PCF v2.2 Partners Release Notice

Page last updated:

This topic describes the changes that Pivotal Cloud Foundry (PCF) v2.2 introduces which may be relevant to partner service tiles.

Ops Manager Credentials Stored in CredHub

Ops Manager v2.2 sends credentials entered by the operator to BOSH CredHub. This change keeps Ops Manager credentials out of the tile manifest. In previous versions of Ops Manager, tile manifests may have indicated credentials with the asterisk character. For example, ****. Now Ops Manager credentials are indicated in the manifest by a double-parens CredHub link beginning with /opsmgr/.

Ops Manager v2.2 sends new credentials to BOSH CredHub each time the operator clicks Apply Changes. When the operator deletes a tile, Ops Manager also removes its credentials from CredHub.

This feature offers greater security for credentials. For more information about where your credentials are stored, see BOSH CredHub.

Note: Only operators can make changes to Ops Manager credentials through the Ops Manager UI or API. Any change you attempt to the tile manifest or CredHub is overriden by Ops Manager on the next deploy.

Multi-Line Credentials

Ops Manager v2.2 now supports text areas for any type of multi-line credential. If you want a secret property to use a text area instead of the default single-line text field, you must set display_type to text_area in the property_inputs section of your property blueprint, as in the example below.

property_inputs:
  - reference: secret_meaning
    label: 'Secret Meaning'
    description: 'If you play it backwards...'
    display_type: 'text_area'

For more information, see the Custom Forms and Properties section of the Tile Generator topic.

Xenial Stemcell Upgrade Support

As of April 2019, Trusty stemcells will no longer receive support, nor will Pivotal have CVE patches for them. Ops Manager v2.2 allows tile authors to upgrade from Trusty stemcells to Xenial stemcells.

“When Changed” Errand Setting Removed

Ops Manager no longer supports the When Changed option for tile errands. The following API endpoint does not accept when-changed as valid: PUT /api/v0/staged/products/:product_guid/errands. Errands previously set to When Changed are set to On in Ops Manager v2.2. The default errand setting is now On.

Other Ops Manager v2.2 Release Notes

For other Ops Manager v2.2 release notes, see PCF Ops Manager Release v2.2 Release Notes.

Pivotal Application Service Tile Property Changes

Properties in the Pivotal Application Service (PAS) v2.2 tile have changed. Tile developers must change any (( ..cf.PROPERTY.NAME )) calls accordingly if their tiles access PAS property values.

The following tables list the properties that Pivotal removed and added in PAS v2.2:

Removed Properties
.properties.push_apps_manager_invitations_memory
.properties.push_apps_manager_memory
.properties.rep_server_cert
Added Properties
.properties.autoscale_enable_verbose_logging
.properties.cf_networking_search_domains
.properties.diego_log_timestamp_format
.properties.enable_log_cache
.properties.log_cache_auth_proxy_client_tls_cert
.properties.log_cache_nozzle_client_tls_cert
.properties.log_cache_server_tls_cert
.properties.pxc_internal_certificate
.properties.pxc_server_certificate
.properties.rep_server_cert_v2
.properties.routing_backends_client_cert
.properties.syslog_drop_debug

Deterministic Routing for Loggregator

If you are running multiple instances of a nozzle, deterministic routing sends all metrics with the same name to the same nozzle instance. This lets the nozzle run calculations on or otherwise process all of the metrics of a given type, but it may also distribute the metrics load unevenly across the nozzle instances.

Without deterministic routing, the Firehose round-robins metrics across all nozzle instances, which distributes the load across the instances more evenly.

To enable deterministic routing, include the property string deterministic_name = NUMBER-OF-NOZZLES with the initial egress request made to Loggregator in your nozzle’s manifest.

Selector-Based Subscripton Model and Reference Nozzles

You can request Firehose subscriptions that filter out all unspecified content using the Loggregator v2 API endpoint from the Reverse Log Proxy.

For examples of nozzles that use the Loggregator V2 API and consume only specified whitelisted metrics, see rlpreader and rlptypereader in the loggregator-tools repository.

For more information about this feature, see the V2 Subscriptions page of the loggregator-release repository.

Breaking Changes

BOSH DNS Enabled By Default

BOSH DNS is enabled by default, rather than Consul. For more information, see BOSH DNS Enabled By Default For App Containers and PCF Components.

WARNING: Do not disable BOSH DNS without instructions from Pivotal support. Disabling BOSH DNS will also disable several PAS features, PKS, and NSX-T.

Upcoming Deprecations

Stemcell 3363 and Earlier

For every PCF release, Pivotal recommends you upgrade the stemcell used in your BOSH releases and tiles to the latest available on Pivotal Network. This will ensure you get all the latest features and important security updates. In the PCF v2.2 timeframe, the 3363 stemcell line will be deprecated. Update your BOSH releases and rebuild your tile with Tile Generator to use the latest stemcell version.

Non-TLS Blobstore Communications

Non-TLS communication to the blobstore will be deprecated in PCF v2.2 and removed in PCF v2.3.

MySQL v1 Tile

The Pivotal MySQL for PCF v1 (p-mysql) tile will be deprecated in PCF v2.2 and removed in PCF v2.3. Partner tiles that depend on this tile should start migrating to the MySQL for PCF v2 (pivotal-mysql) tile. If you use p-mysql, you should change your tile to use pivotal-mysql, update your tile to declare a dependency on pivotal-mysql, and document a strategy for data migration.

PCF v2.1 Compatibility Reminder

Removal of IP Accessors .ips and .first_ip

Tiles must use BOSH links to retrieve IP addresses for other components.

Customers want to do more automation using Ops Manager-generated manifests. This is difficult because any IP address management done by Ops Manager might conflict with changes made through the customer’s own automation.

BOSH can now handle all IP address management. Using BOSH links, your software can receive IP addresses assigned by BOSH.

  1. If you use Tile Generator to build your tile, update to the latest version and rebuild.

  2. If you have BOSH jobs defined in your tile, specify dynamic_ips: 1 and static_ips: 0 for each job. This will set BOSH for IP address management instead of Ops Manager.

    Note: BOSH will keep your job at the same IP address unless it is not possible to do so, such as if the operator changes the IP address range and that IP address is no longer available.

  3. If a BOSH release in your tile needs the IP address of another component, consume its BOSH link. If other components need your BOSH job’s IP address, provide a BOSH link.

    Note: IP address accessors .ips and .first_ip will not be available in PCF v2.1.

For more information about implementation, please refer to the with-link examples in the pcf-examples GitHub repository and the Tile Generator topic. For more background and context on BOSH links, see BOSH Links: Why and How and Sharing Links.

PCF v2.0 Compatibility Reminder

PCF v2.0 included breaking changes for which several partner products have not yet updated. For more information, see PCF v2.0 Partners Release Notice.