forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathazure-arm-template.html.md.erb
198 lines (148 loc) · 10.3 KB
/
azure-arm-template.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
---
title: Deploying BOSH and Ops Manager to Azure with ARM
owner: Ops Manager
---
This topic describes how to deploy BOSH Director for <%= vars.product_name %> on Azure using an Azure Resource Manager (ARM) template. An ARM template is a JSON file that describes one or more resources to deploy to a resource group.
You can also deploy BOSH Director manually, by following the procedure in
[Deploying Ops Manager on Azure Manually](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/azure/deploy-manual.html). You must manually deploy if you are deploying to any of the following:
* Azure China
* Azure Germany
* Azure Government Cloud
* Azure Stack (Beta)
<p class="note"><strong>Note:</strong> Azure Stack is in beta for this release. Pivotal does not recommend using Azure Stack for a production deployment.</p>
Before you perform the procedures in this topic, you must complete the procedures in [Preparing to Deploy Ops Manager on Azure Manually](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/azure/prepare-env-manual.html). After you complete the procedures in this topic, follow the instructions in [Configuring BOSH Director on Azure Manually](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/azure/config-manual.html).
## <a id='arm-template'></a> Where to Find the <%= vars.product_name %> Azure ARM Templates
The <%= vars.product_name %> Azure ARM Templates are available for download from the following GitHub repository:
[https://github.com/pivotal-cf/pcf-azure-arm-templates](https://github.com/pivotal-cf/pcf-azure-arm-templates)
For <%= vars.product_name %> v1.11 and later, use the templates tagged with the [1.11+ release](https://github.com/pivotal-cf/pcf-azure-arm-templates/releases/tag/1.11%2B).
For <%= vars.product_name %> v1.11 and earlier, use the templates tagged with the [1.10- release](https://github.com/pivotal-cf/pcf-azure-arm-templates/releases/tag/1.10-).
## <a id='storage'></a> Step 1: Create BOSH Storage Account
Azure for <%= vars.product_name %> uses multiple general-purpose Azure storage accounts. The BOSH and Pivotal Operations Manager VMs use one main BOSH storage account, and the other components share five or more deployment storage accounts.
1. Choose a name for your resource group and export it as an environment variable `$RESOURCE_GROUP`.
<pre class="terminal">
$ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
</pre>
<p class="note"><strong>Note:</strong> If you are on a Windows machine, you can use <code>set</code> instead of <code>export</code>.</p>
1. Export your location. For example, `westus`.
<pre class="terminal">
$ export LOCATION="YOUR-LOCATION"
</pre>
<p class="note"><strong>Note:</strong> For a list of available locations, run <code>az account list-locations</code>.</p>
1. Create your resource group:
<pre class="terminal">$ az group create --name $RESOURCE_GROUP --location $LOCATION
</pre>
1. Choose a name for your BOSH storage account, and export it as the environment variable `$STORAGE_NAME`. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers.
<pre class="terminal">
$ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
</pre>
1. Create the storage account.
<pre class="terminal">
$ az storage account create --name $STORAGE\_NAME \
--resource-group $RESOURCE\_GROUP --sku Standard\_LRS \
--kind Storage --location $LOCATION
</pre>
<p class="note"><strong>Note</strong>: <code>Standard_LRS</code> refers to a Standard Azure storage account. The BOSH Director requires table storage to store stemcell information. Azure Premium storage does not support table storage and cannot be used for the BOSH storage account.</p>
1. Retrieve the connection string for your BOSH storage account:
<pre class="terminal">
$ az storage account show-connection-string \
--name $STORAGE\_NAME --resource-group $RESOURCE_GROUP
</pre>
The command returns output similar to the following:
<pre class="terminal">
{
"connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=cfdocsdeploystorage1;AccountKey=EXAMPLEaaabbbcccMf8wEwdeJMvvonrbmNk27bfkSL8ZFzAhs3Kb78si5CTPHhjHHiK4qPcYzn/8OmFg=="
}
</pre>
1. Record the full value of `connectionString` from the output above, starting with and including `DefaultEndpointsProtocol=`.
1. Export the connection string:
<pre class="terminal">$ export CONNECTION_STRING="YOUR-CONNECTION-STRING"</pre>
1. Create a container for the Ops Manager image:
<pre class="terminal">$ az storage container create --name opsman-image \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for the Ops Manager VM:
<pre class="terminal">$ az storage container create --name vhds \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for Ops Manager:
<pre class="terminal">$ az storage container create --name opsmanager \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for BOSH:
<pre class="terminal">$ az storage container create --name bosh \
--connection-string $CONNECTION_STRING</pre>
1. Create a container for the stemcell:
<pre class="terminal">$ az storage container create --name stemcell \
--public-access blob \
--connection-string $CONNECTION_STRING</pre>
</pre>
1. Create a table for stemcell data:
<pre class="terminal">$ az storage table create --name stemcells \
--connection-string $CONNECTION_STRING</pre>
## <a id='copy'></a> Step 2: Copy Ops Manager Image
1. Navigate to [Pivotal Network](https://network.pivotal.io/products/ops-manager) and download the latest release of **Pivotal Ops Manager for Azure**. You can download either a PDF or a YAML file.
1. View the downloaded file and locate the Ops Manager image URL appropriate for your region.
1. Export the Ops Manager image URL as an environment variable.
<pre class="terminal">$ export OPS\_MAN\_IMAGE\_URL="YOUR-OPS-MAN-IMAGE-URL"</pre>
1. Copy the Ops Manager image into your storage account:
<pre class="terminal">
$ az storage blob copy start --source-uri $OPS\_MAN\_IMAGE\_URL \
--connection-string $CONNECTION_STRING \
--destination-container opsman-image \
--destination-blob image.vhd
</pre>
1. Copying the image may take several minutes. Run the following command and examine the output under `"copy"`:
<pre class="terminal">
$ az storage blob show --name image.vhd \
--container-name opsman-image \
--account-name $STORAGE_NAME
...
"copy": {
"completionTime": "2017-06-26T22:24:11+00:00",
"id": "b9c8b272-a562-4574-baa6-f1a04afcefdf",
"progress": "53687091712/53687091712",
"source": "http<span>s:/</span>/opsmanagerwestus.blob.core.windows.net/images/ops-manager-1.11.3.vhd",
"status": "success",
"statusDescription": null
},
</pre>
When `status` reads `success`, continue to the next step.
## <a id='configure'></a> Step 3: Configure the ARM Template
1. Create a key pair on your local machine. For example, enter the following command:
<pre class="terminal">
$ ssh-keygen -t rsa -f opsman -C ubuntu
</pre>
<br>
When prompted for a passphrase, follow the prompts to provide an empty passphrase.
1. Download the latest release of the <%= vars.product_name %> Azure ARM Templates. For <%= vars.product_name %> v1.11 and later, download [this release](https://github.com/pivotal-cf/pcf-azure-arm-templates/releases/tag/1.11%2B).
1. Open the parameters file and enter values for the following parameters:
* **OpsManVHDStorageAccount**: The name of the storage account you created in [Step 1: Create Storage Account](#storage)
* **BlobStorageContainer**: The name of the container to which you copied the Ops Manager VHD
* **BlobStorageEndpoint**: The base URL of the storage endpoint. Leave the default endpoint unless you are using Azure China, Azure Government Cloud, or Azure Germany:
* For Azure China, use `blob.core.chinacloudapi.cn`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/china/china-get-started-developer-guide) for more information.
* For Azure Government Cloud, use `blob.core.usgovcloudapi.net`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/azure-government/documentation-government-services-storage) for more information.
* For Azure Germany, use `blob.core.cloudapi.de`. See the [Azure documentation](https://docs.microsoft.com/en-us/azure/germany/germany-developer-guide) for more information.
* **AdminSSHKey**: The contents of the `opsman.pub` public key file that you created above
* **Location**: The location to install the Ops Manager VM. For example, `westus`.
* **Environment**: Tag template-created resources for assisting with resource management
## <a id='deploy'></a> Step 4: Deploy the ARM Template
1. Deploy the template:
<pre class="terminal">
$ az group deployment create --template-file azure-deploy.json \
--parameters azure-deploy-parameters.json \
--resource-group $RESOURCE_GROUP --name cfdeploy
</pre>
1. Create a network security group named `<%= vars.product_name_lc %>-nsg`.
<pre class="terminal">
$ az network nsg create --name <%= vars.product_name_lc %>-nsg \
--resource-group $RESOURCE_GROUP \
--location $LOCATION
</pre>
1. Add a network security group rule to the `<%= vars.product_name_lc %>-nsg` group to allow traffic from the public Internet.
<pre class="terminal">
$ az network nsg rule create --name internet-to-lb \
--nsg-name <%= vars.product_name_lc %>-nsg --resource-group $RESOURCE_GROUP \
--protocol Tcp --priority 100 \
--destination-port-range '*'
</pre>
## <a id='post-deploy'></a> Step 5: Complete BOSH Director Configuration
1. Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) in your domain to the IP address of the Ops Manager VM.
<p class="note"><strong>Note:</strong> If the ARM template deployment does not return an IP address in the output of <code>opsMan-FQDN</code>, then visit the Azure Portal to retrieve the public IP address of the new Ops Manager virtual machine.</p>
1. Continue to the [Configuring BOSH Director on Azure Manually](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/azure/config-manual.html) topic.