Pivotal Operations Manager v2.7 Release Notes
Pivotal Platform is certified by the Cloud Foundry Foundation for 2019.
The Upgrading Pivotal Platform topic contains instructions for upgrading to Pivotal Operations Manager v2.7.
- [Feature] Improves Nginx security configuration. Nginx now uses a more secure cipher suite and updates OpenSSL DH parameters to prevent fingerprinting.
- [Feature] External DB password is not frozen after a successful deploy
- [Feature] Begins consuming credhub-release from the Pivotal CredHub LTS repo to ensure users will be able to consume patches
- [Bug Fix] Root CA certificate is only written to disk when it has changed
- [Bug Fix] Add AWS AMI IDs for eu-west-3 and eu-north-1 to the PDFs on Pivotal Network
- [Bug Fix] Tomcat logs from the UAA process are readable by the syslog user
- [Bug Fix] When an operator exports a runtime config only tile from Ops Manager 2.6 on AWS, they can successfully import their installation.zip into Ops Manager 2.7. Previously there was a 5th generation AWS instance schema migration failure.
- [Bug Fix] Submitting a form with multiple unselected selector properties does not raise a 500 error
- [Bug Fix] Resolves an issue in which Ops Manager hangs during Apply Changes
- [Bug Fix] Ops Manager API shows deployed certificates when only the BOSH Director has been deployed
Ops Manager v2.7.1 uses the following component versions:
|BBR CLI||1.5.2||* Components marked with an asterisk have been updated.|
Ops Manager v2.7.0 uses the following component versions:
|BBR CLI||1.5.2*||* Components marked with an asterisk have been updated.|
Ops Manager v2.7 includes the following major features:
Ops Manager v2.7 introduces a redesigned Resource Config pane. The new Resource Config pane appears in every Ops Manager product tile, including the BOSH Director.
In the redesigned Resource Config pane, you can expand the row that contains each job to reveal additional configuration options. The additional options that you can configure depend on your IaaS. For example, if you use vSphere, you can configure NSX-T or NSX-V settings within each job row.
The new Ops Manager Resource Config pane also has improved error handling. When there is an error, Ops Manager displays both a banner and an error message next to the field that contains the error. When a value you enter violates the constraints of a job, Ops Manager highlights the corresponding Instances, VM Type, and Persistent Disk Type fields and displays an error message about the violation.
For more information, see the Resource Config section of the BOSH Director configuration topic for your IaaS:
- Configuring BOSH Director on AWS
- Configuring BOSH Director on AWS Using Terraform
- Configuring BOSH Director on Azure Manually
- Configuring BOSH Director on Azure Using Terraform
- Configuring BOSH Director on GCP Manually
- Configuring BOSH Director on GCP Using Terraform
- Configuring BOSH Director on OpenStack
- Configuring BOSH Director on vSphere
string type form fields in tiles, Ops Manager supports a
constraints.must_be_cron_schedule attribute that verifies whether the input is a valid
cron expression. Tiles can use this attribute for fields that schedule backups, for example. For information about the
string blueprint type, see string.
When you reset the value of a certificate in an Ops Manager tile, Ops Manager sanitizes the certificate for carriage returns and line feeds. This prevents BOSH from interpreting the certificate you reset as a new certificate and recreating VMs. You do not need to manually remove newline characters such as
Calling the Ops Manager API
deployed/certificates endpoint returns listings for the root certificate authority (CA), NATS CA, and certificates that Ops Manager stores in CredHub, in addition to leaf-level certificates that Ops Manager stores directly.
For more information, see List all RSA Certificates.
You can download a Platform Information Bundle as a ZIP file from the Ops Manager UI or API. The bundle includes Ops Manager logs, deployed manifests and configurations, and BOSH deployment diagnostics.
The contents of the bundle help Pivotal Support more quickly address any issues in your deployment.
To download the ZIP file from the UI, click Support in the footer of any page in the Ops Manager UI.
To download the ZIP file from the Ops Manager API, use the
/api/v0/support_bundle endpoint. For more information, see Support Bundle in the Ops Manager API documentation.
Syslog output includes BOSH Director access events when syslog is enabled in Ops Manager.
BOSH Director access events correspond to the execution of BOSH CLI commands. The addition of these events allows you to audit BOSH Director access and activity for security monitoring purposes.
The Ops Manager
audit_log.txt file includes request parameters. This provides additional information about requests made in the Ops Manager UI, such as the timestamp of the request and the username that made the request.
These request parameters improve Ops Manager logs for auditing user activity.
To access the
audit_log.txt file, SSH into the Ops Manager VM and navigate to
For more information about the types of user activity that you can audit in the Ops Manager logs, see Auditing User Activity in Ops Manager.
BOSH Backup and Restore (BBR) backs up BOSH Director blobstores that save externally to Google Cloud Storage (GCS), as configured in the Director Config pane. See the External Storage Support Across Pivotal Platform Versions section of Backing Up Pivotal Platform with BBR.
PCF Ops Manager is renamed to Pivotal Ops Manager in the Installation Dashboard. Additionally, the file names for Ops Manager downloads are renamed in Pivotal Network.
The Change Log page may not show the correct results of each Apply Changes deploy attempt, and the Installation Log may omit later logs that show whether the deployment succeeded or how it failed.
For more information and a workaround, see Operations Manager changelog does not show any errors after failed deployment in Pivotal Support.
The Installation Log also takes time to load, and the link menu for each stage of the deployment scrolls away when you scroll down through the log output.
You access the Installation Log page from the Change Log page by clicking the Logs button for a listed deployment event.
Audit logs from the Ops Manager UAA component do not forward to a syslog server due to file permission issues.
After you upgrade to Ops Manager v2.7, you must reset any manually set certificates in CredHub to prevent their accidental rotation in Ops Manager v2.8.
CredHub v2.5 adds a field that tracks whether a certificate has been manually set or generated. However, existing certificates are not migrated to use this field. When you upgrade to Ops Manager v2.7, existing CredHub certificates are assigned a
null value in the
When instructed to rotate certificates, Ops Manager v2.8 does a bulk rotation of all certificates where
generated is set to either
null. To prevent rotation of a manually set certificate in CredHub, you must manually reset the certificate, which updates the
generated field to
To reset a certificate in CredHub, see Reviewing and Resetting Manually Set Certificates in CredHub.