Ops Manager v2.9 Partners Release Notes

Page last updated:

This topic describes the changes in Ops Manager v2.9 that might be relevant to partner service tiles.

For information about changes introduced in Ops Manager v2.9, see Ops Manager v2.9 Release Notes. For information about breaking changes introduced in VMware Tanzu Application Service for VMs v2.9, see Breaking Changes.

Features

New features and changes in this release:

Tile Developers Can Use Domain-Style URLs for S3-Compatible Blobstores

A use_path_style property allows tile developers to optionally enable virtual-hosted-style, or domain-style, URLs for S3-compatible blobstores in the BlobstoreVerifier.

By default, the use_path_style property is true, which means that the blobstore uses path-style URLs. To use domain-style URLs, set use_path_style to false.

This property allows you to use domain-style URLs for S3-compatible blobstores before AWS ends support for path-style URLs in October 2020.

For more information about the end of support for path-style S3 bucket URLs, see Amazon S3 Path Deprecation Plan – The Rest of the Story in the AWS News Blog.

For more information about the difference between path-style and virtual-hosted-style URLs, see Virtual Hosting of Buckets in the AWS documentation.

Support for CredHub Maestro and Ops Manager Bulk Rotation of Certificates

Ops Manager v2.9 invokes CredHub Maestro to perform the bulk rotation of various CAs and certificates within a foundation.

To ensure compatibility with Ops Manager API certificate rotation and CredHub Maestro, you must use the concatenated LEAF-CERTIFICATE-NAME.ca format when referencing CAs that sign leaf certificates in your tile’s property configuration. Do not reference the CA directly with the format CA-CERTIFICATE-NAME.certificate.

The .ca accessor format returns a concatenated version of the CA, which includes the older and newer CA. The concatenated version ensures that jobs using leaf certificates do not lose trusted state during CA rotation and results in the least amount of downtime for your tile’s services during certificate rotation.

For more information and configuration examples, see Reference Existing CAs and Certificates in CredHub Variables.

Known Issues

Known issues in this release that may affect tile development for partners:

Non-Configurable Certificates Are Invalid Within a Selector

An rsa_cert_credentials property with configurable: false is invalid within a selector property.

The tile does not raise any validation errors, but the following error appears during the pre-deploy check:

{
  "pre_deploy_check": {
    ...
    "properties": [
      {
        "name": ".properties.EXAMPLE-CERT-PROPERTY",
        "type": "rsa_cert_credentials",
        "errors": [
          "can't be blank",
          "can't be blank"
        ]
      }
    ],
    ...
  }
}

Where EXAMPLE-CERT-PROPERTY is the property you specify.