Skip to content
Support Downloads Contact Us Sign In

Release Notes

Ops Manager 2.5

The filename for the artifact downloaded from Ops Manager is changed! If your resources or pipelines have a regex for the Ops Manager filename, you may be affected. (Please see Ops Manager's official notice for more information)

Azure Updating to 2.5

Ops Manager will be removing the necessity to provide availability zones for azure. If your director.yml(see staged-director-config) has a block like the following in the networks section: 

1
2
   availability_zone_names:
   - "null"
your deployment will have the following error: 
1
{"errors":["Availability zones cannot find availability zone with name null"]}
To fix this error, please remove the availability_zone_names section from your azure config, or re-run staged-director-config to update your director.yml.

v4.0.16

Released May 14, 2020

CLI Versions
Name version
om 3.2.3
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.16.0

The full Docker image-receipt: Download

Bug Fixes

  • Sometimes vsphere create-vm/delete-vm/upgrade-opsman would fail with: govc[stderr]: panic: send on closed channel due to a bug in govc.

    These tasks have implemented the workaround described in the issue.

  • CVE update to container image. Resolves USN-4359-1. The CVEs are related to vulnerabilities with apt.

v4.0.14

Released April 28, 2020

CLI Versions
Name version
om 3.2.3
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.16.0

The full Docker image-receipt: Download

Bug Fixes

  • CVE update to container image. Resolves USN-4329-1. This CVE is related to vulnerabilities with git.
  • CVE update to container image. Resolves USN-4334-1. This CVE is related to vulnerabilities with git.
  • CVE update to container image. Resolves USN-4333-1. This CVE is related to vulnerabilities with python.
  • Adding back the removed ssh Ubuntu package.

v4.0.13

Released April 20, 2020

Known Issue

This version attempted to remove some unnecessary dependencies from the image. In this process, important utilities may have been removed as well. In particular, we know that ssh is missing. If you use this version and find any vital tools missing, please let us know. A forthcoming patch version will restore ssh and any other identified tools.

CLI Versions
Name version
om 3.2.3
bosh-cli 6.2.1
credhub 2.6.2
winfs-injector 0.16.0

The full Docker image-receipt: Download

Bug Fixes

  • The winfs-injector has been bumped to support the new TAS Windows tile. When downloading a product from Pivnet, the download-product task uses winfs-injector to package the Windows rootfs in the tile. Newer version of TAS Windows, use a new packaging method, which requires this bump.

    If you see the following error, you need this fix.

    1
2
3
4
5
6
    Checking if product needs winfs injected...+ '[' pas-windows == pas-windows ']'
+ '[' pivnet == pivnet ']'
++ basename downloaded-files/pas-windows-2.7.12-build.2.pivotal
+ TILE_FILENAME=pas-windows-2.7.12-build.2.pivotal
+ winfs-injector --input-tile downloaded-files/pas-windows-2.7.12-build.2.pivotal --output-tile downloaded-product/pas-windows-2.7.12-build.2.pivotal
open /tmp/015434627/extracted-tile/embed/windowsfs-release/src/code.cloudfoundry.org/windows2016fs/2019/IMAGE_TAG: no such file or directory

v4.0.12

Released March 25, 2020

CLI Versions
Name version
om 3.2.3
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.14.0

The full Docker image-receipt: Download

Bug Fixes

  • Downloading a stemcell associated with a product will try to download the light or heavy stemcell. If anyone has experienced the recent issue with download-product and the AWS heavy stemcell, this will resolve your issue. Please remove any custom globbing that might've been added to circumvent this issue. For example, stemcall-iaas: light*aws should just be stemcell-iaas: aws now.
  • CVE update to container image. Resolves USN-4298-1. This CVE is related to vulnerabilities with libsqlite3.
  • CVE update to container image. Resolves USN-4305-1. This CVE is related to vulnerabilities with libicu60.

Experimental Features

  • EXPERIMENTAL config-template now supports the --exclude-version flag. If provided, the command will exclude the version directory in the --output-directory tree. The contents will with or without the flag will remain the same. Please note including the --exclude-version flag will make it more difficult to track changes between versions unless using a version control system (such as git).
  • EXPERIMENTAL config-template supports --pivnet-disable-ssl to skip SSL validation.
  • When using config-template (EXPERIMENTAL) or download-product, the --pivnet-skip-ssl is honored when capturing the token.

v4.0.11

Released February 21, 2020

CLI Versions
Name version
om 3.1.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

The full Docker image-receipt: Download

Bug Fixes

  • GCP create-vm now correctly handles an empty tags list
  • CVE update to container image. Resolves USN-4274-1. The CVEs are related to vulnerabilities with libxml2.
  • Bumped the following low-severity CVE packages: libsystemd0 libudev1

v4.0.10

Released February 4, 2020

CLI Versions
Name version
om 3.1.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

The full Docker image-receipt: Download

Bug Fixes

  • CVE update to container image. Resolves USN-4243-1. The CVEs are related to vulnerabilities with libbsd.
  • CVE update to container image. Resolves USN-4249-1. The CVEs are related to vulnerabilities with e2fsprogs.
  • CVE update to container image. Resolves USN-4233-2. The CVEs are related to vulnerabilities with libgnutls30.
  • CVE update to container image. Resolves USN-4256-1. The CVEs are related to vulnerabilities with libsasl2-2.
  • Bumped the following low-severity CVE packages: libcom-err2, libext2fs2, libss2, linux-libc-dev

v4.0.9

Released January 22, 2020

CLI Versions
Name version
om 3.1.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4236-1. The CVEs are related to vulnerabilities with Libgcrypt.
  • CVE update to container image. Resolves USN-4233-1. The CVEs are related to vulnerabilities with GnuTLS.
  • Bumped the following low-severity CVE package: linux-libc-dev

v4.0.8

Released December 12, 2019

CLI Versions
Name version
om 3.1.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4220-1. The CVEs are related to vulnerabilities with git.
  • Bumped the following low-severity CVE package: linux-libc-dev

v4.0.7

Released December 3, 2019

CLI Versions
Name version
om 3.1.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4205-1. This CVE is related to vulnerabilities with libsqlite3. None of our code calls libsqlite3 directly, but the IaaS CLIs rely on this package.

v4.0.6

Released November 6, 2019

CLI Versions
Name version
om 3.1.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4172-1. This CVE is related to vulnerabilities with file and libmagic.
  • CVE update to container image. Resolves USN-4168-1. This CVE is related to vulnerabilities with libidn2.
  • Bump bosh CLI to v6.1.1
  • Bump credhub CLI to v2.6.1

v4.0.5

Released October 25, 2019

CLI Versions
Name version
om 3.1.0
bosh-cli 5.5.1
credhub 2.5.2
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4151-1. This CVE is related to vulnerabilities with python. None of our code calls python directly, but the IaaS CLIs rely on this package.

v4.0.4

Released October 15, 2019, includes om version 3.1.0

Bug Fixes

  • CVE update to container image. Resolves USN-4142-1. (related to vulnerabilities with e2fsprogs. While none of our code directly used these, they are present on the image.)
  • Bumped the following low-severity CVE packages: libcom-err2, libext2fs2, libss2, linux-libc-dev

v4.0.3

Released September 27, 2019, includes om version 3.1.0

Bug Fixes

  • CVE update to container image. Resolves USN-4127-1. This CVE is related to vulnerabilities with python. None of our code calls python directly, but the IaaS CLIs rely on this package.
  • CVE update to container image. Resolves USN-4129-1. (related to vulnerabilities with curl and libcurl. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-4132-1. (related to vulnerabilities with expat. While none of our code directly used these, they are present on the image.)
  • Bumped the following low-severity CVE packages: libsystemd0, libudev1, linux-libc-dev

v4.0.1

Released September 4, 2019, includes om version 3.1.0

Bug Fixes

  • CVE update to container image. Resolves USN-4108-1. (related to vulnerabilities with libzstd. While none of our code directly used these, they are present on the image.)
  • Bumped the following low-severity CVE packages: linux-libc-dev

v4.0.0

Released August 28, 2019, includes om version 3.1.0

Breaking Changes

  • The tasks have been updated to extract their bash scripting into a separate script. The tasks' script can be used with different CI/CD systems like Jenkins.

This will be a breaking change if your tasks resource is not named platform-automation-tasks.

For example,

1
2
3
- get: tasks
- task: configure-authentication
  file: tasks/tasks/configure-authentication.yml

will be changed to

1
2
3
- get: platform-automation-tasks
- task: configure-authentication
  file: platform-automation-tasks/tasks/configure-authentication.yml

Notice that the resource name changed as did the relative path to the task YAML file in file.

What's New

  • configure-ldap-authentication, configure-saml-authentication, and configure-authentication can create a UAA client on the Ops Manager VM. The client_secret will be the value provided to this option precreated-client-secret. This is supported in OpsManager 2.5+.
  • For Ops Manager 2.6+, new task pre-deploy-check will validate that Ops Manager and it's staged products are configured correctly. This may be run at any time and may be used as a pre-check for apply-changes.
  • For GCP, create-vm will now allow you to specify a gcp_service_account_name for the new Ops Manager VM. This enables you to designate a service account name as opposed to providing a service account json object. This may be specified in the Ops Manager config for GCP. For more information on GCP service accounts, refer to the GCP service accounts docs.
  • For GCP, create-vm supports setting scopes for the new Ops Manager VM. This may be specified in the Ops Manager config for GCP. For more information on setting GCP scopes, refer to the GCP scope docs.
  • configure-director now support VM Extensions. Please note this is an advanced feature, and should be used at your own discretion.
  • configure-director now support VM Types. Please note this is an advanced feature, and should be used at your own discretion.
  • Add support for new NSX and NSXT format in Ops Manager 2.7+ when calling staged-config and staged-director-config
  • state can now be defined in a state-$timestamp.yml format (like export-installation). This is an opt-in feature, and is only recommended if you are storing state in a non-versioned s3-compatible blobstore. To opt-in to this feature, a param must be added to your pipeline and given the value of STATE_FILE: state-$timestamp.yml for each invocation of the following commands:
  • gcp opsman.yml now supports ssh_public_key. This is used to ssh into the Ops Manager VM to manage non-tile bosh add-ons.
  • EXPERIMENTAL config-template now will provide required-vars in addition to default-vars.
  • EXPERIMENTAL config-template will define vars with an _ instead of a /. This is an aesthetically motivated change. Ops files are denoted with /, so changing the vars separators to _ makes this easier to differentiate.
  • EXPERIMENTAL config-template output product-default-vars.yml has been changed to default-vars.yml

Bug Fixes

  • download-product will now return a download-product.json if stemcell-iaas is defined, but there is no stemcell to download for that product.
  • vsphere opsman.yml now requires ssh_public_key for Ops Manager 2.6+ This was added to mitigate an error during upgrade that would cause the VM to enter a reboot loop.
  • When using AWS to create the Ops Manager VM with encrypted disks, the task create-vm and upgrade-opsman will wait for disk encryption to be completed. An exponential backoff will be and timeout after an hour if disk is not ready.

v3.0.18

Released February 20, 2020

CLI Versions
Name version
om 3.0.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

The full Docker image-receipt: Download

Bug Fixes

  • GCP create-vm now correctly handles an empty tags list
  • CVE update to container image. Resolves USN-4274-1. The CVEs are related to vulnerabilities with libxml2.
  • Bumped the following low-severity CVE packages: libsystemd0 libudev1

v3.0.17

Released February 3, 2020

CLI Versions
Name version
om 3.0.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

The full Docker image-receipt: Download

Bug Fixes

  • CVE update to container image. Resolves USN-4243-1. The CVEs are related to vulnerabilities with libbsd.
  • CVE update to container image. Resolves USN-4249-1. The CVEs are related to vulnerabilities with e2fsprogs.
  • CVE update to container image. Resolves USN-4233-2. The CVEs are related to vulnerabilities with libgnutls30.
  • CVE update to container image. Resolves USN-4256-1. The CVEs are related to vulnerabilities with libsasl2-2.
  • Bumped the following low-severity CVE packages: libcom-err2, libext2fs2, libss2, linux-libc-dev

v3.0.16

Released January 28, 2020

CLI Versions
Name version
om 3.0.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4236-1. The CVEs are related to vulnerabilities with Libgcrypt.
  • CVE update to container image. Resolves USN-4233-1. The CVEs are related to vulnerabilities with GnuTLS.
  • Bumped the following low-severity CVE package: linux-libc-dev

v3.0.15

Released December 12, 2019

CLI Versions
Name version
om 3.0.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4220-1. The CVEs are related to vulnerabilities with git.
  • Bumped the following low-severity CVE package: linux-libc-dev

v3.0.14

Released December 3, 2019

CLI Versions
Name version
om 3.0.0
bosh-cli 6.1.1
credhub 2.6.1
winfs-injector 0.13.0

Bug Fixes

  • CVE update to container image. Resolves USN-4205-1. This CVE is related to vulnerabilities with libsqlite3. None of our code calls libsqlite3 directly, but the IaaS CLIs rely on this package.

v3.0.13

Released November 14, 2019, includes om version 3.0.0

Bug Fixes

  • CVE update to container image. Resolves USN-4172-1. This CVE is related to vulnerabilities with file and libmagic.
  • CVE update to container image. Resolves USN-4168-1. This CVE is related to vulnerabilities with libidn2.
  • Bump bosh CLI to v6.1.1
  • Bump credhub CLI to v2.6.1

v3.0.12

Released October 25, 2019, includes om version 3.0.0

Bug Fixes

  • CVE update to container image. Resolves USN-4151-1. This CVE is related to vulnerabilities with python. None of our code calls python directly, but the IaaS CLIs rely on this package.

v3.0.11

Released October 15, 2019, includes om version 3.0.0

Bug Fixes

  • CVE update to container image. Resolves USN-4142-1. (related to vulnerabilities with e2fsprogs. While none of our code directly used these, they are present on the image.)
  • Bumped the following low-severity CVE packages: libcom-err2, libext2fs2, libss2, linux-libc-dev

v3.0.10

Released September 26, 2019, includes om version 3.0.0

Bug Fixes

  • CVE update to container image. Resolves USN-4127-1. This CVE is related to vulnerabilities with python. None of our code calls python directly, but the IaaS CLIs rely on this package.
  • CVE update to container image. Resolves USN-4129-1. (related to vulnerabilities with curl and libcurl. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-4132-1. (related to vulnerabilities with expat. While none of our code directly used these, they are present on the image.)
  • Bumped the following low-severity CVE packages: libsystemd0, libudev1, linux-libc-dev

v3.0.8

Released September 4, 2019, includes om version 3.0.0

Bug Fixes

  • CVE update to container image. Resolves USN-4108-1. (related to vulnerabilities with libzstd. While none of our code directly used these, they are present on the image.)
  • Bumped the following low-severity CVE packages: libpython2.7, libpython2.7-dev, libpython2.7-minimal, libpython2.7-stdlib, libssl1.1 openssl, python-cryptography, python2.7, python2.7-dev, python2.7-minimal

v3.0.7

Released August 28, 2019, includes om version 3.0.0

Bug Fixes

  • When using AWS to create the Ops Manager VM with encrypted disks, the task create-vm and upgrade-opsman will wait for disk encryption to be completed. An exponential backoff will be and timeout after an hour if disk is not ready.
  • CVE update to container image. Resolves USN-4071-1. (related to vulnerabilities with patch. While none of our code directly used these, they are present on the image.)
  • Bumped the following low-severity CVE packages: linux-libc-dev, libldap-2.4-2, libldap-common, linux-libc-dev

v3.0.5

Released July 22, 2019, includes om version 3.0.0

Bug Fixes

  • in credhub-interpolate, upload-product, and upload-stemcell setting SKIP_MISSING: false the command would fail. This has been fixed.
  • upgrade-opsman would fail on the import-installation step if the env file did not contain a target or decryption passphrase. This will now fail before the upgrade process begins to ensure faster feedback.
  • upgrade-opsman now respects environment variables when it makes calls internally to om (env file still required).
  • download-product-s3 does not require pivnet-api-token anymore.

  • om CLI has been bumped to v3.0.0. This includes the following bug fixes:

    • apply-changes --product <product> will error with product not found if that product has not been staged.
    • upload-stemcell now accepts --floating false in addition to floating=false. This was done to offer consistency between all of the flags on the command.

    • skip-unchanged-products was removed from apply-changes. This option has had issues with consistent successful behaviour. For example, if the apply changes fails for any reason, the subsequent apply changes cannot pick where it left off. This usually happens in the case of errands that are used for services.

      We are working on scoping a selective deploy feature that makes sense for users. We would love to have feedback from users about this.

    • remove revert-staged-changes unstage-product functionally does the same thing, but uses the API.

    • Bumped the following low-severity CVE packages: unzip

v3.0.4

Released July 11, 2019, includes om version 2.0.0

Bug Fixes

  • Both configure-ldap-authentication and configure-saml-authentication will now automatically create a BOSH UAA admin client as documented here. This is only supported in OpsManager 2.4 and greater. You may specify the option skip-create-bosh-admin-client in your config YAML to skip creating this client. After the client has been created, you can find the client ID and secret by following steps three and four found here.

    This feature needs to be enabled to properly automate authentication for the bosh director when using LDAP and SAML. If skip-create-bosh-admin-client: true is specified, manual steps are required, and this task is no longer "automation".

  • create-vm and upgrade-opsman now function with gcp_service_account_name on GCP. Previously, only providing a full gcp_service_account as a JSON blob worked.

  • Environment variables passed to create-vm, delete-vm, and upgrade-opsman will be passed to the underlying IAAS CLI invocation. This allows our tasks to work with the https_proxy and no_proxy variables that can be set in Concourse.
  • download-product task output of assign-stemcell.yml will have the correct product-name

  • When using the env.yml for a task, extra values passed in the env file will now fail if they are not recognized properties. Invalid properties might now produce the following: 

    1
2
3
      $ om --env env.yml upload-product --product product.pivotal
  could not parse env file: yaml: unmarshal errors:
  line 5: field invalid-field not found in type main.options

  • credhub CLI has been bumped to v2.5.1. This includes a fix of not raising an error when processing an empty YAML file.

  • om CLI has been bumped to v2.0.0. This includes the following bug fixes:

    • download-product will now return a download-file.json if stemcell-iaas is defined but the product has no stemcell. Previously, this would exit gracefully, but not return a file.

    • Non-string environment variables can now be read and passed as strings to Ops Manager. For example, if your environment variable (OM_NAME) is set to "123" (with quotes escaped), it will be evaluated in your config file with the quotes.

      Given config.yml 

      1
      value: ((NAME))

      om interpolate -c config.yml --vars-env OM

      Will evaluate to: 

      1
        value: "123"

    • bosh-env will now set BOSH_ALL_PROXY without a trailing slash if one is provided

    • When using bosh-env, a check is done to ensure the SSH private key exists. If does not the command will exit 1.
    • config-template will enforce the default value for a property to always be configurable: false. This is inline with the OpsManager behaviour.

  • CVE update to container image. Resolves USN-4040-1. (related to vulnerabilities with Expat. While none of our code directly used these, they are present on the image.)

  • CVE update to container image. Resolves USN-4038-1 and USN-4038-3. (related to vulnerabilities with bzip. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-4019-1. (related to vulnerabilities with SQLite. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves CVE-2019-11477. (related to vulnerabilities with linux-libc-dev. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-4049-1. (related to vulnerabilities with libglib. While none of our code directly used these, they are present on the image.)

v3.0.2

Released July 8, 2019, includes om version 1.0.0

Bug Fixes

  • CVE update to container image. Resolves USN-4014-1. (related to vulnerabilities with GLib. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-4015-1. (related to vulnerabilities with DBus. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-3999-1. (related to vulnerabilities with GnuTLS. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-4001-1. (related to vulnerabilities with libseccomp. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-4004-1. (related to vulnerabilities with Berkeley DB. While none of our code directly used these, they are present on the image.)
  • CVE update to container image. Resolves USN-3993-1. (related to vulnerabilities with curl. While none of our code directly used these, they are present on the image.)

v3.0.1

Released May 24, 2019, includes om version 1.0.0

Breaking Changes

  • om will now follow conventional Semantic Versioning, with breaking changes in major bumps, non-breaking changes for minor bumps, and bug fixes for patches.

  • The credhub-interpolate task can have multiple interpolation paths. The INTERPOLATION_PATH param is now plural: INTERPOLATION_PATHS. IF you are using a custom INTERPOLATION_PATH for credhub-interpolate, you will need to update your pipeline.yml to this new param. As an example, if your credhub-interpolate job is defined as so: 

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
    # OLD pipeline.yml PRIOR TO 3.0.0 RELEASE
- name: example-credhub-interpolate
  plan:
  - get: platform-automation-tasks
  - get: platform-automation-image
  - get: config
  - task: credhub-interpolate
    image: platform-automation-image
    file: platform-automation-tasks/tasks/credhub-interpolate.yml
    input_mapping:
      files: config
    params:
      # all required
      CREDHUB_CA_CERT: ((credhub_ca_cert))
      CREDHUB_CLIENT: ((credhub_client))
      CREDHUB_SECRET: ((credhub_secret))
      CREDHUB_SERVER: ((credhub_server))
      PREFIX: /private-foundation
      INTERPOLATION_PATH: foundation/config-path
      SKIP_MISSING: true
    it should now look like 
     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
    # NEW pipeline.yml FOR 3.0.0 RELEASE
- name: example-credhub-interpolate
  plan:
  - get: platform-automation-tasks
  - get: platform-automation-image
  - get: config
  - task: credhub-interpolate
    image: platform-automation-image
    file: platform-automation-tasks/tasks/credhub-interpolate.yml
    input_mapping:
      files: config
    params:
      # all required
      CREDHUB_CA_CERT: ((credhub_ca_cert))
      CREDHUB_CLIENT: ((credhub_client))
      CREDHUB_SECRET: ((credhub_secret))
      CREDHUB_SERVER: ((credhub_server))
      PREFIX: /private-foundation
      INTERPOLATION_PATHS: foundation/config-path
      SKIP_MISSING: true

  • the upload-product option --sha256 has been changed to --shasum. IF you are using the --config flag in upload-product, your config file will need to update from: 

    1
2
3
    # OLD upload-product-config.yml PRIOR TO 3.0.0 RELEASE
product-version: 1.2.3-build.4
sha256: 6daededd8fb4c341d0cd437a
    to: 
    1
2
3
    # NEW upload-product-config.yml FOR 3.0.0 RELEASE
product-version: 1.2.3-build.4
shasum: 6daededd8fb4c341d0cd437a # NOTE the name of this value is changed
    This change was added to future-proof the param name for when sha256 is no longer the de facto way of defining shasums.

What's New

  • The new command assign-multi-stemcell assigns multiple stemcells to a provided product. This feature is only available in OpsMan 2.6+.
  • download-product ensures sha sum checking when downloading the file from Tanzu Network.
  • download-product can now disable ssl validation when connecting to Tanzu Network. This helps with environments with SSL and proxying issues. Add pivnet-disable-ssl: true in your download-product-config to use this feature.
  • On GCP, if you did not assign a public IP, Google would assign one for you. This has been changed to only assign a public IP if defined in your opsman.yml.
  • On Azure, if you did not assign a public IP, Azure would assign one for you. This has been changed to only assign a public IP if defined in your opsman.yml.
  • om interpolate (example in the test task) now supports the ability to accept partial vars files. This is added support for users who may also be using credhub-interpolate or who want to mix interpolation methods. To make use of this feature, include the --skip-missing flag.
  • credhub-interpolate now supports the SKIP_MISSING parameter. For more information on how to use this feature and if it fits for your foundation(s), see the Secrets Handling section.
  • the reference pipeline has been updated to give an example of credhub-interpolate in practice. For more information about credhub, see Secrets Handling
  • om now has support for config-template (a Platform Automation Toolkit encouraged replacement of tile-config-generator). This is an experimental command that can only be run currently using docker run. For more information and instruction on how to use config-template, please see Creating a Product Config File.
  • upload-stemcell now supports the ability to include a config file. This allows you to define an expected shasum that will validate the calculated shasum of the provided stemcell uploaded in the task. This was added to give feature parity with upload-product
  • Azure now allows NSG(network security group) to be optional. This change was made because NSGs can be assigned at the subnet level rather than just the VM level. This param is also not required by the Azure CLI. Platform Automation Toolkit now reflects this.
  • staged-director-config now supports returning multiple IaaS configurations. iaas-configurations is a top level key returned in Ops Manager 2.2+. If using an Ops Manager 2.1 or earlier, iaas_configuration will continue to be a key nested under properties-configuration.

  • configure-director now supports setting multiple IaaS configurations. If using this feature, be sure to use the top-level iaas-configurations key, rather than the nested properties-configuration.iaas_configuration key. If using a single IaaS, properties-configuration.iaas_configuration is still supported, but the new iaas_configurations top-level key is recommended.

    1
2
3
4
5
6
7
8
9
    # Configuration for 2.2+
iaas-configurations:
- additional_cloud_properties: {}
  name: ((iaas-configurations_0_name))
- additional_cloud_properties: {}
  name: ((iaas-configurations_1_name))
  ...
networks-configuration: ...
properties-configuration: ...

    1
2
3
4
5
6
7
8
9
    # Configuration 2.1 and earlier
networks-configuration: ...
properties-configuration:
    director_configuration: ...
    iaas_configuration:
      additional_cloud_properties: {}
      name: ((iaas-configurations_0_name))
      ...
    security_configuration: ...

Bug Fixes

  • OpenStack would sometimes be unable to associate the public IP when creating the VM, because it was waiting for the VM to come up. The --wait flag has been added to validate that the VM creation is complete before more work is done to the VM.
  • credhub-interpolate now accepts multiple files for the INTERPOLATION_PATHS.
  • CVE update to container image. Resolves USN-3911-1. (related to vulnerabilities with libmagic1. While none of our code directly used these, they are present on the image.)
  • Improved error messaging for vSphere VM creation if neither ssh-password or ssh-public-key are set. One or the other is required to create a VM.