BOSH Director: bump 271.0.0→271.1.0, sc 621.75→621.76

cunnie · cunnie · commit b934c6971516 · 2020-07-04T08:00:53.000-07:00
We place the Let's Encrypt root certificate (`DST Root CA X3`) in the property `hm.director_account.ca_cert`, which gets templated in the health_monitor job as `uaa.pem`. Previously it used the auto-generated one. This is a bit of a mystery why this suddenly began to fail. I suspect that the 621.75→621.76 stemcell bump had to do with it, but it could also have been the BOSH (director) bump. fixes: ``` bosh create-env ... Waiting for instance 'bosh/0' to be running... Failed (00:05:04) Failed deploying (00:21:05) ssh bosh-vsphere sudo -i monit summary Process 'health_monitor' Does not exist less /var/vcap/sys/log/health_monitor/health_monitor.log I, [2020-06-21T22:34:02.593696 #23850] INFO : BOSH HealthMonitor 0.0.0 is running... E, [2020-06-21T22:34:02.629167 #23850] ERROR : Failed to obtain token from UAA: #<CF::UAA::SSLException: Invalid SSL Cert for https://bosh-vsphere.nono.io:8443/oauth/token. Use '--skip-ssl-validation' to continue with an insecure target> E, [2020-06-21T22:34:02.696326 #23850] ERROR : Failed to obtain token from UAA: #<CF::UAA::SSLException: Invalid SSL Cert for https://bosh-vsphere.nono.io:8443/oauth/token. Use '--skip-ssl-validation' to continue with an insecure target> ```
diff --git a/bosh-vsphere-state.json b/bosh-vsphere-state.json
@@ -1,21 +1,21 @@
 {
     "director_id": "aabf2e91-f664-410b-5ca4-2e0bb3c93dcf",
     "installation_id": "9dbb0ef2-ff17-4a68-5f8b-343798085a14",
-    "current_vm_cid": "vm-9aa89454-002d-4f99-be30-9c956682315e",
-    "current_stemcell_id": "29f7e9e0-95cc-43cb-7da1-c63fcd0c7b3c",
+    "current_vm_cid": "vm-fdb7f391-944b-4de8-9547-05641f670dd3",
+    "current_stemcell_id": "6c7ef186-2ad2-43db-41e8-39fb5b4edeaa",
     "current_disk_id": "161aa4ab-c535-4c5c-7928-0b7d201800bf",
     "current_release_ids": [
-        "da3a79d8-a684-403a-66e8-4dd513f863eb",
-        "66e6e34e-f809-4a82-70ee-08d2765fec46",
-        "3d216d64-f64e-4184-6676-9667edab815e",
-        "d33eafe3-c716-4356-66e9-f01b6ae1532b",
-        "c504ddf8-da3f-47f2-5692-d2730ea657f6",
-        "165ee8c4-f041-4181-56be-561f20ec1883",
-        "7bd2d96d-0c84-4e8d-70b8-b8aae520753d",
-        "b809d91f-1b1d-4df0-4b9c-4919eae3969a",
-        "a1eab853-1324-467f-5f72-0ec549414b33"
+        "534e424c-2477-481d-56f4-2090fadbf5f7",
+        "dc49e3d5-b196-4679-4c1e-dbc833f72688",
+        "1acd4bb5-83a0-4509-6fb0-fdb2937a3736",
+        "daa7b80b-d151-400e-72ff-ed3ba0312b55",
+        "1cd00500-1be9-4a25-7f19-f27bdb349e9f",
+        "e9dbf0bc-e1be-4dd3-62c4-dd1b4875b5ec",
+        "3bc41b7b-33ee-4311-5041-8540921c29f4",
+        "569a8cb5-9522-4518-775c-985a184946dd",
+        "4cb2affa-ffd9-4dc0-5430-cfc4190410d6"
     ],
-    "current_manifest_sha": "887f36447f055cccb128562caca6d2ef382a0ebc4ddbd90702de22a842f9de678f3f626c499a9209cc8374c9b5280e9b95fc565366d3fd820c8a1dda2cea9b4f",
+    "current_manifest_sha": "c3e5c37e49ee526e614ae19a79fca7c7c47094e1e76d5944c49d068883f5d96994acbf6106e80ccdf1eab7836599c68ad2e3333aec6747ce7d63033949a803a1",
     "disks": [
         {
             "id": "161aa4ab-c535-4c5c-7928-0b7d201800bf",
@@ -26,56 +26,56 @@
     ],
     "stemcells": [
         {
-            "id": "29f7e9e0-95cc-43cb-7da1-c63fcd0c7b3c",
+            "id": "6c7ef186-2ad2-43db-41e8-39fb5b4edeaa",
             "name": "bosh-vsphere-esxi-ubuntu-xenial-go_agent",
-            "version": "621.75",
+            "version": "621.76",
             "api_version": 3,
-            "cid": "sc-7ae006ba-af36-4b07-a4e7-827fa2f5fd05"
+            "cid": "sc-72a38e3c-f044-4d4f-9b7c-bba83a1341d6"
         }
     ],
     "releases": [
         {
-            "id": "da3a79d8-a684-403a-66e8-4dd513f863eb",
+            "id": "534e424c-2477-481d-56f4-2090fadbf5f7",
             "name": "bosh",
-            "version": "271.0.0"
+            "version": "271.1.0"
         },
         {
-            "id": "66e6e34e-f809-4a82-70ee-08d2765fec46",
+            "id": "dc49e3d5-b196-4679-4c1e-dbc833f72688",
             "name": "bpm",
             "version": "1.1.8"
         },
         {
-            "id": "3d216d64-f64e-4184-6676-9667edab815e",
+            "id": "1acd4bb5-83a0-4509-6fb0-fdb2937a3736",
             "name": "bosh-vsphere-cpi",
             "version": "54.1.0"
         },
         {
-            "id": "d33eafe3-c716-4356-66e9-f01b6ae1532b",
+            "id": "daa7b80b-d151-400e-72ff-ed3ba0312b55",
             "name": "os-conf",
             "version": "22.0.0"
         },
         {
-            "id": "c504ddf8-da3f-47f2-5692-d2730ea657f6",
+            "id": "1cd00500-1be9-4a25-7f19-f27bdb349e9f",
             "name": "uaa",
             "version": "74.21.0"
         },
         {
-            "id": "165ee8c4-f041-4181-56be-561f20ec1883",
+            "id": "e9dbf0bc-e1be-4dd3-62c4-dd1b4875b5ec",
             "name": "credhub",
             "version": "2.6.0"
         },
         {
-            "id": "7bd2d96d-0c84-4e8d-70b8-b8aae520753d",
+            "id": "3bc41b7b-33ee-4311-5041-8540921c29f4",
             "name": "bosh-aws-cpi",
             "version": "82"
         },
         {
-            "id": "b809d91f-1b1d-4df0-4b9c-4919eae3969a",
+            "id": "569a8cb5-9522-4518-775c-985a184946dd",
             "name": "bosh-azure-cpi",
             "version": "37.2.0"
         },
         {
-            "id": "a1eab853-1324-467f-5f72-0ec549414b33",
+            "id": "4cb2affa-ffd9-4dc0-5430-cfc4190410d6",
             "name": "bosh-google-cpi",
             "version": "30.0.0"
         }
diff --git a/bosh-vsphere.yml b/bosh-vsphere.yml
@@ -892,30 +892,24 @@ instance_groups:
       director_account:
         ca_cert: |
           -----BEGIN CERTIFICATE-----
-          MIIEVDCCArygAwIBAgIRAMqwQP4Qnkr+ZdkUEZSdWqswDQYJKoZIhvcNAQELBQAw
-          MzEMMAoGA1UEBhMDVVNBMRYwFAYDVQQKEw1DbG91ZCBGb3VuZHJ5MQswCQYDVQQD
-          EwJjYTAeFw0yMDAxMTgxNzIzMTZaFw0yMTAxMTcxNzIzMTZaMDMxDDAKBgNVBAYT
-          A1VTQTEWMBQGA1UEChMNQ2xvdWQgRm91bmRyeTELMAkGA1UEAxMCY2EwggGiMA0G
-          CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDgMLIwbwJbp/P0NXxv9Mop+4aqE8wT
-          49thHe5Dj8DSkgyDkfISN8b9MicbOI87CO1CN/Hpr3Mzeu5zS1GxoPG1MO//O+zX
-          CiA9f2jx57ypVUIaGH7CTtNCOUlJnwHz3a3a27Z5akhfnOOj79puUBCUcnLhKv7i
-          lczDvErdDTQ8Dj4nuxWPPS0OXXqBh5l7Gxuc+4zCqk2O1qWVPqYkcyqM13tm4PmR
-          vID9VMfKylJZ36dbsp8JBSSEspCoClYGC9Ic1jqdjV8DYkqXO0vjnJ0u6NG1RnVg
-          L4HZEB79nkj06pmH9OSMItPjysdKUBCpa88FUBVY9suECMDqKKuzQCDj2VTHZfyh
-          2ZvMffG49JTRqEnpoojI2UUz4IO6k12trX/cwypGaO2ki/ApiIl1/q200meoAULM
-          6L+LANOf52Lg6/g0LNqFNraIq7rj2W72gAhHTMIVnsjb+AJPUhIPZHb9YesrOILZ
-          hHUObAPmTQWpUclKwmDtTbNgrmJKNZzv56kCAwEAAaNjMGEwDgYDVR0PAQH/BAQD
-          AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFHRgjMV48I2MFfozF3BrsVFQ
-          BsxCMB8GA1UdIwQYMBaAFHRgjMV48I2MFfozF3BrsVFQBsxCMA0GCSqGSIb3DQEB
-          CwUAA4IBgQCPuoZYSWbcJAE2u2nA8mVrEpK3XQF313CWhfdX0ppX0zoZZgWK+Mck
-          ODiMm9N8UcJdW+zlo8/FzwS+ZyVCEpjXxMkFiVEXbA/33yZnupHashW61Qp9nsA4
-          cilucGuoLxiudpqxFMhSDS08YAqixfmKwr0DQxKiXQADPUNQnVvh6pKSthUWkFUL
-          TWkktV+JGKxhipY/TxijvyGTCRYREEHuUYWQl94HBTyQyX82eOaBdvJHdNjkE21l
-          jCVd7baLC+1u23iY0d6YwN179awMNfO7cchTxaWNVZn0WwHF6VDqg4bI+1XJWb0F
-          JxF6AEKS/p0LQB4xzPewQ6wwGFU9mxBw6TeWkgWDg2/pHwWi656Drb9kkkFNweGk
-          Uv2kZJQZ8DsFcbvZ2vCi/gfiatkAtMYTdJ75KejhKnUuHnjcaSYKaCBw6HHdi7y8
-          lCWJiED96HOUzvJvjmsqoESDRtOT3fOiVkTky83+Mz62YroeGl5B6r/NOt+XSd4l
-          P2WMs1nibkc=
+          MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/
+          MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+          DkRTVCBSb290IENBIFgzMB4XDTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVow
+          PzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QgQ28uMRcwFQYDVQQD
+          Ew5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+          AN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmTrE4O
+          rz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEq
+          OLl5CjH9UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9b
+          xiqKqy69cK3FCxolkHRyxXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw
+          7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40dutolucbY38EVAjqr2m7xPi71XAicPNaD
+          aeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+          HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQMA0GCSqG
+          SIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69
+          ikugdB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXr
+          AvHRAosZy5Q6XkjEGB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZz
+          R8srzJmwN0jP41ZL9c8PDHIyh8bwRLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5
+          JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubSfZGL+T0yjWW06XyxV3bqxbYo
+          Ob8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
           -----END CERTIFICATE-----
         client_id: hm
         client_secret: ((hm_password))
@@ -1289,12 +1283,12 @@ networks:
   type: manual
 releases:
 - name: bosh
-  sha1: a271f20ea5502d27e56b38f1ef0eeef97915fe84
-  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-271.0.0-ubuntu-xenial-621.75-20200606-000853-341135696-20200606000854.tgz
-  version: 271.0.0
+  sha1: ffcc14b2f8665473ceff0b827dc4cd5c02171cef
+  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bosh-271.1.0-ubuntu-xenial-621.76-20200617-214908-091489493-20200617214909.tgz
+  version: 271.1.0
 - name: bpm
-  sha1: 9aebaebb25c7bb7ff4e3aa0473f954f8f86f2d34
-  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bpm-1.1.8-ubuntu-xenial-621.75-20200606-000638-158953044-20200606000641.tgz
+  sha1: 0f2efdad0e9702faa23ead010c1b866f985ba537
+  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/bpm-1.1.8-ubuntu-xenial-621.76-20200616-225534-615382607-20200616225536.tgz
   version: 1.1.8
 - name: bosh-vsphere-cpi
   sha1: 25c53531bf9efeb86d093c2acded62f638e12f0f
@@ -1305,12 +1299,12 @@ releases:
   url: https://bosh.io/d/github.com/cloudfoundry/os-conf-release?v=22.0.0
   version: 22.0.0
 - name: uaa
-  sha1: 0b808c1600cdfd76cdb119db433e63ea438f2ab7
-  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/uaa-74.21.0-ubuntu-xenial-621.75-20200610-221307-920984611-20200610221310.tgz
+  sha1: ff64cd6b5b26312cc28f603098959a029f69c90f
+  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/uaa-74.21.0-ubuntu-xenial-621.76-20200616-225306-279729583-20200616225309.tgz
   version: 74.21.0
 - name: credhub
-  sha1: 622d40abcf05628fbd8e23f9293c7942d78239c7
-  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/credhub-2.6.0-ubuntu-xenial-621.75-20200606-000519-772975871-20200606000521.tgz
+  sha1: 8e12aabd9df83de9e27342e92d2f03da658e4940
+  url: https://s3.amazonaws.com/bosh-compiled-release-tarballs/credhub-2.6.0-ubuntu-xenial-621.76-20200616-225331-225426254-20200616225332.tgz
   version: 2.6.0
 - name: bosh-aws-cpi
   sha1: 1a4826469e715f5595de38a15df7b7f511fbfe85
@@ -1398,6 +1392,6 @@ resource_pools:
   name: vms
   network: default
   stemcell:
-    sha1: 4d9d09b24b177c5b7a02ff9b0d7ceaa2659b516d
-    url: https://bosh-core-stemcells.s3-accelerate.amazonaws.com/621.75/bosh-stemcell-621.75-vsphere-esxi-ubuntu-xenial-go_agent.tgz
+    sha1: 2a9f1e7e2e60828624f871f1b7c31554aaa483e3
+    url: https://bosh-core-stemcells.s3-accelerate.amazonaws.com/621.76/bosh-stemcell-621.76-vsphere-esxi-ubuntu-xenial-go_agent.tgz
 variables: []
diff --git a/etc/TLS.yml b/etc/TLS.yml
@@ -61,3 +61,6 @@
 - type: replace
   path: /instance_groups/name=bosh/properties/director/user_management/uaa/url?
   value: https://((external_fqdn)):8443
+- type: replace
+  path: /instance_groups/name=bosh/properties/hm/director_account/ca_cert?
+  value: ((commercial_ca_crt))
