PCF Ops Manager v2.6 Release Notes

Pivotal Cloud Foundry is certified by the Cloud Foundry Foundation for 2019.

Read more about the certified provider program and the requirements of providers.


How to Upgrade

The Upgrading Pivotal Cloud Foundry topic contains instructions for upgrading to Pivotal Cloud Foundry (PCF) Ops Manager v2.6.

Releases

Ops Manager v2.6 includes the following minor releases:

2.6.9

  • [Feature] Operator can make changes to UAA group mappings using a BOSH admin client when Ops Manager is configured with LDAP
  • [Feature] LDAP configuration includes a Group Max Search Depth field
  • [Bug Fix] Footer on React pages includes the correct copyright date
  • [Bug Fix] Redirect to the changelog page when an installation fails
  • [Bug Fix] Credentials are not shown in UI or API for restricted users

Ops Manager v2.6.9 uses the following component versions:

Component Version
Ops Manager2.6.9-build.201*
Stemcell315.89*
BBR SDK1.17.1*
BOSH Director269.0.6*
BOSH DNS1.12.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.3*
BPM1.1.3
Networking9
OS Conf20
AWS CPI77
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.5
BOSH CLI5.5.1
Credhub CLI2.5.3*
BBR CLI1.5.2*
* Components marked with an asterisk have been updated.

2.6.8

  • [Bug fix] Custom UI banners now show on React pages such as Stemcell Library and Review Pending Changes

Ops Manager v2.6.8 uses the following component versions:

Component Version
Ops Manager2.6.8-build.192*
Stemcell315.81*
BBR SDK1.17.0
BOSH Director269.0.5
BOSH DNS1.12.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.2
BPM1.1.3*
Networking9
OS Conf20
AWS CPI77
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.5
BOSH CLI5.5.1
Credhub CLI2.5.2
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.7

  • [Feature] /api/v0/deployed/certificates?expires_within= does not display saml_service_provider_cert if Ops Manager is not using SAML.
  • [Feature] Operators can set recursor_selection in the DNS runtime config through the OpsManager API
  • [Feature] The OpsManager web server (nginx) does not allow TLSv1 and TLSv1.1
  • [Feature] Enhance blobstore verifier error messaging
  • [Feature] Enforce required value for public SSH key in when installing Ops Manager on vSphere
  • [Feature] Enable audit checks on BOSH CLI commands. Events now appear in the Director syslog.
  • [Bug fix] Update BBR to 1.x to fix postgres db backup
  • [Bug fix] Resolves an issue in which Ops Manager set the Director ephemeral disk size to the Operator’s selected PERSISTENT DISK size. Now Ops Manager sets the ephemeral disk size as specified in the VM TYPE field.
  • [Bug fix] Azure SSH private key is redacted in the UI
  • [Bug Fix] Syslog addon correctly injected into manifest for service brokers that enable OpsManager’s consistent syslog

Ops Manager v2.6.7 uses the following component versions:

Component Version
Ops Manager2.6.7-build.187*
Stemcell315.72
BBR SDK1.17.0*
BOSH Director269.0.5
BOSH DNS1.12.0*
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.2
BPM1.1.2*
Networking9
OS Conf20
AWS CPI77*
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.5
BOSH CLI5.5.1
Credhub CLI2.5.2
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.6

Ops Manager v2.6.6 uses the following component versions:

Component Version
Ops Manager2.6.6-build.179*
Stemcell315.72*
BBR SDK1.15.1
BOSH Director269.0.5*
BOSH DNS1.11.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.2
BPM1.0.4
Networking9
OS Conf20
AWS CPI75
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.5*
BOSH CLI5.5.1
Credhub CLI2.5.2
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.5

  • [Bug Fix] Ops Manager UI and API accurately reports if an Azure region supports AZs. The verifier fails if the region does not support AZs.

Ops Manager v2.6.5 uses the following component versions:

Component Version
Ops Manager2.6.5-build.173*
Stemcell315.70*
BBR SDK1.15.1
BOSH Director269.0.3
BOSH DNS1.11.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.2
BPM1.0.4
Networking9
OS Conf20
AWS CPI75
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.3
BOSH CLI5.5.1
Credhub CLI2.5.2
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.4

  • [Security Fix] Fixes the UAA client.write scope vulnerability.

Ops Manager v2.6.4 uses the following component versions:

Component Version
Ops Manager2.6.4-build.166*
Stemcell315.64
BBR SDK1.15.1
BOSH Director269.0.3
BOSH DNS1.11.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.2*
BPM1.0.4
Networking9
OS Conf20
AWS CPI75
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.3*
BOSH CLI5.5.1
Credhub CLI2.5.2
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.3

  • [Bug Fix] Ops Manager allows the PKS v1.5 tile to upload

Ops Manager v2.6.3 uses the following component versions:

Component Version
Ops Manager2.6.3-build.163*
Stemcell315.64*
BBR SDK1.15.1
BOSH Director269.0.3
BOSH DNS1.11.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.0
BPM1.0.4
Networking9
OS Conf20
AWS CPI75
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.2
BOSH CLI5.5.1
Credhub CLI2.5.2*
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.2

Ops Manager v2.6.2 uses the following component versions:

Component Version
Ops Manager2.6.2-build.159*
Stemcell315.60*
BBR SDK1.15.1
BOSH Director269.0.3
BOSH DNS1.11.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.0
BPM1.0.4
Networking9
OS Conf20
AWS CPI75
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.2
BOSH CLI5.5.1
Credhub CLI2.5.1
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.1

  • [Security Fix] This patch addresses CVE-2019-11477 and CVE-2019-11478
  • [Feature] Ops Manager now passes Trusted Certificates from the Security pane to the uaa.ca_certs property of UAA to avoid failures in the pre-start script run by UAA.
  • [Bug Fix] Non-configurable collection record properties do not require configuration in the UI or API
  • [Bug Fix] ops-manifest does not break if a RSA certificate is passed as a property value
  • [Bug Fix] vSphere verifier does not fail if all the fields are blank

Ops Manager v2.6.1 uses the following component versions:

Component Version
Ops Manager2.6.1-build.156*
Stemcell315.45*
BBR SDK1.15.1
BOSH Director269.0.3*
BOSH DNS1.11.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.0
BPM1.0.4
Networking9
OS Conf20*
AWS CPI75
Azure CPI36.0.1*
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.2*
BOSH CLI5.5.1
Credhub CLI2.5.1*
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

2.6.0

Ops Manager v2.6.0 uses the following component versions:

Component Version
Ops Manager2.6.0-build.138*
Stemcell315.34*
BBR SDK1.15.1
BOSH Director269.0.2*
BOSH DNS1.11.0
Metrics Server0.0.22
CredHub2.4.0
Syslog11.4.0
Windows Syslog1.0.3
UAA71.0
BPM1.0.4
Networking9
OS Conf20.0.0
AWS CPI75
Azure CPI36.0.0*
Google CPI29.0.1
OpenStack CPI42
vSphere CPI52.1.1
BOSH CLI5.5.1*
Credhub CLI2.4.0
BBR CLI1.5.1
* Components marked with an asterisk have been updated.

New Features in Ops Manager v2.6

Ops Manager v2.6 includes the following major features:

Ops Manager Supports Multiple Stemcells for Products

Breaking Changes: There are breaking changes for API users related to this feature. For more information, see PCF Ops Manager in PCF v2.6 Breaking Changes.

Ops Manager supports products that require multiple stemcells. This means it is no longer necessary to deploy separate tiles for products that require different stemcells.

The following features and API endpoints enable support for products with multiple stemcells:

  • The Review Pending Changes page includes the OS and version number of all stemcells associated with each product. The Review Pending Changes page also displays a message that indicates when a new stemcell is added to a product.

  • The Stemcell Library includes a dropdown for each additional required stemcell. You can use this dropdown to add multiple stemcells to each product. The Stemcell Library also displays the OS and version number of the stemcells associated with each deployed and staged product.

  • You can assign one or more stemcells to a product with the multi-stemcell API, PATCH /api/v0/stemcells_associations. GET /api/v0/stemcells_associations returns information on all stemcells assigned to products in your deployment.

  • The added_products property of the /api/v0/diagnostic_report endpoint returns the filename, OS, and version number of all stemcells associated with each product in your deployment.

  • For products with multiple stemcells, you can view available stemcell updates using the Pivotal Network integration sidebar or the pivotal_network/stemcell_updates API endpoint.

For more information about the API endpoints that enable support for products with multiple stemcells, see the Ops Manager API documentation.

For more information about using multiple stemcells as a tile developer, see Support for Multiple Stemcells in the PCF v2.6 Partners Release Notes.

vSphere Operators Can Use Whitespace in Folder Names

vSphere’s vCenter allows you to designate folder names with multiple words separated by spaces. That ability is reflected in Ops Manager. You can specify folder names in vCenter using spaces between words and Ops Manager will accept them as valid.

For an example of folder names with spaces, see Using the Cisco Nexus 1000v Switch with Ops Manager.

Tile Developers Can Implement a Form Verifier to Confirm vSphere Properties

An operator configuring a product tile on a vSphere deployment must configure vSphere properties. Incorrect configuration can cause deployment failures, and can be difficult to troubleshoot effectively. An optional form verifier is available that notifies tile operators when they have configured vSphere properties incorrectly.

For more information about this form verifier, see the install_time_verifiers section in Property and Template References in the tile developer documentation.

Added Strategies for Backing Up BOSH Blobstore to S3

The BOSH Director tile > Director Config pane supports multiple strategies for backing up the BOSH Director blobstore to external S3 buckets:

  • S3 with versioning: Back up to prior version of blobstore bucket.
  • S3 without versioning: Back up to S3 bucket dedicated to blobstore backup.

See the Director Config Page section of the Configuring BOSH Director topic for your IaaS, which you can navigate to from the IaaS-Specific Deployment Guidelines section of the Deploying BOSH and Ops Manager topic.

API Endpoint Returns Deployment Configuration Details

The /api/v0/staged/products/:product_guid/pre_deploy_check Ops Manager API endpoint now validates for missing configurations. The endpoint performs a dry run of Apply Changes verifiers and reports any failures that might occur when triggering Apply Changes. This endpoint allows operators to discover which configurations need attention without having to manually search the Ops Manager UI or wait for Apply Changes to fail.

For example, you can check whether a product has not been assigned a stemcell, network, or availability zone. You can also check exactly which properties are invalid and which install_time verifiers might fail.

For more information, see Running a pre-deploy check for the staged BOSH Director in the Ops Manager API documentation.

Operators Can Specify a Monitor Port When Defining an NSX Load Balancer

The Ops Manager API allows you to specify a monitor port when defining an NSX load balancer with the monitor_port parameter. This means the monitor port value does not default to the same value as the traffic port.

For more information, see Configuring resources for a job (Experimental) in the Ops Manager API documentation.

Operators Not Required to Specify a Port for NSX Load Balancers

The Ops Manager API no longer requires you to specify a port for NSX load balancers. When a port is not specified, the TCP router relies on a default port that is specified by other components in the system.

This feature helps to support NSX load balancer compatibility with Gorouter, which requires a monitor port of 8080 and a traffic port of 80.

For more information, see Configuring resources for a job (Experimental) in the Ops Manager API documentation.

Fresh Installations of Ops Manager Create New Default Certificate Authority in CredHub

When installing Ops Manager v2.6, Ops Manager creates a new default certificate authority (CA) in the BOSH Director CredHub under /services/tls_ca. This CA can generate TLS certificates.

When upgrading to Ops Manager v2.6 from Ops Manager v2.5, any CA that already exists does not get overwritten.

For more information about certificates and certificate authorities, see Certificates and TLS in PCF.

Improved Change Log Page

The Ops Manager Change Log page has an improved UI, with deployment status and build times listed individually for each product, as well as for the deployment as a whole.

For more information, see the Change Log Page section in the Using the Ops Manager Interface topic.

Product Deployment Times from API and Change Log Page

Ops Manager publishes deployment times for individual products and whole deployments.

The Ops Manager API returns started_at and finished_at timestamps from its /api/v0/installations endpoint.

The Ops Manager UI Change Log page publishes these start and end timestamps, and durations calculated from them. For more information about viewing start and end timestamps on the Change Log page, see Improved Change Log Page.

Ops Manager Syslog Template Available for Service Broker Tiles

Tile developers can use the Ops Manager Syslog template form for their service broker tiles. The template makes tile users’ experience more consistent and secure. Tile developers can apply the Syslog template using the opsmanager_syslog key in their tile’s metadata.yml file.

For more information about the Syslog template, see Syslog Form Template Available for Tile Authors.

Ops Manager Adds Support for All AWS Regions

The Ops Manager AWS Config pane includes an open text field for AWS region. This field allows you to input any AWS region when configuring BOSH Director on AWS.

For more information about adding an AWS region in Ops Manager, see Step 2: AWS Config Page.

AWS Deployments Use 5th Generation Instances

Ops Manager v2.6 uses the latest generation of instances for AWS deployments. When you upgrade to Ops Manager v2.6, your VM types convert to the corresponding 5th generation instance types, such as t2 to t3 and c4 to c5.

If you are using a custom instance type catalog, your VM types that are used and available do not change.

These instance types are supported by Xenial stemcells and Trusty stemcell 3586 and later. Stemcells earlier than Trusty stemcell 3586 fail to boot Ops Manager.

For more information about AWS instance types, see Amazon EC2 Instance Types in the AWS documentation.

Compiled Release Assets Included in BOSH Deployment Manifest

Ops Manager now automatically includes the exported_from field in the releases section of the BOSH deployment manifest file. The exported_from field contains the compiled release assets for the deployment and prevents BOSH from updating every VM with later versions of packages during a BOSH deployment. This saves time and reduces unexpected VM updates.

For example, the exported_from field in the following manifest file specifies that the deployment uses the packages from the release compiled against version 250.4 of ubuntu-xenial:

releases:
- name: bpm
  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bpm-0.12.3-ubuntu-xenial-250.4.tgz
  version: 0.12.3
  exported_from:
  - os: ubuntu-xenial
    version: 250.4

For more information about using the exported_from field, see Locking Compiled Releases in the BOSH documentation.

Other Ops Manager API Improvements

In addition to features described above, the Ops Manager v2.6 API also includes the following changes:

  • Operators can override the NATS maximum payload. Deployments with a large number of custom domains may use certificates that are larger than the default 1 MB NATS payload size. As a workaround, operators can override the default maximum. For more information, see Updating director and Iaas properties (Experimental) in the Ops Manager API documentation.

  • When a request to POST /api/v0/installations fails to trigger Apply Changes, the response contains more details about which products are not fully configured. For more information, see Triggering an installation in the Ops Manager API documentation.

Known Issues

This release contains the following known issues:

Ops Manager Syslog Template Is Not Supported for Service Broker Tiles

Ops Manager syslog template does not propagate to service broker tiles. Tile developers with service broker tiles should continue to use their own syslog configurations. Service broker tiles with the syslog template configured do not display the syslog template.

For more information about the Syslog template, see Syslog Form Template Available for Tile Authors.

When an installation fails, the Ops Manager UI presents a hyperlink to the installation log in the pop-up window. This link is currently non-functional.

To work around this issue, click on Change Log in the Ops Manager Installation Dashboard to view product installation logs.

CredHub Database Migration Failure

When the CredHub database fails to migrate with a Flyway exception, it may be caused by an issue with the flyway_schema_history table.

For information on how to address the issue, see Database Migration Failure in GitHub.