Deploying PCF in Azure Germany

Page last updated:

This topic describes how to install Pivotal Cloud Foundry (PCF) in Azure Germany.

Note: Azure Germany is only supported in PCF 1.10.1 and later.

The procedures below involves using the Ops Manager API. For more information about the Ops Manager API, see the documentation at https://YOUR-OPS-MAN-FQDN/docs.

Step 1: Prepare to Deploy

Perform the procedures in the Preparing to Deploy PCF on Azure, but instead of running az cloud set --name AzureCloud, specify the AzureGermanCloud environment:

$ az cloud set --name AzureGermanCloud

Step 2: Launch an Ops Manager Director Instance

Perform the procedures in the Launching an Ops Manager Director Instance on Azure without an ARM Template topic.

Step 3: Configure Authentication

Perform the procedures in the Step 1: Access Ops Manager section of the Configuring Ops Manager Director on Azure topic. Set up your Ops Manager authentication system, but do not continue to the Step 2: Azure Config Page section.

Continue to the Internal Authentication or External Identity Provider section below depending on which authentication system you configured.

Internal Authentication

If you configured your Ops Manager for Internal Authentication, perform the following steps:

  1. SSH into the Ops Manager VM:

    $ ssh -i opsman ubuntu@OPS_MAN_FQDN

    If the private key that you generated in the Launching an Ops Manager Director Instance on Azure without an ARM Template topic is not named opsman, provide the correct filename instead.

  2. From the Ops Manager VM, use the User Account and Authentication Command Line Interface (UAAC) to target your Ops Manager UAA server:

    $ uaac target https://YOUR-OPS-MAN-FQDN/uaa

    Note: UAA is the Cloud Foundry identity and management service. See the User Account and Authentication (UAA) Server topic for more information.

  3. Retrieve your token to authenticate:

    $ uaac token owner get
    Client ID: opsman
    Client secret: [Leave Blank]
    User name: OPS-MAN-USERNAME
    Password: OPS-MAN-PASSWORD
    

  4. Continue to Step 4: Configure Ops Manager.

External Identity Provider

If you configured your Ops Manager for an external Identity Provider with SAML, perform the following steps:

  1. From your local machine, target your Ops Manager UAA server:

    $ uaac target https://YOUR-OPS-MAN-FQDN/uaa

  2. Retrieve your token to authenticate. When prompted for a passcode, retrieve it from https://YOUR-OPS-MAN-FQDN/uaa/passcode.

    $ uaac token sso get
    Client ID: opsman
    Client secret: [Leave Blank]
    Passcode: YOUR-PASSCODE
    
    If authentication is successful, the UAAC displays the following message: Successfully fetched token via owner password grant.

  3. Continue to Step 4: Configure Ops Manager.

Step 4: Configure Ops Manager

Perform the following steps to configure Ops Manager for Azure Germany:

  1. List your tokens.
    $ uaac contexts
    
    Locate the entry for your Ops Manager FQDN. Under client_id: opsman, record the value for access_token.
  2. Use curl to pass in the environment:AzureGermanCloud key to Ops Manager using the API:

    $ curl "https://YOUR-OPS-MAN-FQDN/api/v0/staged/director/properties" \ 
      -X PUT \ 
      -H "Authorization: Bearer UAA-ACCESS-TOKEN" \ 
      -H "Content-Type: application/json" \ 
      -d '{
        "iaas_configuration": {
          "subscription_id": "SUBSCRIPTION-ID",
          "tenant_id": "TENANT-ID",
          "client_id": "APPLICATION-ID",
          "resource_group_name": "$RESOURCE-GROUP",
          "bosh_storage_account_name": "$STORAGE-NAME",
          "deployments_storage_account_name": "MY-DEPLOYMENT-STORAGE-X",
          "default_security_group": "opsmgr-nsg",
          "ssh_public_key": "ssh-rsa OPS-MAN-PUBLIC-KEY",
          "ssh_private_key": "-----BEGIN RSA PRIVATE KEY-----\OPS-MAN-PRIVATE-KEY",
          "environment": "AzureGermanCloud"
        },
        "director_configuration": {
          "ntp_servers_string": "us.pool.ntp.org",
          "metrics_ip": "1.2.3.4",
          "resurrector_enabled": true,
          "max_threads": 1,
          "database_type": "internal",
          "blobstore_type": "local"
        },
        "security_configuration": {
        "trusted_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
        "generate_vm_passwords": true
      }
    }'
    

    Replace the placeholder values under iaas_configuration as follows:

    Leave the values under director_configuration and security_configuration. They are designed to be overridden in a subsequent step when you configure Ops Manager using the web interface.

  3. If the curl command returns a 200 OK response, navigate to the Ops Manager FQDN in a browser and log in.

  4. Configure the Ops Manager Director tile by performing the procedures in the Configuring Ops Manager Director on Azure topic.

  5. When Ops Manager finishes deploying, continue to the Deploying Elastic Runtime on Azure topic to deploy Elastic Runtime and complete your PCF installation.

Create a pull request or raise an issue on the source for this page in GitHub