forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
pcf-vchs-vcloud.html.md.erb
264 lines (153 loc) · 12.3 KB
/
pcf-vchs-vcloud.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
---
title: Deploying Operations Manager to vCloud Air and vCloud
owner: Ops Manager
---
<strong><%= modified_date %></strong>
This topic is a prerequisite to [Configuring Ops Manager Director for vCloud Air and vCloud](./vchs-vcloud-config.html).
This topic describes how to configure the vCloud or vCloud Air Edge Gateways Configure Services screen and install [Pivotal Cloud Foundry®](https://network.pivotal.io/products/pivotal-cf) (PCF) Ops Manager for your Elastic Runtime environment.
<p class="note"><strong>Note</strong>: PCF does not currently support vCloud Air On Demand. </p>
## <a id='access-interface'></a>Accessing the vShield Edge Gateway Services Interface ##
Follow these steps to access the vCloud or vCloud Air Edge Gateways Configure Services screen. For more information about edge gateway services, see the [VMware vCloud Director](http://pubs.vmware.com/vcd-51/index.jsp#com.vmware.vcloud.admin.doc_51/GUID-99A1DA05-AF6B-4F22-842E-92394B50F9A8.html) documentation.
1. Log into vCloud or vCloud Air.
1. Click the **Gateways** tab and your virtual datacenter on the Gateways page.
The **Gateways > Gateways Details** page appears.
1. Click **Manage Advanced Gateway Settings** on the right side of the Gateways > Gateways Details page.
The **vCloud Director > Administration > Edge Gateways** page appears.
1. Select the gateway you want to configure, then click the gear icon and select **Edge Gateway Services**.
<%= image_tag("vcloud-vchs/select-edge.png") %>
The **Configure Services** screen for your virtual datacenter displays with the following tabs:
* **DHCP**
* **NAT**
* **Firewall**
* **Static Routing**
* **VPN**
* **Load Balancer**
<%= image_tag("vcloud-vchs/config-services.png") %>
<p class="note"><strong>Note</strong>: The following sections describe how to perform the minimum configuration steps: setting up NAT rules, firewalls, static routing, and a load balancer. Ensure that you configure the Edge Gateways <strong>Configure Services</strong> screen with any additional settings that your environment requires.</p>
## <a id='configuring'></a>Configuring NAT Rules ##
The following section describe how to configure your vCloud or vCloud Air Edge Gateway to ensure that Elastic Runtime can access the web.
To do this, you configure the single source NAT rule (SNAT) and three destination NAT (DNAT) rules that Elastic Runtime requires:
* Elastic Runtime accesses the Internet using an SNAT rule.
* Elastic Runtime's API endpoint, which is fronted by HAProxy, requires a DNAT rule to forward traffic from a public IP.
* Ops Manager also requires a DNAT rule to connect external sources on any port to its public IP, as illustrated:
<%= image_tag('ops_man_dnat_rule.png')%>
vCloud or vCloud Air evaluates NAT rules in the order you list them in, from top to bottom, on the **NAT** tab of the Edge Gateways **Configure Services** screen. The image is an example of the configured SNAT rule and a DNAT rule.
<%= image_tag("vcloud-vchs/nat-example.png") %>
### <a id='snat-dnat-om'></a>Create SNAT and DNAT Rules ###
To allow outbound connections through Ops Manager public IP address, configure an SNAT rule. To enable inbound traffic over SSH to your Ops Manager VM, create a DNAT rule.
<p class='note'><strong>Note</strong>: Using the Elastic Runtime IP address for outbound connections can be problematic for DNS resolution.</p>
1. In the Edge Gateways **Configure Services** screen, select the **NAT** tab.
1. Configure an SNAT rule:
1. From the **Applied on** drop down menu, select the network where you want to apply the NAT rule.
1. In the **Original (Internal) source IP/range** field, enter the IP range/subnet mask.
1. In the **Translated (External) source IP/range** field, enter the Ops manager public IP.
1. Ensure the checkbox **Enabled** is checked.
<%= image_tag("vcloud-vchs/snat-1.png") %>
1. Create a destination NAT (DNAT) rule by following the same procedure, using the following configuration:
* Applied on: Select your external network
* Original (External) IP/range: Enter the public IP address for Ops Manager
* Protocol: Select **TCP & UDP**
* Original Port: Select **22**
* Translated (Internal) IP/range: Enter the private IP address of your Ops Manager
* Translated port: **22**
### <a id='firewall-om'></a>Create Firewall Rules for SNAT and DNAT ###
1. In the Edge Gateways **Configure Services** screen, select the **Firewall** tab.
1. Create a SNAT firewall rule allowing outbound traffic from all internal IP
addresses to all IP external addresses.
<%= image_tag("vcloud-vchs/firewall.png") %>
1. Create a DNAT firewall rule allowing inbound traffic from the public IP to the private IP address of your Ops Manager.
### <a id='dnat-om'></a>Allow Inbound Web Traffic for Ops Manager ###
Repeat the steps above for ports 80 and 443 for the same public address.
### <a id='dnat-er'></a>Allow Inbound Web Traffic for Elastic Runtime ###
Repeat the steps above for ports 80 and 443 for the Elastic Runtime public IP address.
## <a id='sr'></a>Setting up Static Routing ##
Select the **Enable static routing** checkbox.
## <a id='er'></a>Setting up Network Rules for Elastic Runtime DNS Resolution ##
1. In the Edge Gateways **Configure Services** screen, select the **Load
Balancer** tab.
1. Click **Pool Servers**, then click **Add**.
<%= image_tag("vcloud-vchs/pool.png") %>
The **Add Load Balancer Member Pool** wizard appears.
1. Name the pool **Load Balancer to Elastic Runtime**.
1. In the **Configure Service** step, enable the pool to support HTTP port **80** and HTTPS port **443**. We recommend using the default balancing method, **Round Robin**.
<%= image_tag("vcloud-vchs/ports.png") %>
1. In the **Configure Health-Check** step, enter Monitor Port **80** for HTTP
and **443** for HTTPS.
For both HTTP and HTTPS, change the Mode to **TCP**.
<%= image_tag("vcloud-vchs/health-check.png") %>
1. In the **Manage Members** step, click **Add**.
Enter the IP address of the HAProxy VM.
Specify **80** for the HTTP port values and **443** for the HTTPS port values.
<%= image_tag("vcloud-vchs/member.png") %>
1. Click **Finish**.
1. Click **Virtual Servers**.
<%= image_tag("vcloud-vchs/virtual-servers.png") %>
1. Click **Add**.
1. Complete the new virtual server form with the following information:
* Name: Load Balancer
* Applied On: Select your external network
* IP Address: Enter the public IP address of your Elastic Runtime instance
* Pool: Select the **Load Balancer to Elastic Runtime** pool
* Services: Enable HTTP on port **80** with a Persistence Method of **None**, and HTTPS on port **443** with a Persistence Method of **Session Id**
* Enabled: Select this checkbox
<%= image_tag("vcloud-vchs/complete.png") %>
1. Click **OK** to complete.
## <a id='deploying'></a>Deploying Ops Manager to vCloud or vCloud Air ##
The following procedures guide you through uploading and deploying Ops Manager as a vApp on vCloud or vCloud Air. Refer to the [Known Issues](../pcf-release-notes/index.html) topic before getting started.
<p class="note"><strong>Note</strong>: vCloud and vCloud Air use the vCloud Director Web Console, which only supports 32-bit browsers like Firefox. It does not support Chrome. Refer to <a href="http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2034554">Article 2034554</a> in the VMware Knowledge Base for more information about browser versions that the vCloud Director supports.</p>
### <a id='uploading-to-vcd'></a>Upload Ops Manager ###
You must either upload the Ops Manager vApp into your catalog or use a vApp that your cloud administrator uploaded to your organization's catalog.
<p class="note"><strong>Note</strong>: The first time you upload software to vCloud Director, you must install the <strong>Client Integration Plug-in</strong> and restart all browsers. If the plug-in does not work and you continue to receive a message prompting you to download it, check the plug-in permissions for your browsers.</p>
1. Download Pivotal Cloud Foundry® Operations Manager for vCloud Air and vCloud Director from [Pivotal Network](https://network.pivotal.io/products/pivotal-cf).
1. Log into vCloud Director.
1. Navigate to **Catalogs > My Organization’s Catalogs** and select a catalog or
click **Add** to create a new catalog.
<%= image_tag("vcloud-vchs/pcf-vcloud-00.png") %><br />
If you are creating a new catalog:
+ Enter a name for the new catalog and click **Next**.
+ Select a storage type and click **Next**.
+ Specify sharing (if needed) and click **Next**.
+ Review your settings and click **Finish**.
1. Navigate to the **vApp Templates** tab for your catalog and click **Upload**.
<%= image_tag("vcloud-vchs/pcf-vcloud-02.png") %><br />
1. Select **Local file** and browse to your `.ovf` file.
<%= image_tag("vcloud-vchs/pcf-vcloud-03a.png") %><br />
1. Enter a name for your Ops Manager vApp, enter a description, and
click **Upload**.
<%= image_tag("vcloud-vchs/pcf-vcloud-03b.png") %><br />
vCloud Director transfers the OVF package to a staging
environment, then uploads it to your catalog.
1. Navigate to the **Home** view and click **Add vApp from Catalog**.
<%= image_tag("vcloud-vchs/pcf-vcloud-07.png") %><br />
1. Select your Ops Manager vApp and click **Next**.
<%= image_tag("vcloud-vchs/pcf-vcloud-09.png") %><br />
1. Complete the **Add vApp from Catalog** wizard, changing the default settings as necessary for your environment. See [Complete the vApp Wizard and Deploy Ops Manager](#deploying-from-catalog) for more information.
### <a id='deploying-from-catalog'></a>Complete the vApp Wizard and Deploy Ops Manager ###
After adding the Ops Manager vApp to your vCloud Director, you can finish the set up and deploy as follows:
1. Check the **I agree** checkbox to accept licenses and click **Next**.
1. Enter the name of your Ops Manager vApp, select the virtual data center where
the vApp should run, and click **Next**.
<%= image_tag("vcloud-vchs/pcf-vcloud-11.png") %><br />
1. Choose a storage policy and click **Next**.
<%= image_tag("vcloud-vchs/pcf-vcloud-12.png") %><br />
1. Set the network mapping **Destination** to the network name, set **IP
allocation** to `Static — Manual`, and click **Next**.
<%= image_tag("vcloud-vchs/pcf-vcloud-13.png") %><br />
1. Enter the desired networking information, set an admin password for the Ops
Manager vApp, and click **Next**.
<%= image_tag("vcloud-vchs/pcf-vcloud-14.png") %><br />
<p class="note"><strong>Note</strong>: The order of the items on your screen may vary from the order shown in this image.</p>
The following list contains tips on entering specific networking information:
* **DNS**: If you are unsure of your Pivotal Ops Manager DNS, you can use the Google Public DNS value **8.8.8.8**. For more information, refer to the [Using Google Public DNS](https://developers.google.com/speed/public-dns/docs/using) topic.
* **Default Gateway**: On the vCloud Air or vCloud Dashboard, click the **Gateways** tab and copy the **GATEWAY IP** value.
* **IP Address**: Navigate to the **My Clouds > VMs** page, locate the Pivotal Ops Manager VM, and copy the IP address from the **IP Address** column. If this column does not display, click the **Customize Columns** icon on the right side to set your column display preferences.
1. Review the hardware specifications of the virtual machine and click **Next**.
1. In the **Ready to Complete** dialog, check the **Power on vApp After This
Wizard is Finished** checkbox and click **Finish**.
1. Navigate to the **Home** view to verify that your Ops Manager vApp is being
created.
<%= image_tag("vcloud-vchs/pcf-vcloud-17.png") %><br />
### <a id='dns-entry'></a>Create a DNS Entry ###
<p class="note"><strong>Note</strong>: Ops Manager 1.7 security features require you to create a fully qualified domain name in order to access Ops Manager during the <a href="../customizing/vsphere.html#paas">initial configuration.</a></p>
Create a DNS entry for the IP address that you used for Ops Manager. You must use this fully qualified domain name when you log into Ops Manager in the [Installing Pivotal Cloud Foundry on vSphere and vCloud Air](../customizing/vsphere.html#paas) topic.
[Return to the Installing Pivotal Cloud Foundry Guide](../installing/index.html)