forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcloudform-er-config.html.md.erb
386 lines (255 loc) · 18.1 KB
/
cloudform-er-config.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
---
title: Deploying Elastic Runtime on AWS
owner: Ops Manager
---
<strong><%= modified_date %></strong>
<html class="list-style-none"></html>
This topic describes how to install and configure Elastic Runtime after
deploying the CloudFormation template for [Pivotal Cloud Foundry](https://network.pivotal.io/products/pivotal-cf) (PCF) on Amazon Web Services (AWS).
Use this topic when [installing Pivotal Cloud Foundry on AWS](./cloudform.html).
Before beginning this procedure, ensure that you have successfully completed all
steps in the [Deploying the CloudFormation Template for PCF on AWS](./cloudform-template.html) and [Configuring Ops Manager Director after Deploying PCF on AWS using CloudFormation](./cloudform-om-config.html) topics.
<p class="note"><strong>Note</strong>: If you plan to <a href = "http://docs.pivotal.io/addon-ipsec/installing.html">install the PCF IPsec add-on</a>, you must do so before installing any other tiles. Pivotal recommends installing IPsec immediately after Ops Manager, and before installing the Elastic Runtime tile.</p>
## <a id='open-outputs'></a>Step 1: Open the Outputs Tab in AWS ##
<%= partial 'aws_stacks_view_outputs' %>
## <a id='add-er'></a>Step 2: Add Elastic Runtime to Ops Manager ##
1. Navigate to the Pivotal Cloud Foundry Operations Manager Installation
Dashboard.
1. If you have not downloaded Elastic Runtime, click the Pivotal Network link on the left to download the Elastic Runtime .pivotal file. Click **Import a Product** to add the tile to Ops Manager. For more information, refer to the [Adding and Deleting Products](./add-delete.html) topic.
1. Click the **Elastic Runtime** tile in the Installation Dashboard.
<%= image_tag("images/er-tile.png") %>
## <a id='assign-az'></a>Step 3: Assign Availability Zones and Networks ##
1. Select **Assign AZ and Networks**. These are the Availability Zones that you [create](../customizing/cloudform-om-config.html#az) when configuring Ops Manager Director.
1. Select an Availability Zone under **Place singleton jobs**. Ops Manager runs any job with a single instance in this Availability Zone.
1. Select one or more Availability Zones under **Balance other jobs**. Ops Manager balances instances of jobs with more than one instance across the Availability Zones that you specify.
<p class="note"><strong>Note</strong>: Pivotal recommends at least three Availability Zones for a highly available installation of Elastic Runtime.</p>
1. From the **Network** drop-down box, choose the network on which you want to run Elastic Runtime.
<%= image_tag("er-az.png") %>
1. Click **Save**.
<p class="note"><strong>Note</strong>: When you save this form, a verification error displays because the PCF security group blocks ICMP. You can ignore this error.</p>
<%= image_tag("pcfaws/er-network-error.png") %>
## <a id='cname'></a>Step 4: Add CNAME Record for Your Custom Domain ##
In the [Use the AWS CLI to upload your SSL Cert](./cloudform-template.html#upload-cert) step, you uploaded an SSL certificate for your PCF wildcard domain to AWS.
In this step you redirect all wildcard queries for your domain to the DNS name of your ELB.
<p class='note'><strong>Note</strong>: Do not point your wildcard domain at the numeric IP address for your ELB because this changes frequently.</p>
1. Find the DNS hostname of your ELB. The **Output** tab of the CloudFormation page in the AWS dashboard lists this as the value for the key **PcfElbDnsName**.
1. Log in to the DNS registrar that hosts your domain (for example, Network Solutions, GoDaddy, or Register.com).
1. Create a CNAME record with your DNS registrar that points `*.YOUR-DOMAIN.com` to the DNS hostname of your ELB.
1. Save changes within the web interface of your DNS registrar.
1. In the terminal, run the following `dig` command to confirm that you created your CNAME record successfully:
<pre class='terminal'>dig xyz.MY-DOMAIN.COM</pre>
You should see the CNAME record that you just created:
<pre class='terminal'>
;; ANSWER SECTION:
xyz.MY-DOMAIN.COM. 1767 IN CNAME pcf-ert-frankfurt-pcf-elb-428333773.eu-central-1.elb.amazonaws.com.</pre>
<p class='note'><strong>Note</strong>: You <strong>must</strong> complete this step before proceeding to Cloud Controller configuration. A problem that is difficult to resolve can occur if the wildcard domain is improperly cached before the CNAME is registered. </p>
## <a id='er-domain-config'></a>Step 5: Configure Domains ##
1. Select **Domains**.
<%= image_tag("domains.png") %>
1. Enter the system and application domains.
* The **System Domain** defines your target when you push apps to Elastic
Runtime.
* The **Apps Domain** defines where Elastic Runtime should serve your apps.
<p class="note"><strong>Note</strong>: Pivotal recommends that you use the same domain name but different subdomain names for your system and app domains. This prevents system and apps routes from overlapping. You will require two wildcard DNS entries: one for the system and the other for apps. For example, <code>*.system.EXAMPLE.COM</code> and <code>*.apps.EXAMPLE.COM</code>. Point both wildcard domains at your internal router IP address, which can be found under the status tab in the Elastic Runtime tile.</p>
<p class="note"><strong>Note</strong>: You configured a wildcard DNS record
for these domains in an earlier step.</p>
1. Click **Save**.
## <a id="networking"></a>Step 6: Configure Networking ##
<%= partial 'networking-cloudform' %>
## <a id='application-containers-config'></a>Step 7: Configure Application Containers ##
<%= partial 'application_container_config' %>
## <a id='er-appdevctrl-config'></a>Step 8: Configure Application Developer Controls ##
<%= partial 'application_developer_controls' %>
## <a id='app-security'></a>Step 9: Review Application Security Groups ##
<%= partial 'application_security_group' %>
## <a id='er-auth-config'></a>Step 10: Configure Authentication and Enterprise SSO ##
<%= partial 'authsso_config' %>
## <a id='sys-db'></a>Step 11: Configure System Databases ##
You can configure Elastic Runtime to use the internal MySQL database provided with PCF, or you can configure an external database provider for the databases required by Elastic Runtime.
<p class="note"><strong>Note</strong>: If you are performing an upgrade, do not modify your existing internal database configuration or you may lose data. You must migrate your existing data first before changing the configuration. See <a href="upgrading-pcf.html">Upgrading Pivotal Cloud Foundry</a> for additional upgrade information.</p>
###<a id='internal-db'></a> Internal Database Configuration
<%= partial 'ert_database_internal' %>
Then proceed to [Step 12: (Optional) Configure Internal MySQL](#internal-mysql) to configure high availability and automatic backups for your internal MySQL databases.
### <a id='create-dbs'></a> Create External System Databases ###
If you want to use an external database provider for your Elastic Runtime databases, you must first create the databases on the RDS instance provided by the CloudFormation script.
To create the required databases on an AWS RDS instance, perform the following steps.
1. Add the AWS-provided key pair to your SSH profile so that you can access the Ops Manager VM:
<pre class='terminal'>ssh-add aws-keypair.pem</pre>
1. SSH in to your Ops Manager using the [Ops Manager FQDN](../customizing/cloudform-om-deploy.html#create-dns) and the username `ubuntu`:
<pre class='terminal'>ssh ubuntu@OPS_MANAGER_FQDN</pre>
1. Run the following terminal command to log in to your RDS instance through the MySQL client, using values from your AWS dashboard [Outputs tab](#open-outputs) to fill in the following keys:
<pre class='terminal'>mysql --host=PcfRdsAddress --user=PcfRdsUsername --password=PcfRdsPassword</pre>
1. Run the following MySQL commands to create databases for the seven Elastic Runtime components that require a relational database:
<pre class="terminal">CREATE database uaa;
CREATE database ccdb;
CREATE database notifications;
CREATE database autoscale;
CREATE database app\_usage\_service;
CREATE database routing;
CREATE database diego;
CREATE database account;
CREATE database nfsvolume;
CREATE database networkpolicyserver;
</pre>
</p>
1. Type `exit` to quit the MySQL client, and `exit` again to close your connection to the Ops Manager VM.
1. In Elastic Runtime, select **Databases**.
1. Select the **External Databases** option.
<%= image_tag("cloudform/sys-db.png") %>
1. For the **Hostname** and **TCP Port** fields, enter the corresponding values from the [Outputs tab](#open-outputs) in the AWS Console, according to the following table:
<table border="1" class="nice" >
<tr>
<th><strong>Elastic Runtime Field</strong></th>
<th><strong>Outputs Key</strong></th>
</tr>
<tr>
<td><str>Hostname</str></td>
<td><str>PcfRdsAddress</str></td>
</tr>
<tr>
<td><str>TCP Port</str></td>
<td><str>PcfRdsPort</str></td>
</tr>
</table>
1. For each **database username** and **database password** field, enter the corresponding values from the [Outputs tab](#open-outputs) in the AWS Console, according to the following table:
<table border="1" class="nice" >
<tr>
<th><strong>Elastic Runtime Field</strong></th>
<th><strong>Outputs Key</strong></th>
</tr>
<tr>
<td><str>DATABASE-NAME database username</str></td>
<td><str>PcfRdsUsername</str></td>
</tr>
<tr>
<td><str>DATABASE-NAME database password</str></td>
<td><str>PcfRdsPassword</str></td>
</tr>
</table>
1. Click **Save**.
## <a id='internal-mysql'></a> Step 12: (Optional) Configure Internal MySQL ##
<%= partial 'mysql_proxy_config' %>
## <a id='filestore'></a>Step 13: Configure File Storage ##
<%= partial 'filestore_config' %>
For production-level PCF deployments on AWS, Pivotal recommends selecting the **External S3-Compatible File Store**. For more information about production-level PCF deployments on AWS, see the [Reference Architecture for Pivotal Cloud Foundry on AWS](../refarch/aws/aws_ref_arch.html).
For additional factors to consider when selecting file storage, see the <a href="../opsguide/storage_considerations.html">Considerations for Selecting File Storage in Pivotal Cloud Foundry</a> topic.
### <a id='internal_filestore'></a> Internal Filestore
<%= partial 'filestore_internal' %>
### <a id='external_s3'></a> External S3 or Ceph Filestore
To use an external S3-compatible filestore for your Elastic Runtime file storage, perform the following steps:
1. In the Elastic Runtime tile, select **File Storage**.
<%= image_tag("cloudform/external_filestore_config.png") %>
1. Select the **External S3-Compatible Filestore** option and complete the following fields:
* For **URL Endpoint**:
1. In a browser, open the [Amazon Simple Storage Service (Amazon S3) table](http://docs.aws.amazon.com/general/latest/gr/rande.html#s3_region).
1. Prepend `https://` to the **Endpoint** for your region and copy it
into the Ops Manager **URL Endpoint** field.
<br />
For example, in the **us-west-2** region, use
`https://s3-us-west-2.amazonaws.com/`.
* For **S3 Signature Version** and **Region**, use the **V4 Signature** values. AWS recommends using [Signature Version 4](http://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html#signature-versions).
* Select **Server-side Encryption (available for AWS S3 only)** to encrypt the contents of your S3 filestore. See the [AWS S3 documentation](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html) for more information.
* Use the values in your AWS [Outputs tab](#open-outputs) to complete the remaining fields as follows:
<table border="1" class="nice" >
<tr>
<th>Ops Manager Field</th>
<th>Outputs Key</th>
</tr>
<tr>
<td>Buildpacks Bucket Name</td>
<td>PcfElasticRuntimeS3BuildpacksBucket</td>
</tr>
<tr>
<td>Droplets Bucket Name</td>
<td>PcfElasticRuntimeS3DropletsBucket</td>
</tr>
<tr>
<td>Packages Bucket Name</td>
<td>PcfElasticRuntimeS3PackagesBucket</td>
</tr>
<tr>
<td>Resources Bucket Name</td>
<td>PcfElasticRuntimeS3ResourcesBucket</td>
</tr>
<tr>
<td>Access Key ID</td>
<td>PcfIamUserAccessKey</td>
</tr>
<tr>
<td>AWS Secret Key</td>
<td>PcfIamUserSecretAccessKey</td>
</tr>
</table>
<p class="note"><strong>Note</strong>: For more information regarding AWS S3 Signatures, see the <a href="http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html">Authenticating Requests</a> documentation.</p>
1. Click **Save**.
### <a id='other'></a> Other IaaS Storage Options
[Google Cloud Storage](./gcp-er-config.html#external_gcp) and [Azure Storage](./gcp-er-config.html#external_azure) are also available as file storage options, but are not recommended for typical PCF on AWS installations.
## <a id='sys-logging'></a>Step 14: (Optional) Configure System Logging ##
If you forward logging messages to an external Reliable Event Logging Protocol (RELP) server, complete the following steps:
1. Select **System Logging**.
<%= image_tag("cloudform/sys-logging.png") %>
1. If you want to include security events in your log stream, select the **Enable Cloud Controller security event logging** checkbox. This logs all API requests, including the endpoint, user, source IP address, and request result, in the Common Event Format (CEF).
1. Enter the IP address of your syslog server in **External Syslog Aggregator Hostname** and its port in **External Syslog Aggregator Port**. The default port for a syslog server is `514`.
<p class="note"><strong>Note</strong>: The host must be reachable from the Elastic Runtime network, accept TCP connections, and use the RELP protocol. Ensure your syslog server listens on external interfaces.</p>
1. Select an **External Syslog Network Protocol** to use when forwarding logs.
1. For the **Syslog Drain Buffer Size**, enter the number of messages the Doppler server can hold from Metron agents before the server starts to drop them. See the [Loggregator Guide for Cloud Foundry Operators](../loggregator/log-ops-guide.html) topic for more details.
1. Click **Save**.
## <a id='customize-apps-man'></a>Step 15: (Optional) Customize Apps Manager##
<%= partial 'custombranding' %>
## <a id='smtp'></a>Step 16: (Optional) Configure Email Notifications ##
Elastic Runtime uses SMTP to send invitations and confirmations to Apps Manager
users.
You must complete the **Email Notifications** page if you want to enable
end-user self-registration.
1. Select **Email Notifications**.
<%= image_tag("cloudform/smtp.png") %>
1. Enter your reply-to and SMTP email information.
1. For **SMTP Authentication Mechanism**, select `none`.
1. Click **Save**.
<p class='note'><strong>Note</strong>: If you do not configure the SMTP
settings using this form, the administrator must create orgs and users using
the cf CLI tool. See <a href="../adminguide/cli-user-management.html">Creating and Managing Users with the cf CLI</a> for more information.</p>
## <a id='ccdb-key'></a>Step 17: (Optional) Add CCDB Restore Key##
<%= partial 'restore_ccdb_key' %>
## <a id='config-smoke-test'></a>Step 18: Configure Smoke Tests##
<%= partial '_smoketests' %>
## <a id='advanced-features'></a>Step 19: (Optional) Enable Advanced Features ##
<%= partial '_advanced-features' %>
## <a id='errands'></a>Step 20: Configure Errands ##
<%= partial 'errands' %>
## <a id='config-elb'></a>Step 21: Configure Router to Elastic Load Balancer ##
1. If you do not know it, find the name of your Elastic Load Balancer (ELB) by clicking **Load Balancers** in the AWS EC2 dashboard. This example shows three ELBs:
* `pcf-stack-pcf-ssh-elb`: An SSH load balancer
* `pcf-stack-pcf-elb`: A load balancer
* `pcf-stack-pcf-tcp-elb`: A TCP load balancer
<%= image_tag("aws/aws_elb_names.png") %>
1. In the **Elastic Runtime** tile, click **Resource Config**.
<%= image_tag("pcfaws/er-aws-resource-config.png") %>
1. In the **ELB Name** field of the **Diego Brain** row, enter the name of your SSH load balancer. Specify multiple load balancers by entering the names separated by commas.
<%= image_tag("pcfaws/er-aws-resource-config-diego-brain.png") %>
1. In the **ELB Name** field of the **Router** row, enter the name of your load balancer. Specify multiple load balancers by entering the names separated by commas.
<%= image_tag("pcfaws/er-aws-resource-config-router.png") %>
1. In the **ELB Name** field of the **TCP Router** row, enter the name of your TCP load balancer if you enabled TCP routing in the [Advanced Features](#advanced-features) pane. Specify multiple load balancers by entering the names separated by commas.
<%= image_tag("pcfaws/er-aws-resource-config-tcprouter.png") %>
1. Click **Save**.
## <a id='disable-resources'></a>Step 22: (Optional) Scale Down and Disable Resources ##
<%= partial 'disable_resources' %>
## <a id='stemcell'></a>Step 23: Download Stemcell ##
This step is only required if your Ops Manager does not already have the Stemcell version required by Elastic Runtime.
1. Select **Stemcell**.
1. Log into the [Pivotal Network](https://network.pivotal.io/products/pivotal-cf) and click on **Stemcells**.
1. Download the appropriate stemcell version targeted for your IaaS.
1. In Ops Manager, import the downloaded stemcell <code>.tgz</code> file.
<%= image_tag("stemcell_18.png") %>
## <a id='complete'></a>Step 24: Complete the Elastic Runtime Installation ##
1. Click the **Installation Dashboard** link to return to the Installation
Dashboard.
1. Click **Apply Changes**. If the following ICMP error message appears, click
**Ignore errors and start the install**.
<%= image_tag("cloudform/install-error.png") %>
The install process generally requires a minimum of 90 minutes to complete.
The image shows the Changes Applied window that displays when the
installation process successfully completes.
<%= image_tag("cloudform/ops-manager-complete.png") %>
---
Return to [Installing Pivotal Cloud Foundry Using AWS CloudFormation](./cloudform.html).