-
Notifications
You must be signed in to change notification settings - Fork 73
/
config-terraform.html.md.erb
246 lines (182 loc) · 12.4 KB
/
config-terraform.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
---
title: Configuring BOSH Director on GCP Using Terraform
owner: Ops Manager
iaas: GCP
install_type: terraform
---
This topic describes how to configure the BOSH Director for Pivotal Cloud Foundry (PCF) on Google Cloud Platform (GCP) after [Preparing to Deploy Ops Manager on GCP Using Terraform](./prepare-env-terraform.html).
<p class="note"><strong>Note:</strong> You can also perform the procedures in this topic using the Ops Manager API. For more information, see the <a href="http://docs.pivotal.io/pivotalcf/<%= product_info['local_product_version'].to_s.sub('.','-') %>/customizing/ops-man-api.html">Using the Ops Manager API</a> topic.</p>
## <a id='prereq'></a> Prerequisite
To complete the procedures in this topic, you must have access to the output from when you ran `terraform apply` to create resources for this deployment. You can view this output at any time by running `terraform output`. You use the values in your Terraform output to configure the BOSH Director tile.
## <a id='access-om'></a> Step 1: Access Ops Manager
1. In a web browser, navigate to the fully qualified domain name (FQDN) of the BOSH Director.
Use the `ops_manager_dns` value from running `terraform output`.
<p class="note"><strong>Note:</strong> In order to set up Ops Manager authentication correctly, Pivotal recommends using a Fully Qualified Domain Name (FQDN) to access Ops Manager. Using an ephemeral IP address to access Ops Manager can cause authentication errors upon subsequent access.</p>
1. When Ops Manager starts for the first time, you must choose one of the following:
* [Internal Authentication](#internal): If you use internal authentication, Ops Manager maintains your user database.
* [SAML Identity Provider](#saml): If you use a SAML Identity Provider (IdP), an external identity server maintains your user database.
* [LDAP Server](#ldap): If you use an LDAP Server, an external identity server maintains your user database.
<%= image_tag("../common/images/select-authentication.png") %>
### <a id='internal'></a> Internal Authentication
1. When redirected to the **Internal Authentication** page, do the following:
* Enter a **Username**, **Password**, and **Password confirmation** to create an Admin user.
* Enter a **Decryption passphrase** and the **Decryption passphrase confirmation**. This passphrase encrypts the Ops Manager datastore, and is not recoverable.
* If you are using an **HTTP proxy** or **HTTPS proxy**, follow the instructions in the [Configuring Proxy Settings for the BOSH CPI](http://docs.pivotal.io/pivotalcf/<%= product_info['local_product_version'].to_s.sub('.','-') %>/customizing/pcf-director-proxy-settings.html) topic.
* Read the **End User License Agreement**, and select the checkbox to accept the terms.
* Click **Setup Authentication**.
<%= image_tag("../common/images/om-login.png") %>
1. Log in to Ops Manager with the Admin username and password you created in the previous step.
<%= image_tag("../common/images/cf-login.png") %>
### <a id='saml'></a> SAML Identity Provider
<%= partial '../common/using_saml_idp_ops_manager' %>
### <a id='ldap'></a> LDAP Server
<%= partial '../common/using_ldap_server_ops_manager' %>
## <a id='gcp-config'></a> Step 2: Google Cloud Platform Config
1. Click the **Google Cloud Platform** tile within the **Installation Dashboard**.
<%= image_tag("../common/images/gcp/director-tile-gcp.png") %>
1. Select **Google Config**. Complete the following fields:
* **Project ID**: Enter the value of `project` from your `terraform.tfvars` file.
* **Default Deployment Tag**: Enter the value of `env_name` from your `terraform.tfvars` file.
* Select **AuthJSON** and in the field below enter the contents of the JSON file for you service account key.
<p class="note"><strong>Note:</strong> As an alternative, you can select <strong>The Ops Manager VM Service Account</strong> option to use the service account automatically created by GCP for the Ops Manager VM.</p>
<%= image_tag("../common/images/gcp/google_config.png") %>
1. Click **Save**.
## <a id='director-config'></a> Step 3: Director Config Page
<%= partial "../common/director-config" %>
## <a id='az'></a> Step 4: Create Availability Zones Page
<div class="note"><strong>Note:</strong> Pivotal recommends at least three availability zones for a highly available installation.
<ul>
<li>For configuring a PAS deployment with multiple availability zones, see <a href="https://docs.pivotal.io/pivotalcf/<%= product_info['local_product_version'].to_s.sub('.','-') %>/refarch/gcp/gcp_ref_arch.html">Reference Architecture for Pivotal Cloud Foundry on GCP</a>.</li>
<li>For configuring a <%= vars.pks_product_short%> deployment for distributing workloads across multiple availability zones and clusters, see <a href="https://docs.pivotal.io/pks/maintain-uptime.html">Maintaining Workload Uptime</a>.</li>
</ul>
</div>
1. Select **Create Availability Zones**.
1. Use the **Add** button to add three availability zones corresponding to those listed in the `azs` field in your Terraform output.
1. Click **Save**.
## <a id='network'></a> Step 5: Create Networks Page
1. Select **Create Networks**.
1. Make sure **Enable ICMP checks** is not selected. GCP routers do not respond to ICMP pings.
1. Use the **Add Network** button to create the following three networks:
<p class="note"><strong>Note:</strong> To use a shared VPC network, enter the shared VPC host project name before the network name in the format <code>VPC-PROJECT-NAME/NETWORK-NAME/SUBNET-NAME/REGION-NAME</code>. For example, <code>vpc-project/opsmgr/central/us-central1</code>. For more information, see <a href="http://docs.pivotal.io/pivotalcf/<%= product_info['local_product_version'].to_s.sub('.','-') %>/customizing/gcp-shared-vpc.html">Configuring a Shared VPC on GCP</a>.</p>
<h3>Infrastructure Network</h3>
<table>
<tr>
<th>Network Name</th>
<td><code>infrastructure</code></td>
</tr>
<tr>
<th>Google Network Name</th>
<td>Use the <code>network_name</code>, <code>infrastructure_subnet_name</code>, and <code>region</code> fields from your Terraform output to enter the name of the infrastructure network created by Terraform. <br>The format is: <code>network_name/infrastructure_subnet_name/region</code></td>
</tr>
<tr>
<th>CIDR</th>
<td>Enter the value of <code>infrastructure_subnet_cidrs</code> from your Terraform output.</td>
</tr>
<tr>
<th>Reserved IP Ranges</th>
<td>Enter the first <code>.1</code> through <code>.9</code> addresses from the CIDR. For example, if the CIDR is <code>192.168.101.0/26</code>, enter the range <code>192.168.101.1-192.168.101.9</code>.</td>
</tr>
<tr>
<th>DNS</th>
<td><code>169.254.169.254</code></td>
</tr>
<tr>
<th>Gateway</th>
<td>Enter the value of <code>infrastructure_subnet_gateway</code> from your Terraform output.</td>
</tr>
<tr>
<th>Availability Zones</th>
<td>Select all three availability zones.</td>
</tr>
</table>
<h3>Runtime Network</h3>
<table>
<tr>
<th>Network Name</th>
<td>Enter the name of the runtime that you intend to deploy in this environment. For example, <code>pas</code> or <code>pks</code>.</td>
</tr>
<tr>
<th>Google Network Name</th>
<td>Use the <code>network_name</code>, <code>pas_subnet_name</code>, and <code>region</code> fields from your Terraform output to enter the name of the runtime network created by Terraform. <br>The format is: <code>network_name/pas_subnet_name/region</code></td>
</tr>
<tr>
<th>CIDR</th>
<td>Enter the value of <code>pas_subnet_cidrs</code> from your Terraform output.</td>
</tr>
<tr>
<th>Reserved IP Ranges</th>
<td>Enter the first <code>.1</code> through <code>.9</code> addresses from the CIDR. For example, if the CIDR is <code>192.168.16.0/22</code>, enter the range <code>192.168.16.1-192.168.16.9</code>.</td>
</tr>
<tr>
<th>DNS</th>
<td><code>169.254.169.254</code></td>
</tr>
<tr>
<th>Gateway</th>
<td>Enter the value of <code>pas_subnet_gateway</code> from your Terraform output.</td>
</tr>
<tr>
<th>Availability Zones</th>
<td>Select all three availability zones.</td>
</tr>
</table>
<h3>Services Network</h3>
<table>
<tr>
<th>Network Name</th>
<td><code>services</code></td>
</tr>
<tr>
<th>Google Network Name</th>
<td>Use the <code>network_name</code>, <code>services_subnet_name</code>, and <code>region</code> fields from your Terraform output to enter the name of the services network created by Terraform. <br>The format is: <code>network_name/services_subnet_name/region</code></td>
</tr>
<tr>
<th>CIDR</th>
<td>Enter the value of <code>services_subnet_cidrs</code> from your Terraform output.</td>
</tr>
<tr>
<th>Reserved IP Ranges</th>
<td>Enter the first <code>.1</code> through <code>.9</code> addresses from the CIDR. For example, if the CIDR is <code>192.168.16.0/22</code>, enter the range <code>192.168.20.1-192.168.20.9</code>.</td>
</tr>
<tr>
<th>DNS</th>
<td><code>169.254.169.254</code> </td>
</tr>
<tr>
<th>Gateway</th>
<td>Enter the value of <code>services_subnet_gateway</code> from your Terraform output.</td>
</tr>
<tr>
<th>Availability Zones</th>
<td>Select all three availability zones.</td>
</tr>
</table>
<%= vars.expand_network_azs %>
## <a id="assign-azs"></a> Step 6: Assign AZs and Networks Page
1. Select **Assign AZs and Networks**.
1. Use the dropdown to select a **Singleton Availability Zone**. The BOSH Director installs in this Availability Zone.
1. Under **Network**, select the `infrastructure` network for your BOSH Director.
1. Click **Save**.
## <a id='security'></a> Step 7: Security Page
<%= partial "../common/security-pane" %>
## <a id='syslog'></a> Step 8: Syslog Page
<%= partial '../common/syslog_bosh' %>
## <a id='resource-config'></a> Step 9: Resource Config Page
1. Select **Resource Config**.
1. Verify that the **Internet Connected** checkbox for every job is checked. The Terraform templates do not provision a Network Address Translation (NAT) box for internet connectivity to your VMs, so instead VMs are provided with ephemeral public IP addresses to allow the jobs to reach the internet.
<p class="note"><strong>Note:</strong> If you want to provision a Network Address Translation (NAT) box to provide internet connectivity to your VMs instead of providing them with public IP addresses, deselect the <strong>Internet Connected</strong> checkboxes. For more information about using NAT in GCP, see the <a href="https://cloud.google.com/compute/docs/networking">GCP documentation</a>.</p>
<p class="note"><strong>Note:</strong> If you install Pivotal Application Service for Windows (PASW), provision your <strong>Master Compilation Job</strong> with at least 100 GB of disk space.</p>
## <a id='custom-vm-extensions'></a> Step 10: (Optional) Add Custom VM Extensions
<%= partial '../common/vm-extension-config' %>
## <a id='complete'></a> Step 11: Complete the BOSH Director Installation
1. Click the **Installation Dashboard** link to return to the Installation Dashboard.
1. Click **Review Pending Changes**, then **Apply Changes**. If the following ICMP error message appears, return to the [Network Config](#network) screen, and make sure you have deselected the **Enable ICMP Checks** box. Click **Review Pending Changes**, then **Apply Changes** again.
<%= image_tag("../common/images/cloudform/install-error.png") %>
1. BOSH Director installs. This may take a few moments. When the installation process successfully completes, the **Changes Applied** window appears.
<%= image_tag("../common/images/cloudform/ops-manager-complete.png") %>
## <a id="next"></a> Next Steps
After you complete this procedure, follow the instructions for the runtime you intend to install.
<ul>
<li>To deploy PAS, see [Deploying PAS on GCP](http://docs.pivotal.io/pivotalcf/<%= product_info['local_product_version'].to_s.sub('.','-') %>/customizing/gcp-er-config.html).</li>
<li>To prepare to deploy PKS, see [Creating Service Accounts in GCP for PKS](https://docs.pivotal.io/pks/gcp-service-accounts.html).</li>
</ul>