LATEST VERSION: v1.2 - RELEASE NOTES
Pivotal Container Service v1.2

Deploying Ops Manager on AWS

Page last updated:

This topic describes how to deploy Ops Manager for Pivotal Container Service (PKS) on Amazon Web Services (AWS) using Terraform templates.

The Terraform template for PKS on AWS describes a set of AWS resources and properties. For more information about how Terraform creates resources in AWS, see the AWS Provider topic on the Terraform site.

After you complete this procedure, follow the instructions in the Configuring Ops Manager on AWS topic.

Prerequisites

In addition to fulfilling the prerequisites listed in the AWS Prerequisites and Resource Requirements topic, ensure you have the following:

  • The Terraform CLI
  • In your AWS project, ensure you have an IAM user with the following permissions:
    • AmazonEC2FullAccess
    • AmazonRDSFullAccess
    • AmazonRoute53FullAccess
    • AmazonS3FullAccess
    • AmazonVPCFullAccess
    • IAMFullAccess

Step 1: Download and Edit the Terraform Variables File

Before you can run Terraform commands to create infrastructure resources, you must fill out a template variables file. Follow these steps to download and edit the Terraform template variables file:

  1. Navigate to the Pivotal Application Service (PAS) release on Pivotal Network.

    Note: The AWS Terraform template installs Ops Manager for Pivotal Cloud Foundry (PCF). The template can be used when deploying either PAS or PKS.

  2. Download the AWS Terraform zip file.

  3. Extract the contents of the zip file and move the folder to the workspace directory on your local machine.

  4. From a terminal window, navigate to the folder:

    $ cd ~/workspace/TERRAFORMING-AWS-FOLDER

  5. Create a new file named terraform.tfvars.

    $ touch terraform.tfvars

  6. Open the terraform.tfvars file and paste in the following contents:

    env_name           = "YOUR-ENVIRONMENT-NAME"
    access_key         = "YOUR-ACCESS-KEY"
    secret_key         = "YOUR-SECRET-KEY"
    region             = "YOUR-AWS-REGION"
    availability_zones = ["YOUR-AZ-1", "YOUR-AZ-2", "YOUR-AZ-3"]
    ops_manager_ami    = "YOUR-OPS-MAN-IMAGE-AMI"
    dns_suffix         = "YOUR-DNS-SUFFIX"
    
    ssl_cert = <<SSL_CERT
    -----BEGIN CERTIFICATE-----
    YOUR-CERTIFICATE
    -----END CERTIFICATE-----
    SSL_CERT
    
    ssl_private_key = <<SSL_KEY
    -----BEGIN EXAMPLE RSA PRIVATE KEY-----
    YOUR-PRIVATE-KEY
    -----END EXAMPLE RSA PRIVATE KEY-----
    SSL_KEY
    
    
  7. Edit the values in the file according to the table below:

    Value to replace Guidance
    YOUR-ENVIRONMENT-NAME Enter a name to use to identify resources in AWS. Terraform prepends the names of the resources it creates with this environment name. Example: pcf.
    YOUR-ACCESS-KEY Enter your AWS Access Key ID of the AWS project in which you want Terraform to create resources.
    YOUR-SECRET-KEY Enter your AWS Secret Access Key of the AWS project in which you want Terraform to create resources.
    YOUR-AWS-REGION Enter the name of the AWS region in which you want Terraform to create resources. Example: us-central1.
    YOUR-AZ-1
    YOUR-AZ-2
    YOUR-AZ-3
    Enter three availability zones from your region. Example: us-central-1a, us-central-1b, us-central-1c.
    YOUR-OPS-MAN-IMAGE-AMI Enter the source code for the Ops Manager Amazon Machine Image (AMI) you want to boot. You can find this code in the PDF included with the Ops Manager release on Pivotal Network.

    If you want to encrypt your Ops Manager VM, create an encrypted AMI copy from the AWS EC2 dashboard and enter the source code for the coped Ops Manager image instead. For more information about copying an AMI, see Launch an Ops Manager AMI in Installing PCF on AWS Manually in the Pivotal Cloud Foundry documentation.
    YOUR-DNS-SUFFIX Enter a domain name to use as part of the system domain for your PCF deployment. Terraform creates DNS records in AWS using YOUR-ENVIRONMENT-NAME and YOUR-DNS-SUFFIX. For example, if you enter example.com for your DNS suffix and have pcf as your environment name, Terraform will create DNS records at pcf.example.com.
    YOUR-CERTIFICATE Enter a certificate to use for HTTP load balancing. For production environments, use a certificate from a Certificate Authority (CA). For test environments, you can use a self-signed certificate.

    Your certificate must specify your system domain as the common name. Your system domain is YOUR-ENVIRONMENT-NAME.YOUR-DNS-SUFFIX.

    It also must include the following subdomains: *.sys.YOUR-SYSTEM-DOMAIN, *.login.sys.YOUR-SYSTEM-DOMAIN, *.uaa.sys.YOUR-SYSTEM-DOMAIN, *.apps.YOUR-SYSTEM-DOMAIN.

    YOUR-PRIVATE-KEY Enter a private key for the certificate you entered.

Step 2: Add Optional Variables

Complete this step if you want to do any of the following:

  • Use an RDS for your deployment
  • Deploy the Isolation Segment tile

See Installing PCF Isolation Segment for more information about the Isolation Segment tile.

In your terraform.tfvars file, specify the appropriate variables from the sections below.

Note: You can see the configurable options by opening the variables.tf file and looking for variables with default values.

Isolation Segments

If you plan to deploy the Isolation Segment tile, add the following variables to your terraform.tfvars file, replacing YOUR-CERTIFICATE and YOUR-PRIVATE-KEY with a certificate and private key. This causes Terraform to create an additional HTTP load balancer across three availability zones to use for the Isolation Segment tile.

create_isoseg_resources = 1

iso_seg_ssl_cert = <<ISO_SEG_SSL_CERT
-----BEGIN CERTIFICATE-----
YOUR-CERTIFICATE
-----END CERTIFICATE-----
ISO_SEG_SSL_CERT

iso_seg_ssl_cert_private_key = <<ISO_SEG_SSL_KEY
-----BEGIN EXAMPLE RSA PRIVATE KEY-----
YOUR-PRIVATE-KEY
-----END EXAMPLE RSA PRIVATE KEY-----
ISO_SEG_SSL_KEY

RDS

  1. If you want to use an RDS for Ops Manager and PAS, add the following to your terraform.tfvars file:

    rds_instance_count = 1
    
  2. If you want to specify a username for RDS authentication, add the following to your terraform.tfvars file:

    rds_db_username = username
    

Step 3: Create AWS Resources with Terraform

Follow these steps to use the Terraform CLI to create resources on AWS:

  1. From the directory that contains the Terraform files, run terraform init to initialize the directory based on the information you specified in the terraform.tfvars file.

    $ terraform init

  2. Run terraform plan -out=plan to create the execution plan for Terraform.

    $ terraform plan -out=plan

  3. Run terraform apply plan to execute the plan from the previous step. It may take several minutes for Terraform to create all the resources in AWS.

    $ terraform apply plan

Step 4: Create DNS Record

  1. In a browser, navigate to the DNS provider for the DNS suffix you entered in your terraform.tfvars file.

  2. In this record, enter the name servers included in env_dns_zone_name_servers from your Terraform output.

Next Steps

After you complete this procedure, follow the instructions in the Configuring Ops Manager on AWS topic.


Please send any feedback you have to pks-feedback@pivotal.io.

Create a pull request or raise an issue on the source for this page in GitHub