Pivotal Operations Managerv2.7 Release Notes

Page last updated:

This topic contains release notes for Pivotal Operations Manager v2.7.

Pivotal Platform is certified by the Cloud Foundry Foundation for 2020.

Read more about the certified provider program and the requirements of providers.


Releases

Ops Manager v2.7 includes the following minor releases:

2.7.12

Ops Manager v2.7.12 uses the following component versions:

Component Version
Ops Manager2.7.12-build.260*
Stemcell456.96*
BBR SDK1.17.2
BOSH Director270.4.3
BOSH DNS1.17.0
Metrics Server0.0.24
CredHub2.5.11*
Syslog11.6.1
Windows Syslog1.0.3
UAA73.4.16
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.7*
BOSH CLI5.5.1
Credhub CLI2.6.2
BBR CLI1.7.0*
* Components marked with an asterisk have been updated.

2.7.11

  • [Bug Fix] Fixes issue where multi-datacenter vSphere always deploys BOSH Director to the first vCenter configured in Ops Manager.
  • [Bug Fix] Fixes issue where tiles that contain build numbers in product_version incorrectly fail to meet the requirements for minimum_version_for_upgrade version.
  • [Bug Fix] Fixes performance issues with the Ops Manager change log page.
  • [Bug Fix] Fixes issue where setting the HTTP(S) Proxy in Ops Manager to an empty value causes apply changes to fail.

Ops Manager v2.7.11 uses the following component versions:

Component Version
Ops Manager2.7.11-build.251*
Stemcell456.93*
BBR SDK1.17.2
BOSH Director270.4.3
BOSH DNS1.17.0*
Metrics Server0.0.24
CredHub2.5.9
Syslog11.6.1
Windows Syslog1.0.3
UAA73.4.16
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.5*
BOSH CLI5.5.1
Credhub CLI2.6.2
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.10

  • [Feature] Operators can access the Ops Manager /api/v0/support_bundle API endpoint to download a zip file with the Ops Manager diagnostic report.
  • [Feature] Multiple LDAP server URLs can be passed to LDAPBindVerifier.
  • [Bug Fix] Fixes upgrade issue for deployments where operators have used the add_job_to_instance_group API endpoint.
  • [Bug Fix] Apply changes no longer fails when tiles use the allow_encrypted_key feature.

Ops Manager v2.7.10 uses the following component versions:

Component Version
Ops Manager2.7.10-build.245*
Stemcell456.84*
BBR SDK1.17.2
BOSH Director270.4.3
BOSH DNS1.16.0
Metrics Server0.0.24
CredHub2.5.9
Syslog11.6.1
Windows Syslog1.0.3
UAA73.4.16
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.4
BOSH CLI5.5.1
Credhub CLI2.6.2
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.9

  • [Feature] Operators can use an encrypted private key for Provider Client Certificate Private Key when configuring HSM in BOSH.
  • [Feature] Operators can use an encrypted private key in Tile settings.

Ops Manager v2.7.9 uses the following component versions:

Component Version
Ops Manager2.7.9-build.239*
Stemcell456.77
BBR SDK1.17.2
BOSH Director270.4.3
BOSH DNS1.16.0
Metrics Server0.0.24
CredHub2.5.9
Syslog11.6.1
Windows Syslog1.0.3
UAA73.4.16
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.4*
BOSH CLI5.5.1
Credhub CLI2.6.2
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.8

Ops Manager v2.7.8 uses the following component versions:

Component Version
Ops Manager2.7.8-build.234*
Stemcell456.77*
BBR SDK1.17.2
BOSH Director270.4.3*
BOSH DNS1.16.0
Metrics Server0.0.24
CredHub2.5.9
Syslog11.6.1*
Windows Syslog1.0.3
UAA73.4.16
BPM1.1.6*
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.3
BOSH CLI5.5.1
Credhub CLI2.6.2
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.7

  • [Feature] In Advanced Mode after a successful deployment, Operators can update host, port, and database properties under External MySQL Database in the Director Config pane of the BOSH Director tile.
  • [Bug Fix] After a successful deployment, Operators can update the username under External MySQL Database in the Director Config pane of the BOSH Director tile.

Ops Manager v2.7.7 uses the following component versions:

Component Version
Ops Manager2.7.7-build.229*
Stemcell456.74*
BBR SDK1.17.2
BOSH Director270.4.2
BOSH DNS1.16.0*
Metrics Server0.0.24
CredHub2.5.9*
Syslog11.6.0
Windows Syslog1.0.3
UAA73.4.16
BPM1.1.5
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.3
BOSH CLI5.5.1
Credhub CLI2.6.2*
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.6

Ops Manager v2.7.6 uses the following component versions:

Component Version
Ops Manager2.7.6-build.223*
Stemcell456.69
BBR SDK1.17.2
BOSH Director270.4.2
BOSH DNS1.12.0
Metrics Server0.0.24
CredHub2.5.8*
Syslog11.6.0
Windows Syslog1.0.3
UAA73.4.16
BPM1.1.5
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.3*
BOSH CLI5.5.1
Credhub CLI2.6.1
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.5

Ops Manager v2.7.5 uses the following component versions:

Component Version
Ops Manager2.7.5-build.218*
Stemcell456.69
BBR SDK1.17.2
BOSH Director270.4.2
BOSH DNS1.12.0
Metrics Server0.0.24
CredHub2.5.7
Syslog11.6.0
Windows Syslog1.0.3
UAA73.4.16*
BPM1.1.5
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.2
BOSH CLI5.5.1
Credhub CLI2.6.1
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.4

  • [Feature] Operators can configure multiple HSM hosts in BOSH CredHub using the Ops Manager API.
  • [Security Fix]: When an operator makes a request to the UAA server, the server does not log credentials within the query parameters.

Ops Manager v2.7.4 uses the following component versions:

Component Version
Ops Manager2.7.4-build.216*
Stemcell456.69*
BBR SDK1.17.2
BOSH Director270.4.2
BOSH DNS1.12.0
Metrics Server0.0.24
CredHub2.5.7*
Syslog11.6.0
Windows Syslog1.0.3
UAA73.4.15
BPM1.1.5
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.2*
BOSH CLI5.5.1
Credhub CLI2.6.1
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.3

  • [Bug Fix] Fix unbound variable in UAA that causes BOSH Director to fail

Ops Manager v2.7.3 uses the following component versions:

Component Version
Ops Manager2.7.3-build.208*
Stemcell456.51*
BBR SDK1.17.2
BOSH Director270.4.2
BOSH DNS1.12.0
Metrics Server0.0.24
CredHub2.5.6
Syslog11.6.0*
Windows Syslog1.0.3
UAA73.4.15*
BPM1.1.5
Networking9
OS Conf21.0.0
AWS CPI78
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.1
BOSH CLI5.5.1
Credhub CLI2.6.1*
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.2

  • [Security Fix] This patch addresses CVE-2019-15587
  • [Feature] Operators see a warning about unrecognized verifiers instead of failing an Apply Changes
  • [Feature] Operators can use the DELETE /api/v0/staged endpoint to revert pending changes
  • [Bug Fix] API shows correct message for a given product when enabling or disabling unknown verifier
  • [Bug Fix] Operators cannot modify vSphere availability zones that are associated with a deployed product with the API
  • [Bug Fix] Ops Manager does not show the Revert button in the UI after Apply Changes
  • [Bug Fix] Users are allowed to uncheck all options in a multi_select_options property that is nested under a selector

Ops Manager v2.7.2 uses the following component versions:

Component Version
Ops Manager2.7.2-build.201*
Stemcell456.40*
BBR SDK1.17.2
BOSH Director270.4.2*
BOSH DNS1.12.0
Metrics Server0.0.24
CredHub2.5.6
Syslog11.5.0
Windows Syslog1.0.3
UAA73.4.14*
BPM1.1.5*
Networking9
OS Conf21.0.0
AWS CPI78*
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.1
BOSH CLI5.5.1
Credhub CLI2.6.0
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.1

  • [Feature] Improves Nginx security configuration. Nginx now uses a more secure cipher suite and updates OpenSSL DH parameters to prevent fingerprinting.
  • [Feature] External DB password is not frozen after a successful deploy
  • [Feature] Begins consuming credhub-release from the Pivotal CredHub LTS repo to ensure users will be able to consume patches
  • [Bug Fix] Root CA certificate is only written to disk when it has changed
  • [Bug Fix] Add AWS AMI IDs for eu-west-3 and eu-north-1 to the PDFs on Pivotal Network
  • [Bug Fix] Tomcat logs from the UAA process are readable by the syslog user
  • [Bug Fix] When an operator exports a runtime config only tile from Ops Manager 2.6 on AWS, they can successfully import their installation.zip into Ops Manager 2.7. Previously there was a 5th generation AWS instance schema migration failure.
  • [Bug Fix] Submitting a form with multiple unselected selector properties does not raise a 500 error
  • [Bug Fix] Resolves an issue in which Ops Manager hangs during Apply Changes
  • [Bug Fix] Ops Manager API shows deployed certificates when only BOSH Director has been deployed

Ops Manager v2.7.1 uses the following component versions:

Component Version
Ops Manager2.7.1-build.189*
Stemcell456.30*
BBR SDK1.17.2*
BOSH Director270.4.1
BOSH DNS1.12.0
Metrics Server0.0.24*
CredHub2.5.6*
Syslog11.5.0*
Windows Syslog1.0.3
UAA73.4.10*
BPM1.1.3
Networking9
OS Conf21.0.0
AWS CPI77
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.1
BOSH CLI5.5.1
Credhub CLI2.6.0*
BBR CLI1.5.2
* Components marked with an asterisk have been updated.

2.7.0

Ops Manager v2.7.0 uses the following component versions:

Component Version
Ops Manager2.7.0-build.161*
Stemcell456.16*
BBR SDK1.17.1*
BOSH Director270.4.1*
BOSH DNS1.12.0
Metrics Server0.0.22
CredHub2.5.3*
Syslog11.4.0
Windows Syslog1.0.3
UAA73.4.4
BPM1.1.3
Networking9
OS Conf21.0.0
AWS CPI77
Azure CPI36.0.1
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.1
BOSH CLI5.5.1
Credhub CLI2.5.2
BBR CLI1.5.2*
* Components marked with an asterisk have been updated.

How to Upgrade

To upgrade to Pivotal Operations Manager v2.7, see Upgrading Pivotal Platform.

New Features in Ops Manager v2.7

Ops Manager v2.7 includes the following major features:

Resource Config Redesign

Ops Manager v2.7 introduces a redesigned Resource Config pane. The new Resource Config pane appears in every Ops Manager product tile, including BOSH Director.

In the redesigned Resource Config pane, you can expand the row that contains each job to reveal additional configuration options. The additional options that you can configure depend on your IaaS. For example, if you use vSphere, you can configure NSX-T or NSX-V settings within each job row.

The new Ops Manager Resource Config pane also has improved error handling. When there is an error, Ops Manager displays both a banner and an error message next to the field that contains the error. When a value you enter violates the constraints of a job, Ops Manager highlights the corresponding Instances, VM Type, and Persistent Disk Type fields and displays an error message about the violation.

For more information, see the Resource Config section of the BOSH Director configuration topic for your IaaS:

Valid cron Input Verification

For string type form fields in tiles, Ops Manager supports a constraints.must_be_cron_schedule attribute that verifies whether the input is a valid cron expression. Tiles can use this attribute for fields that schedule backups, for example. For information about the string blueprint type, see string in Property and Template References in the Pivotal Platform Tile Developer Guide.

Ops Manager Sanitizes Certificate Input for Carriage Returns and Line Feeds

When you reset the value of a certificate in an Ops Manager tile, Ops Manager sanitizes the certificate for carriage returns and line feeds. This prevents BOSH from interpreting the certificate you reset as a new certificate and recreating VMs. You do not need to manually remove newline characters such as \n.

API Call Returns All Certs

Calling the Ops Manager API deployed/certificates endpoint returns listings for the root certificate authority (CA), NATS CA, and certificates that Ops Manager stores in CredHub, in addition to leaf-level certificates that Ops Manager stores directly.

For more information, see List All RSA Certificates in Managing Certificates with the Ops Manager API.

Download a Platform Information Bundle from the Ops Manager UI or API

You can download a Platform Information Bundle as a ZIP file from the Ops Manager UI or API. The bundle includes Ops Manager logs, deployed manifests and configurations, and BOSH deployment diagnostics.

The contents of the bundle help Pivotal Support more quickly address any issues in your deployment.

To download the ZIP file from the UI, click Support in the footer of any page in the Ops Manager UI.

To download the ZIP file from the Ops Manager API, use the /api/v0/support_bundle endpoint. For more information, see Support Bundle in the Ops Manager API documentation.

BOSH Director Access Events Appear in Syslog Output

Syslog output includes BOSH Director access events when syslog is enabled in Ops Manager.

BOSH Director access events correspond to the execution of BOSH CLI commands. The addition of these events allows you to audit BOSH Director access and activity for security monitoring purposes.

For more information, see Syslog in Using the Ops Manager Interface and Logging API Access in the BOSH documentation.

Request Parameters in Ops Manager User Activity Logs

The Ops Manager audit_log.txt file includes request parameters. This provides additional information about requests made in the Ops Manager UI, such as the timestamp of the request and the username that made the request.

These request parameters improve Ops Manager logs for auditing user activity.

To access the audit_log.txt file, SSH into the Ops Manager VM and navigate to /var/log/opsmanager/audit_log.txt.

For more information about the types of user activity that you can audit in the Ops Manager logs, see Auditing User Activity in Ops Manager.

BBR Backs Up GCS Blobstore

BOSH Backup and Restore (BBR) backs up BOSH Director blobstores that save externally to Google Cloud Storage (GCS), as configured in the Director Config pane. For more information, see External Storage Support Across Pivotal Platform Versions in Backing Up Pivotal Platform with BBR.

PCF Ops Manager Renamed to Pivotal Operations Manager

PCF Ops Manager is renamed to Pivotal Operations Manager in the Installation Dashboard. Additionally, the file names for Ops Manager downloads are renamed in Pivotal Network.

Known Issues

Ops Manager v2.7 includes the following known issues:

Log Page Accuracy and Behavior

The Change Log page may not show the correct results of each Apply Changes deploy attempt, and the Installation Log may omit later logs that show whether the deployment succeeded or how it failed.

For more information and a workaround, see Operations Manager changelog does not show any errors after failed deployment in the Pivotal Knowledge Base.

The Installation Log also takes time to load, and the link menu for each stage of the deployment scrolls away when you scroll down through the log output.

You access the Installation Log page from the Change Log page by clicking the Logs button for a listed deployment event.

Syslog Does Not Receive UAA Audit Logs

Audit logs from the Ops Manager UAA component do not forward to a syslog server due to file permission issues.

Monit Inaccurately Reports Health of UAA

When BOSH Director reboots, Monit may report UAA as running, even though its process state is unhealthy. The Monit start scripts for UAA use the UAA /healthz endpoint to verify UAA is running, but the /healthz endpoint does not know there is a database requirement. Monit detects UAA is healthy, even though UAA is stuck, and never restarts it.

To fix this, run monit restart uaa to restart UAA after Postgres is running.

For more information, see Monit reports UAA running on BOSH Director when it is actually unhealthy in the Pivotal Knowledge Base.

Reset Manually Set Certificates in CredHub

If you have manually set any certificates in CredHub on Ops Manager v2.6 or earlier, Pivotal recommends that you reset these certificates to prevent their accidental rotation in Ops Manager v2.8. You only need to perform this action before rotating certificates in Ops Manager v2.8. It is not required as part of the Ops Manager v2.7 upgrade.

Ops Manager v2.7 includes CredHub v2.5, which adds a field that tracks whether a certificate has been manually set or generated. However, existing certificates from Ops Manager v2.6 and earlier are not migrated to use this field. After you upgrade to Ops Manager v2.7, manually set CredHub certificates are assigned a null value in the generated field.

When instructed to rotate certificates using the certificate_authorities/active/regenerate Ops Manager API endpoint, Ops Manager v2.8 does a bulk rotation of all certificates where generated is set to either true or null. To prevent rotation of a manually set certificate in CredHub, you should reset the certificate, which updates the generated field to false.

To reset a certificate in CredHub, see Reviewing and Resetting Manually Set Certificates in CredHub.

BOSH VMs Report Unresponsive Agent After Activating New Root CA

After activating a new root CA in Ops Manager, some BOSH VMs report an unresponsive agent. This error occurs if you do not recreate all service instances for a service tile when rotating the root CA.

You can recreate all service instances by enabling the Recreate all service instance errand in the service tile before applying changes. For service tiles that do not have this errand, you must run the following BOSH command manually for each service instance deployment:

bosh -d SERVICE-INSTANCE-DEPLOYMENT recreate

Where SERVICE-INSTANCE-DEPLOYMENT is the BOSH deployment name of the service instance.

For more information, see Rotate CAs and Leaf Certificates.

The services tiles that do not have the Recreate all service instance errand include:

  • MySQL for Pivotal Platform
  • Pivotal Cloud Cache
  • RabbitMQ for PCF v1.15.4 or earlier
  • Redis for PCF v2.0.22 and earlier