Skip to content

template to create linux jumpbox for pivotal pas aincluding autodeploy pas

Notifications You must be signed in to change notification settings

bottkars/pcf-jump-azure

Repository files navigation

pcf-jump-azure

Overview

pcf-jump-azure creates an ubuntu based jumpbox to deploy Pivotal PAS (2.4 and above) on azure
It will pave the infrastructure using Pivotal terraforming-azure.
PCF Operations Manager will be installed and configured using Pivotal om cli.
Optionally, PAS will be deployed using om cli.

features

  • automated opsman deployment and configuration
  • pas infrastructure paving
  • 🆕 autopilot for starting pas, mysql, p-rabbitmq and p-spring-services deployment (will take several hours )
  • certificate generation using selfsigned or let´s encrypt certificates
  • 🆕 sendgrid integration for notifications and user sign up
  • 🆕 dns configuration and check
  • 🆕 cert checking and logging
  • 🆕 manual options improved
  • 🆕 added pcf small runtime (srt) vs. cf
  • 🆕 automated bosh tasks / setup
  • 🆕 specify download location for ops manager

Initial supported Pivotal Cloudfoundry Tiles and Versions

  • Pivotal Application Service 2.5.x
  • MySQL 2.6.x
  • RabbitMQ 1.15.4
  • Spring Cloud Services 2.0.x, 3.x.x
  • Microsoft Azure Service Broker 1.11.0 ( MASB )
  • additional, post install tiles

image

Changes

###2019.04

  • reworked installatzion process, implemented "tile deployer" as a unified deployment service
  • added PAS 2.5 including support for Availability Zones
  • Istio Mesh Support

2019.01

usage

there are are multiple ways to deploy the ARM template. we will describe Azure Portal Template based and az cli based Method

create a ssh keypair for the admin user ( if not already done )

both methods require an SSH Keypair

ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}

installation using New Template Deployment

  1. In the Azure Portal, click on Create Resource and enter Template Deployment image
  2. Select the template Deployment and click on create.
  3. Select Build your own Template in the Editor image
  4. Replace the Content in the Editor Window with the Content of azuredeploy.json file image
  5. click save.
  6. fill in all required Parameters ( marked with a red Star ) image
  7. when done, click Purchase.

Installation using az cli

for az cli install, we put all required Parameters into an env file

  1. create env file

create an .env file using the .env.example
Parameter Explanation in this table
if you need a full parameter set or a minimum depends on your customizations (e.g. sendgrid and others )

source the env file

source .env
  1. check availability of storage account
az storage account check-name --name ${ENV_SHORT_NAME}director

you are now good to go to deploy
with minimum parameters
with full parameters with parameter file also, note that AUTOPILOT is disabled by default now.
you can set the Environment for PAS_AUTOPILOT or use -pasAutopilot=TRUE during deployment.
if not using autopilot, see Post Deployment Steps for more Details

  1. deployment with default parameter set

the default parameter set uses defaults where possible, it is the most convenient way to get started

validate default

source ~/.env
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}
az group deployment validate --resource-group ${JUMPBOX_RG} \
    --template-uri https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json \
    --parameters \
    adminUsername=${ADMIN_USERNAME} \
    sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
    JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
    clientSecret=${AZURE_CLIENT_SECRET} \
    clientID=${AZURE_CLIENT_ID} \
    tenantID=${AZURE_TENANT_ID} \
    subscriptionID=${AZURE_SUBSCRIPTION_ID} \
    pivnetToken=${PIVNET_UAA_TOKEN} \
    envName=${ENV_NAME} \
    envShortName=${ENV_SHORT_NAME} \
    PCFDomainName=${PCF_DOMAIN_NAME} \
    PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
    _artifactsLocation="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH"
  1. deploy default

do not forget to create ssh key for every environment !

source ~/.env
ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}
az group deployment create --resource-group ${JUMPBOX_RG} \
    --template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \
    --parameters \
    adminUsername=${ADMIN_USERNAME} \
    sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
    JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
    clientSecret=${AZURE_CLIENT_SECRET} \
    clientID=${AZURE_CLIENT_ID} \
    tenantID=${AZURE_TENANT_ID} \
    subscriptionID=${AZURE_SUBSCRIPTION_ID} \
    pivnetToken=${PIVNET_UAA_TOKEN} \
    envName=${ENV_NAME} \
    envShortName=${ENV_SHORT_NAME} \
    PCFDomainName=${PCF_DOMAIN_NAME} \
    PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
    _artifactsLocation="https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH"
  1. deployment with full param set

the full parameter set´s optional Values like smtp config example parameter file for testing branch is here example parameter file for master branch is here. 6. validate full

source ~/.env
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}
az group deployment validate --resource-group ${JUMPBOX_RG} \
    --template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \
    --parameters \
    sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
    adminUsername=${ADMIN_USERNAME} \
    JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
    clientSecret=${AZURE_CLIENT_SECRET} \
    clientID=${AZURE_CLIENT_ID} \
    tenantID=${AZURE_TENANT_ID} \
    subscriptionID=${AZURE_SUBSCRIPTION_ID} \
    pivnetToken=${PIVNET_UAA_TOKEN} \
    envName=${ENV_NAME} \
    envShortName=${ENV_SHORT_NAME} \
    opsmanImage=${OPS_MANAGER_IMAGE} \
    opsmanImageRegion=${OPS_MANAGER_IMAGE_REGION} \
    PCFDomainName=${PCF_DOMAIN_NAME} \
    PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
    opsmanUsername=${PCF_OPSMAN_USERNAME} \
    notificationsEmail=${PCF_NOTIFICATIONS_EMAIL} \
    net16bitmask=${NET_16_BIT_MASK} \
    pasAutopilot=${PAS_AUTOPILOT} \
    pasVersion=${PCF_PAS_VERSION} \
    smtpAddress=${SMTP_ADDRESS} \
    smtpIdentity=${SMTP_IDENTITY} \
    smtpPassword=${SMTP_PASSWORD} \
    smtpFrom=${SMTP_FROM} \
    smtpPort=${SMTP_PORT} \
    smtpStarttls=${SMTP_STARTTLS} \
    useSelfCerts=${USE_SELF_CERTS} \
    _artifactsLocation=${ARTIFACTS_LOCATION} \
    vmSize=${VMSIZE} \
    pasEdition=${PAS_EDITION}
  1. deploy full

do not forget to create ssh key for every environment !

source ~/.env
ssh-keygen -t rsa -f ~/${JUMPBOX_NAME} -C ${ADMIN_USERNAME}
az group create --name ${JUMPBOX_RG} --location ${AZURE_REGION}                                                                 
az group deployment create --resource-group ${JUMPBOX_RG} \
    --template-uri "https://raw.githubusercontent.com/bottkars/pcf-jump-azure/$BRANCH/azuredeploy.json" \
    --parameters \
    availabilityMode=${AVAILABILITY_MODE} \
    sshKeyData="$(cat ~/${JUMPBOX_NAME}.pub)" \
    adminUsername=${ADMIN_USERNAME} \
    JumphostDNSLabelPrefix=${JUMPBOX_NAME} \
    clientSecret=${AZURE_CLIENT_SECRET} \
    clientID=${AZURE_CLIENT_ID} \
    tenantID=${AZURE_TENANT_ID} \
    subscriptionID=${AZURE_SUBSCRIPTION_ID} \
    pivnetToken=${PIVNET_UAA_TOKEN} \
    envName=${ENV_NAME} \
    envShortName=${ENV_SHORT_NAME} \
    opsmanImage=${OPS_MANAGER_IMAGE} \
    opsmanImageRegion=${OPS_MANAGER_IMAGE_REGION} \
    PCFDomainName=${PCF_DOMAIN_NAME} \
    PCFSubdomainName=${PCF_SUBDOMAIN_NAME} \
    opsmanUsername=${PCF_OPSMAN_USERNAME} \
    notificationsEmail=${PCF_NOTIFICATIONS_EMAIL} \
    net16bitmask=${NET_16_BIT_MASK} \
    pasAutopilot=FALSE \
    PCFPasVersion=${PCF_PAS_VERSION} \
    smtpAddress=${SMTP_ADDRESS} \
    smtpIdentity=${SMTP_IDENTITY} \
    smtpPassword=${SMTP_PASSWORD} \
    smtpFrom=${SMTP_FROM} \
    smtpPort=${SMTP_PORT} \
    smtpStarttls=${SMTP_STARTTLS} \
    useSelfCerts=${USE_SELF_CERTS} \
    _artifactsLocation=${ARTIFACTS_LOCATION} \
    vmSize=${VMSIZE} \
    pasEdition=${PAS_EDITION}

deployment using parameter file

you also might want to deploy the template using an parameter file.
simply create a local azuredeploy.parameter.json file from the example

then run

az group create --name <RG_NAME> --location <AZURE_REGION>
az group deployment create --resource-group <rg_name> \
    --template-uri https://raw.githubusercontent.com/bottkars/pcf-jump-azure/${BRANCH}/azuredeploy.json \
    --parameters @azuredeploy.parameters.json

debugging/ monitoring

it is recommended to check the deployment logs. the azure rm command might timeout as the pas deployment takes time. that will not have an impact on the deployment.
watching the JUMPHost resource group creation

watch az resource list --output table --resource-group ${JUMPBOX_RG}

watching the pcf resource group creation

watch az resource list --output table --resource-group ${ENV_NAME}

ssh into the Jumpbox

 ssh -i ~/${JUMPBOX_NAME} ${ADMIN_USERNAME}@${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com

tail the installation log

tail -f ~/install.log

post deploy

finde some 'shortcuts' in advanced

if you do not autodeploy ( default behaviour ), you can kickstart the deployment of all components from the jumphost:

pas

using selfsigned certificates

./create_self_certs.sh
./deploy_pas.sh

or using Let´s encrypt

./create_certs.sh
./deploy_pas.sh

mysql

requires pas deployed

./deploy_mysql.sh

p-rabbitmq

requires pas deployed

./deploy_rabbit.sh

p-spring-services service

requires pas, p-rabbitmq and mysql deployed

./deploy_spring.sh

cleanup

az group delete --name ${JUMPBOX_RG} --yes
az group delete --name ${ENV_NAME} --yes
ssh-keygen -R "${JUMPBOX_NAME}.${AZURE_REGION}.cloudapp.azure.com"

certificates

the deployment uses self-signed certificates by default. to uses automated generation of Let´s encrypt Certificates, set

USE_SELF_CERTS="FALSE"

and use the Full Deployment Method

env variables

variable azure rm parameter default value mandatory description
JUMPBOX_RG yes the name of the ressource group for the JumpBox
JUMPBOX_NAME JumphostDNSLabelPrefix - yes the JumpBox hostname , must be unique for the region !
ADMIN_USERNAME adminUsername ubuntu no the jumpbox os username
AZURE_CLIENT_ID clientID yes Azure Service Principal
AZURE_CLIENT_SECRET clientSecret yes Service Principal client secret
AZURE_REGION yes used from az resource group command, no default
AZURE_SUBSCRIPTION_ID subscriptionID yes Your Azure Subscription ID,
AZURE_TENANT_ID tenantID yes Your AZURE tenant
PIVNET_UAA_TOKEN pivnetToken yes Your Token from Pivotal Network
PCF_DOMAIN_NAME PCFDomainName yes the domain your PCF subdomain will be hosted in
PCF_SUBDOMAIN_NAME PCFSubdomainName yes the subdomain name that will be created in your resource group
ENV_SHORT_NAME envShortName yes yourshortname will be used as prefix for storage accounts and other azure resources. make sure you check storage account availability, see further down below
ENV_NAME envName pcf no, using default pcf this name will be prefix for azure resources and you opsman hostname
OPS_MANAGER_IMAGE_URI opsmanImageUri opsurl no a 2.4 opsman image url
PCF_NOTIFICATIONS_EMAIL notificationsEmail [email protected]" no wher to sent PCF Notifications
PCF_OPSMAN_USERNAME opsmanUsername opsman no opsman
NET_16_BIT_MASK net16bitmask 10.10 no *16 bit networkdefault 10.10
PAS_AUTOPILOT pasAutopilot FALSE Autoinstall PAS, RABBIT, MYSQL, Spring Service when set to true
PCF_PAS_VERSION pasVersion 2.4.1 no the version of PAS, must be 2.4.0 or greater
SMTP_ADDRESS smtpAddress null no "mysmtp.example.com"
SMTP_IDENTITY smtpIdentity null no "mysmtpuser"
SMTP_PASSWORD smtpPassword null no "mysmtppass"
SMTP_FROM smtpFrom null no "[email protected]"
SMTP_PORT smtpPort null no "587"
SMTP_STARTTLS smtpStarttls false no true or false
USE_SELF_CERTS useSelfcerts true no true or false
PAS_EDITION pasEdition cf no cf or srt deployment
OPS_MANAGER_IMAGE_REGION opsmanImageRegion westeurope yes the region where to download opsman from. Values are westeurope, westus, eastus, southeastasia
- PCFspringVersion 2.0.6 no 2.0.5,2.0.6
- PCFpasVersion 2.4.3 no 2.4.1,2.4.2,2.4.3
- PCFmysqlVersion 2.5.3 no 2.5.3
- PCFrabbitVersion 1.15.4 no 1.15.3,1.15.4
- PCFmasbVersion 1.11.0 no 1.11.0

required nameserver delegation

make sure that your domain has a ns resource record to your pcf domain.
the following list ALL nameserver entries for Azure, 4 will be picked from the Creation of the DNS Zone

ns1-07.azure-dns.com.
ns2-07.azure-dns.net.
ns3-07.azure-dns.org.
ns4-07.azure-dns.info.
ns1-03.azure-dns.com.
ns2-03.azure-dns.net.
ns3-03.azure-dns.org.
ns4-03.azure-dns.info.
ns1-09.azure-dns.com.
ns2-09.azure-dns.net.
ns3-09.azure-dns.org.
ns4-09.azure-dns.info.
ns4-01.azure-dns.info.
ns4-02.azure-dns.info.
ns4-04.azure-dns.info.
ns4-05.azure-dns.info.
ns4-06.azure-dns.info.
ns4-08.azure-dns.info.
ns4-10.azure-dns.info.
ns1-01.azure-dns.com.
ns1-02.azure-dns.com.
ns1-04.azure-dns.com.
ns1-05.azure-dns.com.
ns1-06.azure-dns.com.
ns1-08.azure-dns.com.
ns1-10.azure-dns.com.
ns2-01.azure-dns.net.
ns2-02.azure-dns.net.
ns2-04.azure-dns.net.
ns2-06.azure-dns.net.
ns2-05.azure-dns.net.
ns2-08.azure-dns.net.
ns2-10.azure-dns.net.
ns3-01.azure-dns.org.
ns3-02.azure-dns.org.
ns3-04.azure-dns.org.
ns3-05.azure-dns.org.
ns3-06.azure-dns.org.
ns3-08.azure-dns.org.
ns3-10.azure-dns.org.