pcf-jump-azure creates an ubuntu based jumpbox to deploy Pivotal PAS (2.4 and above) on azure
It will pave the infrastructure using Pivotal terraforming-azure.
PCF Operations Manager will be installed and configured using Pivotal om cli.
Optionally, PAS will be deployed using om cli.
- automated opsman deployment and configuration
- pas infrastructure paving
- 🆕 autopilot for starting pas, mysql, p-rabbitmq and p-spring-services deployment (will take several hours )
- certificate generation using selfsigned or let´s encrypt certificates
- 🆕 sendgrid integration for notifications and user sign up
- 🆕 dns configuration and check
- 🆕 cert checking and logging
- 🆕 manual options improved
- 🆕 added pcf small runtime (srt) vs. cf
- 🆕 automated bosh tasks / setup
- 🆕 specify download location for ops manager
- Pivotal Application Service 2.5.x
- MySQL 2.6.x
- RabbitMQ 1.15.4
- Spring Cloud Services 2.0.x, 3.x.x
- Microsoft Azure Service Broker 1.11.0 ( MASB )
- additional, post install tiles
###2019.04
- reworked installatzion process, implemented "tile deployer" as a unified deployment service
- added PAS 2.5 including support for Availability Zones
- Istio Mesh Support
2019.01
there are are multiple ways to deploy the ARM template. we will describe Azure Portal Template based and az cli based Method
both methods require an SSH Keypair
ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}
- In the Azure Portal, click on Create Resource and enter Template Deployment
- Select the template Deployment and click on create.
- Select Build your own Template in the Editor
- Replace the Content in the Editor Window with the Content of azuredeploy.json file
- click save.
- fill in all required Parameters ( marked with a red Star )
- when done, click Purchase.
for az cli install, we put all required Parameters into an env file
- create env file
create an .env file using the .env.example
Parameter Explanation in this table
if you need a full parameter set or a minimum depends on your customizations (e.g. sendgrid and others )
source the env file
source .env
- check availability of storage account
az storage account check-name --name ${ENV_SHORT_NAME}director
you are now good to go to deploy
with minimum parameters
with full parameters
with parameter file
also, note that AUTOPILOT is disabled by default now.
you can set the Environment for PAS_AUTOPILOT or use -pasAutopilot=TRUE during deployment.
if not using autopilot, see Post Deployment Steps for more Details
- deployment with default parameter set
the default parameter set uses defaults where possible, it is the most convenient way to get started
source ~/.env
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}
az group deployment validate --resource-group ${JUMPBOX_RG} \
--template-uri https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json \
--parameters \
adminUsername=${ADMIN_USERNAME} \
sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
clientSecret=${AZURE_CLIENT_SECRET} \
clientID=${AZURE_CLIENT_ID} \
tenantID=${AZURE_TENANT_ID} \
subscriptionID=${AZURE_SUBSCRIPTION_ID} \
pivnetToken=${PIVNET_UAA_TOKEN} \
envName=${ENV_NAME} \
envShortName=${ENV_SHORT_NAME} \
PCFDomainName=${PCF_DOMAIN_NAME} \
PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
_artifactsLocation="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH"
- deploy default
⚡ do not forget to create ssh key for every environment !
source ~/.env
ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}
az group deployment create --resource-group ${JUMPBOX_RG} \
--template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \
--parameters \
adminUsername=${ADMIN_USERNAME} \
sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
clientSecret=${AZURE_CLIENT_SECRET} \
clientID=${AZURE_CLIENT_ID} \
tenantID=${AZURE_TENANT_ID} \
subscriptionID=${AZURE_SUBSCRIPTION_ID} \
pivnetToken=${PIVNET_UAA_TOKEN} \
envName=${ENV_NAME} \
envShortName=${ENV_SHORT_NAME} \
PCFDomainName=${PCF_DOMAIN_NAME} \
PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
_artifactsLocation="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH"
- deployment with full param set
the full parameter set´s optional Values like smtp config example parameter file for testing branch is here example parameter file for master branch is here. 6. validate full
source ~/.env
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}
az group deployment validate --resource-group ${JUMPBOX_RG} \
--template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \
--parameters \
sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
adminUsername=${ADMIN_USERNAME} \
JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
clientSecret=${AZURE_CLIENT_SECRET} \
clientID=${AZURE_CLIENT_ID} \
tenantID=${AZURE_TENANT_ID} \
subscriptionID=${AZURE_SUBSCRIPTION_ID} \
pivnetToken=${PIVNET_UAA_TOKEN} \
envName=${ENV_NAME} \
envShortName=${ENV_SHORT_NAME} \
opsmanImage=${OPS_MANAGER_IMAGE} \
opsmanImageRegion=${OPS_MANAGER_IMAGE_REGION} \
PCFDomainName=${PCF_DOMAIN_NAME} \
PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
opsmanUsername=${PCF_OPSMAN_USERNAME} \
notificationsEmail=${PCF_NOTIFICATIONS_EMAIL} \
net16bitmask=${NET_16_BIT_MASK} \
pasAutopilot=${PAS_AUTOPILOT} \
pasVersion=${PCF_PAS_VERSION} \
smtpAddress=${SMTP_ADDRESS} \
smtpIdentity=${SMTP_IDENTITY} \
smtpPassword=${SMTP_PASSWORD} \
smtpFrom=${SMTP_FROM} \
smtpPort=${SMTP_PORT} \
smtpStarttls=${SMTP_STARTTLS} \
useSelfCerts=${USE_SELF_CERTS} \
_artifactsLocation=${ARTIFACTS_LOCATION} \
vmSize=${VMSIZE} \
pasEdition=${PAS_EDITION}
- deploy full
⚡ do not forget to create ssh key for every environment !
source ~/.env
ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}
az group deployment create --resource-group ${JUMPBOX_RG} \
--template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \
--parameters \
availabilityMode=${AVAILABILITY_MODE} \
sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
adminUsername=${ADMIN_USERNAME} \
JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
clientSecret=${AZURE_CLIENT_SECRET} \
clientID=${AZURE_CLIENT_ID} \
tenantID=${AZURE_TENANT_ID} \
subscriptionID=${AZURE_SUBSCRIPTION_ID} \
pivnetToken=${PIVNET_UAA_TOKEN} \
envName=${ENV_NAME} \
envShortName=${ENV_SHORT_NAME} \
opsmanImage=${OPS_MANAGER_IMAGE} \
opsmanImageRegion=${OPS_MANAGER_IMAGE_REGION} \
PCFDomainName=${PCF_DOMAIN_NAME} \
PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
opsmanUsername=${PCF_OPSMAN_USERNAME} \
notificationsEmail=${PCF_NOTIFICATIONS_EMAIL} \
net16bitmask=${NET_16_BIT_MASK} \
pasAutopilot=FALSE \
PCFPasVersion=${PCF_PAS_VERSION} \
smtpAddress=${SMTP_ADDRESS} \
smtpIdentity=${SMTP_IDENTITY} \
smtpPassword=${SMTP_PASSWORD} \
smtpFrom=${SMTP_FROM} \
smtpPort=${SMTP_PORT} \
smtpStarttls=${SMTP_STARTTLS} \
useSelfCerts=${USE_SELF_CERTS} \
_artifactsLocation=${ARTIFACTS_LOCATION} \
vmSize=${VMSIZE} \
pasEdition=${PAS_EDITION}
you also might want to deploy the template using an parameter file.
simply create a local azuredeploy.parameter.json file from the example
then run
az group create --name <RG_NAME> --location <AZURE_REGION>
az group deployment create --resource-group <rg_name> \
--template-uri https://raw.githubusercontent.com/bottkars/pcf-jump-azure/${BRANCH}/azuredeploy.json \
--parameters @azuredeploy.parameters.json
it is recommended to check the deployment logs. the azure rm command might timeout as the pas deployment takes time. that will not have an impact on the deployment.
watching the JUMPHost resource group creation
watch az resource list --output table --resource-group ${JUMPBOX_RG}
watching the pcf resource group creation
watch az resource list --output table --resource-group ${ENV_NAME}
ssh into the Jumpbox
ssh -i ~/${JUMPBOX_NAME} ${ADMIN_USERNAME}@${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com
tail the installation log
tail -f ~/install.log
finde some 'shortcuts' in advanced
if you do not autodeploy ( default behaviour ), you can kickstart the deployment of all components from the jumphost:
using selfsigned certificates
./create_self_certs.sh
./deploy_pas.sh
or using Let´s encrypt
./create_certs.sh
./deploy_pas.sh
requires pas deployed
./deploy_mysql.sh
requires pas deployed
./deploy_rabbit.sh
requires pas, p-rabbitmq and mysql deployed
./deploy_spring.sh
az group delete --name ${JUMPBOX_RG} --yes
az group delete --name ${ENV_NAME} --yes
ssh-keygen -R "${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com"
the deployment uses self-signed certificates by default. to uses automated generation of Let´s encrypt Certificates, set
USE_SELF_CERTS="FALSE"
and use the Full Deployment Method
variable | azure rm parameter | default value | mandatory | description |
---|---|---|---|---|
JUMPBOX_RG | yes | the name of the ressource group for the JumpBox | ||
JUMPBOX_NAME | JumphostDNSLabelPrefix | - | yes | the JumpBox hostname , must be unique for the region ! |
ADMIN_USERNAME | adminUsername | ubuntu | no | the jumpbox os username |
AZURE_CLIENT_ID | clientID | yes | Azure Service Principal | |
AZURE_CLIENT_SECRET | clientSecret | yes | Service Principal client secret | |
AZURE_REGION | yes | used from az resource group command, no default | ||
AZURE_SUBSCRIPTION_ID | subscriptionID | yes | Your Azure Subscription ID, | |
AZURE_TENANT_ID | tenantID | yes | Your AZURE tenant | |
PIVNET_UAA_TOKEN | pivnetToken | yes | Your Token from Pivotal Network | |
PCF_DOMAIN_NAME | PCFDomainName | yes | the domain your PCF subdomain will be hosted in | |
PCF_SUBDOMAIN_NAME | PCFSubdomainName | yes | the subdomain name that will be created in your resource group | |
ENV_SHORT_NAME | envShortName | yes | yourshortname will be used as prefix for storage accounts and other azure resources. make sure you check storage account availability, see further down below | |
ENV_NAME | envName | pcf | no, using default | pcf this name will be prefix for azure resources and you opsman hostname |
OPS_MANAGER_IMAGE_URI | opsmanImageUri | opsurl | no | a 2.4 opsman image url |
PCF_NOTIFICATIONS_EMAIL | notificationsEmail | [email protected]" | no | wher to sent PCF Notifications |
PCF_OPSMAN_USERNAME | opsmanUsername | opsman | no | opsman |
NET_16_BIT_MASK | net16bitmask | 10.10 | no | *16 bit networkdefault 10.10 |
PAS_AUTOPILOT | pasAutopilot | FALSE | Autoinstall PAS, RABBIT, MYSQL, Spring Service when set to true | |
PCF_PAS_VERSION | pasVersion | 2.4.1 | no | the version of PAS, must be 2.4.0 or greater |
SMTP_ADDRESS | smtpAddress | null | no | "mysmtp.example.com" |
SMTP_IDENTITY | smtpIdentity | null | no | "mysmtpuser" |
SMTP_PASSWORD | smtpPassword | null | no | "mysmtppass" |
SMTP_FROM | smtpFrom | null | no | "[email protected]" |
SMTP_PORT | smtpPort | null | no | "587" |
SMTP_STARTTLS | smtpStarttls | false | no | true or false |
USE_SELF_CERTS | useSelfcerts | true | no | true or false |
PAS_EDITION | pasEdition | cf | no | cf or srt deployment |
OPS_MANAGER_IMAGE_REGION | opsmanImageRegion | westeurope | yes | the region where to download opsman from. Values are westeurope, westus, eastus, southeastasia |
- | PCFspringVersion | 2.0.6 | no | 2.0.5,2.0.6 |
- | PCFpasVersion | 2.4.3 | no | 2.4.1,2.4.2,2.4.3 |
- | PCFmysqlVersion | 2.5.3 | no | 2.5.3 |
- | PCFrabbitVersion | 1.15.4 | no | 1.15.3,1.15.4 |
- | PCFmasbVersion | 1.11.0 | no | 1.11.0 |
make sure that your domain has a ns resource record to your pcf domain.
the following list ALL nameserver entries for Azure, 4 will be picked from the Creation of the DNS Zone
ns1-07.azure-dns.com.
ns2-07.azure-dns.net.
ns3-07.azure-dns.org.
ns4-07.azure-dns.info.
ns1-03.azure-dns.com.
ns2-03.azure-dns.net.
ns3-03.azure-dns.org.
ns4-03.azure-dns.info.
ns1-09.azure-dns.com.
ns2-09.azure-dns.net.
ns3-09.azure-dns.org.
ns4-09.azure-dns.info.
ns4-01.azure-dns.info.
ns4-02.azure-dns.info.
ns4-04.azure-dns.info.
ns4-05.azure-dns.info.
ns4-06.azure-dns.info.
ns4-08.azure-dns.info.
ns4-10.azure-dns.info.
ns1-01.azure-dns.com.
ns1-02.azure-dns.com.
ns1-04.azure-dns.com.
ns1-05.azure-dns.com.
ns1-06.azure-dns.com.
ns1-08.azure-dns.com.
ns1-10.azure-dns.com.
ns2-01.azure-dns.net.
ns2-02.azure-dns.net.
ns2-04.azure-dns.net.
ns2-06.azure-dns.net.
ns2-05.azure-dns.net.
ns2-08.azure-dns.net.
ns2-10.azure-dns.net.
ns3-01.azure-dns.org.
ns3-02.azure-dns.org.
ns3-04.azure-dns.org.
ns3-05.azure-dns.org.
ns3-06.azure-dns.org.
ns3-08.azure-dns.org.
ns3-10.azure-dns.org.