forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathlock-on-deploy.html.md.erb
94 lines (56 loc) · 5.28 KB
/
lock-on-deploy.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
---
title: Ops Manager Fields That Lock On Deploy
owner: OpsManager
---
This topic describes how locked fields work in Pivotal Operations Manager, and lists the unlockable and permanently-locked fields in installation tiles.
## <a id="overview"></a>Overview
Some fields in Ops Manager lock during deployment. After deployment, a locked field is no longer configurable via the Ops Manager UI or API endpoints. Product tile authors configure fields as locked to prevent irrevocable VM malfunction, deployment corruption, and data loss. Most users will not need to edit locked fields after initial deployment.
Because deployment requirements may evolve in unanticipated ways over time, some locked fields are _unlockable_, which means that an advanced <%= vars.product_name %> operator can unlock them to allow reconfiguration. Other fields are _permanently locked_, and their values cannot be changed. Unlocking the unlockable fields requires you to use Ops Manager's Advanced Mode. For more information about Advanced Mode, see [Unlockable Fields](#unlock).
In summary, there are three types of configurable fields in Ops Manager:
* **Standard fields**, which can be reconfigured after deployment as many times as you need.
* **Unlockable fields**, which lock on deployment but can be unlocked and configured with [Advanced Mode](#unlock).
* **Permanently-locked fields**, which lock on deployment and cannot be unlocked.
<p class="note warning"><strong>WARNING:</strong> Pivotal recommends that only skilled operators use Ops Manager's Advanced Mode. If you use Advanced Mode incorrectly, you could disable or destroy your deployment.</p>
## <a id='unlock'></a>Unlockable Fields
This section describes the fields that lock during deployment and can be unlocked and configured after deployment. To unlock these fields, you must use Ops Manager's [Advanced Mode](https://community.pivotal.io/s/article/How-to-Enable-Advanced-Mode-in-the-Ops-Manager).
After you have enabled Advanced Mode, you can use the API or Ops Manager UI to reconfigure some fields that were locked previously. Those fields are listed in the following section.
<p class="note warning"><strong>WARNING:</strong> Pivotal recommends that only skilled operators use Ops Manager's Advanced Mode. If you use Advanced Mode incorrectly, you could disable or destroy your deployment.</p>
### <a id='director-tile'></a>Unlockable Fields in the Director Tile
In the **Director Config** pane, you can unlock the following fields after deployment:
In the **CredHub Encryption Provider** fields, when you are using a Luna HSM, you can unlock the following fields after deployment:
* **Encryption Key Name**
* **Provider Partition**
* **HSM Host Address**
* **HSM Port Address**
* **Partition Serial Number**
In the **Assign AZs and Networks** pane, you can unlock the following fields after deployment:
* The **Singleton Availability Zone** dropdown
### <a id='product-tiles'></a>Unlockable Fields in Product Tiles
Product tiles also have unlockable fields.
In the **Assign AZs and Networks** pane, you can unlock the following fields after deployment:
* **Place singleton jobs in**
* **Balance other jobs**
## <a id='locked-permanently'></a>Permanently-Locked Fields
This section describes the fields that lock during deployment and cannot be unlocked. These fields cannot be configured after deployment, either via the Ops Manager UI or via API endpoints.
### <a id='director-tile-locked'></a>Permanently-Locked Fields in the Director tile
In the **Director Config** pane, the following fields lock permanently after deployment:
In the **Blobstore Location** section:
* **S3 Endpoint** in the **S3 Compatible Blobstore** section
* **Bucket Name** in the **S3 Compatible Blobstore** section
* **V2 Signature** in the **S3 Compatible Blobstore** section
* **V4 Signature** in the **S3 Compatible Blobstore** section
* **Region** in the **S3 Compatible Blobstore** > **V4 Signature** section
<p class="note"><strong>Note:</strong> Changes to the <em>Internal</em> or <em>S3 Compatible Blobstore</em> radio buttons in the <em>Blobstore Location</em> section will not affect a deployed Ops Manager.</p>
In the Database Location section:
* **Host** in the **External MySQL Database** section
* **Port** in the **External MySQL Database** section
* **Username** in the **External MySQL Database** section
* **Password** in the **External MySQL Database** section
* **Database** in the **External MySQL Database** section
<p class="note"><strong>Note:</strong> Changes to the <em>Internal</em> or <em>External MySQL Database</em> radio buttons in the <em>Database Location</em> section will not affect a deployed Ops Manager.</p>
In the **Create Availability Zone** pane, the following fields lock permanently after deployment:
* You cannot delete an in-use Availability Zone (AZ)
In the **Assign AZs and Networks** pane, all fields lock permanently after deployment.
### <a id="product-tiles-locked"></a>Configurable Fields in Product Tiles
No fields other than the ones listed above lock in third-party product tiles. However, tile authors can specify which additional fields should lock on deploy by passing the `freeze-on-deploy` flag.
For more information about this flag, see [Common Property Blueprint Attributes](https://docs.pivotal.io/tiledev/2-2/property-template-references.html#common-attributes).