A stemcell is a versioned Operating System image wrapped with IaaS specific packaging.

Typical stemcell contains bare minimum OS skeleton with few common utilities pre-installed, a BOSH Agent and few configuration files to make OS be securely configured by default.

Learn more about stemcells.

Ubuntu Lucid, CentOS 6.x, and Ruby agent based stemcells are deprecated.

Windows instance types will have additional costs associated with Microsoft licensing. Windows stemcell do not include actual Windows OS.

Upload latest version to your BOSH Director:

# Upload latest version, currently 3421.11
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-vsphere-esxi-centos-7-go_agent

# Upload specific version
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-vsphere-esxi-centos-7-go_agent?v=3421.11

Alternatively, download stemcell tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/stemcells/bosh-vsphere-esxi-centos-7-go_agent?v=3421.11

# or with wget...
$ wget --content-disposition https://bosh.io/d/stemcells/bosh-vsphere-esxi-centos-7-go_agent?v=3421.11
  • CentOS 7.x

    • vSphere ESXi 618MB
      2017-06-30T00:29:21.000Z 5d3ae62ead9a23e421984f9be0abedda58f596e5 [SHA1]
      • Bump Ubuntu stemcells for USN-3344-2: Linux kernel (Xenial HWE) vulnerabilities
    • vSphere ESXi 618MB
      2017-06-21T03:32:47.000Z 39cfe2445cacb4b2dac5118e90b76e4af43402fc [SHA1]
      • Bump Ubuntu stemcells for USN-3334-1: Linux kernel (Xenial HWE) vulnerabilities
    • vSphere ESXi 618MB
      2017-06-12T16:52:17.000Z 2656182556ae8968f2a1dfe99dab2eded3f06ff8 [SHA1]
      • Bump Ubuntu stemcells for USN-3312-2 - Linux kernel vulnerabilities
    • vSphere ESXi 618MB
      2017-06-05T17:37:03.000Z 7be4a7b5c917ec684d09510dfe87fa5dfe8cddb1 [SHA1]
      • Bump CentOS stemcells for CESA-2017:1382 - sudo vulnerability
    • vSphere ESXi 616MB
      2017-05-23T00:36:57.000Z 7b832b704d13e6627b5397699ff8a5be0d258e0b [SHA1]


      • Added env.bosh.remove_static_libraries (bool) to remove static libraries
        • Useful to enable this option when exporting compiled releases
      • Added env.bosh.ipv6.enable (bool) to remove ipv6.disable kernel functionality at bootup time


      • Fixed sysstat logging
      • Fixed anacron’s RANDOM_DELAY configuration


      • Bumped s3cli v0.0.60
        • Updated aws-sdk-go to solve network timeout edge case
      • Bumped davcli v0.0.19
        • Use TCP keep alive to solve network timeout edge case
      • Bumped bosh-agent v0.0.35
        • Add -v to the Agent binary
        • Prepared sync_dns action to work with future Director’s DNS integration
    • vSphere ESXi 617MB
      2017-05-30T23:02:26.000Z 158a552c2d85ca7fff19806feb402ed00105eade [SHA1]
    • vSphere ESXi 617MB
      2017-05-19T23:43:23.000Z 17e70920a7e33d9ddde3a2ef805719abf0712a0e [SHA1]
      • Periodic Ubuntu stemcells update
    • vSphere ESXi 617MB
      2017-05-12T19:28:52.000Z f84b211fb48438db1bcb25ab0036330c6b125ed9 [SHA1]
      • Periodic Ubuntu stemcells update
      • Run cron in BOSH Lite stemcells so that logrotation is performed
    • vSphere ESXi 617MB
      2017-04-25T23:14:24.000Z d0557b82010572700c5b9740953c2b5f52cf2dd2 [SHA1]
      • Bump Ubuntu stemcells for USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities
    • vSphere ESXi 617MB
      2017-04-17T22:49:20.000Z 6ec54a514d4b9598a70b3ca5102385867efa0761 [SHA1]
      • Periodic bump for CentOS stemcells to include CESA-2017:0933
      • Disable IPv6 through /proc/cmdline to eliminate possibilty of listening on tcp6/udp6
    • vSphere ESXi 596MB
      2017-04-05T21:56:06.000Z 31b9e0af2a53dd03604008f6718b58c09427cfce [SHA1]
      • Bump Ubuntu stemcells for USN-3256-2: Linux kernel (HWE) vulnerability


      • Made AWS AMI backing snapshot public to support encryption of boot disks
    • vSphere ESXi 596MB
      2017-03-30T21:28:55.000Z 141a07dd6b3e7bf6ab91a6db2de8f480e46446ba [SHA1]
      • Bump Ubuntu stemcells for USN-3249-2: Linux kernel (Xenial HWE) vulnerability
    • vSphere ESXi 596MB
      2017-03-10T00:56:45.000Z 3cbb5f0e285e645f141462f302a81fb3c87b8925 [SHA1]
    • vSphere ESXi 593MB
      2017-03-08T23:51:40.000Z 515c39bb780ee1088880734d4df0ecf517c3de99 [SHA1]
      • Bumps Ubuntu stemcells for USN-3220-2: Linux kernel (Xenial HWE) vulnerability
    • vSphere ESXi 593MB
      2017-02-23T02:27:47.000Z 6f86bfd6b5c20633187aa69842854d36805b85ac [SHA1]

      Changes: - Bumps Ubuntu stemcells for USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities - Fixes excessive “out of memory” errors in kernel - https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1655842 - Fixes regression to rsyslog by locking it down again to rsyslog 8.22.0

      Agent: - Fixes Azure stemcell persistent disk formatting - Fixes Warden stemcells SSH access

    • vSphere ESXi 593MB
      2017-02-17T21:16:14.000Z 14887f5f613d3f5f6d71bd73017b7644199d75ad [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - rsyslog version updated to 8.24.0, regressing on issue #1537 - Out of memory errors still exists in Kernel - will be fixed around Feb 20.

      Changes: - Fixes double -hvm- suffix problem for AWS Light stemcells

    • vSphere ESXi 593MB
      2017-02-16T02:18:42.000Z 02879d445310f69840340ad914eac4dcdda55bb9 [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - Out of memory errors still exists in Kernel - will be fixed around Feb 20. - rsyslog version updated to 8.24.0, regressing on issue #1537 - AWS Light stemcell has incorrect name once imported - BOSH SSH does not work on BOSH Lite

      Changes: - Add more auditd rules - Fix CentOS initramfs to load necessary kernel modules - Disable boot loader login - Increasing tcp_max_sync_backlog - Disabling any DSA host keys - Add bosh_sshers group and assign it to vcap user - Only allow users in bosh_sshers group to SSH

      Agent: - Log Agent API access events in CEF format to syslog (vcap.agent topic) - Allow configuring swap size through env.bosh.swap_size (example: env.bosh.swap_size: 0) - Prepare for SHA2 releases - Allow setting fetching to work with base64 encoded user data - Do not delaycompress in logrotate

    • vSphere ESXi 593MB
      2016-12-05T17:31:51.000Z 8e3f2fc6f1f0f91e23ebbf4a21cf711ae924aa41 [SHA1]
      • Periodic stemcell update
    • vSphere ESXi 593MB
      2016-12-02T16:33:01.000Z 22dc1eabd5bb8f54c25ff0f118264218ad468edd [SHA1]
    • vSphere ESXi 593MB
      2016-11-30T04:51:49.000Z bcd902a5fe01c2a6b5497c41ff2df1431567bca8 [SHA1]
      • Periodic stemcell update
        • Includes USN-3134-1 as requested by a community member
    • vSphere ESXi 593MB
      2016-11-16T22:14:31.000Z 80f8d19fc78a35f795308c8a09ee9f4d48c70cbf [SHA1]
      • Properly includes libpam_cracklib.so to avoid errors in /var/log/auth.log
    • vSphere ESXi 593MB
      2016-11-10T23:55:53.000Z 88cd3bc17b695090d8e22e041f6459fefdadaf7b [SHA1]
      • Fixes persistent disk mounting on OpenStack described in Stemcell 3308
    • vSphere ESXi 593MB
      2016-11-10T03:53:25.000Z 4c4f953929622fbb4de039e2dad4a07abeb82729 [SHA1]

      Reported Problems: - On OpenStack: Mounting persistent disks not working when using config-drive: disk while nova is configured to use a cdrom config-drive due to https://github.com/cloudfoundry/bosh/issues/1503

      Fixes: - Fixes SSH key installation issue introduced in Stemcell 3306

    • vSphere ESXi 594MB
      2016-11-08T17:25:00.000Z 400899f8fcfa4a6c84a779a29df982ff0b665d5e [SHA1]

      Reported Problems - bosh-init doesn’t work with this stemcell on OpenStack and AWS due to https://github.com/cloudfoundry/bosh/issues/1500 - Booting the stemcell image directly in you IaaS (without using BOSH/bosh-init) does no longer provision the ssh key for user vcap, so you need to login differently

      Changes - Agent will now wait for monit to complete stop all processes before carrying on - Added google stemcells - Default dmesg_restrict to 1 - Disable all IPv6 configurations - Reenabled UDF kernel module for Azure - Increase root_maxkeys and maxkeys kernel configurations - Changed default hostname to bosh-stemcell instead of localhost to avoid boot problems on GCP - Lower TCP keepalive configuration by default - Mount /var/log directory to /var/vcap/data/root_log - Restrict Access to the su command - Add pam_cracklib requirements to common-password and password-auth - Enable auditing for processes that start prior to auditd - Set log rotation interval to 15 min in stemcell - Made ownership & permissions for /etc/cron* files more restrictive - Customize shell prompt to show instance name and ID - Removed floppy drives from vSphere stemcells - Removed bosh micro assets hence making bosh micro unsupported

      Misc: - Stemcells are now built through Concourse via https://main.bosh-ci.cf-app.com/teams/main/pipelines/bosh:stemcells

    • vSphere ESXi 720MB
      2016-11-03T18:22:30.000Z a136a9e85eb24fa8c44a10e4c3e248aa81108611 [SHA1]
      • Updates CentOS kernel to the latest version for “Dirty COW”
        • Ubuntu stemcells were updated in previous versions at the time of Ubuntu USN updates
      • Includes fix to the bosh-agent to better support 1TB+ disk partitioning
    • vSphere ESXi 719MB
      2016-10-21T02:30:01.000Z 851186786f5725329415f4b46cdaa01ec49e1256 [SHA1]
      • Bump Ubuntu stemcells for USN-3106-2: Linux kernel (Xenial HWE) vulnerability
      • Includes a fix to the bosh-agent to work more reliably with 2TB+ persistent disks
    • vSphere ESXi 718MB
      2016-10-12T21:03:23.000Z 4ed5af8551b2b7740cb45a1970c2ba8e000e8fba [SHA1]
      • Bump Ubuntu stemcells for USN-3099-2: Linux kernel (Xenial HWE) vulnerabilities
    • vSphere ESXi 718MB
      2016-09-30T16:44:18.000Z 793773514c1c766b006ada8ece01c5f526cb3803 [SHA1]
      • Periodic bump
      • Delay start of rsyslogd using systemd on CentOS
    • vSphere ESXi 719MB
      2016-10-22T05:08:38.000Z 44211faa11120ea6efb6b385140516cb9b37b0ff [SHA1]
    • vSphere ESXi 719MB
      2016-10-13T15:15:39.000Z b4ec8bc3151ab04fe53259a6ddb0a08f5ecb014d [SHA1]
      • Bump Ubuntu stemcells for USN-3099-2: Linux kernel (Xenial HWE) vulnerabilities
    • vSphere ESXi 718MB
      2016-09-30T15:49:32.000Z 733e829585895dae106964b871e4942fc3c88dff [SHA1]
    • vSphere ESXi 717MB
      2016-09-08T06:09:35.000Z 2863c00542d21a78be1a6c5fa93e4a0dd6e0187f [SHA1]
    • vSphere ESXi 722MB
      2016-08-30T20:52:21.000Z a89840b1692a5fc66381caf29d993a5dd3f95ae2 [SHA1]
    • vSphere ESXi 721MB
      2016-08-23T23:12:58.000Z cd9f9c79e0b6b5eb4df8eae30c1e2b2e02242ca2 [SHA1]
    • vSphere ESXi 721MB
      2016-08-12T21:49:12.000Z 0a242a0a35528a5fd50eb11c58e7f9eb34536719 [SHA1]
    • vSphere ESXi 719MB
      2016-08-05T00:38:34.000Z fef10c169e2f613965b1fadc68d1c317ee92bc2e [SHA1]
    • vSphere ESXi 719MB
      2016-08-09T23:03:02.000Z 4db29c4b26c4ad0a572631c3a4dc64b0fb7e09eb [SHA1]
    • vSphere ESXi 719MB
      2016-07-21T17:30:58.000Z dcd21dbe5280e1c2b6c95132371ebdebb984f6e4 [SHA1]
    • vSphere ESXi 719MB
      2016-06-29T07:05:58.000Z b2e89e3631ce27e1c5dd467cdffad28f4db45c68 [SHA1]