forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-german-cloud.html.md.erb
125 lines (95 loc) · 6.42 KB
/
azure-german-cloud.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
---
title: Deploying PCF in Azure Germany
owner: Ops Manager
---
<strong><%= modified_date %></strong>
This topic describes how to install Pivotal Cloud Foundry (PCF) in Azure Germany.
<p class="note"><strong>Note</strong>: Azure Germany is only supported in PCF 1.10.1 and later.</p>
The procedures below involves using the Ops Manager API. For more information about the Ops Manager API, see the documentation at `https://YOUR-OPS-MAN-FQDN/docs`.
##<a id='prepare'></a> Step 1: Prepare to Deploy
Perform the procedures in the [Preparing to Deploy PCF on Azure](./azure-prepare-env.html), but instead of running `az cloud set --name AzureCloud`, specify the `AzureGermanCloud` environment:
<pre class="terminal">
$ az cloud set --name AzureGermanCloud
</pre>
##<a id='launch-om'></a> Step 2: Launch an Ops Manager Director Instance
Perform the procedures in the [Launching an Ops Manager Director Instance on Azure without an ARM Template](./azure-om-deploy.html) topic.
##<a id='config-auth'></a> Step 3: Configure Authentication
Perform the procedures in the [Step 1: Access Ops Manager](./azure-om-config.html#access-om) section of the <em>Configuring Ops Manager Director on Azure</em> topic. Set up your Ops Manager authentication system, but do not continue to the [Step 2: Azure Config Page](./azure-om-config.html#azure-config) section.
Continue to the [Internal Authentication](#internal-auth) or [External Identity Provider](#external-idp) section below depending on which authentication system you configured.
###<a id='internal-auth'></a> Internal Authentication
If you configured your Ops Manager for Internal Authentication, perform the following steps:
1. SSH into the Ops Manager VM:
<pre class="terminal">$ ssh -i opsman ubuntu@OPS\_MAN\_FQDN</pre>
If the private key that you generated in the [Launching an Ops Manager Director Instance on Azure without an ARM Template](./azure-om-deploy.html#configure) topic is not named `opsman`, provide the correct filename instead.
1. From the Ops Manager VM, use the User Account and Authentication Command Line Interface (UAAC) to target your Ops Manager UAA server:
<pre class="terminal">$ uaac target http<span>s:</span>//YOUR-OPS-MAN-FQDN/uaa</pre>
<p class="note"><strong>Note</strong>: UAA is the Cloud Foundry identity and management service. See the <a href="../concepts/architecture/uaa.html">User Account and Authentication (UAA) Server</a> topic for more information.</p>
1. Retrieve your token to authenticate:
<pre class="terminal">$ uaac token owner get
Client ID: opsman
Client secret: [Leave Blank]
User name: OPS-MAN-USERNAME
Password: OPS-MAN-PASSWORD
</pre>
1. Continue to [Step 4: Configure Ops Manager](#config-om).
###<a id='external-idp'></a> External Identity Provider
If you configured your Ops Manager for an external Identity Provider with SAML, perform the following steps:
1. From your local machine, target your Ops Manager UAA server:
<pre class="terminal">$ uaac target http<span>s:</span>//YOUR-OPS-MAN-FQDN/uaa</pre>
1. Retrieve your token to authenticate. When prompted for a passcode, retrieve it from `https://YOUR-OPS-MAN-FQDN/uaa/passcode`.
<pre class="terminal">$ uaac token sso get
Client ID: opsman
Client secret: [Leave Blank]
Passcode: YOUR-PASSCODE
</pre>
If authentication is successful, the UAAC displays the following message: `Successfully fetched token via owner password grant.`
1. Continue to [Step 4: Configure Ops Manager](#config-om).
##<a id='config-om'></a> Step 4: Configure Ops Manager
Perform the following steps to configure Ops Manager for Azure Germany:
1. List your tokens.
<pre class="terminal">
$ uaac contexts
</pre>
Locate the entry for your Ops Manager FQDN. Under `client_id: opsman`, record the value for `access_token`.
1. Use `curl` to pass in the `environment:AzureGermanCloud` key to Ops Manager using the API:
<pre class="terminal">
$ curl "http<span>s:</span>//YOUR-OPS-MAN-FQDN/api/v0/staged/director/properties" \
-X PUT \
-H "Authorization: Bearer UAA-ACCESS-TOKEN" \
-H "Content-Type: application/json" \
-d '{
"iaas\_configuration": {
"subscription\_id": "SUBSCRIPTION-ID",
"tenant\_id": "TENANT-ID",
"client\_id": "APPLICATION-ID",
"resource\_group\_name": "$RESOURCE-GROUP",
"bosh\_storage\_account\_name": "$STORAGE-NAME",
"deployments\_storage\_account\_name": "MY-DEPLOYMENT-STORAGE-X",
"default\_security\_group": "opsmgr-nsg",
"ssh\_public\_key": "ssh-rsa OPS-MAN-PUBLIC-KEY",
"ssh\_private\_key": "-----BEGIN RSA PRIVATE KEY-----\OPS-MAN-PRIVATE-KEY",
"environment": "AzureGermanCloud"
},
"director\_configuration": {
"ntp\_servers\_string": "us.pool.ntp.org",
"metrics\_ip": "1.2.3.4",
"resurrector\_enabled": true,
"max\_threads": 1,
"database\_type": "internal",
"blobstore\_type": "local"
},
"security\_configuration": {
"trusted\_certificates": "—– BEGIN SSL CERTIFICATE —– ... ",
"generate\_vm\_passwords": true
}
}'
</pre>
Replace the placeholder values under `iaas_configuration` as follows:
* `UAA_ACCESS_TOKEN` is the token you retrieved from `uaac contexts` in the previous step.
* `SUBSCRIPTION_ID`, `TENANT_ID`, and `APPLICATION_ID` are set in the [Preparing to Deploy PCF on Azure](./azure-prepare-env.html) topic.
* The `$RESOURCE_GROUP` and `$STORAGE_NAME` environment variables are set in the [Launching an Ops Manager Director Instance on Azure without an ARM Template](./azure-om-deploy.html) topic.
* For the values for `MY_DEPLOYMENT_STORAGE_X`, `OPS_MAN_PUBLIC_KEY`, and `OPS_MAN_PRIVATE_KEY`, see the procedures in the [Launching an Ops Manager Director Instance on Azure without an ARM Template](./azure-om-deploy.html) topic.
Leave the values under `director_configuration` and `security_configuration`. They are designed to be overridden in a subsequent step when you configure Ops Manager using the web interface.
1. If the `curl` command returns a `200 OK` response, navigate to the Ops Manager FQDN in a browser and log in.
1. Configure the Ops Manager Director tile by performing the procedures in the [Configuring Ops Manager Director on Azure](./azure-om-config.html) topic.
1. When Ops Manager finishes deploying, continue to the [Deploying Elastic Runtime on Azure](./azure-er-config.html) topic to deploy Elastic Runtime and complete your PCF installation.