Pivotal Knowledge Base

Follow

Commit endpoint fails when a tile contains CredHub variable migrations

Environment

Pivotal Cloud Foundry® Ops Manager 1.11 and 1.12

Symptom

If you use Ops Manager to generate manifests that you deploy manually with BOSH, the /commit endpoint fails to save the manifest if it contains CredHub variables.

Resolution

To work around the issue, follow the procedure below.

Step 1: Commit the Installation

Use the /commit endpoint to check for variable migrations in the staged installation. If you try to upgrade a tile that contains variable migrations, the commit fails.

Enter the following curl command to determine whether or not your tile contains migrations:

$ curl "https://OPS-MANAGER-FQDN/api/v0/staged/installations/commit" \ 
-X POST \
-H "Authorization: Bearer MY-TOKEN" \
-H "Content-Type: application/json" \
-d '{ "ignore_warnings": true }'
  • Replace OPS-MANAGER-FQDN with your Ops Manager FQDN
  • Replace MY-TOKEN with your UAA API access token
  • Set ignore_warnings to true to bypass warnings or false to enable warnings

If the tile does not contain variable migrations, the commit succeeds. Continue to the following step to fetch the tile manifest and proceed with the tile upgrade.

If your tile contains variable migrations, the commit fails and returns an error message
about the disabled commit endpoint. Continue following this procedure to re-enable the endpoint.

Step 2: Fetch the Tile Manifest

Enter the following curl command to fetch the manifest for the tile:

$ curl "https://OPS-MANAGER-FQDN/api/v0/deployed/products/PRODUCT-GUID/manifest" \ 
-X GET \
-H "Authorization: Bearer MY-TOKEN"

Replace PRODUCT-GUID with the GUID of the product tile. A successful request returns the tile manifest, formatted in JSON.

If your tile does not contain variable migrations, use the manifest to deploy the tile upgrade.

If your tile contains variable migrations, continue to the following step.

Step 3: Fetch Credentials

1. Enter the following curl command to request the credentials from the tile in a format compatible with CredHub:

$ curl "https://OPS-MANAGER-FQDN.com/api/v0/staged/products/credhub_credentials" \ 
-X GET \
-H "Authorization: Bearer MY-TOKEN"

A successful request returns the credentials from your deployment, formatted as a YAML file. You can also call this API endpoint using a browser to download the file automatically.

Note: In this output, type refers to the CredHub variable type rather than the Ops Manager variable type.

1. Migrate the downloaded credentials to CredHub. See the Bulk Import section of the CredHub API documentation for migration instructions.

Step 4: Delete Variable Migrations

Enter the following curl command to delete the credential migrations from the tile:

$ curl "https://OPS-MANAGER-FQDN.com/api/v0/staged/installations/commit" \ 
-X DELETE \
-H "Authorization: Bearer MY-TOKEN" \

Removing the credential migrations from the tile enables the commit endpoint.

After completing this step, return to Step 1 to commit the staged installation and deploy the tile upgrade. 

For complete Ops Manager API documentation, browse to https://OPS-MANAGER-FQDN/docs, replacing OPS-MANAGER-FQDN with the fully qualified domain name (FQDN) of your Ops Manager instance.

Comments

Powered by Zendesk