This topic describes how you can upgrade to VMware Tanzu Operations Manager v3.0 or later directly from v2.5 and later, skipping minor versions. This is called a jump upgrade.

Prerequisites

Before you jump upgrade to Tanzu Operations Manager v3.0 or later:

  • If you are using Tanzu Operations Manager v2.10.8 or earlier, you must complete any in-progress CA rotation before you can jump upgrade. Failure to complete the CA rotation results in the inability to Apply Changes due to safety violations.

  • If you are on Tanzu Operations Manager v2.4 or earlier, you must do standard upgrades for each version up to v2.5 before you can jump upgrade to v3.0.

  • To upgrade to Tanzu Operations Manager v3.0, you must ensure that the products you have installed are compatible with Tanzu Operations Manager v3.0.

  • You must have no staged changes for any product tile or service instance.

  • If you are using vSphere with NSX-T, you must have NSX-T v2.3 or later installed.

BOSH DNS certificates regeneration

In Tanzu Operations Manager v2.10.9 and later, BOSH DNS leaf certificates are generated to include the subject alternative name (SAN) field. This migration process is required before you upgrade to Tanzu Operations Manager v2.10.33 and later. If you do not complete this migration before upgrading to v2.10.33 or later, you might experience unexpected BOSH DNS resolution issues until the change is rolled out to all VMs.

When you upgrade to v2.10.9 or later, the BOSH DNS leaf certificates are automatically regenerated to include the SAN field on the next Apply Changes.

To allow DNS certificate regeneration and avoid communication issues between system components:

  1. Run the Upgrade service instances errand on all service tiles.

  2. Apply Changes to all tiles.

Jump upgrade

After you ensure your deployment meets the requirements described in Prerequisites, you can upgrade to Tanzu Operations Manager to v3.0 or later.

To jump upgrade to Tanzu Operations Manager to v3.0 or later:

  1. Review the table in Breaking changes below and address any breaking changes that apply to your current Tanzu Operations Manager version.

  2. Follow the procedure in Upgrading Tanzu Operations Manager.

Breaking changes

The following table describes the breaking changes that affect Tanzu Operations Manager v2.5 through v2.9 and how to address them before you upgrade:

Upgrading from Breaking change Action before upgrading
Any prior to v2.10.33 For Tanzu Operations Manager v2.10.9 and later, BOSH DNS leaf certificates are generated to include the subject alternative name (SAN) field. If you do not distribute the BOSH DNS leaf certificates to all VMs, you can experience downtime caused by communication issues between system components. When upgrading to Tanzu Operations Manager v2.10.9 or later, run the Upgrade service instances errand on all service tiles and Apply Changes to all tiles. For more information, see BOSH DNS certificates regeneration.
v2.5 You can SSH onto the Tanzu Operations Manager VM in a vSphere deployment only with a private SSH key, not a password. You could get an error when authenticating that causes Tanzu Operations Manager to shut down and enter a reboot loop. Add a public key to the OVF template for the Tanzu Operations Manager VM. Then, use the private key to SSH onto the Tanzu Operations Manager VM. For more information, see Deploy Tanzu Operations Manager in Deploying Tanzu Operations Manager on vSphere.
v2.5 The stemcell property for the Tanzu Operations Manager API /api/v0/diagnostic_report endpoint is removed. This could cause an error when retrieving Tanzu Operations Manager diagnostic reports. Update any automation scripts that use the stemcell property. For more information about "Stemcell Property for Diagnostic Report API Endpoint is Removed" in the Tanzu Operations Manager v2.6 Release Notes, contact Broadcom Support.
v2.5 The stemcell version key for pending changes is moved and renamed. This could cause an error when retrieving Tanzu Operations Manager API pending changes. Update your automation scripts that use the stemcell information in the /api/v0/pending_changes endpoint.
v2.5 Trusty stemcells 3541 and earlier are no longer supported. If your deployment is on AWS and using outdated stemcells, Tanzu Operations Manager fails to boot. Install Xenial stemcells or Trusty stemcell 3586 or later. For more information about "AWS Deployments Use 5th Generation Instances" in the Tanzu Operations Manager v2.6 Release Notes, contact Broadcom Support.
v2.5 and v2.6 The /api/v0/stemcells_assignments endpoint in the Tanzu Operations Manager API is removed. This could cause an error when retrieving Tanzu Operations Manager API stemcell assignments. Update your automation scripts to use the /api/v0/stemcell_associations endpoint instead. For more information, see Stemcell Associations for Products APIs in the Tanzu Operations Manager API documentation.
v2.5 and v2.6 Tanzu Operations Manager v2.10 installs a later version of the BOSH CLI. This can cause your BOSH CLI automation scripts to stop working. Update your automation scripts to use BOSH CLI v2. For more information, see Installing the CLI and Commands in the BOSH documentation.
v2.5 and v2.6 Certain properties within a collection or selector are no longer configurable in the Tanzu Operations Manager UI and API. Update your automation scripts to remove these properties. For more information about the tile properties you can configure in Tanzu Operations Manager v2.10.2, see the release notes for that tile.
v2.5 and v2.6 The nsx_security_groups property is renamed security_groups for NSX-V deployments and ns_groups for NSX-T deployments. Additionally, the Tanzu Operations Manager API does not recognize NSX-related properties that are not nested under an nsx or nsxt key. If your deployment is on vSphere, Tanzu Operations Manager API does not update parameters for NSX-V or NSX-T. Update your automation scripts to use the appropriate properties for your deployment. For more information, see Configuring resources for a job in the Tanzu Operations Manager API documentation.
v2.5, v2.6, and v2.7 If TLS is not enabled before upgrade and Windows stemcells are in use, Apply Changes can fail. Tanzu Operations Manager enables TLS by default when an internal blobstore is configured. Enable the internal blobstore TLS on the Director Config pane under the BOSH Director tile. To re-create all Windows-based VMs, do one of the following:
  • Upload and deploy a newer Windows stemcell to all relevant tiles.
  • Enable the Recreate VMs deployed by the BOSH Director check box in the Director Config pane and deploy all relevant tiles.
v2.5, v2.6, v2.7, and v2.8 Tanzu Operations Manager v2.9 is incompatible with vSphere Data Center NSX-T v2.2 and earlier. Upgrade to NSX-T v2.3 or later. For more information about "Ops Manager v2.9 Incompatible with vSphere Data Center NSX-T v2.2 and Earlier" in the Tanzu Operations Manager v2.9 Release Notes, contact Broadcom Support.
v2.8 and v2.9 Tanzu Operations Manager v2.10 includes CredHub Maestro v8.0. In this version of CredHub Maestro, the maestro update-transitional latest command is removed. If you have scripts that rely on the maestro update-transitional latest command, remove references to the command before you upgrade to Tanzu Operations Manager v3.0. In CredHub Maestro v8.0, you run maestro regenerate ca to regenerate a certificate authority (CA) and mark the latest version of the CA as transitional. This command performs both actions, while previous versions of CredHub Maestro use a separate command for each task.

For breaking changes between Tanzu Operations Manager v2.10 and v3.0, see Breaking changes in Tanzu Operations Manager v3.0.

check-circle-line exclamation-circle-line close-line
Scroll to top icon