forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathopenstack-setup.html.md.erb
260 lines (178 loc) · 9.69 KB
/
openstack-setup.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
---
title: Provisioning the OpenStack Infrastructure
owner: Ops Manager
---
<strong><%= modified_date %></strong>
This guide describes how to provision the OpenStack infrastructure that you
need to install [Pivotal Cloud Foundry®](https://network.pivotal.io/products/pivotal-cf) (PCF) OpenStack. This document uses Mirantis Openstack. Use this topic when [Installing Pivotal Cloud Foundry® on OpenStack](./openstack.html).
After completing this procedure, complete all of the steps in the [Configuring Ops Manager Director for OpenStack](./openstack-om-config.html) and [Installing Elastic Runtime on OpenStack](./openstack-er-config.html) topics.
## <a id='log-in'></a>Step 1: Log In to the OpenStack Horizon Dashboard ##
1. Log in to the OpenStack Horizon Dashboard.
<%= image_tag("openstack/log-in.png") %>
## <a id='security'></a>Step 2: Configure Security ##
This section describes adding key pairs for your PCF deployment.
<p class='note'><strong>Note</strong>: OpenStack 8 uses the Python Paramiko library, which uses the BER or DER format instead of PEM. If you are using OpenStack 8, import your own key using <code>ssh-keygen</code>, and skip to Step 3 below.</p>
1. In the left navigation of your OpenStack dashboard, click **Project > Compute > Access & Security**.
1. Select the **Key Pairs** tab on the **Access & Security** page.
1. Click **Create Key Pair**.
1. Enter a **Key Pair Name** and click **Create Key Pair**.
<%= image_tag("openstack/create-key-pair.png") %>
1. In the left navigation, click **Access & Security** to refresh the page.
1. Select the **Security Groups** tab. Click **Create Security Group** and
create a group with the following properties:
* **Name**: `opsmanager`
* **Description**: `Ops Manager`
<%= image_tag("openstack/create-security.png") %>
1. Select the checkbox for the `opsmanager` Security Group and click **Manage Rules**.
<%= image_tag("openstack/manage-security-rules.png") %>
1. Add the access rules for HTTP, HTTPS, and SSH as shown in the table below. The rules with <code>opsmanager</code> in the Remote column have restricted access to that particular Security Group.
<p class='note'><strong>Note</strong>: Adjust the remote sources as
necessary for your own security compliance. Pivotal recommends limiting
remote access to Ops Manager to IP ranges within your organization.</p>
<p class="note"><strong>Note</strong>: If you intend to set up ICMP for your PCF deployment, you should add those rules here.</p>
<table class='nice' border='1'>
<tr>
<th><strong>Direction</strong></th>
<th><strong>Ether Type</strong></th>
<th><strong>IP Protocol</strong></th>
<th><strong>Port Range</strong></th>
<th><strong>Remote</strong></th>
</tr>
<tr>
<td>Ingress</td>
<td>IPv4</td>
<td>Custom TCP</td>
<td>22 (SSH)</td>
<td>0.0.0.0/0 (CIDR)</td>
</tr>
<tr>
<td>Ingress</td>
<td>IPv4</td>
<td>Custom TCP</td>
<td>80 (HTTP)</td>
<td>0.0.0.0/0 (CIDR)</td>
</tr>
<tr>
<td>Ingress</td>
<td>IPv4</td>
<td>Custom TCP</td>
<td>443 (HTTPS)</td>
<td>0.0.0.0/0 (CIDR)</td>
</tr>
<tr>
<td>Ingress</td>
<td>IPv4</td>
<td>Custom TCP</td>
<td>25555</td>
<td>0.0.0.0/0 (CIDR)</td>
</tr>
<tr>
<td>Ingress</td>
<td>IPv4</td>
<td>Custom TCP</td>
<td>1-65535</td>
<td>opsmanager</td>
</tr>
<tr>
<td>Ingress</td>
<td>IPv4</td>
<td>Custom UDP</td>
<td>1-65535</td>
<td>opsmanager</td>
</tr>
</table>
## <a id='create-om-image'></a>Step 3: Create Ops Manager Image ##
Use one of the following tools to create the Ops Manager image in OpenStack:
* [The OpenStack GUI](#openstack-gui)
* [The Glance CLI client](#glance-cli)
<p class='note'><strong>Note</strong>: If your Horizon Dashboard does not
support file uploads, you must use the Glance client.</p>
### <a id='openstack-gui'></a> (Option) OpenStack GUI ###
1. Download the **Pivotal Cloud Foundry® Ops Manager for OpenStack** image file from [Pivotal Network](https://network.pivotal.io).
1. In the left navigation of your OpenStack dashboard, click **Project > Compute > Images**.
1. Click **Create Image**. Complete the **Create An Image** page with the
following information:
* **Name**: Enter `Ops Manager`.
* **Image Source**: Select **Image File**.
* **Image File**: Click **Choose File**. Browse to and select the image file
that you downloaded from [Pivotal Network](https://network.pivotal.io).
* **Format**: Select **Raw**.
* **Minimum Disk (GB)**: Enter `40`.
* **Minimum RAM (MB)**: Enter `4096`.
* Ensure that the **Public** checkbox is not selected.
* Select the **Protected** checkbox.
1. Click **Create Image**.
<%= image_tag("openstack/create-image.png") %>
### <a id='glance-cli'></a> (Option) Glance CLI ###
1. Install the [Glance CLI client](http://docs.openstack.org/user-guide/common/cli_install_openstack_command_line_clients.html).
1. Download the **Pivotal Cloud Foundry® Ops Manager for OpenStack** image file from [Pivotal Network](https://network.pivotal.io).
1. Run `admin-openrc.sh` to download your `openstack.rc` file and target your
OpenStack environment.
<pre class='terminal'>
$ ./admin-openrc.sh
Please enter your OpenStack Password:
</pre>
1. Run the following Glance command to upload the image file that you downloaded from [Pivotal Network](https://network.pivotal.io):
<pre class='terminal'>
$ glance image-create --progress --disk-format raw --name "Ops Manager" --container-format bare --file PATH/DOWNLOADED-FILE
</pre>
## <a id='launch-om-vm'></a>Step 4: Launch Ops Manager VM ##
1. In the left navigation of your OpenStack dashboard, click **Project > Compute > Images**.
<%= image_tag("openstack/launch-image.png") %>
1. Click **Launch** to initate your project image.
1. Complete the **Details**, **Access & Security**, and **Networking** tabs of the **Launch Instance** form with the information below.
### Details Tab ###
Select the **Details** tab and specify the following details:
* **Availability Zone**: Use the drop-down menu to select an availability
zone. You use this availability zone when you [Complete the Availability
Zones Pages](./openstack-om-config.html#az-config) when [Configuring Ops
Manager Director](./openstack-om-config.html).
* **Instance Name**: Enter `Ops Manager`.
* **Flavor**: Select **m1.large**.
* **Instance Count**: Do not change from the default.
* **Instance Boot Source**: Select **Boot from image**.
* **Image Name**: Select the **Ops Manager** image.
<%= image_tag("openstack/instance-details.png") %>
### Access & Security Tab ###
Select the **Access & Security** tab and specify the following details:
* **Key Pair**: Select the key pair that you created in [Step 2: Configure
Security](#security). You need this key pair to log in to the Ops Manager
instance from your workstation.
* **Security Groups**: Select the **opsmanager** checkbox. Deselect all
other Security Groups.
<%= image_tag("openstack/instance-security.png") %>
### Networking Tab ###
1. Select the **Networking** tab.
1. Under **Available networks**, select a private subnet. You add a Floating IP
to this network in a later step.
1. Click **Launch**.
<%= image_tag("openstack/instance-networking.png") %>
## <a id='floating-ip'></a>Step 5: Associate Floating IP Address ##
1. In the left navigation of your OpenStack dashboard, click **Project > Compute > Instances**.
1. Wait until the **Power State** of the Ops Manager instances shows as
_Running_.
1. Record the private **IP Address** of the Ops Manager instance. You use this
IP Address when you [Complete the Create Networks Pages](./openstack-om-config.html#create-networks) in Ops Manager.
<%= image_tag("openstack/instance-running.png") %>
1. Select the **Ops Manager** checkbox. Click the **Actions** drop-down menu and
select **Associate Floating IP**.
1. Under IP Address, click **+**.
<%= image_tag("openstack/ip-add.png") %>
1. Under **Pool**, select an IP Pool and click **Allocate IP**.
<%= image_tag("openstack/ip-pool.png") %>
1. Under **Port to be associated**, select your **Ops Manager** instance. Click
**Associate**.
<%= image_tag("openstack/ip-associate.png") %>
## <a id='blob-storage'></a>Step 6: Add Blob Storage ##
1. In the left navigation of your OpenStack dashboard, click **Project > Object Store > Containers**.
1. Click **Create Container**. Create a container with the following properties:
* **Container Name**: Enter `pcf`.
* **Container Access**: Select **private**.
<%= image_tag("openstack/create-container.png") %>
## <a id='dns-entry'></a>Step 7: Create a DNS Entry ##
<p class="note"><strong>Note</strong>: Ops Manager 1.7 security features require you to create a fully qualified domain name in order to access Ops Manager during the <a href="openstack-om-config.html#log-in">initial configuration.</a></p>
Create a DNS entry for the IP address that you used for Ops Manager. You must use this fully qualified domain name when you log into Ops Manager in the Configure Ops Manager Director for OpenStack step below.
## <a id='configure-ops'></a>Step 8: Configure Ops Manager Director for OpenStack
Now that you have completed this procedure, complete all of the steps in the [Configuring Ops Manager Director for OpenStack](./openstack-om-config.html) and [Installing Elastic Runtime on OpenStack](./openstack-er-config.html) topics.
---
Return to [Installing Pivotal Cloud Foundry® on OpenStack](./openstack.html).