PCF Ops Manager v2.3 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2019.

Read more about the certified provider program and the requirements of providers.


How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v2.3.

Releases

2.3.25

Ops Manager v2.3.25 uses the following component versions:

Component Version
Ops Manager2.3-build.351*
Stemcell97.143*
BBR SDK1.7.1
BOSH Director267.15.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.15
BPM1.1.3*
Networking8
OS Conf20
AWS CPI72
Azure CPI35.5.3
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.6
BOSH CLI5.5.1
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.24

  • [Bug fix] Resolves an issue in which Ops Manager set the Director ephemeral disk size to the Operator’s selected PERSISTENT DISK size. Now Ops Manager sets the ephemeral disk size as specified in the VM TYPE field.

Ops Manager v2.3.24 uses the following component versions:

Component Version
Ops Manager2.3-build.347*
Stemcell97.135*
BBR SDK1.7.1
BOSH Director267.15.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.15
BPM0.12.3
Networking8
OS Conf20
AWS CPI72
Azure CPI35.5.3
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.6
BOSH CLI5.5.1
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.23

Ops Manager v2.3.23 uses the following component versions:

Component Version
Ops Manager2.3-build.343*
Stemcell97.134*
BBR SDK1.7.1
BOSH Director267.15.0*
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.15
BPM0.12.3
Networking8
OS Conf20
AWS CPI72
Azure CPI35.5.3
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.6
BOSH CLI5.5.1
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.22

  • [Security Fix] Fixes the UAA client.write scope vulnerability.
  • [Security Fix] This patch addresses CVE-2019-11479

Ops Manager v2.3.22 uses the following component versions:

Component Version
Ops Manager2.3-build.337*
Stemcell97.132*
BBR SDK1.7.1
BOSH Director267.14.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.15*
BPM0.12.3
Networking8
OS Conf20
AWS CPI72
Azure CPI35.5.3
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.6*
BOSH CLI5.5.1
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.21

Ops Manager v2.3.21 uses the following component versions:

Component Version
Ops Manager2.3-build.334*
Stemcell97.122*
BBR SDK1.7.1
BOSH Director267.14.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.14
BPM0.12.3
Networking8
OS Conf20
AWS CPI72
Azure CPI35.5.3
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.5
BOSH CLI5.5.1
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.20

  • [Feature] Ops Manager now passes Trusted Certificates from the Security pane to the uaa.ca_certs property of UAA to avoid failures in the pre-start script run by UAA.
  • [Bug Fix] Non-configurable collection record properties do not require configuration in the UI or API.

Ops Manager v2.3.20 uses the following component versions:

Component Version
Ops Manager2.3-build.332*
Stemcell97.108*
BBR SDK1.7.1
BOSH Director267.14.0*
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.14*
BPM0.12.3
Networking8
OS Conf20*
AWS CPI72
Azure CPI35.5.3*
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.5*
BOSH CLI5.5.1
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.19

  • [Bug Fix] Errands no longer fail when output is ASCII encoded but contains non-ASCII characters.

Ops Manager v2.3.19 uses the following component versions:

Component Version
Ops Manager2.3-build.317*
Stemcell97.106*
BBR SDK1.7.1
BOSH Director267.13.0*
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.13
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.5.2*
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.5.1*
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.18

  • [Security Fix] Bumps stemcell to 97.96 to resolve USN-3977-1.
  • [Bug Fix] Ops Manager does not allow a revert on upgrade without deploying the BOSH Director.
  • [Bug Fix] Dropdowns for certain VM types are easier to use.

Ops Manager v2.3.18 uses the following component versions:

Component Version
Ops Manager2.3-build.313*
Stemcell97.96*
BBR SDK1.7.1
BOSH Director267.12.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.13
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.5.0
Credhub CLI1.7.7
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.3.17

  • [New Feature]: You can use the API to set a custom max payload for NATS. The director_configuration object has a new key called nats_max_payload_mb that you can configure with a maximum size, such as 3 or 10. The default payload size is 1 MB. If you configure it for a larger size, you can include certificates up to the size you specify.
  • [Bug Fix]: Ops Manager now logs you out after its browser session expires.
  • [Bug Fix]: You can now log in to Ops Manager when you have set up Ops Manager with LDAP over SSL.

Ops Manager v2.3.17 uses the following component versions:

Component Version
Ops Manager2.3-build.305*
Stemcell97.82
BBR SDK1.7.1
BOSH Director267.12.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12
Syslog11.4.0
UAA60.13
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.5.0
Credhub CLI1.7.7
BBR CLI1.5.1*
* Components marked with an asterisk have been updated.

2.3.16

  • [Bug Fix]: Apply Changes no longer fails if copying credentials to CredHub takes longer than ten minutes.
  • [Bug Fix]: Exporting installation settings no longer causes the BOSH Director to incorrectly show that it has staged changes.
  • [Bug Fix]: Harbor now installs successfully on deployments that already have PKS installed. For more information about Harbor, see VMware Harbor Registry.
  • [Bug Fix]: Operators can no longer change persistent disk size to custom values.
  • [Bug Fix]: UAA session timeouts obey the access or refresh token lifetime.

Ops Manager v2.3.16 uses the following component versions:

Component Version
Ops Manager2.3-build.300*
Stemcell97.82*
BBR SDK1.7.1
BOSH Director267.12.0*
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.12*
Syslog11.4.0
UAA60.13
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.5.0*
Credhub CLI1.7.7
BBR CLI1.5.0
* Components marked with an asterisk have been updated.

2.3.15

  • [Bug Fix]: You can now configure Azure deployments to use Availability Zones after upgrading from an earlier version.

Ops Manager v2.3.15 uses the following component versions:

Component Version
Ops Manager2.3-build.287*
Stemcell97.71*
BBR SDK1.7.1
BOSH Director267.11.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.11*
Syslog11.4.0
UAA60.13
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.4.0
Credhub CLI1.7.7
BBR CLI1.5.0*
* Components marked with an asterisk have been updated.

2.3.14

  • [Security Fix]: This patch addresses CVE-2019-5418, a Rails file content disclosure vulnerability.
  • [Security Fix]: This patch addresses CVE-2019-5419, a Rails vulnerability that could lead to denial of service (DoS) attacks.
  • [Bug Fix]: When a redeploy is triggered by Apply Changes and that redeploy lasts multiple days, logs are generated for that entire time.

Ops Manager v2.3.14 uses the following component versions:

Component Version
Ops Manager2.3-build.281*
Stemcell97.66*
BBR SDK1.7.1
BOSH Director267.11.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.9
Syslog11.4.0
UAA60.13*
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.4.0
Credhub CLI1.7.7
BBR CLI1.4.0
* Components marked with an asterisk have been updated.

2.3.13

  • [Security Fix]: Ops Manager operators cannot set secrets that do not match the constraints defined by the must_match_regex parameter.
  • [UI Improvement]: The banner notifying you that certificates in your deployment will expire in the next three months is edited for improved clarity and usefulness.

Ops Manager v2.3.13 uses the following component versions:

Component Version
Ops Manager2.3-build.274*
Stemcell97.65
BBR SDK1.7.1
BOSH Director267.11.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.9
Syslog11.4.0
UAA60.12*
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.4.0
Credhub CLI1.7.7
BBR CLI1.4.0
* Components marked with an asterisk have been updated.

2.3.12

  • [Bug Fix]: The BOSH agent is deleted after initial install. This prevents the BOSH agent from running after the first time Ops Manager builds.

Ops Manager v2.3.12 uses the following component versions:

Component Version
Ops Manager2.3-build.268*
Stemcell97.65*
BBR SDK1.7.1
BOSH Director267.11.0*
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.9
Syslog11.4.0
UAA60.9
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.4.0
Credhub CLI1.7.7
BBR CLI1.4.0
* Components marked with an asterisk are updated.

2.3.11

  • [Security Fix]: Update bootstrap from 3.4.0 to 3.4.1.

Ops Manager v2.3.11 uses the following component versions:

Component Version
Ops Manager2.3-build.258*
Stemcell97.57*
BBR SDK1.7.1
BOSH Director267.10.0
BOSH DNS1.10.0
Metrics Server0.0.22
CredHub1.9.9
Syslog11.4.0
UAA60.9
BPM0.12.3
Networking8
OS Conf20.0.0
AWS CPI72
Azure CPI35.4.0
Google CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
BOSH CLI5.4.0
Credhub CLI1.7.7
BBR CLI1.4.0*
* Components marked with an asterisk are updated.

2.3.10

  • [Security Fix]: A potential XXS vulnerability in the resource_config API endpoint is mitigated.
  • [New Feature]: You can now change a selected option of a selector via the API using the human-readable name of the option. Send a PUT to /api/v0/staged/products/:guid/properties with a selected_option key. The PUT API endpoint can also parse both value, for the human-readable value, and option_value, for the machine-readable value.
  • [New Feature]: Operators can now rotate the NATS Certificate Authority (CA).
  • [Bug Fix]: Reverts the Azure CPI to 35.4 to resolve a customer issue.
  • [Bug Fix]: When an Azure-based Ops Manager Director is configured with invalid Azure account credentials (such as a subscription ID, tenant, or other credentials) and you try to create a network, you now see an error message, rather than a 500 error.

Ops Manager v2.3.10 uses the following component versions:

Component Version
Ops Manager2.3-build.250*
Stemcell97.53 (Xenial)*
BBR SDK1.7
BOSH Director267.10
BOSH DNS1.10
Metrics Server0.0.22
CredHub1.9.9*
Syslog11.4
UAA60.9
AWS CPI72
Azure CPI35.4*
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
* Components marked with an asterisk are updated.

2.3.9

  • [New Feature]: You can now use the BOSH Backup and Restore (BBR) CLI from the Ops Manager VM. This means you no longer have to download or upgrade BBR when you upgrade the Ops Manager VM.
  • [Bug Fix]: Ops Manager now uses GCP images that are located in the United States. This should prevent image object generation problems sometimes seen in images based in Europe and Asia.
  • [Bug Fix]: Ops Manager now reloads NGINX when the configuration is updated. Previously, Ops Manager would restart NGINX, which could cause temporary downtime. NGINX now serves traffic consistently when it is updating.

Ops Manager v2.3.9 uses the following component versions:

Component Version
Ops Manager2.3-build.244*
Stemcell97.52 (Xenial)*
BBR SDK1.7
BOSH Director267.10*
BOSH DNS1.10
Metrics Server0.0.22*
CredHub1.9.9*
Syslog11.4*
UAA60.9*
AWS CPI72
Azure CPI35.5
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4
* Components marked with an asterisk are updated.

2.3.8

  • [Bug Fix]: You can now change the Ops Manager decryption passphrase consistently.
  • [Bug Fix]: You can no longer export via the API without deploying anything.
  • [UI Improvement]: In the Ops Manager API, some malformed properties now return more reader-friendly error messages.

Ops Manager v2.3.8 uses the following component versions:

Component Version
Ops Manager2.3-build.237*
Stemcell97.49 (Xenial)*
BBR SDK1.7
BOSH Director267.8
BOSH DNS1.10
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.9*
AWS CPI72
Azure CPI35.5*
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4*
* Components marked with an asterisk are updated.

2.3.7

  • [Security Fix]: GETs to any Ops Manager or UAA API endpoint no longer return any information about the web server, including version numbers.
  • [New Feature]: Ops Manager operators with sufficient permissions to see credentials can send a GET to director/properties, director/iaas_configurations/guid, director/iaas_configurations, or products/guid/properties with the redact=false parameter to see an API response that includes credentials.
  • [New Feature]: You can use a checkbox on the Director Settings page to opt-in to running the drain lifecycle when deploying the BOSH Director. Alternatively, in the API, send a GET to /api/v0/staged/director/properties to see a new property under director_configuration called skip_director_drain to see the status of this checkbox.
  • [Feature Improvement]: More detailed selector properties are now available from the API through a new field called selected_value. This field returns the selected machine-readable option name.
  • [Bug Fix]: The PUT /api/v0/settings/ssl_certificate API docs are now correct.

Ops Manager v2.3.7 uses the following component versions:

Component Version
Ops Manager2.3-build.224*
Stemcell97.42 (Xenial)*
BBR SDK1.7
BOSH Director267.8
BOSH DNS1.10
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.8
AWS CPI72
Azure CPI35.5*
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.4*
* Components marked with an asterisk are updated.

2.3.6

  • [Security Fix]: Bumps stemcell to 97.34 to resolve USN-3820-2.
  • [Security Fix]: Bumps active-job to 5.0.4 to resolve CVE-2018-16476.
  • [Security Fix]: Bumps Loofah to 2.2.3 to address a CVE.
  • [Security Fix]: Bumps Rack to 2.0.6 to address a CVE.
  • [New Feature]: A Pivotal-specific GUID appears in the global CPI options for Azure deployments. View this key/value pair in the CPI configururation of the BOSH Director manifest.
  • [New Feature]: Ops Manager operators with sufficient permissions to see credentials can send a GET to director/properties, director/iaas_configurations/guid, director/iaas_configurations, or products/guid/properties with the redact=false parameter to see an API response that includes credentials.
  • [New Feature]: GET /api/v0/pivotal_network/stemcell_updates works on both Windows and Xenial stemcells.
  • [New Feature]: You can download the product manifest for your last successful deployment.
  • [Bug Fix]: The API docs show instance_groups in some locations where they previously referenced jobs.
  • [Bug Fix]: Internal IDP metadata no longer changes when authentication protocols switch between internal authentication and SAML. Specifically, the ds:DigestValue and ds:SignatureValue values no longer change.
  • [Bug Fix]: The SAML certificate regenerates when authentication method changes from SAML to internal, rather than when SAML is enabled. This facilitates a greater number of authentication method workflows, including those which change Ops Manager metadata.
  • [Bug Fix]: Ops Manager captures changes to the database, including reversions to old passwords, more completely.
  • [Bug Fix]: Corrects the link to Pivotal Network from the API docs.
  • [Feature Improvement]: When a user who has not logged into Ops Manager is prompted to log in to view a page, logging in returns them to the page they tried to access, rather than the Installation Dashboard.
  • [Feature Improvement]: Adds API docs for GET and PUT to the ssh_banner_contents endpoint.

Ops Manager v2.3.6 uses the following component versions:

Component Version
Ops Manager2.3-build.212*
Stemcell97.34 (Xenial)*
BBR SDK1.7
BOSH Director267.8
BOSH DNS1.10
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.8
AWS CPI72
Azure CPI35.4
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50.0.3*
* Components marked with an asterisk are updated.

2.3.5

  • [Security Fix]: Bumps Nokogiri to 1.8.5 to address CVE-2018-14404.
  • [Security Fix]: Bumps UAA to address CVE-2018-15761.
  • [Bug Fix]: Now Application Load Balancers (ALBs) also apply to the Director VM for AWS deployments.

Ops Manager v2.3.5 uses the following component versions:

Component Version
Ops Manager2.3-build.194*
Stemcell97.28 (Xenial)
BBR SDK1.7
BOSH Director267.8
BOSH DNS1.10
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.8*
AWS CPI72
Azure CPI35.4
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50
* Components marked with an asterisk are updated.

2.3.4

  • [Bug Fix]: Bumps stemcell to resolve a Known Issue. You can now upload large files without Ops Manager timing out.

Ops Manager v2.3.4 uses the following component versions:

Component Version
Ops Manager2.3-build.188*
Stemcell97.28 (Xenial)*
BBR SDK1.7
BOSH Director267.8
BOSH DNS1.10
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.2
AWS CPI72
Azure CPI35.4
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50
* Components marked with an asterisk are updated.

2.3.3

  • [Security Fix]: Bumps stemcell to 97.22 for periodic lower-severity security updates.
  • [New Feature]: Operators can tune the swap size as a percent of total memory size per instance group.
  • [Bug Fix]: Operators can change the Director Hostname without losing connection between BOSH Director and VMs.
  • [Bug Fix]: Stemcells no longer accidentally downgrade in rare cases when upgrading to a new OpsManager. This happened previously when a product had a newer stemcell patch than Ops Manager included during the upgrade.
  • [Bug Fix]: Operators can work around an expired SAML service provider cert by disabling and enabling SAML.
  • [Feature Improvement]: The expiring certificates endpoint (/api/v0/deployed/certificates) now includes information about the SAML service provider cert.
  • [Feature Improvement]: Importing products that use the future Unified Syslog feature warns operators that product syslog features will not be active in this version of Ops Manager.
  • [Bug Fix]: Dynamic JS pages now show the message from server-side errors instead of alert boxes with JavaScript errors (such as [Object object] or t.filter()).

Ops Manager v2.3.3 uses the following component versions:

Component Version
Ops Manager2.3-build.184*
Stemcell97.22 (Xenial)*
BBR SDK1.7
BOSH Director267.8*
BOSH DNS1.10
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.2
AWS CPI72
Azure CPI35.4
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50
* Components marked with an asterisk are updated.

2.3.2

  • [Security Fix]: Bumps stemcell to 97.19 to address USN-3777-2.
  • [New Feature]: You can now configure custom DNS handlers via the Ops Manager API.
  • [New Feature]: You can now configure recursor timeouts via the Ops Manager API.

Ops Manager v2.3.2 uses the following component versions:

Component Version
Ops Manager2.3-build.170*
Stemcell97.19 (Xenial)*
BBR SDK1.7
BOSH Director267.7
BOSH DNS1.10
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.2
AWS CPI72
Azure CPI35.4
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50
* Components marked with an asterisk are updated.

2.3.1

  • [Bug Fix]: You are now only prompted to unlock Ops Manager once when enabling Rescue Mode.
  • [Bug Fix]: Ops Manager sets the storage account type and Director ephemeral disk correctly for Azure deployments.
  • [Feature Improvement]: You can now deselect all tiles at once.

Ops Manager v2.3.1 uses the following component versions:

Component Version
Ops Manager2.3-build.167*
Stemcell97.18 (Xenial)
BBR SDK1.7
BOSH Director267.7*
BOSH DNS1.10*
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.2
AWS CPI72
Azure CPI35.4*
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50
* Components marked with an asterisk are updated.

2.3.0

Ops Manager v2.3.0 uses the following component versions:

Component Version
Ops Manager2.3-build.146
Stemcell97.15 (Xenial)
BBR SDK1.7
BOSH Director267.6
BOSH DNS1.9
Metrics Server0.0.21
CredHub1.9.5
Syslog11.3
UAA60.2
AWS CPI72
Azure CPI35.2
GCP CPI27.0.1
OpenStack CPI39
vSphere CPI50

New Features in Ops Manager v2.3

Ops Manager v2.3 includes the following major features:

Ops Manager and BOSH Director Upgraded to Ubuntu 16.04 (Xenial Xerus)

Ops Manager v2.3 uses a Xenial stemcell based on Ubuntu 16.04 (Xenial Xerus).

The previously supported Trusty stemcells were based on Ubuntu 14.04 (Trusty Tahr). This distribution will reach end of general support (EOGS) in April 2019 and will no longer receive security updates.

Using Xenial stemcells in v2.3 ensures that Ops Manager users continue to have access to secure stemcells based on a Ubuntu distribution maintained by Canonical.

For more information on the impact of using Xenial stemcells in PCF, see Updates for Xenial Stemcell Support.

TLS for Internal Blobstore Enabled by Default

Ops Manager now enables TLS communications for the internal blobstore by default.

If you want to disable TLS for your internal blobstore, disable Enable TLS in the Director Config pane of the BOSH Director tile.

Multiple Data Centers on OpenStack

Ops Manager now allows you to configure multiple OpenStack data centers to a single BOSH Director.

You can add additional OpenStack configs in the OpenStack Config pane of your BOSH Director tile. For more information about how to add, edit, and delete OpenStack configs, see Managing Multiple Data Centers.

BOSH DNS is Required

BOSH DNS is enabled by default in PCF v2.3.

The option to disable BOSH DNS is no longer available in the Ops Manager UI or API.

WARNING: Upgrades to PCF v2.3 will fail if BOSH DNS is disabled. Enable BOSH DNS before upgrading to PCF v2.3.

BOSH DNS Certificate Authority Upgrades

BOSH DNS comes with CAs that are valid for four years. These CAs will apply automatically when you upgrade to v2.3.

To apply the CAs completely, you must upgrade to PCF v2.3 and then rotate all certificates in your installation.

Note: The following procedure instructs you to Apply Changes after upgrading to v2.3. It is not mandatory that you perform this procedure immediately after upgrade. However, you will not be able to regenerate certificates until the first time you Apply Changes successfully after upgrading to v2.3.

Follow the procedure below to rotate your certificates:

  1. Upgrade Ops Manager to v2.3.

  2. Click Apply Changes to distribute new CA to all VMs. Do not use Review Pending Changes to update your installation incrementally. Upgrade all tiles simultaneously.

  3. Use the Ops Manager API to POST /api/v0/certificate_authorities/active/regenerate.

  4. Apply Changes for all tiles simultaneously to rotate the certificates.

Disable Verifiers By Type with the Ops Manager API

You can disable verifiers by type with the Ops Manager API. Ops Manager provides this option for troubleshooting purposes. For example, your deployment may have a unique configuration that the verifier cannot detect. In this case, you can unblock your deployment by disabling the verifier.

For more information, see Managing Ops Manager Verifiers.

Note: This is an advanced feature. Pivotal recommends contacting support before you disable Ops Manager verifiers.

Ops Manager Supports LDAP Authentication

Ops Manager supports Lightweight Directory Access Protocal (LDAP) for authentication, in addition to Security Assertion Markup Language (SAML).

For new Ops Manager installations, operators can configure LDAP authentication from the Welcome to Ops Manager page. See the LDAP Server section of the BOSH Director configuration topic for your IaaS for more information.

For existing Ops Manager installations, operators can configure LDAP authentication through the Ops Manager Settings page. For more information, see the Settings Page section of the Understanding the Ops Manager Interface topic.

Ops Manager on vSphere Supports SSH Key Authentication

You can now use an SSH key in addition to or instead of an admin password to boot Ops Manager on vSphere. Set the SSH key during vSphere environment configuration, in the same panel where you can set an admin password and custom hostname.

After uploading an OVF template to vSphere, set an admin password or SSH key in the Customize template section of the Deploy OVF Template panel. For more information, see Deploying BOSH and Ops Manager to vSphere.

Virtual Machines Running on OpenStack Can Boot From Cinder Volumes

If you use OpenStack, you can now boot VMs from a Cinder volume. Cinder is an open source block storage solution for OpenStack users. For more information, see Configuring BOSH Director on OpenStack.

Recreate All Persistent Disks

In the Director Config pane of the BOSH Director tile, you can Recreate All Persistent Disks. Enabling the checkbox forces BOSH to migrate and recreate all persistent disks without losing persistent disk data.

UI Improvements to Review Pending Changes

The Review Pending Changes page in the Ops Manager installation dashboard features UI improvements.

See the following changes:

  • You now cannot enable orange tiles for selective deployment. In Ops Manager v2.2, you can enable orange tiles but you cannot click Apply Changes.
  • When you enable a tile for selective deployment, its dependencies are also enabled. In Ops Manager v2.2, you must enable your tile dependencies manually.
  • When an update fails, a list of pending changes that did not complete appears on the Review Pending Changes page.
  • When you attempt to change a tile with an out-of-date stemcell, a message appears notifying you that the stemcell is out of date. Click this message to access the Stemcell Library.
  • When a tile is staged to be deleted, indicator text appears on that tile.
  • Apply Changes displays as Review Pending Changes when there are pending changes staged.
  • Stemcell changes appear in the Changes field for each tile.
  • When Review Pending Changes returns an error, the error message includes the name of the affected tiles.
  • The Beta label no longer appears on the Review Pending Changes page.
  • The Review Pending Changes page has minor UI improvements throughout.

For more information about the page UI, see Review Pending Changes Page.

API Improvements to Review Pending Changes

  • You can use GET /api/v0/staged/pending_changes to see stemcell changes in the Ops Manager API.
  • When the API returns an error, the error message includes the name of the affected products.
  • When an update fails, you can use GET /api/v0/staged/pending_changes to see a list of pending changes that did not complete.

For more information about the Review Pending Changes API endpoints, see the Ops Manager API documentation.

Advanced Features for Ops Manager Guide

A new guide in the Ops Manager documentation explains the behavior of some advanced features for Ops Manager. These features are for experienced operators only.

For more information, see Advanced Features for Ops Manager.

WARNING: Ops Manager Advanced Features are for skilled operators only. Pivotal recommends contacting Support before attempting to use these features.

Known Issues

Intermittent Tile Upload Failure

Note: This issue appears in Ops Manager v2.3.2 and v2.3.3. It is resolved in Ops Manager 2.3.4.

In some versions of Ops Manager v2.3, large tiles may fail to upload successfully. If you attempted to upload a large file via the om CLI, your upload may have failed due to Ops Manager’s built-in timeout feature.

This issue occurs due to a kernel regression introduced in Ops Manager v2.3.2 and will be remediated in a subsequent release.

PKS Compatibility with v2.3.0

If you have a PCF deployment with Ops Manager v2.2.x and PKS 1.2.x or earlier installed, you must upgrade to Ops Manager v2.3.1 or later. There is no compatible PKS version for Ops Manager v2.3.0. Also, ensure that you upgrade to PKS v1.2 before upgrading Ops Manager. For Ops Manager 2.2, PKS v1.2 is compatible with Ops Manager v2.2.2 and later.