Launching an Ops Manager Director Instance on Azure without an ARM Template

Page last updated:

This topic describes how to deploy Ops Manager Director for Pivotal Cloud Foundry (PCF) on Azure by using individual commands to create resources in Azure instead of using an Azure Resource Manager (ARM) template. For information about using the ARM template, see the Launching an Ops Manager Director Instance with an ARM Template topic.

Before you perform the procedures in this topic, you must have completed the procedures in the Preparing to Deploy PCF on Azure topic. After you complete the procedures in this topic, follow the instructions in the Configuring Ops Manager Director on Azure topic.

Note: The Azure portal sometimes displays the names of resources with incorrect capitalization. Always use the Azure CLI to retrieve the correctly capitalized name of a resource.

Step 1: Create Network Resources

  1. Navigate to the Azure portal, click Resource groups, and click Add to create a new resource group for your PCF deployment.

  2. Enter a Resource group name, select your Subscription, and select a Resource group location. Click Create.

  3. Export the name of your resource group as the environment variable $RESOURCE_GROUP.

    $ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
    

    Note: If you are on a Windows machine, you can use set instead of export.

  4. Export your location. For example, westus.

    $ export LOCATION=westus
    

    Note: For a list of available locations, run az account list-locations.

  5. Create a network security group named pcf-nsg.

    $ az network nsg create --name pcf-nsg \
    --resource-group $RESOURCE_GROUP \
    --location $LOCATION
    

  6. Add a network security group rule to the pcf-nsg group to allow traffic from the public Internet.

    $ az network nsg rule create --name internet-to-lb \
    --nsg-name pcf-nsg --resource-group $RESOURCE_GROUP \
    --protocol Tcp --priority 100 \
    --destination-port-range '*'
    

    Note: Because the VMs do not have public IP addresses, this network security group rule only affects the load balancer.

  7. Create a network security group named opsmgr-nsg.

    $ az network nsg create --name opsmgr-nsg \
    --resource-group $RESOURCE_GROUP \
    --location $LOCATION
    

  8. Add a network security group rule to the opsmgr-nsg group to allow HTTP traffic to the Ops Manager VM.

    $ az network nsg rule create --name http \
    --nsg-name opsmgr-nsg --resource-group $RESOURCE_GROUP \
    --protocol Tcp --priority 100 \
    --destination-port-range 80 
    

  9. Add a network security group rule to the opsmgr-nsg group to allow HTTPS traffic to the Ops Manager VM.

    $ az network nsg rule create --name https \
    --nsg-name opsmgr-nsg --resource-group $RESOURCE_GROUP \
    --protocol Tcp --priority 200 \
    --destination-port-range 443 
    

  10. Add a network security group rule to the opsmgr-nsg group to allow SSH traffic to the Ops Manager VM.

    $ az network nsg rule create --name ssh \
    --nsg-name opsmgr-nsg --resource-group $RESOURCE_GROUP \
    --protocol Tcp --priority 300 \
    --destination-port-range 22 
    

  11. Create a virtual network named pcf-net.

    $ az network vnet create --name pcf-net \
    --resource-group $RESOURCE_GROUP --location $LOCATION \
    --address-prefixes 10.0.0.0/16
    

  12. Add a subnet to the network for PCF VMs.

    $ az network vnet subnet create --name pcf \
    --vnet-name pcf-net \
    --resource-group $RESOURCE_GROUP \
    --address-prefix 10.0.0.0/20
    

Step 2: Create BOSH and Deployment Storage Accounts

Azure for PCF uses multiple general-purpose Azure storage accounts. The BOSH and Ops Manager VMs use one main BOSH account, and the other components share five or more deployment storage accounts.

  1. Choose a name for your BOSH storage account, and export it as the environment variable $STORAGE_NAME. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers.
    $ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
    
  2. Create a Standard storage account for BOSH with the following command. This account will be used for BOSH bookkeeping and running the Ops Manager VM itself, but does not have to be used for running any other VMs.
    $ az storage account create --name $STORAGE_NAME \
    --resource-group $RESOURCE_GROUP \
    --account-type Standard_LRS \
    --location $LOCATION
    

    Note: Standard_LRS refers to a Standard Azure storage account. The BOSH Director requires table storage to store stemcell information. Azure Premium storage does not support table storage and cannot be used for the BOSH storage account.

    If the command fails, ensure you have followed the rules for naming your storage account. Export another new storage account name if necessary.
  3. Configure the Azure CLI to use the BOSH storage account as its default.
    1. Retrieve the connection string for the account.
      $ az storage account show-connection-string \
      --name $STORAGE_NAME --resource-group $RESOURCE_GROUP
      
      The command returns output similar to the following:
      {
      "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=cfdocsboshstorage;AccountKey=KwKQqVXgVcEVBZUY/leiIy/Lprnc5igFxYWsgq016Tu9uGwseOl8bqNBEL/2tp7wX92QMUM19Pz9BYTXt8aq4A=="
      }
      
    2. Record the full value of connectionString from the output above, starting with and including DefaultEndpointsProtocol=.
    3. Export the value of connectionString as the environment variable $AZURE_STORAGE_CONNECTION_STRING.
      $ export AZURE_STORAGE_CONNECTION_STRING="YOUR-ACCOUNT-KEY-STRING"
      
  4. Create three blob containers in the BOSH storage account, named opsmanager, bosh, and stemcell.
    $ az storage container create --name opsmanager
    $ az storage container create --name bosh
    $ az storage container create --name stemcell --public-access blob
    
  5. Create a table named stemcells.
    $ az storage table create --name stemcells
    
  6. Choose a set of unique names for five or more deployment storage accounts. As with the BOSH storage account above, the names must be unique, alphanumeric, lowercase, and 3-24 characters long. The account names must also be sequential or otherwise identical except for the last character. For example: xyzdeploystorage1, xyzdeploystorage2, xyzdeploystorage3, xyzdeploystorage4, and xyzdeploystorage5.
  7. Decide which type of storage to use and run the corresponding command below:

    Note: Pivotal recommends five Premium storage accounts, which provides a reasonable amount of initial storage capacity. You can use either Premium or Standard storage accounts, but they have very different scalability metrics. Pivotal recommends creating 1 Standard storage account for every 30 VMs, or 1 Premium storage account for every 150 VMs. You can increase the number of storage accounts later by provisioning more and following the naming sequence.

    • To use Premium storage (recommended):
      $ export STORAGE_TYPE="Premium_LRS"
      
    • To use Standard storage:
      $ export STORAGE_TYPE="Standard_LRS"
      
  8. For each deployment storage account, do the following:

    1. Create the storage account with the following command, replacing MY_DEPLOYMENT_STORAGE_X with one of your deployment storage account names and SUBSCRIPTION_ID with your subscription ID.
      $ az storage account create --name MY_DEPLOYMENT_STORAGE_X \
      --resource-group $RESOURCE_GROUP --sku $STORAGE_TYPE \
      --kind Storage --location $LOCATION
      
      If the command fails, try a different set of account names.
    2. Retrieve the connection string for the account.
      $ az storage account show-connection-string \
      --name MY_DEPLOYMENT_STORAGE_X --resource-group $RESOURCE_GROUP
      
      The command returns output similar to the following:
      {
      "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=cfdocsdeploystorage1;AccountKey=oa/QiSAmqj1OocsGhKBwn/Mf8wEwdeJMvvonrbmNk27bfkSL8ZFzAhs3Kb78si5CTPHhjHHiK4qPcYzn/8OmFg=="
      }
      
    3. Record the full value of connectionString from the output above, starting with and including DefaultEndpointsProtocol=.
    4. Create two blob containers named bosh and stemcell in the account.
      $ az storage container create --name bosh \
      --connection-string "YOUR-ACCOUNT-KEY-STRING"
      
      $ az storage container create --name stemcell \
      --connection-string "YOUR-ACCOUNT-KEY-STRING"
      

Step 3: Create a Load Balancer

  1. Create a load balancer named pcf-lb.
    $ az network lb create --name pcf-lb \
    --resource-group $RESOURCE_GROUP --location $LOCATION
    
  2. Create a static IP address for the load balancer named pcf-lb-ip.

    $ az network public-ip create --name pcf-lb-ip \
    --resource-group $RESOURCE_GROUP --location $LOCATION \
    --allocation-method Static
    {
      "publicIp": {
        "dnsSettings": null,
        "etag": "W/\"a9b780e8-38bc-4a28-a563-e13a5859169d\"",
        "id": "/subscriptions/995b7eed-77ef-45ff-a5c9-1a405ffb8243/resourceGroups/cf-docs/providers/Microsoft.Network/publicIPAddresses/pcf-lb-ip",
        "idleTimeoutInMinutes": 4,
        "ipAddress": "13.64.255.40",
        "ipConfiguration": null,
        "location": "westus",
        "name": "pcf-lb-ip",
        "provisioningState": "Succeeded",
        "publicIpAddressVersion": "IPv4",
        "publicIpAllocationMethod": "Static",
        "resourceGroup": "cf-docs",
        "resourceGuid": "4fbf2fe5-6f7e-449a-ae70-e513a9f5cddc",
        "tags": null,
        "type": "Microsoft.Network/publicIPAddresses"
      }
    }
    

  3. Record the ipAddress from the output above. This is the public IP address of your load balancer.

  4. Add a front-end IP configuration to the load balancer.

    $ az network lb frontend-ip create --lb-name pcf-lb \
    --name pcf-fe-ip --resource-group $RESOURCE_GROUP \
    --public-ip-address pcf-lb-ip
    

  5. Add a probe to the load balancer.

    $ az network lb probe create --lb-name pcf-lb \
    --name tcp80 --resource-group $RESOURCE_GROUP \
    --protocol Tcp --port 80
    

  6. Add a backend address pool to the load balancer.

    $ az network lb address-pool create --lb-name pcf-lb \
    --name pcf-vms --resource-group $RESOURCE_GROUP
    

    Note: This backend pool is empty when you create it.

  7. Add a load balancing rule for HTTP.

    $ az network lb rule create --lb-name pcf-lb \
    --name http --resource-group $RESOURCE_GROUP \
    --protocol Tcp --frontend-port 80 \
    --backend-port 80 --frontend-ip-name pcf-fe-ip \
    --backend-pool-name pcf-vms
    

  8. Add a load balancing rule for HTTPS.

    $ az network lb rule create --lb-name pcf-lb \
    --name https --resource-group $RESOURCE_GROUP \
    --protocol Tcp --frontend-port 443 \
    --backend-port 443 --frontend-ip-name pcf-fe-ip \
    --backend-pool-name pcf-vms
    

  9. Add a load balancing rule for SSH.

    $ az network lb rule create --lb-name pcf-lb \
    --name diego-ssh --resource-group $RESOURCE_GROUP \
    --protocol Tcp --frontend-port 2222 \
    --backend-port 2222 --frontend-ip-name pcf-fe-ip \
    --backend-pool-name pcf-vms
    

  10. Navigate to your DNS provider, and create an entry that points *.YOUR-SUBDOMAIN to the public IP address of your load balancer that you recorded in a previous step. For example, create an entry that points azure.example.com to 198.51.100.1.

    Note: If you did not record the IP address of your load balancer earlier, you can retrieve it by navigating to the Azure portal, clicking All resources, and clicking the Public IP address resource that ends with pcf-lb-ip.

Step 4: Boot Ops Manager

  1. Navigate to Pivotal Network and download the latest release of Pivotal Cloud Foundry Ops Manager for Azure.

  2. View the downloaded PDF and locate the Ops Manager image URL appropriate for your region.

  3. Export the Ops Manager image URL as an environment variable.

    $ export OPS_MAN_IMAGE_URL="YOUR-OPS-MAN-IMAGE-URL"

  4. Copy the Ops Manager image into your storage account.

    Note: For compatibility when upgrading to future versions of Ops Manager, choose a unique name for the image that includes the Ops Manager version number. For example, replace image-1.12.x in the following example to image-1.12.1.

    $ az storage blob copy start --source-uri $OPS_MAN_IMAGE_URL \
    --connection-string $AZURE_STORAGE_CONNECTION_STRING \
    --destination-container opsmanager \
    --destination-blob image-1.12.x.vhd
    

  5. Copying the image may take several minutes. Run the following command and examine the output under "copy":

    $ az storage blob show --name image-1.12.x.vhd \
    --container-name opsmanager \
    --account-name $STORAGE_NAME
    ...
    "copy": {
      "completionTime": "2017-06-26T22:24:11+00:00",
      "id": "b9c8b272-a562-4574-baa6-f1a04afcefdf",
      "progress": "53687091712/53687091712",
      "source": "https://opsmanagerwestus.blob.core.windows.net/images/ops-manager-1.11.3.vhd",
      "status": "success",
      "statusDescription": null
    },
    
    Wait a few moments and re-run the command above if status is pending. When status reads success, continue to the next step.

  6. Create a public IP address named ops-manager-ip.

    $ az network public-ip create --name ops-manager-ip \
    --resource-group $RESOURCE_GROUP --location $LOCATION \
    --allocation-method Static
    {
      "publicIp": {
        "dnsSettings": null,
        "etag": "W/\"4450ebe2-9e97-4b17-9cf2-44838339c661\"",
        "id": "/subscriptions/995b7eed-77ef-45ff-a5c9-1a405ffb8243/resourceGroups/cf-docs/providers/Microsoft.Network/publicIPAddresses/ops-manager-ip",
        "idleTimeoutInMinutes": 4,
        "ipAddress": "40.83.148.183",
        "ipConfiguration": null,
        "location": "westus",
        "name": "ops-manager-ip",
        "provisioningState": "Succeeded",
        "publicIpAddressVersion": "IPv4",
        "publicIpAllocationMethod": "Static",
        "resourceGroup": "cf-docs",
        "resourceGuid": "950d4831-1bec-42da-8a79-959bcddea9dd",
        "tags": null,
        "type": "Microsoft.Network/publicIPAddresses"
      }
    }
    

  7. Record the ipAddress from the output above. This is the public IP address of Ops Manager.

  8. Create a network interface for Ops Manager.

    $ az network nic create --vnet-name pcf-net \
    --subnet pcf --network-security-group opsmgr-nsg \
    --private-ip-address 10.0.0.5 \
    --public-ip-address ops-manager-ip \
    --resource-group $RESOURCE_GROUP \
    --name opsman-nic --location $LOCATION
    

  9. Create a keypair on your local machine with the username ubuntu. For example, enter the following command:

    $ ssh-keygen -t rsa -f opsman -C ubuntu
    

    When prompted for a passphrase, press the enter key to provide an empty passphrase.

  10. Create a managed image from the Ops Manager VHD file:

    $ az image create --resource-group $RESOURCE_GROUP \
    --name opsman-image-1.12.x \
    --source https://$STORAGE_NAME.blob.core.windows.net/opsmanager/image-1.12.x.vhd \
    --location $LOCATION \
    --os-type Linux
    

    If you are using Azure China, Azure Government Cloud, or Azure Germany, replace blob.core.windows.net with the following:

    • For Azure China, use blob.core.chinacloudapi.cn. See the Azure documentation for more information.
    • For Azure Government Cloud, use blob.core.usgovcloudapi.net. See the Azure documentation for more information.
    • For Azure Germany, use blob.core.cloudapi.de. See the Azure documentation for more information.
  11. Create your Ops Manager VM, replacing PATH-TO-PUBLIC-KEY with the path to your public key .pub file.

     $ az vm create --name opsman-1.12.x --resource-group $RESOURCE_GROUP \
     --location $LOCATION \
     --nics opsman-nic \
     --image opsman-image-1.12.x \
     --os-disk-name opsman-1.12.x-osdisk \
     --admin-username ubuntu \
     --size Standard_DS2_v2 \
     --storage-sku Standard_LRS \
     --ssh-key-value PATH-TO-PUBLIC-KEY
    

  12. If you plan to install more than one tile in this Ops Manager installation, perform the following steps to increase the size of the Ops Manager VM disk. You can repeat this process and increase the disk again at a later time if necessary.

    1. Run the following command to stop the VM and detach the disk:
      $ az vm deallocate --name opsman-1.12.x \
      --resource-group $RESOURCE_GROUP
      
    2. Run the following command to resize the disk to 128 GB:
      $ az disk update --size-gb 128 --name opsman-1.12.x-osdisk \
      --resource-group $RESOURCE_GROUP
      
    3. Run the following command to start the VM:
      $ az vm start --name opsman-1.12.x --resource-group $RESOURCE_GROUP
      

Step 5: Complete Ops Manager Director Configuration

  1. Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) to the public IP address of Ops Manager. As a best practice, always use the FQDN to access Ops Manager.

  2. Continue to the Configuring Ops Manager Director on Azure topic.

Create a pull request or raise an issue on the source for this page in GitHub