forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-om-deploy.html.md.erb
411 lines (379 loc) · 21.9 KB
/
azure-om-deploy.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
---
title: Launching an Ops Manager Director Instance on Azure without an ARM Template
owner: Ops Manager
---
<strong><%= modified_date %></strong>
<html class="list-style-none"></html>
This topic describes how to deploy Ops Manager Director for Pivotal Cloud Foundry (PCF) on Azure by using individual commands to create resources in Azure instead of using an Azure Resource Manager (ARM) template. For information about using the ARM template, see the [Launching an Ops Manager Director Instance with an ARM Template](azure-arm-template.html) topic.
Before you perform the procedures in this topic, you must have completed the procedures in the [Preparing to Deploy PCF on Azure](azure-prepare-env.html) topic. After you complete the procedures in this topic, follow the instructions in the [Configuring Ops Manager Director on Azure](azure-om-config.html) topic.
<p class="note"><strong>Note</strong>: If you are deploying PCF on Azure Stack, complete the procedures in <a href="https://docs.microsoft.com/en-us/azure/azure-stack/user/azure-stack-connect-cli">Install and configure CLI for use with Azure Stack</a> in the Microsoft documentation before following the procedures in this topic.</p>
<p class="note"><strong>Note</strong>: The Azure portal sometimes displays the names of resources with incorrect capitalization. Always use the Azure CLI to retrieve the correctly capitalized name of a resource.</p>
##<a id='network'></a> Step 1: Create Network Resources
1. Navigate to the Azure portal, click **Resource groups**, and click **Add** to create a new resource group for your PCF deployment.
1. Enter a **Resource group name**, select your **Subscription**, and select a **Resource group location**. Click **Create**.
1. Export the name of your resource group as the environment variable `$RESOURCE_GROUP`.
<pre class="terminal">
$ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
</pre>
<p class="note"><strong>Note</strong>: If you are on a Windows machine, you can use <code>set</code> instead of <code>export</code>.</p>
1. Export your location. For example, `westus`.
<pre class="terminal">
$ export LOCATION=westus
</pre>
<p class="note"><strong>Note</strong>: For a list of available locations, run <code>az account list-locations</code>.</p>
1. Create a network security group named `pcf-nsg`.
<pre class="terminal">
$ az network nsg create --name pcf-nsg \
--resource-group $RESOURCE_GROUP \
--location $LOCATION
</pre>
1. Add a network security group rule to the `pcf-nsg` group to allow traffic from the public Internet.
<pre class="terminal">
$ az network nsg rule create --name internet-to-lb \
--nsg-name pcf-nsg --resource-group $RESOURCE_GROUP \
--protocol Tcp --priority 100 \
--destination-port-range '*'
</pre>
<p class="note"><strong>Note</strong>: Because the VMs do not have public IP addresses, this network security group rule only affects the load balancer.</p>
1. Create a network security group named `opsmgr-nsg`.
<pre class="terminal">
$ az network nsg create --name opsmgr-nsg \
--resource-group $RESOURCE_GROUP \
--location $LOCATION
</pre>
1. Add a network security group rule to the `opsmgr-nsg` group to allow HTTP traffic to the Ops Manager VM.
<pre class="terminal">
$ az network nsg rule create --name http \
--nsg-name opsmgr-nsg --resource-group $RESOURCE_GROUP \
--protocol Tcp --priority 100 \
--destination-port-range 80
</pre>
1. Add a network security group rule to the `opsmgr-nsg` group to allow HTTPS traffic to the Ops Manager VM.
<pre class="terminal">
$ az network nsg rule create --name https \
--nsg-name opsmgr-nsg --resource-group $RESOURCE_GROUP \
--protocol Tcp --priority 200 \
--destination-port-range 443
</pre>
1. Add a network security group rule to the `opsmgr-nsg` group to allow SSH traffic to the Ops Manager VM.
<pre class="terminal">
$ az network nsg rule create --name ssh \
--nsg-name opsmgr-nsg --resource-group $RESOURCE_GROUP \
--protocol Tcp --priority 300 \
--destination-port-range 22
</pre>
1. Create a virtual network named `pcf-net`.
<pre class="terminal">
$ az network vnet create --name pcf-net \
--resource-group $RESOURCE_GROUP --location $LOCATION \
--address-prefixes 10.0.0.0/16
</pre>
1. Add a subnet to the network for PCF VMs.
<pre class="terminal">
$ az network vnet subnet create --name pcf \
--vnet-name pcf-net \
--resource-group $RESOURCE_GROUP \
--address-prefix 10.0.0.0/20
</pre>
##<a id='storage'></a> Step 2: Create BOSH and Deployment Storage Accounts
Azure for PCF uses multiple general-purpose Azure storage accounts. The BOSH and Ops Manager VMs use one main BOSH account, and the other components share five or more deployment storage accounts.
1. Choose a name for your BOSH storage account, and export it as the environment variable `$STORAGE_NAME`. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers.
<pre class="terminal">
$ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
</pre>
1. Create a Standard storage account for BOSH with the following command. This account will be used for BOSH bookkeeping and running the Ops Manager VM itself, but does not have to be used for running any other VMs.
<pre class="terminal">
$ az storage account create --name $STORAGE\_NAME \
--resource-group $RESOURCE\_GROUP \
--account-type Standard_LRS \
--location $LOCATION
</pre>
<p class="note"><strong>Note</strong>: <code>Standard\_LRS</code> refers to a Standard Azure storage account. The BOSH Director requires table storage to store stemcell information. Azure Premium storage does not support table storage and cannot be used for the BOSH storage account.</p>
If the command fails, ensure you have followed the rules for naming your storage account. Export another new storage account name if necessary.
1. Configure the Azure CLI to use the BOSH storage account as its default.
1. Retrieve the connection string for the account.
<pre class="terminal">
$ az storage account show-connection-string \
--name $STORAGE\_NAME --resource-group $RESOURCE_GROUP
</pre>
The command returns output similar to the following:
<pre class="terminal">
{
"connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=cfdocsboshstorage;AccountKey=KwKQqVXgVcEVBZUY/leiIy/Lprnc5igFxYWsgq016Tu9uGwseOl8bqNBEL/2tp7wX92QMUM19Pz9BYTXt8aq4A=="
}
</pre>
1. Record the full value of `connectionString` from the output above, starting with and including `DefaultEndpointsProtocol=`.
1. Export the value of `connectionString` as the environment variable `$AZURE_STORAGE_CONNECTION_STRING`.
<pre class="terminal">
$ export AZURE\_STORAGE\_CONNECTION\_STRING="YOUR-ACCOUNT-KEY-STRING"
</pre>
1. Create three blob containers in the BOSH storage account, named `opsmanager`, `bosh`, and `stemcell`.
<pre class="terminal">
$ az storage container create --name opsmanager
$ az storage container create --name bosh
$ az storage container create --name stemcell --public-access blob
</pre>
1. Create a table named `stemcells`.
<pre class="terminal">
$ az storage table create --name stemcells
</pre>
1. Choose a set of unique names for five or more deployment storage accounts. As with the BOSH storage account above, the names must be unique, alphanumeric, lowercase, and 3-24 characters long. The account names must also be sequential or otherwise identical except for the last character. For example: `xyzdeploystorage1`, `xyzdeploystorage2`, `xyzdeploystorage3`, `xyzdeploystorage4`, and `xyzdeploystorage5`.
1. Decide which type of storage to use and run the corresponding command below:
<p class="note"><strong>Note</strong>: Pivotal recommends five Premium storage accounts, which provides a reasonable amount of initial storage capacity. You can use either Premium or Standard storage accounts, but they have very different scalability metrics. Pivotal recommends creating 1 Standard storage account for every 30 VMs, or 1 Premium storage account for every 150 VMs. You can increase the number of storage accounts later by provisioning more and following the naming sequence.</p>
* To use Premium storage (recommended):
<pre class="terminal">
$ export STORAGE\_TYPE="Premium_LRS"
</pre>
* To use Standard storage:
<pre class="terminal">
$ export STORAGE\_TYPE="Standard_LRS"
</pre>
1. For **each deployment storage account**, do the following:
1. Create the storage account with the following command, replacing `MY_DEPLOYMENT_STORAGE_X` with one of your deployment storage account names and `SUBSCRIPTION_ID` with your subscription ID.
<pre class="terminal">
$ az storage account create --name MY\_DEPLOYMENT\_STORAGE\_X \
--resource-group $RESOURCE\_GROUP --sku $STORAGE\_TYPE \
--kind Storage --location $LOCATION
</pre>
If the command fails, try a different set of account names.
1. Retrieve the connection string for the account.
<pre class="terminal">
$ az storage account show-connection-string \
--name MY\_DEPLOYMENT\_STORAGE\_X --resource-group $RESOURCE_GROUP
</pre>
The command returns output similar to the following:
<pre class="terminal">
{
"connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=cfdocsdeploystorage1;AccountKey=oa/QiSAmqj1OocsGhKBwn/Mf8wEwdeJMvvonrbmNk27bfkSL8ZFzAhs3Kb78si5CTPHhjHHiK4qPcYzn/8OmFg=="
}
</pre>
1. Record the full value of `connectionString` from the output above, starting with and including `DefaultEndpointsProtocol=`.
1. Create two blob containers named `bosh` and `stemcell` in the account.
<pre class="terminal">
$ az storage container create --name bosh \
--connection-string "YOUR-ACCOUNT-KEY-STRING"
</pre>
<pre class="terminal">
$ az storage container create --name stemcell \
--connection-string "YOUR-ACCOUNT-KEY-STRING"
</pre>
##<a id='lb'></a> Step 3: Create a Load Balancer
1. Create a load balancer named `pcf-lb`.
<pre class="terminal">
$ az network lb create --name pcf-lb \
--resource-group $RESOURCE_GROUP --location $LOCATION
</pre>
1. Create a static IP address for the load balancer named `pcf-lb-ip`.
<pre class="terminal">
$ az network public-ip create --name pcf-lb-ip \
--resource-group $RESOURCE_GROUP --location $LOCATION \
--allocation-method Static
{
"publicIp": {
"dnsSettings": null,
"etag": "W/\"a9b780e8-38bc-4a28-a563-e13a5859169d\"",
"id": "/subscriptions/995b7eed-77ef-45ff-a5c9-1a405ffb8243/resourceGroups/cf-docs/providers/Microsoft.Network/publicIPAddresses/pcf-lb-ip",
"idleTimeoutInMinutes": 4,
"ipAddress": "13.64.255.40",
"ipConfiguration": null,
"location": "westus",
"name": "pcf-lb-ip",
"provisioningState": "Succeeded",
"publicIpAddressVersion": "IPv4",
"publicIpAllocationMethod": "Static",
"resourceGroup": "cf-docs",
"resourceGuid": "4fbf2fe5-6f7e-449a-ae70-e513a9f5cddc",
"tags": null,
"type": "Microsoft.Network/publicIPAddresses"
}
}
</pre>
1. Record the `ipAddress` from the output above. This is the public IP address of your load balancer.
1. Add a front-end IP configuration to the load balancer.
<pre class="terminal">
$ az network lb frontend-ip create --lb-name pcf-lb \
--name pcf-fe-ip --resource-group $RESOURCE_GROUP \
--public-ip-address pcf-lb-ip
</pre>
1. Add a probe to the load balancer.
<pre class="terminal">
$ az network lb probe create --lb-name pcf-lb \
--name tcp80 --resource-group $RESOURCE_GROUP \
--protocol Tcp --port 80
</pre>
1. Add a backend address pool to the load balancer.
<pre class="terminal">
$ az network lb address-pool create --lb-name pcf-lb \
--name pcf-vms --resource-group $RESOURCE_GROUP
</pre>
<p class="note"><strong>Note</strong>: This backend pool is empty when you create it.</p>
1. Add a load balancing rule for HTTP.
<pre class="terminal">
$ az network lb rule create --lb-name pcf-lb \
--name http --resource-group $RESOURCE_GROUP \
--protocol Tcp --frontend-port 80 \
--backend-port 80 --frontend-ip-name pcf-fe-ip \
--backend-pool-name pcf-vms
</pre>
1. Add a load balancing rule for HTTPS.
<pre class="terminal">
$ az network lb rule create --lb-name pcf-lb \
--name https --resource-group $RESOURCE_GROUP \
--protocol Tcp --frontend-port 443 \
--backend-port 443 --frontend-ip-name pcf-fe-ip \
--backend-pool-name pcf-vms
</pre>
1. Add a load balancing rule for SSH.
<pre class="terminal">
$ az network lb rule create --lb-name pcf-lb \
--name diego-ssh --resource-group $RESOURCE_GROUP \
--protocol Tcp --frontend-port 2222 \
--backend-port 2222 --frontend-ip-name pcf-fe-ip \
--backend-pool-name pcf-vms
</pre>
1. Navigate to your DNS provider, and create an entry that points `*.YOUR-SUBDOMAIN` to the public IP address of your load balancer that you recorded in a previous step. For example, create an entry that points `azure.example.com` to `198.51.100.1`.
<p class="note"><strong>Note</strong>: If you did not record the IP address of your load balancer earlier, you can retrieve it by navigating to the Azure portal, clicking <strong>All resources</strong>, and clicking the <strong>Public IP address</strong> resource that ends with <code>pcf-lb-ip</code>.</p>
##<a id='boot'></a> Step 4: Boot Ops Manager
1. Navigate to [Pivotal Network](https://network.pivotal.io/products/ops-manager) and download the latest release of **Pivotal Cloud Foundry Ops Manager for Azure**.
1. View the downloaded PDF and locate the Ops Manager image URL appropriate for your region.
1. Export the Ops Manager image URL as an environment variable.
<pre class="terminal">$ export OPS\_MAN\_IMAGE\_URL="YOUR-OPS-MAN-IMAGE-URL"</pre>
1. Download the Ops Manager image. For compatibility when upgrading to future versions of Ops Manager, choose a unique name for the image that includes the Ops Manager version number. For example, replace <code>opsman-image-2.0.x</code> in the following examples with <code>opsman-image-2.0.1</code>.
* If you use unmanaged disks, perform the following steps:
<p class="note"><strong>Note</strong>: Azure Stack requires unmanaged disks.</p>
1. Download the Ops Manager image to your local machine. The image size is 5 GB.
<pre class="terminal">$ wget $OPS\_MAN\_IMAGE\_URL -O opsman-image-2.0.x.vhd</pre>
1. Upload the image to your storage account using the Azure CLI.
<pre class="terminal">
$ az storage blob upload --name opsman-image-2.0.x.vhd \
--connection-string $AZURE\_STORAGE\_CONNECTION\_STRING \
--container-name opsmanager \
--type page \
--file opsman-image-2.0.x.vhd
</pre>
* If you use managed disks, perform the following steps:
1. Copy the Ops Manager image into your storage account using the Azure CLI.
<pre class="terminal">
$ az storage blob copy start --source-uri $OPS\_MAN\_IMAGE\_URL \
--connection-string $AZURE\_STORAGE\_CONNECTION\_STRING \
--destination-container opsmanager \
--destination-blob opsman-image-2.0.x.vhd
</pre>
1. Copying the image may take several minutes. Run the following command and examine the output under `"copy"`:
<pre class="terminal">
$ az storage blob show --name opsman-image-2.0.x.vhd \
--container-name opsmanager \
--account-name $STORAGE_NAME
...
"copy": {
"completionTime": "2017-06-26T22:24:11+00:00",
"id": "b9c8b272-a562-4574-baa6-f1a04afcefdf",
"progress": "53687091712/53687091712",
"source": "http<span>s:/</span>/opsmanagerwestus.blob.core.windows.net/images/ops-manager-2.0.0.vhd",
"status": "success",
"statusDescription": null
},
</pre>
1. Wait a few moments and re-run the command above if `status` is `pending`. When `status` reads `success`, continue to the next step.
1. Create a public IP address named `ops-manager-ip`.
<pre class="terminal">
$ az network public-ip create --name ops-manager-ip \
--resource-group $RESOURCE_GROUP --location $LOCATION \
--allocation-method Static
{
"publicIp": {
"dnsSettings": null,
"etag": "W/\"4450ebe2-9e97-4b17-9cf2-44838339c661\"",
"id": "/subscriptions/995b7eed-77ef-45ff-a5c9-1a405ffb8243/resourceGroups/cf-docs/providers/Microsoft.Network/publicIPAddresses/ops-manager-ip",
"idleTimeoutInMinutes": 4,
"ipAddress": "40.83.148.183",
"ipConfiguration": null,
"location": "westus",
"name": "ops-manager-ip",
"provisioningState": "Succeeded",
"publicIpAddressVersion": "IPv4",
"publicIpAllocationMethod": "Static",
"resourceGroup": "cf-docs",
"resourceGuid": "950d4831-1bec-42da-8a79-959bcddea9dd",
"tags": null,
"type": "Microsoft.Network/publicIPAddresses"
}
}
</pre>
1. Record the `ipAddress` from the output above. This is the public IP address of Ops Manager.
1. Create a network interface for Ops Manager.
<pre class="terminal">
$ az network nic create --vnet-name pcf-net \
--subnet pcf --network-security-group opsmgr-nsg \
--private-ip-address 10.0.0.5 \
--public-ip-address ops-manager-ip \
--resource-group $RESOURCE_GROUP \
--name opsman-nic --location $LOCATION
</pre>
1. Create a keypair on your local machine with the username `ubuntu`. For example, enter the following command:
<pre class="terminal">
$ ssh-keygen -t rsa -f opsman -C ubuntu
</pre>
<br>
When prompted for a passphrase, press the `enter` key to provide an empty passphrase.
1. Create the Ops Manager VM.
* If you are using unmanaged disks, run the following command to create your Ops Manager VM, replacing `PATH-TO-PUBLIC-KEY` with the path to your public key .pub file:
<pre class="terminal">
$ az vm create --name opsman-2.0.x --resource-group $RESOURCE_GROUP \
--location $LOCATION \
--nics opsman-nic \
--image https://$STORAGENAME.my-azure-instance.com/opsmanager/opsman-image-2.0.x.vhd \
--os-disk-name opsman-2.0.x-osdisk \
--os-disk-size-gb 128 \
--os-type Linux \
--use-unmanaged-disk \
--storage-account $STORAGENAME \
--storage-container-name opsmanager \
--admin-username ubuntu \
--ssh-key-value PATH-TO-PUBLIC-KEY
</pre>
Replace `my-azure-instance.com` with the URL of your Azure instance. Find the complete source URL in the Azure UI by viewing the **Blob properties** of the Ops Manager image you created earlier in this procedure.<br><br>
* If you are using Azure managed disks, perform the following steps:
1. Create a managed image from the Ops Manager VHD file:
<pre class="terminal">
$ az image create --resource-group $RESOURCE\_GROUP \
--name opsman-image-2.0.x \
--source https://$STORAGE\_NAME.blob.core.windows.net/opsmanager/image-2.0.x.vhd \
--location $LOCATION \
--os-type Linux
</pre>
If you are using Azure China, Azure Government Cloud, or Azure Germany, replace `blob.core.windows.net` with the following:
* For Azure China, use `blob.core.chinacloudapi.cn`. See the [Azure documentation](https://msdn.microsoft.com/en-us/library/azure/dn578439.aspx) for more information.
* For Azure Government Cloud, use `blob.core.usgovcloudapi.net`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-services-storage) for more information.
* For Azure Germany, use `blob.core.cloudapi.de`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/germany/germany-developer-guide) for more information.
1. Create your Ops Manager VM, replacing `PATH-TO-PUBLIC-KEY` with the path to your public key `.pub` file.
<pre class="terminal">
$ az vm create --name opsman-2.0.x --resource-group $RESOURCE\_GROUP \
--location $LOCATION \
--nics opsman-nic \
--image opsman-image-2.0.x \
--os-disk-name opsman-2.0.x-osdisk \
--admin-username ubuntu \
--size Standard\_DS2_v2 \
--storage-sku Standard\_LRS \
--ssh-key-value PATH-TO-PUBLIC-KEY
</pre>
1. If you plan to install more than one tile in this Ops Manager installation, perform the following steps to increase the size of the Ops Manager VM disk. You can repeat this process and increase the disk again at a later time if necessary.
<p class="note"><strong>Note</strong>: If you use Azure Stack, you must increase the Ops Manager VM disk size using the Azure Stack UI.</p>
1. Run the following command to stop the VM and detach the disk:
<pre class="terminal">
$ az vm deallocate --name opsman-2.0.x \
--resource-group $RESOURCE\_GROUP
</pre>
1. Run the following command to resize the disk to 128 GB:
<pre class="terminal">
$ az disk update --size-gb 128 --name opsman-2.0.x-osdisk \
--resource-group $RESOURCE\_GROUP
</pre>
1. Run the following command to start the VM:
<pre class="terminal">
$ az vm start --name opsman-2.0.x --resource-group $RESOURCE\_GROUP
</pre>
##<a id='post-deploy'></a> Step 5: Complete Ops Manager Director Configuration
1. Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) to the public IP address of Ops Manager. As a best practice, always use the FQDN to access Ops Manager.
1. Continue to the [Configuring Ops Manager Director on Azure](azure-om-config.html) topic.