Ops Manager Fields That Lock On Deploy

This topic describes how locked fields work in Ops Manager, and lists the unlockable and permanently-locked fields in installation tiles.

Overview

Some fields in Ops Manager lock during deployment. After deployment, a locked field is no longer configurable via the Ops Manager UI or API endpoints. Product tile authors configure fields as locked to prevent irrevocable VM malfunction, deployment corruption, and data loss. Most users will not need to edit locked fields after initial deployment.

Because deployment requirements may evolve in unanticipated ways over time, some locked fields are unlockable, which means that an advanced PCF operator can unlock them to allow reconfiguration. Other fields are permanently locked, and their values cannot be changed. Unlocking the unlockable fields requires you to use Ops Manager’s Advanced Mode. For more information about Advanced Mode, see Unlockable Fields.

In summary, there are three types of configurable fields in Ops Manager:

  • Standard fields, which can be reconfigured after deployment as many times as you need.
  • Unlockable fields, which lock on deployment but can be unlocked and configured with Advanced Mode.
  • Permanently-locked fields, which lock on deployment and cannot be unlocked.

WARNING: Pivotal recommends that only skilled operators use Ops Manager’s Advanced Mode. If you use Advanced Mode incorrectly, you could disable or destroy your deployment.

Unlockable Fields

This section describes the fields that lock during deployment and can be unlocked and configured after deployment. To unlock these fields, you must use Ops Manager’s Advanced Mode.

After you have enabled Advanced Mode, you can use the API or Ops Manager UI to reconfigure some fields that were locked previously. Those fields are listed in the following section.

WARNING: Pivotal recommends that only skilled operators use Ops Manager’s Advanced Mode. If you use Advanced Mode incorrectly, you could disable or destroy your deployment.

Unlockable Fields in the Director Tile

In the Director Config pane, you can unlock the following fields after deployment:

In the CredHub Encryption Provider fields, when you are using a Luna HSM, you can unlock the following fields after deployment:

  • Encryption Key Name
  • Provider Partition
  • HSM Host Address
  • HSM Port Address
  • Partition Serial Number

In the Assign AZs and Networks pane, you can unlock the following fields after deployment:

  • The Singleton Availability Zone dropdown

Unlockable Fields in Product Tiles

Product tiles also have unlockable fields.

In the Assign AZs and Networks pane, you can unlock the following fields after deployment:

  • Place singleton jobs in
  • Balance other jobs

Permanently-Locked Fields

This section describes the fields that lock during deployment and cannot be unlocked. These fields cannot be configured after deployment, either via the Ops Manager UI or via API endpoints.

Permanently-Locked Fields in the Director tile

In the Director Config pane, the following fields lock permanently after deployment:

In the Blobstore Location section:

  • Enable TLS in the Internal section
  • S3 Endpoint in the S3 Compatible Blobstore section
  • Bucket Name in the S3 Compatible Blobstore section
  • V2 Signature in the S3 Compatible Blobstore section
  • V4 Signature in the S3 Compatible Blobstore section
    • Region in the S3 Compatible Blobstore > V4 Signature section

Note: Changes to the Internal or S3 Compatible Blobstore radio buttons in the Blobstore Location section will not affect a deployed Ops Manager.

In the Database Location section:

  • Host in the External MySQL Database section
  • Port in the External MySQL Database section
  • Username in the External MySQL Database section
  • Password in the External MySQL Database section
  • Database in the External MySQL Database section

Note: Changes to the Internal or External MySQL Database radio buttons in the Database Location section will not affect a deployed Ops Manager.

In the Create Availability Zone pane, the following fields lock permanently after deployment:

  • You cannot delete an in-use Availability Zone (AZ)

In the Assign AZs and Networks pane, all fields lock permanently after deployment.

Configurable Fields in Product Tiles

No fields other than the ones listed above lock in third-party product tiles. However, tile authors can specify which additional fields should lock on deploy by passing the freeze-on-deploy flag.

For more information about this flag, see Common Property Blueprint Attributes.

Create a pull request or raise an issue on the source for this page in GitHub