.

The rbac_saml_groups_attribute parameter should be the name of the XML attribute which your SAML server uses to communicate users’ group membership in SAML assertions. You may need to configure your SAML server to enable sending group membership at this attribute name. Please refer to your SAML server documentation for more information as there is no standard method for doing this.

Query Parameters

Parameter Description
rbac_saml_admin_group The name of the SAML group that contains all of the Ops Manager administrators
rbac_saml_groups_attribute The groups attribute tag name with which you configured the SAML server

Custom Banner Settings

Getting the Custom Banners

curl "https://example.com/api/v0/settings/banner" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"ui_banner_contents": "This is my custom banner text."
}

HTTP Request

GET /api/v0/settings/banner

Get the current value of the custom banner text.

The ui_banner_contents text will be shown in a banner in the Operations Manager web UI on every page. By default this is null which means that no banner will be shown.

Setting the Custom Banners

curl "https://example.com/api/v0/settings/banner" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{"ui_banner_contents": "This is my custom banner text."}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/settings/banner

Set the values of custom banners.

Query Parameters

Parameter Description
ui_banner_contents This text will be shown in a banner in the Operations Manager web UI on every page. By default this is null which means that no banner will be shown.

Custom Syslog Settings

Getting the Syslog

curl "https://example.com/api/v0/settings/syslog" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response when it is configured
HTTP/1.1 200 OK
{
  "syslog": {
    "enabled": true,
    "address": "1.2.3.4",
    "port": "514",
    "transport_protocol": "tcp",
    "tls_enabled": true,
    "permitted_peer": "*.example.com",
    "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
  }
}
Example Response when it is not configured
HTTP/1.1 200 OK
{
  "syslog": {
    "enabled": false,
    "address": null,
    "port": null,
    "transport_protocol": null,
    "tls_enabled": false,
    "permitted_peer": null,
    "ssl_ca_certificate": null
  }
}

HTTP Request

GET /api/v0/settings/syslog

Get the current Syslog configuration for OpsManager.

Updating the Syslog configuration

Example Request to update address
curl "https://example.com/api/v0/settings/syslog" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "syslog": {
            "enabled": true,
            "address": "5.6.7.8",
            "port": "514",
            "transport_protocol": "tcp",
            "tls_enabled": true,
            "permitted_peer": "*.example.com",
            "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
          }
        }'
Example Response
HTTP/1.1 200 OK
{
  "syslog": {
    "enabled": true,
    "address": "5.6.7.8",
    "port": "514",
    "transport_protocol": "tcp",
    "tls_enabled": true,
    "permitted_peer": "*.example.com",
    "ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
  }
}
Example Request with missing tls parameters
curl "https://example.com/api/v0/settings/syslog" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{
          "syslog": {
            "enabled": true,
            "address": "5.6.7.8",
            "port": "514",
            "transport_protocol": "tcp",
            "tls_enabled": true
          }
        }'
Example Response
HTTP/1.1 422 Unprocessible Entity
{
  "errors": {
    "syslog": {
      "ssl_ca_certificate": [
        "can't be blank"
      ],
      "permitted_peer": [
        "can't be blank"
      ]
     }
  }
}

HTTP Request

PUT /api/v0/settings/syslog

Set the values of the current Syslog configuration for OpsManager.

Custom SSL Certificate Settings

Getting the SSL Certificate

curl "https://example.com/api/v0/settings/ssl_certificate" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response when it is configured
HTTP/1.1 200 OK
{
  "ssl_certificate": {
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
  }
}
Example Response when it is not configured
HTTP/1.1 200 OK
{
  "ssl_certificate": {
    "certificate": null
  }
}

HTTP Request

GET /api/v0/settings/ssl_certificate

Get the current custom SSL certificate for OpsManager.

Updating the SSL Certificate

curl "https://example.com/api/v0/settings/ssl_certificate" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response when it is valid
HTTP/1.1 200 OK
{
  "ssl_certificate": {
    "certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
    "private_key": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIBswoijfsA..."
  }
}
Example Response when it is not valid
HTTP/1.1 422 Unprocessible Entity
{
  "errors": {
    "ssl_certificate": {
      "certificate": ["is invalid"]
    }
  }
}

HTTP Request

PUT /api/v0/settings/ssl_certificate

Set the values for the custom SSL certificate for OpsManager.

Deleting the SSL Certificate

curl "https://example.com/api/v0/settings/ssl_certificate" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

DELETE /api/v0/settings/ssl_certificate

Remove the custom SSL certificate for OpsManager and revert to the provided self-signed SSL certificate.

Metadata

Migrating metadata

curl "https://example.com/api/v0/metadata/migrate" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -F 'metadata[file]=@/path/to/component-type1.yml'
Example Response
HTTP/1.1 200 OK
{
  "metadata": "---\nname: component-type1\nproduct_version: 1.0.0.0\nmetadata_version: '1.7'\nreleases:\n- name: component-type1-release-name\n  file: component-type1-release-file\n  version: component-type1-release-version\n  md5: component-type1-release-md5\nlabel: component-type1-label\ndescription: component-type1-description\nrank: 1\nprovides_product_versions:\n- name: component-type1\n  version: 1.0.0.0\nrequires_product_versions:\n- name: component-type2\n  version: \"~> 1.0.0\"\nserial: true\nform_types:\n- name: job-type1\n  label: job-type1-label\n  description: job-type1-description\n  property_inputs:\n  - reference: \".job-type1.property-definition1\"\n    label: property-definition1-label\n- name: job-type3\n  label: job-type3-label\n  description: job-type3-description\n  property_inputs:\n  - reference: \".job-type3.http-url\"\n    label: HTTP URL\n  - reference: \".job-type3.domain\"\n    label: Domain\n  - reference: \".job-type3.ip-ranges\"\n    label: IP Ranges\n  - reference: \".job-type3.ip-address\"\n    label: IP Address\n  - reference: \".job-type3.email\"\n    label: E-mail\n  - reference: \".job-type3.port\"\n    label: Port\n  - reference: \".job-type3.integer\"\n    label: Integer\n  - reference: \".job-type3.boolean\"\n    label: Boolean\n  - reference: \".job-type3.string\"\n    label: String\n  - reference: \".job-type3.smtp-authentication\"\n    label: SMTP Authentication\n  - reference: \".job-type3.network-address\"\n    label: Network Address\n  - reference: \".job-type3.simple-credentials\"\n    label: Simple credentials\n  - reference: \".job-type3.rsa-cert-credentials\"\n    label: RSA PEM and Certificate\n  - reference: \".job-type3.ca-certificate\"\n    label: CA Certificate PEM\n  - reference: \".job-type3.checkboxes\"\n    label: Checkboxes\n  - reference: \".job-type3.erlang-config\"\n    label: Erlang Configuration\njob_types:\n- name: job-type1\n  resource_label: job-type1-resource-label\n  resource_definitions:\n  - name: ram\n    type: integer\n    label: RAM\n    configurable: true\n    default: 1\n  - name: ephemeral_disk\n    type: integer\n    label: Ephemeral Disk\n    configurable: true\n    default: 2\n  - name: persistent_disk\n    type: integer\n    label: Persistent Disk\n    configurable: true\n    default: 3\n    constraints:\n      min: 1\n  - name: cpu\n    type: integer\n    label: CPU\n    configurable: true\n    default: 4\n  static_ip: 1\n  dynamic_ip: 0\n  max_in_flight: 1\n  property_blueprints:\n  - name: property-definition1\n    type: domain\n    configurable: true\n  - name: property-definition2\n    type: string\n    configurable: false\n  - name: property-definition3\n    type: secret\n    configurable: false\n  manifest: |\n    job_name: job-type1\n    properties:\n      property1: (( property-definition1.value ))\n      property2: (( .job-type1.property-definition2.typed_value.value ))\n      property3: (( .job-type1.property-definition3.typed_value.value ))\n  templates:\n  - name: job-type1-template\n    release: component-type1-release-name\n  instance_definition:\n    configurable: true\n    default: 1\n  single_az_only: false\n- name: job-type2\n  resource_label: job-type2-resource-label\n  resource_definitions:\n  - name: ram\n    type: integer\n    label: RAM\n    configurable: true\n    default: 1024\n  - name: ephemeral_disk\n    type: integer\n    label: Ephemeral Disk\n    configurable: true\n    default: 2048\n  - name: persistent_disk\n    type: integer\n    label: Persistent Disk\n    configurable: true\n    default: 8192\n    constraints:\n      min: 1\n  - name: cpu\n    type: integer\n    label: CPU\n    configurable: true\n    default: 1\n  static_ip: 1\n  dynamic_ip: 0\n  max_in_flight: 1\n  property_blueprints: []\n  manifest: |\n    job_name: job-type2\n  templates:\n  - name: job-type2-template\n    release: component-type1-release-name\n  instance_definition:\n    default: 1\n  single_az_only: false\n- name: job-type3\n  resource_label: job-type3-resource-label\n  resource_definitions:\n  - name: ram\n    type: integer\n    label: RAM\n    configurable: true\n    default: 1024\n  - name: ephemeral_disk\n    type: integer\n    label: Ephemeral Disk\n    configurable: true\n    default: 2048\n  - name: persistent_disk\n    type: integer\n    label: Persistent Disk\n    configurable: true\n    default: 8192\n    constraints:\n      min: 1\n  - name: cpu\n    type: integer\n    label: CPU\n    configurable: true\n    default: 1\n  static_ip: 1\n  dynamic_ip: 0\n  max_in_flight: 1\n  property_blueprints:\n  - name: http-url\n    type: http_url\n    configurable: true\n    default: http://default.example.com\n  - name: domain\n    type: domain\n    configurable: true\n    default: default.domain.com\n  - name: ip-ranges\n    type: ip_ranges\n    configurable: true\n    default: 1.2.3.4-1.2.3.10,2.3.4.5-2.3.4.9\n  - name: ip-address\n    type: ip_address\n    configurable: true\n    default: 1.2.3.4\n  - name: email\n    type: email\n    configurable: true\n    default: email@example.com\n  - name: port\n    type: port\n    configurable: true\n    default: 80\n  - name: integer\n    type: integer\n    configurable: true\n    default: 32\n    constraints:\n      min: 1\n      max: 32\n  - name: boolean\n    type: boolean\n    configurable: true\n    default: false\n  - name: string\n    type: string\n    configurable: true\n    default: Some Text\n  - name: smtp-authentication\n    type: smtp_authentication\n    configurable: true\n    default: cram_md5\n  - name: network-address\n    type: network_address\n    configurable: true\n    default: 1.2.3.4\n  - name: simple-credentials\n    type: simple_credentials\n    configurable: true\n  - name: rsa-cert-credentials\n    type: rsa_cert_credentials\n    optional: true\n    configurable: true\n  - name: ca-certificate\n    type: ca_certificate\n    optional: true\n    configurable: true\n  - name: checkboxes\n    type: multi_select_options\n    configurable: true\n    optional: true\n    options:\n    - name: checkbox1\n      label: Checkbox 1\n    - name: checkbox2\n      label: Checkbox 2\n    - name: checkbox3\n      label: Checkbox 3\n  - name: erlang-config\n    type: text\n    configurable: true\n    optional: true\n  manifest: |\n    job_name: job-type3\n  templates:\n  - name: job-type3-template\n    release: component-type1-release-name\n  instance_definition:\n    default: 1\n  single_az_only: false\n- name: compilation\n  resource_label: compilation-resource-label\n  resource_definitions:\n  - name: ram\n    type: integer\n    label: RAM\n    configurable: true\n    default: 1024\n  - name: ephemeral_disk\n    type: integer\n    label: Ephemeral Disk\n    configurable: true\n    default: 2048\n  - name: persistent_disk\n    type: integer\n    label: Persistent Disk\n    configurable: true\n    default: 8192\n    constraints:\n      min: 1\n  - name: cpu\n    type: integer\n    label: CPU\n    configurable: true\n    default: 1\n  static_ip: 1\n  dynamic_ip: 0\n  max_in_flight: 1\n  instance_definition:\n    default: 1\n  single_az_only: false\noriginal_metadata_version: '1.6'\ndeprecated_tile_image: component-type1-image\nicon_image: \nstemcell_criteria:\n  os: ubuntu-trusty\n  version: '9000'\nminimum_version_for_upgrade: 0.0.0.0\n"
}

HTTP Request

POST /api/v0/metadata/migrate

Query Parameters

Parameter Description
metadata[file] Metadata file

Manifests

Generating a manifest for a staged product

curl "https://example.com/api/v0/staged/products/component-type1-guid/manifest" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "manifest": {
    "name": "component-type1-installation-name",
    "releases": [
      {
        "name": "release-17",
        "version": "2"
      }
    ],
    "networks": [
      {
        "name": "net-subnet-guid",
        "subnets": [
          {
            "range": "192.168.163.0/24",
            "gateway": "192.168.163.2",
            "dns": [
              "192.168.163.1"
            ],
            "static": [

            ],
            "reserved": [
              "192.168.163.1",
              "192.168.163.3-192.168.163.7",
              "192.168.163.9-192.168.163.254"
            ],
            "cloud_properties": {
              "name": "vsphere-network"
            }
          }
        ]
      }
    ],
    "resource_pools": [

    ],
    "compilation": {
      "reuse_compilation_vms": true,
      "workers": 1,
      "network": "net-subnet-guid",
      "cloud_properties": {
        "ram": 1024,
        "disk": 2048,
        "cpu": 1,
        "datacenters": [
          {
            "clusters": [
              {
                "vsphere-cluster": {
                }
              }
            ]
          }
        ]
      }
    },
    "update": {
      "canaries": 1,
      "canary_watch_time": "30000-300000",
      "update_watch_time": "30000-300000",
      "max_in_flight": 1,
      "max_errors": 2,
      "serial": false
    },
    "jobs": [

    ],
    "disk_pools": [

    ]
  }
}

HTTP Request

GET /api/v0/staged/products/:product_guid/manifest

To view the manifest for a product, replace :product_guid with the appropriate guid.

Retrieving manifest for a deployed product

curl "https://example.com/api/v0/deployed/products/component-type1-guid/manifest" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "name": "component-type1-installation-name",
  "releases": [
    {
      "name": "component-type1-release-name",
      "version": "component-type1-release-version"
    }
  ],
  "networks": [
    {
      "name": "default",
      "subnets": [
        {
          "range": "192.168.163.0/24",
          "gateway": "192.168.163.2",
          "dns": [
            "192.168.163.3",
            "192.168.163.1"
          ],
          "static": [
            "192.168.163.4",
            "192.168.163.5",
            "192.168.163.6",
            "192.168.163.7"
          ],
          "reserved": [
            "192.168.163.1",
            "192.168.163.3",
            "192.168.163.10-192.168.163.100",
            "192.168.163.103-192.168.163.254"
          ],
          "cloud_properties": {
            "name": "vsphere-network"
          }
        }
      ]
    }
  ],
  "resource_pools": [
    {
      "name": "job-type1-installation-name",
      "stemcell": {
        "name": "component-type1-stemcell-name",
        "version": "component-type1-stemcell-version"
      },
      "network": "default",
      "size": 1,
      "cloud_properties": {
        "ram": 1,
        "disk": 2,
        "cpu": 4,
        "datacenters": [
          {
            "clusters": [
              {
                "vsphere-cluster": {
                  "resource_pool": null
                }
              }
            ]
          }
        ]
      },
      "env": {
        "bosh": {
          "password": "example-vm-password-hashed"
        }
      }
    },
    {
      "name": "job-type2-installation-name",
      "stemcell": {
        "name": "component-type1-stemcell-name",
        "version": "component-type1-stemcell-version"
      },
      "network": "default",
      "size": 1,
      "cloud_properties": {
        "ram": 1024,
        "disk": 2048,
        "cpu": 1,
        "datacenters": [
          {
            "clusters": [
              {
                "vsphere-cluster": {
                  "resource_pool": null
                }
              }
            ]
          }
        ]
      },
      "env": {
        "bosh": {
          "password": "example-vm-password-hashed"
        }
      }
    },
    {
      "name": "job-type3-installation-name",
      "stemcell": {
        "name": "component-type1-stemcell-name",
        "version": "component-type1-stemcell-version"
      },
      "network": "default",
      "size": 1,
      "cloud_properties": {
        "ram": 1024,
        "disk": 2048,
        "cpu": 1,
        "datacenters": [
          {
            "clusters": [
              {
                "vsphere-cluster": {
                  "resource_pool": null
                }
              }
            ]
          }
        ]
      },
      "env": {
        "bosh": {
          "password": "example-vm-password-hashed"
        }
      }
    }
  ],
  "compilation": {
    "workers": 1,
    "network": "default",
    "cloud_properties": {
      "ram": 1024,
      "disk": 2048,
      "cpu": 1
    }
  },
  "update": {
    "canaries": 1,
    "canary_watch_time": "30000-300000",
    "update_watch_time": "30000-300000",
    "max_in_flight": 1,
    "max_errors": 2,
    "serial": false
  },
  "jobs": [
    {
      "name": "job-type1-installation-name",
      "template": "job-type1-template",
      "release": "component-type1-release-name",
      "lifecycle": "service",
      "resource_pool": "job-type1-installation-name",
      "instances": 1,
      "persistent_disk": 3,
      "networks": [
        {
          "name": "default",
          "static_ips": [
            "192.168.163.4"
          ],
          "default": [
            "dns",
            "gateway"
          ]
        }
      ],
      "update": {
        "max_in_flight": 5,
        "canaries": 2,
        "serial": false
      },
      "properties": {
        "job_name": "job-type1"
      }
    },
    {
      "name": "job-type2-installation-name",
      "template": "job-type2-template",
      "release": "component-type1-release-name",
      "lifecycle": "service",
      "resource_pool": "job-type2-installation-name",
      "instances": 1,
      "persistent_disk": 8192,
      "networks": [
        {
          "name": "default",
          "static_ips": [
            "192.168.163.5"
          ],
          "default": [
            "dns",
            "gateway"
          ]
        }
      ],
      "update": {
        "max_in_flight": 1
      },
      "properties": {
        "job_name": "job-type2"
      }
    },
    {
      "name": "job-type3-installation-name",
      "template": "job-type3-template",
      "release": "component-type1-release-name",
      "lifecycle": "service",
      "resource_pool": "job-type3-installation-name",
      "instances": 1,
      "persistent_disk": 8192,
      "networks": [
        {
          "name": "default",
          "static_ips": [
            "192.168.163.6"
          ],
          "default": [
            "dns",
            "gateway"
          ]
        }
      ],
      "update": {
        "max_in_flight": 1
      },
      "properties": {
        "job_name": "job-type3"
      }
    }
  ]
}

HTTP Request

GET /api/v0/deployed/products/:product_guid/manifest

To view the manifest for a product, replace :product_guid with the appropriate guid.

Base Release URL

Get active base releases url

curl "https://example.com/api/v0/staged/products/product-type1-guid/base_releases_url" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "base_releases_url": "https://example.com/releases"
}

HTTP Request

GET /api/v0/staged/products/:id/base_releases_url

Light tiles contain pointers to installation binaries and these pointers can be changed in circumstances where the default location is inaccessible (e.g. in an airgapped or firewalled network).

Update active base releases url

curl "https://example.com/api/v0/staged/products/product-type1-guid/base_releases_url" \
    -X PUT \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{ "base_releases_url": "https://mirror.example.com/releases" }'
Example Response
HTTP/1.1 200 OK
{
  "base_releases_url": "https://mirror.example.com/releases"
}

HTTP Request

PUT /api/v0/staged/products/:id/base_releases_url

When base_releases_url is set, the default pointers are ignored and BOSH attempts to download releases from the location specified.

Query Parameters

Parameter Description
base_releases_url New base releases url

Reset active base releases url

Resets to the default specified in the product template.

curl "https://example.com/api/v0/staged/products/product-type1-guid/base_releases_url" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "base_releases_url": "https://example.com/releases"
}

HTTP Request

DELETE /api/v0/staged/products/:id/base_releases_url

Sessions

Logging out all active users

Only one user can be active in PCF Ops Manager at a time. For API users, we consider a user to be active during the period between their last request and when their token expires. This endpoint will make inactive all API users and log out all UI users, including yourself, allowing a new user to log in or make API requests.

curl "https://example.com/api/v0/sessions" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

DELETE /api/v0/sessions

Fetching the current session

The session information for the current API user can be retrieved from this endpoint. This information includes the current username and permissions.

curl "https://example.com/api/v0/sessions/current" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "session": {
    "username": "admin-user",
    "permissions": {
      "can_write": true
    }
  }
}

HTTP Request

GET /api/v0/sessions/current

Unlock

Unlocking with the encryption passphrase

When the application reboots after initial setup, it requires an operator to enter the decryption passphrase once to unlock its internal datastore.

curl "https://example.com/api/v0/unlock" \
    -X PUT \
    -H "Content-Type: application/json" \
    -d '{"passphrase": "example-passphrase"}'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

PUT /api/v0/unlock

Query Parameters

Parameter Description
passphrase Decryption passphrase

Security

Returning the Root CA Certificate

This returns the public key of the Root CA Certificate

curl "https://example.com/api/v0/security/root_ca_certificate" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "root_ca_certificate_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNjA0MTExNTE0NTFaFw0yMDA0MTIxNTE0NTFa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAru6dVTEFWsA0SNg2peiQVOcDu/xM9RtKc8YOqio6\nTsouA5pMHbGtvHOYVhuYZZPsN3X5mTdPOb27y3mgyw/eRrN6ycTMmYG9MLZUBNu7\nAUe+JKjupS5h73Txo62nkRUeDpf+4w+ZrMDwQqjeWZ6+FusVyyo+DrP88jRiymxy\nl/XBqBrfs40Sq8plwP42hZI6fGSdtAGbWIGmha3vwvrlaWpkyfBUOdvf2aLVlu8u\nTpzyTQ6fOnjTNP3KolKPUzvOhmRDBEC02jGy7oNvJR67bd0ZbPJzqepHFgrFmB/Z\n5zAyL08EoGD2eb3J3KRqMrSGC75CO/n490iT32kQ92EMxwIDAQABo0IwQDAdBgNV\nHQ4EFgQU23Zk5rl6JqAVIyyn7c5kHpqU2vQwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAEFSudPNo5j86kpN/qXDyNpS\ndW+ERkBi+5HY56LG68V2Xp4B/L/rLCqMeS8kSWcTp+lA5mgciwgZbBlqHF+/Rvet\nuoLNz7L/HC1zadhjmj9bWnkoiXdrQFlTXasW7nmB81gZr2VDhRchsstGiVSTST2v\n7YjHC34GGHC6wqXXhtb85kGQQmwwh1K3snzreHrlf7O/mKVkTKcMBRHOWTuFUCOM\nPPx/ZdKGHd/6lBUaKJOJxr+5S8+DW6NORduxZn+N9QiK8fvGZIFzU8Xd6cr2iWSz\nVElVm2rLaHK1Z/WYqUEsLwJGDbaS7+g8D8InZteKh4DNIQIK+e1rt5rDMl8sbsI=\n-----END CERTIFICATE-----\n"
}

HTTP Request

GET /api/v0/security/root_ca_certificate

Certificates

Generating New Certificates

This returns a new RSA public/private certificate signed by Ops Manager’s root CA certificate. The returned certificate is not stored by Ops Manager. The domain(s) specified in the request must be valid domain names and must be wildcard domains.

curl "https://example.com/api/v0/certificates/generate" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{ "domains": ["*.example.com", "*.sub.example.com"] }'
Example Response
HTTP/1.1 200 OK
{
  "certificate": "-----BEGIN CERTIFICATE-----\nMIIDTzCCAjegAw...\n-----END CERTIFICATE-----\n",
  "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQ...\n-----END RSA PRIVATE KEY-----\n"
}

HTTP Request

POST /api/v0/certificates/generate

Getting Information About Certificates from Products

This returns information about all of the RSA and CA certificates for the deployed BOSH Director and the other deployed products. Any product properties of type “rsa_cert_credentials” or “ca_certificate” which have a certificate value will be included.

curl "https://example.com/api/v0/deployed/certificates?expires_within=5y" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "certificates": [
    {
      "issuer": "/C=US/O=Pivotal",
      "valid_from": "2017-02-23T19:31:00Z",
      "valid_until": "2019-02-23T19:31:00Z",
      "configurable": false,
      "property_reference": ".properties.director_ssl",
      "property_type": "rsa_cert_credentials",
      "product_guid": "p-bosh-47f3d0d7ef2f573fbc95"
    },
    {
      "issuer": "/C=US/O=Pivotal",
      "valid_from": "2017-02-23T19:31:00Z",
      "valid_until": "2019-02-23T19:31:00Z",
      "configurable": false,
      "property_reference": ".properties.director_uaa",
      "property_type": "rsa_cert_credentials",
      "product_guid": "p-bosh-47f3d0d7ef2f573fbc95"
    },
    {
      "issuer": "/C=US/O=Pivotal",
      "valid_from": "2017-02-23T19:31:00Z",
      "valid_until": "2019-02-23T19:31:00Z",
      "configurable": false,
      "property_reference": ".properties.director_agent_ssl",
      "property_type": "rsa_cert_credentials",
      "product_guid": "p-bosh-47f3d0d7ef2f573fbc95"
    },
    {
      "issuer": "/C=US/O=Pivotal",
      "valid_from": "2017-02-23T19:31:00Z",
      "valid_until": "2019-02-23T19:31:00Z",
      "configurable": false,
      "property_reference": ".properties.credhub_ssl",
      "property_type": "rsa_cert_credentials",
      "product_guid": "p-bosh-47f3d0d7ef2f573fbc95"
    },
    {
      "issuer": "/C=US/O=Pivotal",
      "valid_from": "2017-02-23T19:53:39Z",
      "valid_until": "2019-02-23T19:53:39Z",
      "configurable": false,
      "property_reference": ".web_server.generated_rsa_cert_credentials",
      "property_type": "rsa_cert_credentials",
      "product_guid": "example-product-80d0bf959909df5741ef"
    },
    {
      "issuer": "/C=US/O=Pivotal",
      "valid_from": "2017-02-23T19:52:52Z",
      "valid_until": "2019-02-23T19:52:52Z",
      "configurable": true,
      "property_reference": ".web_server.configured_rsa_cert_credentials",
      "property_type": "rsa_cert_credentials",
      "product_guid": "example-product-80d0bf959909df5741ef"
    }
  ]
}

HTTP Request

GET /api/v0/deployed/certificates?expires_within=5y

Query Parameters

The optional query parameter expires_within can handle the following values:

Unit Description Example
d days GET /api/v0/deployed/certificates?expires_within=2d
w weeks GET /api/v0/deployed/certificates?expires_within=3w
m months GET /api/v0/deployed/certificates?expires_within=4m
y years GET /api/v0/deployed/certificates?expires_within=5y

Diagnostic Report

Viewing the diagnostic report

Retrieve a diagnostic report with general information about the state of your Ops Manager.

curl "https://example.com/api/v0/diagnostic_report" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "versions": {
    "installation_schema_version": "2.0",
    "metadata_version": "2.0",
    "release_version": "2.0-build.8",
    "javascript_migrations_version": "v1"
  },
  "generation_time": "2016-04-22T18:06:46Z",
  "infrastructure_type": "vsphere",
  "director_configuration": {
    "bosh_recreate_on_next_deploy": false,
    "resurrector_enabled": false,
    "blobstore_type": "local",
    "max_threads": null,
    "database_type": "internal",
    "ntp_servers": [],
    "hm_pager_duty_enabled": false,
    "hm_emailer_enabled": false,
    "vm_password_type": "generate"
  },
  "releases": [
    "example-release-14.tgz",
  ],
  "stemcells": [
    "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
  ],
  "product_templates": [
    "e08002f028a5.yml"
  ],
  "added_products": {
    "deployed": [],
    "staged": [
      {
        "name": "p-bosh",
        "version": "2.0.pre.build.8",
        "stemcell": "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz"
      },
      {
        "name": "example-product",
        "version": "1.0.0.0-alpha",
        "stemcell": "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz"
      }
    ]
  }
}

HTTP Request

GET /api/v0/diagnostic_report

Staged BOSH Director

Fetching a manifest

curl "https://example.com/api/v0/staged/director/manifest" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "manifest": {
    "name": "p-bosh-installation-name",
    "releases": [
      {
        "name": "bosh",
        "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/internal_releases/bosh"
      },
      {
        "name": "bosh-vsphere-cpi",
        "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/internal_releases/cpi"
      },
      {
        "name": "uaa",
        "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/internal_releases/uaa"
      }
    ],
    "networks": [
      {
        "name": "default",
        "type": "manual",
        "subnets": [
          {
            "netmask": "255.255.255.0",
            "dns": [
              "192.168.163.1"
            ],
            "gateway": "192.168.163.2",
            "range": "192.168.163.0/24",
            "cloud_properties": {
              "name": "vsphere-network"
            }
          }
        ]
      }
    ],
    "disk_pools": [
      {
        "name": "director_disk_pool",
        "disk_size": 51200,
        "cloud_properties": {
          "type": "thin"
        }
      }
    ],
    "resource_pools": [
      {
        "name": "director_resource_pool",
        "network": "default",
        "stemcell": {
          "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/stemcells/bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz"
        },
        "cloud_properties": {
          "cpu": 2,
          "disk": 51200,
          "ram": 4096,
          "datacenters": [
            {
              "name": "vsphere-datacenter",
              "clusters": [
                {
                  "vsphere-cluster": {
                  }
                }
              ]
            }
          ]
        },
        "env": {
          "bosh": {
            "password": "example-$6$vm-salt-12345687$nWtgnl1OMN2ZYBP4KhIrjuSAKJ968h43goOBQBBkaGX9vJlK2DL5QanzPSppfEogEIF7MzxFHR.6xLKVe1olr."
          }
        }
      }
    ],
    "jobs": [
      {
        "name": "bosh",
        "instances": 1,
        "templates": [
          {
            "name": "postgres",
            "release": "bosh"
          },
          {
            "name": "nats",
            "release": "bosh"
          },
          {
            "name": "director",
            "release": "bosh"
          },
          {
            "name": "health_monitor",
            "release": "bosh"
          },
          {
            "name": "uaa",
            "release": "uaa"
          },
          {
            "name": "vsphere_cpi",
            "release": "bosh-vsphere-cpi"
          },
          {
            "name": "blobstore",
            "release": "bosh"
          }
        ],
        "resource_pool": "director_resource_pool",
        "persistent_disk_pool": "director_disk_pool",
        "networks": [
          {
            "name": "default",
            "static_ips": [
              "192.168.163.3"
            ],
            "default": [
              "dns",
              "gateway"
            ]
          }
        ],
        "properties": {
          "env": {
          },
          "nats": {
            "address": "127.0.0.1",
            "user": "nats",
            "password": "example-nats-password"
          },
          "postgres": {
            "host": "127.0.0.1",
            "user": "postgres",
            "password": "example-postgres-password",
            "database": "bosh",
            "additional_databases": [
              "uaa"
            ],
            "adapter": "postgres"
          },
          "blobstore": {
            "address": "192.168.163.3",
            "port": 25250,
            "provider": "dav",
            "director": {
              "user": "blobstore",
              "password": "example-blobstore-password"
            },
            "agent": {
              "user": "blobstore",
              "password": "example-blobstore-password"
            }
          },
          "director": {
            "address": "192.168.163.3",
            "name": "p-bosh-installation-name",
            "cpi_job": "vsphere_cpi",
            "user_management": {
              "provider": "uaa",
              "uaa": {
                "url": "https://192.168.163.3:8443",
                "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
              }
            },
            "max_threads": 3,
            "db": {
              "host": "127.0.0.1",
              "user": "postgres",
              "password": "example-postgres-password",
              "database": "bosh",
              "additional_databases": [
                "uaa"
              ],
              "adapter": "postgres"
            },
            "trusted_certs": null,
            "ssl": {
              "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
              "cert": "-----BEGIN CERTIFICATE-----\nMIIC3zCCAcegAwIBAgIBADANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDESMBAGA1UEAwwJc29tZS1uYW1lMB4XDTEzMDcwOTIy\nMTI1MVoXDTE1MDcwOTIyMTI1MVowMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Bp\ndm90YWwxEjAQBgNVBAMMCXNvbWUtbmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBALny6vikcrf/3Do/Nq2Sh/ji8d8dhACUIOaf+ml2cWuRKuP6TcQC\nohbLBHlbm3l5QqD/lvz1EaSy168SVPIsy34sAcioYv+7oOIAHqS4gCVEb7AQrsKb\nZIFUmp7J9qCmkJtyImvViQUUJrWOSaQi3eCAh8uSHyelBNPdaHnj0k8WufKp6hzK\npAr6Xv8OgFSwjD0+XROiTyRpvsQoTm8/XtdhAFpwjTnqR9gxlXqzDqmBRzWduO/M\nyctwF9gtggUp31USmqo5fVC+nr1wh6a/JlbUETtcRhk8jR/FnAVHLSJC4+FZqhmK\nDcemvIfEJaKCNqhvytRLI01l+0p1pm8cqxUCAwEAATANBgkqhkiG9w0BAQUFAAOC\nAQEAru0hKd5gd1WDS6AUrIa8AYCWUrGHMd5P63FWB0KyUnfIDTX4tegHTF+olOxA\nkrR4IRVgFbu3u0pnURFn2N1Et4pZwvW9PEamwkIGHEpYmASOiUZqvrthx/WpUaeu\n+xQIWa1S140v4wa/27UTakAuR+GnA6StJSIRBEBa7hafqpeLGPugZVWRtY3m/OIF\nLICs2U2X8P86RMUWgdtM9//x3t6O7IJzhrSKRkZDmSWAv6EbS/aTpXOPpJFpJtT8\n0aETgAhauKhyp6CeajL3Nc3FfoIONK427VbfIGKJ1Qw7OwTA4N0VPpETiGN7KrfD\nU4mSCEKQ0cIypQAm9rkPboHfwg==\n-----END CERTIFICATE-----\n"
            }
          },
          "hm": {
            "director_account": {
              "ca_cert": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNjA0MTExNTE0NTJaFw0yMDA0MTIxNTE0NTJa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAqhDlqG9QlQB4jYA/gt4ed8kjLV4yW1RbUJzBazql\nmia5Y5en5X4Agb52pZ7gHQIvzbdXKlE+eWs1WtlcfoooUb7CNmFAQjwHRjQTNyzK\nwbPQLQpGQO4nmsLFq/lu2yn6HA7rTYuAGu94JkL1wuUWZMxqmi5huwRJLrV7c4Nh\nqBQL+0nuRdLtzEZrVefXiGKNaDy9+eZNzJJH9fT8sLniO4byM1ndSH+7tqAMpCac\n5RIjQkeYk00e2RtCmW76o9d/YLB2G2EeutOzDEIZgVMBHpL5WwMt/zo5WHT4Lnj0\nGvK9FZ9cNNOZy7/sOWDgv4NtyqDpT7h5hf/JR/fYBhvBvwIDAQABo0IwQDAdBgNV\nHQ4EFgQUJUWOCmGz0acVHqye2ceBjqlX/64wDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAD48E5CPJf5ihmNiFvHVypz5\nPvZn6QFMRaMjOTUvtOrd/V9jp6t8L8NxQOvTVoCab2247iQVxjjn9iStZgW1Umon\n4tYLkBlH6AV3mLrwJ1yTyuTC8CDUm4tGCcBYp1D2MOV/HhQjF4kQft9PA6fdOKeu\nWCpccLdedQlX/FK3lknw7lJ99DNV3MjFHlP7e0m2On/ArdpqdJNxii3PRYOR6d7x\nhYvX1EPUxBj+rGG4tBl5kdr0gs1bogGsnDaoIqXspCWX4xOPA/qGcNmDaA28hcr/\nzqYTHB1LdZyFRdjlc3SJHxmV3rGoa2mL9taMryvBpS0r+yZXjKIe/Sp/eCEhfLo=\n-----END CERTIFICATE-----\n",
              "user": "health_monitor",
              "password": "example-health_monitor"
            },
            "resurrector_enabled": false,
            "pagerduty_enabled": false,
            "pagerduty": {
              "service_key": null,
              "http_proxy": null
            },
            "email_notifications": false,
            "email_recipients": [

            ],
            "smtp": {
              "from": null,
              "host": null,
              "port": 25,
              "domain": null,
              "tls": false,
              "user": null,
              "password": null
            }
          },
          "agent": {
            "mbus": "nats://nats:example-nats-password@192.168.163.3:4222"
          },
          "ntp": [
            "us.pool.ntp.org"
          ],
          "login": {
            "protocol": "https",
            "branding": {
              "company_name": "Pivotal",
              "product_logo": "iVBORw0KGgoAAAANSUhEUgAAAfwAAAB0CAYAAABgxoASAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEpBJREFUeNrsnd1RG80ShsenfG+dCCxHYDkClggQESAiAKp0wxVwpRuqgAgQERgiYInAIgLri+DTyeCoNbNGBokfTc/OzO7zVAnwD6vd1my/3T2zPZ/MJoyG9/OvhUmP2fw1Wfr50f1cLv58fD4xOaJl7+PzTwYAAFrpoz83zOydZ0bvu+8n7kMxLiCYuGCgzDYIAAAAaLHgv4eee1WR2cxVAO5cADBlWAAAAILfPDquEtB3AYBk/Dfz13gu/jPMAwAATeA/mGBlBeBi/vp3Lv7X81eBSQAAAMFvNoP5636xIAPhBwAABL/xFE74f85fXcwBAAAIfrORef7fc9E/xRQAAIDgN5+Tuej/ItsHAAAEv/nI4j4R/R6mAAAABL/ZdJzoDzAFAACkDM/h63C96OJ3fD7GFAAN5elJHfn+xdgqnwT9R/N7v8RAgOC3S/SlX/8tpgDIUtA7TsS77vXdCXol7AAIPvwl+lP68wNkIfCD+de9JVEHaDTM4evScaJPNgCQPiL2BWIPCD5sijiPE8wAAAAIfvM5pBUvAACkRApz+DLffbTB7z0X1GrVrJDCnJxk+aXKkY7PtxmqAACQu+DPNnyk5e3fsZ3wui44+O6+1zW/XiyyfB7XAQAABD8wx+fT+dfpX8GB7Ywni3UGNYi/XpYPAADgQfvm8OWRueNzaZTx3/mf9l1AEDLLZwUwAAAg+JHFfzx/fZv/dBbwXQ4YZgAAgOCnIfyn86+yMG4W4Oh9DAwAAAh+OqJfBhL9DmV9AABA8NMSfXlEcJcsHwAAEPx2ZPrac/pbGBYAABD89Lg0uqV9SvoAAIDgJ5jli9hfKR6x45oAAQAARIHtcdczNrqb4IjgTzErADSWv7ubLrc7N+ZlO/SKcsXfPSz9LGurZi4ZKzEygh8iy5/OB+/E6JXje2bTrnuj4YXKeXy0J799uuAigHX3XRfE3J3bT+PfrfHILRZNyVn3lq5r3foTccCPzxzyxFXH2sbF3HZ1XrdtHpbGmOk5Id8ym7cuL975d/J+5sWYM+Z/f/5MQIDge1AqCr6PMPReiY5D0gn0vvLUwmXmYt8z/k9fzKKKvd3RsXLWvQ3GaH/FMafO+T4s7p9UgpmwtGuNjg0MD9zn341s82JFQDB1rwf3fdKScYjge/IPJgjCTvaCr/Oo5W3NjrrjznvHhHtUtKoS9N17ztx13s2d7i1DP2uhF3E9iZR8bDIGi2eBQPksGG1dNQrBfx3NqPAr5vxDsRCfvG+4HYVj3NWYkZ04Ee7UbCd5v8HiZbP/m0Ww187SP0If2+/Y16G7LglAr9o0DcAq/XqjTtDNkGM5QPksfcu4s+AZrzjq0fB+/tNvU8/ukO+5B0Q4/p2f1zVPrmQwzu34uW+A2K/zQfcuoEHwARLPkHMOVsKJvXXUPxN31INFIDIanrqpBkhL7CUL/tVQoV+V+SP4AGT4K9lTOEaYcr4IqM3oc7HviRN+2k+nIfQdFyzK0zkEYgg+gJpz6Wd4zuIE0yvny1MDo+Evo9s7oi7Epj8XQkO2H3Nsy7i+N+z9geADBCDHsn565fzRcOAcde6Ph4ltf7G7ZFSxx/YIPijAc6BhxDPHIOVG0VGfzr9em+aUX7vGLqQiy6xf7KmuIPitRjPa/R/mfEEnq2zu6Tl2H6ZqjwHJSvc8S/hvjwtb4h9wiwQf013EHsGHJ8cDYdnL6FzTKedbsW+6IF4j+sEDWI320IDgNwLNfexpNBJORHMaD/7l/HaIPaJfh22Zs28VdNp7nULxWPnN4dvS86c3xOdfzwyhuyjr59HrWqOc73edVvzaJoAXi42s6Ieumd0f1hRsVxvcVLvflSv+z7p9HL6avxuWFXxwCH6oG0L7Zpg21FK3CgJUJB8Q2fHQUbCVzzkULiurg9I87UQ2W/p8lh9L/O5+7gY+l2pO/0eiLXm3s2rP+tRqORTi667M+zdPKj94/tWYOyAIQPC10J1bbsJ2sKu5UxB8sXXqm+nEXZ1v51tDiv3UPG1y85YDvl0hINWmPKEccNdd/y6uyZtQTXVE3M+Ct4y2QcRkaWteQPC9I2DNDL9srK3k5rY7ovlt/ys2Tzsoil3Ovw6USZfGbiBy6zEGpi5gu1zKHgdBPgOptLDrno9vK4x+KX/mhP4SA6cNi/bWO1dNHhpuLw0HnG6kbp1kvHJ+OCe9O3fS26oCKuJ/fL4//+lHoED3mm58XmiX8iWI3UbsEfxcI+BBAPEpG241jb7wKXfdi91sRzsAFYH/FjRTlmqGBBPGHCkfuWOa2XugrsBV07dVYs9iSgQ/yxtC5oQu1DOppu+3bIXDdzFVP+HMLV453wagXcVrGc/PZbe2xW8289s2uo+lHrK17kYcBBB7HjdG8LMV+xAdp9oy36hxnf1Ex0U3om00s9kzV26vOyAsA4g+Wf7HxnFX8f6aIvYIfs43Q7X3c4gM86YlVtQo628leF170caAbnYvmf1pNCvaCse24hH7zOVHC6Z3EXsEP8+odzSUrP4i0DtMG1/Of3LoOmX99CgUxsCmc5xaj4ZOomT2q0Vfa05fxH6AC699LJ0xZ4/g5yb0Pdee9LcJuzr8rGWW9S3rd5LaJc2WQXtRbGLfW2ts7idjUzunrzXNdWCgrnFsg9f0+2XAK3xu0aAX57njsshuDe8omd24ZeNJownPlkln3YNG8HET8b1TzciOXDDjW5LPqS1z7uO4GkuU8hH8WoV7sBRtrncE9lX1Yi4inOlR60aTThOefkK28y2Dxi7nz5LMyORZ/dFQWq9qLLyT8YLgvx1E+4+l9iUwCH4iTrhI/BxvW9wNzLe3fhpZW9xyfsfolGCvEs7IJBA5UMjytwy8hcZYQuwbAKv09REHu9/i69dYrb+XwHVoBJU3Ed87bSdtA5Fmd2hMARu4dlWCR0Dw4QXtfmRFZ7V+Ck7ct7ueTzlfI2udZLBhk46I2PU5sBoNsZ82ePMvBB82Zr81j+G9jm/m1ovaSc2W1PsRbaBRgk2//4MNiDSEpMctFzR4ZrMiBB+eMWZRyx80yvoxH8+LuTpfS8ByCTw1xOQrt9xavigc4xEzIvjwxFkSjU3Sydw0yvoxN9OJWc4XOgqfQS4r1zXEhAw/rG14CgLBB8d+1Jal6TL2/P0iYuvUIlrWqjMfXWY0TjTEhBa7YQN4BB/Bbz1TI3t+U8Zfh8Yccv1lfdvpr5PAtfuQz6JRHTEhw19PV8HPAYLf+uz1B5Hvm47c11nEKOvHLudrkNucK93bEHyogc+Y4EPYzT9Yif9epLR9mFWGH3d1voaDzvW+KrhdAMjwU0CiXJmr/4HYfwj/0nadm+mkUc7vMmwAAMGvHxF3aaTzjbn6DcivrO/b8GbKNA8ApAol/ZdMXJZ2S3cpFTTK+nU98hi7nA8AgOAHZOYy+bvFd0RemxtPwe8sHlULPZUiG/b4l9Nv+LgBAMFPg9IJ/KPL5CcIfGCkxD0aTj3FdMeEf7Y85la4AAAI/pos6uEdWftkSXRKPuqoaJT1jwKfI+V8AEDwE8sYx3xsWQZpPoLfXZTcQ2XQOluIUs4HgKRhlT7UEaRprNYvEs7uKecDAIIP4PAtee8FPLe9yNcGAIDgQ2PwLXn3XOldF3vMXuRrAwBA8KEh6JT1Q3Tdo5wPAAg+gDK+pe+tAOe0FfmaAAAQfGgcvqXvvhkN9fY+t8fqR74mAAAEHxpGemV9yvkAgOADJJrla5b1fTfmoZwPqVN6/n4PEyL4AJsyTiLDT7ecT8UAUqKDCRB8gM2wexf4iFrH7VvvS+H5+6HK+bMWjoqCGyMY/uNJNq8CBB8gUma8o3AOTS7nbzHEwPGocAzK+gg+QDSx1Mg4Ul2dr5Hh51OG1ckeS26ptUwJIAHBh3j4l/W7bv/6TUWm7ymKk2Cr83WOm1NG1uWGSF7wC8yI4APEzJB9+t/vRD738Fl+PvOuGtkjCx3XB5ClwlG01s0Agg8tJWZZv4h87nUI2E4m40BDSB65nYKPpz3MiOADbJp5TD0d0Wab6dipgK7H+07cuYfkIREhDYv/1AoZ/vsoVcZTiM2rAMGH1uDfarf+TKWOVroaAtbNoKyvU4Wg22EdAaRwgikRfIBN8S2NbyLe/cjnXFdGJhwknN1LtjhIYAw1n+NzLRsNvBbLAoIPrXZEU+Nf1n9/STiPcr7YZWb0yrCpOmitbPGBG6nWwOgCUyL4AJtSZ1m/iHyuH+GusQ7aBiEDpaOR4dc7nor553eKORF8gBgO+yPzwHuRzzXGe4mDPkzsM79WOk5ZS8WlCRyfj41e2+YTHtND8AE2cUTisH3K+v13lfXtnLFPeXtSq7jY99IS/ZNkSvuj4YXRawx0k8gozqWz4ZVq0MZ8PoIPEMFxF+8KDPITFy0H3XEOOq4wjYaD+VetasPMZa0pkIvwadpLxtI9mT6CD/BR6ijr51TOr7L80ui0Rq1E6T6a6Fuxv1Y8okYwpFXizqPJka0aaYv+T+b0EXyAjzoiv7L+62LTMTmV8//mTDkTva+9gYpdQ6Ap9iLUlwrHeVSzaz6tjI+M/hbMMmX0i210EXyA9+JTMn+r13eO5fwqGJKMrFQW/V+1lGIl0BoNfxr9JwWu3KOLqWT4xqQwZfK+8TQzunP5z4PJe4QfwQd4i5Bl/Z3I56aRlWlSlWJ/Bsv2bQn/t9Fv8Tudi9ap0rE0O/R1F9drrzt10T814doRF074fy8WaEpgmUMg1BI+YwJIxAlN547h1kMgpAvY0YvMzwqaj+hMoj/6Ja1jR0MpYWs/Xtc39ikHqSKcqVynFbwTE27b233FY2mLXrU4Uq6/nL/+MS+rM7NEWgGLHX8FPH7XjddDNy6Meb1SVbix/gln+KH7Tewm65N67jVz41r6Loyf+0MEH1LizlOcZZ54d+lm6Bj/ueNUHv06c04xxIrwgQuYJu56y3eLkrWxnNeO++xCZnOXStu9VoHUzF2ztk275qmx0MkKm/keXz6fbYUgUipHdTZmKnBxakLfcZ/dwIl86fznF2dn+beD+f/bX75nEHxIiVtPge4vSolWtL44AeoqnFMKFZDZ4uaVcmk4Ue39Eb+/M7Ln7Wu/Ort2A2byL7Px4/OjAMe9Mfk8Vqc9pi7nn/N3o9f1EOrj3o3bMxcIz1Zk/hfGTq/sVvspMIcPKTmgmYLAdl1WdaggRpOkOrnZrPuoxncs3Ovk2Wvg/r4usZdxsR3o2Lctv+f2je6iUAif3Z86sd936zFO3GLJ6nXosvptY8v7fxaUIviQGncJnctVctaxq/b3WzQerNjrrMpfZc+poR//rgm3iA90xb7jgu7xUuOpqkIllbipCwAu3D0jvqLjEiAEH5IUtFkCZ6JRbQhpo8sWjIZK7EOL0VXL77mqgkKmnz79NWP2YZHt24rN1Z8gwN474sd2EHxIlaskziFUVqnjpKW0f9TgMVCX2FcdDS9bfcfJWLcLAce4n6TpLgn5Or4/+/NjFQAg+JAil5GzfK1ObqGdtJxjE8v709rE/glZ/ERZ22aIRwZSZtU43XPz97JouViXNCH4kGa2ETfLTzu7/9tWkpH9MGlMg2hQLq6n7mfVn+Y7Z9x/i0DyBwFQsvTWBMkyh98x9rHNWwQfcnI6p5EczkSxk1tdthI7fTP5Lz47WpSVYwVb1o7biL6zxfG5iP4Z9kgwu3/ZGvvB+S0JWvvP2hvvVL+H4EPK1J1xVVlejg5a5mBltfVuhg66yuovE7BjFTyV3H5/Au9vCH8yn8et+xwOXvl3GbvXbi+LwlUErhB8yCFzrVOAdxNpe+rrEHJx0FNjnyXeTsruTwvY9o3e9sQ5j6nZM+HHJnGxXTdHw6pJmay5GP/lx+zYFaH/aWzVcozgQy4CVofo76u2bU3DQUtJNvYCyNeE/tvSs8Qp2nG8OEc7/pjPrsaVtcmuExmy/vo/h0tn+8FioZ79u+dBWCX2Ztl/0loXchjgY9fzXAZwN4D45J/Zr7bbdBH9j4ZnxnbHqzbZiIUEbzfrFhQlPf7EwY6GPfO0b4D83GnxPXnrPs99ZxeZU95qvV3qs7/YXR63kyY8st311DxVXgr3vXSB9dRX8DWdI5EzNnrPAJfNPn6Yp7a5GkikfJbNinyfzMxe66Vzznsm3EY8q0T+bvE9dzvboHBiqkc27U6M3SUH+6Umm04StYtxduk4O3SXAvTvbwQCMjYeNwjWS6WgP7/PxO6FMHbB/PclW5+5++3FObEVIeSHdbRVxtrd4Oa+MbY15bTldqx2uqsyM9/sbOoc36OxjwaVDFaAdEDwoQniX4nV1xUBgIjQP3+ygbaL/PtsWmWsbwUAE5eZzRo5JQLQMP4vwACUccZIO2xLfwAAAABJRU5ErkJggg==",
              "square_logo": "iVBORw0KGgoAAAANSUhEUgAAAGwAAABsCAYAAACPZlfNAAAAAXNSR0IArs4c6QAABYtJREFUeAHtnVtsFFUYx7/d3ruWotUKVIkNaCw02YgJGBRTMd4CokUejD4QH4gxQcIDeHnBmPjkhSghUYLGe3ywPtAHNCo0QgkWwi2tXG2V1kIpLXTbLt1tS9dzlmzSJssZhv32zDk7/2km2znn7Pd9+/vt2Z2dmW0D9Obat4gCiwiLBQQSLflSViAQeN6Can1fYiJBFPQ9BcsAQBiEWUbAsnIxwyDMMgKWlYsZBmGWEbCsXMwwCLOMgGXlYoZBmGUELCsXMwzCLCNgWbmYYRBmGQHLysUMgzDLCFhWLmYYhFlGwLJyMcMgzDIClpWLGQZhlhGwrFzMMAizjIBl5WKGQZhlBCwrV1xbb96y59V1VFJQmLawQNrWa43x8XEaHo1fW+Oj1H8lSqf6eulEbw+dvNhLvcNDinvb0WWksAdm3UWhwiJ2gt2RAWo80UY7jrdSU8cZGrt6lT1HtgMaKSxbD7qqfDq99tAjyTUSG6FP9v1BH+3dTUPxeLZSssf17U5HeXEJbXr8aerY+A6tf7iOxFeu2OFmI6BvhaVgVoRCtHl5PTW8/AoV5xekmo299b2wlJn6+WFqWrOWKkpDqSYjbyFskpZFs++hL1e9NKnFvF+t3OmQOwzdkcgUmnnBABXm5Ys1j8qKisVadFPvS8tramn1goX09eEDU+KbsmGlsMbjbbT6x++UDOVORGXoFppXOYMerLqbVsyrpcWzqykYdH5R+fjZlcnd/8sjV5Q5vOh0rt6LqhhyJsQ3uC+ID8ry89aHYtf90W1bKLzlffr19EnH6HIP8oXasOM4LwbkrLB0MP+6cJ6e+eoz+vTP5nTdU9peDC+Ysm3Khq+ESehy5r3e2ECHu7uUDuqq59Id4iXVtMV3wqSACSHt3V2/KF3I97qayjuVY7zo9KUwCfq3M6coNjamZD6zrFzZ70Wnb4XFxseoK3JZyXzWtGnKfi86fStMwu6LRpXMZ5RBmBKQ7k75XqZa8gLmPZ/Nq0hFkLnvttJSZUT5Oc60xbfC5CGs6lsrlD56hgaV/V50+lbYkuo5VFygPp3SMwxhXjwp0+bcsGRp2vZU48TEBB09153aNObWlzNMHo1/6r4apYTmsx10MTqsHONFp5VH6zMBtWbhYtq6YpVjiJ/ajjmO8WKAL4QFxamWZffPT1678dicex05D4jTKj8cO+Q4zosBOSXs7bonktci5ovjgPIUye3ieo3wzKrk+TC5faPLGz83On6ovtFY3ONySth7Ty67qbPMk6Hu+edv+vzg/slNRv3uy52O6xk40HWW6r/94nrdRrTn1AzLhOju9tP03DfbKTo6mkmYrN/X98L6xQHgTb/vpG0t+5LnybJOPMMEvhXWOXCJvj9yiD7Yu4sGRkYyxKjv7r4RJi+Na+05Rwf/66SG1qO0v/NffZQZM+WUsI07d1BC/MTE144GYzHxJYcYDYq1vb/f8WQlI9OshsopYZubm7IKy4Tg2K03wYKLGiDMBSwThkKYCRZc1ABhLmCZMBTCTLDgogYIcwHLhKEQZoIFFzVAmAtYJgyFMBMsuKgBwlzAMmEohJlgwUUNEOYClglDIcwECy5qgDAXsEwYCmEmWHBRA4S5gGXCUAgzwYKLGow84yyvuyhR/GW19kt9Lh5ibg01UtjS7VtzizLjo8FLIiNMHaEgTAdlxhwQxghTRygI00GZMQeEMcLUEQrCdFBmzAFhjDB1hIIwHZQZc0AYI0wdoSBMB2XGHBDGCFNHKAjTQZkxB4QxwtQRCsJ0UGbMAWGMMHWEgjAdlBlzQBgjTB2hIEwHZcYcEMYIU0coCNNBmTEHhDHC1BEKwnRQZswBYYwwdYSCMB2UGXNAGCNMHaEgTAdlxhziUu1Ei8M/+WFMh1CZEUi0/A+j7hNSB5Wo2wAAAABJRU5ErkJggg==",
              "footer_legal_text": "©#{Date.today.year} Pivotal Software, Inc. All Rights Reserved",
              "footer_links": null
            },
            "saml": {
            }
          },
          "uaa": {
            "admin": {
              "client_secret": "example-blank-password"
            },
            "disableInternalAuth": false,
            "sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIC3zCCAcegAwIBAgIBADANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDESMBAGA1UEAwwJc29tZS1uYW1lMB4XDTEzMDcwOTIy\nMTI1MVoXDTE1MDcwOTIyMTI1MVowMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Bp\ndm90YWwxEjAQBgNVBAMMCXNvbWUtbmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBALny6vikcrf/3Do/Nq2Sh/ji8d8dhACUIOaf+ml2cWuRKuP6TcQC\nohbLBHlbm3l5QqD/lvz1EaSy168SVPIsy34sAcioYv+7oOIAHqS4gCVEb7AQrsKb\nZIFUmp7J9qCmkJtyImvViQUUJrWOSaQi3eCAh8uSHyelBNPdaHnj0k8WufKp6hzK\npAr6Xv8OgFSwjD0+XROiTyRpvsQoTm8/XtdhAFpwjTnqR9gxlXqzDqmBRzWduO/M\nyctwF9gtggUp31USmqo5fVC+nr1wh6a/JlbUETtcRhk8jR/FnAVHLSJC4+FZqhmK\nDcemvIfEJaKCNqhvytRLI01l+0p1pm8cqxUCAwEAATANBgkqhkiG9w0BAQUFAAOC\nAQEAru0hKd5gd1WDS6AUrIa8AYCWUrGHMd5P63FWB0KyUnfIDTX4tegHTF+olOxA\nkrR4IRVgFbu3u0pnURFn2N1Et4pZwvW9PEamwkIGHEpYmASOiUZqvrthx/WpUaeu\n+xQIWa1S140v4wa/27UTakAuR+GnA6StJSIRBEBa7hafqpeLGPugZVWRtY3m/OIF\nLICs2U2X8P86RMUWgdtM9//x3t6O7IJzhrSKRkZDmSWAv6EbS/aTpXOPpJFpJtT8\n0aETgAhauKhyp6CeajL3Nc3FfoIONK427VbfIGKJ1Qw7OwTA4N0VPpETiGN7KrfD\nU4mSCEKQ0cIypQAm9rkPboHfwg==\n-----END CERTIFICATE-----\n",
            "sslPrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
            "require_https": false,
            "url": "https://192.168.163.3:8443",
            "jwt": {
              "signing_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
              "verification_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
            },
            "user": {
              "authorities": [
                "openid",
                "scim.me",
                "password.write",
                "uaa.user",
                "profile",
                "roles",
                "user_attributes",
                "bosh.admin",
                "bosh.read",
                "bosh.*.admin",
                "bosh.*.read",
                "clients.admin"
              ]
            },
            "clients": {
              "bosh_cli": {
                "authorized-grant-types": "password,refresh_token",
                "override": true,
                "scope": "openid,bosh.admin,bosh.read,bosh.*.admin,bosh.*.read",
                "authorities": "uaa.none",
                "refresh-token-validity": 86400,
                "access-token-validity": 600,
                "secret": "",
                "allowedproviders": null
              },
              "ops_manager": {
                "authorized-grant-types": "client_credentials",
                "override": true,
                "scope": "",
                "authorities": "bosh.admin",
                "refresh-token-validity": 86400,
                "access-token-validity": 600,
                "secret": "example-blank-password"
              },
              "login": {
                "authorized-grant-types": "password,authorization_code",
                "autoapprove": true,
                "override": true,
                "scope": "bosh.admin,scim.write,scim.read,clients.admin",
                "authorities": "",
                "refresh-token-validity": 86400,
                "access-token-validity": 600,
                "secret": "example-uaa-login-client-password"
              }
            },
            "scim": {
              "users": [
                "director|example-director-password|bosh.admin",
                "admin|example-blank-password|bosh.admin,scim.write,scim.read,clients.admin"
              ]
            }
          },
          "uaadb": {
            "address": "127.0.0.1",
            "db_scheme": "postgresql",
            "port": 5432,
            "databases": [
              {
                "name": "uaa",
                "tag": "uaa"
              }
            ],
            "roles": [
              {
                "name": "postgres",
                "password": "example-postgres-password",
                "tag": "admin"
              }
            ]
          },
          "vcenter": {
            "address": "192.168.163.131",
            "user": "user",
            "password": "example-password",
            "datacenters": [
              {
                "name": "vsphere-datacenter",
                "vm_folder": "pivotal_cf_vms_test-installation-guid",
                "template_folder": "pivotal_cf_templates_test-installation-guid",
                "disk_path": "pivotal_cf_disk_test-installation-guid",
                "allow_mixed_datastores": true,
                "datastore_pattern": "^(vsphere\\-datastore)$",
                "persistent_datastore_pattern": "^(vsphere\\-datastore)$",
                "clusters": [
                  {
                    "vsphere-cluster": {
                    }
                  }
                ]
              }
            ]
          }
        }
      }
    ],
    "cloud_provider": {
      "template": {
        "name": "vsphere_cpi",
        "release": "bosh-vsphere-cpi"
      },
      "mbus": "https://vcap:example-agent-password@192.168.163.3:6868",
      "properties": {
        "agent": {
          "mbus": "https://vcap:example-agent-password@0.0.0.0:6868"
        },
        "blobstore": {
          "provider": "local",
          "path": "/var/vcap/micro_bosh/data/cache"
        },
        "ntp": [
          "us.pool.ntp.org"
        ],
        "vcenter": {
          "address": "192.168.163.131",
          "user": "user",
          "password": "example-password",
          "datacenters": [
            {
              "name": "vsphere-datacenter",
              "vm_folder": "pivotal_cf_vms_test-installation-guid",
              "template_folder": "pivotal_cf_templates_test-installation-guid",
              "disk_path": "pivotal_cf_disk_test-installation-guid",
              "allow_mixed_datastores": true,
              "datastore_pattern": "^(vsphere\\-datastore)$",
              "persistent_datastore_pattern": "^(vsphere\\-datastore)$",
              "clusters": [
                {
                  "vsphere-cluster": {
                  }
                }
              ]
            }
          ]
        },
        "env": {
        }
      }
    }
  }
}

HTTP Request

GET /api/v0/staged/director/manifest

Allows you to generate a BOSH director manifest.

Fetching a cloud config

curl "https://example.com/api/v0/staged/cloud_config" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "cloud_config": {
    "azs": [
      {
        "name": "first-az",
        "cloud_properties": {
          "datacenters": [
            {
              "name": "first-az",
              "clusters": [
                { "cluster-1": { "resource_pool": "giraffe" } }
              ]
            }
          ]
        }
      }
    ],
    "networks": [
      {
        "name": "first-network",
        "type": "manual",
        "subnets": [
          {
            "dns": [ "8.8.8.8" ],
            "range": "1.1.1.0/24",
            "gateway": "1.1.1.1",
            "azs": [ "first-az" ],
            "cloud_properties": { "name": "cluster-1" },
            "reserved": [ "1.1.1.0-1.1.1.20" ],
            "static": []
          }
        ]
      }
    ],
    "vm_types": [
      {
        "name": "medium",
        "cloud_properties": {
          "ram": 4096,
          "cpu": 2,
          "disk": 8192
        }
      }
    ],
    "disk_types": [
      {
        "name": "20480",
        "disk_size": 20480,
        "cloud_properties": {
          "type": "thin"
        }
      }
    ],
    "compilation": {
      "workers": 1,
      "network": "first-network",
      "az": "first-az",
      "reuse_compilation_vms": true,
      "vm_type": "small",
      "vm_extensions": [],
      "env": {
        "bosh": {
          "password": "example-generated-password"
        }
      }
    },
    "vm_extensions": [
      {
        "name": "public_ip",
        "cloud_properties": {}
      }
    ]
  }
}

HTTP Request

GET /api/v0/staged/cloud_config

Allows you to generate a BOSH cloud config based on the staged state of the OpsManager.

Migrating Credentials to Credhub

Getting Credentials to Migrate to CredHub

curl "https://example.com/api/v0/staged/products/credhub_credentials" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK

RESPONSE HEADERS:
  Content-Type: application/x-yaml; charset=utf-8
RESPONSE BODY:
---
credentials:
- name: "/p-bosh/example-product-d225c410ff8109b672d4/generated-secret-migrated-to-credhub"
  type: password
  value: nJw80ZA_WQDeVL2W5lDxT5Uz9RBA9xx-
- name: "/p-bosh/example-product-d225c410ff8109b672d4/generated-rsa-key-migrated-to-credhub"
  type: rsa
  value:
    public_key: |
      -----BEGIN PUBLIC KEY-----
      MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwe0sabFrSoOjVhywALi6
      ...
      k3L/ujo3JAjGqBCNvhaaw+otEQazbwVoWVi76rRLmSJHdwlDP2App6n79EORTT1y
      /QIDAQAB
      -----END PUBLIC KEY-----
    private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpgIBAAKCAQEAwe0sabFrSoOjVhywALi6g4tr86uq42ihu/76txAj4kVzHM5J
      ...
      vidadcyLwNmTBEnjPlfC6hmAiKYGYUl6mNOixIetpf6eeNBGq+aCpWgSa/t+Wb7Q
      X41Fbruu6xHzX9P5SBI9Ts0aZxEQeukbzlVgx9j1BSQ+YH5SmxuE4yaF
      -----END RSA PRIVATE KEY-----
- name: "/p-bosh/example-product-d225c410ff8109b672d4/generated-simple-creds-migrated-to-credhub"
  type: user
  value:
    username: QuiWk_hQKcKpokd-dVTjqRqVfMa8M-4E
    password: pvWXxO8_pNC8aArqT4ku3Me-U0-VORdV

Ops Manager will migrate credentials to CredHub for you.

However, if you are using Ops Manager solely as a manifest generator, using /api/v0/staged/installations/commit, then you need to download the list of credentials for all products from this endpoint and load them into your CredHub yourself with the CredHub CLI, before you can use the /api/v0/staged/installations/commit endpoint.

HTTP Request

GET /api/v0/staged/products/credhub_credentials

Deleting Credentials Migrated to Credhub from Ops Manager

curl "https://example.com/api/v0/staged/products/credhub_credentials" \
    -X DELETE \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK

RESPONSE HEADERS:
  Content-Type: application/json; charset=utf-8
RESPONSE BODY:
{}

If you are using Ops Manager solely as a manifest generator, after you download the list of credentials for all products using /api/v0/staged/products/credhub_credentials and load them into your CredHub yourself with the CredHub CLI. You can use this endpoint to delete staged variable migrations when upgrading products that have credentials to migrate into Credhub before you can use the /api/v0/staged/installations/commit endpoint.

HTTP Request

DELETE /api/v0/staged/products/credhub_credentials

Deployed BOSH Director

Fetching a manifest

curl "https://example.com/api/v0/deployed/director/manifest" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "name": "p-bosh-installation-name",
  "releases": [
    {
      "name": "bosh",
      "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-20sejo/internal_releases/bosh"
    },
    {
      "name": "bosh-vsphere-cpi",
      "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-20sejo/internal_releases/cpi"
    },
    {
      "name": "uaa",
      "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-20sejo/internal_releases/uaa"
    }
  ],
  "networks": [
    {
      "name": "default",
      "type": "manual",
      "subnets": [
        {
          "netmask": "255.255.255.0",
          "dns": [
            "192.168.163.1"
          ],
          "gateway": "192.168.163.2",
          "range": "192.168.163.0/24",
          "cloud_properties": {
            "name": "vsphere-network"
          }
        }
      ]
    }
  ],
  "disk_pools": [
    {
      "name": "director_disk_pool",
      "disk_size": 51200,
      "cloud_properties": {
        "type": "thin"
      }
    }
  ],
  "resource_pools": [
    {
      "name": "director_resource_pool",
      "network": "default",
      "stemcell": {
        "url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-20sejo/stemcells/bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz"
      },
      "cloud_properties": {
        "cpu": 2,
        "disk": 51200,
        "ram": 4096,
        "datacenters": [
          {
            "name": "vsphere-datacenter",
            "clusters": [
              {
                "vsphere-cluster": {
                }
              }
            ]
          }
        ]
      },
      "env": {
        "bosh": {
          "password": "example-$6$vm-salt-12345687$nWtgnl1OMN2ZYBP4KhIrjuSAKJ968h43goOBQBBkaGX9vJlK2DL5QanzPSppfEogEIF7MzxFHR.6xLKVe1olr."
        }
      }
    }
  ],
  "jobs": [
    {
      "name": "bosh",
      "instances": 1,
      "templates": [
        {
          "name": "postgres",
          "release": "bosh"
        },
        {
          "name": "nats",
          "release": "bosh"
        },
        {
          "name": "director",
          "release": "bosh"
        },
        {
          "name": "health_monitor",
          "release": "bosh"
        },
        {
          "name": "uaa",
          "release": "uaa"
        },
        {
          "name": "vsphere_cpi",
          "release": "bosh-vsphere-cpi"
        },
        {
          "name": "blobstore",
          "release": "bosh"
        }
      ],
      "resource_pool": "director_resource_pool",
      "persistent_disk_pool": "director_disk_pool",
      "networks": [
        {
          "name": "default",
          "static_ips": [
            "192.168.163.3"
          ],
          "default": [
            "dns",
            "gateway"
          ]
        }
      ],
      "properties": {
        "env": {
        },
        "nats": {
          "address": "127.0.0.1",
          "user": "nats",
          "password": "example-nats-password"
        },
        "postgres": {
          "host": "127.0.0.1",
          "user": "postgres",
          "password": "example-postgres-password",
          "database": "bosh",
          "additional_databases": [
            "uaa"
          ],
          "adapter": "postgres"
        },
        "blobstore": {
          "address": "192.168.163.3",
          "port": 25250,
          "provider": "dav",
          "director": {
            "user": "blobstore",
            "password": "example-blobstore-password"
          },
          "agent": {
            "user": "blobstore",
            "password": "example-blobstore-password"
          }
        },
        "director": {
          "address": "192.168.163.3",
          "name": "p-bosh-installation-name",
          "cpi_job": "vsphere_cpi",
          "user_management": {
            "provider": "uaa",
            "uaa": {
              "url": "https://192.168.163.3:8443",
              "public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
            }
          },
          "max_threads": 3,
          "db": {
            "host": "127.0.0.1",
            "user": "postgres",
            "password": "example-postgres-password",
            "database": "bosh",
            "additional_databases": [
              "uaa"
            ],
            "adapter": "postgres"
          },
          "trusted_certs": null,
          "ssl": {
            "key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
            "cert": "-----BEGIN CERTIFICATE-----\nMIIC3zCCAcegAwIBAgIBADANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDESMBAGA1UEAwwJc29tZS1uYW1lMB4XDTEzMDcwOTIy\nMTI1MVoXDTE1MDcwOTIyMTI1MVowMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Bp\ndm90YWwxEjAQBgNVBAMMCXNvbWUtbmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBALny6vikcrf/3Do/Nq2Sh/ji8d8dhACUIOaf+ml2cWuRKuP6TcQC\nohbLBHlbm3l5QqD/lvz1EaSy168SVPIsy34sAcioYv+7oOIAHqS4gCVEb7AQrsKb\nZIFUmp7J9qCmkJtyImvViQUUJrWOSaQi3eCAh8uSHyelBNPdaHnj0k8WufKp6hzK\npAr6Xv8OgFSwjD0+XROiTyRpvsQoTm8/XtdhAFpwjTnqR9gxlXqzDqmBRzWduO/M\nyctwF9gtggUp31USmqo5fVC+nr1wh6a/JlbUETtcRhk8jR/FnAVHLSJC4+FZqhmK\nDcemvIfEJaKCNqhvytRLI01l+0p1pm8cqxUCAwEAATANBgkqhkiG9w0BAQUFAAOC\nAQEAru0hKd5gd1WDS6AUrIa8AYCWUrGHMd5P63FWB0KyUnfIDTX4tegHTF+olOxA\nkrR4IRVgFbu3u0pnURFn2N1Et4pZwvW9PEamwkIGHEpYmASOiUZqvrthx/WpUaeu\n+xQIWa1S140v4wa/27UTakAuR+GnA6StJSIRBEBa7hafqpeLGPugZVWRtY3m/OIF\nLICs2U2X8P86RMUWgdtM9//x3t6O7IJzhrSKRkZDmSWAv6EbS/aTpXOPpJFpJtT8\n0aETgAhauKhyp6CeajL3Nc3FfoIONK427VbfIGKJ1Qw7OwTA4N0VPpETiGN7KrfD\nU4mSCEKQ0cIypQAm9rkPboHfwg==\n-----END CERTIFICATE-----\n"
          }
        },
        "hm": {
          "director_account": {
            "ca_cert": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNjA0MTExNTE0MzRaFw0yMDA0MTIxNTE0MzRa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEApJOxyQUh/OwHVnWxjf39aNQ61DPyFozobajQarwp\n6dHYWwZYj2nNtgEWmkrpbagTU0rwP8QzpUUpf3NUCmPwLEerLpQVEg4LTIMpQyKR\nXPjEWrU0QB08QOZwxP2H2x2IS6Qn9obKuBtExwhTvaCUoDqZhaZycqYIZ6yV4ppN\nnKEP5HcDXpj02ZA4lvkCh/mDFxYJUjJrLnK+zMfALOcX7QohL/iOENEkG0qmaYqI\n/e7tcAw2O7h95sGlRkcUQ2JghhfbwZQkAR6YA6k2EYPdnkMLhoJOwlL+oexJubVS\nlA6CzNVOcuG4Bec3Zg43oJtR1sV7z8a8Tgri+F2NYhsccQIDAQABo0IwQDAdBgNV\nHQ4EFgQUkP10tFC5mzdcncEK0NWBQXTiTg4wDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAHefgUo4C+kG4EOzXPcMwKY3\nCtBIUq+zVfLEuu7QBxJ0LEspoBt080MLeKcrkrSdDG6FZeNSTvSbYR5adWoEhK3/\nxB2RraY/780oE6Paptqo4f4H38+rPj18zmzsMiSIXkimoLmsAXe7ZGV72Zsmz9hm\nYDaSuSBxMlSUWytmqLacajgeGFdyAs2KRJamTHqeGSxLGyqpDWw023aLqSOXSaWg\nD2jUfGNd7PwpsBTa7jwlDEVapUqHdQmNbMaZqon40dlTwEi0JOp4zWtg8g8AFNjG\n7B1T481JoeZuPVMsD+A/jgnerwKxm9+hzsyLLGVnsafksB5S6vbmdjKt0nhHHzU=\n-----END CERTIFICATE-----\n",
            "user": "health_monitor",
            "password": "example-health_monitor-password"
          },
          "resurrector_enabled": false,
          "pagerduty_enabled": false,
          "pagerduty": {
            "service_key": null,
            "http_proxy": null
          },
          "email_notifications": false,
          "email_recipients": [

          ],
          "smtp": {
            "from": null,
            "host": null,
            "port": 25,
            "domain": null,
            "tls": false,
            "user": null,
            "password": null
          }
        },
        "agent": {
          "mbus": "nats://nats:example-nats-password@192.168.163.3:4222"
        },
        "ntp": [
          "us.pool.ntp.org"
        ],
        "login": {
          "protocol": "https",
          "branding": {
            "company_name": "Pivotal",
            "product_logo": "iVBORw0KGgoAAAANSUhEUgAAAfwAAAB0CAYAAABgxoASAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEpBJREFUeNrsnd1RG80ShsenfG+dCCxHYDkClggQESAiAKp0wxVwpRuqgAgQERgiYInAIgLri+DTyeCoNbNGBokfTc/OzO7zVAnwD6vd1my/3T2zPZ/MJoyG9/OvhUmP2fw1Wfr50f1cLv58fD4xOaJl7+PzTwYAAFrpoz83zOydZ0bvu+8n7kMxLiCYuGCgzDYIAAAAaLHgv4eee1WR2cxVAO5cADBlWAAAAILfPDquEtB3AYBk/Dfz13gu/jPMAwAATeA/mGBlBeBi/vp3Lv7X81eBSQAAAMFvNoP5636xIAPhBwAABL/xFE74f85fXcwBAAAIfrORef7fc9E/xRQAAIDgN5+Tuej/ItsHAAAEv/nI4j4R/R6mAAAABL/ZdJzoDzAFAACkDM/h63C96OJ3fD7GFAAN5elJHfn+xdgqnwT9R/N7v8RAgOC3S/SlX/8tpgDIUtA7TsS77vXdCXol7AAIPvwl+lP68wNkIfCD+de9JVEHaDTM4evScaJPNgCQPiL2BWIPCD5sijiPE8wAAAAIfvM5pBUvAACkRApz+DLffbTB7z0X1GrVrJDCnJxk+aXKkY7PtxmqAACQu+DPNnyk5e3fsZ3wui44+O6+1zW/XiyyfB7XAQAABD8wx+fT+dfpX8GB7Ywni3UGNYi/XpYPAADgQfvm8OWRueNzaZTx3/mf9l1AEDLLZwUwAAAg+JHFfzx/fZv/dBbwXQ4YZgAAgOCnIfyn86+yMG4W4Oh9DAwAAAh+OqJfBhL9DmV9AABA8NMSfXlEcJcsHwAAEPx2ZPrac/pbGBYAABD89Lg0uqV9SvoAAIDgJ5jli9hfKR6x45oAAQAARIHtcdczNrqb4IjgTzErADSWv7ubLrc7N+ZlO/SKcsXfPSz9LGurZi4ZKzEygh8iy5/OB+/E6JXje2bTrnuj4YXKeXy0J799uuAigHX3XRfE3J3bT+PfrfHILRZNyVn3lq5r3foTccCPzxzyxFXH2sbF3HZ1XrdtHpbGmOk5Id8ym7cuL975d/J+5sWYM+Z/f/5MQIDge1AqCr6PMPReiY5D0gn0vvLUwmXmYt8z/k9fzKKKvd3RsXLWvQ3GaH/FMafO+T4s7p9UgpmwtGuNjg0MD9zn341s82JFQDB1rwf3fdKScYjge/IPJgjCTvaCr/Oo5W3NjrrjznvHhHtUtKoS9N17ztx13s2d7i1DP2uhF3E9iZR8bDIGi2eBQPksGG1dNQrBfx3NqPAr5vxDsRCfvG+4HYVj3NWYkZ04Ee7UbCd5v8HiZbP/m0Ww187SP0If2+/Y16G7LglAr9o0DcAq/XqjTtDNkGM5QPksfcu4s+AZrzjq0fB+/tNvU8/ukO+5B0Q4/p2f1zVPrmQwzu34uW+A2K/zQfcuoEHwARLPkHMOVsKJvXXUPxN31INFIDIanrqpBkhL7CUL/tVQoV+V+SP4AGT4K9lTOEaYcr4IqM3oc7HviRN+2k+nIfQdFyzK0zkEYgg+gJpz6Wd4zuIE0yvny1MDo+Evo9s7oi7Epj8XQkO2H3Nsy7i+N+z9geADBCDHsn565fzRcOAcde6Ph4ltf7G7ZFSxx/YIPijAc6BhxDPHIOVG0VGfzr9em+aUX7vGLqQiy6xf7KmuIPitRjPa/R/mfEEnq2zu6Tl2H6ZqjwHJSvc8S/hvjwtb4h9wiwQf013EHsGHJ8cDYdnL6FzTKedbsW+6IF4j+sEDWI320IDgNwLNfexpNBJORHMaD/7l/HaIPaJfh22Zs28VdNp7nULxWPnN4dvS86c3xOdfzwyhuyjr59HrWqOc73edVvzaJoAXi42s6Ieumd0f1hRsVxvcVLvflSv+z7p9HL6avxuWFXxwCH6oG0L7Zpg21FK3CgJUJB8Q2fHQUbCVzzkULiurg9I87UQ2W/p8lh9L/O5+7gY+l2pO/0eiLXm3s2rP+tRqORTi667M+zdPKj94/tWYOyAIQPC10J1bbsJ2sKu5UxB8sXXqm+nEXZ1v51tDiv3UPG1y85YDvl0hINWmPKEccNdd/y6uyZtQTXVE3M+Ct4y2QcRkaWteQPC9I2DNDL9srK3k5rY7ovlt/ys2Tzsoil3Ovw6USZfGbiBy6zEGpi5gu1zKHgdBPgOptLDrno9vK4x+KX/mhP4SA6cNi/bWO1dNHhpuLw0HnG6kbp1kvHJ+OCe9O3fS26oCKuJ/fL4//+lHoED3mm58XmiX8iWI3UbsEfxcI+BBAPEpG241jb7wKXfdi91sRzsAFYH/FjRTlmqGBBPGHCkfuWOa2XugrsBV07dVYs9iSgQ/yxtC5oQu1DOppu+3bIXDdzFVP+HMLV453wagXcVrGc/PZbe2xW8289s2uo+lHrK17kYcBBB7HjdG8LMV+xAdp9oy36hxnf1Ex0U3om00s9kzV26vOyAsA4g+Wf7HxnFX8f6aIvYIfs43Q7X3c4gM86YlVtQo628leF170caAbnYvmf1pNCvaCse24hH7zOVHC6Z3EXsEP8+odzSUrP4i0DtMG1/Of3LoOmX99CgUxsCmc5xaj4ZOomT2q0Vfa05fxH6AC699LJ0xZ4/g5yb0Pdee9LcJuzr8rGWW9S3rd5LaJc2WQXtRbGLfW2ts7idjUzunrzXNdWCgrnFsg9f0+2XAK3xu0aAX57njsshuDe8omd24ZeNJownPlkln3YNG8HET8b1TzciOXDDjW5LPqS1z7uO4GkuU8hH8WoV7sBRtrncE9lX1Yi4inOlR60aTThOefkK28y2Dxi7nz5LMyORZ/dFQWq9qLLyT8YLgvx1E+4+l9iUwCH4iTrhI/BxvW9wNzLe3fhpZW9xyfsfolGCvEs7IJBA5UMjytwy8hcZYQuwbAKv09REHu9/i69dYrb+XwHVoBJU3Ed87bSdtA5Fmd2hMARu4dlWCR0Dw4QXtfmRFZ7V+Ck7ct7ueTzlfI2udZLBhk46I2PU5sBoNsZ82ePMvBB82Zr81j+G9jm/m1ovaSc2W1PsRbaBRgk2//4MNiDSEpMctFzR4ZrMiBB+eMWZRyx80yvoxH8+LuTpfS8ByCTw1xOQrt9xavigc4xEzIvjwxFkSjU3Sydw0yvoxN9OJWc4XOgqfQS4r1zXEhAw/rG14CgLBB8d+1Jal6TL2/P0iYuvUIlrWqjMfXWY0TjTEhBa7YQN4BB/Bbz1TI3t+U8Zfh8Yccv1lfdvpr5PAtfuQz6JRHTEhw19PV8HPAYLf+uz1B5Hvm47c11nEKOvHLudrkNucK93bEHyogc+Y4EPYzT9Yif9epLR9mFWGH3d1voaDzvW+KrhdAMjwU0CiXJmr/4HYfwj/0nadm+mkUc7vMmwAAMGvHxF3aaTzjbn6DcivrO/b8GbKNA8ApAol/ZdMXJZ2S3cpFTTK+nU98hi7nA8AgOAHZOYy+bvFd0RemxtPwe8sHlULPZUiG/b4l9Nv+LgBAMFPg9IJ/KPL5CcIfGCkxD0aTj3FdMeEf7Y85la4AAAI/pos6uEdWftkSXRKPuqoaJT1jwKfI+V8AEDwE8sYx3xsWQZpPoLfXZTcQ2XQOluIUs4HgKRhlT7UEaRprNYvEs7uKecDAIIP4PAtee8FPLe9yNcGAIDgQ2PwLXn3XOldF3vMXuRrAwBA8KEh6JT1Q3Tdo5wPAAg+gDK+pe+tAOe0FfmaAAAQfGgcvqXvvhkN9fY+t8fqR74mAAAEHxpGemV9yvkAgOADJJrla5b1fTfmoZwPqVN6/n4PEyL4AJsyTiLDT7ecT8UAUqKDCRB8gM2wexf4iFrH7VvvS+H5+6HK+bMWjoqCGyMY/uNJNq8CBB8gUma8o3AOTS7nbzHEwPGocAzK+gg+QDSx1Mg4Ul2dr5Hh51OG1ckeS26ptUwJIAHBh3j4l/W7bv/6TUWm7ymKk2Cr83WOm1NG1uWGSF7wC8yI4APEzJB9+t/vRD738Fl+PvOuGtkjCx3XB5ClwlG01s0Agg8tJWZZv4h87nUI2E4m40BDSB65nYKPpz3MiOADbJp5TD0d0Wab6dipgK7H+07cuYfkIREhDYv/1AoZ/vsoVcZTiM2rAMGH1uDfarf+TKWOVroaAtbNoKyvU4Wg22EdAaRwgikRfIBN8S2NbyLe/cjnXFdGJhwknN1LtjhIYAw1n+NzLRsNvBbLAoIPrXZEU+Nf1n9/STiPcr7YZWb0yrCpOmitbPGBG6nWwOgCUyL4AJtSZ1m/iHyuH+GusQ7aBiEDpaOR4dc7nor553eKORF8gBgO+yPzwHuRzzXGe4mDPkzsM79WOk5ZS8WlCRyfj41e2+YTHtND8AE2cUTisH3K+v13lfXtnLFPeXtSq7jY99IS/ZNkSvuj4YXRawx0k8gozqWz4ZVq0MZ8PoIPEMFxF+8KDPITFy0H3XEOOq4wjYaD+VetasPMZa0pkIvwadpLxtI9mT6CD/BR6ijr51TOr7L80ui0Rq1E6T6a6Fuxv1Y8okYwpFXizqPJka0aaYv+T+b0EXyAjzoiv7L+62LTMTmV8//mTDkTva+9gYpdQ6Ap9iLUlwrHeVSzaz6tjI+M/hbMMmX0i210EXyA9+JTMn+r13eO5fwqGJKMrFQW/V+1lGIl0BoNfxr9JwWu3KOLqWT4xqQwZfK+8TQzunP5z4PJe4QfwQd4i5Bl/Z3I56aRlWlSlWJ/Bsv2bQn/t9Fv8Tudi9ap0rE0O/R1F9drrzt10T814doRF074fy8WaEpgmUMg1BI+YwJIxAlN547h1kMgpAvY0YvMzwqaj+hMoj/6Ja1jR0MpYWs/Xtc39ikHqSKcqVynFbwTE27b233FY2mLXrU4Uq6/nL/+MS+rM7NEWgGLHX8FPH7XjddDNy6Meb1SVbix/gln+KH7Tewm65N67jVz41r6Loyf+0MEH1LizlOcZZ54d+lm6Bj/ueNUHv06c04xxIrwgQuYJu56y3eLkrWxnNeO++xCZnOXStu9VoHUzF2ztk275qmx0MkKm/keXz6fbYUgUipHdTZmKnBxakLfcZ/dwIl86fznF2dn+beD+f/bX75nEHxIiVtPge4vSolWtL44AeoqnFMKFZDZ4uaVcmk4Ue39Eb+/M7Ln7Wu/Ort2A2byL7Px4/OjAMe9Mfk8Vqc9pi7nn/N3o9f1EOrj3o3bMxcIz1Zk/hfGTq/sVvspMIcPKTmgmYLAdl1WdaggRpOkOrnZrPuoxncs3Ovk2Wvg/r4usZdxsR3o2Lctv+f2je6iUAif3Z86sd936zFO3GLJ6nXosvptY8v7fxaUIviQGncJnctVctaxq/b3WzQerNjrrMpfZc+poR//rgm3iA90xb7jgu7xUuOpqkIllbipCwAu3D0jvqLjEiAEH5IUtFkCZ6JRbQhpo8sWjIZK7EOL0VXL77mqgkKmnz79NWP2YZHt24rN1Z8gwN474sd2EHxIlaskziFUVqnjpKW0f9TgMVCX2FcdDS9bfcfJWLcLAce4n6TpLgn5Or4/+/NjFQAg+JAil5GzfK1ObqGdtJxjE8v709rE/glZ/ERZ22aIRwZSZtU43XPz97JouViXNCH4kGa2ETfLTzu7/9tWkpH9MGlMg2hQLq6n7mfVn+Y7Z9x/i0DyBwFQsvTWBMkyh98x9rHNWwQfcnI6p5EczkSxk1tdthI7fTP5Lz47WpSVYwVb1o7biL6zxfG5iP4Z9kgwu3/ZGvvB+S0JWvvP2hvvVL+H4EPK1J1xVVlejg5a5mBltfVuhg66yuovE7BjFTyV3H5/Au9vCH8yn8et+xwOXvl3GbvXbi+LwlUErhB8yCFzrVOAdxNpe+rrEHJx0FNjnyXeTsruTwvY9o3e9sQ5j6nZM+HHJnGxXTdHw6pJmay5GP/lx+zYFaH/aWzVcozgQy4CVofo76u2bU3DQUtJNvYCyNeE/tvSs8Qp2nG8OEc7/pjPrsaVtcmuExmy/vo/h0tn+8FioZ79u+dBWCX2Ztl/0loXchjgY9fzXAZwN4D45J/Zr7bbdBH9j4ZnxnbHqzbZiIUEbzfrFhQlPf7EwY6GPfO0b4D83GnxPXnrPs99ZxeZU95qvV3qs7/YXR63kyY8st311DxVXgr3vXSB9dRX8DWdI5EzNnrPAJfNPn6Yp7a5GkikfJbNinyfzMxe66Vzznsm3EY8q0T+bvE9dzvboHBiqkc27U6M3SUH+6Umm04StYtxduk4O3SXAvTvbwQCMjYeNwjWS6WgP7/PxO6FMHbB/PclW5+5++3FObEVIeSHdbRVxtrd4Oa+MbY15bTldqx2uqsyM9/sbOoc36OxjwaVDFaAdEDwoQniX4nV1xUBgIjQP3+ygbaL/PtsWmWsbwUAE5eZzRo5JQLQMP4vwACUccZIO2xLfwAAAABJRU5ErkJggg==",
            "square_logo": "iVBORw0KGgoAAAANSUhEUgAAAGwAAABsCAYAAACPZlfNAAAAAXNSR0IArs4c6QAABYtJREFUeAHtnVtsFFUYx7/d3ruWotUKVIkNaCw02YgJGBRTMd4CokUejD4QH4gxQcIDeHnBmPjkhSghUYLGe3ywPtAHNCo0QgkWwi2tXG2V1kIpLXTbLt1tS9dzlmzSJssZhv32zDk7/2km2znn7Pd9+/vt2Z2dmW0D9Obat4gCiwiLBQQSLflSViAQeN6Can1fYiJBFPQ9BcsAQBiEWUbAsnIxwyDMMgKWlYsZBmGWEbCsXMwwCLOMgGXlYoZBmGUELCsXMwzCLCNgWbmYYRBmGQHLysUMgzDLCFhWLmYYhFlGwLJyMcMgzDIClpWLGQZhlhGwrFzMMAizjIBl5WKGQZhlBCwrV1xbb96y59V1VFJQmLawQNrWa43x8XEaHo1fW+Oj1H8lSqf6eulEbw+dvNhLvcNDinvb0WWksAdm3UWhwiJ2gt2RAWo80UY7jrdSU8cZGrt6lT1HtgMaKSxbD7qqfDq99tAjyTUSG6FP9v1BH+3dTUPxeLZSssf17U5HeXEJbXr8aerY+A6tf7iOxFeu2OFmI6BvhaVgVoRCtHl5PTW8/AoV5xekmo299b2wlJn6+WFqWrOWKkpDqSYjbyFskpZFs++hL1e9NKnFvF+t3OmQOwzdkcgUmnnBABXm5Ys1j8qKisVadFPvS8tramn1goX09eEDU+KbsmGlsMbjbbT6x++UDOVORGXoFppXOYMerLqbVsyrpcWzqykYdH5R+fjZlcnd/8sjV5Q5vOh0rt6LqhhyJsQ3uC+ID8ry89aHYtf90W1bKLzlffr19EnH6HIP8oXasOM4LwbkrLB0MP+6cJ6e+eoz+vTP5nTdU9peDC+Ysm3Khq+ESehy5r3e2ECHu7uUDuqq59Id4iXVtMV3wqSACSHt3V2/KF3I97qayjuVY7zo9KUwCfq3M6coNjamZD6zrFzZ70Wnb4XFxseoK3JZyXzWtGnKfi86fStMwu6LRpXMZ5RBmBKQ7k75XqZa8gLmPZ/Nq0hFkLnvttJSZUT5Oc60xbfC5CGs6lsrlD56hgaV/V50+lbYkuo5VFygPp3SMwxhXjwp0+bcsGRp2vZU48TEBB09153aNObWlzNMHo1/6r4apYTmsx10MTqsHONFp5VH6zMBtWbhYtq6YpVjiJ/ajjmO8WKAL4QFxamWZffPT1678dicex05D4jTKj8cO+Q4zosBOSXs7bonktci5ovjgPIUye3ieo3wzKrk+TC5faPLGz83On6ovtFY3ONySth7Ty67qbPMk6Hu+edv+vzg/slNRv3uy52O6xk40HWW6r/94nrdRrTn1AzLhOju9tP03DfbKTo6mkmYrN/X98L6xQHgTb/vpG0t+5LnybJOPMMEvhXWOXCJvj9yiD7Yu4sGRkYyxKjv7r4RJi+Na+05Rwf/66SG1qO0v/NffZQZM+WUsI07d1BC/MTE144GYzHxJYcYDYq1vb/f8WQlI9OshsopYZubm7IKy4Tg2K03wYKLGiDMBSwThkKYCRZc1ABhLmCZMBTCTLDgogYIcwHLhKEQZoIFFzVAmAtYJgyFMBMsuKgBwlzAMmEohJlgwUUNEOYClglDIcwECy5qgDAXsEwYCmEmWHBRA4S5gGXCUAgzwYKLGow84yyvuyhR/GW19kt9Lh5ibg01UtjS7VtzizLjo8FLIiNMHaEgTAdlxhwQxghTRygI00GZMQeEMcLUEQrCdFBmzAFhjDB1hIIwHZQZc0AYI0wdoSBMB2XGHBDGCFNHKAjTQZkxB4QxwtQRCsJ0UGbMAWGMMHWEgjAdlBlzQBgjTB2hIEwHZcYcEMYIU0coCNNBmTEHhDHC1BEKwnRQZswBYYwwdYSCMB2UGXNAGCNMHaEgTAdlxhziUu1Ei8M/+WFMh1CZEUi0/A+j7hNSB5Wo2wAAAABJRU5ErkJggg==",
            "footer_legal_text": "©#{Date.today.year} Pivotal Software, Inc. All Rights Reserved",
            "footer_links": null
          },
          "saml": {
          }
        },
        "uaa": {
          "admin": {
            "client_secret": "example-blank-password"
          },
          "disableInternalAuth": false,
          "sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIC3zCCAcegAwIBAgIBADANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDESMBAGA1UEAwwJc29tZS1uYW1lMB4XDTEzMDcwOTIy\nMTI1MVoXDTE1MDcwOTIyMTI1MVowMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Bp\ndm90YWwxEjAQBgNVBAMMCXNvbWUtbmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBALny6vikcrf/3Do/Nq2Sh/ji8d8dhACUIOaf+ml2cWuRKuP6TcQC\nohbLBHlbm3l5QqD/lvz1EaSy168SVPIsy34sAcioYv+7oOIAHqS4gCVEb7AQrsKb\nZIFUmp7J9qCmkJtyImvViQUUJrWOSaQi3eCAh8uSHyelBNPdaHnj0k8WufKp6hzK\npAr6Xv8OgFSwjD0+XROiTyRpvsQoTm8/XtdhAFpwjTnqR9gxlXqzDqmBRzWduO/M\nyctwF9gtggUp31USmqo5fVC+nr1wh6a/JlbUETtcRhk8jR/FnAVHLSJC4+FZqhmK\nDcemvIfEJaKCNqhvytRLI01l+0p1pm8cqxUCAwEAATANBgkqhkiG9w0BAQUFAAOC\nAQEAru0hKd5gd1WDS6AUrIa8AYCWUrGHMd5P63FWB0KyUnfIDTX4tegHTF+olOxA\nkrR4IRVgFbu3u0pnURFn2N1Et4pZwvW9PEamwkIGHEpYmASOiUZqvrthx/WpUaeu\n+xQIWa1S140v4wa/27UTakAuR+GnA6StJSIRBEBa7hafqpeLGPugZVWRtY3m/OIF\nLICs2U2X8P86RMUWgdtM9//x3t6O7IJzhrSKRkZDmSWAv6EbS/aTpXOPpJFpJtT8\n0aETgAhauKhyp6CeajL3Nc3FfoIONK427VbfIGKJ1Qw7OwTA4N0VPpETiGN7KrfD\nU4mSCEKQ0cIypQAm9rkPboHfwg==\n-----END CERTIFICATE-----\n",
          "sslPrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
          "require_https": false,
          "url": "https://192.168.163.3:8443",
          "jwt": {
            "signing_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
            "verification_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
          },
          "user": {
            "authorities": [
              "openid",
              "scim.me",
              "password.write",
              "uaa.user",
              "profile",
              "roles",
              "user_attributes",
              "bosh.admin",
              "bosh.read",
              "bosh.*.admin",
              "bosh.*.read",
              "clients.admin"
            ]
          },
          "clients": {
            "bosh_cli": {
              "authorized-grant-types": "password,refresh_token",
              "override": true,
              "scope": "openid,bosh.admin,bosh.read,bosh.*.admin,bosh.*.read",
              "authorities": "uaa.none",
              "refresh-token-validity": 86400,
              "access-token-validity": 600,
              "secret": "",
              "allowedproviders": null
            },
            "ops_manager": {
              "authorized-grant-types": "client_credentials",
              "override": true,
              "scope": "",
              "authorities": "bosh.admin",
              "refresh-token-validity": 86400,
              "access-token-validity": 600,
              "secret": "example-blank-password"
            },
            "login": {
              "authorized-grant-types": "password,authorization_code",
              "autoapprove": true,
              "override": true,
              "scope": "bosh.admin,scim.write,scim.read,clients.admin",
              "authorities": "",
              "refresh-token-validity": 86400,
              "access-token-validity": 600,
              "secret": "uaa-login-client-password"
            }
          },
          "scim": {
            "users": [
              "director|example-director-password|bosh.admin",
              "admin|example-blank-password|bosh.admin,scim.write,scim.read,clients.admin"
            ]
          }
        },
        "uaadb": {
          "address": "127.0.0.1",
          "db_scheme": "postgresql",
          "port": 5432,
          "databases": [
            {
              "name": "uaa",
              "tag": "uaa"
            }
          ],
          "roles": [
            {
              "name": "postgres",
              "password": "example-postgres-password",
              "tag": "admin"
            }
          ]
        },
        "vcenter": {
          "address": "192.168.163.131",
          "user": "user",
          "password": "example-password",
          "datacenters": [
            {
              "name": "vsphere-datacenter",
              "vm_folder": "pivotal_cf_vms_test-installation-guid",
              "template_folder": "pivotal_cf_templates_test-installation-guid",
              "disk_path": "pivotal_cf_disk_test-installation-guid",
              "allow_mixed_datastores": true,
              "datastore_pattern": "^(vsphere\\-datastore)$",
              "persistent_datastore_pattern": "^(vsphere\\-datastore)$",
              "clusters": [
                {
                  "vsphere-cluster": {
                  }
                }
              ]
            }
          ]
        }
      }
    }
  ],
  "cloud_provider": {
    "template": {
      "name": "vsphere_cpi",
      "release": "bosh-vsphere-cpi"
    },
    "mbus": "https://vcap:example-agent-password@192.168.163.3:6868",
    "properties": {
      "agent": {
        "mbus": "https://vcap:example-agent-password@0.0.0.0:6868"
      },
      "blobstore": {
        "provider": "local",
        "path": "/var/vcap/micro_bosh/data/cache"
      },
      "ntp": [
        "us.pool.ntp.org"
      ],
      "vcenter": {
        "address": "192.168.163.131",
        "user": "user",
        "password": "example-password",
        "datacenters": [
          {
            "name": "vsphere-datacenter",
            "vm_folder": "pivotal_cf_vms_test-installation-guid",
            "template_folder": "pivotal_cf_templates_test-installation-guid",
            "disk_path": "pivotal_cf_disk_test-installation-guid",
            "allow_mixed_datastores": true,
            "datastore_pattern": "^(vsphere\\-datastore)$",
            "persistent_datastore_pattern": "^(vsphere\\-datastore)$",
            "clusters": [
              {
                "vsphere-cluster": {
                }
              }
            ]
          }
        ]
      },
      "env": {
      }
    }
  }
}

HTTP Request

GET /api/v0/deployed/director/manifest

Fetching a cloud config

curl "https://example.com/api/v0/deployed/cloud_config" \
    -X GET \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
  "cloud_config": {
    "azs": [
      {
        "name": "first-az",
        "cloud_properties": {
          "datacenters": [
            {
              "name": "first-az",
              "clusters": [
                { "cluster-1": { "resource_pool": "giraffe" } }
              ]
            }
          ]
        }
      }
    ],
    "networks": [
      {
        "name": "first-network",
        "type": "manual",
        "subnets": [
          {
            "dns": [ "8.8.8.8" ],
            "range": "1.1.1.0/24",
            "gateway": "1.1.1.1",
            "azs": [ "first-az" ],
            "cloud_properties": { "name": "cluster-1" },
            "reserved": [ "1.1.1.0-1.1.1.20" ],
            "static": []
          }
        ]
      }
    ],
    "vm_types": [
      {
        "name": "medium",
        "cloud_properties": {
          "ram": 4096,
          "cpu": 2,
          "disk": 8192
        }
      }
    ],
    "disk_types": [
      {
        "name": "20480",
        "disk_size": 20480,
        "cloud_properties": {
          "type": "thin"
        }
      }
    ],
    "compilation": {
      "workers": 1,
      "network": "first-network",
      "az": "first-az",
      "reuse_compilation_vms": true,
      "vm_type": "small",
      "vm_extensions": [],
      "env": {
        "bosh": {
          "password": "example-generated-password"
        }
      }
    },
    "vm_extensions": [
      {
        "name": "public_ip",
        "cloud_properties": {}
      }
    ]
  }
}

HTTP Request

GET /api/v0/deployed/cloud_config

Allows you to generate a BOSH cloud config based on the deployed state of the OpsManager.

Commit a Staged Installation

Saves installation state as though the deployment was triggered with the “Apply Changes” button, without actually deploying. This prepares the installation manifest, but does not invoke BOSH.

After commit, each product’s manifest can fetched using the /api/v0/deployed/product/[product_id]/manifest endpoint.

curl "https://example.com/api/v0/staged/installations/commit" \
    -X POST \
    -H "Authorization: Bearer UAA_ACCESS_TOKEN" \
    -H "Content-Type: application/json" \
    -d '{ "ignore_warnings": true }'
Example Response
HTTP/1.1 200 OK
{}

HTTP Request

POST /api/v0/staged/installations/commit

If you see the commit endpoint return the following error:

"This endpoint is currently disabled because one or more of the products you are trying to upgrade have credentials to migrate to credhub. See the Migrating Credentials to Credhub section of the API docs to enable this endpoint again."

this endpoint can be enabled again by following the steps described in the Migrating Credentials to Credhub section.

Query Parameters

Parameter Description
ignore_warnings When true, bypass warnings from ignorable verifiers