Pivotal Operations Manager v2.8 Release Notes

Page last updated:

This topic contains release notes for Pivotal Operations Manager v2.8.

Pivotal Platform is certified by the Cloud Foundry Foundation for 2020.

Read more about the certified provider program and the requirements of providers.


Releases

2.8.11

Release Date: July 31, 2020

  • [Bug Fix]: If you have a tile that is not configured and you apply changes, you receive a warning message but changes to other configured tiles are applied. In earlier patches, the apply changes failed. This only happened on vSphere environments.

  • [Bug Fix]: For the hm_emailer_options.recipients key, the PUT /api/v0/staged/director/properties endpoint accepts the format used by GET /api/v0/staged/director/properties endpoint for this key in addition to the existing format accepted.

  • [Bug Fix]: Version checks for tile dependencies confirm the major, minor, and patch numbers but not build numbers.

Ops Manager v2.8.11 uses the following component versions:

Component Version
Ops Manager2.8.11-build.288*
Stemcell621.77*
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.12
CredHub Maestro4.1.2
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.18*
BPM1.1.8
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.11
BOSH CLI6.3.1*
Credhub CLI2.8.0*
BBR CLI1.7.2
Telemetry1.0.3
* Components marked with an asterisk have been updated.

2.8.10

Release Date: July 1, 2020

  • [Bug Fix]: NSX configuration settings are applied to jobs defined in the BOSH Director manifest, including the BOSH Director VM.
  • [Bug Fix]: BOSH Director can deploy on Openstack environments with multiple regions.
  • [Bug Fix]: The Ops Manager API /api/v0/staged/director/properties endpoint returns S3 and GCS blobstore credentials.
  • [Bug Fix]: IaasConfigurationVerifier connects to the correct authentication endpoint on Azure Government environments.
  • [Bug Fix]: Ops Manager UAA allows spaces and escaped characters in LDAP external group names.
  • [Bug Fix]: rsyslog service starts automatically upon starting the Ops Manager VM.

Ops Manager v2.8.10 uses the following component versions:

Component Version
Ops Manager2.8.10-build.281*
Stemcell621.76*
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.12*
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.17*
BPM1.1.8
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.11
BOSH CLI6.3.0*
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.0.3
* Components marked with an asterisk have been updated.

2.8.9

Release Date: May 22, 2020

Ops Manager v2.8.9 uses the following component versions:

Component Version
Ops Manager2.8.9-build.268*
Stemcell621.74
BBR SDK1.18.0
BOSH Director270.11.1
BOSH DNS1.21.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.16*
BPM1.1.8
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.11
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.0.3
* Components marked with an asterisk have been updated.

2.8.8

Release Date: May 18, 2020

  • [Bug Fix]: Ensure that the BOSH Director and BOSH Agent use the same keys for S3 Blobstores.
  • [Feature Improvement]: The GET /api/v0/deployed/certificates API call returns a list of all the products associated with each certificate, including the product GUIDs.

Ops Manager v2.8.8 uses the following component versions:

Component Version
Ops Manager2.8.8-build.266*
Stemcell621.74*
BBR SDK1.18.0*
BOSH Director270.11.1
BOSH DNS1.21.0*
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.15
BPM1.1.8
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.11*
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.0.3
* Components marked with an asterisk have been updated.

2.8.7

  • [Feature] Ops Manager and BOSH Director support the Hong Kong region in AWS.
  • [Bug Fix] Fixes issue where rsyslog stops forwarding logs after first log rotation.
  • [Bug Fix] Fixes issue where some upgraded Ops Managers do not have the UAA Restricted Client Secret property set properly. This property is needed for the Telemetry tile.
  • [Bug Fix] Fixes issue where CAs created or added before Ops Manager v2.8 cannot be deleted on v2.8 or later.

Ops Manager v2.8.7 uses the following component versions:

Component Version
Ops Manager2.8.7-build.257*
Stemcell621.71*
BBR SDK1.17.4
BOSH Director270.11.1
BOSH DNS1.17.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.15*
BPM1.1.8
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.9*
BOSH CLI6.2.1
Credhub CLI2.7.0
BBR CLI1.7.2
Telemetry1.0.3
* Components marked with an asterisk have been updated.

2.8.6

Ops Manager v2.8.6 uses the following component versions:

Component Version
Ops Manager2.8.6-build.247*
Stemcell621.64*
BBR SDK1.17.4*
BOSH Director270.11.1
BOSH DNS1.17.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.14*
BPM1.1.8*
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.7
BOSH CLI6.2.1
CredHub CLI2.7.0
BBR CLI1.7.2
Telemetry1.0.3
* Components marked with an asterisk have been updated.

2.8.5

  • [Feature] Operators can configure multiple certificates in the Server SSL Cert field during LDAP Server configuration.
  • [Feature] Adds the Vm-Host Affinity Rule dropdown to the Availability Zones pane.
  • [Bug Fix] Deployed certificates endpoint show configurable: true for CredHub certs marked as generated: null.
  • [Bug Fix] BOSH DNS certificates are regenerated during a certificate rotation when BOSH and product are redeployed.
  • [Bug Fix] The /api/v0/staged/products/:guid/properties Ops Manager API endpoint rejects malformed secret properties.
  • [Bug Fix] Non-configurable jobs that default to zero instances do not appear in the Resource Config pane.
  • [Bug Fix] Ops Manager marks RSA certificates with extra characters as invalid before deployment.

Ops Manager v2.8.5 uses the following component versions:

Component Version
Ops Manager2.8.5-build.234*
Stemcell621.59*
BBR SDK1.17.2
BOSH Director270.11.1
BOSH DNS1.17.0
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.11*
BPM1.1.7*
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.7
BOSH CLI6.2.1*
CredHub CLI2.7.0*
BBR CLI1.7.2*
Telemetry1.0.3*
* Components marked with an asterisk have been updated.

2.8.4 - Withdrawn

Warning: This release has been removed from VMware Tanzu Network because it shipped with an unintentional breaking change in BOSH DNS which causes Pivotal Application Service for Windows deployments to fail.

  • [Feature] Adds VM-HOST Affinity Rule dropdown to the Availability Zones pane. This dropdown is available if you have availability zones (AZs) on vSphere. In the dropdown, you can select either MUST or SHOULD to add a Distributed Resource Scheduler (DRS) rule for the AZ.

Ops Manager v2.8.4 uses the following component versions:

Component Version
Ops Manager2.8.4-build.224*
Stemcell621.57*
BBR SDK1.17.2
BOSH Director270.11.1
BOSH DNS1.18.0*
Metrics Server0.0.24
System Metrics2.0.11
CredHub2.5.11
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.9*
BPM1.1.7*
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.7
BOSH CLI6.2.1*
CredHub CLI2.6.2
BBR CLI1.7.0
Telemetry1.0.1
* Components marked with an asterisk have been updated.

2.8.3

  • [Bug Fix] Multi-datacenter vSphere configurations deploys to the datacenter that matches to the availability zone and network the operator has selected.

Ops Manager v2.8.3 uses the following component versions:

Component Version
Ops Manager2.8.3-build.217*
Stemcell621.51*
BBR SDK1.17.2
BOSH Director270.11.1*
BOSH DNS1.17.0
Metrics Server0.0.24
System Metrics2.0.11*
CredHub2.5.11*
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.5
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.2.0*
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.7*
BOSH CLI6.2.0
CredHub CLI2.6.2
BBR CLI1.7.0*
Telemetry1.0.1*
* Components marked with an asterisk have been updated.

2.8.2

  • [Bug Fix] Fixes performance issues with the Ops Manager change log page.
  • [Bug Fix] Fixes issue where setting the HTTP(S) Proxy in Ops Manager to an empty value causes apply changes to fail.

Ops Manager v2.8.2 uses the following component versions:

Component Version
Ops Manager2.8.2-build.203*
Stemcell621.41
BBR SDK1.17.2
BOSH Director270.10.0
BOSH DNS1.17.0
Metrics Server0.0.24
System Metrics2.0.9*
CredHub2.5.9
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.5
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.0.0
Google CPI30.0.0
OpenStack CPI43
vSphere CPI53.0.5*
BOSH CLI6.2.0*
CredHub CLI2.6.2
BBR CLI1.5.2
Telemetry1.0.0
* Components marked with an asterisk have been updated.

2.8.1

  • [Feature] Operators can use an encrypted private key for Provider Client Certificate Private Key when configuring HSM in BOSH.
  • [Feature] Operators can use an encrypted private key in Tile settings.
  • [Bug Fix] System metrics certificate is redacted in BOSH output.
  • [Bug Fix] Fixes upgrade issue for deployments where operators have used the add_job_to_instance_group Ops Manager API endpoint.
  • [Bug Fix] Apply Changes no longer fails when tiles use the allow_encrypted_key feature.

Ops Manager v2.8.1 uses the following component versions:

Component Version
Ops Manager2.8.1-build.198*
Stemcell621.41*
BBR SDK1.17.2
BOSH Director270.10.0
BOSH DNS1.17.0*
Metrics Server0.0.24
System Metrics2.0.8*
CredHub2.5.9
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.5
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.0.0
Google CPI30.0.0*
OpenStack CPI43
vSphere CPI53.0.4*
BOSH CLI6.1.1
CredHub CLI2.6.2
BBR CLI1.5.2
Telemetry1.0.0
* Components marked with an asterisk have been updated.

2.8.0

Component Version
Ops Manager2.8.0-build.187*
Stemcell621.29*
BBR SDK1.17.2
BOSH Director270.10.0
BOSH DNS1.16.0
Metrics Server0.0.24
System Metrics2.0.5*
CredHub2.5.9
Syslog11.6.1
Windows Syslog1.0.3
UAA74.5.5
BPM1.1.6
Networking9
OS Conf21.0.0
AWS CPI79
Azure CPI37.0.0
Google CPI29.0.1
OpenStack CPI43
vSphere CPI53.0.3
BOSH CLI6.1.1
CredHub CLI2.6.2
BBR CLI1.5.2
Telemetry1.0.0
* Components marked with an asterisk have been updated.

How to Upgrade

To upgrade to Ops Manager v2.8, see Upgrading Pivotal Platform.

New Features in Ops Manager v2.8

Ops Manager v2.8 includes the following major features:

CredHub Maestro Rotates BOSH DNS Certificate Authorities

CredHub Maestro rotates BOSH DNS CAs and runs safety checks.

CredHub Maestro is a CLI for discovering and rotating CredHub-managed certificates. For more information about using CredHub Maestro, see Rotating Certificates, Getting Started with CredHub Maestro, and Advanced Certificate Rotation with CredHub Maestro.

Certificate Authentication to vSphere NSX Manager

For Pivotal Platform deployments on vSphere that use NSX networking, the BOSH Director can authenticate to the NSX Manager with a certificate and private key, as well as with a username and password.

This change means that the BOSH Director, NSX-T Container Plugin (NCP), and Enterprise PKS can all authenticate to the NSX Manager with a certificate and private key. BOSH Director uses NSX to network and secure platform components, NCP uses NSX-T to network and secure app containers, and Enterprise PKS uses NSX to create load balancers.

For how to configure BOSH Director authentication to NSX, see Step 2: Configure vCenter in Configuring BOSH Director on vSphere.

All Platform VMs Emit System Metrics

The runtime_config code in Ops Manager v2.8 installs a system metrics agent on all Pivotal Platform VMs. This lets Pivotal Healthwatch, Pivotal App Metrics and other platform tools consume VM metrics from Pivotal Application Service (PAS), Enterprise Pivotal Container Service (PKS), hosted services, and any other products deployed by Ops Manager.

System metrics report usage and status of VM memory, disk, CPU, network, load, and swap space. For a complete list of metrics, see VM Metrics in System Metrics Agent in the System Metrics repository on GitHub.

Before Ops Manager v2.8, the metrics agent was installed only on PAS VMs, and VMs deployed by other products did not emit the system metrics described above.

TLS Always Enabled for Internal Blobstore

TLS is now always enabled for the internal blobstore. You can no longer toggle TLS for the internal blobstore with the UI or API.

Pivotal recommends that you enable TLS for the internal blobstore before you upgrade. You can do this by selecting Enable TLS in the Director Config pane. There may be errors if the blobstore CA is expired.

Specify Optional Tile Dependencies

You can specify tile dependencies as optional. To add optional dependencies, use the optional: true field under the requires_product_versions property in the tile directory’s tile.yml file.

For more information about the difference between required and optional dependencies, see Dependencies in How Tiles Work.

UI and API Show More Information about Dependencies

Ops Manager v2.8 changes the way dependencies appear when you selectively deploy products. When you click Review Pending Changes in the Ops Manager UI, each product lists its dependencies in the Depends on section. When you make a request to the pending_changes Ops Manager API endpoint, the response lists each product’s dependencies in the depends_on section.

See the following table for information about how dependencies appear in the Ops Manager UI and API:

UI Appearance API Status Key Explanation Can Apply Changes?
Dependency listed in green text satisfied The correct version of the dependency is installed. Yes
Dependency listed in green text, followed by (optional) satisfied The correct version of the dependency is installed, although it is optional. Yes
Dependency listed in red text unsatisfied An incompatible version of the dependency is installed. You must update the dependency to apply changes. No
Dependency listed in red text, followed by (optional) unsatisfied An incompatible version of the dependency is installed, but the dependency is optional. Yes
Dependency listed in gray text, followed by (optional) not_present No version of the dependency is installed, but it is optional. Yes

HTTP Install-Time Verifier

Tile authors can define an HttpSuccessVerifier install-time verifier that calls an HTTP endpoint on the broker.

Ops Manager executes this verifier after you click Apply Changes. If the HTTP response is not successful, the deployment fails and the verifier displays a warning message.

Tile authors can use this verifier to check if all service instances on an existing broker are on the current version. This prevents service instances from becoming orphaned after an upgrade. Tile authors can also specify that the verifier should only run on major or minor upgrades.

Revert Staged Changes With the API

You can use the DELETE /api/v0/staged Ops Manager API endpoint to revert all staged changes in Ops Manager. For more information, see Revert staged changes in the Ops Manager API documentation.

Configure Multiple HSMs With the API

You can use the PUT /api/v0/staged/director/properties endpoint of the Ops Manager API to configure multiple hardware security modules (HSMs) for BOSH CredHub. For more information, see Updating director and Iaas properties (Experimental) in the Ops Manager API documentation.

Pivotal Telemetry for Ops Manager Is Imported by Default

Ops Manager automatically imports the Pivotal Telemetry for Ops Manager tile. When you install Ops Manager, the Pivotal Telemetry tile appears under IMPORT A PRODUCT.

This tile collects product usage data, which helps Pivotal improve our products and services. Using Pivotal Telemetry for Ops Manager is optional, and the tile does not share product usage data until you add and configure it.

For more information, see the Pivotal Telemetry for Ops Manager documentation.

Ability to Set the VM-Host Affinity Rule to “Should” for Clusters in vSphere

In Ops Manager v2.8.5 and later, you can modify the VM-Host Affinity Rule for a cluster in the Availability Zones pane.

By default, VM-Host Affinity Rule is set to MUST, which means that all VMs in the cluster must run on hosts in the specified host group. There are no exceptions.

Changing the value to SHOULD means that during normal operations, VMs in the cluster are run on hosts in the specified host group. However, vSphere can start these VMs in another host group in the event of an AZ failure. This flexibility helps ensure high availability for stretched cluster topologies in vSphere.

For information on changing this setting in the Ops Manager UI, see Configuring BOSH Director on vSphere. To change the setting with the Ops Manager API, see Ops Manager API Documentation.

For more information about VM-Host Affinity Rules, see VM-Host Affinity Rules in the vSphere documentation.

For more information about stretched clusters, see Introduction to Stretched Clusters in the vSphere documentation.

Known Issues

Ops Manager v2.8 includes the following known issues:

Reset Manually Set Certificates in CredHub Before Rotating Certificates with CredHub Maestro CLI

If you have manually set any certificates in CredHub on Ops Manager v2.6 or earlier, you need to reset those certificates before using the CredHub Maestro CLI to rotate CredHub certificates. The CredHub Maestro CLI is available on the Ops Manager VM.

Resetting these certificates is not a required condition for the Ops Manager v2.8 upgrade. You can reset them either before or after the upgrade.

To reset a certificate in CredHub, see Reviewing and Resetting Manually Set Certificates in CredHub. For more information about CredHub Maestro, see CredHub Maestro Rotates BOSH DNS Certificate Authorities.

BOSH VMs Report Unresponsive Agent After Activating New Root CA

After activating a new root CA in Ops Manager, some BOSH VMs report an unresponsive agent. This error occurs if you do not recreate all service instances for a service tile when rotating the root CA.

You can recreate all service instances by enabling the Recreate all service instance errand in the service tile before applying changes.

For service tiles that do not have this errand, first apply changes in Ops Manager and then run the following BOSH command manually for each service instance deployment:

bosh -d SERVICE-INSTANCE-DEPLOYMENT recreate

Where SERVICE-INSTANCE-DEPLOYMENT is the BOSH deployment name of the service instance.

For more information, see Rotate CAs and Leaf Certificates.

The services tiles that do not have the Recreate all service instance errand include:

  • VMware Tanzu GemFire
  • MySQL for Pivotal Platform v2.7.5 and earlier
  • MySQL for PCF v2.6.6 and earlier
  • MySQL for PCF v2.5.10 and earlier
  • RabbitMQ for PCF v1.15.4 and earlier
  • Redis for PCF v2.0.22 and earlier

Stemcell Library Warns That Stemcells with Triple-Digit Minor Release Numbers Are Out of Date

In Ops Manager v2.8.5 and earlier, when you upload a stemcell with a triple-digit minor release number to the Ops Manager Stemcell Library, you see a warning that the stemcell is out of date.

This is because Ops Manager erroneously interprets triple-digit minor release numbers, such as Ubuntu Xenial stemcell 456.100, as being older than double-digit minor release numbers, such as Ubuntu Xenial stemcell 456.98. The Stemcell Library then erroneously lists the most recent double-digit minor release stemcell you uploaded as the required stemcell.

You can use stemcells with triple-digit minor release numbers and ignore the warning.

This issue is resolved in Ops Manager v2.8.6.