A stemcell is a versioned Operating System image wrapped with IaaS specific packaging.

Typical stemcell contains bare minimum OS skeleton with few common utilities pre-installed, a BOSH Agent and few configuration files to make OS be securely configured by default.

Learn more about stemcells.

Ubuntu Lucid, CentOS 6.x, and Ruby agent based stemcells are deprecated.

Upload latest version to your BOSH Director:

# Upload latest version, currently 3363.20
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-openstack-kvm-centos-7-go_agent

# Upload specific version
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-openstack-kvm-centos-7-go_agent?v=3363.20

Alternatively, download stemcell tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/stemcells/bosh-openstack-kvm-centos-7-go_agent?v=3363.20

# or with wget...
$ wget --content-disposition https://bosh.io/d/stemcells/bosh-openstack-kvm-centos-7-go_agent?v=3363.20
  • CentOS 7.x

    • OpenStack KVM 602MB
      2017-04-25T23:13:57.000Z 58be290cf8dbc87207ec494ffd03f9e65e2d3913 [SHA1]
      • Bump Ubuntu stemcells for USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities
    • OpenStack KVM 602MB
      2017-04-17T22:48:40.000Z 6c11de286f8bc47c5711be05f6ade390c98301a2 [SHA1]
      • Periodic bump for CentOS stemcells to include CESA-2017:0933
      • Disable IPv6 through /proc/cmdline to eliminate possibilty of listening on tcp6/udp6
    • OpenStack KVM 581MB
      2017-04-05T21:54:59.000Z 54a7c1ed35339a8c3a33c7caf80607f584f19d27 [SHA1]
      • Bump Ubuntu stemcells for USN-3256-2: Linux kernel (HWE) vulnerability


      • Made AWS AMI backing snapshot public to support encryption of boot disks
    • OpenStack KVM 581MB
      2017-03-30T21:27:56.000Z 71bfbff29f17778ef138f11547c1e901c1685df8 [SHA1]
      • Bump Ubuntu stemcells for USN-3249-2: Linux kernel (Xenial HWE) vulnerability
    • OpenStack KVM 580MB
      2017-03-10T00:56:10.000Z c8a80c335563a29b07de13d84fe3f950330e4987 [SHA1]
    • OpenStack KVM 578MB
      2017-03-08T23:49:19.000Z fbba7459f5e543c81467b410df4391e50f97dfe1 [SHA1]
      • Bumps Ubuntu stemcells for USN-3220-2: Linux kernel (Xenial HWE) vulnerability
    • OpenStack KVM 578MB
      2017-02-23T02:26:37.000Z cd612b16e11361ad42135e650c8c7f7a3ba76a1a [SHA1]

      Changes: - Bumps Ubuntu stemcells for USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities - Fixes excessive “out of memory” errors in kernel - https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1655842 - Fixes regression to rsyslog by locking it down again to rsyslog 8.22.0

      Agent: - Fixes Azure stemcell persistent disk formatting - Fixes Warden stemcells SSH access

    • OpenStack KVM 578MB
      2017-02-17T21:15:41.000Z 7580ab411fa6211dec7b6e98c4be05f7f62ad2b8 [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - rsyslog version updated to 8.24.0, regressing on issue #1537 - Out of memory errors still exists in Kernel - will be fixed around Feb 20.

      Changes: - Fixes double -hvm- suffix problem for AWS Light stemcells

    • OpenStack KVM 578MB
      2017-02-16T02:17:21.000Z c7130811964b8a8f87cb08df6dcae12118585236 [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - Out of memory errors still exists in Kernel - will be fixed around Feb 20. - rsyslog version updated to 8.24.0, regressing on issue #1537 - AWS Light stemcell has incorrect name once imported - BOSH SSH does not work on BOSH Lite

      Changes: - Add more auditd rules - Fix CentOS initramfs to load necessary kernel modules - Disable boot loader login - Increasing tcp_max_sync_backlog - Disabling any DSA host keys - Add bosh_sshers group and assign it to vcap user - Only allow users in bosh_sshers group to SSH

      Agent: - Log Agent API access events in CEF format to syslog (vcap.agent topic) - Allow configuring swap size through env.bosh.swap_size (example: env.bosh.swap_size: 0) - Prepare for SHA2 releases - Allow setting fetching to work with base64 encoded user data - Do not delaycompress in logrotate

    • OpenStack KVM 578MB
      2016-12-05T17:31:13.000Z 8c6cef55a11a0deae8db05cfba57da71a8df41fa [SHA1]
      • Periodic stemcell update
    • OpenStack KVM 578MB
      2016-12-02T16:31:19.000Z a741f21784d18226c4fb54986b96fab2431215d8 [SHA1]
    • OpenStack KVM 578MB
      2016-11-30T04:51:12.000Z bc26593e8f80f747d26b95ca6d089df8efdd84d0 [SHA1]
      • Periodic stemcell update
        • Includes USN-3134-1 as requested by a community member
    • OpenStack KVM 578MB
      2016-11-16T22:13:25.000Z c668ff3c0c5e73028e10e96616aa6b1e3c062de2 [SHA1]
      • Properly includes libpam_cracklib.so to avoid errors in /var/log/auth.log
    • OpenStack KVM 578MB
      2016-11-10T23:55:16.000Z d701c5f9b92779be4e1e4411184ee4880eb97bc7 [SHA1]
      • Fixes persistent disk mounting on OpenStack described in Stemcell 3308
    • OpenStack KVM 578MB
      2016-11-10T03:52:49.000Z 63ddb7e16d9955baec75681ecb97d7750f7083e3 [SHA1]

      Reported Problems: - On OpenStack: Mounting persistent disks not working when using config-drive: disk while nova is configured to use a cdrom config-drive due to https://github.com/cloudfoundry/bosh/issues/1503

      Fixes: - Fixes SSH key installation issue introduced in Stemcell 3306

    • OpenStack KVM 579MB
      2016-11-08T17:24:35.000Z 75b4d03ca4fe11894bba8767b12eb5ba66233ac4 [SHA1]

      Reported Problems - bosh-init doesn’t work with this stemcell on OpenStack and AWS due to https://github.com/cloudfoundry/bosh/issues/1500 - Booting the stemcell image directly in you IaaS (without using BOSH/bosh-init) does no longer provision the ssh key for user vcap, so you need to login differently

      Changes - Agent will now wait for monit to complete stop all processes before carrying on - Added google stemcells - Default dmesg_restrict to 1 - Disable all IPv6 configurations - Reenabled UDF kernel module for Azure - Increase root_maxkeys and maxkeys kernel configurations - Changed default hostname to bosh-stemcell instead of localhost to avoid boot problems on GCP - Lower TCP keepalive configuration by default - Mount /var/log directory to /var/vcap/data/root_log - Restrict Access to the su command - Add pam_cracklib requirements to common-password and password-auth - Enable auditing for processes that start prior to auditd - Set log rotation interval to 15 min in stemcell - Made ownership & permissions for /etc/cron* files more restrictive - Customize shell prompt to show instance name and ID - Removed floppy drives from vSphere stemcells - Removed bosh micro assets hence making bosh micro unsupported

      Misc: - Stemcells are now built through Concourse via https://main.bosh-ci.cf-app.com/teams/main/pipelines/bosh:stemcells

    • OpenStack KVM 722MB
      2016-11-03T18:22:30.000Z d79806606bd920d31471658017e41c8c28432e21 [SHA1]
      • Updates CentOS kernel to the latest version for “Dirty COW”
        • Ubuntu stemcells were updated in previous versions at the time of Ubuntu USN updates
      • Includes fix to the bosh-agent to better support 1TB+ disk partitioning
    • OpenStack KVM 721MB
      2016-10-21T02:30:01.000Z f5d0154596698abeee30124fc21be1b2214be897 [SHA1]
      • Bump Ubuntu stemcells for USN-3106-2: Linux kernel (Xenial HWE) vulnerability
      • Includes a fix to the bosh-agent to work more reliably with 2TB+ persistent disks
    • OpenStack KVM 720MB
      2016-10-12T21:03:23.000Z a365a399921a10a710a24872b4b6c0b769468114 [SHA1]
      • Bump Ubuntu stemcells for USN-3099-2: Linux kernel (Xenial HWE) vulnerabilities
    • OpenStack KVM 720MB
      2016-09-30T16:44:18.000Z 167ae930acde233b5f99706e3c78b7f75fda853e [SHA1]
      • Periodic bump
      • Delay start of rsyslogd using systemd on CentOS
    • OpenStack KVM 721MB
      2016-10-22T05:08:38.000Z 906f549a913ba72192f5bf035f9b9e85f5aeffc9 [SHA1]
    • OpenStack KVM 721MB
      2016-10-13T15:15:39.000Z baff42168448a5e1b29620c05a5d316359aafef6 [SHA1]
      • Bump Ubuntu stemcells for USN-3099-2: Linux kernel (Xenial HWE) vulnerabilities
    • OpenStack KVM 720MB
      2016-09-30T15:49:33.000Z d50b83c6e83673be33a7a366bccac90cc83f1882 [SHA1]
    • OpenStack KVM 719MB
      2016-09-08T06:09:35.000Z ebd43b70f542043ea30c25534935a1f7bd86e94f [SHA1]
    • OpenStack KVM 729MB
      2016-08-30T20:52:21.000Z 98cbc9777ef4367f1972dc66452c085edc9e6b5f [SHA1]
    • OpenStack KVM 728MB
      2016-08-23T23:12:58.000Z 039a7d1e28a0d2cbd2d1c4a2a711e4e7702c2bd2 [SHA1]
    • OpenStack KVM 728MB
      2016-08-12T21:49:12.000Z c16013d9a7b784f2fdbbd3a3d7ff3eda7a168b72 [SHA1]
    • OpenStack KVM 727MB
      2016-08-05T00:38:34.000Z feffaeb0936ca06f2b612907c31fe607f05cbc8c [SHA1]
    • OpenStack KVM 727MB
      2016-08-09T23:03:02.000Z 74a6006304e9d24f7e690c3e7f4158fefe7b4206 [SHA1]
    • OpenStack KVM 727MB
      2016-07-21T17:30:58.000Z bc1ec8bf95229fff643cbde573c72dc70739a29b [SHA1]
    • OpenStack KVM 727MB
      2016-06-29T07:05:58.000Z 1b6bb4287c7e3669b67114e1a7d0ae94fcd794d8 [SHA1]
    • OpenStack KVM 726MB
      2016-06-24T20:54:25.000Z a7b853ab8b9f03bc67016d95fc06fe0e [MD5]
    • OpenStack KVM 703MB
      2016-08-22T22:04:11.000Z 7243a694b18b9e3459f0d3358a01b216d44919b1 [SHA1]
    • OpenStack KVM 703MB
      2016-08-12T21:39:12.000Z ae1c055a10dce18ef554a91296445b7fc7d90af3 [SHA1]
    • OpenStack KVM 703MB
      2016-08-04T22:59:26.000Z 0319781cc13368706f644456316b187c04b92ede [SHA1]
    • OpenStack KVM 703MB
      2016-06-28T23:05:21.000Z ea011994eb39eabe6e29081d4f0b8435 [MD5]
    • OpenStack KVM 703MB
      2016-06-20T18:39:51.000Z d532f04878bc2ced66baa1a4886ba726 [MD5]
    • OpenStack KVM 703MB
      2016-06-11T01:16:48.000Z 81b8f933116cf5e82e9cbb3af198c6df [MD5]
    • OpenStack KVM 703MB
      2016-06-03T20:33:16.000Z 484ca2bb155b32cf9bfeece3b224f6a9 [MD5]