forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathconfig-er-vmware.html.md.erb
239 lines (142 loc) · 11.9 KB
/
config-er-vmware.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
---
title: Configuring Elastic Runtime for vSphere
owner: RelEng
---
<strong><%= modified_date %></strong>
<html class="list-style-none"></html>
This topic describes how to configure the Pivotal Elastic Runtime components
that you need to run [Pivotal Cloud Foundry](https://network.pivotal.io/products/pivotal-cf) (PCF) for VMware vSphere.
<p class="note"><strong>Note</strong>: If you plan to <a href = "http://docs.pivotal.io/addon-ipsec/installing.html">install the IPsec add-on</a>, you must do so before installing any other tiles. Pivotal recommends installing IPsec immediately after Ops Manager, and before installing the Elastic Runtime tile.</p>
## <a id='er-om-add'></a>Step 1: Add Elastic Runtime to Ops Manager ##
1. Navigate to the [Pivotal Network](https://network.pivotal.io) and click the **Pivotal Cloud Foundry** banner to access the PCF product page. Use the drop-down menu to select an Elastic Runtime release.
1. From the Available Products view, click **Import a Product**.
<%= image_tag("guide/import-prod.png") %>
1. Select the Elastic Runtime `.pivotal` file that you downloaded from Pivotal
Network and click **Open**.
After the import completes, Elastic Runtime appears in the Available Products
view.
1. In the Available Products view, hover over Elastic Runtime and click **Add**.
<%= image_tag("guide/add-products.png") %>
1. Click the Elastic Runtime tile in the Installation Dashboard.
<%= image_tag("images/er-tile.png") %>
## <a id='er-az-networks'></a>Step 2: Assign Availability Zones and Networks ##
1. Select **Assign AZs and Networks**. These are the Availability Zones that you [create](../customizing/vsphere-config.html#create-az) when configuring Ops Manager Director.
1. **(vSphere Only)** Select an Availability Zone under **Place singleton jobs**. Ops Manager runs any job with a single instance in this Availability Zone.
1. **(vSphere Only)** Select one or more Availability Zones under **Balance other jobs**. Ops Manager balances instances of jobs with more than one instance across the Availability Zones that you specify.
1. From the **Network** drop-down box, choose the network on which you want to run Elastic Runtime.
<%= image_tag("er-az.png") %>
1. Click **Save**.
<p class="note"><strong>Note</strong>: When you save this form, a verification error displays because the PCF security group blocks ICMP. You can ignore this error.</p>
<%= image_tag("pcfaws/er-network-error.png") %>
## <a id='er-domain-config'></a>Step 3: Configure Domains ##
1. Select **Domains**.
<%= image_tag("domains.png") %>
1. Enter the system and application domains.
* The **System Domain** defines your target when you push apps to Elastic
Runtime.
* The **Apps Domain** defines where Elastic Runtime should serve your apps.
<p class="note"><b>Note</b>: Pivotal recommends that you use the same domain name but different subdomain names for your system and app domains. Doing so allows you to use a single wildcard certificate for the domain while preventing apps from creating routes that overlap with system routes. For example, name your system domain <code>system.EXAMPLE.com</code> and your apps domain <code>apps.EXAMPLE.com</code>.</p>
<p class="note"><strong>Note</strong>: You configured wildcard DNS records
for these domains in an earlier step.</p>
1. Click **Save**.
## <a id="networking"></a>Step 4: Configure Networking ##
<%= partial 'networking-vmware' %>
## <a id='application-containers-config'></a>Step 5: Configure Application Containers ##
<%= partial 'application_container_config' %>
## <a id='er-appdevctrl-config'></a>Step 6: Configure Application Developer Controls ##
<%= partial 'application_developer_controls' %>
## <a id='app-security'></a>Step 7: Review Application Security Group ##
<%= partial 'application_security_group' %>
## <a id='er-auth-config'></a>Step 8: Configure Authentication and Enterprise SSO ##
<%= partial 'authsso_config' %>
## <a id='er-db-config'></a>Step 9: Configure System Databases ##
You can configure Elastic Runtime to use the internal MySQL database provided with PCF, or you can configure an external database provider for the databases required by Elastic Runtime.
<p class="note"><strong>Note</strong>: If you are performing an upgrade, do not modify your existing internal database configuration or you may lose data. You must migrate your existing data first before changing the configuration. Contact Pivotal Support for help. See <a href="upgrading-pcf.html">Upgrading Pivotal Cloud Foundry</a> for additional upgrade information.</p>
###<a id='internal-db'></a> Internal Database Configuration
<%= partial 'ert_database_internal' %>
Then proceed to [Step 10: (Optional) Configure Internal MySQL](#internal-mysql) to configure high availability and automatic backups for your internal MySQL databases.
###<a id='create-dbs'></a> External Database Configuration
<%= partial 'ert_database_external' %>
## <a id='internal-mysql'></a> Step 10: (Optional) Configure Internal MySQL ##
<%= partial 'mysql_proxy_config' %>
## <a id='filestore-config'></a>Step 11: Configure File Storage ##
For production-level PCF deployments on vSphere, the recommended selection is **External S3-Compatible** and the use of an external filestore. For more information about production-level PCF deployments on vSphere, see the [Reference Architecture for Pivotal Cloud Foundry on vSphere](../refarch/vsphere/vsphere_ref_arch.html).
For more factors to consider when selecting file storage, see <a href="../opsguide/storage_considerations.html">Considerations for Selecting File Storage in Pivotal Cloud Foundry</a>.
### <a id='internal_filestore'></a> Internal Filestore
<%= partial 'filestore_internal' %>
### <a id='external_s3'></a> External S3 or Ceph Filestore
<%= partial 'filestore_s3_config' %>
### <a id='other'></a> Other IaaS Storage Options
[Google Cloud Storage](./gcp-er-config.html#external_gcp) and [Azure Storage](./gcp-er-config.html#external_azure) are also available as file storage options but have not been evaluated for typical PCF on vSphere installations.
## <a id='external-endpoints'></a>Step 12: (Optional) Configure System Logging ##
If you are forwarding logging messages to an external Reliable Event Logging Protocol (RELP) server, complete the following steps:
1. Select **System Logging**.
<%= image_tag("cloudform/sys-logging.png") %>
1. If you want to include security events in your log stream, select the **Enable Cloud Controller security event logging** checkbox.
This logs all API requests, including the endpoint, user, source IP, and request result, in the Common Event Format (CEF).
1. Enter the IP address of your syslog server in **External Syslog Aggregator Hostname** and its port in **External Syslog Aggregator Port**. The default port for a syslog server is `514`.
<p class="note"><strong>Note</strong>: The host must be reachable from the Elastic Runtime network, accept TCP connections, and use the RELP protocol. Ensure your syslog server listens on external interfaces.</p>
1. Select an **External Syslog Network Protocol** to use when forwarding logs.
1. For the **Syslog Drain Buffer Size**, enter the number of messages the Doppler server can hold from Metron agents before the server starts to drop them. See the [Loggregator Guide for Cloud Foundry Operators](../loggregator/log-ops-guide.html) topic for more details.
1. Click **Save**.
## <a id='customize-apps-man'></a>Step 13: (Optional) Customize Apps Manager##
<%= partial 'custombranding' %>
## <a id='smtp'></a>Step 14: (Optional) Configure Email Notifications ##
Elastic Runtime uses SMTP to send invitations and confirmations to Apps Manager
users.
You must complete the **Email Notifications** page if you want to enable end-user
self-registration.
1. Select **Email Notifications**.
<%= image_tag("cloudform/smtp.png") %>
1. Enter your reply-to and SMTP email information
1. Verify your authentication requirements with your email administrator and use
the **SMTP Authentication Mechanism** drop-down menu to select `None`, `Plain`,
or `CRAMMD5`.
If you have no SMTP authentication requirements, select `None`.
1. Click **Save**.
<p class="note"><strong>Note</strong>: If you do not configure the SMTP settings using this form, the administrator must create orgs and users using the cf CLI tool. See <a href="../adminguide/cli-user-management.html">Creating and Managing Users with the cf CLI</a> for more information.</p>
## <a id='ccdb-key'></a>Step 15: (Optional) Add CCDB Restore Key##
<%= partial 'restore_ccdb_key' %>
## <a id='config-smoke-test'></a>Step 16: Configure Smoke Tests ##
<%= partial '_smoketests' %>
## <a id='er-advanced'></a>Step 17: (Optional) Enable Advanced Features ##
<%= partial 'advanced-features' %>
## <a id='er-errands'></a>Step 18: Configure Errands ##
<%= partial 'errands' %>
## <a id='resources'></a>Step 19: (Optional) Configure Resources ##
<p class="note"><strong>Note</strong>: Ops Manager <%= vars.current_major_version %> defines specific instance types with preset sizes for CPU, memory, and disk space. Ops Manager 1.6 and earlier required custom sizes for these three resources. With the upgrade from 1.6 to 1.7, each instance adopts the type that most closely matches its previous sizes. To change these resource allocations, select a different instance <code>type</code> under <strong>Resource Config</strong>.</p>
Elastic Runtime defaults to a highly available resource configuration. However, you may still need to perform additional procedures to make your deployment highly available. See the [Zero Downtime Deployment and Scaling in CF](../concepts/high-availability.html) and the [Scaling Instances in Elastic Runtime](../opsguide/scaling-ert-components.html) topics for more information.
If you do not want a highly available resource configuration, you must scale down your instances manually by navigating to the **Resource Config** section and using the drop-down menus under **Instances** for each job.
<%= image_tag("images/vcloud-vchs/resource_config-v.png") %>
By default, Elastic Runtime also uses an internal filestore and internal databases.
If you configure Elastic Runtime to use external resources, you can disable the
corresponding system-provided resources in Ops Manager to reduce costs and
administrative overhead.
Complete the following procedures to disable specific VMs in Ops Manager:
1. Click **Resource Config**.
1. If you configure Elastic Runtime to use an external S3-compatible filestore,
edit the following fields:
* **File Storage**: Enter `0` in **Instances**.
1. If you configure Elastic Runtime to use an external Relational Database
Service (RDS), edit the following fields:
* **MySQL Proxy**: Enter `0` in **Instances**.
* **MySQL Server**: Enter `0` in **Instances**.
* **Cloud Controller Database**: Enter `0` in **Instances**.
* **UAA Database**: Enter `0` in **Instances**.
1. If you are using an External Load Balancer instead of HAProxy, enter `0` in the **Instances** field for **HAProxy**.
1. Click **Save**.
## <a id='stemcell'></a>Step 20: Configure Stemcell ##
1. Select **Stemcell**.
This page displays the stemcell version that shipped with Ops Manager.
<%= image_tag("stemcell.png") %>
You can also use this page to import a new stemcell version. You only need to import a new Stemcell if your Ops Manager does not already have the Stemcell version required by Elastic Runtime.
## <a id='complete'></a>Step 21: Complete the Elastic Runtime Installation ##
1. Click the **Installation Dashboard** link to return to the Installation
Dashboard.
1. Click **Apply Changes**. If the following ICMP error message appears, click
**Ignore errors and start the install**.
<%= image_tag("cloudform/install-error.png") %>
The install process generally requires a minimum of 90 minutes to complete.
The image shows the Changes Applied window that displays when the
installation process successfully completes.
<%= image_tag("cloudform/ops-manager-complete.png") %>