-
Notifications
You must be signed in to change notification settings - Fork 140
/
lock-on-deploy.html.md.erb
99 lines (65 loc) · 5.16 KB
/
lock-on-deploy.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
---
title: Ops Manager Fields That Lock on Deploy
owner: OpsManager
---
This topic describes how locked fields work in Ops Manager, and lists the unlockable and permanently locked fields in installation tiles.
## <a id="overview"></a> Overview
Some fields in Ops Manager lock during deployment. After deployment, you can no longer configure a locked field through the Ops Manager UI or API endpoints. Product tile authors configure fields as locked to prevent irrevocable VM malfunction, deployment corruption, and data loss. Most users do not need to edit locked fields after initial deployment.
Because deployment requirements may evolve in unanticipated ways over time, some locked fields are _unlockable_, which means that an advanced <%= vars.platform_name %> operator can unlock them to allow reconfiguration. Other fields are _permanently locked_, and their values cannot be changed. Unlocking the unlockable fields requires you to use Ops Manager's Advanced Mode. For more information about Advanced Mode, see [Unlockable Fields](#unlock).
In summary, there are three types of configurable fields in Ops Manager:
* **Standard fields**, which can be reconfigured after deployment as many times as you need.
* **Unlockable fields**, which lock on deployment but can be unlocked and configured with Advanced Mode.
* **Permanently locked fields**, which lock on deployment and cannot be unlocked.
<p class="note warning"><strong>Warning:</strong> <%= vars.company_name %> recommends that only skilled operators use Ops Manager's Advanced Mode. If you use Advanced Mode incorrectly, you could disable or destroy your deployment.</p>
## <a id='unlock'></a> Unlockable Fields
This section describes the fields that lock during deployment and can be unlocked and configured after deployment. To unlock these fields, you must use Ops Manager's Advanced Mode. For more information, see [How to Enable Advanced Mode in the Ops Manager](https://community.pivotal.io/s/article/How-to-Enable-Advanced-Mode-in-the-Ops-Manager) in the VMware Tanzu Knowledge Base.
After you have enabled Advanced Mode, you can use the API or Ops Manager UI to reconfigure some fields that were locked previously. Those fields are listed in the sections below.
<p class="note warning"><strong>Warning:</strong> <%= vars.company_name %> recommends that only skilled operators use Ops Manager's Advanced Mode. If you use Advanced Mode incorrectly, you could disable or destroy your deployment.</p>
### <a id='director-tile'></a> Unlockable Fields in the Director Tile
In the **Director Config** pane, you can unlock the following fields in Advanced Mode after deployment:
* In the **CredHub Encryption Provider** section:
* Under **Luna HSM:**
* **HSM Host Address**
* **HSM Port Address**
* **Partition Serial Number**
* In the **Blobstore Location** section:
* **Blobstore Location**
* Under **S3 Compatible Blobstore:**
* **S3 Endpoint**
* **Bucket Name**
* Under **S3 Signature Version**:
* **S3 Signature Version**
* Under **V4 Signature**:
* **Region**
* Under **S3 Backup Strategy**:
* Under **Copy into an additional bucket**:
* **Backup Bucket Region**
* **Backup Bucket Name**
* In the **Database Location** section:
* Under **External MySQL Database:**
* **Host**
* **Port**
* **Database**
In the **Assign AZs and Networks** pane, you can unlock the following fields after deployment:
* The **Singleton Availability Zone** dropdown
### <a id='product-tiles'></a> Unlockable Fields in Product Tiles
Product tiles also have unlockable fields.
In the **Assign AZs and Networks** pane, you can unlock the following fields after deployment:
* **Place singleton jobs in**
* **Balance other jobs**
## <a id='locked-permanently'></a> Permanently Locked Fields
This section describes the fields that lock during deployment and cannot be unlocked even in Advanced Mode. These fields cannot be updated after deployment, either through the Ops Manager UI or through API endpoints.
### <a id='director-tile-locked'></a> Permanently Locked Fields in the BOSH Director Tile
In the **Director Config** pane, the following fields lock permanently after deployment:
* In the **CredHub Encryption Provider** section:
* **CredHub Encryption Provider**
* Under **Luna HSM:**
* **Encryption Key Name**
* **Provider Partition**
* **Provider Partition Password**
* **Database Location:** You cannot change the database location after deploying the BOSH Director.
In the **Create Availability Zones** pane, the following field locks permanently after deployment:
* You cannot delete an in-use Availability Zone (AZ).
### <a id="product-tiles-locked"></a> Configurable Fields in Product Tiles
No fields other than the ones listed above lock in third-party product tiles. However, tile authors can specify which additional fields should lock on deploy by passing the `freeze-on-deploy` flag.
For more information about this flag, see the [Common Property Blueprint Attributes](https://docs.pivotal.io/tiledev/<%= product_info['local_product_version'].to_s.sub('.','-') %>/property-template-references.html#common-attributes) section of the _Property and Template References_ topic in the <%= vars.platform_name %> Tile Developer Guide.