-
Notifications
You must be signed in to change notification settings - Fork 142
/
azure-arm-template.html.md.erb
201 lines (177 loc) · 12.8 KB
/
azure-arm-template.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
---
title: Launching an Ops Manager Director Instance with an ARM Template
owner: Ops Manager
---
<strong><%= modified_date %></strong>
<html class="list-style-none"></html>
This topic describes how to deploy Ops Manager Director for Pivotal Cloud Foundry (PCF) on Azure using an Azure Resource Manager (ARM) template. An ARM template is a JSON file that describes one or more resources to deploy to a resource group.
You can also deploy Ops Manager Director manually. For more information, see the [Launching an Ops Manager Director Instance on Azure without an ARM Template](azure-om-deploy.html) topic.
Before you perform the procedures in this topic, you must complete the procedures in the [Preparing to Deploy PCF on Azure](azure-prepare-env.html) topic. After you complete the procedures in this topic, follow the instructions in [Configuring Ops Manager Director on Azure](azure-om-config.html).
##<a id='storage'></a> Step 1: Create BOSH Storage Account
Azure for PCF uses multiple general-purpose Azure storage accounts. The BOSH and Ops Manager VMs use one main BOSH storage account, and the other components share five or more deployment storage accounts.
1. Choose a name for your resource group and export it as an environment variable `$RESOURCE_GROUP`.
<pre class="terminal">
$ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
</pre>
<p class="note"><strong>Note</strong>: If you are on a Windows machine, you can use <code>set</code> instead of <code>export</code>.</p>
1. Export your location. For example, `westus`.
<pre class="terminal">
$ export LOCATION="YOUR-LOCATION"
</pre>
<p class="note"><strong>Note</strong>: For a list of available locations, run <code>azure location list</code>.</p>
1. Create your resource group:
<pre class="terminal">$ azure group create $RESOURCE_GROUP $LOCATION
</pre>
1. Choose a name for your BOSH storage account, and export it as the environment variable `$STORAGE_NAME`. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers.
<pre class="terminal">
$ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
</pre>
1. Register your subscription with Microsoft.Storage:
<pre class="terminal">$ azure provider register Microsoft.Storage
</pre>
1. Create the storage account.
<pre class="terminal">$ azure storage account create -l $LOCATION -g $RESOURCE\_GROUP \
--sku-name LRS --kind Storage $STORAGE\_NAME
</pre>
<p class="note"><strong>Note</strong>: LRS refers to a Standard Azure storage account. The BOSH Director requires table storage to store stemcell information. Azure Premium storage does not support table storage and cannot be used for the BOSH storage account.</p>
1. Retrieve the connection string for your BOSH storage account:
<pre class="terminal">
$ azure storage account connectionstring show $STORAGE\_NAME \
--resource-group $RESOURCE\_GROUP
</pre>
The command returns the following output:
<pre class="terminal">
info: Executing command storage account connectionstring show
<span>+</span> Getting storage account keys
data: connectionstring: DefaultEndpointsProtocol=https;AccountName=example-storage;AccountKey=accountkeystring
info: storage account connectionstring show command OK
</pre>
1. From the `data:` field in the output above, record the full value of `connectionstring`, starting with and including `DefaultEndpointsProtocol=`.
1. Export the connection string:
<pre class="terminal">$ export CONNECTION_STRING="YOUR-CONNECTION-STRING"</pre>
1. Create a container for the Ops Manager image:
<pre class="terminal">$ azure storage container create opsman-image \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for the Ops Manager VM:
<pre class="terminal">$ azure storage container create vhds \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for Ops Manager:
<pre class="terminal">$ azure storage container create opsmanager \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for BOSH:
<pre class="terminal">$ azure storage container create bosh \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for the stemcell:
<pre class="terminal">$ azure storage container create stemcell --permission blob \
--connection-string $CONNECTION_STRING</pre>
</pre>
<p class="note"><strong>Note</strong>: Make sure the stemcell storage container is assigned `blob` permissions.</p>
1. Create a table for stemcell data:
<pre class="terminal">azure storage table create stemcells --connection-string $CONNECTION_STRING</pre>
##<a id='copy'></a> Step 2: Copy Ops Manager Image
1. Navigate to [Pivotal Network](https://network.pivotal.io/products/ops-manager) and download the latest release of **Pivotal Cloud Foundry Ops Manager for Azure**. You can download either a PDF or a YAML file.
1. View the downloaded file and locate the Ops Manager image URL appropriate for your region.
1. Export the Ops Manager image URL as an environment variable.
<pre class="terminal">$ export OPS\_MAN\_IMAGE\_URL="YOUR-OPS-MAN-IMAGE-URL"</pre>
1. Copy the Ops Manager image into your storage account:
<pre class="terminal">
$ azure storage blob copy start $OPS\_MAN\_IMAGE\_URL opsmanager \
--dest-connection-string $CONNECTION_STRING \
--dest-container opsman-image \
--dest-blob image.vhd
</pre>
1. Copying the image may take several minutes. Run the following command and examine the output under `Status` to check the status:
<pre class="terminal">
$ azure storage blob copy show opsman-image image.vhd --connection-string $CONNECTION_STRING
info: Executing command storage blob copy show
<span>+</span> Getting storage blob information
data: Copy ID Progress Status
data: ------------------------------------ ------------- -------
data: 069d413d-be05-4b12-82bc-c96dacee230e 31457280512/31457280512 success
info: storage blob copy show command OK
</pre>
When `Status` reads `success`, continue to the next step.
##<a id='configure'></a> Step 3: Configure the ARM Template
1. Create a keypair on your local machine with the username `ubuntu`. For example, enter the following command:
<pre class="terminal">
$ ssh-keygen -t rsa -f opsman -C ubuntu
</pre>
<br>
When prompted for a passphrase, press the `enter` key to provide an empty passphrase.
1. Clone the PCF Azure ARM Templates GitHub [repository](https://github.com/pivotal-cf/pcf-azure-arm-templates.git). This repository contains both the ARM template, `azure-deploy.json`, and the parameters file, `azure-deploy-parameters.json`.
1. Open the parameters file and enter values for the following parameters:
* **storageAccountName**: The name of the storage account you created in [Step 1: Create Storage Account](#storage)
* **storageEndpoint**: The name of the storage endpoint. Leave the default endpoint unless you are using Azure China, Azure Government Cloud, or Azure Germany:
* For Azure China, use `blob.core.chinacloudapi.cn`. See the [Azure documentation](https://msdn.microsoft.com/en-us/library/azure/dn578439.aspx) for more information.
* For Azure Government Cloud, use `blob.core.usgovcloudapi.net`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-services-storage) for more information.
* For Azure Germany, use `blob.core.cloudapi.de`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/germany/germany-developer-guide) for more information.
* **adminSSHKey**: The contents of the `opsman.pub` public key file that you created above
* **tenantID**: Your tenant ID, retrieved in the [Preparing to Deploy PCF on Azure](azure-prepare-env.html) topic
* **clientID**: Your client or application ID, retrieved in the [Preparing to Deploy PCF on Azure](azure-prepare-env.html) topic
* **clientSecret**: Your client secret, created in the [Preparing to Deploy PCF on Azure](azure-prepare-env.html) topic
* **vmSize**: The size of the Ops Manager VM. Pivotal recommends using `Standard_DS2_v2`.
* **location**: The location where to install the Ops Manager VM. For example, `westus`.
##<a id='deploy'></a> Step 4: Deploy the ARM Template and Deployment Storage Accounts
1. Deploy the template:
<pre class="terminal">
$ azure group deployment create -f azure-deploy.json \
-e azure-deploy-parameters.json -v $RESOURCE_GROUP cfdeploy
</pre>
1. When the command finishes, examine the last five lines of the output:
<pre class="terminal">
data: Name Type Value
data: ---------------------------- ------ --------------------------------------------------
data: opsMan-FQDN String pcf-opsman-e8ddgelqqlq22.westus.cloudapp.azure.com
data: extra Storage Account Prefix String xtrastrgm7qcfdqljlq62
info: group deployment create command OK
</pre>
Record the following values:
* `opsMan-FQDN`: In the example above, `pcf-opsman-e8ddgelqqlq22.westus.cloudapp.azure.com`
* `extra Storage Account Prefix`: In the example above, `xtrastrgm7qcfdqljlq62`
1. The template creates five new Premium deployment storage accounts. The names of the deployment storage accounts are the value of `extra Storage Account Prefix` appended with `1`, `2`, `3`, `4`, and `5`. In the example above, the names of the five deployment storage accounts are the following:
* `xtrastrgm7qcfdqljlq621`
* `xtrastrgm7qcfdqljlq622`
* `xtrastrgm7qcfdqljlq623`
* `xtrastrgm7qcfdqljlq624`
* `xtrastrgm7qcfdqljlq625`
<br/><br/>
If you want to use Standard Azure Storage, replace Premium\_LRS with Standard\_LRS. Pivotal recommends Premium\_LRS for better performance.
<p class="note"><strong>Note</strong>: The five Premium storage accounts created by the template provide a reasonable amount of initial storage capacity. Pivotal recommends creating one Standard storage account for every 30 VMs, or one Premium storage account for every 150 VMs. You can increase the number of storage accounts later by provisioning more with the Azure CLI and following the naming sequence listed above.</p>
<br/>
For each of the five new deployment storage accounts, perform the following steps:<br/>
1. Retrieve the connection string for your storage account, replacing `YOUR-DEPLOYMENT-STORAGE-ACCOUNT-NAME` with the name of the storage account. For example, `xtrastrgm7qcfdqljlq621`.
<pre class="terminal">
$ azure storage account connectionstring \
show YOUR-DEPLOYMENT-STORAGE-ACCOUNT-NAME \
--resource-group $RESOURCE_GROUP
</pre>
The command returns output similar to the following:
<pre class="terminal">
info: Executing command storage account connectionstring show
<span>+</span> Getting storage account keys
data: connectionstring: DefaultEndpointsProtocol=https;AccountName=example-storage;AccountKey=accountkeystring
info: storage account connectionstring show command OK
</pre>
1. From the `data:` field in the output above, record the full value of `connectionstring` from the output above, starting with and including `DefaultEndpointsProtocol=`.
1. Export the connection string, choosing a unique name for `CONNECTION_STRING_N`. For example, `CONNECTION_STRING_2`.
<pre class="terminal">$ export CONNECTION\_STRING\_N="YOUR-CONNECTION-STRING"</pre>
1. Create a container for BOSH:
<pre class="terminal">$ azure storage container create bosh \
--connection-string $CONNECTION\_STRING\_N</pre>
1. Create a container for the stemcell:
<pre class="terminal">$ azure storage container create stemcell \
--connection-string $CONNECTION\_STRING\_N</pre>
</pre>
<p class="note"><strong>Note</strong>: Make sure the stemcell container is assigned `blob` permissions.</p>
1. Create a network security group named `pcf-nsg`.
<pre class="terminal">
$ azure network nsg create $RESOURCE_GROUP pcf-nsg $LOCATION
</pre>
1. Add a network security group rule to the `pcf-nsg` group to allow traffic from the public Internet.
<pre class="terminal">
$ azure network nsg rule create $RESOURCE_GROUP pcf-nsg internet-to-lb \
--protocol Tcp --priority 100 --destination-port-range '*'
</pre>
##<a id='post-deploy'></a> Step 5: Complete Ops Manager Director Configuration
1. Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) in your domain to the `opsMan-FQDN` you retrieved from the output of the template deployment above.
1. Continue to the [Configuring Ops Manager Director on Azure](azure-om-config.html) topic.