Deploying Ops Manager on OpenStack

Page last updated:

This guide describes how to provision the OpenStack infrastructure where you need to install Ops Manager. Use this topic when Installing Ops Manager on OpenStack.

After completing this procedure, complete all of the steps in Configuring BOSH Director on OpenStack and Configuring TAS for VMs.

Note: This document uses Mirantis OpenStack for screenshots and examples. The screens of your OpenStack vendor configuration interface may differ.

Step 1: Log in to the OpenStack Horizon Dashboard

  1. Log in to the OpenStack Horizon dashboard.

    Login screen shows red and white banner with the 'Mirantis' logo to the left of 'OpenStack Dashboard.'

  2. From the OpenStack project list dropdown, set the active project by selecting the project where you deploy Ops Manager.

    To the right of the logo, the project dropdown button is red and expanded. A project name is selected with a gray checkmark.

Step 2: Configure Security

Warning: If you are using OpenStack Liberty or Mitaka, do not create the key pair with the OpenStack Horizon dashboard. Instead make sure that you generate the SSH key pair manually. For example, use the ssh-keygen command. Then follow the procedure below to import that key pair into OpenStack. This is due to an OpenStack bug.

  1. In the left navigation of your OpenStack Horizon dashboard, click Project > Compute > Access & Security.

  2. Select the Key Pairs tab on the Access & Security page.

  3. Click Import Key Pair.

  4. Enter a Key Pair Name and the contents of your public key in the Public Key field.

    Header 'Import Key Pair' is above two columns: name and key text fields on the left and description on the right.

  5. Click Import Key Pair.

  6. In the left navigation, click Access & Security to refresh the page. The new key pair appears in the list.

  7. Select the Security Groups tab. Click Create Security Group and create a group with the following properties:

    • Name: opsmanager
    • Description: Ops Manager

    Header 'Create Security Group' is above two columns: 'Name' and 'Description' text fields on the left and description defining security groups on the right.

  8. Select the checkbox for the opsmanager Security Group and click Manage Rules.

    'opsmanager' is checked in the left-most column of the 'Security Groups' table.

  9. Add the following ingress access rules for HTTP, HTTPS, and SSH as shown in the table below. The rules with opsmanager in the Remote column have restricted access to that particular Security Group.

    Note: Adjust the remote sources as necessary for your own security compliance. VMware recommends limiting remote access to Ops Manager to IP ranges within your organization.

    Direction Ether Type IP Protocol Port/Port Range Remote
    Ingress IPv4 TCP 22 (SSH) (CIDR)
    Ingress IPv4 TCP 80 (HTTP) (CIDR)
    Ingress IPv4 TCP 443 (HTTPS) (CIDR)
    Ingress IPv4 TCP 4222 (NATS) opsmanager
    Ingress IPv4 TCP 6868 (BOSH Agent) opsmanager
    Ingress IPv4 TCP 8844 (CredHub) opsmanager
    Ingress IPv4 TCP 8853 (BOSH Health Monitor) opsmanager
    Ingress IPv4 TCP 25250 (BOSH Blobstore) opsmanager
    Ingress IPv4 TCP 25555 (BOSH Director) opsmanager
    Ingress IPv4 TCP 25777 (BOSH Registry) opsmanager
    Egress IPv4 TCP 1-65535 (CIDR)
  10. Leave the existing default egress access rules as shown in the screenshot below. The Egress and Ingress rules table shows its two first egress rules as 'IPv4' and 'IPv6' ether types with an IP protocol and port range of 'any'.

Step 3: (Optional) Run the CF OpenStack Validator Tool

As an optional but recommended step, you can now run the CF OpenStack Validator tool against your OpenStack tenant to verify support for Ops Manager.

  1. Follow the directions for running the CF OpenStack Validator Tool.

  2. When configuring the CPI version used by the Validator, specify the OpenStack CPI version indicated in the Ops Manager Release Notes for the Ops Manager release that you are planning to deploy.

Troubleshooting the output of the CF OpenStack Validator tool is beyond the scope of this document.

Step 4: Create Ops Manager Image

You can create the Ops Manager image in OpenStack using the OpenStack Horizon dashboard.

Note: If your Horizon Dashboard does not support file uploads, you must use the Glance CLI client.

To create an Ops Manager image in OpenStack, perform the following steps:

  1. Download the Ops Manager for OpenStack image file from VMware Tanzu Network.

  2. In the left navigation of your OpenStack dashboard, click Project > Compute > Images.

  3. Click Create Image. Complete the Create An Image page with the following information:

    • Name: Enter Ops Manager.
    • Image Source: Select Image File.
    • Image File: Click Choose File. Browse to and select the image file that you downloaded from VMware Tanzu Network.
    • Format: Select Raw.
    • Minimum Disk (GB): Enter 80.
    • Minimum RAM (MB): Enter 8192.
    • Deselect the Public checkbox.
    • Select the Protected checkbox.

    'Create an Image' screen has all fields listed on the left. A description is on the right.

  4. Click Create Image.

Step 5: Launch Ops Manager VM

  1. In the left navigation of your OpenStack dashboard, click Project > Compute > Images.

  2. Click Launch.

    The 'Images' table has the 'Ops Manager' Image Name enabled. The 'Launch' button is in the right-most cell of the row.

  3. In the Details tab, specify the following values:

  4. In the Source tab, specify the following values:

    • Select Boot Source: Select Image.
    • Create New Volume: Leave No selected.
    • Allocated: Make sure Ops Manager is selected. The 'Source' side-tab is highlighted. 'Allocated' table has an expandable Ops Manager row highlighted in light gray.
  5. In the Flavor tab, configure the OpenStack VM flavors as follows:

    Note: Do not change the names of the VM flavors.

    ID Name Memory_MB Disk Ephemeral VCPUs
    1 m1.small 2048 20 0 1
    2 m1.medium 4096 40 0 2
    3 m1.large 8192 80 0 4
    4 m1.xlarge 16384 160 0 8

  6. In the Networks tab, select a private subnet. You add a Floating IP to this network in a later step. 'Allocated' is an expanded section with a network named 'loam_net'. 'Available' section is expanded with an empty table.

  7. Skip the Network Ports tab.

  8. In the Security Groups tab, select the opsmanager security group that you created in Step 2: Configure Security. Deselect all other Security Groups. 'Allocated' is an expanded section that has 'opsmanager' security group in one table row. 'Available' section is expanded and has two rows of other security groups.

  9. In the Key Pair tab, select the key pair that you imported in Step 2: Configure Security. 'Allocated' table has has one key pair while the 'Available' section is expanded with five items.

  10. Skip the Configuration and Metadata tabs.

  11. Click Launch Instance. This step starts your new Ops Manager instance.

Step 6: Associate a Floating IP Address

  1. In the left navigation of your OpenStack dashboard, click Project > Compute > Instances.

  2. Wait until the Power State of the Ops Manager instance shows as Running.

  3. Record the private IP Address of the Ops Manager instance. 'Instances' table shows a single row with Instance name and Image Name of 'Ops Manager'. You must provide this IP Address when you perform Step 6: Complete the Create Networks Page in Ops Manager.

  4. Select the Ops Manager checkbox. Click the Actions dropdown and select Associate Floating IP. The Manage Floating IP Associations screen appears. 'Managing Floating IP Associations' screen shows 'Ops Manager' selected in the 'Port to be associated' dropdown.

  5. Under IP Address, click the plus button (+). The Allocate Floating IP screen appears.

  6. Under Pool, select an IP Pool and click Allocate IP.

    'Allocate Floating IP' screen shows 'admin_floating_net' selected in 'Pool' dropdown.

  7. Under Port to be associated, select your Ops Manager instance.

    'Manage Floating IP Associations' screen, 'Ops Manager' is selected for 'Port to be associated.'

  8. Click Associate.

Step 7: Add Blob Storage

  1. In the left navigation of your OpenStack dashboard, click Project > Object Store > Containers.

  2. Click Create Container. Create a container with the following properties:

    • Container Name: Enter pcf.
    • Container Access: Leave public unselected.

    'Create Container' screen shows a name in 'Container Name' text field and 'Public' checkbox unselected.

  3. Click Create.

Step 8: Download Credentials for S3 Blob Storage

  1. In the left navigation of your OpenStack dashboard, click Project > Compute > Access & Security. Select the API Access tab.

    'Access & Security' screen, an 'API Endpoints' section has a table that lists 'Compute' and 'Network' Services.

  2. Click Download EC2 Credentials.

  3. Unzip the downloaded credentials.

  4. If you select S3 Compatible Blobstore in your BOSH Director Config, you need the contents of this file to complete the configuration.

Step 9: Create a DNS Entry

Create a DNS entry for the floating IP address that you assigned to Ops Manager in Step 6: Associate a Floating IP Address.

You must use this fully qualified domain name when you log into Ops Manager for the first time.

Step 10: Configure BOSH Director for OpenStack

After completing this procedure, complete all of the steps in the Configuring BOSH Director on OpenStack and Configuring TAS for VMs.

Return to Installing Ops Manager on OpenStack.