Deploying BOSH and Ops Manager to Azure with ARM
Page last updated:
This topic describes how to deploy BOSH Director for Pivotal Cloud Foundry (PCF) on Azure using an Azure Resource Manager (ARM) template. An ARM template is a JSON file that describes one or more resources to deploy to a resource group.
You can also deploy BOSH Director manually, by following the procedure in the Deploying BOSH and Ops Manager to Azure Manually. Manual deployment is required if you are deploying to:
- Azure China
- Azure Germany
- Azure Government Cloud
- Azure Stack (Beta)
Note: Azure Stack is in beta for this release. Pivotal does not recommend using Azure Stack for a production deployment. For more information, see Azure Stack Support is in Beta for Ops Manager.
Before you perform the procedures in this topic, you must complete the procedures in the Preparing Azure topic. After you complete the procedures in this topic, follow the instructions in Configuring BOSH Director on Azure.
Where to Find the PCF Azure ARM Templates
The PCF Azure ARM Templates are available for download from the following GitHub repository:
https://github.com/pivotal-cf/pcf-azure-arm-templates
For PCF v1.11 and later, use the templates tagged with the 1.11+ release.
For PCF v1.11 and earlier, use the templates tagged with the 1.10- release.
Step 1: Create BOSH Storage Account
Azure for PCF uses multiple general-purpose Azure storage accounts. The BOSH and Ops Manager VMs use one main BOSH storage account, and the other components share five or more deployment storage accounts.
Choose a name for your resource group and export it as an environment variable
$RESOURCE_GROUP.$ export RESOURCE_GROUP="YOUR-RESOURCE-GROUP-NAME"
Note: If you are on a Windows machine, you can use
setinstead ofexport.Export your location. For example,
westus.$ export LOCATION="YOUR-LOCATION"
Note: For a list of available locations, run
az account list-locations.Create your resource group:
$ az group create --name $RESOURCE_GROUP --location $LOCATION
Choose a name for your BOSH storage account, and export it as the environment variable
$STORAGE_NAME. Storage account names must be globally unique across Azure, between 3 and 24 characters in length, and contain only lowercase letters and numbers.$ export STORAGE_NAME="YOUR-BOSH-STORAGE-ACCOUNT-NAME"
Create the storage account.
$ az storage account create --name $STORAGE_NAME \ --resource-group $RESOURCE_GROUP --sku Standard_LRS \ --kind Storage --location $LOCATION
Note:
Standard_LRSrefers to a Standard Azure storage account. The BOSH Director requires table storage to store stemcell information. Azure Premium storage does not support table storage and cannot be used for the BOSH storage account.Retrieve the connection string for your BOSH storage account:
$ az storage account show-connection-string \ --name $STORAGE_NAME --resource-group $RESOURCE_GROUP
The command returns output similar to the following:{ "connectionString": "DefaultEndpointsProtocol=https;EndpointSuffix=core.windows.net;AccountName=cfdocsdeploystorage1;AccountKey=EXAMPLEaaabbbcccMf8wEwdeJMvvonrbmNk27bfkSL8ZFzAhs3Kb78si5CTPHhjHHiK4qPcYzn/8OmFg==" }Record the full value of
connectionStringfrom the output above, starting with and includingDefaultEndpointsProtocol=.Export the connection string:
$ export CONNECTION_STRING="YOUR-CONNECTION-STRING"
Create a container for the Ops Manager image:
$ az storage container create --name opsman-image \ --connection-string $CONNECTION_STRING
Create a container for the Ops Manager VM:
$ az storage container create --name vhds \ --connection-string $CONNECTION_STRING
Create a container for Ops Manager:
$ az storage container create --name opsmanager \ --connection-string $CONNECTION_STRING
Create a container for BOSH:
$ az storage container create --name bosh \ --connection-string $CONNECTION_STRING
Create a container for the stemcell:
$ az storage container create --name stemcell \ --public-access blob \ --connection-string $CONNECTION_STRING
Create a table for stemcell data:
$ az storage table create --name stemcells \ --connection-string $CONNECTION_STRING
Step 2: Copy Ops Manager Image
Navigate to Pivotal Network and download the latest release of Pivotal Cloud Foundry Ops Manager for Azure. You can download either a PDF or a YAML file.
View the downloaded file and locate the Ops Manager image URL appropriate for your region.
Export the Ops Manager image URL as an environment variable.
$ export OPS_MAN_IMAGE_URL="YOUR-OPS-MAN-IMAGE-URL"
Copy the Ops Manager image into your storage account:
$ az storage blob copy start --source-uri $OPS_MAN_IMAGE_URL \ --connection-string $CONNECTION_STRING \ --destination-container opsman-image \ --destination-blob image.vhd
Copying the image may take several minutes. Run the following command and examine the output under
"copy":$ az storage blob show --name image.vhd \ --container-name opsman-image \ --account-name $STORAGE_NAME ... "copy": { "completionTime": "2017-06-26T22:24:11+00:00", "id": "b9c8b272-a562-4574-baa6-f1a04afcefdf", "progress": "53687091712/53687091712", "source": "https://opsmanagerwestus.blob.core.windows.net/images/ops-manager-1.11.3.vhd", "status": "success", "statusDescription": null },Whenstatusreadssuccess, continue to the next step.
Step 3: Configure the ARM Template
Create a key pair on your local machine. For example, enter the following command:
$ ssh-keygen -t rsa -f opsman -C ubuntu
When prompted for a passphrase, follow the prompts to provide an empty passphrase.Download the latest release of the PCF Azure ARM Templates. For PCF v1.11 and later, download this release.
Open the parameters file and enter values for the following parameters:
- OpsManVHDStorageAccount: The name of the storage account you created in Step 1: Create Storage Account
- BlobStorageContainer: The name of the container to which you copied the Ops Manager VHD
- BlobStorageEndpoint: The base URL of the storage endpoint. Leave the default endpoint unless you are using Azure China, Azure Government Cloud, or Azure Germany:
- For Azure China, use
blob.core.chinacloudapi.cn. See the Azure documentation for more information. - For Azure Government Cloud, use
blob.core.usgovcloudapi.net. See the Azure documentation for more information. - For Azure Germany, use
blob.core.cloudapi.de. See the Azure documentation for more information.
- For Azure China, use
- AdminSSHKey: The contents of the
opsman.pubpublic key file that you created above - Location: The location to install the Ops Manager VM. For example,
westus. - Environment: Tag template-created resources for assisting with resource management
Step 4: Deploy the ARM Template
Deploy the template:
$ az group deployment create --template-file azure-deploy.json \ --parameters azure-deploy-parameters.json \ --resource-group $RESOURCE_GROUP --name cfdeploy
Create a network security group named
pcf-nsg.$ az network nsg create --name pcf-nsg \ --resource-group $RESOURCE_GROUP \ --location $LOCATION
Add a network security group rule to the
pcf-nsggroup to allow traffic from the public Internet.$ az network nsg rule create --name internet-to-lb \ --nsg-name pcf-nsg --resource-group $RESOURCE_GROUP \ --protocol Tcp --priority 100 \ --destination-port-range '*'
Step 5: Complete BOSH Director Configuration
Navigate to your DNS provider, and create an entry that points a fully qualified domain name (FQDN) in your domain to the IP address of the Ops Manager VM.
Note: If the ARM template deployment does not return an IP address in the output of
opsMan-FQDN, then visit the Azure Portal to retrieve the public IP address of the new Ops Manager virtual machine.Continue to the Configuring BOSH Director on Azure topic.