LATEST VERSION: 1.10 - CHANGELOG
Pivotal Cloud Foundry v1.9

Launching an Ops Manager Director Instance on Azure without an ARM Template

Page last updated:

This topic describes how to deploy Ops Manager Director for Pivotal Cloud Foundry (PCF) on Azure by using individual commands to create resources in Azure instead of using an Azure Resource Manager (ARM) template. For information about using the ARM template, see the Launching an Ops Manager Director Instance with an ARM Template topic.

Before you perform the procedures in this topic, you must have completed the procedures in the Preparing to Deploy PCF on Azure topic. After you complete the procedures in this topic, follow the instructions in the Configuring Ops Manager Director on Azure topic.

Note: The Azure portal sometimes displays the names of resources with incorrect capitalization. Always use the Azure CLI to retrieve the correctly capitalized name of a resource.

Step 1: Create Network Resources

  1. Navigate to the Azure portal, click Resource groups, and click Add to create a new resource group for your PCF deployment.

  2. Enter a Resource group name, select your Subscription, and select a Resource group location. Click Create.

  3. Export the name of your resource group as the environment variable $RESOURCE_GROUP.

    $ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
    

    Note: If you are on a Windows machine, you can use set instead of export.

  4. Export your location. For example, westus.

    $ export LOCATION="YOUR-LOCATION"
    

    Note: For a list of available locations, run azure location list.

  5. Create a network security group named pcf-nsg.

    $ azure network nsg create $RESOURCE_GROUP pcf-nsg $LOCATION
    

  6. Add a network security group rule to the pcf-nsg group to allow traffic from the public Internet.

    $ azure network nsg rule create $RESOURCE_GROUP pcf-nsg internet-to-lb \
    --protocol Tcp --priority 100 --destination-port-range '*'
    

    Note: Because the VMs do not have public IP addresses, this network security group rule only affects the load balancer.

  7. Create a network security group named opsmgr-nsg.

    $ azure network nsg create $RESOURCE_GROUP opsmgr-nsg $LOCATION
    

  8. Add a network security group rule to the opsmgr-nsg group that allow HTTP traffic to the Ops Manager VM.

    $ azure network nsg rule create $RESOURCE_GROUP opsmgr-nsg http \
    --protocol Tcp --destination-port-range 80 --priority 100
    

  9. Add a network security group rule to the opsmgr-nsg group that allow HTTPS traffic to the Ops Manager VM.

    $ azure network nsg rule create $RESOURCE_GROUP opsmgr-nsg https \
    --protocol Tcp --destination-port-range 443 --priority 200
    

  10. Add a network security group rule to the opsmgr-nsg group that allow SSH traffic to the Ops Manager VM.

    $ azure network nsg rule create $RESOURCE_GROUP opsmgr-nsg ssh \
    --protocol Tcp --destination-port-range 22 --priority 300
    

  11. Create a virtual network named pcf-net.

    $ azure network vnet create $RESOURCE_GROUP pcf-net $LOCATION \
    --address-prefixes 10.0.0.0/16
    

  12. Add a subnet to the network for PCF VMs.

    $ azure network vnet subnet create $RESOURCE_GROUP pcf-net pcf \
    --address-prefix 10.0.0.0/20
    

    Note: To use the Single Sign-On for PCF service, you must configure a network that contains only one subnet.

Step 2: Create BOSH and Deployment Storage Accounts

Azure for PCF uses multiple general-purpose Azure storage accounts. The BOSH and Ops Manager VMs use one main BOSH account, and the other components share three or more deployment storage accounts.

  1. Choose a name for your BOSH storage account, and export it as the environment variable $STORAGE_NAME. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers.
    $ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
    
  2. Create a BOSH storage account with the following command, replacing SUBSCRIPTION_ID with your subscription ID.
    $ azure storage account create $STORAGE_NAME --resource-group $RESOURCE_GROUP \
    --sku-name LRS --kind Storage --subscription SUBSCRIPTION_ID \
    --location $LOCATION
    
    If the command fails, ensure you have followed the rules for naming your storage account. Re-export a new storage account name if necessary.
  3. Configure the Azure CLI to use the BOSH storage account as its default.
    1. Retrieve the connection string for the account.
      $ azure storage account connectionstring show $STORAGE_NAME \
      --resource-group $RESOURCE_GROUP
      
      The command returns output similar to the following:
      info:    Executing command storage account connectionstring show
      + Getting storage account keys
      data:    connectionstring: DefaultEndpointsProtocol=https;AccountName=example-storage;AccountKey=accountkeystring
      info:    storage account connectionstring show command OK
      
    2. From the data: field in the output above, record the full value of connectionstring from the output above, starting with and including DefaultEndpointsProtocol=.
    3. Export the value of connectionstring as the environment variable $AZURE_STORAGE_CONNECTION_STRING.
      $ export AZURE_STORAGE_CONNECTION_STRING="YOUR-ACCOUNT-KEY-STRING"
      
  4. Create three blob containers in the BOSH storage account, named opsmanager, bosh, and stemcell.
    $ azure storage container create opsmanager
    $ azure storage container create bosh
    $ azure storage container create stemcell --permission blob
    
  5. Create a table named stemcells.
    $ azure storage table create stemcells
    
  6. Choose a set of unique names for three or more deployment storage accounts. As with the BOSH storage account above, the names must be unique, alphanumeric, lowercase, and 3-24 characters long. The account names must also be sequential or otherwise identical except for the last character. For example: xyzdeploystorage1, xyzdeploystorage2, xyzdeploystorage3.

    Note: You can create up to 20 Azure storage accounts if your installation is large, or you can start with three and increase the number later.

  7. Register your subscription with Microsoft.Storage:
    $ azure provider register Microsoft.Storage
  8. For each deployment storage account, do the following:

    1. Create the storage account with the following command, replacing MY_DEPLOYMENT_STORAGE_X with one of your deployment storage account names and SUBSCRIPTION_ID with your subscription ID.
      $ azure storage account create MY_DEPLOYMENT_STORAGE_X \
      --resource-group $RESOURCE_GROUP --sku-name LRS --kind Storage \
      --subscription SUBSCRIPTION_ID --location $LOCATION
      
      If the command fails, try a different set of account names.
    2. Retrieve the connection string for the account.
      $ azure storage account connectionstring show MY_DEPLOYMENT_STORAGE_X \
      --resource-group $RESOURCE_GROUP
      
      The command returns output similar to the following:
      info:    Executing command storage account connectionstring show
      + Getting storage account keys
      data:    connectionstring: DefaultEndpointsProtocol=https;AccountName=example-storage;AccountKey=accountkeystring
      info:    storage account connectionstring show command OK
      
    3. From the data: field in the output above, record the full value of connectionstring from the output above, starting with and including DefaultEndpointsProtocol=.
    4. Create three blob containers named opsmanager, bosh, and stemcell in the account.
      $ azure storage container create opsmanager \
      --connection-string "YOUR-ACCOUNT-KEY-STRING"
      
      $ azure storage container create bosh \
      --connection-string "YOUR-ACCOUNT-KEY-STRING"
      
      $ azure storage container create stemcell \
      --permission blob --connection-string "YOUR-ACCOUNT-KEY-STRING"
      

Step 3: Create a Load Balancer

  1. Create a load balancer named pcf-lb.
    $ azure network lb create $RESOURCE_GROUP pcf-lb $LOCATION
    
  2. Create a static IP address for the load balancer named pcf-lb-ip.

    $ azure network public-ip create $RESOURCE_GROUP pcf-lb-ip $LOCATION --allocation-method Static
    info:    Executing command network public-ip create
    warn:    Using default --idle-timeout 4
    warn:    Using default --ip-version IPv4
    + Looking up the public ip "pcf-lb-ip"
    + Creating public ip address "pcf-lb-ip"
    data:    Id                              : /subscriptions/222e8ffe-81ce-33ee-e3e2-1a405ffc4134/resourceGroups/pcf-resource-group/providers/Microsoft.Network/publicIPAddresses/pcf-lb-ip
    data:    Name                            : pcf-lb-ip
    data:    Type                            : Microsoft.Network/publicIPAddresses
    data:    Location                        : westus
    data:    Provisioning state              : Succeeded
    data:    Allocation method               : Static
    data:    IP version                      : IPv4
    data:    Idle timeout in minutes         : 4
    data:    IP Address                      : 198.51.100.1
    info:    network public-ip create command OK
    

  3. Record the IP Address from the output above. This is the public IP address of your load balancer.

  4. Add a front-end IP configuration to the load balancer.

    $ azure network lb frontend-ip create $RESOURCE_GROUP pcf-lb pcf-fe-ip \
    --public-ip-name pcf-lb-ip
    

  5. Add a probe to the load balancer.

    $ azure network lb probe create $RESOURCE_GROUP pcf-lb tcp80 \
    --protocol Tcp --port 80
    

  6. Add a backend address pool to the load balancer.

    $ azure network lb address-pool create $RESOURCE_GROUP pcf-lb pcf-vms
    

    Note: This backend pool is empty when you create it.

  7. Add a load balancing rule for HTTP.

    $ azure network lb rule create $RESOURCE_GROUP pcf-lb http --protocol tcp \
    --frontend-port 80 --backend-port 80
    

  8. Add a load balancing rule for HTTPS.

    $ azure network lb rule create $RESOURCE_GROUP pcf-lb https --protocol tcp \
    --frontend-port 443 --backend-port 443
    

  9. Add a load balancing rule for SSH.

    $ azure network lb rule create $RESOURCE_GROUP pcf-lb diego-ssh --protocol tcp \
    --frontend-port 2222 --backend-port 2222
    

  10. Navigate to your DNS provider, and create an entry that points *.YOUR-SUBDOMAIN to the public IP address of your load balancer that you recorded in a previous step. For example, create an entry that points azure.example.com to 198.51.100.1.

    Note: If you did not record the IP address of your load balancer earlier, you can retrieve it by navigating to the Azure portal, clicking All resources, and clicking the Public IP address resource that ends with pcf-lb-ip.

Step 4: Boot Ops Manager

  1. Navigate to Pivotal Network and download the latest release of Pivotal Cloud Foundry Ops Manager for Azure.

  2. View the downloaded PDF and locate the Ops Manager image URL appropriate for your region.

  3. Export the Ops Manager image URL as an environment variable.

    $ export OPS_MAN_IMAGE_URL="YOUR-OPS-MAN-IMAGE-URL"

  4. Copy the Ops Manager image into your storage account.

    $ azure storage blob copy start $OPS_MAN_IMAGE_URL opsmanager \
    --dest-connection-string $AZURE_STORAGE_CONNECTION_STRING \
    --dest-container opsmanager \
    --dest-blob image.vhd 
    

  5. Copying the image may take several minutes. Run the following command and examine the output under Status to check the status:

    $ azure storage blob copy show opsmanager image.vhd
    info:    Executing command storage blob copy show
    + Getting storage blob information
    data:    Copy ID                               Progress                 Status
    data:    ------------------------------------  -------------            -------
    data:    069d413d-be05-4b12-82bc-c96dacee230e  31457280512/31457280512  success
    info:    storage blob copy show command OK
    
    When Status reads success, continue to the next step.

  6. Create a public IP address named ops-manager-ip.

    $ azure network public-ip create $RESOURCE_GROUP ops-manager-ip $LOCATION --allocation-method Static
    info:    Executing command network public-ip create
    warn:    Using default --idle-timeout 4
    warn:    Using default --ip-version IPv4
    + Looking up the public ip "ops-manager-ip"
    + Creating public ip address "ops-manager-ip"
    data:    Id                              : /subscriptions/222e8ffe-81ce-33ee-e3e2-1a405ffc4134/resourceGroups/pcf-resource-group/providers/Microsoft.Network/publicIPAddresses/ops-manager-ip
    data:    Name                            : ops-manager-ip
    data:    Type                            : Microsoft.Network/publicIPAddresses
    data:    Location                        : westus
    data:    Provisioning state              : Succeeded
    data:    Allocation method               : Static
    data:    IP version                      : IPv4
    data:    Idle timeout in minutes         : 4
    data:    IP Address                      : 192.0.2.1
    info:    network public-ip create command OK
    

  7. Record the IP Address from the output above. This is the public IP address of Ops Manager.

  8. Create a network interface for Ops Manager.

    $ azure network nic create --subnet-vnet-name pcf-net --subnet-name pcf \
    --network-security-group-name opsmgr-nsg \
    --private-ip-address 10.0.0.5 --public-ip-name ops-manager-ip \
    $RESOURCE_GROUP ops-manager-nic $LOCATION
    

    Note: If the command fails with a parameters must be provided error, run it again and ensure that you place $RESOURCE_GROUP ops-manager-nic $LOCATION at the end of the command as specified above. The Azure CLI requires that you specify options before other parameters.

  9. Create a keypair on your local machine with the username ubuntu. For example, enter the following command:

    $ ssh-keygen -t rsa -f opsman -C ubuntu
    

    When prompted for a passphrase, press the enter key to provide an empty passphrase.

  10. Create a VM against the Ops Manager image, replacing PATH-TO-PUBLIC-KEY with the path to your public key .pub file.

    $ azure vm create $RESOURCE_GROUP ops-manager $LOCATION \
    Linux --nic-name ops-manager-nic \
    --os-disk-vhd https://$STORAGE_NAME.blob.core.windows.net/opsmanager/os_disk.vhd \
    --image-urn https://$STORAGE_NAME.blob.core.windows.net/opsmanager/image.vhd \
    --admin-username ubuntu --storage-account-name $STORAGE_NAME \
    --vm-size Standard_DS2_v2 --ssh-publickey-file PATH-TO-PUBLIC-KEY
    

  11. The VM may take several minutes to boot. Run the following command, and examine the output under PowerState to check the status of the VM.

    $ azure vm list
    info:    Executing command vm list
    + Getting virtual machines
    data:    ResourceGroupName  Name                 ProvisioningState  PowerState  Location  Size
    data:    -----------------  -------------------  -----------------  ----------  --------  ---------------
    data:    PCF                ops-manager          Succeeded          VM running  westus    Standard_DS2_v2
    info:    vm list command OK
    

    The PowerState displays VM running when the Ops Manager deployment successfully completes.

Step 5: Resize Ops Manager VM Disk (Required)

The default OS disk size is too small for deploying PCF. Perform the following steps to increase the size of the OS disk of the Ops Manager VM:

  1. Stop and deallocate the Ops Manager VM before resizing:

    $ azure vm deallocate --resource-group $RESOURCE_GROUP --name ops-manager

  2. Increase the size of the OS disk of the Ops Manager VM to 120 GB:

    $ azure vm set --resource-group $RESOURCE_GROUP --name ops-manager --new-os-disk-size 120

  3. Start the Ops Manager VM:

    $ azure vm start --resource-group $RESOURCE_GROUP --name ops-manager

  4. SSH into the Ops Manager VM, replacing YOUR-OPS-MAN-IP with the public IP address of Ops Manager that you recorded in a previous step:

    $ ssh -i opsman YOUR-OPS-MAN-IP
    If the private key you generated is not opsman, provide the correct filename instead.

  5. From the Ops Manager VM, use df to confirm that the OS disk has been resized:

    $ df -h
     Filesystem      Size  Used Avail Use% Mounted on
     udev            1.7G     0  1.7G   0% /dev
     tmpfs           344M  5.0M  340M   2% /run
     /dev/sda1        119G  1.3G   48G   3% /
    

Step 6: Complete Ops Manager Director Configuration

  1. Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) to the public IP address of Ops Manager. As a best practice, always use the FQDN to access Ops Manager.

  2. Continue to the Configuring Ops Manager Director on Azure topic.

Create a pull request or raise an issue on the source for this page in GitHub