THE BASICS
Welcome to the Ops Manager API! You can use our API to access endpoints, which can create, read, update, and delete resources in Ops Manager.
We have language bindings in cURL! You can view code examples in the dark area to the right.
Authentication
You must pass a token to each API endpoint. To get a token, and curl an API endpoint using that token, follow these instructions:
From a command line with Ruby installed, install the cf-uaac gem:
gem install cf-uaac
Target your Ops Manager IP:
uaac target https://YOUR_OPSMAN_IP/uaa
Log in to your Ops Manager with the Client name "opsman" and empty Client secret:
uaac token owner get
Client name: opsman
Client secret: JUST_PRESS_ENTER
User name: YOUR_USERNAME_HERE
Password: YOUR_PASSWORD_HERE
Retrieve your Ops Manager access token:
uaac context
Ops Manager uses authorization tokens to allow access to the API. You can get an authorization token by using the uaac command line tool (instructions to the right).
Ops Manager expects for the API key to be included in all API requests to the server in a header that looks like the following:
Authorization: Bearer YOUR_ACCESS_TOKEN
Workflow
Available ---> Staged --> Apply Changes --> Deployed
Products (.pivotal files) can be uploaded or downloaded to the Available Products namespace.
They are then moved into the Staged Products namespace, which describes the desired state of the installation, and where configuration changes are made.
When queued changes are applied successfully, the Deployed products namespace mirrors the Staged Products namespace until further changes are made.
Status Codes
Ops Manager uses conventional HTTP response codes to indicate the success or failure of an API request. Generally, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that failed given the information provided (e.g., a required parameter was omitted), and codes in the 5xx range indicate an error with the Ops Manager server.
| Code | Description |
|---|---|
| 200 - OK | Everything worked as expected |
| 404 - not found | The route requested does not exist |
| 400 - bad request | The request is syntactically incorrect |
| 401 - unauthorized | The access token has expired or is invalid |
| 409 - conflict | Another user is logged in |
| 422 - unprocessable entity | The request is syntactically correct but the supplied values do not work |
| 500 - internal server error | Something went wrong with our server |
| 502 - bad gateway | OpsManager is unable to talk to an underlying service such as credhub |
| 503 - service unavailable | The authentication service is not available yet |
Pivotal Network API token
Adding or updating the Pivotal Network API token
You can add a Pivotal Network API Token to use Ops Manager's PivNet integration. This features automatically finds updates to products and stemcells from PivNet which you can then stage and install.
You can find your API token under your profile settings in PivNet. Note that currently there are two API tokens listed. Ops Manager only works with one listed as "legacy API token."
curl "https://example.com/api/v0/settings/pivotal_network_settings" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "pivotal_network_settings": { "api_token": "pivnet-api-token" }}'
Example Response
HTTP/1.1 200 OK
{
"success": true
}
HTTP Request
PUT /api/v0/settings/pivotal_network_settings
Removing the Pivotal Network API token
You can delete your Pivotal Network API token to disable Ops Manager's integration with PivNet. This also removes the current list of product and stemcell upgrades from PivNet on the Ops Manager dashboard.
curl "https://example.com/api/v0/settings/pivotal_network_settings" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
DELETE /api/v0/settings/pivotal_network_settings
COMMON TASKS
Setting up Ops Manager
Ops Manager can be set up with an internal user store or with an external identity provider.
Installing products
- Products can be uploaded to Ops Manager. Once the product has been uploaded, it is in the "Available Products" namespace.
- The product then needs to be added to the "Staged Products" namespace
- The product needs to be configured completely with all required fields
- Once all products in the installation have been completely configured, all changes can be applied by triggering an install process
Configuring products
Products staged on Ops Manager need to have the following properties configured before they can be deployed:
- Networks and AZs - Specify the networks and AZs to be used by the product
- Resource config (optional) - Edit the resource configuration of the product if desired
- Errands (optional) - Set whether errands for the product will run by default
- Product-specific properties - Vary by product, and can consist of simple properties, hashed properties, selector properties, and collection properties
Downloading product updates
Product Updates can be downloaded from Pivnet, instead of manually uploaded.
- First, make sure you have set your Pivotal Network API token
- Check for available upgrades to installed products
- Fetch and Accept the EULA for an available upgrade
- Download an available upgrade by product name and version
- Finally, you can check the status of a pending download if you need to
Upgrading products
- New versions of a product can be downloaded directly from Pivotal Network, or imported into the Ops Manager application
- The existing version of the product can then be upgraded
- Any necessary configuration changes are then made
- Changes can be applied by triggering an install process
Viewing logs and credentials
Multiple types of logs and credentials are available in Ops Manager. These are:
- Installation logs - refers to the changelog and the more detailed BOSH logs associated with each Install action
- Product job logs - refers to BOSH logs associated with individual jobs belonging to product. First, view a list of jobs for the product, then use the relevant job id to enqueue a log download for the job, then check the status of the job. When the status of the job is 'downloaded', download the zip file with the logs.
- Product credentials - Credentials that Ops Manager auto-creates for product jobs. These are obtained by first getting the list of available credentials, and then requesting the appropriate credential.
- BOSH director credentials - Credentials that Ops Manager auto-creates for the BOSH director and associated jobs. As with products, one needs to first discover the list of available credentials, and then request the appropriate credential.
Upgrading a stemcell
Stemcells may need to be upgraded when security vulnerabilities are discovered.
To upgrade a stemcell, upload it into Ops Manager. It will automatically be associated with the appropriate products. Trigger an install process for the change to take effect.
Upgrading Ops Manager
Upgrading Ops Manager is a two step process:
Export your existing Ops Manager installation using the export installation asset collection endpoint
After you have provisioned a fresh Ops Manager VM with a *.ova file corresponding to the latest version of Ops Manager, import the installation asset collection you exported previously, and trigger an install process.
CORE CONCEPTS
Info
Getting information about Ops Manager
curl "https://example.com/api/v0/info" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"info": {
"version": "v2.5.0-build.79"
}
}
HTTP Request
GET /api/v0/info
This endpoint returns information of the Ops Manager itself. Currently only version is returned.
Setup
Setting up with an internal userstore
curl "https://example.com/api/v0/setup" \
-X POST \
-H "Content-Type: application/json" \
-d '{ "setup": {
"decryption_passphrase": "example-passphrase",
"decryption_passphrase_confirmation":"example-passphrase",
"eula_accepted": "true",
"identity_provider": "internal",
"admin_user_name": "user-ed942e358eb61868dc87",
"admin_password": "example-password",
"admin_password_confirmation": "example-password",
"http_proxy": "http://proxy.myenterprise.com",
"https_proxy": "https://proxy.myenterprise.com",
"no_proxy": "127.0.0.1"
} }'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/setup
Query Parameters
| Parameter | Description |
|---|---|
| setup[decryption_passphrase] | Decryption passphrase |
| setup[decryption_passphrase_confirmation] | Confirm decryption passphrase |
| setup[eula_accepted] | Accept EULA |
| setup[identity_provider] | Using internal as our identity provider |
| setup[admin_user_name] | User name |
| setup[admin_password] | Password |
| setup[admin_password_confirmation] | Confirm password |
| setup[http_proxy] | Proxy for outbound HTTP network traffic (optional) |
| setup[https_proxy] | Proxy for outbound HTTPS network traffic (optional) |
| setup[no_proxy] | Comma-separated list of hosts that do not go through the proxy (optional) |
| setup[precreated_client_secret] | (Optional) Provisions a UAA client called 'precreated-client' with the configured secret |
Setting up with SAML
curl "https://example.com/api/v0/setup" \
-X POST \
-H "Content-Type: application/json" \
-d '{ "setup": {
"identity_provider": "saml",
"decryption_passphrase": "example-passphrase",
"decryption_passphrase_confirmation":"example-passphrase",
"idp_metadata": "https://saml.example.com:8080",
"bosh_idp_metadata": "https://bosh-saml.example.com:8080",
"eula_accepted": "true",
"http_proxy": "http://proxy.myenterprise.com",
"https_proxy": "https://proxy.myenterprise.com",
"no_proxy": "127.0.0.1",
"rbac_saml_admin_group": "opsman.full_control",
"rbac_saml_groups_attribute": "myenterprise",
"precreated_client_secret": "my-secret"
} }'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/setup
Query Parameters
| Parameter | Description |
|---|---|
| setup[identity_provider] | Set to "saml" to use SAML as the identity provider |
| setup[decryption_passphrase] | Decryption passphrase |
| setup[decryption_passphrase_confirmation] | Confirm decryption passphrase |
| setup[create_bosh_admin_client] | Create a UAA client, whose credentials can be passed to the BOSH CLI to execute BOSH commands. Default is false. |
| setup[http_proxy] | Proxy for outbound HTTP network traffic (optional) |
| setup[https_proxy] | Proxy for outbound HTTPS network traffic (optional) |
| setup[no_proxy] | Comma-separated list of hosts that do not go through the proxy (optional) |
| setup[eula_accepted] | Accept EULA |
| setup[idp_metadata] | XML, or URL to XML, for the IDP that Ops Manager should use |
| setup[bosh_idp_metadata] | XML, or URL to XML, for the IDP that BOSH should use |
| setup[rbac_saml_admin_group] | If SAML is specified, please provide the name of SAML group whose members should be considered admins of OpsManager |
| setup[rbac_saml_groups_attribute] | If SAML is specified, please provide the name of the attribute used by your SAML server to identify groups |
| setup[precreated_client_secret] | (Optional) Provisions a UAA client called 'precreated-client' with the configured secret |
Setting up with LDAP
curl "https://example.com/api/v0/setup" \
-X POST \
-H "Content-Type: application/json" \
-d '{ "setup": {
"identity_provider": "ldap",
"decryption_passphrase": "admin",
"decryption_passphrase_confirmation":"admin",
"eula_accepted": "true",
"precreated_client_secret": "my-secret",
"ldap_settings": {
"server_url": "ldap://YOUR-LDAP-SERVER",
"ldap_username": "cn=admin,dc=opsmanager,dc=com",
"ldap_password": "password",
"user_search_base": "ou=users,dc=opsmanager,dc=com",
"user_search_filter": "cn={0}",
"group_search_base": "ou=groups,dc=opsmanager,dc=com",
"group_search_filter": "member={0}",
"ldap_max_search_depth": 3,
"ldap_rbac_admin_group_name": "cn=opsmgradmins,ou=groups,dc=opsmanager,dc=com",
"email_attribute": "mail",
"ldap_referrals": "follow"
}
} }'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/setup
Query Parameters
| Parameter | Description |
|---|---|
| setup[identity_provider] | Set to "ldap" to use LDAP as the identity provider. |
| setup[decryption_passphrase] | Decryption passphrase |
| setup[decryption_passphrase_confirmation] | Confirm decryption passphrase |
| setup[create_bosh_admin_client] | Create a UAA client, whose credentials can be passed to the BOSH CLI to execute BOSH commands. Default is false. |
| setup[http_proxy] | Optional. Proxy for outbound HTTP network traffic |
| setup[https_proxy] | Optional. Proxy for outbound HTTPS network traffic |
| setup[no_proxy] | Optional. Comma-separated list of hosts that do not go through the proxy |
| setup[eula_accepted] | Accept EULA |
| setup[precreated_client_secret] | (Optional) Provisions a UAA client called 'precreated-client' with the configured secret |
| setup[ldap_settings][server_url] | The URL to the ldap server, must start with ldap:// or ldaps://. e.g. ldap://localhost:389 or ldaps://secure.host:636 |
| setup[ldap_settings][ldap_username] | The DN for the LDAP credentials used to search the directory. A valid LDAP ID that has read permissions to perform a search of the LDAP tree for user information. |
| setup[ldap_settings][ldap_password] | Password credentials for the above DN to search the LDAP tree for user information |
| setup[ldap_settings][user_search_base] | Define a base at which the search starts, e.g. "ou=users,dc=mycompany,dc=com" |
| setup[ldap_settings][user_search_filter] | The search filter used for the query. Takes one parameter, user ID defined as {0}. e.g. "cn={0}" |
| setup[ldap_settings][group_search_base] | Search start point for a user group membership search, and sequential nested searches. You can set this value to 'memberOf' when using Active Directory and skip group search but use the calculated memberOf field on the user records. No nested search will be performed. e.g. "ou=groups,dc=mycompany,dc=com" |
| setup[ldap_settings][group_search_filter] | Search query filter to find the groups to which a user belongs, e.g. "member={0}" |
| setup[ldap_settings][ldap_max_search_depth] | The LDAP group search depth. Allowed values are between 1 and 10. The default value is 1, which will turn off the nested group search. |
| setup[ldap_settings][ldap_referrals] | Configures the UAA LDAP referral behavior. The following values are possible: follow (referrals are followed), ignore (referrals are ignored and the partial result is returned), or throw (an error is thrown and the authentication is aborted) |
| setup[ldap_settings][server_ssl_cert] | Optional. Required only for ldaps://. This is the server certificate if using a Self Signed Certificate. If using a CA certificate, this must be the root certificate from your CA. |
| setup[ldap_settings][ldap_rbac_admin_group_name] | If LDAP is specified, please provide the name of LDAP group whose members should be considered admins of OpsManager |
| setup[ldap_settings][email_attribute] | The name of the LDAP attribute that contains the users email address. e.g. "mail". |
Installations
View a list of pending changes
Listing of products and errands, and any pending changes that might be applied. Products will be listed in deployment order.
The action of a pending change will be one of the following:
unchangedupdateupdate_stemcellinstalldelete
In the case where the product's stemcell has been updated (update_stemcell),
that product will also be listed as a general update (update).
curl "https://example.com/api/v0/staged/pending_changes" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"product_changes": [
{
"guid": "p-bosh-guid",
"action": "unchanged",
"errands": [],
"staged": {
"guid": "p-bosh-guid",
"identifier": "p-bosh",
"label": "BOSH Director",
"version": "2.5.0-build.20",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"deployed": {
"guid": "p-bosh-guid",
"identifier": "p-bosh",
"label": "BOSH Director",
"version": "2.5.0-build.20",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"last_successful_deployed": {
"guid": "p-bosh-guid",
"identifier": "p-bosh",
"label": "BOSH Director",
"version": "2.5.0-build.20",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"completeness_checks": {
"configuration_complete": false,
"stemcell_present": false,
"configurable_properties_valid": true
}
},
{
"guid": "example-product-1-guid",
"action": "unchanged",
"errands": [
{
"name": "example-errand",
"label": "an errand to log properties",
"post_deploy": true,
"impact_warning": "This is a post deploy errand warning"
},
{
"name": "example_colocated_errand",
"label": "colocated errand on web_server",
"post_deploy": true,
"impact_warning": null
}
],
"staged": {
"guid": "example-product-1-guid",
"identifier": "example-product-1",
"label": "Ops Manager: Example Product",
"version": "1.0-build.0",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"deployed": {
"guid": "example-product-1-guid",
"identifier": "example-product-1",
"label": "Ops Manager: Example Product",
"version": "1.0-build.0",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"last_successful_deployed": {
"guid": "example-product-1-guid",
"identifier": "example-product-1",
"label": "Ops Manager: Example Product",
"version": "1.0-build.0",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"completeness_checks": {
"configuration_complete": true,
"stemcell_present": true,
"configurable_properties_valid": true
}
},
{
"guid": "example-product-2-guid",
"action": "update_stemcell",
"errands": [{
"name": "errand-3",
"label": "Errand 3 label",
"post_deploy": true,
"impact_warning": null
}],
"staged": {
"guid": "example-product-2-guid",
"identifier": "example-product-2",
"label": "Ops Manager: Example Product 2",
"version": "1.0-build.1",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.2"
},
{
"os": "windows2019",
"version": "2019.1"
}
]
},
"deployed": {
"guid": "example-product-2-guid",
"identifier": "example-product-2",
"label": "Ops Manager: Example Product 2",
"version": "1.0-build.0",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"last_successful_deployed": null,
"completeness_checks": {
"configuration_complete": true,
"stemcell_present": true,
"configurable_properties_valid": true
}
},
{
"guid": "example-product-2-guid",
"action": "update",
"errands": [],
"staged": {
"guid": "example-product-2-guid",
"identifier": "example-product-2",
"label": "Ops Manager: Example Product 2",
"version": "1.0-build.1",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.3"
}
]
},
"deployed": {
"guid": "example-product-2-guid",
"identifier": "example-product-2",
"label": "Ops Manager: Example Product 2",
"version": "1.0-build.2",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.2"
}
]
},
"last_successful_deployed": {
"guid": "example-product-2-guid",
"identifier": "example-product-2",
"label": "Ops Manager: Example Product 2",
"version": "1.0-build.1",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"completeness_checks": {
"configuration_complete": true,
"stemcell_present": true,
"configurable_properties_valid": true
}
},
{
"guid": "example-product-3-guid",
"action": "install",
"errands": [],
"staged": {
"guid": "example-product-3-guid",
"identifier": "example-product-3",
"label": "Ops Manager: Example Product 3",
"version": "1.0-build.1",
"depends_on": [
{
"identifier": "example-product1",
"product_version": "1.0-build.0"
},
{
"identifier": "example-product-2",
"product_version": "1.0-build.0"
}
],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"deployed": null,
"last_successful_deployed": null,
"completeness_checks": {
"configuration_complete": true,
"stemcell_present": true,
"configurable_properties_valid": true
}
},
{
"guid": "example-product-4-guid",
"action": "delete",
"errands": [],
"staged": null,
"deployed": {
"guid": "example-product-4-guid",
"identifier": "example-product-4",
"label": "Ops Manager: Example Product 4",
"version": "1.0-build.1",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"last_successful_deployed": {
"guid": "example-product-4-guid",
"identifier": "example-product-4",
"label": "Ops Manager: Example Product 4",
"version": "1.0-build.1",
"depends_on": [],
"stemcells": [
{
"os": "ubuntu-xenial",
"version": "1.1"
}
]
},
"completeness_checks": {
"configuration_complete": true,
"stemcell_present": true,
"configurable_properties_valid": true
}
}
]
}
HTTP Request
GET /api/v0/staged/pending_changes
Triggering an installation
Applying all staged changes
curl "https://example.com/api/v0/installations" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"deploy_products": "all",
"errands": {
"product_1_guid": {
"run_pre_delete": {
"errand_a": true,
"errand_b": false,
"errand_c": "default"
}
},
"product_2_guid": {
"run_post_deploy": {
"errand_e": true,
"errand_f": false,
"errand_g": true,
"errand_h": "default"
}
}
},
"ignore_warnings": true
}'
Applying only changes to the director
curl "https://example.com/api/v0/installations" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"deploy_products": "none",
"ignore_warnings": true
}'
Example Response
HTTP/1.1 200 OK
{
"install": {
"id": 1
}
}
Applying changes to the director and products specified in `deploy_products` array
curl "https://example.com/api/v0/installations" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"deploy_products": ["product-guid-for-tile", "another-product-guid-for-different-tile"],
"ignore_warnings": true
}'
Example Error Response
HTTP/1.1 422 Unprocessible Entity
{
"errors" : [
"'another-product-guid-for-different-tile' (specified in deploy_products) was not found in the product repository"
],
"deployment_errors": {
"products": [
{
"identifier": "another-product-guid-for-different-tile",
"complete": false,
"network": {
"assigned": false
},
"availability_zone": {
"assigned": false
},
"stemcells": [
{
"assigned": true,
"required_stemcell_version": "250.17",
"required_stemcell_os": "ubuntu-xenial"
}
],
"properties": [
{
"name": ".properties.example_selector.pizza_option.other_toppings",
"type": "string",
"errors": [
"This name cannot contain special characters."
]
}
],
"resources": {
"jobs": []
},
"verifiers": []
}
]
}
}
Example Error Response with Ignorable Warnings (note: ignorable warnings show up in both `errors` and `warnings`)
HTTP/1.1 422 Unprocessible Entity
{
"errors" : [
"Cannot reach gateway with IP 172.18.0.1 (ignorable if ICMP is disabled), type: NetworksPingableVerifier"
],
"warnings" : [
"Cannot reach gateway with IP 172.18.0.1 (ignorable if ICMP is disabled), type: NetworksPingableVerifier"
],
"deployment_errors": {
"products": [
{
"identifier": "another-product-guid-for-different-tile",
"complete": false,
"network": {
"assigned": false
},
"availability_zone": {
"assigned": false
},
"stemcells": [
{
"assigned": true,
"required_stemcell_version": "250.17",
"required_stemcell_os": "ubuntu-xenial"
}
],
"properties": [],
"resources": {
"jobs": []
},
"verifiers": [
{
"type": "NetworksPingableVerifier",
"errors": [
"Cannot reach gateway with IP 172.18.0.1 (ignorable if ICMP is disabled), type: NetworksPingableVerifier"
],
"ignorable": true
}
]
}
]
}
}
HTTP Request
POST /api/v0/installations
Transmits pending changes to BOSH. Submitting a POST request to this endpoint is equivalent to triggering the "Apply Changes" button in the GUI.
Query Parameters
| Parameter | Description |
|---|---|
| ignore_warnings | When true, bypass warnings from ignorable verifiers (Optional) |
| errands | Hash of products with their enabled errands (Optional) Post Deploy errands support the following states:
|
| deploy_products | Apply changes only for the specified products. Will always apply changes for the BOSH Director. Default is "all" (all staged products). Allowed are "all", "none" (only the Director), or a collection of product GUIDs. (Optional) |
Note: When deploy_products is an array of product guids ["my-guid", "another-guid"], it will deploy the director tile and all passed-in products.
If there are any tiles being deployed, which are dependent on tiles with staged changes not being deployed, there will be validation errors and the deploy will not occur.
Getting the status of an installation
curl "https://example.com/api/v0/installations/4" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"status": "running",
"started_at": "2018-09-11T01:08:42.726Z",
"finished_at": "2018-09-11T01:08:55.181Z"
}
HTTP Request
GET /api/v0/installations/:id
This endpoint returns the status of an installation. Possible values for the status are running, succeeded, or failed.
The user_name field will contain either the name of logged in user that initiated the installation, or the client ID for the API client that initiated the installation.
Getting a list of installations
curl "https://example.com/api/v0/installations" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"installations": [
{
"user_name": "admin",
"finished_at": "2018-04-26T03:27:54.035Z",
"started_at": "2018-04-26T03:19:00.855Z",
"status": "succeeded",
"additions": [],
"deletions": [
{
"identifier": "another-example-product",
"label": "Another Example Product",
"product_version": "2.1.4",
"change_type": "deletion",
"deployment_status": "successful",
"guid": "another-example-product-1ba749ac9f6fcb7181ee",
"started_at": "2018-04-26T03:22:00.855Z",
"finished_at": "2018-04-26T03:24:54.035Z"
}
],
"updates": [
{
"identifier": "example-product",
"label": "Ops Manager: Example Product",
"product_version": "2.1.6",
"change_type": "update",
"deployment_status": "successful",
"guid": "example-product-4bf791dcdba551420a1f",
"started_at": "2018-04-26T03:25:00.855Z",
"finished_at": "2018-04-26T03:26:54.035Z"
}
],
"unchanged": [],
"id": 2
},
{
"user_name": "admin",
"finished_at": "2018-04-26T03:14:45.528Z",
"started_at": "2018-04-26T02:35:43.175Z",
"status": "succeeded",
"additions": [
{
"identifier": "example-product",
"label": "Ops Manager: Example Product",
"product_version": "2.1.6",
"change_type": "addition",
"deployment_status": "successful",
"guid": "example-product-4bf791dcdba551420a1f",
"started_at": "2018-04-26T03:25:00.855Z",
"finished_at": "2018-04-26T03:26:54.035Z"
},
{
"identifier": "another-example-product",
"label": "Another Example Product",
"product_version": "2.1.4",
"change_type": "addition",
"deployment_status": "successful",
"guid": "another-example-product-1ba749ac9f6fcb7181ee",
"started_at": "2018-04-26T03:25:00.855Z",
"finished_at": "2018-04-26T03:26:54.035Z"
},
{
"identifier": "p-bosh",
"label": "BOSH Director",
"product_version": "2.5.0-build.96",
"change_type": "addition",
"deployment_status": "successful",
"guid": "p-bosh-dd141cde18ccc883d542",
"started_at": "2018-04-26T03:25:00.855Z",
"finished_at": "2018-04-26T03:26:54.035Z"
}
],
"deletions": [],
"updates": [],
"unchanged": [],
"id": 1
}
]
}
HTTP Request
GET /api/v0/installations
This endpoint returns a list of products deployed in each installation. Possible values for
the status of an installation are running, succeeded, or failed.
The user_name field will contain either the name of logged in user that initiated the installation, or the client ID for the API client that initiated the installation.
All products which are deployed as part of an installation will be listed in one of the following groups:
- additions: newly installed products
- updates: settings were changed or the product was upgraded
- deletions: the product was deleted
- unchanged: none of the above, but the product was still redeployed
Each product also shows the status of its BOSH deployment. Possible values are:
pending, running, successful, failed, skipped.
Getting BOSH manifests from historical installations
curl "https://example.com/api/v0/installations/1/products/example-product-88b1515f1089d0eabdc9/manifest" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"manifest": {
"name":"example-product-88b1515f1089d0eabdc9",
"releases": [
{
"name":"example-release",
"version":"2.2.release39"
}
],
"stemcells": [
{
"alias":"bosh-docker-boshlite-ubuntu-trusty-go_agent",
"os":"ubuntu-trusty",
"version":"3541.12"
}
],
"instance_groups": []
}
}
HTTP Request
GET /api/v0/installations/:installation_id/products/:product_guid/manifest
This endpoint returns the BOSH manifest that was used for deploying a given product for a given installation id.
GET /api/v0/installations/:installation_id/products/director/manifest
This endpoint returns the BOSH manifest that was used for deploying the BOSH director for a given installation id.
Note: You can use GET /api/v0/installations to list the IDs and products guids of each historical installation.
Query Parameters
| Parameter | Description |
|---|---|
| installation_id | ID of the installation (i.e. ID of the instance of Apply Changes) |
| product_guid | The guid of the product which was deployed as part of the given installation |
Getting BOSH cloud configs from historical installations
curl "https://example.com/api/v0/installations/1/products/director/cloud_config" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"cloud_config": {
"azs": [
{
"name": "us-central1-a",
"cpi": "b8fbbcc58f283bd61b29",
"cloud_properties": {
"zone": "us-central1-a"
}
}
],
"networks": [
{
"name": "first-network",
"type": "manual",
"subnets": [
{
"azs": [
"us-central1-a"
],
"cloud_properties": {
"subnetwork_name": "daily-cheese-management-subnet",
"network_name": "daily-cheese-pcf-network"
}
}
]
}
],
"vm_types": [
{
"name": "micro",
"cloud_properties": {
"cpu": 1,
"ram": 1024
}
}
]
}
}
HTTP Request
GET /api/v0/installations/:installation_id/products/:product_guid/cloud_config
This endpoint returns the BOSH director's cloud config for a given installation id using the director's guid.
GET /api/v0/installations/:installation_id/products/director/cloud_config
This endpoint returns the BOSH director's cloud config for a given installation id.
Note: You can use GET /api/v0/installations to list the IDs and products guids of each historical installation.
Query Parameters
| Parameter | Description |
|---|---|
| installation_id | ID of the installation (i.e. ID of the instance of Apply Changes) |
| product_guid | The guid of the director (alternatively, "director") |
Getting BOSH CPI Config from historical installations
curl "https://example.com/api/v0/installations/1/cpi_config" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"cpis":[
{
"name":"71706aab76be17f1e06e",
"type":"google",
"migrated_from":[
{
"name":""
}
],
"properties":{
}
}
]
}
HTTP Request
GET /api/v0/installations/:installation_id/cpi_config
This endpoint returns the BOSH CPI configs for a given installation id.
Note: You can use GET /api/v0/installations to list the IDs of each historical installation.
Query Parameters
| Parameter | Description |
|---|---|
| installation_id | ID of the installation (i.e. ID of the instance of Apply Changes) |
Getting BOSH runtime configs from historical installations
curl "https://example.com/api/v0/installations/1/products/product-guid/runtime_configs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response for Product
HTTP/1.1 200 OK
{
"runtime_configs": [
{
"name": "runtime-config-1",
"manifest": {
"releases": {
"name": "strongswan",
"version": "6.0.0"
},
"addons": {
"name": "security",
"jobs": {
"name": "strongswan",
"release": "strongswan"
}
}
}
}
]
}
Example Response for BOSH Director
HTTP/1.1 200 OK
{
"runtime_configs": [
{
"name": "ops_manager_dns_runtime",
"manifest": {
"addons": [
{
"name": "bosh-dns",
"jobs": [
{
"release": "bosh-dns",
"name": "bosh-dns"
}
],
"properties": {
"override_nameserver": true,
"cache": {
"enabled": true
},
"excluded_recursors": [],
"recursor_timeout": null,
"handlers": []
},
"include": {
"stemcell": [
{
"os": "ubuntu-trusty"
},
{
"os": "ubuntu-xenial"
}
]
}
}
],
"releases": [
{
"version": "1.10.0",
"name": "bosh-dns"
}
],
"variables": []
}
},
{
"name": "director_runtime",
"manifest": {
"tags": {
}
}
}
]
}
HTTP Request
GET /api/v0/installations/:installation_id/products/:product_guid/runtime_configs
This endpoint returns a product's runtime configs for a given installation id
GET /api/v0/installations/:installation_id/products/director/runtime_configs
This endpoint returns the BOSH director's runtime configs for a given installation id.
Note: You can use GET /api/v0/installations to list the IDs and products guids of each historical installation.
Note: The example OpsManager DNS runtime config returned has been intentionally truncated and is not valid.
Query Parameters
| Parameter | Description |
|---|---|
| installation_id | ID of the installation (i.e. ID of the instance of Apply Changes) |
| product_guid | The guid of the director (alternatively, "director") |
Fetching installation logs
curl "https://example.com/api/v0/installations/1/logs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"logs": "some large text separated by newlines"
}
HTTP Request
GET /api/v0/installations/:installation_id/logs
This endpoint returns BOSH logs for a given installation id.
Query Parameters
| Parameter | Description |
|---|---|
| installation_id | ID of the installation |
Streaming current installation log
curl "https://example.com/api/v0/installations/current_log" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
Content-Type: text/event-stream
event:step_info
data:[{"id":"bosh_product.deploying","description":"Installing BOSH"},{"id":"bosh.uploading_runtime_config_releases","description":"Uploading runtime config releases to the director"},{"id":"bosh.updating_cloud_config","description":"Updating BOSH director with 2.0 cloud config"},{"id":"uaa_config.resetting","description":"Updating Internal UAA Configuration"},{"id":"example-product.runtime_configs","description":"Updating runtime configs for example-product"},{"id":"upload_assets.uploading_stemcell.example-product-f40a206c0af92de0ff9e","description":"Uploading stemcell for Ops Manager: Example Product"},{"id":"upload_assets.uploading_releases.example-product-f40a206c0af92de0ff9e","description":"Uploading releases for Ops Manager: Example Product"},{"id":"migrate_variables.migrating.example-product-f40a206c0af92de0ff9e","description":"Migrating credentials to director CredHub"},{"id":"bosh.deploying.example-product-f40a206c0af92de0ff9e","description":"Installing Ops Manager: Example Product"},{"id":"errands.running.example-product-f40a206c0af92de0ff9e.example-errand","description":"Running errand an errand to log properties for Ops Manager: Example Product"},{"id":"errands.running.example-product-f40a206c0af92de0ff9e.example_colocated_errand","description":"Running errand colocated errand on web_server for Ops Manager: Example Product"},{"id":"clean_up_bosh.cleaning_up","description":"Cleaning up BOSH director"}]
event:step_state_changed
data:{"type":"step_started","id":"bosh_product.deploying"}
data:===== 2018-02-16 22:25:47 UTC Running "/usr/local/bin/bosh --no-color --non-interactive --tty create-env /tempest_install_dir/default/deployments/bosh.yml"
data:Deployment manifest: '/tempest_install_dir/default/deployments/bosh.yml'
: keep alive
data:Deployment state: '/tempest_install_dir/default/deployments/bosh-state.json'
event:step_state_changed
data:{"type":"step_finished","id":"bosh_product.deploying"}
event:step_state_changed
data:{"type":"step_started","id":"clean_up_bosh.cleaning_up"}
data:===== 2018-02-16 22:27:18 UTC Finished "/usr/local/bin/bosh --no-color --non-interactive --tty --environment=172.18.0.10 clean-up"; Duration: 0s; Exit Status: 0
event:step_state_changed
data:{"type":"step_finished","id":"clean_up_bosh.cleaning_up"}
data:Exited with 0.
event:exit
data:{"type":"exit","code":0}
HTTP Request
GET /api/v0/installations/current_log
If there is no currently running Apply Changes then it returns 200 with an exit event of type "no install in progress".
This endpoint streams the logs of the currently running Apply Changes using the Server Sent Events format.
It starts by streaming an event named step_info which includes an array of JSON data with the name and descriptions of each ordered install step.
Next, it will stream all of the log which has already happened during this Apply Changes.
Then, it will stream realtime events and logs as they happen.
Mixed in with lines of logs, it will send events for steps called step_started and step_finished, and an exit event at the end.
The step_started and step_finished events have JSON data, that include an id key corresponding to the JSON sent in the step_info event.
The exit event has JSON data which includes the exit code of the last command from the Apply Changes.
A exit code of 0 means success, and any other exit code indicates failure.
When the Apply Changes ends, the server closes the client's connection.
Note: The example response included in this documentation has been abbreviated for the sake of brevity.
Revert staged changes
curl "https://example.com/api/v0/staged" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 204 OK
HTTP Request
DELETE /api/v0/staged
This endpoint reverts all staged changes. There is no response body.
Deployed BOSH Director
Note: If you are updating the configuration of a deployed director,
in the s3_blobstore_options section, only access_key and secret_key are editable.
If you do modify these, make sure to set bosh_recreate_on_next_deploy to true during the deploy of the credentials
change. You can unset this once the deploy is complete.
Getting a list of available credentials
curl "https://example.com/api/v0/deployed/director/credentials" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"credential_ids": [
"vm_credentials",
"agent_credentials",
"registry_credentials",
"director_credentials",
"nats_credentials",
"nats_client_ca",
"nats_server_certificate",
"nats_director_client_certificate",
"nats_health_monitor_client_certificate",
"postgres_credentials",
"blobstore_credentials",
"health_monitor_credentials",
"uaa_admin_user_credentials",
"uaa_login_client_credentials",
"uaa_jwt_key",
"bbr_ssh_credentials",
"uaa_bbr_client_credentials",
"bosh_commandline_credentials",
"blobstore_certificate"
]
}
HTTP Request
GET /api/v0/deployed/director/credentials
Use this endpoint to discover available types of credentials.
Listing an rsa_key credential
curl "https://example.com/api/v0/deployed/director/credentials/uaa_jwt_key" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"credential": {
"type": "rsa_cert_credentials",
"value": {
"private_key_pem": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/fakeSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
"public_key_pem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
}
}
}
HTTP Request
GET /api/v0/deployed/director/credentials/:id
Listing a simple_credential
curl "https://example.com/api/v0/deployed/director/credentials/agent_credentials" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"credential": {
"type": "simple_credentials",
"value": {
"identity": "vcap",
"password": "example-agent-password"
}
}
}
HTTP Request
GET /api/v0/deployed/director/credentials/:id
Fetching the deployed director runtime configs
curl "https://example.com/api/v0/deployed/director/runtime_configs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"runtime_configs": [
{
"name": "ops_manager_dns_runtime",
"manifest": {
"releases": {
"name": "bosh-dns",
"version": "1.0.0"
},
"addons": {
"name": "bosh-dns",
"jobs": {
"name": "bosh-dns",
"release": "bosh-dns"
}
}
}
}
]
}
HTTP Request
GET /api/v0/deployed/director/runtime_configs
This endpoint returns a list of the runtime configs included globally when the director product was last deployed.
Staged BOSH Director
Fetching director, IaaS, and security properties (Experimental)
curl "https://example.com/api/v0/staged/director/properties" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
"iaas_configuration": {
"iam_instance_profile": "my-instance-profile",
"security_group": "my-security-group",
"key_pair_name": "my-ssh-key",
"region": "us-east-1",
"encrypted": true,
"kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456",
"additional_cloud_properties": { "max_retries": 3 }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "hal9000.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "external",
"external_database_options": {
"host": "1.1.1.1",
"port": "8888",
"user": "admin",
"database": "external_db",
"connection_options": {
"max_connections": 5
},
"tls_enabled": true,
"tls_ca": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"tls_certificate": "-----BEGIN CERTIFICATE-----\r\nJAEBsjadfARug...",
"tls_private_key": "-----BEGIN RSA PRIVATE KEY----- ..."
},
"hm_pager_duty_options": {
"enabled": true,
"http_proxy": "http://yourfavoriteproxy.fake"
},
"hm_emailer_options": {
"enabled": true,
"port": "9001",
"domain": "domain.com",
"host": "hostplace.com",
"from": "youremail@realemailserver.com",
"tls": true,
"smtp_user": "admin",
"recipients": "firstperson@work.com,secondperson@work.com"
},
"blobstore_type": "gcs",
"gcs_blobstore_options": {
"bucket_name": "gcs-blobstore",
"storage_class": "REGIONAL",
"backup_strategy": "backup_to_additional_bucket",
"backup_bucket_name": "gcs-backup-bucket"
},
"encryption": {
"keys": [],
"providers": []
},
"identification_tags": {
"project": "cf",
"department": "hr"
}
},
"dns_configuration": {
"excluded_recursors": [],
"recursor_selection": "smart",
"recursor_timeout": "2s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "http",
"url": "http://some.endpoint.local"
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"queue_size": 10000,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response on Google Cloud Platform
HTTP/1.1 200 OK
{
"iaas_configuration": {
"project": "my-google-project",
"associated_service_account": "my-google-service-account",
"additional_cloud_properties": { "default_root_disk_size_gb": 2 }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "hal9000.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "s3",
"s3_blobstore_options": {
"endpoint": "http://some-s3-endpoint.com",
"bucket_name": "bucket-name",
"signature_version": "4",
"region": "us-west-1",
"backup_strategy": "backup_to_additional_bucket",
"backup_bucket_name": "secondary-bucket",
"backup_bucket_region": "secondary-region"
}
},
"encryption": {
"keys": [],
"providers": []
},
"identification_tags": {
"project": "cf",
"department": "hr"
}
},
"dns_configuration": {
"excluded_recursors": [],
"recursor_selection": "smart",
"recursor_timeout": "2s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "http",
"url": "http://some.endpoint.local"
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"queue_size": 10000,
"tls_enabled": false,
"permitted_peer": null,
"ssl_ca_certificate": null,
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response on Azure
HTTP/1.1 200 OK
{
"iaas_configuration": {
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Premium_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureCloud",
"additional_cloud_properties": { "keep_failed_vms": true },
"availability_mode": "availability_zones"
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "hal9000.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": false
},
"encryption": {
"keys": [],
"providers": []
},
"identification_tags": {
"project": "cf",
"department": "hr"
}
},
"dns_configuration": {
"excluded_recursors": [],
"recursor_selection": "smart",
"recursor_timeout": "2s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "http",
"url": "http://some.endpoint.local"
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": false
}
}
Example Response on Azure Stack
HTTP/1.1 200 OK
{
"iaas_configuration": {
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Standard_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureStack",
"azure_stack": {
"resource": "https://management.somedomain.onmicrosoft.com/some-guid",
"domain": "subdomain.somedomain.onmicrosoft.com",
"authentication": "AzureAD",
"endpoint_prefix": "management",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
},
"additional_cloud_properties": { "keep_failed_vms": true },
"availability_mode": "availability_zones"
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "hal9000.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": false
},
"encryption": {
"keys": [],
"providers": []
},
"identification_tags": {
"project": "cf",
"department": "hr"
}
},
"dns_configuration": {
"excluded_recursors": ["8.8.8.8"],
"recursor_selection": "smart",
"recursor_timeout": "2s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "http",
"url": "http://some.endpoint.local"
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": false
}
}
Example Response on vSphere
HTTP/1.1 200 OK
{
"iaas_configuration": {
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_username": "mysterious-gremlin",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARugmeow...",
"additional_cloud_properties": { "http_logging": true }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "hal9000.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": false
},
"encryption": {
"keys": [],
"providers": []
},
"identification_tags": {
"project": "cf",
"department": "hr"
}
},
"dns_configuration": {
"excluded_recursors": ["8.8.8.8"],
"recursor_selection": "smart",
"recursor_timeout": "2s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "http",
"url": "http://some.endpoint.local"
}
}
]
},
"security_configuration": {
"trusted_certificates": null,
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"queue_size": 10000,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response on Openstack
HTTP/1.1 200 OK
{
"iaas_configuration": {
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"networking_model": "nova",
"keystone_version": "v3.0",
"domain": "domain",
"connection_options": {
"read_timeout": 360
},
"boot_from_volume": false,
"disable_dhcp": true,
"networking_model": "nova",
"keystone_version": "v3.0",
"domain": "domain",
"connection_options": {
"read_timeout": 360
},
"additional_cloud_properties": { "human_readable_vm_names": true }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "hal9000.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": false
},
"encryption": {
"keys": [],
"providers": []
},
"identification_tags": {
"project": "cf",
"department": "hr"
}
},
"dns_configuration": {
"excluded_recursors": ["8.8.8.8"],
"recursor_selection": "smart",
"recursor_timeout": "2s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "http",
"url": "http://some.endpoint.local"
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"queue_size": 10000,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
HTTP Request
GET /api/v0/staged/director/properties
Fetch director, IaaS, and security properties.
Note: The property address field under syslog_configuration can be either a hostname or an IP address.
Note: The property opentsdb_ip field under director_configuration maps to the Bosh Health Monitor IP Address.
Note: If there are multiple Iaas Configurations, the iaas_configuration key is omitted from the response.
Query Parameters
| Parameter | Description |
|---|---|
| redact | (Optional) If set to 'false', the response will include IaaS-specific secrets. |
Updating director and Iaas properties (Experimental)
Example Request on AWS
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"access_key_id": "example-access-key",
"secret_access_key": "example-aws-secret-key",
"iam_instance_profile": "example-instance-profile",
"security_group": "example-security-group",
"key_pair_name": "example-ssh-key",
"ssh_private_key": "example-ssh-private-key",
"region": "us-east-1",
"encrypted": true,
"kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456",
"additional_cloud_properties": { "max_retries": 3 }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
}
},
"dns_configuration": {
"excluded_recursors": ["8.8.8.8"],
"recursor_selection": "smart",
"recursor_timeout": "4s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "dns",
"recursors": ["127.0.0.1"]
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"queue_size": null,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}'
Example Request on Google Cloud Platform
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"project": "my-google-project",
"associated_service_account": "my-google-service-account",
"auth_json": "****",
"additional_cloud_properties": { "default_root_disk_size_gb": 2 }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
}
},
"dns_configuration": {
"excluded_recursors": [],
"recursor_selection": "smart",
"recursor_timeout": "4s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "dns",
"recursors": ["127.0.0.1"]
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"queue_size": null,
"tls_enabled": false,
"permitted_peer": null,
"ssl_ca_certificate": null,
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}'
Example Request on Azure
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"client_secret": "super-duper-secret",
"resource_group_name": "my-resource-group",
"bosh_storage_account_name": "storage-account-bosh",
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"ssh_private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKgIBAAKCAgE...",
"cloud_storage_type": "managed_disks",
"storage_account_type": "Premium_LRS",
"environment": "AzureCloud",
"availability_mode": "availability_zones",
"additional_cloud_properties": { "keep_failed_vms": true }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
}
},
"dns_configuration": {
"excluded_recursors": ["8.8.8.8"],
"recursor_selection": "smart",
"recursor_timeout": "4s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "dns",
"recursors": ["127.0.0.1"]
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": false
}
}'
Example Request on Azure Stack
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"client_secret": "super-duper-secret",
"resource_group_name": "my-resource-group",
"bosh_storage_account_name": "storage-account-bosh",
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"ssh_private_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIJKgIBAAKCAgE...",
"cloud_storage_type": "managed_disks",
"storage_account_type": "Standard_LRS",
"environment": "AzureStack",
"azure_stack": {
"resource": "https://management.somedomain.onmicrosoft.com/some-guid",
"domain": "subdomain.somedomain.onmicrosoft.com",
"authentication": "AzureAD",
"endpoint_prefix": "management",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
},
"additional_cloud_properties": { "keep_failed_vms": true }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
}
},
"dns_configuration": {
"excluded_recursors": [],
"recursor_selection": "smart",
"recursor_timeout": "4s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "dns",
"recursors": ["127.0.0.1"]
}
}
]
},
"security_configuration": {
"trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": false
}
}'
Example Request on vSphere with HSM (Hardware Security Module) Options
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"vcenter_password": "fake-not-real-password",
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_password": "fake-password",
"nsx_username": "some-user",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"additional_cloud_properties": { "http_logging": true }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
},
"encryption": {
"keys": [
{
"provider_name": "luna-hsm",
"encryption_key_name": "pointer_to_key_on_HSM",
"active": true
}
],
"providers": [
{
"name": "luna-hsm",
"type": "hsm",
"partition": "some_partition",
"partition_password": "some_password",
"client_certificate": "user_provided_cert",
"client_key": "user_provided_key",
"servers": [
{
"host": "hsm_ip_address",
"port": "port_number_optional_defaults_to_1792",
"partition_serial_number": "serial_number",
"certificate": "public_key_to_talk_to_hsm"
}
]
}
]
},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
}
},
"dns_configuration": {
"excluded_recursors": [],
"recursor_selection": "smart",
"recursor_timeout": "4s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "dns",
"recursors": ["127.0.0.1"]
}
}
]
},
"security_configuration": {
"trusted_certificates": null,
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "my-syslog-address.com",
"port": "514",
"transport_protocol": "tcp",
"queue_size": null,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}'
Example Request on Openstack
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"password": "super-secret",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"ssh_private_key": "-----BEGIN RSA PRIVATE KEY----- ...",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"networking_model": "nova",
"keystone_version": "v3.0",
"domain": "domain",
"connection_options": {
"read_timeout": 360
},
"boot_from_volume": false,
"disable_dhcp": true,
"networking_model": "nova",
"keystone_version": "v3.0",
"domain": "domain",
"connection_options": {
"read_timeout": 360
},
"additional_cloud_properties": { "human_readable_vm_names": true }
},
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
}
},
"dns_configuration": {
"excluded_recursors": [],
"recursor_selection": "smart",
"recursor_timeout": "4s",
"handlers": [
{
"cache": {
"enabled": true
},
"domain": "example.com",
"source": {
"type": "dns",
"recursors": ["127.0.0.1"]
}
}
]
},
"security_configuration": {
"trusted_certificates": null,
"generate_vm_passwords": true,
"opsmanager_root_ca_trusted_certs": true
},
"syslog_configuration": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"queue_size": null,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}'
Example Request with External Database options
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "external",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
},
"external_database_options": {
"host": "db.mycompany.com",
"port": 5000,
"user": "admin",
"password": "super-secret",
"database": "production",
"connection_options": {
"max_connections": 5
},
"tls_enabled": true,
"tls_ca": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"tls_certificate": "-----BEGIN CERTIFICATE-----\r\nJAEBsjadfARug...",
"tls_private_key": "-----BEGIN RSA PRIVATE KEY----- ..."
}
}
}'
Example Request with S3 Blobstore options without a backup strategy
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "hal9000.tld",
"max_threads": 5,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"database_type": "internal",
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"identification_tags": {
"division":"HR",
"reimbursable":"true"
},
"blobstore_type": "s3",
"s3_blobstore_options": {
"endpoint": "http://some-s3-endpoint.com",
"bucket_name": "bucket-name",
"access_key": "the-access-key",
"secret_key": "the-secret-key",
"signature_version": "4",
"region": "us-west-1",
"backup_strategy": "none"
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
Example Request with S3 Blobstore options with a "backup_to_additional_bucket" strategy
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
},
"blobstore_type": "s3",
"s3_blobstore_options": {
"endpoint": "http://some-s3-endpoint.com",
"bucket_name": "bucket-name",
"access_key": "the-access-key",
"secret_key": "the-secret-key",
"signature_version": "4",
"region": "us-west-1",
"backup_strategy": "backup_to_additional_bucket",
"backup_bucket_name": "secondary-bucket",
"backup_bucket_region": "secondary-region"
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
Example Request with GCS Blobstore options
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"hm_emailer_options": {"enabled": false},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
},
"blobstore_type": "gcs",
"gcs_blobstore_options": {
"bucket_name": "bucket-name",
"service_account_key": "{\"the-secret-key\":\"your-key\"}",
"storage_class": "REGIONAL",
"backup_strategy": "backup_to_additional_bucket",
"backup_bucket_name": "backup-bucket-name"
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
Example Request with HM Emailer Options
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"hm_pager_duty_options": {"enabled": false},
"identification_tags": {
"division":"HR",
"reimbursable":"true"
},
"hm_emailer_options": {
"enabled": true,
"port": "9001",
"domain": "domain.com",
"host": "hostplace.com",
"from": "youremail@realemailserver.com",
"tls": true,
"smtp_user": "admin",
"smtp_password": "admin",
"recipients": "firstperson@work.com,secondperson@work.com"
},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
Example Request with HM Pager Duty Options
curl "https://example.com/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"director_configuration": {
"ntp_servers_string": "us.pool.ntp.org, time.google.com",
"resurrector_enabled": false,
"director_hostname": "HOSTNAME.MUST.RESOLVE.TO.DIRECTORS.IP.ADDRESS.tld",
"max_threads": 5,
"nats_max_payload_mb": 10,
"custom_ssh_banner": "Hello World!",
"opentsdb_ip": "1.2.3.4",
"director_worker_count": 5,
"post_deploy_enabled": false,
"bosh_recreate_on_next_deploy": false,
"bosh_recreate_persistent_disks_on_next_deploy": false,
"retry_bosh_deploys": false,
"keep_unreachable_vms": false,
"skip_director_drain": false,
"job_configuration_on_tmpfs": false,
"database_type": "internal",
"identification_tags": {
"division":"HR",
"reimbursable":"true"
},
"hm_pager_duty_options": {
"enabled": true,
"service_key": "YOURSERVICEKEYHERE",
"http_proxy": "http://yourfavoriteproxy.fake"
},
"blobstore_type": "local",
"local_blobstore_options": {
"tls_enabled": true
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
Example Response with Verification Warnings
HTTP/1.1 200 OK
{
"status": "Director properties were saved but there were verification errors which may prevent you from deploying",
"verification_errors": {
"iaas_configuration": [
"Could not log in: Unknown datacenter \"new-datacenter\"., type: IaasConfigurationVerifier"
],
"director_configuration": [
"Access Denied for bucket 'new-bucket', type: BlobstoreVerifier"
]
}
}
HTTP Request
PUT /api/v0/staged/director/properties
Set director, IaaS, and security properties.
Note: The property address field under syslog_configuration can be either a hostname or an IP address.
Note: The property opentsdb_ip field under director_configuration maps to the Bosh Health Monitor IP Address.
Note: Once a director is deployed, in the s3_blobstore_options section, only access_key and secret_key are editable.
If you do modify these, make sure to set bosh_recreate_on_next_deploy to true during the deploy of the credentials
change. You can unset this once the deploy is complete.
Director Configuration
| Iaas | Optional Fields | Notes |
|---|---|---|
| All | nats_max_payload_mb | Maximum message size in megabytes for the BOSH director's "nats" job |
| skip_director_drain | Defaults to false. Skip drain scripts when the BOSH Director is recreated | |
| job_configuration_on_tmpfs | Defaults to false. Configure BOSH-deployed jobs to store credentials on ramdisk. Warning: this will force BOSH to recreate VMs instead of rebooting them | |
| local_blobstore_options | Not required. Only meaningful if the blobstore_type is "local". |
|
| local_blobstore_options[tls_enabled] | Default false. Before switching to true, check docs.pivotal.io for Configuring BOSH director for your IaaS to see if this option is supported | |
| s3_blobstore_options | Only required if the blobstore_type is "s3 |
|
| s3_blobstore_options[bucket_name] | Bucket used by external blobstore plugin | |
| s3_blobstore_options[endpoint] | Host of blobstore server | |
| s3_blobstore_options[access_key] | AWS access_key_id used by s3 blobstore plugin | |
| s3_blobstore_options[secret_key] | AWS secret_access_key used by s3 blobstore plugin | |
| s3_blobstore_options[signature_version] | Signature version of the blobstore, can be "2" or "4" | |
| s3_blobstore_options[url_style] | Url style of the bucket, can be "domain-style" or "path-style" | |
| s3_blobstore_options[region] | Required if the signature_version is "4" |
|
| s3_blobstore_options[backup_strategy] | Can be "none", "backup_to_additional_bucket", or "use_versioned_bucket" | |
| s3_blobstore_options[backup_bucket_name] | Required if backup_strategy is "backup_to_additional_bucket". Name of bucket that will be used when copying blobstore objects during backup |
|
| s3_blobstore_options[backup_bucket_region] | Required if backup_strategy is "backup_to_additional_bucket". Region of bucket that will be used when copying blobstore objects during backup |
|
| gcs_blobstore_options | Only required if the blobstore_type is "gcs". |
|
| gcs_blobstore_options[bucket_name] | ||
| gcs_blobstore_options[service_account_key] | This is the JSON file provided by GCP when you create a private key for the service account. It contains your service_account_key, project_id, etc. It must be passed as an escaped JSON string. |
|
| gcs_blobstore_options[storage_class] | Defaults to "REGIONAL". Can be set to "REGIONAL", "MULTI_REGIONAL", "NEARLINE", "COLDLINE", "STANDARD". | |
| gcs_blobstore_options[backup_strategy] | Can be "none" or "backup_to_additional_bucket" | |
| gcs_blobstore_options[backup_bucket_name] | Required if backup_strategy is "backup_to_additional_bucket". Name of bucket that will be used when copying blobstore objects during backup |
|
| external_database_options | Only required if the database_type is "external" |
|
| external_database_options[host] | Required. Can only be changed in Advanced Mode | |
| external_database_options[port] | Required. Can only be changed in Advanced Mode | |
| external_database_options[database] | Required. Can only be changed in Advanced Mode | |
| external_database_options[user] | Required. Username for the database instance | |
| external_database_options[password] | Required. Password for the database instance | |
| external_database_options[tls_enabled] | Defaults to false. Enable TLS communication between the BOSH Director and its database | |
| external_database_options[tls_ca] | Optional | |
| external_database_options[tls_certificate] | Optional | |
| external_database_options[tls_private_key] | Optional | |
| external_database_options[connection_options] | Optional. JSON-formatted options string for additional database configuration | |
| director_hostname | The externally accessible hostname for the BOSH Director. This must resolve to the director's IP Address. | |
| post_deploy_enabled | Run Post Deploy errands | |
| bosh_recreate_on_next_deploy | Default false. Recreate all VMs on next deploy. This will be reset to false after a deploy. | |
| bosh_recreate_persistent_disks_on_next_deploy | Default false. Recreate all Persistent Disks for the director and all other tiles. This will be reset to false after a deploy. | |
| retry_bosh_deploys | Retry if there is an error during deploy | |
| keep_unreachable_vms | Keep VMs that fail their health check | |
| director_worker_count | Number of concurrent jobs a director can run | |
| opentsdb_ip | Maps to Bosh HM Forwarder. Only used if Bosh HM Forwarder job is deployed | |
| encryption | Optional external Hardware Security Module (HSM) | |
| encryption[keys] | List of keys to access the HSM Providers | |
| encryption[keys][provider_name] | Must match the name in the provider |
|
| encryption[keys][encryption_key_name] | A pointer to a key on the HSM | |
| encryption[keys][active] | Boolean. If true, this is the provider used to encrypt CredHub. Only one can be true. |
|
| encryption[providers] | List of providers. Currently only a single provider is allowed | |
| encryption[providers][name] | Must match a provider_name for a key |
|
| encryption[providers][type] | Must be hsm |
|
| encryption[providers][partition] | User-provided string, required | |
| encryption[providers][partition_password] | User-provided string, required | |
| encryption[providers][client_certificate] | User-provided certificate, required | |
| encryption[providers][client_key] | User-provided key, required | |
| encryption[providers][servers] | List of HSM servers (minimum 1) | |
| encryption[providers][servers][host] | Host/IP address of HSM server, required | |
| encryption[providers][servers][port] | Optional, defaults to 1792 | |
| encryption[providers][servers][partition_serial_number] | User-provided string, required | |
| encryption[providers][servers][certificate] | Public Key to talk to the HSM, user-provided, required | |
| identification_tags | Optional, defaults to {}. Can be set to a collection of key value pairs to be sent to the CPI for VM tagging |
|
| AWS | iam_instance_profile | |
| encrypted | Turn on EBS encryption for all disks. Defaults to false. | |
| kms_key_arn | Key used to encrypt all disks. Defaults to the account key. | |
| Azure | environment | Defaults to "AzureCloud". Can be set to "AzureCloud", "AzureUSGovernment", "AzureGermanCloud", "AzureChinaCloud", or "AzureStack". |
| cloud_storage_type | Defaults to "managed_disks". Can be set to "storage_accounts". To prevent data loss, once you have deployed using "managed_disks", you cannot switch back to "storage_accounts". | |
| deployments_storage_account_name | Only required if cloud_storage_type is "storage_accounts" |
|
| availability_mode | Either availability_sets or availability_zones |
|
| storage_account_type | Only required if cloud_storage_type is "managed_disks". Defaults to "Premium_LRS". Can also be "Standard_LRS". |
|
| azure_stack[authentication] | Only required if environment is AzureStack. Must be AzureAD or AzureChinaCloudAD. |
|
| vSphere | nsx_address | Only required if nsx_networking_enabled is true. |
| nsx_password | Only required if nsx_networking_enabled is true. |
|
| nsx_username | Only required if nsx_networking_enabled is true. |
|
| nsx_ca_certificate | Only required if nsx_networking_enabled is true. |
|
| nsx_mode | Optional, only applicable if nsx_networking_enabled is true. Defaults to nsx-v. Options are nsx-v and nsx-t. |
|
| Openstack | boot_from_volume | Optional. Default is false. When true, enables cinder-backed boot volumes. |
Fields with a set list of values
| Iaas | Field | Allowed Values |
|---|---|---|
| All | blobstore_type | "local", "s3", or "gcs" |
| All | database_type | "internal" or "external" |
| All | s3_blobstore_options[signature_version] | "2" or "4" |
| All | s3_blobstore_options[backup_strategy] | "none", "backup_to_additional_bucket", or "use_versioned_bucket" |
DNS Configuration
| Iaas | Optional Fields | Notes |
|---|---|---|
| All | excluded_recursors | Defaults to []. Can be set to a list of IP:Port addresses for BOSH DNS to ignore. |
| recursor_selection | The selection strategy for the recursors. Must be either 'serial' or 'smart'. | |
| recursor_timeout | A timeout value for when dialing, writing and reading from the configured recursors. | |
| handlers | Array of handler configurations. |
Security Configuration
| Iaas | Optional Fields | Notes |
|---|---|---|
| All | trusted_certificates | Certificates that VMs created by the BOSH director should trust in addition to those packaged with the stemcell (PEM encoded; zero or more certs allowed) |
| generate_vm_passwords | Defaults to true. When enabled, Ops Manager will generate unique VM passwords for all VMs in a BOSH deployment. |
|
| opsmanager_root_ca_trusted_certs | Defaults to false. When enabled, all Ops Manager Certificate Authorities will be appended to the list of trusted certificates and used as described above. |
Syslog Configuration
| Iaas | Fields | Notes |
|---|---|---|
| All | enabled | Defaults to false. Change this to true to use syslog |
| address | Required. The address or host for the syslog server | |
| port | Required. The port on which the syslog server listens | |
| transport_protocol | Required. The transport protocol used to send syslog messages to the server | |
| tls_enabled | Required. Defaults to false. Change this to true to use TLS. |
|
| ssl_ca_certificate | Required when using tls_enabled is true. This certificate will ensure that logs get securely transported to the syslog destination |
|
| permitted_peer | Required when using tls_enabled is true. Either the accepted fingerprint (SHA1) or name of remote peer, e.g. *.example.com |
|
| queue_size | Optional. The number of log messages the buffer holds before dropping messages. A larger buffer size might overload the system. Default is 100000 | |
| forward_debug_logs | Optional. Defaults to false. Some components produce voluminous debug logs. Change this to true to prevent debug logs from being forwarded. They will still be written to local disk. |
|
| custom_rsyslog_configuration | Optional. Accepts configuration for rsyslog in the rainerscript syntax. For example, 'if ($app-name startswith "exampleComponent") then stop' can be used to drop all traffic from a particular component. Entered configuration will be applied prior to the forwarding rule. |
Iaas Configuration
| Iaas | Optional Fields | Notes |
|---|---|---|
| All | additional_cloud_properties | Defaults to {}. Allows the operator to include global CPI properties that are not directly exposed by the API. Any key specified in the object will not be a recursive merge, but instead it will overwrite existing keys. For example, if OpsManager produces a vSphere CPI that specifies true for the allow_mixed_datastores property in the list of datacenters, then operator needs to provide the entire list of datacenters to not overwrite the datacenters key with an incomplete object. |
Fetching IaaS Configurations
curl "https://example.com/api/v0/staged/director/iaas_configurations" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
"iaas_configurations": [{
"guid": "some-guid",
"name": "default",
"iam_instance_profile": "my-instance-profile",
"security_group": "my-security-group",
"key_pair_name": "my-ssh-key",
"region": "us-east-1",
"encrypted": true,
"kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456",
"additional_cloud_properties": { "max_retries": 3 }
}]
}
Example Response on Google Cloud Platform
HTTP/1.1 200 OK
{
"iaas_configurations": [{
"guid": "some-guid",
"name": "default",
"project": "my-google-project",
"associated_service_account": "my-google-service-account",
"auth_json": "****",
"additional_cloud_properties": { "default_root_disk_size_gb": 2 }
}]
}
Example Response on Azure
HTTP/1.1 200 OK
{
"iaas_configurations": [{
"guid": "some-guid",
"name": "default",
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Premium_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureCloud",
"availability_mode": "availability_zones",
"additional_cloud_properties": { "keep_failed_vms": true }
}]
}
Example Response on Azure Stack
HTTP/1.1 200 OK
{
"iaas_configurations": [{
"guid": "some-guid",
"name": "default",
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Standard_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureStack",
"azure_stack": {
"resource": "https://management.somedomain.onmicrosoft.com/some-guid",
"domain": "subdomain.somedomain.onmicrosoft.com",
"authentication": "AzureAD",
"endpoint_prefix": "management",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
},
"availability_mode": "availability_sets",
"additional_cloud_properties": { "keep_failed_vms": true }
}]
}
Example Response on vSphere
HTTP/1.1 200 OK
{
"iaas_configurations": [{
"guid": "some-guid",
"name": "default",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_username": "mysterious-gremlin",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARugmeow...",
"additional_cloud_properties": { "http_logging": true }
}]
}
Example Response on Openstack
HTTP/1.1 200 OK
{
"iaas_configurations": [{
"guid": "some-guid",
"name": "default",
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"password": "super-secret",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"boot_from_volume": false,
"additional_cloud_properties": { "human_readable_vm_names": true }
}]
}
HTTP Request
GET /api/v0/staged/director/iaas_configurations
Fetch list of all iaas configurations
Query Parameters
| Parameter | Description |
|---|---|
| redact | (Optional) If set to 'false', the response will include IaaS-specific secrets. |
Fetching single IaaS Configuration
curl "https://example.com/api/v0/staged/director/iaas_configurations/some-guid" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
"iaas_configuration": {
"guid": "some-guid",
"name": "default",
"iam_instance_profile": "my-instance-profile",
"security_group": "my-security-group",
"key_pair_name": "my-ssh-key",
"region": "us-east-1",
"encrypted": true,
"kms_key_arn": "arn:aws:kms:us-east-1:123123123123:key/456456456",
"additional_cloud_properties": { "max_retries": 3 }
}
}
Example Response on Google Cloud Platform
HTTP/1.1 200 OK
{
"iaas_configuration": {
"guid": "some-guid",
"name": "default",
"project": "my-google-project",
"associated_service_account": "my-google-service-account",
"auth_json": "****",
"additional_cloud_properties": { "default_root_disk_size_gb": 2 }
}
}
Example Response on Azure
HTTP/1.1 200 OK
{
"iaas_configuration": {
"guid": "some-guid",
"name": "default",
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Premium_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureCloud",
"availability_mode": "availability_zones",
"additional_cloud_properties": { "keep_failed_vms": true }
}
}
Example Response on Azure Stack
HTTP/1.1 200 OK
{
"iaas_configuration": {
"guid": "some-guid",
"name": "default",
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Standard_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureStack",
"azure_stack": {
"resource": "https://management.somedomain.onmicrosoft.com/some-guid",
"domain": "subdomain.somedomain.onmicrosoft.com",
"authentication": "AzureAD",
"endpoint_prefix": "management",
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIJKgIBAAKCAgE..."
},
"availability_mode": "availability_sets",
"additional_cloud_properties": { "keep_failed_vms": true }
}
}
Example Response on vSphere
HTTP/1.1 200 OK
{
"iaas_configuration": {
"guid": "some-guid",
"name": "default",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_username": "mysterious-gremlin",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARugmeow...",
"additional_cloud_properties": { "http_logging": true }
}
}
Example Response on Openstack
HTTP/1.1 200 OK
{
"iaas_configuration": {
"guid": "some-guid",
"name": "default",
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"password": "super-secret",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"boot_from_volume": false,
"additional_cloud_properties": { "human_readable_vm_names": true }
}
}
HTTP Request
GET /api/v0/staged/director/iaas_configurations/:guid
Fetch single iaas configuration by guid
Query Parameters
| Parameter | Description |
|---|---|
| redact | (Optional) If set to 'false', the response will include IaaS-specific secrets. |
Creating IaaS Configurations
Example Request on vSphere
curl "https://example.com/api/v0/staged/director/iaas_configurations" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"name": "vCenter_Floor1",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"vcenter_password": "fake-not-real-password",
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_password": "fake-password",
"nsx_username": "some-user",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"additional_cloud_properties": {
"datacenters": [{
"name": "my-data-center",
"vm_folder": "my-folder",
"template_folder": "my-other-folder",
"disk_path": "my-disk",
"allow_mixed_datastores": false,
"datastore_pattern": "my-pattern",
"persistent_datastore_pattern": "my-other-pattern",
"clusters": []
}]
}
}
}'
Example Response on vSphere
HTTP/1.1 200 OK
{
"iaas_configuration": {
"name": "vCenter_Floor1",
"guid": "<autogenerated guid>",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"vcenter_password": "fake-not-real-password",
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_password": "fake-password",
"nsx_username": "some-user",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"additional_cloud_properties": {
"datacenters": [{
"name": "my-data-center",
"vm_folder": "my-folder",
"template_folder": "my-other-folder",
"disk_path": "my-disk",
"allow_mixed_datastores": false,
"datastore_pattern": "my-pattern",
"persistent_datastore_pattern": "my-other-pattern",
"clusters": []
}]
}
}
}
Example Response on vSphere with Verification Warnings
HTTP/1.1 207 Multi-Status
{
"iaas_configuration": {
"name": "vCenter_Floor1",
"guid": "some-guid",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"vcenter_password": "fake-not-real-password",
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_password": "fake-password",
"nsx_username": "some-user",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"additional_cloud_properties": {
"datacenters": [{
"name": "my-data-center",
"vm_folder": "my-folder",
"template_folder": "my-other-folder",
"disk_path": "my-disk",
"allow_mixed_datastores": false,
"datastore_pattern": "my-pattern",
"persistent_datastore_pattern": "my-other-pattern",
"clusters": []
}]
}
},
"verifications": {
"warnings": {
"base": [
"IaaS Configuration was saved, but there were verification errors which may prevent you from deploying",
"'NSX Password does not work', type: IaasConfigurationVerifier"
]
}
}
}
Example Request on Openstack
curl "https://example.com/api/v0/staged/director/iaas_configurations" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"name": "Openstack_Floor1",
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"password": "super-secret",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"ssh_private_key": "-----BEGIN RSA PRIVATE KEY----- ...",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"networking_model": "nova",
"boot_from_volume": true,
"additional_cloud_properties": { "human_readable_vm_names": true }
}
}'
Example Response on Openstack
HTTP/1.1 200 OK
{
"iaas_configuration": {
"name": "Openstack_Floor1",
"guid": "<autogenerated guid>",
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"password": "super-secret",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"networking_model": "nova",
"boot_from_volume": true,
"additional_cloud_properties": { "human_readable_vm_names": true }
}
}
This feature is only enabled for the vSphere and Openstack IaaS. All other IaaSes will receive a 501.
HTTP Request
POST /api/v0/staged/director/iaas_configurations
Create an IaaS configuration
Note: The property additional_cloud_properties is an object that allows the operator to include global CPI properties that are not directly exposed by the API. Any key specified in the object will not be a recursive merge, but instead it will overwrite existing keys.
For example, if OpsManager produces a vSphere CPI that specifies true for the allow_mixed_datastores property in the list of datacenters, then operator needs to provide the entire list of datacenters to not overwrite the datacenters key with an incomplete object.
Updating Single IaaS Configuration
Example Request on vSphere
curl "https://example.com/api/v0/staged/director/iaas_configurations/some-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"name": "vCenter_Floor1",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"vcenter_password": "fake-not-real-password",
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_password": "fake-password",
"nsx_username": "some-user",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"additional_cloud_properties": {
"datacenters": [{
"name": "my-data-center",
"vm_folder": "my-folder",
"template_folder": "my-other-folder",
"disk_path": "my-disk",
"allow_mixed_datastores": false,
"datastore_pattern": "my-pattern",
"persistent_datastore_pattern": "my-other-pattern",
"clusters": []
}]
}
}
}'
Example Response on vSphere
HTTP/1.1 200 OK
{
"iaas_configuration": {
"name": "vCenter_Floor1",
"guid": "some-guid",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"vcenter_password": "fake-not-real-password",
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_password": "fake-password",
"nsx_username": "some-user",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"additional_cloud_properties": {
"datacenters": [{
"name": "my-data-center",
"vm_folder": "my-folder",
"template_folder": "my-other-folder",
"disk_path": "my-disk",
"allow_mixed_datastores": false,
"datastore_pattern": "my-pattern",
"persistent_datastore_pattern": "my-other-pattern",
"clusters": []
}]
}
}
}
Example Response on vSphere with Verification Warnings
HTTP/1.1 207 Multi-Status
{
"iaas_configuration": {
"name": "vCenter_Floor1",
"guid": "some-guid",
"vcenter_host": "10.10.10.0",
"datacenter": "my-data-center",
"ephemeral_datastores_string": "e-datastore-name",
"persistent_datastores_string": "p-datastore-name",
"vcenter_username": "my-user-name",
"vcenter_password": "fake-not-real-password",
"nsx_networking_enabled": true,
"nsx_mode": "nsx-v",
"nsx_address": "10.10.10.10",
"nsx_password": "fake-password",
"nsx_username": "some-user",
"nsx_ca_certificate": "-----BEGIN CERTIFICATE-----MIIBsjCCARug...",
"bosh_vm_folder": "bosh-folder",
"bosh_template_folder": "my-bosh-template-folder",
"bosh_disk_path": "my-disk-location",
"ssl_verification_enabled": false,
"additional_cloud_properties": {
"datacenters": [{
"name": "my-data-center",
"vm_folder": "my-folder",
"template_folder": "my-other-folder",
"disk_path": "my-disk",
"allow_mixed_datastores": false,
"datastore_pattern": "my-pattern",
"persistent_datastore_pattern": "my-other-pattern",
"clusters": []
}]
}
},
"verifications": {
"warnings": {
"base": [
"IaaS Configuration was saved, but there were verification errors which may prevent you from deploying",
"'NSX Password does not work', type: IaasConfigurationVerifier"
]
}
}
}
Example Request on Openstack
curl "https://example.com/api/v0/staged/director/iaas_configurations/some-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"name": "Openstack_Floor1",
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"password": "super-secret",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"ssh_private_key": "-----BEGIN RSA PRIVATE KEY----- ...",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"networking_model": "nova",
"boot_from_volume": true,
"additional_cloud_properties": { "human_readable_vm_names": true }
}
}'
Example Response on Openstack
HTTP/1.1 200 OK
{
"iaas_configuration": {
"name": "Openstack_Floor1",
"guid": "<autogenerated guid>",
"identity_endpoint": "http://identity-endpoint.yourcompany.com",
"username": "admin",
"password": "super-secret",
"tenant": "example-tenant",
"security_group": "example-group",
"key_pair_name": "example-keypair-name",
"region": "example-region",
"ignore_server_availability_zone": false,
"disable_dhcp": true,
"networking_model": "nova",
"boot_from_volume": true,
"additional_cloud_properties": { "human_readable_vm_names": true }
}
}
Example Request on Azure
curl "https://example.com/api/v0/staged/director/iaas_configurations/some-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas_configuration": {
"name": "default",
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Premium_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureCloud",
"availability_mode": "availability_zones",
"additional_cloud_properties": { "keep_failed_vms": true }
}
}'
Example Response on Azure
HTTP/1.1 200 OK
{
"iaas_configuration": {
"name": "default",
"subscription_id": "my-subscription",
"tenant_id": "my-tenant",
"client_id": "my-client",
"resource_group_name": "my-resource-group",
"cloud_storage_type": "managed_disks",
"bosh_storage_account_name": "storage-account-bosh",
"storage_account_type": "Premium_LRS",
"deployments_storage_account_name": null,
"default_security_group": "my-security-group",
"ssh_public_key": "ssh-rsa ...",
"environment": "AzureCloud",
"availability_mode": "availability_zones",
"additional_cloud_properties": { "keep_failed_vms": true }
}
}
HTTP Request
PUT /api/v0/staged/director/iaas_configurations/:guid
Update an iaas configuration
Note: The property additional_cloud_properties is an object that allows the operator to include global CPI properties that are not directly exposed by the API. Any key specified in the object will not be a recursive merge, but instead it will overwrite existing keys.
For example, if OpsManager produces a vSphere CPI that specifies true for the allow_mixed_datastores property in the list of datacenters, then operator needs to provide the entire list of datacenters to not overwrite the datacenters key with an incomplete object.
Deleting IaaS Configuration
Example Request on an IaaS that supports multiple IaaS configurations (i.e. vSphere)
curl "https://example.com/api/v0/staged/director/iaas_configurations/some-guid" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on vSphere
HTTP/1.1 204 OK
Example Response on an IaaS that does not support multiple IaaS configurations (i.e Azure)
HTTP/1.1 501 Not-Implemented
{
"errors": {
"iaas_configuration": {
"base": [
"This feature is not available for this IaaS"
]
}
}
}
Example Response when the IaaS configuration still has availability zones assigned to itself.
HTTP/1.1 422 Unprocessable Entity
{
"errors": {
"iaas_configuration": {
"base": [
"is currently being used by the availability zone, \"AZ-1\""
]
}
}
}
Example Response when trying to delete the last IaaS configuration.
HTTP/1.1 422 Unprocessable Entity
{
"errors": {
"iaas_configuration": {
"base": [
"cannot delete the last iaas configuration"
]
}
}
}
This feature is only enabled for the vSphere and Openstack IaaS. All other IaaSes will receive a 501.
HTTP Request
DELETE /api/v0/staged/director/iaas_configurations/some-guid
Delete an IaaS configuration
Creating availability zones
Example Request on AWS, Google
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "Availability Zone 1"
}
}'
Example Response on AWS, Google
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 1",
"iaas_configuration_guid": "iaas-configuration-guid",
"guid": "guid-1"
}
}
Example Request on Openstack
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "Availability Zone 1",
"iaas_identifier": "my-iaas-identifier"
}
}'
Example Response on Openstack
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 1",
"iaas_identifier": "my-iaas-identifier",
"iaas_configuration_guid": "iaas-configuration-guid",
"guid": "guid-1"
}
}
Example Request on Openstack without iaas_identifier
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "nova",
}
}'
Example Response on Openstack
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "nova",
"iaas_identifier": "nova",
"iaas_configuration_guid": "iaas-configuration-guid",
"guid": "guid-1"
}
}
Example Request on Openstack for Multi-Datacenter
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "Availability Zone 1",
"iaas_identifier": "nova",
"iaas_configuration_guid": "new-iaas-configuration-guid"
}
}'
Example Response on Openstack for Multi-Datacenter
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 1",
"iaas_identifier": "nova",
"iaas_configuration_guid": "new-iaas-configuration-guid",
"guid": "guid-1"
}
}
Example Request on vSphere (with Clusters)
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "Availability Zone 1",
"clusters": [
{
"cluster": "a-cluster",
"resource_pool": "resource-pool-1",
"host_group": "host-group-1"
},
{
"cluster": "b-cluster",
"resource_pool": "resource-pool-2"
}
]
}
}'
Example Response on vSphere (with Clusters)
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 1",
"guid": "guid-1",
"iaas_configuration_guid": "iaas-configuration-guid",
"clusters": [
{
"guid": "guid-2",
"cluster": "a-cluster",
"resource_pool": "resource-pool-1",
"host_group": "host-group-1"
},
{
"guid": "guid-3",
"cluster": "b-cluster",
"resource_pool": "resource-pool-2",
"host_group": null
}
]
}
}
Example Request on vSphere for Multi-Datacenter
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "Availability Zone 12",
"iaas_configuration_guid": "iaas-configuration-guid-2",
"clusters": [
{
"cluster": "a-cluster",
"resource_pool": "resource-pool-1"
},
{
"cluster": "b-cluster",
"resource_pool": "resource-pool-2"
}
]
}
}'
Example Response on vSphere for Multi-Datacenter with Verification Warnings
HTTP/1.1 207 OK
{
"availability_zone": {
"name": "Availability Zone 12",
"guid": "guid-1",
"iaas_configuration_guid": "iaas-configuration-guid-2",
"clusters": [
{
"guid": "guid-2",
"cluster": "a-cluster",
"resource_pool": "resource-pool-1"
},
{
"guid": "guid-3",
"cluster": "b-cluster",
"resource_pool": "resource-pool-2"
}
]
},
"warnings": {
"errors": {
"base": [
"Availability zone was saved but there are verification errors which may prevent you from deploying",
"Cannot find availability zone 'Availability Zone 12', type: AvailabilityZonesVerifier"
]
}
}
}
Example Response on Azure
HTTP/1.1 405 Method Not Allowed
{
"errors": [
"This IaaS does not support modifying availability zones"
]
}
HTTP Request
POST /api/v0/staged/director/availability_zones
This endpoint creates an availability zone.
iaas_configuration_guid is optional if you only have a single IaaS
configuration. Multiple IaaS configurations are only supported on vSphere at this time.
Modifying availability zones is not supported on Azure.
Fetching availability zones
Example Request
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS, Google
HTTP/1.1 200 OK
{
"availability_zones": [
{
"name": "Availability Zone 1",
"guid": "guid-1",
"iaas_configuration_guid": "iaas-configuration-guid"
},
{
"name": "Availability Zone 2",
"guid": "guid-4",
"iaas_configuration_guid": "iaas-configuration-guid"
}
]
}
Example Response on Openstack
HTTP/1.1 200 OK
{
"availability_zones": [
{
"name": "Availability Zone 1",
"guid": "guid-1",
"iaas_identifier": "first-iaas-identifier",
"iaas_configuration_guid": "iaas-configuration-guid"
},
{
"name": "Availability Zone 2",
"guid": "guid-4",
"iaas_identifier": "second-iaas-identifier",
"iaas_configuration_guid": "iaas-configuration-guid"
}
]
}
Example Response on vSphere (with Clusters and multi-datacenter)
HTTP/1.1 200 OK
{
"availability_zones": [
{
"name": "Availability Zone 1",
"guid": "guid-1",
"iaas_configuration_guid": "iaas-configuration-guid",
"clusters": [
{
"guid": "guid-2",
"cluster": "a-cluster",
"resource_pool": "resource-pool-1",
"host_group": null
},
{
"guid": "guid-3",
"cluster": "b-cluster",
"resource_pool": null,
"host_group": "host-group-4"
}
]
},
{
"name": "Availability Zone 2",
"guid": "guid-4",
"iaas_configuration_guid": "iaas-configuration-guid-2",
"clusters": [
{
"guid": "guid-3",
"cluster": "b-cluster",
"resource_pool": "resource-pool-2",
"host_group": null
}
]
}
]
}
Example Response on Azure when the Availability Mode is Zones
HTTP/1.1 200 OK
{
"availability_zones": [
{
"name": "zone-1",
"guid": "guid-1",
"iaas_identifier": "1",
"iaas_configuration_guid": "iaas-configuration-guid"
},
{
"name": "zone-2",
"guid": "guid-2",
"iaas_identifier": "2",
"iaas_configuration_guid": "iaas-configuration-guid"
},
{
"name": "zone-3",
"guid": "guid-3",
"iaas_identifier": "3",
"iaas_configuration_guid": "iaas-configuration-guid"
}
]
}
Example Response on Azure when the Availability Mode is Sets
HTTP/1.1 200 OK
{
"availability_zones": [
{
"name": "Availability Sets",
"guid": "guid-1",
"iaas_identifier": null,
"iaas_configuration_guid": "iaas-configuration-guid"
}
]
}
HTTP Request
GET /api/v0/staged/director/availability_zones
This endpoint fetches the collection of availability zones.
iaas_configuration_guid is optional if you only have a single IaaS
configuration. Multiple IaaS configurations are only supported on vSphere at this time.
If the IaaS does not support availability zones an error will be returned.
Fetching single availability zone
Example Request
curl "https://example.com/api/v0/staged/director/availability_zones/guid-1" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS, Google
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 1",
"guid": "guid-1",
"iaas_configuration_guid": "iaas-configuration-guid"
}
}
Example Response on Openstack
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 1",
"iaas_identifier": "my-iaas-identifier",
"guid": "guid-1",
"iaas_configuration_guid": "iaas-configuration-guid"
}
}
Example Response on vSphere (with Clusters)
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 1",
"guid": "guid-1",
"clusters": [
{
"guid": "guid-2",
"cluster": "a-cluster",
"resource_pool": "resource-pool-1",
"host_group": null
},
{
"guid": "guid-3",
"cluster": "b-cluster",
"resource_pool": null,
"host_group": "host-group-4"
}
],
"iaas_configuration_guid": "iaas-configuration-guid-1"
}
}
Example Response on Azure when the Availability Mode is Zones
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "zone-1",
"guid": "guid-1",
"iaas_identifier": "1",
"iaas_configuration_guid": "iaas-configuration-guid"
}
}
Example Response on Azure when the Availability Mode is Sets
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Sets",
"guid": "guid-1",
"iaas_identifier": null,
"iaas_configuration_guid": "iaas-configuration-guid"
}
}
HTTP Request
GET /api/v0/staged/director/availability_zones/:az-guid
This endpoint fetches the availability zone.
iaas_configuration_guid is optional if you only have a single IaaS
configuration. Multiple IaaS configurations are only supported on vSphere at this time.
If the IaaS does not support availability zones an error will be returned.
Updating availability zone
Example Request on AWS, Google
curl "https://example.com/api/v0/staged/director/availability_zones/existing-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"availability_zone": {
"name": "us-west-1a",
"guid": "existing-guid"
}
}'
Example Response on AWS, Google
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "us-west-1a",
"guid": "existing-guid",
"iaas_configuration_guid": "iaas-configuration-guid"
}
}
Example Request on Openstack
curl "https://example.com/api/v0/staged/director/availability_zones/existing-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "Availability Zone New Name",
"guid": "existing-guid",
"iaas_identifier": "my-iaas-identifier"
}
}'
Example Response on Openstack
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone New Name",
"iaas_identifier": "my-iaas-identifier",
"iaas_configuration_guid": "iaas-configuration-guid",
"guid": "existing-guid"
}
}
Example Request on Openstack without iaas_identifier
curl "https://example.com/api/v0/staged/director/availability_zones/existing-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "nova",
"guid": "existing-guid",
}
}'
Example Response on Openstack
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "nova",
"iaas_identifier": "nova",
"iaas_configuration_guid": "iaas-configuration-guid",
"guid": "existing-guid"
}
}
Example Request on Openstack for Multi-Datacenter
curl "https://example.com/api/v0/staged/director/availability_zones/existing-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"name": "Availability Zone 2",
"iaas_identifier": "nova",
"iaas_configuration_guid": "iaas-configuration-guid-2",
"guid": "existing-guid"
}
}'
Example Response on Openstack for Multi-Datacenter
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "Availability Zone 2",
"iaas_identifier": "nova",
"iaas_configuration_guid": "iaas-configuration-guid-2",
"guid": "existing-guid"
}
}
Example Request on vSphere
curl "https://example.com/api/v0/staged/director/availability_zones/existing-az-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"availability_zone": {
"guid": "existing-az-guid",
"name": "AZ1",
"clusters": [
{
"guid": "existing-cluster-guid",
"cluster": "pizza-boxes",
"resource_pool": "maraudon",
"host_group": "my-host-group"
},
{
"cluster": "marinara",
"resource_pool": "maraudon"
}
]
}
}'
Example Response on vSphere
HTTP/1.1 200 OK
{
"availability_zone": {
"name": "AZ1",
"guid": "existing-az-guid",
"iaas_configuration_guid": "iaas-configuration-guid",
"clusters": [
{
"guid": "existing-cluster-guid",
"cluster": "pizza-boxes",
"resource_pool": "maraudon",
"host_group": "my-host-group"
},
{
"cluster": "marinara",
"resource_pool": "maraudon"
}
]
}
}
Example Request on vSphere for Multi-Datacenter
curl "https://example.com/api/v0/staged/director/availability_zones/guid-1" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-d '{
"availability_zone": {
"guid": "guid-1",
"name": "Availability Zone 12",
"iaas_configuration_guid": "iaas-configuration-guid-2",
"clusters": [
{
"guid": "guid-2",
"cluster": "a-cluster",
"resource_pool": "resource-pool-1"
},
{
"guid": "guid-3",
"cluster": "b-cluster",
"resource_pool": "resource-pool-2"
}
]
}
}'
Example Response on vSphere for Multi-Datacenter with Verification Warnings
HTTP/1.1 207 OK
{
"availability_zone": {
"name": "Availability Zone 12",
"guid": "guid-1",
"iaas_configuration_guid": "iaas-configuration-guid-2",
"clusters": [
{
"guid": "guid-2",
"cluster": "a-cluster",
"resource_pool": "resource-pool-1"
},
{
"guid": "guid-3",
"cluster": "b-cluster",
"resource_pool": "resource-pool-2"
}
]
},
"warnings": {
"errors": {
"base": [
"Availability zone was saved but there are verification errors which may prevent you from deploying",
"Cannot find availability zone 'Availability Zone 12', type: AvailabilityZonesVerifier"
]
}
}
}
HTTP Request
PUT /api/v0/staged/director/availability_zones/:az-guid
This endpoint allows you to update an availability zone.
There are different fields for availability zones per IaaS. Look at the examples to see the valid fields for each IaaS.
iaas_configuration_guid is optional if you only have a single IaaS
configuration. Multiple IaaS configurations are only supported on vSphere at this time.
Availability zones cannot be updated on Azure.
Availability zones that are already on a deployed product cannot be updated.
Deleting single availability zone
Example Request
curl "https://example.com/api/v0/staged/director/availability_zones/guid-1" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on vSphere, AWS, Google, OpenStack
HTTP/1.1 200 OK
{
}
Example Response on Azure
HTTP/1.1 405 Method Not Allowed
{
"errors": [
"This IaaS does not support modifying availability zones"
]
}
HTTP Request
DELETE /api/v0/staged/director/availability_zones/:az-guid
This endpoint deletes the availability zone. If the IaaS does not support availability zones an error will be returned.
Availability zones that are already on a deployed product cannot be deleted.
Updating availability zones (Experimental)
Example Request on vSphere
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"availability_zones": [
{
"guid": "existing-az-guid",
"name": "AZ1",
"clusters": [
{
"guid": "existing-cluster-guid",
"cluster": "pizza-boxes",
"resource_pool": "maraudon",
"host_group": "my-host-group"
},
{
"cluster": "marinara",
"resource_pool": "maraudon"
}
]
}
]
}'
Example Request on AWS
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"availability_zones": [
{ "name": "us-west-1a", "guid": "existing-guid" },
{ "name": "us-east-1a" }
]
}'
Example Request on Google
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"availability_zones": [
{ "name": "us-west1-a", "guid": "existing-guid" },
{ "name": "us-east1-a" }
]
}'
Example Request on OpenStack
curl "https://example.com/api/v0/staged/director/availability_zones" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"availability_zones": [
{ "name": "availability-zone-1", "guid": "existing-guid" },
{ "name": "availability-zone-2" }
]
}'
Example Response on OpenStack with Verification Warnings
HTTP/1.1 207 OK
{
"warnings": {
"errors": {
"base": [
"Availability zone(s) were saved but there are verification errors which may prevent you from deploying",
"Cannot find availability zone 'availability-zone-2', type: AvailabilityZonesVerifier"
]
}
}
}
HTTP Request
PUT /api/v0/staged/director/availability_zones
Use of this endpoint is not recommended. Please use create, update, or delete.
If you are using the multi-datacenter feature on vSphere, this endpoint is not available.
On all other IaaS, the iaas_configuration_guid property of availability zones
will be ignored and automatically set to the default configuration.
This endpoint allows you to completely replace the collection of availability zones. OpsManager uses GUIDs to match existing objects in the collection. Unmatched availability zones will be added, matched availability zones will be updated, and omitted availability zones will be deleted.
There are different fields for availability zones per IaaS. Look at the examples to see the valid fields for each IaaS. Availability zones cannot be updated or replaced on Azure.
Availability zones that are already on a deployed product cannot be updated or deleted.
Updating network and availability zone assignments
Example Request on Google, vSphere, or AWS. This also applies on Azure when the Availability Mode is Zones.
curl "https://example.com/api/v0/staged/director/network_and_az" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"network_and_az": {
"network": {
"name": "network_name"
},
"singleton_availability_zone": {
"name": "availability_zone_name"
}
}
}'
Example Request on Azure when the Availability Mode is Sets
curl "https://example.com/api/v0/staged/director/network_and_az" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"network_and_az": {
"network": {
"name": "network_name"
}
}
}'
HTTP Request
PUT /api/v0/staged/director/network_and_az
This endpoint allows you to set the network and singleton availability zone for the bosh director. You cannot use this endpoint if the director is already deployed.
The parameters must match the names of an already created network and availability zone. The network must have at least one subnet on the singleton availability zone and cannot be a service network.
On Azure, when the Availability Mode is Sets, the
singleton_availability_zone key is not required, and will be ignored.
Fetching networks
Example Request
curl "https://example.com/api/v0/staged/director/networks" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
"icmp_checks_enabled": true,
"networks": [
{
"guid": "0d35c70db3c592cb1ac7",
"name": "first-network",
"subnets": [
{
"guid": "433d16d727706e3be752",
"iaas_identifier": "hinterlands-1",
"cidr": "10.85.41.0/24",
"dns": "10.87.8.10",
"gateway": "10.85.41.1",
"reserved_ip_ranges": "10.85.41.1-10.85.41.97,10.85.41.117-10.85.41.255",
"availability_zone_names": [
"first-az",
"second-az"
]
}
]
}
]
}
HTTP Request
GET /api/v0/staged/director/networks
This endpoint fetches the collection of networks (and subnets).
Updating networks (Experimental)
Example Request
curl "https://example.com/api/v0/staged/director/networks" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"icmp_checks_enabled": true,
"networks": [
{
"name": "network-to-create",
"subnets": [{
"iaas_identifier": "subnet1",
"cidr": "10.0.0.0/24",
"reserved_ip_ranges": "10.0.0.1",
"dns": "8.8.8.8",
"gateway": "10.0.0.100",
"availability_zone_names": ["first-az", "second-az"]
}]
},
{
"name": "network-to-update",
"guid": "existing-network-guid",
"subnets": [{
"iaas_identifier": "subnet2",
"guid": "existing-subnet-guid",
"cidr": "10.0.1.0/24",
"reserved_ip_ranges": "10.0.1.1-10.0.1.15,10.0.1.20",
"dns": "8.8.8.8",
"gateway": "10.0.0.100",
"availability_zone_names": ["first-az", "second-az"]
}]
}
]
}'
Example Response with Verification Warnings
HTTP/1.1 200 OK
{
"status": "Networks were saved but there were verification errors which may prevent you from deploying",
"verification_errors": [
"Cannot reach DNS with IP 0.0.0.0 (ignorable if ICMP is disabled), type: NetworksPingableVerifier",
"Cannot find network 'foo', type: NetworksExistenceVerifier",
"Gateway IP '8.8.8.8' not in CIDR range '10.9.9.0/24', type: GatewayCidrVerifier"
]
}
HTTP Request
PUT /api/v0/staged/director/networks
This endpoint allows you to completely replace the collection of networks (and subnets). OpsManager uses GUIDs to match existing objects in the collection. Unmatched networks will be added, matched networks will be updated, and omitted networks will be deleted.
There are different availability zone rules depending on IaaS, see table:
| Iaas | Value of availability_zone_names field |
|---|---|
| AWS | An array with 1 AZ name only |
| Azure | Ignored |
| GCP | An array with 1 or more AZ names |
| OpenStack | An array with 1 or more AZ names |
| vSphere | An array with 1 or more AZ names |
The iaas_identifier field contains different values based on IaaS as well, identical to the UI.
Retrieving a list of install time verifiers for the director
curl "https://example.com/api/v0/staged/director/verifiers/install_time" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"verifiers": [
{
"type": "AllocatedIpAddressVerifier",
"enabled": true
},
{
"type": "AvailabilityZonesVerifier",
"enabled": true
},
{
"type": "DirectorConfigurationVerifier",
"enabled": true
},
{
"type": "IaasConfigurationVerifier",
"enabled": true
},
{
"type": "NetworksExistenceVerifier",
"enabled": true
},
{
"type": "NetworksPingableVerifier",
"enabled": true
},
{
"type": "PrivilegeVerifier",
"enabled": true
}
]
}
HTTP Request
GET /api/v0/staged/director/verifiers/install_time
This endpoint returns a list of install-time verifiers for the director and whether or not each is enabled/disabled.
Turning off a verifier for the director
curl "https://example.com/api/v0/staged/director/verifiers/install_time/NetworksPingableVerifier" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Example Response
HTTP/1.1 200 OK
{
"type": "NetworksPingableVerifier",
"enabled": false
}
HTTP Request
PUT /api/v0/staged/director/verifiers/install_time/:verifier_name
This endpoint allows the user to disable/enable a verifier for the director during Apply Changes.
Fetching the staged director runtime configs
curl "https://example.com/api/v0/staged/director/runtime_configs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"runtime_configs": [
{
"name": "ops_manager_dns_runtime",
"manifest": {
"releases": {
"name": "bosh-dns",
"version": "1.0.0"
},
"addons": {
"name": "bosh-dns",
"jobs": {
"name": "bosh-dns",
"release": "bosh-dns"
}
}
}
},
{
"name": "director_runtime",
"manifest": {
"tags": {
"some-tag": "some-value"
}
}
}
]
}
HTTP Request
GET /api/v0/staged/director/runtime_configs
This endpoint returns a list of the runtime configs included globally when deploying the director product.
Running a pre-deploy check for the staged BOSH Director
curl "https://example.com/api/v0/staged/director/pre_deploy_check" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"pre_deploy_check": {
"identifier": "p-bosh-guid",
"complete": false,
"network": {
"assigned": true
},
"availability_zone": {
"assigned": false
},
"stemcells": [
{
"assigned": false,
"required_stemcell_version": "250.2",
"required_stemcell_os": "ubuntu-xenial"
}
],
"properties": [],
"resources": {
"jobs": []
},
"verifiers": [
{
"type": "NetworksPingableVerifier",
"errors": [
"Cannot reach gateway with IP 0.0.0.0 (ignorable if ICMP is disabled), type: NetworksPingableVerifier"
],
"ignorable": true
},
{
"type": "PrivilegeVerifier",
"errors": [
"'Could not connect to vCenter IP: Failed to open TCP connection to foo:443 (getaddrinfo: nodename nor servname provided, or not known)', type: PrivilegeVerifier",
],
"ignorable": true
},
{
"type": "IaasConfigurationVerifier",
"errors": [
"'Could not connect to vCenter IP: Failed to open TCP connection to foo:443 (getaddrinfo: nodename nor servname provided, or not known)', type: IaasConfigurationVerifier",
],
"ignorable": false
},
{
"type": "AvailabilityZonesVerifier",
"errors": [
"'Could not connect to vCenter IP: Failed to open TCP connection to foo:443 (getaddrinfo: nodename nor servname provided, or not known)', type: AvailabilityZonesVerifier",
],
"ignorable": false
},
{
"type": "NetworksExistenceVerifier",
"errors": [
"'Could not connect to vCenter IP: Failed to open TCP connection to foo:443 (getaddrinfo: nodename nor servname provided, or not known)', type: NetworksExistenceVerifier",
],
"ignorable": false
}
]
}
}
HTTP Request
GET /api/v0/staged/director/pre_deploy_check
This endpoint returns granular information about whether the staged BOSH Director is ready to be deployed. It lists the following:
- network assignment
- availability zone assignment
- stemcell assignment
- properties that have errors
- invalid resource configuration for jobs (Note: this can only occur on non-BOSH products but is documented here for consistency)
- verifiers that failed
Products
General information about products regardless of whether or not they are deployed
Get icon of product
curl "https://example.com/api/v0/products/product-guid/icon" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"icon": "iVBORw0KGgoAAAANSUhEUgAAAUIAAADcCAYAAAAFtqgbAAAAAXNS..."
}
HTTP Request
GET /api/v0/products/:product_guid/icon
Returns base64-encoded icon of the product.
Available Products
An available product is a product that has been uploaded into Ops Manager, or is available for download from Pivotal Network. Available products must be added to the Staged products namespace before configuration changes can be made.
Uploading a product
curl "https://example.com/api/v0/available_products" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-F 'product[file]=@/path/to/component.zip'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/available_products
Checking for product updates
curl "https://example.com/api/v0/pivotal_network/available_product_updates" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "product_name": "pivnet-product-name" }'
Example Response
HTTP/1.1 200 OK
{
"versions": [
"1.1.0",
"1.0.10"
]
}
HTTP Request
GET /api/v0/pivotal_network/available_product_updates
Fetching EULA content for a given product
curl "https://example.com/api/v0/pivotal_network/eulas?product_name=example-product&version=1.0.1" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"eula": "Legalese..."
}
HTTP Request
GET /api/v0/pivotal_network/eulas?product_name=example-product-name&version=1.0.1
This retrieves the EULA for the version of the requested product
Accepting EULA for a given product
curl "https://example.com/api/v0/pivotal_network/eulas?product_name=example-product&version=1.0.1&accept=true" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
PUT /api/v0/pivotal_network/eulas?product_name=example-product-name&version=1.0.1&accept=true
This accepts the EULA for the version of the requested product, on the Pivotal Network
Download a given product with version from Pivotal Network
Example Request
curl "https://example.com/api/v0/pivotal_network/downloads" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"product_name": "pivnet-product-name",
"version": "1.2.3"
}'
Example Response
HTTP/1.1 200 OK
{
"download_id": 1
}
Example Request for downloading PAS
curl "https://example.com/api/v0/pivotal_network/downloads" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"product_name": "pivnet-product-name",
"version": "1.2.3",
"pivnet_filename_regex": "cf-.*\.pivotal"
}'
Example Response
HTTP/1.1 200 OK
{
"download_id": 1
}
HTTP Request
POST /api/v0/pivotal_network/downloads
You must have an Pivotal Network API token set for this endpoint to work. You must also have accepted the EULA for the provided version of the product.
If pivnet_filename_regex is not specified, then OpsManager will use the first .pivotal file found for the corresponding product release on PivNet.
Because the Pivotal Application Service product release provides two .pivotal files (Pivotal Application Service and Small Footprint PAS), specifying a regex for pivnet_filename_regex
will allow OpsManager to pick the correct file.
Check the status of a download for Pivotal Network
curl "https://example.com/api/v0/pivotal_network/downloads/2" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"download": {
"id": 2,
"status": "DOWNLOADING",
"product_identifier": "pivnet-product-name",
"product_version": "1.2.3",
"bytes_downloaded": 89,
"total_bytes": 100
}
}
HTTP Request
GET /api/v0/pivotal_network/downloads/:download_id
Potential values for status:
- QUEUED
- DOWNLOADING
- IMPORTING
- COMPLETED
- FAILED
Checking for stemcell updates
curl "https://example.com/api/v0/pivotal_network/stemcell_updates" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"stemcell_updates": [
{
"stemcell_version": "3586.57",
"release_id": 100,
"products": [
{
"product_id": "product1-id-using-trusty"
},
{
"product_id": "product2-id-using-trusty"
}
]
},
{
"stemcell_version": "97.34",
"release_id": 200,
"products": [
{
"product_id": "product3-id-using-xenial"
}
]
},
{
"stemcell_version": "1709.15",
"release_id": 300,
"products": [
{
"product_id": "product4-id-using-windows2016"
}
]
}
]
}
HTTP Request
GET /api/v0/pivotal_network/stemcell_updates
This endpoint will search a local cache of all stemcells versions available on Pivotal Network (including ubuntu-trusty, ubuntu-xenial, windows2019, windows1803, windows2016, and windows2012R2). If a product is already assigned the latest stemcell, this endpoint will not return anything for that product.
Listing all available products
curl "https://example.com/api/v0/available_products" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
{
"name": "p-bosh",
"product_version": "1.7.0.0"
},
{
"name": "dummy",
"product_version": "1.0.0.0"
}
]
HTTP Request
GET /api/v0/available_products
Deleting a single unused product
Deletes a single unused product, and any stemcells and releases used only by it.
curl "https://example.com/api/v0/available_products?product_name=my-product&version=1.2.0" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
DELETE /api/v0/available_products?product_name=my-product&version=1.2.0
Deleting unused products
curl "https://example.com/api/v0/available_products" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
DELETE /api/v0/available_products
Deployed Products
The Deployed namespace represents the actual state of the installation and various deployment-specific attributes can be retrieved here.
Viewing a List of Deployed Products
curl "https://example.com/api/v0/deployed/products" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
{
"installation_name": "component-type1-installation-name",
"guid": "component-type1-guid",
"type": "component-type1",
"product_version": "1.0",
"stale": {
"parent_products_deployed_more_recently": ["p-bosh-guid"]
},
"label": "product-label"
},
{
"installation_name": "p-bosh-installation-name",
"guid": "p-bosh-guid",
"type": "p-bosh",
"stale": {
"parent_products_deployed_more_recently": []
},
"label": "BOSH Director"
}
]
HTTP Request
GET /api/v0/deployed/products
Adding an available product to the installation
Query Parameters
| Parameter | Description |
|---|---|
| name | The name of the product as specified in the product template, e.g. 'cf' or 'p-mysql' |
| product_version | The version of the product as specified in the product template, e.g. '1.2.0.0' |
| stale:parent_products_deployed_more_recently | List of a product's parent dependencies that were deployed without the product, resulting in potential staleness. |
Retrieving information about a deployed product
curl "https://example.com/api/v0/deployed/products/:product_guid" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"installation_name": "component-type1-installation-name",
"guid": "component-type1-guid",
"type": "component-type1",
"product_version": "1.0",
"stale": {
"parent_products_deployed_more_recently": ["p-bosh-guid"]
},
"label": "product-label"
}
HTTP Request
GET /api/v0/deployed/products/:product_guid
Viewing available credentials
curl "https://example.com/api/v0/deployed/products/product-guid/credentials" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"credentials": [
".properties.some-credentials",
".my-job.some-credentials"
]
}
HTTP Request
GET /api/v0/deployed/products/:product_guid/credentials
This endpoint returns a list of references for credential properties for the given deployed product, except for VM credentials. These references can be used to get the credentials themselves using the credentials endpoint.
Query Parameters
| Parameter | Description |
|---|---|
| product_guid | A product guid |
Fetching credentials
curl "https://example.com/api/v0/deployed/products/product-guid/credentials/.properties.some-credentials" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"credential": {
"type": "simple_credentials",
"value": {
"identity": "carmen-sandiego",
"password": "example-hiding-somewhere"
}
}
}
HTTP Request
GET /api/v0/deployed/products/:product_guid/credentials/:credential_reference
This endpoint returns the credentials for a specified credential reference as a hash.
Query Parameters
| Parameter | Description |
|---|---|
| credential_reference | The credential reference string |
| product_guid | A product guid |
Fetching variables
curl "https://example.com/api/v0/deployed/products/product-guid/variables" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"variables": ["first-variable", "second-variable", "third-variable"]
}
HTTP Request
GET /api/v0/deployed/products/:product-guid/variables
This endpoint returns the list of variables that bosh director knows about for a product.
Query Parameters
| Parameter | Description |
|---|---|
| variable_name | The name of the variable as a string |
| product_guid | A product guid |
Fetching variable values
curl "https://example.com/api/v0/deployed/products/product-guid/variables?name=credhub-password" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"credhub-password": "example-password"
}
HTTP Request
GET /api/v0/deployed/products/:product-guid/variables?name=:variable_name
This endpoint returns the current value for a specified variable stored in credhub. Note that some variables may not be stored in credhub.
Query Parameters
| Parameter | Description |
|---|---|
| variable_name | The name of the variable as a string |
| product_guid | A product guid |
Listing VM credentials for product jobs
curl "https://example.com/api/v0/deployed/products/component-type1-guid/vm_credentials" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
{
"name": "compilation-guid",
"identity": "vcap1",
"password": "example-vm-password1"
},
{
"name": "job-type1-guid",
"identity": "vcap1",
"password": "example-vm-password1"
},
{
"name": "credentials-job-guid",
"identity": "vcap",
"password": "example-vm-password"
}
]
HTTP Request
GET /api/v0/deployed/products/:product_guid/vm_credentials
Query Parameters
| Parameter | Description |
|---|---|
| product_guid | Product ID |
Retrieving status of product jobs
curl "https://example.com/api/v0/deployed/products/product-guid/status" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"status": [
{
"job-name": "web_server-7f841fc2af9c2b357cc4",
"index": 0,
"az_guid": "ee61aa1e420ed3fdf276",
"az_name": "first-az",
"ips": [
"10.85.42.58"
],
"cid": "vm-448ef313-86ee-4049-87cf-764ca2fa97e7",
"load_avg": [
"0.00",
"0.01",
"0.03"
],
"cpu": {
"sys": "0.1",
"user": "0.2",
"wait": "0.3"
},
"memory": {
"kb": "60632",
"percent": "6"
},
"swap": {
"kb": "0",
"percent": "0"
},
"system_disk": {
"inode_percent": "31",
"percent": "42"
},
"ephemeral_disk": {
"inode_percent": "0",
"percent": "1"
},
"persistent_disk": {
"inode_percent": "0",
"percent": "0"
}
}
]
}
HTTP Request
GET /api/v0/deployed/products/:product_guid/status
The information returned is based on the output of the bosh vms command, with some additional data added.
Listing static IP assignments for product jobs
curl "https://example.com/api/v0/deployed/products/component-type1-guid/static_ips" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
{
"name": "job-type1-guid",
"ips": [
"192.168.163.4"
]
},
{
"name": "credentials-job",
"ips": [
"192.168.163.7"
]
}
]
HTTP Request
GET /api/v0/deployed/products/:product_guid/static_ips
Query Parameters
| Parameter | Description |
|---|---|
| product_guid | Product ID |
Enqueueing log downloads for a given job
curl "https://example.com/api/v0/deployed/products/product-type1-guid/jobs/job-example-1-guid/logs" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"id": "3453589567389"
}
HTTP Request
POST /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs
This returns a task identifier for the async operation that performs log downloading from BOSH.
To track log download status, call GET /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs
Listing log download tasks for a given job
curl "https://example.com/api/v0/deployed/products/component-type1-guid/jobs/job-example-guid/logs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"tasks": [
{
"guid": "3854e98d1378",
"status": "downloaded",
"timestamp": "2016-04-21 17:32:10 UTC"
},
{
"guid": "b550456bddbc",
"status": "downloaded",
"timestamp": "2016-04-21 17:32:51 UTC"
},
{
"guid": "816ae3784f94",
"status": "downloaded",
"timestamp": "2016-04-21 18:08:43 UTC"
}
]
}
HTTP Request
GET /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs
ZIP files for tasks in the 'downloaded' stage are available at /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs/:task_guid
Download ZIP file with logs
curl -o logs.zip "https://example.com/api/v0/deployed/products/product-type1-guid/jobs/job-example-1-guid/logs/task-guid-example" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 70035 0 70035 0 0 348k 0 --:--:-- --:--:-- --:--:-- 348k
HTTP Request
GET /api/v0/deployed/products/:product_guid/jobs/:job_guid/logs/:task_id
List jobs for a given product
curl "https://example.com/api/v0/deployed/products/component-type1-guid/jobs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"jobs": [
{
"guid": "web-server12345sdfk",
"name": "web-server"
},
{
"guid": "etcd12345sdfk",
"name": "etcd"
}
]
}
HTTP Request
GET /api/v0/deployed/products/:product_guid/jobs
Returns an array of the jobs on a deployed product by name and guid.
Retrieving syslog configuration for a deployed product
curl "https://example.com/api/v0/deployed/products/product-type1-guid/syslog_configuration" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response with syslog enabled for UDP
HTTP/1.1 200 OK
{
"syslog_configuration": {
"enabled": true,
"address": "example.com",
"port": 514,
"transport_protocol": "udp",
"queue_size": null,
"tls_enabled": false,
"ssl_ca_certificate": null,
"permitted_peer": null,
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response with syslog enabled for TCP with TLS
HTTP/1.1 200 OK
{
"syslog_configuration": {
"enabled": true,
"address": "example.com",
"port": 514,
"transport_protocol": "tcp",
"queue_size": null,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response for a product that does not support Ops Manager syslog
HTTP/1.1 422 UNPROCESSABLE ENTITY
{
"errors": {
"syslog": ["This product does not support the Ops Manager consistent syslog configuration feature. If the product supports custom syslog configuration, those properties can be set via the /api/v0/staged/products/:product_guid/properties endpoint."]
}
}
HTTP Request
GET /api/v0/deployed/products/product-type1-guid/syslog_configuration
This endpoint returns the syslog configuration for a deployed product.
Fetching deployed product runtime configs
curl "https://example.com/api/v0/deployed/products/:product_guid/runtime_configs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"runtime_configs": [
{
"name": "example-product-e067f70db95be71207aa-kindness_banner_everywhere",
"manifest": {
"releases": [
{
"name": "os-conf",
"version": 15
}
],
"addons": [
{
"name": "misc",
"jobs": [
{
"name": "login_banner",
"release": "os-conf",
"properties": {
"login_banner": {
"text": "Hello. You are welcome here. Always be kind. 🤗\n"
}
}
}
],
"include": {
"deployments": [
"example-product-e067f70db95be71207aa"
]
}
}
]
}
}
]
}
HTTP Request
GET /api/v0/deployed/products/:product_guid/runtime_configs
This endpoint returns a list of the runtime configs included globally when the specified product was last deployed.
Staged Products
Staged Products are products that have been added to the Ops Manager Installation. The Staged namespace represents the desired state of the installation. Changes can be deployed by triggering the installations controller.
Listing all staged products
curl "https://example.com/api/v0/staged/products" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
[
{
"installation_name": "component-type1-installation-name",
"guid": "component-type1-guid",
"type": "component-type1",
"product_version": "1.0.1",
"label": "A Product"
},
{
"installation_name": "p-bosh-installation-name",
"guid": "p-bosh-guid",
"type": "p-bosh",
"product_version": "2.5.0",
"label": "BOSH Director"
}
]
HTTP Request
GET /api/v0/staged/products
Retrieving information about a staged product
curl "https://example.com/api/v0/staged/products/:product_guid" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"installation_name": "component-type1-installation-name",
"guid": "component-type1-guid",
"type": "component-type1",
"product_version": "1.0.1",
"label": "A Product"
}
HTTP Request
GET /api/v0/staged/products/:product_guid
Adding an available product
curl "https://example.com/api/v0/staged/products" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "component-type1", "product_version": "1.0.0.1"}'
Example Response
HTTP/1.1 200 OK
HTTP Request
POST /api/v0/staged/products
Query Parameters
| Parameter | Description |
|---|---|
| name | The name of the product as specified in the product template, e.g. 'cf' or 'p-mysql' |
| product_version | The version of the product as specified in the product template, e.g. '1.2.0.0' |
Removing products
curl "https://example.com/api/v0/staged/products/component-type1-guid" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"component": {
"guid": "component-type1-guid"
}
}
HTTP Request
DELETE /api/v0/staged/products/:id
Query Parameters
| Parameter | Description |
|---|---|
| id | The guid of the product to be removed from the installation |
Upgrading a product
curl "https://example.com/api/v0/staged/products/dummy-guid" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"to_version": "2.0.0.0-alpha"}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:id
Query Parameters
| Parameter | Description |
|---|---|
| id | The guid of the product to upgrade |
| to_version | Version to which the product will be upgraded |
Retrieving a list of jobs
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"jobs": [
{
"name": "job-1-name",
"guid": "job-1-guid"
}
]
}
HTTP Request
GET /api/v0/staged/products/:product_guid/jobs
This endpoint returns a list of all jobs associated with a product.
Retrieving resource configuration for a product
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/resources" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"resources": [
{
"identifier": "web_server",
"description": "this is a web server job",
"instances": "1",
"instances_best_fit": 1,
"instance_type_id": "micro",
"instance_type_best_fit": "micro",
"persistent_disk_mb": 1024,
"persistent_disk_best_fit": 1024
}
]
}
HTTP Request
GET /api/v0/staged/products/:product_guid/resources
This endpoint returns a list of the compute and disk configuration for all jobs on the product.
Retrieving resources for a job
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response on AWS
HTTP/1.1 200 OK
{
"instances": 1,
"instance_type": {
"id": "m3.medium"
},
"persistent_disk": {
"size_mb": "1024"
},
"internet_connected": true,
"elb_names": ["my-elb"],
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": 25
}
Example Response on Vsphere with NSX-V
HTTP/1.1 200 OK
{
"instances": 1,
"instance_type": {
"id": "automatic"
},
"persistent_disk": {
"size_mb": "1024"
},
"nsx": {
"lbs": [
{
"edge_name": "edge-1",
"pool_name": "pool-1",
"security_group": "sg-1",
"port": "5000",
"monitor_port": "1234"
},
{
"edge_name": "edge-2",
"pool_name": "pool-2",
"security_group": "sg-2",
"port": "5000",
"monitor_port": null
}
],
"security_groups": ["sg-1", "sg-2"]
},
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": "automatic"
}
Example Response on Vsphere with NSX-T
HTTP/1.1 200 OK
{
"instances": 1,
"instance_type": {
"id": "automatic"
},
"persistent_disk": {
"size_mb": "1024"
},
"nsxt": {
"ns_groups": ["sg-1", "sg-2"],
"vif_type": "PARENT",
"lb": {
"server_pools": [
{ "name": "pool-1", "port": 123 },
{ "name": "pool-2", "port": 456 }
]
}
},
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": "automatic"
}
Example Response on Google
HTTP/1.1 200 OK
{
"instance_type": {
"id": "automatic"
},
"instances": "automatic",
"internet_connected": true,
"elb_names": [],
"persistent_disk": {
"size_mb": "automatic"
},
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": "automatic"
}
Example Response on Azure
HTTP/1.1 200 OK
{
"instance_type": {
"id": "automatic"
},
"instances": "automatic",
"internet_connected": false,
"elb_names": [],
"persistent_disk": {
"size_mb": "automatic"
},
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": "automatic"
}
Example Response on OpenStack
HTTP/1.1 200 OK
{
"instance_type": {
"id": "automatic"
},
"instances": "automatic",
"persistent_disk": {
"size_mb": "automatic"
},
"floating_ips": "1.1.1.1-1.1.1.2",
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": "automatic"
}
HTTP Request
GET /api/v0/staged/products/:product_guid/jobs/:job_id/resource_config
This endpoint returns compute and disk configuration for a job.
Field Descriptions
| Parameter | Description |
|---|---|
| instances | The number of instances for the job or "automatic" |
| instance_type[id] | The id of the instance type found in the instance type catalog or "automatic" |
| persistent_disk[size_mb] | The mb size of persistent disk if configurable for the job found in the disk type catalog or "automatic" |
| internet_connected | True if VM should be given an IP accessible on the public internet (AWS, Google, and Azure) |
| elb_names | An array of elb names (AWS, Google, and Azure) |
| nsx[security_groups] | An array of security groups configured for NSX-V (vSphere) |
| nsx[lbs] | An array of load balancer attributes to be applied to the job (vSphere). |
| nsx[lbs][edge_name] | Name of NSX-V edge (vSphere). |
| nsx[lbs][pool_name] | Name of the NSX-V Edge’s Server Pool (vSphere) |
| nsx[lbs][security_group] | Name of NSX-V Pool’s target Security Group (vSphere) |
| nsx[lbs][port] | Name of the port that the VM’s service is listening on (vSphere) |
| nsxt[ns_groups] | An array of NS Group names (vSphere) |
| nsxt[vif_type] | Must be either "PARENT" or "null" (vSphere) |
| nsxt[lb][security_pools] | An array of security pools for the NSX-T load balancer (vSphere) |
| floating_ips | An IP range for floating ips (OpenStack) |
| additional_vm_extensions | An array of additional VM extensions to apply on the job that you configured separately on the BOSH director. |
| additional_networks | An array of networks that allow the VMs of a specific instance group to be deployed on an additional set of networks |
| swap_as_percent_of_memory_size | An integer between 0 - 100, or "automatic". If you specify "automatic" or do not configure this setting, BOSH selects the swap partition size. The integer you set specifies the size of the VM's swap partition as a percentage of the VM instance type's memory.
|
Configuring resources for a job
Example Request on AWS or Azure
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"instances": 1,
"instance_type": {
"id": "automatic"
},
"persistent_disk": {
"size_mb": "20480"
},
"internet_connected": true,
"elb_names": ["my-elb"],
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": 50
}'
Example Request on Google
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"instances": 1,
"instance_type": {
"id": "automatic"
},
"persistent_disk": {
"size_mb": "20480"
},
"internet_connected": true,
"elb_names": ["tcp:load_balancer_1", "http:load_balancer_2"],
"additional_vm_extensions": ["vm_ext_setting_automatic_restart", "vm_ext_setting_on_host_maintenance"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": 50
}'
Example Request on vSphere with NSX-V
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"instances": 1,
"instance_type": {
"id": "automatic"
},
"persistent_disk": {
"size_mb": "20480"
},
"nsx": {
"security_groups":["sg1", "sg2"],
"lbs": [
{
"edge_name": "edge-1",
"pool_name": "pool-1",
"security_group": "sg-1",
"port": "5000",
"monitor_port": "1234"
},
{
"edge_name": "edge-2",
"pool_name": "pool-2",
"security_group": "sg-2",
"port": "5000"
}
]
},
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": 50
}'
Example Request on vSphere with NSX-T
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"instances": 1,
"instance_type": {
"id": "automatic"
},
"persistent_disk": {
"size_mb": "20480"
},
"nsxt": {
"ns_groups":["sg1", "sg2"],
"vif_type": "PARENT",
"lb": {
"security_pools": [
{ "name": "pool-1", "port": 123 },
{ "name": "pool-2", "port": 321 }
]
}
},
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": 50
}'
Example Request on OpenStack
curl "https://example.com/api/v0/staged/products/product-type1-guid/jobs/example-job-guid/resource_config" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"instances": 2,
"instance_type": {
"id": "automatic"
},
"persistent_disk": {
"size_mb": "automatic"
},
"floating_ips": "1.0.0.0-1.0.0.1",
"additional_vm_extensions": ["vm_ext_configure_load_balancer", "vm_ext_setting_additional_security_groups"],
"additional_networks": [{
"guid": "secondary-network-guid"
}],
"swap_as_percent_of_memory_size": 50
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:product_guid/jobs/:job_id/resource_config
This endpoint allows setting compute and disk configuration for a job.
Query Parameters
| Parameter | Description |
|---|---|
| instances | The number of instances for the job or "automatic" |
| instance_type[id] | The id of the instance type found in the instance type catalog or "automatic" |
| persistent_disk[size_mb] | (Optional) The mb size of persistent disk if configurable for the job found in the disk type catalog or "automatic" |
| internet_connected | (Optional) True if the VM is given an IP accessible on the public internet (AWS, Google, and Azure) |
| elb_names | (Optional, see below.) An array of elb names (AWS, Google, and Azure). |
| nsx[security_groups] | (Optional) An array of security group names to be applied to the job (vSphere). Applies to both NSX-V and NSX-T configurations. |
| nsx[lbs] | (Optional, only applies to NSX-V configurations.) An array of load balancer attributes to be applied to the job (vSphere). |
| nsx[lbs][edge_name] | Name of NSX edge, required if providing nsx[lbs] (vSphere). |
| nsx[lbs][pool_name] | Name of the NSX Edge’s Server Pool, required if providing nsx[lbs] (vSphere) |
| nsx[lbs][security_group] | Name of NSX Pool’s target Security Group, required if providing nsx[lbs] (vSphere) |
| nsx[lbs][port] | Name of the port that the VM’s service is listening on, defaults to null if providing nsx[lbs] (vSphere) |
| nsx[lbs][monitor_port] | Name of the port that the VM’s service should be monitored on, defaults to null if providing nsx[lbs] (vSphere) |
| nsxt[ns_groups] | An array of NS Group names (vSphere) |
| nsxt[vif_type] | Must be either "PARENT" or "null" (vSphere) |
| nsxt[lb][security_pools] | An array of security pools for the NSX-T load balancer (vSphere) |
| nsxt[lb][security_pools][name] | Name of the security pool, required if providing nsxt[lb] (vSphere) |
| nsxt[lb][security_pools][port] | Port of the security pool, required if providing nsxt[lb] (vSphere) |
| floating_ips | An IP range, e.g. "1.0.0.0-1.0.0.1" for floating ips (OpenStack) |
| additional_vm_extensions | (Optional) Additional VM extensions to apply on the job that you configured separately on the BOSH director. |
| additional_networks | (Optional) Additional networks that allow the VMs of a specific instance group to be deployed on an additional set of networks. Each network object must specify the guid of the network that is already been configured for the BOSH director. Please make sure to assign a network to the product before setting additional_networks. |
| swap_as_percent_of_memory_size | (Optional) An integer between 0 - 100, or "automatic". When the value is "automatic" or unconfigured, BOSH selects the swap partition size. An integer specifies the size of the VM's swap partition as a percentage of the VM instance type's memory.
|
The value of elb_names may be specific to the infrastructure.
- For AWS, the value must be an array of strings for each load balancer. Example:
['elb1', 'elb2']- To specify an Application Load Balancer prefix the Application Load Balancer's target group name with
alb:. Example:['alb:alb-target-group-name']
- To specify an Application Load Balancer prefix the Application Load Balancer's target group name with
- For Google, the value must be array of strings that meet the following constraints:
- Be prefixed with either
tcp:,udp:,ssl:,http:, orhttps: - Not contain duplicate tcp load balancers
- Not contain multiple backend service load balancers (
udp:,ssl:,http:, orhttps:)
- Be prefixed with either
- For Azure, the value must be an array of strings (max 1 entry for each type of load balancer). Example:
[agw:application-gateway-name, another-load-balancer]- To specify an Azure Application Gateway prefix the Application Gateway name with
agw:.
- To specify an Azure Application Gateway prefix the Application Gateway name with
Retrieving the max_in_flight settings for a product's jobs
curl "https://example.com/api/v0/staged/products/product-type1-guid/max_in_flight" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"max_in_flight": {
"example-job-guid-1": 5,
"example-job-guid-2": "10%"
}
}
HTTP Request
GET /api/v0/staged/products/:product_guid/max_in_flight
This endpoint returns a list of the max_in_flight setting for all of the product's jobs.
Configuring the max_in_flight settings for a product's jobs
curl "https://example.com/api/v0/staged/products/product-type1-guid/max_in_flight" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"max_in_flight": {
"job_1_guid": 1,
"job_2_guid": "20%",
"job_3_guid": "default"
}
}'
Example Response
HTTP/1.1 200 OK
HTTP Request
PUT /api/v0/staged/products/:product_guid/max_in_flight
This endpoint allows configuration of max_in_flight settings for jobs on a product. This overrides product defaults.
Values can be a either a percentage, or an absolute count of configured instances. Example: In order to set max_in_flight to 2, given a job with 10 instances, set max_in_flight as 2 or "20%".
To reset the max_in_flight value for a job to its default, use the string "default" as the value.
Listing currently assigned networks and azs
curl "https://example.com/api/v0/staged/products/product-type1-guid/networks_and_azs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"networks_and_azs": {
"singleton_availability_zone": {
"name": "az-one"
},
"other_availability_zones": [
{ "name": "az-two" },
{ "name": "az-three" }
],
"network": {
"name": "network-one"
}
}
}
HTTP Request
GET /api/v0/staged/products/:product_guid/networks_and_azs
This endpoint returns the current network and AZ assignment.
Configuring networks and azs
Example Request on Google, vSphere, AWS, or Openstack
curl "https://example.com/api/v0/staged/products/product-type1-guid/networks_and_azs" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"networks_and_azs": {
"singleton_availability_zone": {
"name": "az-one"
},
"other_availability_zones": [
{ "name": "az-two" },
{ "name": "az-three" }
],
"network": {
"name": "network-one"
}
}
}'
Example Request on Azure
curl "https://example.com/api/v0/staged/products/product-type1-guid/networks_and_azs" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"networks_and_azs": {
"network": {
"name": "network-one"
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:product_guid/networks_and_azs
This endpoint allows assigning AZs and networks.
On Azure, when the Availability Mode is Sets, the singleton_availability_zone and other_availability_zones keys are not required, and will be ignored. The network name must match the name of an already created network.
Viewing currently selected errands
curl "https://example.com/api/v0/staged/products/product-type1-guid/errands" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"errands": [
{
"name": "errand-1",
"post_deploy": false,
"label": "Errand 1 Label",
"impact_warning": "A warning"
},
{
"name": "errand-2",
"pre_delete": true,
"label": "Errand 2 Label",
"impact_warning": "A Pre Delete Errand Warning"
},
{
"name": "shared-errand",
"post_deploy": false,
"pre_delete": true,
"label": "Shared Errand Label",
"impact_warning": null
}
]
}
HTTP Request
GET /api/v0/staged/products/:product_guid/errands
Errands allowed to run as post_deploy or pre_delete are determined by the product template.
The presence of the 'post_deploy' or 'pre_delete' key in the response indicates the product author's intent.
The boolean value indicates whether the errand is enabled for that lifecycle event by the operator.
Configuring errands
curl "https://example.com/api/v0/staged/products/product-type1-guid/errands" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"errands": [
{
"name": "example-errand1",
"post_deploy": true,
"pre_delete": true
},
{
"name": "example-errand2",
"post_deploy": true
},
{
"name": "example-errand3",
"post_deploy": false
},
{
"name": "example-errand3",
"post_deploy": "default"
},
{
"name": "example-errand4",
"post_deploy": true,
"pre_delete": true
},
{
"name": "example-errand5",
"pre_delete": false
},
{
"name": "example-errand6",
"pre_delete": "default"
}
]
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:product_guid/errands
Set enabled or disabled list of errands to run.
Query Parameters
| Parameter | Description |
|---|---|
| errands | List of errands and the run state for the errand (Optional) For post deploy, errands support the following states:
|
Viewing product properties
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"properties": {
".properties.example_selector": {
"type": "selector",
"configurable": true,
"credential": false,
"value": "Pizza",
"optional": false,
"selected_option": "pizza_option"
},
".properties.example_selector.pizza_option.pepperoni": {
"type": "boolean",
"configurable": true,
"credential": false,
"value": false,
"optional": false
},
".properties.example_selector.pizza_option.pineapple": {
"type": "boolean",
"configurable": true,
"credential": false,
"value": false,
"optional": false
},
".properties.example_selector.pizza_option.other_toppings": {
"type": "string",
"configurable": true,
"credential": false,
"value": null,
"optional": true
},
".properties.example_selector.filet_mignon_option.rarity_dropdown": {
"type": "dropdown_select",
"configurable": true,
"credential": false,
"value": "rare",
"optional": false,
"options": [
{
"label": "Rare (1)",
"value": 1
},
{
"label": "Medium (2)",
"value": 2
},
{
"label": "Well done (3)",
"value": 3
}
]
},
".properties.example_selector.filet_mignon_option.review": {
"type": "string",
"configurable": true,
"credential": false,
"value": "A+++++ power seller of mail order steak",
"optional": false
},
".properties.example_selector.filet_mignon_option.secret_sauce": {
"type": "secret",
"configurable": true,
"credential": true,
"value": {
"secret": "***"
},
"optional": true
},
".properties.example_selector.beverage_option.cola": {
"type": "string",
"configurable": true,
"credential": false,
"value": null,
"optional": true
},
".properties.example_collection": {
"type": "collection",
"configurable": true,
"credential": false,
"value": [
{
"guid": {
"type": "uuid",
"configurable": false,
"credential": false,
"value": "b8c38874-bf7a-45ae-adba-705dabc5f6ef",
"optional": false
},
"album": {
"type": "string",
"configurable": false,
"credential": false,
"value": "Christmas Carols",
"optional": false
},
"artist": {
"type": "string",
"configurable": false,
"credential": false,
"value": "Ops Manatee",
"optional": false
},
"explicit": {
"type": "boolean",
"configurable": false,
"credential": false,
"value": true,
"optional": false
},
"secret_meaning": {
"type": "secret",
"configurable": true,
"credential": true,
"value": {
"secret": "***"
},
"optional": true
},
"vm_type": {
"type": "vm_type_dropdown",
"configurable": true,
"credential": false,
"value": null,
"optional": true
},
"disk_type": {
"type": "disk_type_dropdown",
"configurable": true,
"credential": false,
"value": null,
"optional": true
},
"genre": {
"type": "dropdown_select",
"configurable": true,
"credential": false,
"value": "edm",
"optional": true,
"options": [
{
"label": "Rock",
"value": "rock"
},
{
"label": "Country",
"value": "country"
},
{
"label": "Beep Boop PSH",
"value": "edm"
}
]
},
"example_service_network_az_single_select": {
"type": "service_network_az_single_select",
"configurable": true,
"credential": false,
"value": null,
"optional": true
},
"example_service_network_az_multi_select": {
"type": "service_network_az_multi_select",
"configurable": true,
"credential": false,
"value": null,
"optional": true
}
}
],
"optional": false
},
".web_server.example_stemcell_selector": {
"type": "stemcell_selector",
"configurable": true,
"credential": false,
"value": "ubuntu-xenial",
"optional": false
},
".web_server.static_ips": {
"type": "ip_ranges",
"configurable": true,
"credential": false,
"value": null,
"optional": true
},
".web_server.generated_rsa_cert_credentials": {
"type": "rsa_cert_credentials",
"configurable": false,
"credential": true,
"value": {
"private_key_pem": "***"
},
"optional": false
},
".web_server.generated_rsa_pkey_credentials": {
"type": "rsa_pkey_credentials",
"configurable": false,
"credential": true,
"value": {
"private_key_pem": "***"
},
"optional": false
},
".web_server.generated_salted_credentials": {
"type": "salted_credentials",
"configurable": false,
"credential": true,
"value": {
"password": "***",
"salt": "***"
},
"optional": false
},
".web_server.generated_simple_credentials": {
"type": "simple_credentials",
"configurable": false,
"credential": true,
"value": {
"password": "***"
},
"optional": false
},
".web_server.generated_secret": {
"type": "secret",
"configurable": false,
"credential": true,
"value": {
"secret": "***"
},
"optional": false
},
".web_server.generated_uuid": {
"type": "uuid",
"configurable": false,
"credential": false,
"value": null,
"optional": false
},
".web_server.configured_secret": {
"type": "secret",
"configurable": true,
"credential": true,
"value": {
"secret": "***"
},
"optional": true
},
".web_server.configured_simple_credentials": {
"type": "simple_credentials",
"configurable": true,
"credential": true,
"value": {
"password": "***"
},
"optional": true
},
".web_server.configured_rsa_cert_credentials": {
"type": "rsa_cert_credentials",
"configurable": true,
"credential": true,
"value": {
"private_key_pem": "***"
},
"optional": true
},
".web_server.example_string_with_placeholder": {
"type": "string",
"configurable": true,
"credential": false,
"value": null,
"optional": true
},
".web_server.example_string": {
"type": "string",
"configurable": true,
"credential": false,
"value": "Hello world",
"optional": false
},
".web_server.example_migrated_integer": {
"type": "integer",
"configurable": true,
"credential": false,
"value": 1,
"optional": false
},
".web_server.example_boolean": {
"type": "boolean",
"configurable": true,
"credential": false,
"value": true,
"optional": false
},
".web_server.example_dropdown": {
"type": "dropdown_select",
"configurable": true,
"credential": false,
"value": "kiwi",
"optional": false,
"options": [
{
"label": "label for kiwi",
"value": "kiwi"
},
{
"label": "label for lime",
"value": "lime"
},
{
"label": "label for avocado",
"value": "avocado"
}
]
},
".web_server.example_domain": {
"type": "domain",
"configurable": true,
"credential": false,
"value": "www.example.com",
"optional": false
},
".web_server.example_wildcard_domain": {
"type": "wildcard_domain",
"configurable": true,
"credential": false,
"value": "example.com",
"optional": false
},
".web_server.example_string_list": {
"type": "string_list",
"configurable": true,
"credential": false,
"value": "a,list,of,strings",
"optional": false
},
".web_server.example_text": {
"type": "text",
"configurable": true,
"credential": false,
"value": "some_text",
"optional": false
},
".web_server.example_ldap_url": {
"type": "ldap_url",
"configurable": true,
"credential": false,
"value": "ldap://example.com",
"optional": false
},
".web_server.example_email": {
"type": "email",
"configurable": true,
"credential": false,
"value": "foo@example.com",
"optional": false
},
".web_server.example_http_url": {
"type": "http_url",
"configurable": true,
"credential": false,
"value": "http://www.example.com",
"optional": false
},
".web_server.example_ip_address": {
"type": "ip_address",
"configurable": true,
"credential": false,
"value": "192.168.0.1",
"optional": false
},
".web_server.example_ip_ranges": {
"type": "ip_ranges",
"configurable": true,
"credential": false,
"value": "1.1.1.1-1.1.1.4,2.2.2.1-2.2.2.4",
"optional": false
},
".web_server.example_multi_select_options": {
"type": "multi_select_options",
"configurable": true,
"credential": false,
"value": [
"earth",
"jupiter"
],
"optional": false
},
".web_server.example_network_address_list": {
"type": "network_address_list",
"configurable": true,
"credential": false,
"value": "1.1.1.1,example.com,foo.bar.example.com",
"optional": false
},
".web_server.example_network_address": {
"type": "network_address",
"configurable": true,
"credential": false,
"value": "1.1.1.1",
"optional": false
},
".web_server.example_port": {
"type": "port",
"configurable": true,
"credential": false,
"value": 1111,
"optional": false
},
".web_server.example_smtp_authentication": {
"type": "smtp_authentication",
"configurable": true,
"credential": false,
"value": "plain",
"optional": false
},
".web_server.client_certificate": {
"type": "ca_certificate",
"configurable": true,
"credential": false,
"value": null,
"optional": true
}
}
}
HTTP Request
GET /api/v0/staged/products/:product_guid/properties
This endpoint returns a list of all of the product's properties, along with currently set values.
Query Parameters
| Parameter | Description |
|---|---|
| redact | (Optional) If set to 'false', the response will include IaaS-specific secrets. |
Updating a simple property
# Simple Property
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"properties": {
".properties.top-level-property": {"value": "valid-data" },
".a-job.job-property": {"value": "new-job-data" }
}
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:product_guid/properties
Updating a hashed property
# Hashed Property
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"properties": {
".a-job.job-property": {"value": {"identity": "username", "password": "example-new-password"} }
}
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:product_guid/properties
Updating a selector property
# Updating a Selector Property with by 'value'
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"properties": {
".properties.example_selector": {
"value": "Filet Mignon"
},
".properties.example_selector.filet_mignon_option.review": {
"value": "B-"
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
# Updating a Selector Property by 'option_value'
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"properties": {
".properties.example_selector": {
"option_value": "filet_mignon_option"
},
".properties.example_selector.filet_mignon_option.review": {
"value": "B-"
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:product_guid/properties
Updating a collection property
# Collection Property
curl "https://example.com/api/v0/staged/products/product-type1-guid/properties" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"properties": {
".top-level-property": {
"value": [
{
"guid": "66f94d18-e02f-4717-a8ac-121f2cead19c",
"name": "jesse",
"my-secret": {"secret": "example-secret"}
}
]
}
}
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/products/:product_guid/properties
Running a pre-deploy check for a staged product
curl "https://example.com/api/v0/staged/products/:product_guid/pre_deploy_check" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"pre_deploy_check": {
"identifier": "product-guid",
"complete": false,
"network": {
"assigned": true
},
"availability_zone": {
"assigned": false
},
"stemcells": [
{
"assigned": false,
"required_stemcell_version": "250.2",
"required_stemcell_os": "ubuntu-xenial"
}
],
"properties": [
{
"name": ".properties.example_string",
"type": "string",
"errors": [
"can't be blank"
]
},
{
"name": ".my_job.example_collection",
"type": "collection",
"errors": [
"String Property can't be blank"
],
"records": [
{
"index": 3,
"errors": [
{
"name": "string-property",
"type": "string",
"errors": [
"can't be blank"
]
}
]
}
]
},
{
"name": ".properties.example_selector.option_1.sub_property",
"type": "integer",
"errors": [
"is not a number"
]
}
],
"resources": {
"jobs": [
{
"identifier": "job-identifier",
"guid": "job-guid",
"error": [
"Instance : Value must be a positive integer",
"Ram must be less than or equal to 1024"
]
}
]
},
"verifiers": [
{
"type": "WildcardDomainVerifier",
"errors": [
"The domain '*.example.com' failed to resolve, type: WildcardDomainVerifier"
],
"ignorable": true
}
]
}
}
HTTP Request
GET /api/v0/staged/products/:product_guid/pre_deploy_check
This endpoint returns granular information about whether the specified product is ready to be deployed. It lists the following:
- network assignment
- availability zone assignment
- stemcell assignment
- properties that have errors
- invalid resource configuration for jobs
- verifiers that failed
Retrieving a list of install time verifiers for a specific product
curl "https://example.com/api/v0/staged/products/product-guid/verifiers/install_time" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"verifiers": [
{
"type": "WildcardDomainVerifier",
"enabled": true
},
{
"type": "VsphereConfigurationVerifier",
"enabled": true
}
]
}
HTTP Request
GET /api/v0/staged/products/:product_guid/verifiers/install_time
This endpoint returns a list of verifiers associated with the product and if those verifiers are enabled or disabled.
Turning off a verifier for a specific product
curl "https://example.com/api/v0/staged/products/product-guid/verifiers/install_time/WildcardDomainVerifier" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "enabled": false }'
Example Response
HTTP/1.1 200 OK
{
"type": "WildcardDomainVerifier",
"enabled": false
}
HTTP Request
PUT /api/v0/staged/products/:product_guid/verifiers/install_time/:verifier_name
This endpoint allows the user to disable/enable a verifier for a particular product during Apply Changes.
Retrieving syslog configuration for a product
curl "https://example.com/api/v0/staged/products/product-type1-guid/syslog_configuration" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response with syslog enabled for UDP
HTTP/1.1 200 OK
{
"syslog_configuration": {
"enabled": true,
"address": "example.com",
"port": 514,
"transport_protocol": "udp",
"queue_size": null,
"tls_enabled": false,
"permitted_peer": null,
"ssl_ca_certificate": null,
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response with syslog enabled for TCP with TLS
HTTP/1.1 200 OK
{
"syslog_configuration": {
"enabled": true,
"address": "example.com",
"port": 514,
"transport_protocol": "tcp",
"queue_size": null,
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response for a product that does not support Ops Manager syslog
HTTP/1.1 422 UNPROCESSABLE ENTITY
{
"errors": {
"syslog": ["This product does not support the Ops Manager consistent syslog configuration feature. If the product supports custom syslog configuration, those properties can be set via the /api/v0/staged/products/:product_guid/properties endpoint."]
}
}
HTTP Request
GET /api/v0/staged/products/product-type1-guid/syslog_configuration
This endpoint returns the syslog configuration for a product.
Configuring product syslog
curl "https://example.com/api/v0/staged/products/product-type1-guid/syslog_configuration" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"syslog_configuration": {
"enabled": true,
"address": "example.com",
"port": 514,
"transport_protocol": "tcp",
"tls_enabled": true,
"ssl_ca_certificate": null,
"permitted_peer": null,
"queue_size": null,
"forward_debug_logs": true,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}'
Example Response
HTTP/1.1 200 OK
{
"syslog_configuration": {
"enabled": true,
"address": "example.com",
"port": 514,
"transport_protocol": "tcp",
"tls_enabled": true,
"ssl_ca_certificate": null,
"permitted_peer": null,
"queue_size": null,
"forward_debug_logs": true,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response with invalid syslog configuration
HTTP/1.1 200 OK
{
"errors": {
"syslog_configuration": {
"address": [
"is invalid"
]
}
}
}
Example Response for a product that does not support Ops Manager syslog
HTTP/1.1 422 UNPROCESSABLE ENTITY
{
"errors": {
"syslog": ["This product does not support the Ops Manager consistent syslog configuration feature. If the product supports custom syslog configuration, those properties can be set via the /api/v0/staged/products/:product_guid/properties endpoint."]
}
}
HTTP Request
PUT /api/v0/staged/products/:product_guid/syslog_configuration
This endpoint allows updating a product's sylog configuration
Fetching staged product runtime configs
curl "https://example.com/api/v0/staged/products/:product_guid/runtime_configs" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"runtime_configs": [
{
"name": "example-product-e067f70db95be71207aa-kindness_banner_everywhere",
"manifest": {
"releases": [
{
"name": "os-conf",
"version": 15
}
],
"addons": [
{
"name": "misc",
"jobs": [
{
"name": "login_banner",
"release": "os-conf",
"properties": {
"login_banner": {
"text": "Hello. You are welcome here. Always be kind. 🤗\n"
}
}
}
],
"include": {
"deployments": [
"example-product-e067f70db95be71207aa"
]
}
}
]
}
}
]
}
HTTP Request
GET /api/v0/staged/products/:product_guid/runtime_configs
This endpoint returns a list of the runtime configs included globally when deploying the specified product.
Deployed VM Extensions
VM Extensions are used to specify cloud properties specific to your IaaS for selected instance groups. They are detailed in the BOSH documentation: https://bosh.io/docs/cloud-config.html#vm-extensions
Retrieving all of the deployed VM extensions
curl "https://example.com/api/v0/deployed/vm_extensions" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"vm_extensions": [
{
"name": "vm_ext1",
"cloud_properties": {
"source_dest_check": false
}
},
{
"name": "vm_ext2",
"cloud_properties": {
"key_name": "operations_keypair"
}
}
]
}
HTTP Request
GET /api/v0/deployed/vm_extensions
This endpoint returns a list of all of the deployed user-specified VM extensions.
Staged VM Extensions
VM Extensions are used to specify cloud properties specific to your IaaS for selected instance groups. They are detailed in the BOSH documentation: https://bosh.io/docs/cloud-config.html#vm-extensions
Creating a new VM extension
curl "https://example.com/api/v0/staged/vm_extensions" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "vm_ext1", "cloud_properties": { "source_dest_check": false }}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/staged/vm_extensions
This endpoint creates a single user-specified VM extension.
Query Parameters
| Parameter | Description |
|---|---|
| name | The name of the VM extension to create. May not contain periods. |
| cloud_properties | A hash of the cloud properties for the VM extension. Each IaaS allows different cloud properties, e.g. see Cloud Properties for AWS. |
| The full list of VM extension cloud properties is given here. |
Updating or creating a new VM extension
curl "https://example.com/api/v0/staged/vm_extensions/example_vm_extension_name" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"name": "example_vm_extension_name", "cloud_properties": { "source_dest_check": false }}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/staged/vm_extensions/:name
This endpoint updates or creates a single user-specified VM extension.
Query Parameters
| Parameter | Description |
|---|---|
| name | The name of the VM extension to create. May not contain periods. |
| cloud_properties | A hash of the cloud properties for the VM extension. Each IaaS allows different cloud properties, e.g. see Cloud Properties for AWS. |
| The full list of VM extension cloud properties is given here. |
Retrieving a single VM extension
curl "https://example.com/api/v0/staged/vm_extensions/example_vm_extension_name" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"vm_extension": [
{
"name": "example_vm_extension_name",
"cloud_properties": {
"source_dest_check": false
}
}
]
}
HTTP Request
GET /api/v0/staged/vm_extensions/:vm_extension_name
This endpoint returns a user-specified VM extension.
Path Parameters
| Parameter | Description |
|---|---|
| name | The name of the VM extension. May not contain periods. |
Retrieving all of the VM extensions
curl "https://example.com/api/v0/staged/vm_extensions" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"vm_extensions": [
{
"name": "vm_ext1",
"cloud_properties": {
"source_dest_check": false
}
},
{
"name": "vm_ext2",
"cloud_properties": {
"key_name": "operations_keypair"
}
}
]
}
HTTP Request
GET /api/v0/staged/vm_extensions
This endpoint returns a list of all of the user-specified VM extensions.
Deleting a VM extension
curl "https://example.com/api/v0/staged/vm_extensions/vm_ext1" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
DELETE /api/v0/staged/vm_extensions/:name
This endpoint deletes a single user-specified VM extension.
Query Parameters
| Parameter | Description |
|---|---|
| name | The name of the VM extension to delete. May not contain periods. |
Stemcell Associations for Products
Listing Product Stemcell Assignments
curl "https://example.com/api/v0/stemcell_associations" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"products": [
{
"guid": "p-bosh-4e531084598242b05f9f",
"identifier": "p-bosh",
"label": "BOSH Director",
"staged_product_version": "2.5.0-build.213",
"deployed_product_version": "2.5.0-build.213",
"is_staged_for_deletion": false,
"staged_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.16"
}
],
"deployed_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.16"
}
],
"available_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.16"
}
],
"required_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.16"
}
]
},
{
"guid": "deployed-product-97b88e825c634e430a66",
"identifier": "deployed-product",
"label": "Deployed Product",
"staged_product_version": "1.0-build.2",
"deployed_product_version": "1.0-build.1",
"is_staged_for_deletion": false,
"staged_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.15"
}
],
"deployed_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.15"
}
],
"available_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.15"
},
{
"os": "ubuntu-trusty",
"version": "3468.16"
}
],
"required_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.14"
}
]
},
{
"guid": "new-product-97b88e825c634e430a67",
"identifier": "new-product",
"label": "New Product",
"staged_product_version": "1.0-build.1",
"deployed_product_version": null,
"is_staged_for_deletion": false,
"staged_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.15"
}
],
"deployed_stemcells": [],
"available_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.15"
},
{
"os": "ubuntu-trusty",
"version": "3468.16"
}
],
"required_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.14"
}
]
},
{
"guid": "product-staged-for-deletion-97b88e825c634e430a68",
"identifier": "product-staged-for-deletion",
"label": "Product Staged for Deletion",
"staged_product_version": "1.0-build.1",
"deployed_product_version": "1.0-build.1",
"is_staged_for_deletion": true,
"staged_stemcells": [],
"deployed_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.15"
}
],
"available_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.15"
},
{
"os": "ubuntu-trusty",
"version": "3468.16"
}
],
"required_stemcells": [
{
"os": "ubuntu-trusty",
"version": "3468.14"
}
]
}
],
"stemcell_library": [
{
"version": "3468.15",
"os": "ubuntu-trusty",
"infrastructure": "google",
"hypervisor": "kvm",
"light": true
},
{
"version": "3468.16",
"os": "ubuntu-trusty",
"infrastructure": "google",
"hypervisor": "kvm",
"light": true
}
]
}
HTTP Request
GET /api/v0/stemcell_associations
This endpoint returns information regarding which stemcells are staged, deployed, required, and available for assignment for each product.
Associate one or more stemcells with products
curl "https://example.com/api/v0/stemcell_associations" \
-X PATCH \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"products": [
{
"guid":"product_template_for-product-1-b53ab52cd2c084ebcf6f",
"staged_stemcells": [
{
"os": "ubuntu-xenial",
"version": "250.25"
},
{
"os": "windows2016",
"version": "1709.19"
}
]
}
]
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PATCH /api/v0/stemcell_associations
Associating one or more stemcells with products.
Note that this endpoint cannot be used to unassign stemcells. Stemcell assignments can only be replaced or added.
Query Parameters
| Parameter | Description |
|---|---|
| products | An array of products Each product has the following attributes:
staged_stemcells should be an array containing objects that have the following attributes:
|
Stemcell Assignments (DEPRECATED)
Associate stemcells to products
DEPRECATED: use GET /api/v0/stemcell_associations
curl "https://example.com/api/v0/stemcell_assignments" \
-X PATCH \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"products": [
{
"guid":"product_template_for-product-1-b53ab52cd2c084ebcf6f",
"staged_stemcell_version": "1.3"
}
]
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PATCH /api/v0/stemcell_assignments
Associating a stemcell to products
Query Parameters
| Parameter | Description |
|---|---|
| products | An array of products Each product has the following attributes:
|
Listing product-stemcell assignments
DEPRECATED: use GET /api/v0/stemcell_associations
curl "https://example.com/api/v0/stemcell_assignments" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"products": [
{
"guid": "p-bosh-4e531084598242b05f9f",
"identifier": "p-bosh",
"label": "BOSH Director",
"staged_product_version": "2.5.0-build.213",
"deployed_product_version": "2.5.0-build.213",
"staged_stemcell_version": "3468.13",
"deployed_stemcell_version": "3468.13",
"is_staged_for_deletion": false,
"available_stemcell_versions": [
"3468.13"
],
"required_stemcell_version": "3468.13",
"required_stemcell_os": "ubuntu-trusty"
},
{
"guid": "deployed-product-97b88e825c634e430a66",
"identifier": "deployed-product",
"label": "Deployed Product",
"staged_product_version": "1.0-build.1",
"deployed_product_version": null,
"staged_stemcell_version": "3468.15",
"deployed_stemcell_version": "3468.15",
"is_staged_for_deletion": false,
"available_stemcell_versions": [
"3468.15",
"3468.16"
],
"required_stemcell_version": "3468.14",
"required_stemcell_os": "ubuntu-trusty"
},
{
"guid": "new-product-97b88e825c634e430a67",
"identifier": "new-product",
"label": "New Product",
"staged_product_version": "1.0-build.1",
"deployed_product_version": "1.0-build.1",
"staged_stemcell_version": "3468.16",
"deployed_stemcell_version": null,
"is_staged_for_deletion": false,
"available_stemcell_versions": [
"3468.15",
"3468.16"
],
"required_stemcell_version": "3468.14",
"required_stemcell_os": "ubuntu-trusty"
},
{
"guid": "product-staged-for-deletion-97b88e825c634e430a68",
"identifier": "product-staged-for-deletion",
"label": "Product Staged for Deletion",
"staged_product_version": "1.0-build.1",
"deployed_product_version": "1.0-build.1",
"staged_stemcell_version": null,
"deployed_stemcell_version": "3468.14",
"is_staged_for_deletion": true,
"available_stemcell_versions": [],
"required_stemcell_version": "3468.14",
"required_stemcell_os": "ubuntu-trusty"
}
],
"stemcell_library": [
{
"version": "3468.13",
"os": "ubuntu-trusty",
"infrastructure": "google",
"hypervisor": "kvm",
"light": true
},
{
"version": "3468.14",
"os": "ubuntu-trusty",
"infrastructure": "google",
"hypervisor": "kvm",
"light": true
},
{
"version": "3468.15",
"os": "ubuntu-trusty",
"infrastructure": "google",
"hypervisor": "kvm",
"light": true
}
]
}
HTTP Request
GET /api/v0/stemcell_assignments
This endpoint returns information for all products regarding which stemcells each product is assigned and which are available to upgrade to.
Stemcells
Uploading stemcells
curl "https://example.com/api/v0/stemcells" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-F 'stemcell[file]=@/path/to/stemcell/bosh-stemcell-3468.24-vsphere-esxi-ubuntu-trusty-go_agent.tgz' \
-F 'stemcell[floating]=false'
Example Response
HTTP/1.1 200 OK
{
"stemcell": {
"infrastructure": "vsphere",
"hypervisor":"esxi",
"os":"ubuntu-trusty",
"version":"3468.24",
"file":"bosh-stemcell-3468.24-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
"name":"bosh-vsphere-esxi-ubuntu-trusty-go_agent"
},
"existing": false
}
HTTP Request
POST /api/v0/stemcells
This endpoint uploads the stemcell to OpsManager and ensures the stemcell is valid. If the stemcell is already on disk, the existing key is set to true.
Query Parameters
| Parameter | Description |
|---|---|
| stemcell[file] | Stemcell file |
| stemcell[floating] | When set to true, OpsManager automatically assigns the new stemcell to all compatible products. Defaults to true. |
Disk types
Returning all disk types
curl "https://example.com/api/v0/disk_types" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"disk_types": [
{
"name": "1024",
"builtin": true,
"size_mb": 1024
},
{
"name": "2048",
"builtin": true,
"size_mb": 2048
},
{
"name": "5120",
"builtin": true,
"size_mb": 5120
}
]
}
HTTP Request
GET /api/v0/disk_types
When overridden by custom types, this endpoint returns the custom types and the response will include the dates that the custom disk types were created and modified.
Deleting all custom disk types
curl "https://example.com/api/v0/disk_types" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
HTTP Request
DELETE /api/v0/disk_types
Returns available disk types to the default list
Overriding defaults with custom disk types
curl "https://example.com/api/v0/disk_types" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"disk_types": [
{ "size_mb":999 },
{ "size_mb":888 },
{ "size_mb":777 }
]
}'
Example Response
HTTP/1.1 200 OK
{
"disk_types": [
{
"size_mb": 999
},
{
"size_mb": 888
},
{
"size_mb": 777
}
]
}
HTTP Request
PUT /api/v0/disk_types
When overridden, the default types will be replaced by operator provided sizes. Operators can repeatedly update the list of available sizes, and any jobs using no-longer-available-sizes will be returned to the default of “automatic”.
VM types
Returning all VM types
curl "https://example.com/api/v0/vm_types" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"vm_types": [
{
"name": "nano",
"ram": 512,
"cpu": 1,
"ephemeral_disk": 1024,
"builtin": true
},
{
"name": "micro",
"ram": 1024,
"cpu": 1,
"ephemeral_disk": 2048,
"builtin": true
},
{
"name": "small.disk",
"ram": 2048,
"cpu": 1,
"ephemeral_disk": 16384,
"builtin": true
}
]
}
HTTP Request
GET /api/v0/vm_types
When not overridden by custom types, this endpoint returns all the default VM types for your IaaS
If you are on AWS, you will see an additional boolean field raw_instance_storage per vm_type.
Deleting all custom VM types
curl "https://example.com/api/v0/vm_types" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
HTTP Request
DELETE /api/v0/vm_types
This will remove all custom vm_types that have been created.
Overriding defaults with custom VM types
curl "https://example.com/api/v0/vm_types" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"vm_types": [
{
"name": "mytype",
"cpu": 1,
"ram": 1024,
"ephemeral_disk": 1024
},
{
"name": "bigger",
"cpu": 2,
"ram": 2048,
"ephemeral_disk": 2048
}
]
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/vm_types
When overridden, the default types will be replaced by operator provided sizes. Operators can repeatedly update the list of available sizes, and any jobs using no-longer-available-sizes will be returned to the default of “automatic”.
AWS vm_types also have a raw_instance_storage boolean field.
If you are on AWS, you can optionally provide one under each vm_type in your request body.
If you do not supply it, it defaults to false.
Installation Asset Collection
Exporting an installation asset collection
curl "https://example.com/api/v0/installation_asset_collection" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
GET /api/v0/installation_asset_collection
Resetting an installation
curl "https://example.com/api/v0/installation_asset_collection" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"errands": {
"product_1_guid": {
"run_pre_delete": {
"errand_a": true,
"errand_b": false,
"errand_c": "default"
}
}
}
}'
Example Response
HTTP/1.1 200 OK
{
"install": {
"id": 12
}
}
HTTP Request
DELETE /api/v0/installation_asset_collection
This endpoint allows you to return your Ops Manager to its initial state. All products and BOSH configuration settings will be lost. Files uploaded or downloaded to the "Available Products" namespace will continue to be available. Hitting this endpoint does not reset your UAA login server and only affects Ops Manager, BOSH, and products installed on them.
Query Parameters
| Parameter | Description |
|---|---|
| errands | Hash of products with their enabled errands to run before deleting (Optional) Errands support the following states for pre delete:
|
Importing an installation asset collection
curl "https://example.com/api/v0/installation_asset_collection" \
-X POST \
-F 'installation[file]=@/path/to/installation.zip' \
-F 'passphrase=example-passphrase'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/installation_asset_collection
Ops Manager is now protected by Cloud Foundry UAA for security and multi-user support.
When upgrading from a pre 1.7 version of Ops Manager, a username is automatically created for you, and is set to “admin”. Your password is unchanged. If you are importing a 1.7 or newer installation of Ops Manager, both the username and the password are carried over to the new installation.
In addition to usernames and passwords, Ops Manager will prompt users for a common decryption passphrase upon reboot. The decryption passphrase is currently the same as your password. Change the decryption passphrase before sharing it with other users.
Certificate Authorities
Listing the Root Certificate Authorities
curl "https://example.com/api/v0/certificate_authorities" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"certificate_authorities": [
{
"guid": "f7bc18f34f2a7a9403c3",
"issuer": "Pivotal",
"created_on": "2017-01-09",
"expires_on": "2021-01-09",
"active": true,
"cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgI....etc"
}
]
}
HTTP Request
GET /api/v0/certificate_authorities
This endpoint returns all of the root certificate authorities for OpsManager. The "active" certificate will be used for generating all certs which OpsManager generates.
Create Root Certificate Authorities
curl "https://example.com/api/v0/certificate_authorities" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwI...", "private_key_pem": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCA..."}'
Example Response
HTTP/1.1 200 OK
{
"guid": "f7bc18f34f2a7a9403c3",
"issuer": "Pivotal",
"created_on": "2017-01-19",
"expires_on": "2021-01-19",
"active": false,
"cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNzAxMTgyMTQyMjVaFw0yMTAxMTkyMTQyMjVa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAyV4OhPIIZTEym9OcdcNVip9Ev0ijPPLo9WPLUMzT\nIrpDx3nG/TgD+DP09mwVXfqwBlJmoj9DqRED1x/6bc0Ki/BAFo/P4MmOKm3QnDCt\no+4RUvLkQqgA++2HYrNTKWJ5fsXmERs8lK9AXXT7RKXhktyWWU3oNGf7zo0e3YKp\nl07DdIW7h1NwIbNcGT1AurIDsxyOZy1HVzLDPtUR2MxhJmSCLsOw3qUDQjatjXKw\n82RjcrswjG3nv2hvD4/aTOiHuKM3+AGbnmS2MdIOvFOh/7Y79tUp89csK0gs6uOd\nmyfdxzDihe4DcKw5CzUTfHKNXgHyeoVOBPcVQTp4lJp1iQIDAQABo0IwQDAdBgNV\nHQ4EFgQUyH4y7VEuImLStXM0CKR8uVqxX/gwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBALmHOPxdyBGnuR0HgR9V4TwJ\ntnKFdFQJGLKVT7am5z6G2Oq5cwACFHWAFfrPG4W9Jm577QtewiY/Rad/PbkY0YSY\nrehLThKdkrfNjxjxI0H2sr7qLBFjJ0wBZHhVmDsO6A9PkfAPu4eJvqRMuL/xGmSQ\ntVkzgYmnCynMNz7FgHyFbd9D9X5YW8fWGSeVBPPikcONdRvjw9aEeAtbGEh8eZCP\naBQOgsx7b33RuR+CTNqThXY9k8d7/7ba4KVdd4gP8ynFgwvnDQOjcJZ6Go5QY5HA\nR+OgIzs3PFW8pAYcvWrXKR0rE8fL5o9qgTyjmO+5yyyvWIYrKPqqIUIvMCdNr84=\n-----END CERTIFICATE-----\n"
}
HTTP Request
POST /api/v0/certificate_authorities
This endpoint creates a root certificate authority using the provided certificate pem and private key pem. It will be marked as inactive initially.
Rotate Certificates
curl "https://example.com/api/v0/certificate_authorities/active/regenerate" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/certificate_authorities/active/regenerate
This endpoint enables the rotation of the non-configurable certificates. A POST to this endpoint (see example above) will delete all non-configurable certificates. They will then be regenerated using the ACTIVE CA Cert upon the next apply changes or the next time a manifest is generated.
Generate Root Certificate Authorities
curl "https://example.com/api/v0/certificate_authorities/generate" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{}'
Example Response
HTTP/1.1 200 OK
{
"guid": "f7bc18f34f2a7a9403c3",
"issuer": "Pivotal",
"created_on": "2017-01-19",
"expires_on": "2021-01-19",
"active": false,
"cert_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQsFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNzAxMTgyMTQyMjVaFw0yMTAxMTkyMTQyMjVa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAyV4OhPIIZTEym9OcdcNVip9Ev0ijPPLo9WPLUMzT\nIrpDx3nG/TgD+DP09mwVXfqwBlJmoj9DqRED1x/6bc0Ki/BAFo/P4MmOKm3QnDCt\no+4RUvLkQqgA++2HYrNTKWJ5fsXmERs8lK9AXXT7RKXhktyWWU3oNGf7zo0e3YKp\nl07DdIW7h1NwIbNcGT1AurIDsxyOZy1HVzLDPtUR2MxhJmSCLsOw3qUDQjatjXKw\n82RjcrswjG3nv2hvD4/aTOiHuKM3+AGbnmS2MdIOvFOh/7Y79tUp89csK0gs6uOd\nmyfdxzDihe4DcKw5CzUTfHKNXgHyeoVOBPcVQTp4lJp1iQIDAQABo0IwQDAdBgNV\nHQ4EFgQUyH4y7VEuImLStXM0CKR8uVqxX/gwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQELBQADggEBALmHOPxdyBGnuR0HgR9V4TwJ\ntnKFdFQJGLKVT7am5z6G2Oq5cwACFHWAFfrPG4W9Jm577QtewiY/Rad/PbkY0YSY\nrehLThKdkrfNjxjxI0H2sr7qLBFjJ0wBZHhVmDsO6A9PkfAPu4eJvqRMuL/xGmSQ\ntVkzgYmnCynMNz7FgHyFbd9D9X5YW8fWGSeVBPPikcONdRvjw9aEeAtbGEh8eZCP\naBQOgsx7b33RuR+CTNqThXY9k8d7/7ba4KVdd4gP8ynFgwvnDQOjcJZ6Go5QY5HA\nR+OgIzs3PFW8pAYcvWrXKR0rE8fL5o9qgTyjmO+5yyyvWIYrKPqqIUIvMCdNr84=\n-----END CERTIFICATE-----\n"
}
HTTP Request
POST /api/v0/certificate_authorities/generate
This endpoint generates an additional root certificate authority. It will be marked as inactive initially.
Activate a Root Certificate Authority
curl "https://example.com/api/v0/certificate_authorities/example-cert-guid/activate" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/certificate_authorities/:certificate_authority_guid/activate
This endpoint will make the specified root certificate authority active, and all others inactive.
Deleting a Root Certificate Authority
curl "https://example.com/api/v0/certificate_authorities/:guid" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
DELETE /api/v0/certificate_authorities/:certificate_authority_guid
This endpoint will delete a specific certificate authority OpsManager. Only "inactive" certificates can be deleted.
ADVANCED
UAA Settings
Viewing token expiration times
curl "https://example.com/api/v0/uaa/tokens_expiration" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"tokens_expiration": {
"access_token_expiration": 100,
"refresh_token_expiration": 1200
}
}
HTTP Request
GET /api/v0/uaa/tokens_expiration
This endpoint allows you to view the currently set expiration times for UAA access and refresh tokens.
Changing token expiration times
curl "https://example.com/api/v0/uaa/tokens_expiration" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"tokens_expiration": {"access_token_expiration": 200, "refresh_token_expiration": 1400}}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/uaa/tokens_expiration
Changes the current access & refresh token expirations for Ops Manager UAA and restarts the UAA
Query Parameters
| Parameter | Description |
|---|---|
| tokens_expiration[access_token_expiration] | Time in seconds until the access token expires |
| tokens_expiration[refresh_token_expiration] | Time in seconds until the refresh token expires |
Setting precreated-client secret
curl "https://example.com/api/v0/uaa/precreated_client" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"precreated_client": {"precreated_client_secret": "this-is-my-secret"}}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/uaa/precreated_client
Sets the secret for the precreated-client in OpsManager's UAA configuration
Query Parameters
| Parameter | Description |
|---|---|
| precreated_client[precreated_client_secret] | Secret of the precreated-client in OpsManager's UAA |
RBAC Settings
Enabling Role-Based Access Controls (RBAC)
curl "https://example.com/api/v0/settings/rbac" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
POST /api/v0/settings/rbac
This endpoint allows you to enable Role-Based Access Controls (RBAC) for Ops Manager. Once Role Based Access Control has been enabled, the action cannot be undone. After enabling RBAC, only the Ops Manager's Admin user will be able to log in. The admin user can then configure the access controls for other users.
Setting the SAML RBAC Configuration
curl "https://example.com/api/v0/settings/rbac" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"rbac_saml_admin_group": "example_group_name", "rbac_saml_groups_attribute": "example_attribute_name"}'
Example Response
HTTP/1.1 200 OK
{}
Setting the LDAP RBAC Configuration
curl "https://example.com/api/v0/settings/rbac" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{"ldap_rbac_admin_group_name": "cn=opsmgradmins,ou=groups,dc=mycompany,dc=com"}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/settings/rbac
This endpoint is only available when you are using SAML or LDAP authentication. You can use this API to configure these settings before enabling RBAC, and also to update these settings for an RBAC-enabled OpsManager.
When enabling RBAC for an Ops Manager which is configured to use SAML authentication, there are two required settings.
The
rbac_saml_admin_groupparameter should be the name of the group which is defined in your SAML server. Any user in this group will be granted admin privileges when they log in to Ops Manager. If you are not a member of this group, you will no longer be able to log in to Ops Manager after enabling RBAC.The
rbac_saml_groups_attributeparameter should be the name of the XML attribute which your SAML server uses to communicate users' group membership in SAML assertions. You may need to configure your SAML server to enable sending group membership at this attribute name. Please refer to your SAML server documentation for more information as there is no standard method for doing this.
When enabling RBAC for an Ops Manager which is configured to use LDAP authentication, there is one required setting.
- The
ldap_rbac_admin_group_nameparameter should be the Distinguished Name of the group which is defined in your LDAP server. Any user in this group will be granted admin privileges when they log in to Ops Manager. If you are not a member of this group, you will no longer be able to log in to Ops Manager after enabling RBAC.
Query Parameters
| Parameter | Description |
|---|---|
| rbac_saml_admin_group | The name of the SAML group that contains all of the Ops Manager administrators. This can only be used if your OpsManager is configured to use SAML. |
| rbac_saml_groups_attribute | The groups attribute tag name with which you configured the SAML server. This can only be used if your OpsManager is configured to use SAML. |
| ldap_rbac_admin_group_name | The name of the LDAP group that contains all of the Ops Manager administrators. This can only be used if your OpsManager is configured to use LDAP. |
Custom Banner Settings
Getting the Custom Banners
curl "https://example.com/api/v0/settings/banner" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"ui_banner_contents": "This is the banner that shows up in the OpsManager UI.",
"ssh_banner_contents": "This is the banner that will show up when someone SSHes on the OpsManager."
}
HTTP Request
GET /api/v0/settings/banner
Get the current value of the custom banner text.
The ui_banner_contents text will be shown in a banner in the Operations Manager web
UI on every page. By default this is null which means that no banner will be shown.
The ssh_banner_contents text will be shown as the SSH banner whenever a user connects to an OpsManager over SSH.
By default this is null which means that no banner will be shown.
Setting the Custom Banners
curl "https://example.com/api/v0/settings/banner" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"ui_banner_contents": "This is the banner that shows up in the OpsManager UI.",
"ssh_banner_contents": "This is the banner that will show up when someone SSHes on the OpsManager."
}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/settings/banner
Set the values of custom banners.
Query Parameters
| Parameter | Description |
|---|---|
| ui_banner_contents | This text will be shown in a banner in the Operations Manager web UI on every page. By default this is null which means that no banner will be shown. |
| ssh_banner_contents | This text will be shown as the SSH banner whenever a user connects to an OpsManager over SSH. By default this is null which means that no banner will be shown. |
Custom Syslog Settings
Getting the Syslog
curl "https://example.com/api/v0/settings/syslog" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response when it is configured
HTTP/1.1 200 OK
{
"syslog": {
"enabled": true,
"address": "1.2.3.4",
"port": "514",
"transport_protocol": "tcp",
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"queue_size": null,
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Response when it is not configured
HTTP/1.1 200 OK
{
"syslog": {
"enabled": false,
"address": null,
"port": null,
"transport_protocol": null,
"tls_enabled": false,
"permitted_peer": null,
"ssl_ca_certificate": null,
"queue_size": null,
"forward_debug_logs": false,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
HTTP Request
GET /api/v0/settings/syslog
Get the current Syslog configuration for OpsManager.
Updating the Syslog configuration
Example Request to update address
curl "https://example.com/api/v0/settings/syslog" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"syslog": {
"enabled": true,
"address": "5.6.7.8",
"port": "514",
"transport_protocol": "tcp",
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"queue_size": 100000,
"forward_debug_logs": true,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}'
Example Response
HTTP/1.1 200 OK
{
"syslog": {
"enabled": true,
"address": "5.6.7.8",
"port": "514",
"transport_protocol": "tcp",
"tls_enabled": true,
"permitted_peer": "*.example.com",
"ssl_ca_certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"queue_size": 100000,
"forward_debug_logs": true,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}
Example Request with missing tls parameters
curl "https://example.com/api/v0/settings/syslog" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"syslog": {
"enabled": true,
"address": "5.6.7.8",
"port": "514",
"transport_protocol": "tcp",
"tls_enabled": true,
"queue_size": null,
"forward_debug_logs": null,
"custom_rsyslog_configuration": "if $message contains 'test' then stop"
}
}'
Example Response
HTTP/1.1 422 Unprocessible Entity
{
"errors": {
"syslog": {
"ssl_ca_certificate": [
"can't be blank"
],
"permitted_peer": [
"can't be blank"
]
}
}
}
HTTP Request
PUT /api/v0/settings/syslog
Set the values of the current Syslog configuration for OpsManager.
Query Parameters
| Parameter | Description |
|---|---|
| transport_protocol | Defaults to tcp. Can be either tcp or udp |
Custom SSL Certificate Settings
Getting the SSL Certificate
curl "https://example.com/api/v0/settings/ssl_certificate" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response when it is configured
HTTP/1.1 200 OK
{
"ssl_certificate": {
"certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug..."
}
}
Example Response when it is not configured
HTTP/1.1 200 OK
{
"ssl_certificate": {
"certificate": null
}
}
HTTP Request
GET /api/v0/settings/ssl_certificate
Get the current custom SSL certificate for OpsManager.
Updating the SSL Certificate
curl "https://example.com/api/v0/settings/ssl_certificate" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"ssl_certificate": {
"certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"private_key": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIBswoijfsA..."
}
}'
Example Response when it is valid
HTTP/1.1 200 OK
{
"ssl_certificate": {
"certificate": "-----BEGIN CERTIFICATE-----\r\nMIIBsjCCARug...",
"private_key": "-----BEGIN RSA PRIVATE KEY-----\r\nMIIBswoijfsA..."
}
}
Example Response when it is not valid
HTTP/1.1 422 Unprocessible Entity
{
"errors": {
"ssl_certificate": {
"certificate": ["is invalid"]
}
}
}
HTTP Request
PUT /api/v0/settings/ssl_certificate
Set the values for the custom SSL certificate for OpsManager.
Deleting the SSL Certificate
curl "https://example.com/api/v0/settings/ssl_certificate" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
DELETE /api/v0/settings/ssl_certificate
Remove the custom SSL certificate for OpsManager and revert to the provided self-signed SSL certificate.
Metadata
Migrating metadata
curl "https://example.com/api/v0/metadata/migrate" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-F 'metadata[file]=@/path/to/component-type1.yml'
Example Response
HTTP/1.1 200 OK
{
"metadata": "---\nname: component-type1\nproduct_version: 1.0.0.0\nmetadata_version: '1.7'\nreleases:\n- name: component-type1-release-name\n file: component-type1-release-file\n version: component-type1-release-version\n md5: component-type1-release-md5\nlabel: component-type1-label\ndescription: component-type1-description\nrank: 1\nprovides_product_versions:\n- name: component-type1\n version: 1.0.0.0\nrequires_product_versions:\n- name: component-type2\n version: \"~> 1.0.0\"\nserial: true\nform_types:\n- name: job-type1\n label: job-type1-label\n description: job-type1-description\n property_inputs:\n - reference: \".job-type1.property-definition1\"\n label: property-definition1-label\n- name: job-type3\n label: job-type3-label\n description: job-type3-description\n property_inputs:\n - reference: \".job-type3.http-url\"\n label: HTTP URL\n - reference: \".job-type3.domain\"\n label: Domain\n - reference: \".job-type3.ip-ranges\"\n label: IP Ranges\n - reference: \".job-type3.ip-address\"\n label: IP Address\n - reference: \".job-type3.email\"\n label: E-mail\n - reference: \".job-type3.port\"\n label: Port\n - reference: \".job-type3.integer\"\n label: Integer\n - reference: \".job-type3.boolean\"\n label: Boolean\n - reference: \".job-type3.string\"\n label: String\n - reference: \".job-type3.smtp-authentication\"\n label: SMTP Authentication\n - reference: \".job-type3.network-address\"\n label: Network Address\n - reference: \".job-type3.simple-credentials\"\n label: Simple credentials\n - reference: \".job-type3.rsa-cert-credentials\"\n label: RSA PEM and Certificate\n - reference: \".job-type3.ca-certificate\"\n label: CA Certificate PEM\n - reference: \".job-type3.checkboxes\"\n label: Checkboxes\n - reference: \".job-type3.erlang-config\"\n label: Erlang Configuration\njob_types:\n- name: job-type1\n resource_label: job-type1-resource-label\n resource_definitions:\n - name: ram\n type: integer\n label: RAM\n configurable: true\n default: 1\n - name: ephemeral_disk\n type: integer\n label: Ephemeral Disk\n configurable: true\n default: 2\n - name: persistent_disk\n type: integer\n label: Persistent Disk\n configurable: true\n default: 3\n constraints:\n min: 1\n - name: cpu\n type: integer\n label: CPU\n configurable: true\n default: 4\n static_ip: 1\n dynamic_ip: 0\n max_in_flight: 1\n property_blueprints:\n - name: property-definition1\n type: domain\n configurable: true\n - name: property-definition2\n type: string\n configurable: false\n - name: property-definition3\n type: secret\n configurable: false\n manifest: |\n job_name: job-type1\n properties:\n property1: (( property-definition1.value ))\n property2: (( .job-type1.property-definition2.typed_value.value ))\n property3: (( .job-type1.property-definition3.typed_value.value ))\n templates:\n - name: job-type1-template\n release: component-type1-release-name\n instance_definition:\n configurable: true\n default: 1\n single_az_only: false\n- name: job-type2\n resource_label: job-type2-resource-label\n resource_definitions:\n - name: ram\n type: integer\n label: RAM\n configurable: true\n default: 1024\n - name: ephemeral_disk\n type: integer\n label: Ephemeral Disk\n configurable: true\n default: 2048\n - name: persistent_disk\n type: integer\n label: Persistent Disk\n configurable: true\n default: 8192\n constraints:\n min: 1\n - name: cpu\n type: integer\n label: CPU\n configurable: true\n default: 1\n static_ip: 1\n dynamic_ip: 0\n max_in_flight: 1\n property_blueprints: []\n manifest: |\n job_name: job-type2\n templates:\n - name: job-type2-template\n release: component-type1-release-name\n instance_definition:\n default: 1\n single_az_only: false\n- name: job-type3\n resource_label: job-type3-resource-label\n resource_definitions:\n - name: ram\n type: integer\n label: RAM\n configurable: true\n default: 1024\n - name: ephemeral_disk\n type: integer\n label: Ephemeral Disk\n configurable: true\n default: 2048\n - name: persistent_disk\n type: integer\n label: Persistent Disk\n configurable: true\n default: 8192\n constraints:\n min: 1\n - name: cpu\n type: integer\n label: CPU\n configurable: true\n default: 1\n static_ip: 1\n dynamic_ip: 0\n max_in_flight: 1\n property_blueprints:\n - name: http-url\n type: http_url\n configurable: true\n default: http://default.example.com\n - name: domain\n type: domain\n configurable: true\n default: default.domain.com\n - name: ip-ranges\n type: ip_ranges\n configurable: true\n default: 1.2.3.4-1.2.3.10,2.3.4.5-2.3.4.9\n - name: ip-address\n type: ip_address\n configurable: true\n default: 1.2.3.4\n - name: email\n type: email\n configurable: true\n default: email@example.com\n - name: port\n type: port\n configurable: true\n default: 80\n - name: integer\n type: integer\n configurable: true\n default: 32\n constraints:\n min: 1\n max: 32\n - name: boolean\n type: boolean\n configurable: true\n default: false\n - name: string\n type: string\n configurable: true\n default: Some Text\n - name: smtp-authentication\n type: smtp_authentication\n configurable: true\n default: cram_md5\n - name: network-address\n type: network_address\n configurable: true\n default: 1.2.3.4\n - name: simple-credentials\n type: simple_credentials\n configurable: true\n - name: rsa-cert-credentials\n type: rsa_cert_credentials\n optional: true\n configurable: true\n - name: ca-certificate\n type: ca_certificate\n optional: true\n configurable: true\n - name: checkboxes\n type: multi_select_options\n configurable: true\n optional: true\n options:\n - name: checkbox1\n label: Checkbox 1\n - name: checkbox2\n label: Checkbox 2\n - name: checkbox3\n label: Checkbox 3\n - name: erlang-config\n type: text\n configurable: true\n optional: true\n manifest: |\n job_name: job-type3\n templates:\n - name: job-type3-template\n release: component-type1-release-name\n instance_definition:\n default: 1\n single_az_only: false\n- name: compilation\n resource_label: compilation-resource-label\n resource_definitions:\n - name: ram\n type: integer\n label: RAM\n configurable: true\n default: 1024\n - name: ephemeral_disk\n type: integer\n label: Ephemeral Disk\n configurable: true\n default: 2048\n - name: persistent_disk\n type: integer\n label: Persistent Disk\n configurable: true\n default: 8192\n constraints:\n min: 1\n - name: cpu\n type: integer\n label: CPU\n configurable: true\n default: 1\n static_ip: 1\n dynamic_ip: 0\n max_in_flight: 1\n instance_definition:\n default: 1\n single_az_only: false\noriginal_metadata_version: '1.6'\ndeprecated_tile_image: component-type1-image\nicon_image: \nstemcell_criteria:\n os: ubuntu-trusty\n version: '9000'\nminimum_version_for_upgrade: 0.0.0.0\n"
}
HTTP Request
POST /api/v0/metadata/migrate
Query Parameters
| Parameter | Description |
|---|---|
| metadata[file] | Metadata file |
Manifests
Generating a manifest for a staged product
curl "https://example.com/api/v0/staged/products/component-type1-guid/manifest" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"manifest": {
"name": "component-type1-installation-name",
"releases": [
{
"name": "release-17",
"version": "2"
}
],
"networks": [
{
"name": "net-subnet-guid",
"subnets": [
{
"range": "192.168.163.0/24",
"gateway": "192.168.163.2",
"dns": [
"192.168.163.1"
],
"static": [
],
"reserved": [
"192.168.163.1",
"192.168.163.3-192.168.163.7",
"192.168.163.9-192.168.163.254"
],
"cloud_properties": {
"name": "vsphere-network"
}
}
]
}
],
"resource_pools": [
],
"compilation": {
"reuse_compilation_vms": true,
"workers": 1,
"network": "net-subnet-guid",
"cloud_properties": {
"ram": 1024,
"disk": 2048,
"cpu": 1,
"datacenters": [
{
"clusters": [
{
"vsphere-cluster": {
}
}
]
}
]
}
},
"update": {
"canaries": 1,
"canary_watch_time": "30000-300000",
"update_watch_time": "30000-300000",
"max_in_flight": 1,
"max_errors": 2,
"serial": false
},
"instance_groups": [
],
"disk_pools": [
]
}
}
HTTP Request
GET /api/v0/staged/products/:product_guid/manifest
To view the manifest for a product, replace :product_guid with the appropriate guid.
Retrieving manifest for a deployed product
curl "https://example.com/api/v0/deployed/products/component-type1-guid/manifest" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"name": "component-type1-installation-name",
"releases": [
{
"name": "component-type1-release-name",
"version": "component-type1-release-version"
}
],
"networks": [
{
"name": "default",
"subnets": [
{
"range": "192.168.163.0/24",
"gateway": "192.168.163.2",
"dns": [
"192.168.163.3",
"192.168.163.1"
],
"static": [
"192.168.163.4",
"192.168.163.5",
"192.168.163.6",
"192.168.163.7"
],
"reserved": [
"192.168.163.1",
"192.168.163.3",
"192.168.163.10-192.168.163.100",
"192.168.163.103-192.168.163.254"
],
"cloud_properties": {
"name": "vsphere-network"
}
}
]
}
],
"resource_pools": [
{
"name": "job-type1-installation-name",
"stemcell": {
"name": "component-type1-stemcell-name",
"version": "component-type1-stemcell-version"
},
"network": "default",
"size": 1,
"cloud_properties": {
"ram": 1,
"disk": 2,
"cpu": 4,
"datacenters": [
{
"clusters": [
{
"vsphere-cluster": {
"resource_pool": null
}
}
]
}
]
},
"env": {
"bosh": {
"password": "example-vm-password-hashed"
}
}
},
{
"name": "job-type2-installation-name",
"stemcell": {
"name": "component-type1-stemcell-name",
"version": "component-type1-stemcell-version"
},
"network": "default",
"size": 1,
"cloud_properties": {
"ram": 1024,
"disk": 2048,
"cpu": 1,
"datacenters": [
{
"clusters": [
{
"vsphere-cluster": {
"resource_pool": null
}
}
]
}
]
},
"env": {
"bosh": {
"password": "example-vm-password-hashed"
}
}
},
{
"name": "job-type3-installation-name",
"stemcell": {
"name": "component-type1-stemcell-name",
"version": "component-type1-stemcell-version"
},
"network": "default",
"size": 1,
"cloud_properties": {
"ram": 1024,
"disk": 2048,
"cpu": 1,
"datacenters": [
{
"clusters": [
{
"vsphere-cluster": {
"resource_pool": null
}
}
]
}
]
},
"env": {
"bosh": {
"password": "example-vm-password-hashed"
}
}
}
],
"compilation": {
"workers": 1,
"network": "default",
"cloud_properties": {
"ram": 1024,
"disk": 2048,
"cpu": 1
}
},
"update": {
"canaries": 1,
"canary_watch_time": "30000-300000",
"update_watch_time": "30000-300000",
"max_in_flight": 1,
"max_errors": 2,
"serial": false
},
"instance_groups": [
{
"name": "job-type1-installation-name",
"template": "job-type1-template",
"release": "component-type1-release-name",
"lifecycle": "service",
"resource_pool": "job-type1-installation-name",
"instances": 1,
"persistent_disk": 3,
"networks": [
{
"name": "default",
"static_ips": [
"192.168.163.4"
],
"default": [
"dns",
"gateway"
]
}
],
"update": {
"max_in_flight": 5,
"canaries": 2,
"serial": false
},
"properties": {
"job_name": "job-type1"
}
},
{
"name": "job-type2-installation-name",
"template": "job-type2-template",
"release": "component-type1-release-name",
"lifecycle": "service",
"resource_pool": "job-type2-installation-name",
"instances": 1,
"persistent_disk": 8192,
"networks": [
{
"name": "default",
"static_ips": [
"192.168.163.5"
],
"default": [
"dns",
"gateway"
]
}
],
"update": {
"max_in_flight": 1
},
"properties": {
"job_name": "job-type2"
}
},
{
"name": "job-type3-installation-name",
"template": "job-type3-template",
"release": "component-type1-release-name",
"lifecycle": "service",
"resource_pool": "job-type3-installation-name",
"instances": 1,
"persistent_disk": 8192,
"networks": [
{
"name": "default",
"static_ips": [
"192.168.163.6"
],
"default": [
"dns",
"gateway"
]
}
],
"update": {
"max_in_flight": 1
},
"properties": {
"job_name": "job-type3"
}
}
]
}
Example Response when Manifest Does Not Exist
HTTP/1.1 404 Not Found
{
"errors": {
"base": [
"Manifest could not be found"
]
}
}
HTTP Request
GET /api/v0/deployed/products/:product_guid/manifest
To view the manifest for a product, replace :product_guid with the appropriate guid.
Query Parameters
| Parameter | Description |
|---|---|
| mode | (Optional) Can be either last_successful or last_attempted. The default behavior is last_attempted |
Custom Manifest Operations (EXPERIMENTAL)
Getting a List of All Manifest Operations
curl "https://example.com/api/v0/staged/director/manifest_operations/add_job_to_instance_group" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"add_job_to_instance_group": [
{
"guid": "op-73f3bf6a4794",
"product_guid": "p-bosh-ffdfee501e5b108a9046",
"instance_group": "bosh",
"job_name": "watcher",
"release_name": "clamav",
"release_url": "https://example.com/clamav-1.2.3.tgz",
"release_sha1": "3d8ce8f0000c54e8cae990e7c010f10b52b54e6f",
"job_properties": {"options": "for-clamav"}
},
{
"guid": "op-94f7bf4a7724",
"product_guid": "p-bosh-ffdfee501e5b108a9046",
"instance_group": "bosh",
"job_name": "other_job",
"release_name": "clamav",
"release_url": "https://example.com/clamav-1.2.3.tgz",
"release_sha1": "3d8ce8f0000c54e8cae990e7c010f10b52b54e6f",
"job_properties": {"other_options": "for_other_job"}
}
]
}
HTTP Request
GET /api/v0/staged/director/manifest_operations/add_job_to_instance_group
Get a list of all add_job_to_instance_group type operations which were previously added to the BOSH Director tile
using the POST endpoint documented below.
Deleting a Manifest Operation
curl "https://example.com/api/v0/staged/director/manifest_operations/add_job_to_instance_group/op-guid-123456" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 204 NO CONTENT
HTTP Request
DELETE /api/v0/staged/director/manifest_operations/add_job_to_instance_group/op-guid-123456
Delete an individual add_job_to_instance_group type operation which was previously added to the BOSH Director tile
using the POST endpoint documented below.
Adding a Job to the Director VM
Example Request to add a custom Job to the Director VM
curl "https://example.com/api/v0/staged/director/manifest_operations/add_job_to_instance_group" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{
"add_job_to_instance_group": {
"instance_group": "bosh",
"job_name": "watcher",
"release_name": "clamav",
"release_url": "https://example.com/clamav-1.2.3.tgz",
"release_sha1": "3d8ce8f0000c54e8cae990e7c010f10b52b54e6f",
"job_properties": {"options": "for-clamav"}
}
}'
Example Response
HTTP/1.1 201 CREATED
{
"add_job_to_instance_group": {
"guid": "op-73f3bf6a4794",
"product_guid": "p-bosh-ffdfee501e5b108a9046",
"instance_group": "bosh",
"job_name": "watcher",
"release_name": "clamav",
"release_url": "https://example.com/clamav-1.2.3.tgz",
"release_sha1": "3d8ce8f0000c54e8cae990e7c010f10b52b54e6f",
"job_properties": {"options": "for-clamav"}
}
}
HTTP Request
POST /api/v0/staged/director/manifest_operations/add_job_to_instance_group
Add an arbitrary job to the BOSH Director VM. For example, this could be used to run your favorite anti-virus software on the Director VM, assuming that the anti-virus software has already been packaged as a BOSH release.
Note that if you delete the BOSH Director tile, and then install the BOSH Director tile again, your manifest operations which were bound to the original BOSH Director tile will no longer apply. However, you can use this endpoint to add them again.
Parameters
| Parameter | Description |
|---|---|
| instance_group | The name of the instance group (VMs) on which you would like to add a job. For now, this must be "bosh". |
| This was included for future-proofing reasons. (Required) | |
| release_name | The name of the BOSH release that you would like to use on the Director VM. (Required) |
| release_url | An http or https URL, which must be reachable by the OpsManager VM, used to download your |
| BOSH release file during Apply Changes. (Required) | |
| release_sha1 | The SHA1 checksum of the release file. Required when the release_url is http or https (so, for now, always required). (Required) |
| job_name | The name of the job from the reference BOSH release that you would like to add to the Director VM. (Required) |
| job_properties | The properties of your job, used to configure the software which you are installing on the |
| Director VM. This must be a hash, but can be an empty hash if you have no configuration for your | |
| job. (Required) |
Diffs
Fetching the BOSH Director diff
This endpoint will return the diff of the manifest, cloud config, CPI configs, and runtime configs between the staged state and last successful deployment of the BOSH director.
curl "https://example.com/api/v0/director/diff" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"manifest": {
"status": "different",
"diff": " properties:\n+ host: example.com\n- host: localhost"
},
"cloud_config": {
"status": "same",
"diff": ""
},
"runtime_configs": [
{
"name": "opsmanager_dns_runtime_config",
"status": "different",
"diff": " addons:\n - name: opsmanager_dns\n jobs:\n - name: bosh-dns\n properties:\n+ timeout: 100\n- timeout: 30"
},
{
"name": "director_runtime_config",
"status": "to_be_deleted",
"diff": null
}
],
"cpi_configs": [
{
"guid": "71706aab76be17f1e06e",
"iaas_configuration_name": "default",
"status": "to_be_installed",
"diff": null
}
]
}
HTTP Request
GET /api/v0/director/diff
Fetching a product diff
This endpoint will return the diff of the manifest and runtime configs between the staged state and last successful deployment of a product.
curl "https://example.com/api/v0/products/:product_guid/diff" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"manifest": {
"status": "different",
"diff": " properties:\n+ host: example.com\n- host: localhost"
},
"runtime_configs": [
{
"name": "a-runtime-config",
"status": "different",
"diff": " addons:\n - name: a-runtime-config\n jobs:\n - name: a-job\n properties:\n+ timeout: 100\n- timeout: 30"
}
]
}
HTTP Request
GET /api/v0/products/:product_guid/diff
Base Release URL
Get active base releases url
curl "https://example.com/api/v0/staged/products/product-type1-guid/base_releases_url" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"base_releases_url": "https://example.com/releases"
}
HTTP Request
GET /api/v0/staged/products/:id/base_releases_url
Light tiles contain pointers to installation binaries and these pointers can be changed in circumstances where the default location is inaccessible (e.g. in an airgapped or firewalled network).
Update active base releases url
curl "https://example.com/api/v0/staged/products/product-type1-guid/base_releases_url" \
-X PUT \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "base_releases_url": "https://mirror.example.com/releases" }'
Example Response
HTTP/1.1 200 OK
{
"base_releases_url": "https://mirror.example.com/releases"
}
HTTP Request
PUT /api/v0/staged/products/:id/base_releases_url
When base_releases_url is set, the default pointers are ignored and BOSH attempts to download releases from the location specified.
Query Parameters
| Parameter | Description |
|---|---|
| base_releases_url | New base releases url |
Reset active base releases url
Resets to the default specified in the product template.
curl "https://example.com/api/v0/staged/products/product-type1-guid/base_releases_url" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"base_releases_url": "https://example.com/releases"
}
HTTP Request
DELETE /api/v0/staged/products/:id/base_releases_url
Sessions
Logging out all active users
Only one user can be active in Pivotal Ops Manager at a time. For API users, we consider a user to be active during the period between their last request and when their token expires. This endpoint will make inactive all API users and log out all UI users, including yourself, allowing a new user to log in or make API requests.
curl "https://example.com/api/v0/sessions" \
-X DELETE \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
DELETE /api/v0/sessions
Fetching the current session
The session information for the current API user can be retrieved from this endpoint. This information includes the current username and permissions.
curl "https://example.com/api/v0/sessions/current" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"session": {
"username": "admin-user",
"permissions": {
"can_write": true
}
}
}
HTTP Request
GET /api/v0/sessions/current
Unlock
Unlocking with the encryption passphrase
When the application reboots after initial setup, it requires an operator to enter the decryption passphrase once to unlock its internal datastore.
curl "https://example.com/api/v0/unlock" \
-X PUT \
-H "Content-Type: application/json" \
-d '{"passphrase": "example-passphrase"}'
Example Response
HTTP/1.1 200 OK
{}
HTTP Request
PUT /api/v0/unlock
Query Parameters
| Parameter | Description |
|---|---|
| passphrase | Decryption passphrase |
Security
Returning the Root CA Certificate
This returns the public key of the Root CA Certificate
curl "https://example.com/api/v0/security/root_ca_certificate" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"root_ca_certificate_pem": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNjA0MTExNTE0NTFaFw0yMDA0MTIxNTE0NTFa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAru6dVTEFWsA0SNg2peiQVOcDu/xM9RtKc8YOqio6\nTsouA5pMHbGtvHOYVhuYZZPsN3X5mTdPOb27y3mgyw/eRrN6ycTMmYG9MLZUBNu7\nAUe+JKjupS5h73Txo62nkRUeDpf+4w+ZrMDwQqjeWZ6+FusVyyo+DrP88jRiymxy\nl/XBqBrfs40Sq8plwP42hZI6fGSdtAGbWIGmha3vwvrlaWpkyfBUOdvf2aLVlu8u\nTpzyTQ6fOnjTNP3KolKPUzvOhmRDBEC02jGy7oNvJR67bd0ZbPJzqepHFgrFmB/Z\n5zAyL08EoGD2eb3J3KRqMrSGC75CO/n490iT32kQ92EMxwIDAQABo0IwQDAdBgNV\nHQ4EFgQU23Zk5rl6JqAVIyyn7c5kHpqU2vQwDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAEFSudPNo5j86kpN/qXDyNpS\ndW+ERkBi+5HY56LG68V2Xp4B/L/rLCqMeS8kSWcTp+lA5mgciwgZbBlqHF+/Rvet\nuoLNz7L/HC1zadhjmj9bWnkoiXdrQFlTXasW7nmB81gZr2VDhRchsstGiVSTST2v\n7YjHC34GGHC6wqXXhtb85kGQQmwwh1K3snzreHrlf7O/mKVkTKcMBRHOWTuFUCOM\nPPx/ZdKGHd/6lBUaKJOJxr+5S8+DW6NORduxZn+N9QiK8fvGZIFzU8Xd6cr2iWSz\nVElVm2rLaHK1Z/WYqUEsLwJGDbaS7+g8D8InZteKh4DNIQIK+e1rt5rDMl8sbsI=\n-----END CERTIFICATE-----\n"
}
HTTP Request
GET /api/v0/security/root_ca_certificate
Certificates
Generating New Certificates
This returns a new RSA public/private certificate signed by Ops Manager's root CA certificate. The returned certificate is not stored by Ops Manager. The domain(s) specified in the request must be valid domain names and must be wildcard domains.
curl "https://example.com/api/v0/certificates/generate" \
-X POST \
-H "Authorization: Bearer UAA_ACCESS_TOKEN" \
-H "Content-Type: application/json" \
-d '{ "domains": ["*.example.com", "*.sub.example.com"] }'
Example Response
HTTP/1.1 200 OK
{
"certificate": "-----BEGIN CERTIFICATE-----\nMIIDTzCCAjegAw...\n-----END CERTIFICATE-----\n",
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEowIBAAKCAQ...\n-----END RSA PRIVATE KEY-----\n"
}
HTTP Request
POST /api/v0/certificates/generate
Getting Information About Certificates from Products
This returns information about all of the RSA and CA certificates for the deployed BOSH Director and the other deployed products. This includes any product properties of type "rsa_cert_credentials" or "ca_certificate" as well as credhub-generated certificates for BOSH DNS.
The location will indicate where the certificate was generated (either "ops_manager" or "credhub").
Certificate authorities tracked by OpsManager are returned in the list and are marked as "is_ca": true.
Learn how to perform a certificate rotation by following the steps listed in the documentation for Managing Certificates.
curl "https://example.com/api/v0/deployed/certificates?expires_within=3m" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"certificates": [
{
"configurable": false,
"is_ca": true,
"property_reference": ".properties.nats_client_ca.b7640db782ba9547703c",
"property_type": "rsa_cert_credentials",
"product_guid": "ops_manager",
"location": "ops_manager",
"variable_path": null,
"issuer": "/C=US/O=Pivotal/CN=bosh-nats-ca",
"valid_from": "2019-07-11T17:11:16Z",
"valid_until": "2023-07-12T17:11:16Z"
},
{
"configurable": false,
"is_ca": true,
"property_reference": ".properties.root_ca.b7640db782ba9547703c",
"property_type": "rsa_cert_credentials",
"product_guid": "ops_manager",
"location": "ops_manager",
"variable_path": null,
"issuer": "/C=US/O=Pivotal",
"valid_from": "2019-07-11T17:11:16Z",
"valid_until": "2023-07-12T17:11:16Z"
},
{
"issuer": "/C=US/O=Pivotal",
"valid_from": "2017-02-23T19:31:00Z",
"valid_until": "2019-02-23T19:31:00Z",
"configurable": false,
"is_ca": false,
"property_reference": ".properties.director_ssl",
"property_type": "rsa_cert_credentials",
"product_guid": "p-bosh-47f3d0d7ef2f573fbc95",
"location": "ops_manager",
"variable_path": null
},
{
"issuer": "/C=US/O=Pivotal",
"valid_from": "2017-02-23T19:31:00Z",
"valid_until": "2019-02-23T19:31:00Z",
"configurable": false,
"is_ca": false,
"property_reference": ".properties.director_uaa",
"property_type": "rsa_cert_credentials",
"product_guid": "p-bosh-47f3d0d7ef2f573fbc95",
"location": "ops_manager",
"variable_path": null
},
{
"issuer": "/C=US/O=Pivotal",
"valid_from": "2017-02-23T19:31:00Z",
"valid_until": "2019-02-23T19:31:00Z",
"configurable": false,
"is_ca": false,
"property_reference": ".properties.director_agent_ssl",
"property_type": "rsa_cert_credentials",
"product_guid": "p-bosh-47f3d0d7ef2f573fbc95",
"location": "ops_manager",
"variable_path": null
},
{
"issuer": "/C=US/O=Pivotal",
"valid_from": "2017-02-23T19:31:00Z",
"valid_until": "2019-02-23T19:31:00Z",
"configurable": false,
"is_ca": false,
"property_reference": ".properties.credhub_ssl",
"property_type": "rsa_cert_credentials",
"product_guid": "p-bosh-47f3d0d7ef2f573fbc95",
"location": "ops_manager",
"variable_path": null
},
{
"issuer": "/C=US/O=Pivotal",
"valid_from": "2017-02-23T19:52:52Z",
"valid_until": "2019-02-23T19:52:52Z",
"configurable": false,
"is_ca": false,
"property_reference": ".properties.saml_service_provider_cert",
"property_type": "rsa_cert_credentials",
"product_guid": "p-bosh-47f3d0d7ef2f573fbc95",
"location": "ops_manager",
"variable_path": null
},
{
"issuer": "/C=US/O=Pivotal",
"valid_from": "2017-02-23T19:53:39Z",
"valid_until": "2019-02-23T19:53:39Z",
"configurable": false,
"is_ca": false,
"property_reference": ".web_server.generated_rsa_cert_credentials",
"property_type": "rsa_cert_credentials",
"product_guid": "example-product-80d0bf959909df5741ef",
"location": "ops_manager",
"variable_path": null
},
{
"issuer": "/C=US/O=Pivotal",
"valid_from": "2017-02-23T19:52:52Z",
"valid_until": "2019-02-23T19:52:52Z",
"configurable": true,
"is_ca": false,
"property_reference": ".web_server.configured_rsa_cert_credentials",
"property_type": "rsa_cert_credentials",
"product_guid": "example-product-80d0bf959909df5741ef",
"location": "ops_manager",
"variable_path": null
},
{
"issuer": "/CN=opsmgr-bosh-dns-tls-ca",
"valid_from": "2018-08-10T21:07:38Z",
"valid_until": "2019-08-10T21:07:38Z",
"configurable": false,
"is_ca": false,
"property_reference": null,
"property_type": null,
"product_guid": null,
"location": "credhub",
"variable_path": "/bosh_dns_health_server_tls"
},
{
"issuer": "/CN=opsmgr-bosh-dns-tls-ca",
"valid_from": "2018-08-10T21:07:38Z",
"valid_until": "2019-08-10T21:07:38Z",
"configurable": false,
"is_ca": false,
"property_reference": null,
"property_type": null,
"product_guid": null,
"location": "credhub",
"variable_path": "/bosh_dns_health_client_tls"
},
{
"issuer": "/CN=opsmgr-bosh-dns-tls-ca",
"valid_from": "2018-08-10T21:07:38Z",
"valid_until": "2019-08-10T21:07:38Z",
"configurable": false,
"is_ca": false,
"property_reference": null,
"property_type": null,
"product_guid": null,
"location": "credhub",
"variable_path": "/dns_api_server_tls"
},
{
"issuer": "/CN=opsmgr-bosh-dns-tls-ca",
"valid_from": "2018-08-10T21:07:38Z",
"valid_until": "2019-08-10T21:07:38Z",
"configurable": false,
"is_ca": false,
"property_reference": null,
"property_type": null,
"product_guid": null,
"location": "credhub",
"variable_path": "/dns_api_client_tls"
},
{
"issuer": "/CN=opsmgr-bosh-dns-tls-ca",
"valid_from": "2018-08-10T21:07:37Z",
"valid_until": "2022-08-09T21:07:37Z",
"configurable": false,
"is_ca": false,
"property_reference": null,
"property_type": null,
"product_guid": null,
"location": "credhub",
"variable_path": "/opsmgr/bosh_dns/tls_ca"
}
]
}
HTTP Request
GET /api/v0/deployed/certificates?expires_within=3m
Query Parameters
The optional query parameter expires_within can handle the following values:
| Unit | Description | Example |
|---|---|---|
| d | days | GET /api/v0/deployed/certificates?expires_within=2d |
| w | weeks | GET /api/v0/deployed/certificates?expires_within=3w |
| m | months | GET /api/v0/deployed/certificates?expires_within=4m |
| y | years | GET /api/v0/deployed/certificates?expires_within=5y |
Diagnostic Report
Viewing the diagnostic report
Retrieve a diagnostic report with general information about the state of your Ops Manager.
curl "https://example.com/api/v0/diagnostic_report" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"versions": {
"installation_schema_version": "2.5",
"metadata_version": "2.5",
"release_version": "2.5.0-build.8",
"javascript_migrations_version": "v1"
},
"generation_time": "2016-04-22T18:06:46Z",
"infrastructure_type": "vsphere",
"director_configuration": {
"bosh_recreate_on_next_deploy": false,
"resurrector_enabled": false,
"blobstore_type": "local",
"max_threads": null,
"database_type": "internal",
"ntp_servers": [],
"hm_pager_duty_enabled": false,
"hm_emailer_enabled": false,
"vm_password_type": "generate"
},
"releases": [
"example-release-14.tgz",
],
"available_stemcells": [
{
"filename": "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
"os": "ubuntu-trusty",
"version": "3215"
},
{
"filename": "bosh-stemcell-1709.20-vsphere-esxi-windows2016-go_agent.tgz",
"os": "windows2016",
"version": "1709.20"
}
],
"product_templates": [
"e08002f028a5.yml"
],
"added_products": {
"deployed": [
{
"name": "p-bosh",
"version": "2.5.0-build.8",
"stemcells": [
{
"filename": "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
"os": "ubuntu-trusty",
"version": "3215"
}
]
},
{
"name": "example-product",
"version": "1.0.0.0-alpha",
"stemcells": [
{
"filename": "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
"os": "ubuntu-trusty",
"version": "3215"
}
]
}
],
"staged": [
{
"name": "p-bosh",
"version": "2.5.0-build.8",
"stemcells": [
{
"filename": "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
"os": "ubuntu-trusty",
"version": "3215"
}
]
},
{
"name": "example-product",
"version": "1.0.0.0-alpha",
"stemcells": [
{
"filename": "bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz",
"os": "ubuntu-trusty",
"version": "3215"
},
{
"filename": "bosh-stemcell-1709.20-vsphere-esxi-windows2016-go_agent.tgz",
"os": "windows2016",
"version": "1709.20"
}
]
}
]
}
}
HTTP Request
GET /api/v0/diagnostic_report
Support Bundle
Downloading the support bundle
Downloads a ZIP file containing various diagnostic files including:
- A diagnostic report of Ops Manager's current state
- The contents of the Ops Manager log directory
- The BOSH logs and install metadata for the last five Apply Changes
- The output of
bosh instances --psandbosh vms --vitalsif BOSH has been deployed - The manifests and runtime configs for each deployed product
curl "https://example.com/api/v0/support_bundle" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 765 0 765 0 0 736 0 --:--:-- 0:00:01 --:--:-- 736
HTTP Request
GET /api/v0/support_bundle
Staged BOSH Director (Advanced)
Fetching a manifest
curl "https://example.com/api/v0/staged/director/manifest" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK
{
"manifest": {
"name": "p-bosh-installation-name",
"releases": [
{
"name": "bosh",
"url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/internal_releases/bosh"
},
{
"name": "bosh-vsphere-cpi",
"url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/internal_releases/cpi"
},
{
"name": "uaa",
"url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/internal_releases/uaa"
}
],
"networks": [
{
"name": "default",
"type": "manual",
"subnets": [
{
"netmask": "255.255.255.0",
"dns": [
"192.168.163.1"
],
"gateway": "192.168.163.2",
"range": "192.168.163.0/24",
"cloud_properties": {
"name": "vsphere-network"
}
}
]
}
],
"disk_pools": [
{
"name": "director_disk_pool",
"disk_size": 51200,
"cloud_properties": {
"type": "thin"
}
}
],
"resource_pools": [
{
"name": "director_resource_pool",
"network": "default",
"stemcell": {
"url": "file:///tmp/FactoryGirl-Tempest::PackageLibrary-FACTORY20160412-125-nf7uex/stemcells/bosh-stemcell-3215-vsphere-esxi-ubuntu-trusty-go_agent.tgz"
},
"cloud_properties": {
"cpu": 2,
"disk": 51200,
"ram": 4096,
"datacenters": [
{
"name": "vsphere-datacenter",
"clusters": [
{
"vsphere-cluster": {
}
}
]
}
]
},
"env": {
"bosh": {
"password": "example-$6$vm-salt-12345687$nWtgnl1OMN2ZYBP4KhIrjuSAKJ968h43goOBQBBkaGX9vJlK2DL5QanzPSppfEogEIF7MzxFHR.6xLKVe1olr."
}
}
}
],
"instance_groups": [
{
"name": "bosh",
"instances": 1,
"templates": [
{
"name": "postgres",
"release": "bosh"
},
{
"name": "nats",
"release": "bosh"
},
{
"name": "director",
"release": "bosh"
},
{
"name": "health_monitor",
"release": "bosh"
},
{
"name": "uaa",
"release": "uaa"
},
{
"name": "vsphere_cpi",
"release": "bosh-vsphere-cpi"
},
{
"name": "blobstore",
"release": "bosh"
}
],
"resource_pool": "director_resource_pool",
"persistent_disk_pool": "director_disk_pool",
"networks": [
{
"name": "default",
"static_ips": [
"192.168.163.3"
],
"default": [
"dns",
"gateway"
]
}
],
"properties": {
"env": {
},
"nats": {
"address": "127.0.0.1",
"user": "nats",
"password": "example-nats-password"
},
"postgres": {
"host": "127.0.0.1",
"user": "postgres",
"password": "example-postgres-password",
"database": "bosh",
"additional_databases": [
"uaa"
],
"adapter": "postgres"
},
"blobstore": {
"address": "192.168.163.3",
"port": 25250,
"provider": "dav",
"director": {
"user": "blobstore",
"password": "example-blobstore-password"
},
"agent": {
"user": "blobstore",
"password": "example-blobstore-password"
}
},
"director": {
"address": "192.168.163.3",
"name": "p-bosh-installation-name",
"cpi_job": "vsphere_cpi",
"user_management": {
"provider": "uaa",
"uaa": {
"url": "https://192.168.163.3:8443",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
}
},
"max_threads": 3,
"db": {
"host": "127.0.0.1",
"user": "postgres",
"password": "example-postgres-password",
"database": "bosh",
"additional_databases": [
"uaa"
],
"adapter": "postgres"
},
"trusted_certs": null,
"ssl": {
"key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
"cert": "-----BEGIN CERTIFICATE-----\nMIIC3zCCAcegAwIBAgIBADANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDESMBAGA1UEAwwJc29tZS1uYW1lMB4XDTEzMDcwOTIy\nMTI1MVoXDTE1MDcwOTIyMTI1MVowMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Bp\ndm90YWwxEjAQBgNVBAMMCXNvbWUtbmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBALny6vikcrf/3Do/Nq2Sh/ji8d8dhACUIOaf+ml2cWuRKuP6TcQC\nohbLBHlbm3l5QqD/lvz1EaSy168SVPIsy34sAcioYv+7oOIAHqS4gCVEb7AQrsKb\nZIFUmp7J9qCmkJtyImvViQUUJrWOSaQi3eCAh8uSHyelBNPdaHnj0k8WufKp6hzK\npAr6Xv8OgFSwjD0+XROiTyRpvsQoTm8/XtdhAFpwjTnqR9gxlXqzDqmBRzWduO/M\nyctwF9gtggUp31USmqo5fVC+nr1wh6a/JlbUETtcRhk8jR/FnAVHLSJC4+FZqhmK\nDcemvIfEJaKCNqhvytRLI01l+0p1pm8cqxUCAwEAATANBgkqhkiG9w0BAQUFAAOC\nAQEAru0hKd5gd1WDS6AUrIa8AYCWUrGHMd5P63FWB0KyUnfIDTX4tegHTF+olOxA\nkrR4IRVgFbu3u0pnURFn2N1Et4pZwvW9PEamwkIGHEpYmASOiUZqvrthx/WpUaeu\n+xQIWa1S140v4wa/27UTakAuR+GnA6StJSIRBEBa7hafqpeLGPugZVWRtY3m/OIF\nLICs2U2X8P86RMUWgdtM9//x3t6O7IJzhrSKRkZDmSWAv6EbS/aTpXOPpJFpJtT8\n0aETgAhauKhyp6CeajL3Nc3FfoIONK427VbfIGKJ1Qw7OwTA4N0VPpETiGN7KrfD\nU4mSCEKQ0cIypQAm9rkPboHfwg==\n-----END CERTIFICATE-----\n"
}
},
"hm": {
"director_account": {
"ca_cert": "-----BEGIN CERTIFICATE-----\nMIIC+zCCAeOgAwIBAgIBADANBgkqhkiG9w0BAQUFADAfMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDAeFw0xNjA0MTExNTE0NTJaFw0yMDA0MTIxNTE0NTJa\nMB8xCzAJBgNVBAYTAlVTMRAwDgYDVQQKDAdQaXZvdGFsMIIBIjANBgkqhkiG9w0B\nAQEFAAOCAQ8AMIIBCgKCAQEAqhDlqG9QlQB4jYA/gt4ed8kjLV4yW1RbUJzBazql\nmia5Y5en5X4Agb52pZ7gHQIvzbdXKlE+eWs1WtlcfoooUb7CNmFAQjwHRjQTNyzK\nwbPQLQpGQO4nmsLFq/lu2yn6HA7rTYuAGu94JkL1wuUWZMxqmi5huwRJLrV7c4Nh\nqBQL+0nuRdLtzEZrVefXiGKNaDy9+eZNzJJH9fT8sLniO4byM1ndSH+7tqAMpCac\n5RIjQkeYk00e2RtCmW76o9d/YLB2G2EeutOzDEIZgVMBHpL5WwMt/zo5WHT4Lnj0\nGvK9FZ9cNNOZy7/sOWDgv4NtyqDpT7h5hf/JR/fYBhvBvwIDAQABo0IwQDAdBgNV\nHQ4EFgQUJUWOCmGz0acVHqye2ceBjqlX/64wDwYDVR0TAQH/BAUwAwEB/zAOBgNV\nHQ8BAf8EBAMCAQYwDQYJKoZIhvcNAQEFBQADggEBAD48E5CPJf5ihmNiFvHVypz5\nPvZn6QFMRaMjOTUvtOrd/V9jp6t8L8NxQOvTVoCab2247iQVxjjn9iStZgW1Umon\n4tYLkBlH6AV3mLrwJ1yTyuTC8CDUm4tGCcBYp1D2MOV/HhQjF4kQft9PA6fdOKeu\nWCpccLdedQlX/FK3lknw7lJ99DNV3MjFHlP7e0m2On/ArdpqdJNxii3PRYOR6d7x\nhYvX1EPUxBj+rGG4tBl5kdr0gs1bogGsnDaoIqXspCWX4xOPA/qGcNmDaA28hcr/\nzqYTHB1LdZyFRdjlc3SJHxmV3rGoa2mL9taMryvBpS0r+yZXjKIe/Sp/eCEhfLo=\n-----END CERTIFICATE-----\n",
"user": "health_monitor",
"password": "example-health_monitor"
},
"resurrector_enabled": false,
"pagerduty_enabled": false,
"pagerduty": {
"service_key": null,
"http_proxy": null
},
"email_notifications": false,
"email_recipients": [
],
"smtp": {
"from": null,
"host": null,
"port": 25,
"domain": null,
"tls": false,
"user": null,
"password": null
}
},
"agent": {
"mbus": "nats://nats:example-nats-password@192.168.163.3:4222"
},
"ntp": [
"us.pool.ntp.org"
],
"login": {
"protocol": "https",
"branding": {
"company_name": "Pivotal",
"product_logo": "iVBORw0KGgoAAAANSUhEUgAAAfwAAAB0CAYAAABgxoASAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAEpBJREFUeNrsnd1RG80ShsenfG+dCCxHYDkClggQESAiAKp0wxVwpRuqgAgQERgiYInAIgLri+DTyeCoNbNGBokfTc/OzO7zVAnwD6vd1my/3T2zPZ/MJoyG9/OvhUmP2fw1Wfr50f1cLv58fD4xOaJl7+PzTwYAAFrpoz83zOydZ0bvu+8n7kMxLiCYuGCgzDYIAAAAaLHgv4eee1WR2cxVAO5cADBlWAAAAILfPDquEtB3AYBk/Dfz13gu/jPMAwAATeA/mGBlBeBi/vp3Lv7X81eBSQAAAMFvNoP5636xIAPhBwAABL/xFE74f85fXcwBAAAIfrORef7fc9E/xRQAAIDgN5+Tuej/ItsHAAAEv/nI4j4R/R6mAAAABL/ZdJzoDzAFAACkDM/h63C96OJ3fD7GFAAN5elJHfn+xdgqnwT9R/N7v8RAgOC3S/SlX/8tpgDIUtA7TsS77vXdCXol7AAIPvwl+lP68wNkIfCD+de9JVEHaDTM4evScaJPNgCQPiL2BWIPCD5sijiPE8wAAAAIfvM5pBUvAACkRApz+DLffbTB7z0X1GrVrJDCnJxk+aXKkY7PtxmqAACQu+DPNnyk5e3fsZ3wui44+O6+1zW/XiyyfB7XAQAABD8wx+fT+dfpX8GB7Ywni3UGNYi/XpYPAADgQfvm8OWRueNzaZTx3/mf9l1AEDLLZwUwAAAg+JHFfzx/fZv/dBbwXQ4YZgAAgOCnIfyn86+yMG4W4Oh9DAwAAAh+OqJfBhL9DmV9AABA8NMSfXlEcJcsHwAAEPx2ZPrac/pbGBYAABD89Lg0uqV9SvoAAIDgJ5jli9hfKR6x45oAAQAARIHtcdczNrqb4IjgTzErADSWv7ubLrc7N+ZlO/SKcsXfPSz9LGurZi4ZKzEygh8iy5/OB+/E6JXje2bTrnuj4YXKeXy0J799uuAigHX3XRfE3J3bT+PfrfHILRZNyVn3lq5r3foTccCPzxzyxFXH2sbF3HZ1XrdtHpbGmOk5Id8ym7cuL975d/J+5sWYM+Z/f/5MQIDge1AqCr6PMPReiY5D0gn0vvLUwmXmYt8z/k9fzKKKvd3RsXLWvQ3GaH/FMafO+T4s7p9UgpmwtGuNjg0MD9zn341s82JFQDB1rwf3fdKScYjge/IPJgjCTvaCr/Oo5W3NjrrjznvHhHtUtKoS9N17ztx13s2d7i1DP2uhF3E9iZR8bDIGi2eBQPksGG1dNQrBfx3NqPAr5vxDsRCfvG+4HYVj3NWYkZ04Ee7UbCd5v8HiZbP/m0Ww187SP0If2+/Y16G7LglAr9o0DcAq/XqjTtDNkGM5QPksfcu4s+AZrzjq0fB+/tNvU8/ukO+5B0Q4/p2f1zVPrmQwzu34uW+A2K/zQfcuoEHwARLPkHMOVsKJvXXUPxN31INFIDIanrqpBkhL7CUL/tVQoV+V+SP4AGT4K9lTOEaYcr4IqM3oc7HviRN+2k+nIfQdFyzK0zkEYgg+gJpz6Wd4zuIE0yvny1MDo+Evo9s7oi7Epj8XQkO2H3Nsy7i+N+z9geADBCDHsn565fzRcOAcde6Ph4ltf7G7ZFSxx/YIPijAc6BhxDPHIOVG0VGfzr9em+aUX7vGLqQiy6xf7KmuIPitRjPa/R/mfEEnq2zu6Tl2H6ZqjwHJSvc8S/hvjwtb4h9wiwQf013EHsGHJ8cDYdnL6FzTKedbsW+6IF4j+sEDWI320IDgNwLNfexpNBJORHMaD/7l/HaIPaJfh22Zs28VdNp7nULxWPnN4dvS86c3xOdfzwyhuyjr59HrWqOc73edVvzaJoAXi42s6Ieumd0f1hRsVxvcVLvflSv+z7p9HL6avxuWFXxwCH6oG0L7Zpg21FK3CgJUJB8Q2fHQUbCVzzkULiurg9I87UQ2W/p8lh9L/O5+7gY+l2pO/0eiLXm3s2rP+tRqORTi667M+zdPKj94/tWYOyAIQPC10J1bbsJ2sKu5UxB8sXXqm+nEXZ1v51tDiv3UPG1y85YDvl0hINWmPKEccNdd/y6uyZtQTXVE3M+Ct4y2QcRkaWteQPC9I2DNDL9srK3k5rY7ovlt/ys2Tzsoil3Ovw6USZfGbiBy6zEGpi5gu1zKHgdBPgOptLDrno9vK4x+KX/mhP4SA6cNi/bWO1dNHhpuLw0HnG6kbp1kvHJ+OCe9O3fS26oCKuJ/fL4//+lHoED3mm58XmiX8iWI3UbsEfxcI+BBAPEpG241jb7wKXfdi91sRzsAFYH/FjRTlmqGBBPGHCkfuWOa2XugrsBV07dVYs9iSgQ/yxtC5oQu1DOppu+3bIXDdzFVP+HMLV453wagXcVrGc/PZbe2xW8289s2uo+lHrK17kYcBBB7HjdG8LMV+xAdp9oy36hxnf1Ex0U3om00s9kzV26vOyAsA4g+Wf7HxnFX8f6aIvYIfs43Q7X3c4gM86YlVtQo628leF170caAbnYvmf1pNCvaCse24hH7zOVHC6Z3EXsEP8+odzSUrP4i0DtMG1/Of3LoOmX99CgUxsCmc5xaj4ZOomT2q0Vfa05fxH6AC699LJ0xZ4/g5yb0Pdee9LcJuzr8rGWW9S3rd5LaJc2WQXtRbGLfW2ts7idjUzunrzXNdWCgrnFsg9f0+2XAK3xu0aAX57njsshuDe8omd24ZeNJownPlkln3YNG8HET8b1TzciOXDDjW5LPqS1z7uO4GkuU8hH8WoV7sBRtrncE9lX1Yi4inOlR60aTThOefkK28y2Dxi7nz5LMyORZ/dFQWq9qLLyT8YLgvx1E+4+l9iUwCH4iTrhI/BxvW9wNzLe3fhpZW9xyfsfolGCvEs7IJBA5UMjytwy8hcZYQuwbAKv09REHu9/i69dYrb+XwHVoBJU3Ed87bSdtA5Fmd2hMARu4dlWCR0Dw4QXtfmRFZ7V+Ck7ct7ueTzlfI2udZLBhk46I2PU5sBoNsZ82ePMvBB82Zr81j+G9jm/m1ovaSc2W1PsRbaBRgk2//4MNiDSEpMctFzR4ZrMiBB+eMWZRyx80yvoxH8+LuTpfS8ByCTw1xOQrt9xavigc4xEzIvjwxFkSjU3Sydw0yvoxN9OJWc4XOgqfQS4r1zXEhAw/rG14CgLBB8d+1Jal6TL2/P0iYuvUIlrWqjMfXWY0TjTEhBa7YQN4BB/Bbz1TI3t+U8Zfh8Yccv1lfdvpr5PAtfuQz6JRHTEhw19PV8HPAYLf+uz1B5Hvm47c11nEKOvHLudrkNucK93bEHyogc+Y4EPYzT9Yif9epLR9mFWGH3d1voaDzvW+KrhdAMjwU0CiXJmr/4HYfwj/0nadm+mkUc7vMmwAAMGvHxF3aaTzjbn6DcivrO/b8GbKNA8ApAol/ZdMXJZ2S3cpFTTK+nU98hi7nA8AgOAHZOYy+bvFd0RemxtPwe8sHlULPZUiG/b4l9Nv+LgBAMFPg9IJ/KPL5CcIfGCkxD0aTj3FdMeEf7Y85la4AAAI/pos6uEdWftkSXRKPuqoaJT1jwKfI+V8AEDwE8sYx3xsWQZpPoLfXZTcQ2XQOluIUs4HgKRhlT7UEaRprNYvEs7uKecDAIIP4PAtee8FPLe9yNcGAIDgQ2PwLXn3XOldF3vMXuRrAwBA8KEh6JT1Q3Tdo5wPAAg+gDK+pe+tAOe0FfmaAAAQfGgcvqXvvhkN9fY+t8fqR74mAAAEHxpGemV9yvkAgOADJJrla5b1fTfmoZwPqVN6/n4PEyL4AJsyTiLDT7ecT8UAUqKDCRB8gM2wexf4iFrH7VvvS+H5+6HK+bMWjoqCGyMY/uNJNq8CBB8gUma8o3AOTS7nbzHEwPGocAzK+gg+QDSx1Mg4Ul2dr5Hh51OG1ckeS26ptUwJIAHBh3j4l/W7bv/6TUWm7ymKk2Cr83WOm1NG1uWGSF7wC8yI4APEzJB9+t/vRD738Fl+PvOuGtkjCx3XB5ClwlG01s0Agg8tJWZZv4h87nUI2E4m40BDSB65nYKPpz3MiOADbJp5TD0d0Wab6dipgK7H+07cuYfkIREhDYv/1AoZ/vsoVcZTiM2rAMGH1uDfarf+TKWOVroaAtbNoKyvU4Wg22EdAaRwgikRfIBN8S2NbyLe/cjnXFdGJhwknN1LtjhIYAw1n+NzLRsNvBbLAoIPrXZEU+Nf1n9/STiPcr7YZWb0yrCpOmitbPGBG6nWwOgCUyL4AJtSZ1m/iHyuH+GusQ7aBiEDpaOR4dc7nor553eKORF8gBgO+yPzwHuRzzXGe4mDPkzsM79WOk5ZS8WlCRyfj41e2+YTHtND8AE2cUTisH3K+v13lfXtnLFPeXtSq7jY99IS/ZNkSvuj4YXRawx0k8gozqWz4ZVq0MZ8PoIPEMFxF+8KDPITFy0H3XEOOq4wjYaD+VetasPMZa0pkIvwadpLxtI9mT6CD/BR6ijr51TOr7L80ui0Rq1E6T6a6Fuxv1Y8okYwpFXizqPJka0aaYv+T+b0EXyAjzoiv7L+62LTMTmV8//mTDkTva+9gYpdQ6Ap9iLUlwrHeVSzaz6tjI+M/hbMMmX0i210EXyA9+JTMn+r13eO5fwqGJKMrFQW/V+1lGIl0BoNfxr9JwWu3KOLqWT4xqQwZfK+8TQzunP5z4PJe4QfwQd4i5Bl/Z3I56aRlWlSlWJ/Bsv2bQn/t9Fv8Tudi9ap0rE0O/R1F9drrzt10T814doRF074fy8WaEpgmUMg1BI+YwJIxAlN547h1kMgpAvY0YvMzwqaj+hMoj/6Ja1jR0MpYWs/Xtc39ikHqSKcqVynFbwTE27b233FY2mLXrU4Uq6/nL/+MS+rM7NEWgGLHX8FPH7XjddDNy6Meb1SVbix/gln+KH7Tewm65N67jVz41r6Loyf+0MEH1LizlOcZZ54d+lm6Bj/ueNUHv06c04xxIrwgQuYJu56y3eLkrWxnNeO++xCZnOXStu9VoHUzF2ztk275qmx0MkKm/keXz6fbYUgUipHdTZmKnBxakLfcZ/dwIl86fznF2dn+beD+f/bX75nEHxIiVtPge4vSolWtL44AeoqnFMKFZDZ4uaVcmk4Ue39Eb+/M7Ln7Wu/Ort2A2byL7Px4/OjAMe9Mfk8Vqc9pi7nn/N3o9f1EOrj3o3bMxcIz1Zk/hfGTq/sVvspMIcPKTmgmYLAdl1WdaggRpOkOrnZrPuoxncs3Ovk2Wvg/r4usZdxsR3o2Lctv+f2je6iUAif3Z86sd936zFO3GLJ6nXosvptY8v7fxaUIviQGncJnctVctaxq/b3WzQerNjrrMpfZc+poR//rgm3iA90xb7jgu7xUuOpqkIllbipCwAu3D0jvqLjEiAEH5IUtFkCZ6JRbQhpo8sWjIZK7EOL0VXL77mqgkKmnz79NWP2YZHt24rN1Z8gwN474sd2EHxIlaskziFUVqnjpKW0f9TgMVCX2FcdDS9bfcfJWLcLAce4n6TpLgn5Or4/+/NjFQAg+JAil5GzfK1ObqGdtJxjE8v709rE/glZ/ERZ22aIRwZSZtU43XPz97JouViXNCH4kGa2ETfLTzu7/9tWkpH9MGlMg2hQLq6n7mfVn+Y7Z9x/i0DyBwFQsvTWBMkyh98x9rHNWwQfcnI6p5EczkSxk1tdthI7fTP5Lz47WpSVYwVb1o7biL6zxfG5iP4Z9kgwu3/ZGvvB+S0JWvvP2hvvVL+H4EPK1J1xVVlejg5a5mBltfVuhg66yuovE7BjFTyV3H5/Au9vCH8yn8et+xwOXvl3GbvXbi+LwlUErhB8yCFzrVOAdxNpe+rrEHJx0FNjnyXeTsruTwvY9o3e9sQ5j6nZM+HHJnGxXTdHw6pJmay5GP/lx+zYFaH/aWzVcozgQy4CVofo76u2bU3DQUtJNvYCyNeE/tvSs8Qp2nG8OEc7/pjPrsaVtcmuExmy/vo/h0tn+8FioZ79u+dBWCX2Ztl/0loXchjgY9fzXAZwN4D45J/Zr7bbdBH9j4ZnxnbHqzbZiIUEbzfrFhQlPf7EwY6GPfO0b4D83GnxPXnrPs99ZxeZU95qvV3qs7/YXR63kyY8st311DxVXgr3vXSB9dRX8DWdI5EzNnrPAJfNPn6Yp7a5GkikfJbNinyfzMxe66Vzznsm3EY8q0T+bvE9dzvboHBiqkc27U6M3SUH+6Umm04StYtxduk4O3SXAvTvbwQCMjYeNwjWS6WgP7/PxO6FMHbB/PclW5+5++3FObEVIeSHdbRVxtrd4Oa+MbY15bTldqx2uqsyM9/sbOoc36OxjwaVDFaAdEDwoQniX4nV1xUBgIjQP3+ygbaL/PtsWmWsbwUAE5eZzRo5JQLQMP4vwACUccZIO2xLfwAAAABJRU5ErkJggg==",
"square_logo": "iVBORw0KGgoAAAANSUhEUgAAAGwAAABsCAYAAACPZlfNAAAAAXNSR0IArs4c6QAABYtJREFUeAHtnVtsFFUYx7/d3ruWotUKVIkNaCw02YgJGBRTMd4CokUejD4QH4gxQcIDeHnBmPjkhSghUYLGe3ywPtAHNCo0QgkWwi2tXG2V1kIpLXTbLt1tS9dzlmzSJssZhv32zDk7/2km2znn7Pd9+/vt2Z2dmW0D9Obat4gCiwiLBQQSLflSViAQeN6Can1fYiJBFPQ9BcsAQBiEWUbAsnIxwyDMMgKWlYsZBmGWEbCsXMwwCLOMgGXlYoZBmGUELCsXMwzCLCNgWbmYYRBmGQHLysUMgzDLCFhWLmYYhFlGwLJyMcMgzDIClpWLGQZhlhGwrFzMMAizjIBl5WKGQZhlBCwrV1xbb96y59V1VFJQmLawQNrWa43x8XEaHo1fW+Oj1H8lSqf6eulEbw+dvNhLvcNDinvb0WWksAdm3UWhwiJ2gt2RAWo80UY7jrdSU8cZGrt6lT1HtgMaKSxbD7qqfDq99tAjyTUSG6FP9v1BH+3dTUPxeLZSssf17U5HeXEJbXr8aerY+A6tf7iOxFeu2OFmI6BvhaVgVoRCtHl5PTW8/AoV5xekmo299b2wlJn6+WFqWrOWKkpDqSYjbyFskpZFs++hL1e9NKnFvF+t3OmQOwzdkcgUmnnBABXm5Ys1j8qKisVadFPvS8tramn1goX09eEDU+KbsmGlsMbjbbT6x++UDOVORGXoFppXOYMerLqbVsyrpcWzqykYdH5R+fjZlcnd/8sjV5Q5vOh0rt6LqhhyJsQ3uC+ID8ry89aHYtf90W1bKLzlffr19EnH6HIP8oXasOM4LwbkrLB0MP+6cJ6e+eoz+vTP5nTdU9peDC+Ysm3Khq+ESehy5r3e2ECHu7uUDuqq59Id4iXVtMV3wqSACSHt3V2/KF3I97qayjuVY7zo9KUwCfq3M6coNjamZD6zrFzZ70Wnb4XFxseoK3JZyXzWtGnKfi86fStMwu6LRpXMZ5RBmBKQ7k75XqZa8gLmPZ/Nq0hFkLnvttJSZUT5Oc60xbfC5CGs6lsrlD56hgaV/V50+lbYkuo5VFygPp3SMwxhXjwp0+bcsGRp2vZU48TEBB09153aNObWlzNMHo1/6r4apYTmsx10MTqsHONFp5VH6zMBtWbhYtq6YpVjiJ/ajjmO8WKAL4QFxamWZffPT1678dicex05D4jTKj8cO+Q4zosBOSXs7bonktci5ovjgPIUye3ieo3wzKrk+TC5faPLGz83On6ovtFY3ONySth7Ty67qbPMk6Hu+edv+vzg/slNRv3uy52O6xk40HWW6r/94nrdRrTn1AzLhOju9tP03DfbKTo6mkmYrN/X98L6xQHgTb/vpG0t+5LnybJOPMMEvhXWOXCJvj9yiD7Yu4sGRkYyxKjv7r4RJi+Na+05Rwf/66SG1qO0v/NffZQZM+WUsI07d1BC/MTE144GYzHxJYcYDYq1vb/f8WQlI9OshsopYZubm7IKy4Tg2K03wYKLGiDMBSwThkKYCRZc1ABhLmCZMBTCTLDgogYIcwHLhKEQZoIFFzVAmAtYJgyFMBMsuKgBwlzAMmEohJlgwUUNEOYClglDIcwECy5qgDAXsEwYCmEmWHBRA4S5gGXCUAgzwYKLGow84yyvuyhR/GW19kt9Lh5ibg01UtjS7VtzizLjo8FLIiNMHaEgTAdlxhwQxghTRygI00GZMQeEMcLUEQrCdFBmzAFhjDB1hIIwHZQZc0AYI0wdoSBMB2XGHBDGCFNHKAjTQZkxB4QxwtQRCsJ0UGbMAWGMMHWEgjAdlBlzQBgjTB2hIEwHZcYcEMYIU0coCNNBmTEHhDHC1BEKwnRQZswBYYwwdYSCMB2UGXNAGCNMHaEgTAdlxhziUu1Ei8M/+WFMh1CZEUi0/A+j7hNSB5Wo2wAAAABJRU5ErkJggg==",
"footer_legal_text": "©#{Date.today.year} Pivotal Software, Inc. All Rights Reserved",
"footer_links": null
},
"saml": {
}
},
"uaa": {
"admin": {
"client_secret": "example-blank-password"
},
"disableInternalAuth": false,
"sslCertificate": "-----BEGIN CERTIFICATE-----\nMIIC3zCCAcegAwIBAgIBADANBgkqhkiG9w0BAQUFADAzMQswCQYDVQQGEwJVUzEQ\nMA4GA1UECgwHUGl2b3RhbDESMBAGA1UEAwwJc29tZS1uYW1lMB4XDTEzMDcwOTIy\nMTI1MVoXDTE1MDcwOTIyMTI1MVowMzELMAkGA1UEBhMCVVMxEDAOBgNVBAoMB1Bp\ndm90YWwxEjAQBgNVBAMMCXNvbWUtbmFtZTCCASIwDQYJKoZIhvcNAQEBBQADggEP\nADCCAQoCggEBALny6vikcrf/3Do/Nq2Sh/ji8d8dhACUIOaf+ml2cWuRKuP6TcQC\nohbLBHlbm3l5QqD/lvz1EaSy168SVPIsy34sAcioYv+7oOIAHqS4gCVEb7AQrsKb\nZIFUmp7J9qCmkJtyImvViQUUJrWOSaQi3eCAh8uSHyelBNPdaHnj0k8WufKp6hzK\npAr6Xv8OgFSwjD0+XROiTyRpvsQoTm8/XtdhAFpwjTnqR9gxlXqzDqmBRzWduO/M\nyctwF9gtggUp31USmqo5fVC+nr1wh6a/JlbUETtcRhk8jR/FnAVHLSJC4+FZqhmK\nDcemvIfEJaKCNqhvytRLI01l+0p1pm8cqxUCAwEAATANBgkqhkiG9w0BAQUFAAOC\nAQEAru0hKd5gd1WDS6AUrIa8AYCWUrGHMd5P63FWB0KyUnfIDTX4tegHTF+olOxA\nkrR4IRVgFbu3u0pnURFn2N1Et4pZwvW9PEamwkIGHEpYmASOiUZqvrthx/WpUaeu\n+xQIWa1S140v4wa/27UTakAuR+GnA6StJSIRBEBa7hafqpeLGPugZVWRtY3m/OIF\nLICs2U2X8P86RMUWgdtM9//x3t6O7IJzhrSKRkZDmSWAv6EbS/aTpXOPpJFpJtT8\n0aETgAhauKhyp6CeajL3Nc3FfoIONK427VbfIGKJ1Qw7OwTA4N0VPpETiGN7KrfD\nU4mSCEKQ0cIypQAm9rkPboHfwg==\n-----END CERTIFICATE-----\n",
"sslPrivateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
"require_https": false,
"url": "https://192.168.163.3:8443",
"jwt": {
"signing_key": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqLM8nKKL6NcKHCk4/jgcaSFbz6APw7pbLTHb8nqezmTCs/R0\nspsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0FJMlw+o/Iq/+JHDnnH00rOjlBg62y\n5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEMykyR5ag1CfiVjwexOH1NgDUmw8pZ\n1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj/IM8R2mAUNOz8vSmcCOWb/BLxjcj\ng5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHAxskUCNDM3taBLQ+fIF3u+LZDeGdi\ny0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9PgwIDAQABAoIBAQCKoRea49wzD5sI\nPzvNdJCsN7R5rt+liNtqDUHgRbGAi76QIL9REi/d5HYE20ES9eNY5+5fclMKvhdc\n5O/izCag70R/Mm7GIKwsXMy3pTNzmh9jNPcA2Q2lxdNMkitW/0JbYfdYrB5fSg2Z\nkRhUIVXQXBG8dnh3ZCaKrdiNQjLQugcWdkwREhe4gObftBFppbERSUVPVplHwt2t\nsCcsrc6O5KkIvdU1wFzGr1bWZ0mOrw8dL9kopbA1q+lSF4dHjeBLxLrV9bY4dpBl\nsKf4EG048KHJgM80Cco4AwVBjTQDkY/0OHteTLjLh0Z9HelpEX1yBH7sBuDRCHpO\nHiIGuupZAoGBANZDCy7Ehz2AFSew94bHNaKGeUSthzVS76PxAgOod2c3sh4vEmYC\n//OtDZLu3W/xfJnqJC2qEb+vRexDkSwytNNxVHC5w7MW10pTUI51w5FB62s7okqG\n+9i6MbPMk9mT42/AlsXASs5PIK/EkQkm1hbJfzVx0QMIX804gr8crslPAoGBAMmQ\nFtgYYU1HRT8a1OP6jpwxorZ+FQVLtRmvegKBr1ybC/nODs/KQI5ol9oPYlucGLuP\ndkYQEpJjaCItm2a4OsuHfK61VEIchOTrv/oxNcmY7SSRXshKrqTib2w5sfnR4WYW\nx0F47MnUXs8sl1CX5iSKoZJhXWLSeexxD7VaNOGNAoGBAJeEV78d2WljTxJ/cbuM\n2l/xaoZnlErgOHkdsMf3dWC3oSz5KrCbBHdEdGnoow1Ln0qUqjrknqKIBxF6AopX\n3Un9RbJlm3/k8iAsZLYpj0AEdr+hLzY22Jg9q3IzhIaDr31SmwyC3COjD0Fc5xeq\nsBDzMxMPRrg3TtAoW0Vcujm/AoGARRVLnxkMEG6C/1P074Zq5oHkoOOp1LzT/0+z\nY7SLJBRIEIBddz58zdJvaV+oeHmRyIctJGpR0zaa9EvpXVV7YVK4mzCvBlG8ArIC\nhH/lTYlKjiP89m0SWpT5V4CWzWbv+AuKk5gcoDhXnm5MFmVZjeCt6/vPBBXbj/xY\nQ/H8+ekCgYB36iuoWdihQDPb0wP3iUCs3/nfZjX7huVCon1MMXXvyKZS7lvgkUp2\nrhyV2A/QcaxW9f/hFyAgzj/e16de8ypy/CoSsRkBdIsZlRs9SUw3mX9a7SBMC9Le\nLU1aPXAqPdcBNIlBFEgLt6A18ZYD3wwdH6F+Mqocge8WljnTBVrt+g==\n-----END RSA PRIVATE KEY-----\n",
"verification_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqLM8nKKL6NcKHCk4/jgc\naSFbz6APw7pbLTHb8nqezmTCs/R0spsXoUrwRuPrtBwwkzjc3SfGX6Lq2MouBa0F\nJMlw+o/Iq/+JHDnnH00rOjlBg62y5bL6ABBlKn0yh9HqnL5cwOArtd3J2xP87PEM\nykyR5ag1CfiVjwexOH1NgDUmw8pZ1kwILwtWmpDxFIB32fhaCMCcSXOvyFZJDOhj\n/IM8R2mAUNOz8vSmcCOWb/BLxjcjg5qsNLTBCnDOtmMC+EBX6eODZJ6g3aa5UnHA\nxskUCNDM3taBLQ+fIF3u+LZDeGdiy0Jv/xsEMHsgN9IiMwKWBSsLwHSnMDeaFT9P\ngwIDAQAB\n-----END PUBLIC KEY-----\n"
},
"user": {
"authorities": [
"openid",
"scim.me",
"password.write",
"uaa.user",
"profile",
"roles",
"user_attributes",
"bosh.admin",
"bosh.read",
"bosh.*.admin",
"bosh.*.read",
"clients.admin"
]
},
"clients": {
"bosh_cli": {
"authorized-grant-types": "password,refresh_token",
"override": true,
"scope": "openid,bosh.admin,bosh.read,bosh.*.admin,bosh.*.read",
"authorities": "uaa.none",
"refresh-token-validity": 86400,
"access-token-validity": 600,
"secret": "",
"allowedproviders": null
},
"ops_manager": {
"authorized-grant-types": "client_credentials",
"override": true,
"scope": "",
"authorities": "bosh.admin",
"refresh-token-validity": 86400,
"access-token-validity": 600,
"secret": "example-blank-password"
},
"login": {
"authorized-grant-types": "password,authorization_code",
"autoapprove": true,
"override": true,
"scope": "bosh.admin,scim.write,scim.read,clients.admin",
"authorities": "",
"refresh-token-validity": 86400,
"access-token-validity": 600,
"secret": "example-uaa-login-client-password"
}
},
"scim": {
"users": [
"director|example-director-password|bosh.admin",
"admin|example-blank-password|bosh.admin,scim.write,scim.read,clients.admin"
]
}
},
"uaadb": {
"address": "127.0.0.1",
"db_scheme": "postgresql",
"port": 5432,
"databases": [
{
"name": "uaa",
"tag": "uaa"
}
],
"roles": [
{
"name": "postgres",
"password": "example-postgres-password",
"tag": "admin"
}
]
},
"vcenter": {
"address": "192.168.163.131",
"user": "user",
"password": "example-password",
"datacenters": [
{
"name": "vsphere-datacenter",
"vm_folder": "pivotal_cf_vms_test-installation-guid",
"template_folder": "pivotal_cf_templates_test-installation-guid",
"disk_path": "pivotal_cf_disk_test-installation-guid",
"allow_mixed_datastores": true,
"datastore_pattern": "^(vsphere\\-datastore)$",
"persistent_datastore_pattern": "^(vsphere\\-datastore)$",
"clusters": [
{
"vsphere-cluster": {
}
}
]
}
]
}
}
}
],
"cloud_provider": {
"template": {
"name": "vsphere_cpi",
"release": "bosh-vsphere-cpi"
},
"mbus": "https://vcap:example-agent-password@192.168.163.3:6868",
"properties": {
"agent": {
"mbus": "https://vcap:example-agent-password@0.0.0.0:6868"
},
"blobstore": {
"provider": "local",
"path": "/var/vcap/micro_bosh/data/cache"
},
"ntp": [
"us.pool.ntp.org"
],
"vcenter": {
"address": "192.168.163.131",
"user": "user",
"password": "example-password",
"datacenters": [
{
"name": "vsphere-datacenter",
"vm_folder": "pivotal_cf_vms_test-installation-guid",
"template_folder": "pivotal_cf_templates_test-installation-guid",
"disk_path": "pivotal_cf_disk_test-installation-guid",
"allow_mixed_datastores": true,
"datastore_pattern": "^(vsphere\\-datastore)$",
"persistent_datastore_pattern": "^(vsphere\\-datastore)$",
"clusters": [
{
"vsphere-cluster": {
}
}
]
}
]
},
"env": {
}
}
}
}
}
HTTP Request
GET /api/v0/staged/director/manifest
Allows you to generate a BOSH director manifest.
Fetching a cloud config
curl "https://example.com/api/v0/staged/cloud_config" \
-X GET \
-H "Authorization: Bearer UAA_ACCESS_TOKEN"
Example Response
HTTP/1.1 200 OK