Launching an Ops Manager Director Instance with an ARM Template

Page last updated:

This topic describes how to deploy Ops Manager Director for Pivotal Cloud Foundry (PCF) on Azure using an Azure Resource Manager (ARM) template. An ARM template is a JSON file that describes one or more resources to deploy to a resource group.

You can also deploy Ops Manager Director manually. For more information, see the Launching an Ops Manager Director Instance on Azure without an ARM Template topic.

Before you perform the procedures in this topic, you must complete the procedures in the Preparing to Deploy PCF on Azure topic. After you complete the procedures in this topic, follow the instructions in Configuring Ops Manager Director on Azure.

Step 1: Create BOSH Storage Account

Azure for PCF uses multiple general-purpose Azure storage accounts. The BOSH and Ops Manager VMs use one main BOSH storage account, and the other components share five or more deployment storage accounts.

  1. Choose a name for your resource group and export it as an environment variable $RESOURCE_GROUP.
    $ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
    

    Note: If you are on a Windows machine, you can use set instead of export.

  2. Export your location. For example, westus.
    $ export LOCATION="YOUR-LOCATION"
    

    Note: For a list of available locations, run az account list-locations.

  3. Create your resource group:
    $ az group create --name $RESOURCE_GROUP --location $LOCATION
    
  4. Choose a name for your BOSH storage account, and export it as the environment variable $STORAGE_NAME. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers.
    $ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
    
  5. Create the storage account.
    $ az storage account create --name $STORAGE_NAME \
    --resource-group $RESOURCE_GROUP --sku Standard_LRS \
    --kind Storage --location $LOCATION
    

    Note: Standard_LRS refers to a Standard Azure Storage Account. The BOSH Director requires table storage to store stemcell information. Because Azure Premium Storage does not support table storage, it cannot be used to store this information.

  6. Retrieve the connection string for your BOSH storage account:
    $ az storage account show-connection-string \
    --name $STORAGE_NAME --resource-group $RESOURCE_GROUP
    
    The command returns output similar to the following:
    {
      "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=cfdocsdeploystorage1;AccountKey=oa/QiSAmqj1OocsGhKBwn/Mf8wEwdeJMvvonrbmNk27bfkSL8ZFzAhs3Kb78si5CTPHhjHHiK4qPcYzn/8OmFg=="
    }
    
  7. Record the full value of connectionString from the output above, starting with and including DefaultEndpointsProtocol=.
  8. Export the connection string:
    $ export CONNECTION_STRING="YOUR-CONNECTION-STRING"
  9. Create a container for the Ops Manager image:
    $ az storage container create --name opsman-image \
    --connection-string $CONNECTION_STRING
  10. Create a container for the Ops Manager VM:
    $ az storage container create --name vhds \
    --connection-string $CONNECTION_STRING
  11. Create a container for Ops Manager:
    $ az storage container create --name opsmanager \
    --connection-string $CONNECTION_STRING
  12. Create a container for BOSH:
    $ az storage container create --name bosh \
    --connection-string $CONNECTION_STRING
  13. Create a container for the stemcell:
    $ az storage container create --name stemcell \
    --public-access blob \
    --connection-string $CONNECTION_STRING
  14. Create a table for stemcell data:
    $ az storage table create --name stemcells \
    --connection-string $CONNECTION_STRING

Step 2: Copy Ops Manager Image

  1. Navigate to Pivotal Network and download the latest release of Pivotal Cloud Foundry Ops Manager for Azure. You can download either a PDF or a YAML file.

  2. View the downloaded file and locate the Ops Manager image URL appropriate for your region.

  3. Export the Ops Manager image URL as an environment variable.

    $ export OPS_MAN_IMAGE_URL="YOUR-OPS-MAN-IMAGE-URL"

  4. Copy the Ops Manager image into your storage account:

    $ az storage blob copy start --source-uri $OPS_MAN_IMAGE_URL \
    --connection-string $CONNECTION_STRING \
    --destination-container opsman-image \
    --destination-blob image.vhd 
    

  5. Copying the image may take several minutes. Run the following command and examine the output under "copy":

    $ az storage blob show --name image.vhd \
    --container-name opsman-image \
    --account-name $STORAGE_NAME
    ...
    "copy": {
      "completionTime": "2017-06-26T22:24:11+00:00",
      "id": "b9c8b272-a562-4574-baa6-f1a04afcefdf",
      "progress": "53687091712/53687091712",
      "source": "https://opsmanagerwestus.blob.core.windows.net/images/ops-manager-1.11.3.vhd",
      "status": "success",
      "statusDescription": null
    },
    
    When status reads success, continue to the next step.

Step 3: Configure the ARM Template

  1. Create a keypair on your local machine with the username ubuntu. For example, enter the following command:
    $ ssh-keygen -t rsa -f opsman -C ubuntu
    

    When prompted for a passphrase, press the enter key to provide an empty passphrase.
  2. Clone the PCF Azure ARM Templates GitHub repository. This repository contains both the ARM template, azure-deploy.json, and the parameters file, azure-deploy-parameters.json.
  3. Open the parameters file and enter values for the following parameters:
    • storageAccountName: The name of the storage account you created in Step 1: Create Storage Account
    • storageEndpoint: The name of the storage endpoint. Leave the default endpoint unless you are using Azure China, Azure Government Cloud, or Azure Germany:
      • For Azure China, use blob.core.chinacloudapi.cn. See the Azure documentation for more information.
      • For Azure Government Cloud, use blob.core.usgovcloudapi.net. See the Azure documentation for more information.
      • For Azure Germany, use blob.core.cloudapi.de. See the Azure documentation for more information.
    • adminSSHKey: The contents of the opsman.pub public key file that you created above
    • tenantID: Your tenant ID, retrieved in the Preparing to Deploy PCF on Azure topic
    • clientID: Your client or application ID, retrieved in the Preparing to Deploy PCF on Azure topic
    • clientSecret: Your client secret, created in the Preparing to Deploy PCF on Azure topic
    • vmSize: The size of the Ops Manager VM. Pivotal recommends using Standard_DS2_v2.
    • location: The location where to install the Ops Manager VM. For example, westus.

Step 4: Deploy the ARM Template and Deployment Storage Accounts

  1. Deploy the template:
    $ az group deployment create --template-file azure-deploy.json \
    --parameters azure-deploy-parameters.json \
    --resource-group $RESOURCE_GROUP --name cfdeploy
    
  2. When the command finishes, examine the output for the following values:
    • opsMan-FQDN
        "opsMan-FQDN": {
          "type": "String",
          "value": "pcf-opsman-efecrvhdf7w7g.westus.cloudapp.azure.com"
        }
      
    • extra Storage Account Prefix
      "extra Storage Account Prefix": {
        "type": "String",
        "value": "xtrastrgefecrvhdf7w7g"
        },
      
  3. The template creates five new Premium deployment storage accounts. The names of the deployment storage accounts are the value of extra Storage Account Prefix appended with 1, 2, 3, 4, and 5. In the example above, the names of the five deployment storage accounts are the following:

    • xtrastrgefecrvhdf7w7g1
    • xtrastrgefecrvhdf7w7g2
    • xtrastrgefecrvhdf7w7g3
    • xtrastrgefecrvhdf7w7g4
    • xtrastrgefecrvhdf7w7g5

      Note: The five Premium storage accounts created by the template provide a reasonable amount of initial storage capacity. Pivotal recommends creating one Standard storage account for every 30 VMs, or one Premium storage account for every 150 VMs. You can increase the number of storage accounts later by provisioning more with the Azure CLI and following the naming sequence listed above.


      For each of the five new deployment storage accounts, perform the following steps:
      1. Retrieve the connection string for your storage account, replacing YOUR-DEPLOYMENT-STORAGE-ACCOUNT-NAME with the name of the storage account. For example, xtrastrgefecrvhdf7w7g1.
        $ az storage account show-connection-string \
        --name YOUR-DEPLOYMENT-STORAGE-ACCOUNT-NAME --resource-group $RESOURCE_GROUP
        
        The command returns output similar to the following:
        {
        "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=xtrastrgefecrvhdf7w7g1;AccountKey=e7R178h5teLtnkWLPxesFkAKLRO7oC7dlfujsW0PYV6vUhnJZSutCvVhla9u4xwtOV7liVZNAN6oJyoutO32fQ=="
        }
        
      2. Record the full value of connectionstring from the output above, starting with and including DefaultEndpointsProtocol=.
      3. Export the connection string, choosing a unique name for CONNECTION_STRING_N. For example, CONNECTION_STRING_2.
        $ export CONNECTION_STRING_N="YOUR-CONNECTION-STRING"
      4. Create a container for BOSH:
        $ az storage container create --name bosh \
        --connection-string $CONNECTION_STRING_N
      5. Create a container for the stemcell:
        $ az storage container create --name stemcell \
        --connection-string $CONNECTION_STRING_N
  4. Create a network security group named pcf-nsg.

    $ az network nsg create --name pcf-nsg \
    --resource-group $RESOURCE_GROUP \
    --location $LOCATION
    

  5. Add a network security group rule to the pcf-nsg group to allow traffic from the public Internet.

    $ az network nsg rule create --name internet-to-lb \
    --nsg-name pcf-nsg --resource-group $RESOURCE_GROUP \
    --protocol Tcp --priority 100 \
    --destination-port-range '*'
    

Step 5: Complete Ops Manager Director Configuration

  1. Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) in your domain to the opsMan-FQDN you retrieved from the output of the template deployment above.

  2. Continue to the Configuring Ops Manager Director on Azure topic.

Create a pull request or raise an issue on the source for this page in GitHub