A stemcell is a versioned Operating System image wrapped with IaaS specific packaging.

Typical stemcell contains bare minimum OS skeleton with few common utilities pre-installed, a BOSH Agent and few configuration files to make OS be securely configured by default.

Learn more about stemcells.

Ubuntu Lucid, CentOS 6.x, and Ruby agent based stemcells are deprecated.

Upload latest version to your BOSH Director:

# Upload latest version, currently 3363.20
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-vsphere-esxi-ubuntu-trusty-go_agent

# Upload specific version
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-vsphere-esxi-ubuntu-trusty-go_agent?v=3363.20

Alternatively, download stemcell tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/stemcells/bosh-vsphere-esxi-ubuntu-trusty-go_agent?v=3363.20

# or with wget...
$ wget --content-disposition https://bosh.io/d/stemcells/bosh-vsphere-esxi-ubuntu-trusty-go_agent?v=3363.20
  • Ubuntu Trusty

    • vSphere ESXi 426MB
      2017-04-25T23:14:16.000Z cc46c54c4b93dc0933bf9139b60d6782ffcad7ef [SHA1]
      • Bump Ubuntu stemcells for USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities
    • vSphere ESXi 426MB
      2017-04-17T22:49:13.000Z 728d40eb9fdecba7086b08f2db8bd23a29d372b1 [SHA1]
      • Periodic bump for CentOS stemcells to include CESA-2017:0933
      • Disable IPv6 through /proc/cmdline to eliminate possibilty of listening on tcp6/udp6
    • vSphere ESXi 426MB
      2017-04-05T21:56:01.000Z d5571cd8e13d1daca99dc821e4fb751f4cdd42f8 [SHA1]
      • Bump Ubuntu stemcells for USN-3256-2: Linux kernel (HWE) vulnerability

      Misc:

      • Made AWS AMI backing snapshot public to support encryption of boot disks
    • vSphere ESXi 426MB
      2017-03-30T21:28:49.000Z 06757e5a1fb52752a62cb046d2ce7972bfcde037 [SHA1]
      • Bump Ubuntu stemcells for USN-3249-2: Linux kernel (Xenial HWE) vulnerability
    • vSphere ESXi 426MB
      2017-03-10T00:56:40.000Z 8899d9b76edde5722d98088983d416fa32c597e9 [SHA1]
    • vSphere ESXi 426MB
      2017-03-08T23:50:27.000Z 9672080e35c94b3621fc6e683125a3057d697483 [SHA1]
      • Bumps Ubuntu stemcells for USN-3220-2: Linux kernel (Xenial HWE) vulnerability
    • vSphere ESXi 426MB
      2017-02-23T02:27:39.000Z f5ecf3d5dcb90b0d973726758eead6520adf1ded [SHA1]

      Changes: - Bumps Ubuntu stemcells for USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities - Fixes excessive “out of memory” errors in kernel - https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1655842 - Fixes regression to rsyslog by locking it down again to rsyslog 8.22.0

      Agent: - Fixes Azure stemcell persistent disk formatting - Fixes Warden stemcells SSH access

    • vSphere ESXi 426MB
      2017-02-17T21:16:09.000Z 2571b9bcf0285022593b6912a75dad2f9eb0dcb4 [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - rsyslog version updated to 8.24.0, regressing on issue #1537 - Out of memory errors still exists in Kernel 4.4.0.62 - will be fixed around Feb 20.

      Changes: - Fixes double -hvm- suffix problem for AWS Light stemcells

    • vSphere ESXi 426MB
      2017-02-16T02:18:06.000Z 7be3327781e809db8418033d5d51979f7f776db6 [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - Out of memory errors still exists in Kernel 4.4.0.62 - will be fixed around Feb 20. - rsyslog version updated to 8.24.0, regressing on issue #1537 - AWS Light stemcell has incorrect name once imported - BOSH SSH does not work on BOSH Lite

      Changes: - Add more auditd rules - Fix CentOS initramfs to load necessary kernel modules - Disable boot loader login - Increasing tcp_max_sync_backlog - Disabling any DSA host keys - Add bosh_sshers group and assign it to vcap user - Only allow users in bosh_sshers group to SSH

      Agent: - Log Agent API access events in CEF format to syslog (vcap.agent topic) - Allow configuring swap size through env.bosh.swap_size (example: env.bosh.swap_size: 0) - Prepare for SHA2 releases - Allow setting fetching to work with base64 encoded user data - Do not delaycompress in logrotate

    • vSphere ESXi 426MB
      2017-04-25T23:17:42.000Z 491cfbc0047eae9bbfd96f8a74f48a32391cb13e [SHA1]
    • vSphere ESXi 426MB
      2017-04-05T23:49:33.000Z d0f6da3b3b668ffc8425e80d0cad3794a01306ce [SHA1]
    • vSphere ESXi 426MB
      2017-03-30T23:18:56.000Z deefb4ee1f5c80b497dc3ba8641370a774f7721b [SHA1]
    • vSphere ESXi 426MB
      2017-03-08T23:51:46.000Z c45980352e7ecaf1320144afb440bb445626b5c4 [SHA1]
    • vSphere ESXi 426MB
      2017-02-23T01:54:32.000Z fb9ebb556deefabfe38aeab35bdd111425190920 [SHA1]
    • vSphere ESXi 426MB
      2017-02-10T00:58:58.000Z edd7ebb38437dc7edbe371719d4130392599beb8 [SHA1]
    • vSphere ESXi 425MB
      2016-12-14T02:47:49.000Z 4d26fc17fdb30455741e155ba77bdcbe2f6130d9 [SHA1]
      • Bumps Ubuntu stemcells for USN-3156-1: APT vulnerability
    • vSphere ESXi 425MB
      2016-12-05T17:31:43.000Z d8696585feac0efe75460d96db2d026fb1b84f80 [SHA1]
      • Periodic stemcell update
    • vSphere ESXi 425MB
      2016-12-02T16:32:55.000Z 60f42c93a3b1aea58fb373a5393f28ed292ce1d1 [SHA1]
    • vSphere ESXi 425MB
      2016-11-30T04:51:42.000Z 1e5a36142fb537c35be59b4091e428dd581d0d90 [SHA1]
      • Periodic stemcell update
        • Includes USN-3134-1 as requested by a community member
    • vSphere ESXi 425MB
      2016-11-16T22:14:24.000Z e69d870d9aa90135429e30852ce32bdbb425db51 [SHA1]
      • Properly includes libpam_cracklib.so to avoid errors in /var/log/auth.log
    • vSphere ESXi 424MB
      2016-11-10T23:55:46.000Z c3629db0cab8bc74cc922d75ab78e1388bec6782 [SHA1]
      • Fixes persistent disk mounting on OpenStack described in Stemcell 3308
    • vSphere ESXi 424MB
      2016-11-10T03:53:19.000Z 44d74028e801421e2c963ef382ac7334a3a1b7ad [SHA1]

      Reported Problems: - On OpenStack: Mounting persistent disks not working when using config-drive: disk while nova is configured to use a cdrom config-drive due to https://github.com/cloudfoundry/bosh/issues/1503

      Fixes: - Fixes SSH key installation issue introduced in Stemcell 3306

    • vSphere ESXi 424MB
      2016-11-08T17:24:53.000Z c49729f3843e0e255b262731e53ca68721afcb22 [SHA1]

      Reported Problems - bosh-init doesn’t work with this stemcell on OpenStack and AWS due to https://github.com/cloudfoundry/bosh/issues/1500 - Booting the stemcell image directly in you IaaS (without using BOSH/bosh-init) does no longer provision the ssh key for user vcap, so you need to login differently

      Changes - Agent will now wait for monit to complete stop all processes before carrying on - Added google stemcells - Default dmesg_restrict to 1 - Disable all IPv6 configurations - Reenabled UDF kernel module for Azure - Increase root_maxkeys and maxkeys kernel configurations - Changed default hostname to bosh-stemcell instead of localhost to avoid boot problems on GCP - Lower TCP keepalive configuration by default - Mount /var/log directory to /var/vcap/data/root_log - Restrict Access to the su command - Add pam_cracklib requirements to common-password and password-auth - Enable auditing for processes that start prior to auditd - Set log rotation interval to 15 min in stemcell - Made ownership & permissions for /etc/cron* files more restrictive - Customize shell prompt to show instance name and ID - Removed floppy drives from vSphere stemcells - Removed bosh micro assets hence making bosh micro unsupported

      Misc: - Stemcells are now built through Concourse via https://main.bosh-ci.cf-app.com/teams/main/pipelines/bosh:stemcells

    • vSphere ESXi 552MB
      2017-04-25T23:28:51.000Z f4af14f5652570965078b27a0230247db98996a1 [SHA1]
    • vSphere ESXi 552MB
      2017-04-06T00:47:38.000Z 0fabd3c1c5116209a55ed7e4740647524917ca9c [SHA1]
    • vSphere ESXi 552MB
      2017-03-31T00:52:19.000Z bfc38d7521f2867ffd63b855270a4d6584a84c7a [SHA1]
    • vSphere ESXi 552MB
      2017-03-09T00:18:27.000Z 48d3471af2886418879763ff73349bf2abb056cf [SHA1]
    • vSphere ESXi 552MB
      2017-02-23T00:59:19.000Z 25b6b528a18b7062568d974261ad78fec0a46e15 [SHA1]
    • vSphere ESXi 551MB
      2017-01-13T04:36:13.000Z 70ca4e0f8a3602a53919cd4e8fd97770ed7da234 [SHA1]
    • vSphere ESXi 551MB
      2016-12-31T07:13:23.000Z 8d74dc5acfd0b9d2644a8821c78c88d347a1fc14 [SHA1]
    • vSphere ESXi 551MB
      2016-12-15T05:40:41.000Z 63cc6f5094d1ad3e9c5b5e6b103da1ddfc5a4a47 [SHA1]
    • vSphere ESXi 551MB
      2016-12-14T01:37:11.000Z 40b85a83896dfd59bb20281d03dfde08a32f2a06 [SHA1]
    • vSphere ESXi 551MB
      2016-12-06T17:12:51.000Z 9e4ea92355fc13eb5ce3e425355bed87c1681f4d [SHA1]
    • vSphere ESXi 550MB
      2016-11-03T18:22:30.000Z bf448bcea737eb937ca770feda4f21ed514976d3 [SHA1]
      • Updates CentOS kernel to the latest version for “Dirty COW”
        • Ubuntu stemcells were updated in previous versions at the time of Ubuntu USN updates
      • Includes fix to the bosh-agent to better support 1TB+ disk partitioning
    • vSphere ESXi 550MB
      2016-10-21T02:30:02.000Z 6e58a5bfdce715aaa832ea1035972c84dc579577 [SHA1]
      • Bump Ubuntu stemcells for USN-3106-2: Linux kernel (Xenial HWE) vulnerability
      • Includes a fix to the bosh-agent to work more reliably with 2TB+ persistent disks