The Operations (Ops) Manager will disable certain fields after you have performed the initial installation. The reason for this is to protect you from changing fields that have a high likelihood of breaking your installation. Most of the time, this is a good thing, and you shouldn’t need to edit these fields.

Here are some sample fields that get locked:

• From the the Ops Manager Director Tile, go to Assign AZs and Networks
• From the Elastic Runtime Tile, select Assign AZs and Networks, then select Place Singleton Jobs & Balance other jobs

 

In order to make changes to a locked field, you can enable the advanced mode in the Ops Manager. There are two ways to do this:  using curl and using UAAC.  See the section below for detailed instructions.

Curl

First, we want to get an access token with User Account and Authentication (UAA). You can do that with this command.

curl -s -k -H 'Accept: application/json;charset=utf-8' -d 
'grant_type=password' -d 'username=<your-username>' -d 
'password=<your-pass>' -u 
'opsman:' https://<fqdn for your om>/uaa/oauth/token

The output of this will be a simple JSON dictionary and will have six keys. Look for the key named access token. Copy the value to your clipboard.

Second, we can run one of the following commands to enable, disable, or check the status of advanced mode.

• To enable advanced mode, run this command.

curl -s -k -H 'Accept: application/json;charset=utf-8' -H "Content-Type: application/json" -H 'Authorization: bearer <access-token>' https://<fqdn for your om>/api/v0/staged/infrastructure/locked -X PUT --data '{"locked" : "false"}'

• To check if the advanced mode is enabled, run this command:

curl -s -k -H 'Accept: application/json;charset=utf-8' -H 'Authorization: bearer <access-token>' https://<fqdn for your om>/api/v0/staged/infrastructure/locked

• ​The output will indicate "true" if Ops Manager is locked and advanced mode is disabled or it will indicate "false" Ops Manager is not locked and advanced mode is enabled.
• To disable advanced mode, run this command:

curl -s -k -H 'Accept: application/json;charset=utf-8' -H "Content-Type: application/json" -H 'Authorization: bearer <access-token>' https://<fqdn for your om>/api/v0/staged/infrastructure/locked -X PUT --data '{"locked" : "true"}'

UAAC

When you have the UAA Command Line Interface (UAAC) utility installed, you can also use that to enable and disable advanced mode.  The process is similar.

1. Target UAA on Ops Manager. Run the following:

uaac target https://<fqdn for your om>/uaa
uaac token owner get

2. When prompted, enter the client name as "opsman", leave the client secret blank, enter your username and password (the same as what you use to log on to the Ops Manager UI).

3. Now you can enable, disable, and check the status of advanced mode with the following commands. To enable advanced mode, run the following:

uaac curl https://<fqdn for your om>/api/v0/staged/infrastructure/locked -X PUT --data '{"locked" : "false"}' -H "Content-Type: application/json"

uaac curl https://<fqdn for your om>/api/v0/staged/infrastructure/locked

uaac curl https://<fqdn for your om>/api/v0/staged/infrastructure/locked -X PUT --data '{"locked" : "true"}' -H "Content-Type: application/json"

Impact

Using Ops Manager while it is in advanced mode disables some of the protections that Ops Manager provides for you. This will allow you to make changes that could potentially be dangerous to your installation of Pivotal Cloud Foundry (PCF). Pivotal does not recommend enabling advanced mode unless you have been directed to do so by Pivotal Support. Even then, please proceed with caution when advanced mode is enabled and disable advanced mode once you have completed the change that you set out to make.

 

When running commands with curl, you can pipe the output into "jq" for cleaner and easier to read output.

The example shown here uses "jq" to pick out just the access token

curl -s -k -H 'Accept: application/json;charset=utf-8' -d 'grant_type=password' -d 'username=<your-username>' -d 'password=<your-pass>' -u 'opsman:' https://<fqdn for your om>/uaa/oauth/token | jq .access_token