This topic tells you how to find out if your existing deployment of IPsec for VMware Tanzu can be deployed to VMs that run on Xenial. This topic also explains how to update your IPsec for VMware Tanzu if it does not support Xenial.
Tanzu Operations Manager products and tiles that are released after July 2018 require Ubuntu Xenial stemcells instead of Ubuntu Trusty stemcells. You need to verify that your IPsec for VMware Tanzu deployment is configured correctly to support products running on Xenial.
Follow the instructions on this page if you use IPsec with any products or tiles that use Xenial stemcells. See Add the Xenial Stemcell Property to IPsec below.
Do I Need to Modify IPsec?
IPsec v1.9.9 runs correctly on Xenial-based VMs if the IPsec runtime config includes the ubuntu-xenial property.
Review the following table and make any required changes before you upgrade to Xenial stemcells.
| If you are using this version of IPsec… | do the following… |
|---|---|
| 1.9.9 | Verify that your runtime config file, ipsec-addon.yml, includes
stemcell: - os: ubuntu-trusty - os: ubuntu-xenialIf it does not, then follow the procedure, Add the Xenial Stemcell Property to IPsec below. |
| v1.9.4 and earlier | Install IPsec v1.9.9. |
If you use IPsec without adding the ubuntu-xenial property to the runtime config, the VMs running on Xenial are not able to communicate with the rest of the system.
Add the Xenial Stemcell Property to IPsec
Ensure that you have added the ubuntu-xenial property to IPsec runtime config before you install any product tiles that use Xenial stemcells.
If you use IPsec v1.9.9 without the ubuntu-xenial property in the runtime config, then you must add it to your existing ipsec-addon.yml and redeploy.
Follow these steps:
-
SSH into the Tanzu Operations Manager VM. For how to do this, see SSH into Tanzu Operations Manager.
-
To retrieve and save the IPsec runtime config, run the following command:
bosh -e BOSH-ENVIRONMENT runtime-config –name ipsec > /tmp/ipsec-addon.ymlWhere
BOSH-ENVIRONMENTis the alias you set for the BOSH Director.For example:
$ bosh -e my-env runtime-config –name ipsec-addon > /tmp/ipsec-addon.yml
-
Edit the
ipsec-addon.ymlfile to add- os: ubuntu-xenialunderproperties: {}as shown in the following:addons: - name: ipsec-addon jobs: - name: ipsec release: ipsec properties: {} include: stemcell: - os: ubuntu-trusty - os: ubuntu-xenial -
To update the runtime config, run the following command:
bosh -e BOSH-ENVIRONMENT update-runtime-config --name=ipsec /tmp/ipsec-addon.ymlFor example:
bosh -e my-env update-runtime-config --name=ipsec-addon /tmp/ipsec-addon.yml
-
Go to the Installation Dashboard in Tanzu Operations Manager.
-
If you are using Tanzu Operations Manager v2.3 or later, click Review Pending Changes. For more information about this Tanzu Operations Manager page, see Reviewing your pending product changes in Tanzu Operations Manager.
-
Click Apply Changes.
Content feedback and comments