-
Notifications
You must be signed in to change notification settings - Fork 140
/
Copy pathpcf_azure.html.md.erb
228 lines (169 loc) · 14.3 KB
/
pcf_azure.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
---
title: Installing Ops Manager on Microsoft Azure
owner: Partners
---
<p class="note"><strong>Note:</strong> This document describes how to install a basic, opinionated <%= vars.platform_name %> on Azure using the Azure Marketplace. To install a more robust <%= vars.platform_name %> deployment on Azure for development or production, see the <a href="azure.html">Installing <%= vars.platform_name %> on Azure</a> topic.</p>
This topic describes how to deploy <%= vars.platform_name %> on Microsoft Azure.
<%= vars.platform_name %> on Microsoft Azure is available in [Azure Marketplace](https://azure.microsoft.com/en-us/marketplace/partners/pivotal/pivotal-cloud-foundryazure-pcf/). The Azure Marketplace offering installs a pre-configured deployment of <%= vars.platform_name %>.
## <a id='components'></a>Components
<%= vars.platform_name %> on Microsoft Azure includes the following components:
* [<%= vars.app_runtime_full %> (<%= vars.app_runtime_full %>)](../installing/pcf-docs.html)
* [Microsoft Azure Service Broker](http://network.pivotal.io)
Optional:
* [VMware RabbitMQ](http://docs.pivotal.io/rabbitmq-cf/index.html)
* [VMware Tanzu SQL [MySQL]](http://docs.pivotal.io/p-mysql/index.html)
* [Redis for VMware Tanzu](http://docs.pivotal.io/redis/index.html)
* [Spring Cloud Services for VMware Tanzu](http://docs.pivotal.io/spring-cloud-services/index.html)
## <a id='prereqs'></a> Prerequisites
You must have the following in order to use <%= vars.platform_name %> on Microsoft Azure:
* A pay-as-you-go subscription on your Azure account.
* A VMware Tanzu Network account: If you do not already have an account, [create one](https://network.pivotal.io/). Retrieve the API token for your profile by performing the following steps:
1. Sign into the VMware Tanzu Network.
1. Navigate to your name in the top right and click **Edit Profile**.
1. Record the API token located at the bottom of the page.
* An Azure command line tool installed on your computer.
* For Linux/Unix/Mac OS X, follow these [instructions](https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/) to install the Azure CLI.
* For Windows, follow these [instructions](https://azure.microsoft.com/en-us/documentation/articles/powershell-install-configure/) to install the Azure PowerShell.
* A JSON-formatted file named `azure-credentials.json` that contains an Azure Service Principal. If you need an `azure-credentials.json` file, follow the instructions in [Create an Azure Service Principal File](#create-service-principal) below.
* Sufficient resources for your Azure account. See the installation requirements at [Installing <%= vars.platform_name %> on Azure](./azure.html#azure).
For more information, see [Azure subscription and service limits, quotas, and constraints](https://azure.microsoft.com/en-us/documentation/articles/azure-subscription-service-limits/). To raise your quota, follow the instructions in [Raise Your Quota](#raising-quota) below.
<p class="note"><strong>Note:</strong> The cost per day for Azure resources varies, but it is likely in the $50-75 (US) range.</p>
### <a id="create-service-principal"></a> Create an Azure Service Principal File
The **Azure Service Principal** is an identity created for an app or script. This identity allows the app or script to authenticate with its own credentials. When you create an Azure Service Principal, make sure to create it with Contributor privileges and scope it to your target resource group. For more information, see the [Microsoft documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest).
Follow the steps below to create a JSON-formatted Azure Service Principal file.
1. Using a text editor, open a new file.
1. Add the following content to the file:
```
{
"subscriptionID": "SUBSCRIPTION-ID",
"tenantID": "TENANT-ID",
"clientID": "SERVICE-PRINCIPAL-NAME",
"clientSecret": "SERVICE-PRINCIPAL-PASSWORD"
}
```
1. Replace the placeholder text in the file as follows:
* **SUBSCRIPTION-ID:** Replace this with your default Azure Subscription ID.
* **TENANT-ID:** Replace this with your default Azure Tenant ID.
* **SERVICE-PRINCIPAL-NAME:** Replace this with the application ID.
* **SERVICE-PRINCIPAL-PASSWORD:** Replace this with the application authentication key.
<br>
<br>To retrieve the application ID and authentication key, see [Get application ID and authentication key](https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-create-service-principal-portal#get-application-id-and-authentication-key) in the Microsoft Azure documentation.
1. Save the file as `azure-credentials.json`.
### <a id="raising-quota"></a> Raise Your Quota
* To request a core quota increase, follow these [instructions](https://blogs.msdn.microsoft.com/girishp/2015/09/20/increasing-core-quota-limits-in-azure/).
* When filling in the Details section of the Support Request Description, provide the following information to expedite your request, replacing REGION with your region of choice:
<blockquote>"We are preparing to roll out <%= vars.platform_name %> from the Azure Marketplace.<br>
We would like to raise our ARM (Azure Resource Manager) core limits.<br>
Requested quantity of ARM Cores: 50<br>
Requested region: REGION<br>
Please fulfill this request as soon as possible.<br>
The request is not temporary.<br>
This will not be a bursting request.<br>
Please allocate 1 TB of standard storage.<br>
VM Types to be used: F1s, F2s, F4s, DS11v2, DS12v2
VM count (minimum):<br>
27 F1s<br>
4 F2s<br>
4 F4s<br>
1 DS11v2<br>
1 DS12v2"<br>
</blockquote>
## <a id='getting-started'></a> Install <%= vars.platform_name %> on Microsoft Azure
1. Log in to your Microsoft Azure [portal](https://portal.azure.com).
1. Select **Marketplace** from the Azure Dashboard.
<p class="note"><strong>Note:</strong> Alternately, navigate to the [<%= vars.platform_name %> on Azure Marketplace](https://azure.microsoft.com/en-us/marketplace/partners/pivotal/pivotal-cloud-foundryazure-pcf/) page and click the **Get It Now** button.</p>
1. Search for "<%= vars.platform_name %>" and select **<%= vars.platform_name %> on Microsoft Azure**.
<%= image_tag("azure/marketplace.png") %>
1. Click **Create**.
1. Enter the following **User Inputs:**
* **Storage Account Name Prefix:** Installing <%= vars.platform_name %> on Microsoft Azure creates a new storage account. Use a unique prefix that contains lower-case letters and numbers and is no more
than 10 characters long. For more information, see [About Azure storage accounts](https://azure.microsoft.com/en-us/documentation/articles/storage-create-storage-account/).
* **SSH public key:** You must generate 2048-bit RSA public and private key files.
* Linux/Unix/Mac OS X: From the command line, run `$ ssh-keygen -t rsa -b 2048`. Locate your public key in `~/.ssh/id_rsa.pub` and paste the contents into the parameter **sshKeyData**.
* Windows: Download, install, and use [PuTTYgen](http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html).
Locate your public key file and paste the contents into the parameter **sshKeyData**.
* **Service Principal:** Upload the `azure-credentials.json` file that you created from [Prerequisites](#prereqs) section.
* **VMware Tanzu Network Token:** Enter the API token of your VMware Tanzu Network Account that you recorded in the [Prerequisites](#prereqs) section.
* **Resource Group:** Use a new resource group with a unique name for each new deployment. For more information about Azure resource groups,
see [Manage Azure resources through portal](https://azure.microsoft.com/en-us/documentation/articles/resource-group-portal/).
* **Location:** Choose which Azure location you want to deploy to. If you requested a quota increase, you must choose the same region that you submitted in your request.
1. Click **OK** and review the Summary Page.
1. Click **OK** and read the Terms of Use and Privacy Policy.
1. Click **Create** to be directed to the main Azure portal page, where a new tile shows the deployment is in progress.
<p class="note"><strong>Note:</strong> The tile deployment progress shows completed when the initial jumpbox VM is provisioned. This does not indicate the deployment is complete.</p>
The full deployment takes approximately 3-4 hours.
1. Check the **Outputs** section of the deployment. Azure confirms your quota before deploying <%= vars.platform_name %>.
Select the new resource group that was created and select the Deployments tab. Then select the specific deployment. If you see this message in the **Outputs** section of the deployment template `CRITICAL Insufficient Quota, <%= vars.platform_name %> will NOT deploy`, you need to raise your quota.
See [Raise Your Quota](#raising-quota).
<%= image_tag("azure/quota.png") %>
1. When the deployment is complete, the **Outputs** section of the deployment displays the <%= vars.ops_manager %> FQDN URL along with the <%= vars.ops_manager %> login credentials and the jumpbox FQDN URL.
## <a id='verify'></a> Verify the <%= vars.platform_name %> on Microsoft Azure Installation
1. From your Azure Portal, navigate to **Resource Groups** and ensure the new **Resource Group** has been created.
<%= image_tag("azure/resource_group.png") %>
1. Find the <%= vars.ops_manager %> URL and the admin password:
1. In the Azure Portal, return to the **Outputs** section of your deployment.
1. Navigate to the <%= vars.ops_manager %> URL.
1. Log in with username `admin` and the password provided in the **Outputs**.
1. Log in to Apps Manager:
1. Find the Apps Manager password by following [Logging in to Apps Manager](./console-login.html)
1. Find the System Domain needed for the Apps Manager URL:
1. Navigate to the <%= vars.ops_manager %> Installation Dashboard.
1. Click the <%= vars.app_runtime_abbr %> tile.
1. Select **Domains**.
1. Copy the System Domain URL, referred to as SYSTEMDOMAINURL below.
1. Navigate to the URL `https://apps.SYSTEMDOMAINURL`.
1. Log in to Apps Manager with the username `admin` and the password obtained above.
1. From Apps Manager, verify that your services are running.
<%= image_tag("azure/console.png") %>
## <a id='delete'></a> Delete a Deployment of <%= vars.platform_name %> on Microsoft Azure
To remove the deployment, navigate to your Azure Portal and delete the **Resource Group** associated with the deployment.
## <a id='troubleshooting'></a> Troubleshooting
* [Deployment fails](#deployfails)
### <a id='deployfails'></a> Deployment Fails
**Symptom:** Deployment fails before the jumpbox VM is created. The **Resource Group** Events shows an event with a **Provisioning State: Failed**. The Status Message may show something like:
```
{
"status": "Failed",
"error": {
"code": "ResourceDeploymentFailure",
"message": "The resource operation completed with terminal provisioning state 'Failed'.",
"details": [
{
"code": "VMExtensionProvisioningError",
"message": "VM has reported a failure when processing extension 'initbootstrap'.
Error message: \"Script returned an error.\n---stdout---\nDownload complete.\n
Current working dir : /var/lib/waagent/Microsoft.OSTCExtensions.CustomScriptForLinux-1.4.1.0\n
Sys.Path: ['/usr/share/python-wheels/distlib-0.1.8-py2.py3-none-any.whl',
'/usr/share/python-wheels/pip-1.5.4-py2.py3-none-any.whl',
'/usr/share/python-wheels/urllib3-1.7.1-py2.py3-none-any.whl',
'/usr/share/python-wheels/requests-2.2.1-py2.py3-none-any.whl',
'/usr/share/python-wheels/setuptools-3.3-py2.py3-none-any.whl',
'/usr/share/python-wheels/chardet-2.2.1-py2.py3-none-any.whl',
'/usr/share/python-wheels/html5lib-0.999-py2.py3-none-any.whl',
'/usr/share/python-wheels/six-1.5.2-py2.py3-none-any.whl',
'/usr/share/python-wheels/colorama-0.2.5-py2.py3-none-any.whl',
'/var/lib/waagent/Microsoft.OSTCExtensions.CustomScriptForLinux-1.4.1.0/download/0',
'/usr/lib/python2.7', '/usr/lib/python2.7/plat-x86_64-linux-gnu',
'/usr/lib/python2.7/lib-tk', '/usr/lib/python2.7/lib-old', '/usr/lib/python2.7/lib-dynload',
'/usr/local/lib/python2.7/dist-packages', '/usr/lib/python2.7/dist-packages', '']\n
\n---errout---\n\rExtracting templates from packages: 61%\r
Extracting templates from packages: 100%\nTraceback (most recent call last):\n
File \"bootstrap.py\", line 165, in <module>\n check_quota(subscription_id, tenant,
client_id, client_secret, location, numofcores)\n File \"bootstrap.py\", line 62, in check_quota\n
token = get_token_from_client_credentials(endpoint,client_id,secret)\n
File \"bootstrap.py\", line 55, in get_token_from_client_credentials\n
result = urlopen(request)\n File \"/usr/lib/python2.7/urllib2.py\", line 127, in urlopen\n
return _opener.open(url, data, timeout)\n File \"/usr/lib/python2.7/urllib2.py\", line 410, in open\n
response = meth(req, response)\n File \"/usr/lib/python2.7/urllib2.py\", line 523, in http_response\n
'http', request, response, code, msg, hdrs)\n File \"/usr/lib/python2.7/urllib2.py\", line 448, in error\n
return self._call_chain(*args)\n File \"/usr/lib/python2.7/urllib2.py\", line 382, in _call_chain\n
result = func(*args)\n File \"/usr/lib/python2.7/urllib2.py\", line 531, in http_error_default\n
raise HTTPError(req.get_full_url(), code, msg, hdrs, fp)\nurllib2.HTTPError: HTTP Error 400: Bad Request\n\n\"."
}
]
}
}
```
**Solution:** If an HTTP 400 error is shown, the Client-ID or Tentant-ID is incorrect. If an HTTP 401 error is shown, the Client Secret is incorrect. Finally, if quota is insufficient, you see such a message. There is no error code associated with this.
**Symptom:** Deployment fails after the jumpbox VM has been created.
**Solution:** Capture the <%= vars.platform_name %> deployment log as described in the [verification procedure above](#verify) and send it to [email protected] with any additional information about the installation that you can provide.