PingOne Advanced Identity Cloud

Manage self-service promotions using the API

For background on self-service promotions in PingOne Advanced Identity Cloud, learn more in Introduction to self-service promotions.

Lower and upper environments

Before you run any promotions API requests, you must know which tenant environment is the lower environment and which is the upper environment. Learn more in Lower and upper environments.

The API uses a pull model to promote configuration, so most API commands must be run against the upper environment.

Dry-run promotions

When you are ready to run a promotion, perform a dry run first. A dry run lets you identify any problems with missing ESVs or encrypted secrets, before you run a full promotion.

Reports

Header 1 Header 2

Dry-run promotion report

A promotion report generated after a dry-run promotion. It provides a full list of configuration changes that will be promoted between a lower and an upper environment.

Promotion report

A promotion report generated after a promotion. It provides a full list of configuration changes that were promoted between a lower and an upper environment.

Provisional rollback report

A rollback report generated before rollback. It provides a full list of configuration changes that will be reverted from the upper environment.

Rollback report

A rollback report generated after a rollback. It provides a full list of configuration changes that were reverted from the upper environment.

Promotions API endpoints

Advanced Identity Cloud provides these API endpoints for promotions:

To authenticate to promotions API endpoints, use an access token created with the fr:idc:promotion:* scope.

The following diagram summarizes how promotions API commands are used to run a promotion. Learn more in Run a promotion.

self service promotions api states

Monitor progress when you lock or unlock environments, start a promotion, or start a rollback

When you use API commands to lock environments, unlock environments, start a promotion, or start a rollback, you trigger asynchronous processes in your environments. You can monitor the progress of these asynchronous processes by checking their state or status until they have completed. You do this by running further API commands and analyzing their responses.

Check the lock state

To check the lock state, use the /environment/promotion/lock/state endpoint:

curl \
--request GET 'https://<tenant-env-upper-fqdn>/environment/promotion/lock/state' \(1)
--header 'Content-Type: application/json' \
--header 'Accept-API-Version: resource=1.0' \
--header 'Authorization: Bearer <access-token>'(2)
1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).

Learn how to analyze the response from this endpoint in Lock environments.

Check the promotion status

To check the promotion status, use the /environment/promotion/promote endpoint:

curl \
--request GET 'https://<tenant-env-upper-fqdn>/environment/promotion/promote' \(1)
--header 'Content-Type: application/json' \
--header 'Accept-API-Version: resource=1.0' \
--header 'Authorization: Bearer <access-token>'(2)
1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).

Learn how to analyze the response from this endpoint during a promotion in Run a promotion.

Check the rollback status

To check the rollback status, use the /environment/promotion/promote endpoint, as described in Check the promotion status.

Learn how to analyze the response from this endpoint during a rollback in Run a rollback.

Lock environments

Before you run a promotion or a rollback, you must lock the upper and lower environments.

Step 1: Check that the environments are unlocked

  1. Check the lock state to confirm that both environments are unlocked. This is indicated in the response when result has a value of unlocked:

    {
        "description": "Environment unlocked",
        "lowerEnv": {
            "state": "unlocked"
        },
        "result": "unlocked",
        "upperEnv": {
            "state": "unlocked"
        }
    }

Step 2: Lock the environments

Locking an environment prevents configuration changes that could disrupt a promotion or a rollback; however, all authentication flows continue to work as normal.

  1. To lock the environments, use the /environment/promotion/lock endpoint to create a lock request:

    curl \
    --request POST 'https://<tenant-env-upper-fqdn>/environment/promotion/lock' \(1)
    --header 'Content-Type: application/json' \
    --header 'Accept-API-Version: resource=1.0' \
    --header 'Authorization: Bearer <access-token>'(2)
    1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
    2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
    1. If the lock request is successful, the response result has a value of locking:

      {
          "description": "Environment lock in progress",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "result": "locking"
      }
    2. If the lock request is rejected, the response code has a value of 409.

      • In the example below the lock request was rejected because a lock already exists:

        {
            "code": 409,
            "message": "Environment is already locked for promotion 791eb03a-7ec1-42ae-ae84-ed142cf52688"
        }

        To resolve this:

        1. If another member of your team is already running a promotion:

          1. Wait until the team member has completed their promotion and has released the lock.

          2. Start the promotion steps again.

        2. If the lock has accidentally been left in place, and no one else is running a promotion:

          1. Unlock the environments using the promotion ID stated in the error message.

          2. Start the promotion steps again.

      • In the example below the lock request was rejected because Ping Identity locked the environment:

        {
            "code": 409,
            "message": "Environment is locked by ForgeRock for maintenance. Retry later."
        }

        Ping Identity typically locks an environment so that Backstage Support engineers can investigate an issue or perform maintenance. To resolve this, wait until Ping Identity releases the lock.

    3. If the lock request causes an unexpected error, the response code has a value of 500.

      {
          "code": 500,
          "message": "<internal-error-message>"
      }
  2. Check the lock state to confirm that the lock is in progress. This is indicated in the response when result has a value of locking:

    {
        "description": "Environment lock in progress",
        "lowerEnv": {
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "state": "locking"
        },
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "result": "locking",
        "upperEnv": {
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "state": "locking"
        }
    }
  3. Check the lock state as many times as you need until both environments are locked. This is indicated in the response when result has a value of locked:

    {
        "description": "Environment locked",
        "lowerEnv": {
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "state": "locked"
        },
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "result": "locked",
        "upperEnv": {
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "state": "locked"
        }
    }

Run a promotion

Step 1: Lock the environments

Follow the instructions in Lock environments.

Step 2: Check that a promotion is not already running

Check the promotion status to confirm that a promotion is not already running. This is indicated in the response when status has a value of READY:

{
    "status": "READY",
    "message": "Environment ready for promotion",
    "blockingError": false,
    "globalLock": "LOCKED",
    "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
    "timeStamp": "2024-06-12T17:12:32Z",
    "type": "promotion"
}

Step 3: Run a dry-run promotion

To run a dry-run promotion, follow the steps in Step 4: Run the promotion; however, in step 4.1, set the dryRun flag to true:

--data-raw '{
    "dryRun": true
}'

If there are any scripts awaiting promotion, ensure that they do not emit any personally identifiable information (PII) of your end users into Advanced Identity Cloud logs.

Ping Identity recommends that you establish a review and testing process for all scripts to prevent PII leaking out of your Advanced Identity Cloud tenant environments.

Step 4: Run the promotion

  1. To run a promotion, use the /environment/promotion/promote endpoint:

    curl \
    --request POST 'https://<tenant-env-upper-fqdn>/environment/promotion/promote' \(1)
    --header 'Content-Type: application/json' \
    --header 'Accept-API-Version: resource=1.0' \
    --header 'Authorization: Bearer <access-token>' \(2)
    --data-raw '{
        "dryRun": false (3)
    }'
    1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
    2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
    3 The dryRun flag is set to false in the request body.
    {
        "result": "Promotion process initiated successfully"
    }
  2. Check the promotion status to confirm that the promotion is in progress. This is indicated in the response when status has a value of RUNNING:

    {
        "status": "RUNNING",
        "message": "Prepare config",
        "blockingError": false,
        "globalLock": "LOCKED",
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "timeStamp": "2024-06-12T17:14:13Z",
        "type": "promotion"
    }
  3. Check the promotion status as many times as you need until the promotion is complete.

    1. If the promotion is still running, the response status has a value of RUNNING:

      {
          "status": "RUNNING",
          "message": "Promote configuration",
          "blockingError": false,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:15:51Z",
          "type": "promotion"
      }
    2. If the promotion failed but is recoverable, the response status has a value of ERROR, and the response blockingError has a value of false.

      1. In the example below, the promotion failed an integrity check for missing ESVs.

        {
            "status": "ERROR",
            "message": "Missing ESVs",
            "blockingError": false,
            "missingESVs": [
                "email.from"
            ],
            "globalLock": "LOCKED",
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "timeStamp": "2024-06-12T17:19:31Z",
            "type": "promotion"
        }

        To resolve this:

        1. Unlock the environments.

        2. For each ESV in missingESVs, add an ESV into the upper environment.

        3. Start the promotion steps again.

      2. In the example below, the promotion failed an integrity check for encrypted secrets.

        {
            "status": "ERROR",
            "message": "Found encrypted values in the AM/IDM configuration",
            "blockingError": false,
            "globalLock": "LOCKED",
            "encryptedSecrets": [
                "* am/services/realm/root-alpha/persistentcookiedecisionnode/1.0/organizationconfig/default/dd35c42f-177e-4633-9107-373214858fa7.json:10"
            ],
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "timeStamp": "2024-06-12T17:19:31Z",
            "type": "promotion"
        }

        To resolve this:

        1. If the encrypted secret is in your configuration by accident:

          1. Unlock the environments.

          2. Create an ESV secret containing the encrypted secret in each of the development, staging, and production environments.

          3. Update your configuration to reference the new ESV secret.

          4. Start the promotion steps again.

        2. If the encrypted secret is in your configuration deliberately, you can bypass this check:

          1. Follow the steps in Step 4: Run the promotion; however, in step 4.1, set the ignoreEncryptedSecrets flag to true:

            --data-raw '{
                "dryRun": false,
                "ignoreEncryptedSecrets": true
            }'
    3. If the promotion failed and is not recoverable, the response status has a value of ERROR, and the response blockingError has a value of true:

      {
          "status": "ERROR",
          "message": "Failed to promote config",
          "blockingError": true,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:19:31Z",
          "type": "promotion"
      }

      If you run the promotion again after a blocking error, the following response displays:

      {
          "code": 409,
          "message": "Environment is blocked from a previous failed promotion or rollback"
      }
    4. If Advanced Identity Cloud services are restarting, the response status has a value of RUNNING, and the response message has a value of Waiting for workloads to restart:

      {
          "status": "RUNNING",
          "message": "Waiting for workloads to restart",
          "blockingError": false,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:32:06Z",
          "type": "promotion"
      }

      This part of the promotion can take several minutes. It does not apply to dry-run promotions, where Advanced Identity Cloud services do not need to be restarted.

    5. If the promotion is complete, the response status has a value of READY, and the response message has a value of Promotion completed:

      {
          "status": "READY",
          "message": "Promotion completed",
          "blockingError": false,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:40:29Z",
          "type": "promotion"
      }

      If no changes have been promoted, the message has a value of Promotion completed (no change).

Step 5: View the promotion report

  1. To view a report for the most recent promotion, use the /environment/promotion/report endpoint.

    curl \
    --request GET 'https://<tenant-env-upper-fqdn>/environment/promotion/report' \(1)
    --header 'Content-Type: application/json' \
    --header 'Accept-API-Version: resource=1.0' \
    --header 'Authorization: Bearer <access-token>' \(2)
    1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
    2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
    {
        "createdDate": "2024-06-12T17:32:05Z",
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "report": {
            "IDMConfig": [
                {
                    "configChange": {
                        "added": [
                            "Forgotten Username"
                        ]
                    },
                    "configItem": "Email > Templates",
                    "fileDestinationPattern": "idm/conf/emailTemplate-*.json",
                    "fileName": "displayName",
                    "type": "single"
                }
            ]
        },
        "reportId": "c41286bb-30cd-4109-ba9d-dc4788b6a75c",
        "reportName": "Report_2024-06-12T17-32+00Z_dryrun=false_8acd3a87-2272-450f-a3b3-1eb222108740",
        "type": "promotion"
    }

    In the example above, the promotion report shows that email template configuration was promoted.

  2. To view a report from before the most recent promotion, learn more in View previous promotion or rollback reports.

Step 6: Unlock the environments

Follow the instructions in Unlock environments.

Run a rollback

Step 1: Lock the environments

Follow the instructions in Lock environments.

Step 2: Check that a promotion is not already running

Check the promotion status to confirm that a promotion is not already running. This is indicated in the response when status has a value of READY:

{
    "status": "READY",
    "message": "Environment ready for promotion",
    "blockingError": false,
    "globalLock": "LOCKED",
    "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
    "timeStamp": "2024-06-12T17:12:32Z",
    "type": "promotion"
}

Step 3: Get a provisional rollback report

To get a provisional rollback report, use the /environment/promotion/report/provisional-rollback endpoint:

curl \
--request GET 'https://<tenant-env-upper-fqdn>/environment/promotion/report/provisional-rollback' \(1)
--header 'Content-Type: application/json' \
--header 'Accept-API-Version: resource=1.0' \
--header 'Authorization: Bearer <access-token>'(2)
1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
{
    "createdDate": "2024-06-12T17:32:05Z",
    "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
    "report": {
        "IDMConfig": [
            {
                "configChange": {
                    "added": [
                        "Forgotten Username"
                    ]
                },
                "configItem": "Email > Templates",
                "fileDestinationPattern": "idm/conf/emailTemplate-*.json",
                "fileName": "displayName",
                "type": "single"
            }
        ]
    },
    "reportId": "c41286bb-30cd-4109-ba9d-dc4788b6a75c",
    "reportName": "Report_2024-06-12T17-32+00Z_dryrun=false_8acd3a87-2272-450f-a3b3-1eb222108740",
    "type": "provisional-rollback"
}

Step 4: Run the rollback

  1. To run a rollback, use the /environment/promotion/rollback endpoint:

    curl \
    --request POST 'https://<tenant-env-upper-fqdn>/environment/promotion/rollback' \(1)
    --header 'Content-Type: application/json' \
    --header 'Accept-API-Version: resource=1.0' \
    --header 'Authorization: Bearer <access-token>' \(2)
    --data-raw '{}'
    1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
    2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
    {
        "result": "Rollback process initiated successfully"
    }
  2. Check the rollback status to confirm that the rollback is in progress. This is indicated in the response when status has a value of RUNNING:

    {
        "status": "RUNNING",
        "message": "Prepare config",
        "blockingError": false,
        "globalLock": "LOCKED",
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "timeStamp": "2024-06-12T17:14:13Z",
        "type": "rollback"
    }
  3. Check the rollback status as many times as you need until the rollback is complete.

    1. If the rollback is still running, the response status has a value of RUNNING:

      {
          "status": "RUNNING",
          "message": "Rollback configuration",
          "blockingError": false,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:15:51Z",
          "type": "rollback"
      }
    2. If the rollback failed but is recoverable, the response status has a value of ERROR, and the response blockingError has a value of false.

      1. In the example below, the rollback failed an integrity check for missing ESVs.

        {
            "status": "ERROR",
            "message": "Missing ESVs",
            "blockingError": false,
            "missingESVs": [
                "email.from"
            ],
            "globalLock": "LOCKED",
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "timeStamp": "2024-06-12T17:19:31Z",
            "type": "rollback"
        }

        To resolve this:

        1. Unlock the environments.

        2. For each ESV in missingESVs, re-add the ESV into the upper environment.

        3. Start the rollback steps again.

    3. If the rollback failed and is not recoverable, the response status has a value of ERROR, and the response blockingError has a value of true:

      {
          "status": "ERROR",
          "message": "Failed to rollback config",
          "blockingError": true,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:19:31Z",
          "type": "rollback"
      }

      If you run the rollback again after a blocking error, the following response displays:

      {
          "code": 409,
          "message": "Environment is blocked from a previous failed promotion or rollback"
      }
    4. If Advanced Identity Cloud services are restarting, the response status has a value of RUNNING, and the response message has a value of Waiting for workloads to restart:

      {
          "status": "RUNNING",
          "message": "Waiting for workloads to restart",
          "blockingError": false,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:32:06Z",
          "type": "rollback"
      }

      This part of the rollback can take several minutes.

    5. If the rollback is complete, the response status has a value of READY, and the response message has a value of Promotion completed:

      {
          "status": "READY",
          "message": "Rollback completed",
          "blockingError": false,
          "globalLock": "LOCKED",
          "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
          "timeStamp": "2024-06-12T17:40:29Z",
          "type": "rollback"
      }

Step 5: Unlock the environments

Follow the instructions in Unlock environments.

Unlock environments

After you run a promotion or a rollback, you must unlock the upper and lower environments.

  1. To unlock the environments, use the /environment/promotion/lock endpoint:

    curl \
    --request DELETE 'https://<tenant-env-upper-fqdn>/environment/promotion/lock/<promotion-id>' \(1) (2)
    --header 'Content-Type: application/json' \
    --header 'Accept-API-Version: resource=1.0' \
    --header 'Authorization: Bearer <access-token>'(3)
    1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
    2 Replace <promotion-id> with the promotionId created when you initially locked the environments.
    3 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
    {
        "description": "Environment unlock in progress",
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "result": "unlocking"
    }
  2. Check the lock state as many times as you need until both environments are unlocked. This is indicated in the response when result has a value of unlocked:

    {
        "description": "Environment locked",
        "lowerEnv": {
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "state": "locked"
        },
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "result": "locked",
        "upperEnv": {
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "state": "locked"
        }
    }

View previous promotion or rollback reports

  1. To view a list of previous promotion or rollback reports, use the /environment/promotion/reports endpoint:

    curl \
    --request GET 'https://<tenant-env-upper-fqdn>/environment/promotion/reports' \(1)
    --header 'Content-Type: application/json' \
    --header 'Accept-API-Version: resource=1.0' \
    --header 'Authorization: Bearer <access-token>'(2)
    1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
    2 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
    [
        {
            "createdDate": "2024-06-12T12:00:29Z",
            "dryRun": true,
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "reportId": "57aabe7d-4e8c-4fbb-8a13-2fc7d1cb4d52",
            "type": "promotion"
        },
        {
            "createdDate": "2024-06-12T17:32:05Z",
            "dryRun": false,
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "reportId": "c41286bb-30cd-4109-ba9d-dc4788b6a75c",
            "type": "promotion"
        },
        {
            "createdDate": "2024-06-12T13:56:10Z",
            "dryRun": true,
            "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
            "reportId": "df893dee-e952-489c-b94d-8c9ebf36e9a5",
            "type": "promotion"
        }
    ]
  2. To view individual reports, use the /environment/promotion/report endpoint and supply a reportId from the response in the previous step:

    curl \
    --request GET 'https://<tenant-env-upper-fqdn>/environment/promotion/report/<report-id>' \(1) (2)
    --header 'Content-Type: application/json' \
    --header 'Accept-API-Version: resource=1.0' \
    --header 'Authorization: Bearer <access-token>'(3)
    1 Replace <tenant-env-upper-fqdn> with the FQDN of the upper environment.
    2 Replace <report-id> with a reportId; for example, c41286bb-30cd-4109-ba9d-dc4788b6a75c.
    3 Replace <access-token> with an access token for the upper environment (learn more in Get an access token).
    {
        "createdDate": "2024-06-12T17:32:05Z",
        "promotionId": "8acd3a87-2272-450f-a3b3-1eb222108740",
        "report": {
            "IDMConfig": [
                {
                    "configChange": {
                        "added": [
                            "Forgotten Username"
                        ]
                    },
                    "configItem": "Email > Templates",
                    "fileDestinationPattern": "idm/conf/emailTemplate-*.json",
                    "fileName": "displayName",
                    "type": "single"
                }
            ]
        },
        "reportId": "c41286bb-30cd-4109-ba9d-dc4788b6a75c",
        "reportName": "Report_2024-06-12T17-32+00Z_dryrun=false_8acd3a87-2272-450f-a3b3-1eb222108740",
        "type": "promotion"
    }

Resolve environment errors that are preventing a promotion or a rollback

To resolve environment errors that are preventing a promotion or a rollback submit a support ticket:

  1. Open a How-To ticket with Backstage Support.

  2. On the How Do I...? page, provide values for the following fields:

    Field Value

    Product

    Select the following from the lists:

    • PingOne Advanced Identity Cloud

    • Tenant Settings

    • Self-Service Promotion

    What are you trying to achieve?

    Enter one of the following:

    • Resolve environment errors preventing a self-service promotion

    • Resolve environment errors preventing a self-service rollback

    Please provide a short description

    Enter one of the following:

    • An error has occurred during a self-service promotion to the development/staging/production environment.

    • An error has occurred during a self-service rollback from the staging/production environment.

    Enter the error code and message (API users only).

  3. Click Submit.

Revert configuration in your development environment

To revert configuration in your development environment, submit a support ticket:

  1. Open an Identity Cloud: Config request with Backstage Support.

  2. On the Advanced Identity Cloud: Config Request page, provide values for the following fields:

    Field Value

    Hostname

    Enter the FQDN of the upper environment from the promotion you need to revert.

    What would you like to do?

    Select Restore from backup

  3. In the Restore from backup section, provide values for the following fields:

    Field Value

    What is the environment name?

    Select Dev.

    What is the date of the backup you would like to restore from?

    Enter the date when you last had stable configuration, using the format YYYY-MM-DD.

  4. Click Submit.