A stemcell is a versioned Operating System image wrapped with IaaS specific packaging.

Typical stemcell contains bare minimum OS skeleton with few common utilities pre-installed, a BOSH Agent and few configuration files to make OS be securely configured by default.

Learn more about stemcells.

Ubuntu Lucid, CentOS 6.x, and Ruby agent based stemcells are deprecated.

Windows instance types will have additional costs associated with Microsoft licensing. Windows stemcell do not include actual Windows OS.

Upload latest version to your BOSH Director:

# Upload latest version, currently 3421.11
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-warden-boshlite-centos-7-go_agent

# Upload specific version
$ bosh upload stemcell https://bosh.io/d/stemcells/bosh-warden-boshlite-centos-7-go_agent?v=3421.11

Alternatively, download stemcell tarball locally:

# ...or download it directly using curl
$ curl -L -J -O https://bosh.io/d/stemcells/bosh-warden-boshlite-centos-7-go_agent?v=3421.11

# or with wget...
$ wget --content-disposition https://bosh.io/d/stemcells/bosh-warden-boshlite-centos-7-go_agent?v=3421.11
  • CentOS 7.x

    • BOSH Lite Warden 554MB
      2017-06-30T00:29:11.000Z 2e78d6b2fd2660eb9190de6670715f957dba0f96 [SHA1]
      • Bump Ubuntu stemcells for USN-3344-2: Linux kernel (Xenial HWE) vulnerabilities
    • BOSH Lite Warden 554MB
      2017-06-21T03:32:35.000Z b1ea55ad3f5e74608fe53e5c7831acaffcbe3271 [SHA1]
      • Bump Ubuntu stemcells for USN-3334-1: Linux kernel (Xenial HWE) vulnerabilities
    • BOSH Lite Warden 553MB
      2017-06-12T16:51:57.000Z d1265ff686d97d04d96c8bd973442eaa434c217c [SHA1]
      • Bump Ubuntu stemcells for USN-3312-2 - Linux kernel vulnerabilities
    • BOSH Lite Warden 553MB
      2017-06-05T17:36:48.000Z dd5e0bac1b146971f008cbb58597b881d3426efc [SHA1]
      • Bump CentOS stemcells for CESA-2017:1382 - sudo vulnerability
    • BOSH Lite Warden 552MB
      2017-05-23T00:36:08.000Z d2836f87b56d0d8e7c085a76bac537df996dcf5e [SHA1]


      • Added env.bosh.remove_static_libraries (bool) to remove static libraries
        • Useful to enable this option when exporting compiled releases
      • Added env.bosh.ipv6.enable (bool) to remove ipv6.disable kernel functionality at bootup time


      • Fixed sysstat logging
      • Fixed anacron’s RANDOM_DELAY configuration


      • Bumped s3cli v0.0.60
        • Updated aws-sdk-go to solve network timeout edge case
      • Bumped davcli v0.0.19
        • Use TCP keep alive to solve network timeout edge case
      • Bumped bosh-agent v0.0.35
        • Add -v to the Agent binary
        • Prepared sync_dns action to work with future Director’s DNS integration
    • BOSH Lite Warden 553MB
      2017-05-30T23:02:06.000Z b07fb548ddf4032094dc401fd273639a0c46b083 [SHA1]
    • BOSH Lite Warden 553MB
      2017-05-19T23:42:37.000Z 420057e08b03bed04b44999ed3c915f944db4dda [SHA1]
      • Periodic Ubuntu stemcells update
    • BOSH Lite Warden 553MB
      2017-05-12T19:28:24.000Z b2686f0999fdcde9c0b984a318b16ccc6ab7234a [SHA1]
      • Periodic Ubuntu stemcells update
      • Run cron in BOSH Lite stemcells so that logrotation is performed
    • BOSH Lite Warden 553MB
      2017-04-25T23:14:11.000Z 9946ff6ada211307247147a9f48412c81b45dc69 [SHA1]
      • Bump Ubuntu stemcells for USN-3265-2: Linux kernel (Xenial HWE) vulnerabilities
    • BOSH Lite Warden 552MB
      2017-04-17T22:49:04.000Z f6223e702c4117b6243bb85b3ce739a22408117f [SHA1]
      • Periodic bump for CentOS stemcells to include CESA-2017:0933
      • Disable IPv6 through /proc/cmdline to eliminate possibilty of listening on tcp6/udp6
    • BOSH Lite Warden 531MB
      2017-04-05T21:55:26.000Z 397683c6e19c70027de4c0a36f18e6a28e7c14ec [SHA1]
      • Bump Ubuntu stemcells for USN-3256-2: Linux kernel (HWE) vulnerability


      • Made AWS AMI backing snapshot public to support encryption of boot disks
    • BOSH Lite Warden 531MB
      2017-03-30T21:28:29.000Z ef306c19e452c8f95babfe803262e46bac5ea1dd [SHA1]
      • Bump Ubuntu stemcells for USN-3249-2: Linux kernel (Xenial HWE) vulnerability
    • BOSH Lite Warden 531MB
      2017-03-10T00:56:30.000Z 2e2919ea1d0d248217b3379302952a5b25620f4f [SHA1]
    • BOSH Lite Warden 529MB
      2017-03-08T23:49:51.000Z 74d6dd4ed45b2e75b761ca5dc0570c8962fedc1c [SHA1]
      • Bumps Ubuntu stemcells for USN-3220-2: Linux kernel (Xenial HWE) vulnerability
    • BOSH Lite Warden 529MB
      2017-02-23T02:27:31.000Z 31bd2de31d72ffedfcb482cc28edc2239ad7826e [SHA1]

      Changes: - Bumps Ubuntu stemcells for USN-3208-2: Linux kernel (Xenial HWE) vulnerabilities - Fixes excessive “out of memory” errors in kernel - https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1655842 - Fixes regression to rsyslog by locking it down again to rsyslog 8.22.0

      Agent: - Fixes Azure stemcell persistent disk formatting - Fixes Warden stemcells SSH access

    • BOSH Lite Warden 528MB
      2017-02-17T21:16:01.000Z 3cb434caab39bba29d3271330e29feec513330c3 [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - rsyslog version updated to 8.24.0, regressing on issue #1537 - Out of memory errors still exists in Kernel - will be fixed around Feb 20.

      Changes: - Fixes double -hvm- suffix problem for AWS Light stemcells

    • BOSH Lite Warden 528MB
      2017-02-16T02:17:59.000Z 35c50442e15ffc8e5ee488349e5289cc830ea5be [SHA1]

      Reported Problems: - DO NOT USE azure stemcell as it may cause data loss. - Out of memory errors still exists in Kernel - will be fixed around Feb 20. - rsyslog version updated to 8.24.0, regressing on issue #1537 - AWS Light stemcell has incorrect name once imported - BOSH SSH does not work on BOSH Lite

      Changes: - Add more auditd rules - Fix CentOS initramfs to load necessary kernel modules - Disable boot loader login - Increasing tcp_max_sync_backlog - Disabling any DSA host keys - Add bosh_sshers group and assign it to vcap user - Only allow users in bosh_sshers group to SSH

      Agent: - Log Agent API access events in CEF format to syslog (vcap.agent topic) - Allow configuring swap size through env.bosh.swap_size (example: env.bosh.swap_size: 0) - Prepare for SHA2 releases - Allow setting fetching to work with base64 encoded user data - Do not delaycompress in logrotate

    • BOSH Lite Warden 529MB
      2016-12-05T17:31:34.000Z d9bc7ae772d072725a8db2202646f122a52a478e [SHA1]
      • Periodic stemcell update
    • BOSH Lite Warden 529MB
      2016-12-02T16:32:46.000Z 5fdc9cafb2ab3cfc7a37a6b155245bc43d66e9c0 [SHA1]
    • BOSH Lite Warden 529MB
      2016-11-30T04:51:33.000Z 008daf7b08beecc8770ad98b4f5201b05676c153 [SHA1]
      • Periodic stemcell update
        • Includes USN-3134-1 as requested by a community member
    • BOSH Lite Warden 529MB
      2016-11-16T22:14:17.000Z ebafa082d1ac9ba0b21000fa0d097aad2497af20 [SHA1]
      • Properly includes libpam_cracklib.so to avoid errors in /var/log/auth.log
    • BOSH Lite Warden 529MB
      2016-11-10T23:55:38.000Z 60ae9c713ed6034bcd1235ea01168a3a16ee856d [SHA1]
      • Fixes persistent disk mounting on OpenStack described in Stemcell 3308
    • BOSH Lite Warden 529MB
      2016-11-10T18:58:26.000Z fad207183c59c49b99c72dc2ced35f598f3a1ecc [SHA1]

      Reported Problems: - On OpenStack: Mounting persistent disks not working when using config-drive: disk while nova is configured to use a cdrom config-drive due to https://github.com/cloudfoundry/bosh/issues/1503

      Fixes: - Fixes SSH key installation issue introduced in Stemcell 3306

    • BOSH Lite Warden 530MB
      2016-11-09T00:59:32.000Z 839cca4f7d4470350593f46dd5b6a7aa4e67f8b8 [SHA1]

      Reported Problems - bosh-init doesn’t work with this stemcell on OpenStack and AWS due to https://github.com/cloudfoundry/bosh/issues/1500 - Booting the stemcell image directly in you IaaS (without using BOSH/bosh-init) does no longer provision the ssh key for user vcap, so you need to login differently

      Changes - Agent will now wait for monit to complete stop all processes before carrying on - Added google stemcells - Default dmesg_restrict to 1 - Disable all IPv6 configurations - Reenabled UDF kernel module for Azure - Increase root_maxkeys and maxkeys kernel configurations - Changed default hostname to bosh-stemcell instead of localhost to avoid boot problems on GCP - Lower TCP keepalive configuration by default - Mount /var/log directory to /var/vcap/data/root_log - Restrict Access to the su command - Add pam_cracklib requirements to common-password and password-auth - Enable auditing for processes that start prior to auditd - Set log rotation interval to 15 min in stemcell - Made ownership & permissions for /etc/cron* files more restrictive - Customize shell prompt to show instance name and ID - Removed floppy drives from vSphere stemcells - Removed bosh micro assets hence making bosh micro unsupported

      Misc: - Stemcells are now built through Concourse via https://main.bosh-ci.cf-app.com/teams/main/pipelines/bosh:stemcells