Update: May 9, 2019

Introduction

This workshop will walk you through the process of deploying Pivotal Cloud Foundry (PCF) on Microsoft Azure. We will stand up Concourse using Pivotal Control Plane and deploy PCF using Platform Automation. For complete documentation check out Pivotal Control Plane

To log issues, click here to go to the github repository issue submission form.

Objectives

• Install Pivotal Control Plane
• Login to Concourse

Required Artifacts

• The following lab requires a Microsoft Azure account.
• A registered domain name is required to deploy PCF.
• Terraform
• OM CLI
• BOSH CLI

Install Pivotal Control Plane

STEP 1: Clone Terraform template repository

• Open a terminal window and change to working directory. For documentation, working directory location will be /Users/dfoley/development/Azure.

cd /Users/dfoley/development/Azure

• Clone workshop repository

git clone https://github.com/dfoleypivotal/azure-platform-automation-example.git

• Clone terraforming-azure repository

git clone https://github.com/dfoleypivotal/terraforming-azure.git
cd terraforming-azure/terraforming-control-plane/

STEP 2: Create an Automation Account

• First, find your account by running the following commands using the Azure CLI

az login
az account list

Note: Copy Id an Tenant Id as these values will be used later in the lab.

• Create Service Account for Bosh. For more details please view Azure Documentation

az ad sp create-for-rbac --name ServicePrincipalforBosh

• If you want to verify that the service principal was create you can login to the Azure Console. Click Azure Active Directory then App registrations and you will see the new ServicePrincipalforBosh application was created.

  

STEP 3: Pave IaaS using Terraform

• Using the output from the previous step create and populate the terraform.tfvars file with the content below.

subscription_id = "Your Subscription Id"
tenant_id       = "Your Tenant ID"
client_id       = "appId from previous call"
client_secret   = "password from previous call"

env_name              = "controlplane"
ops_manager_image_uri = "https://opsmanagerwestus.blob.core.windows.net/images/ops-manager-2.4-build.192.vhd"
location              = "WestUS2"
dns_suffix            = "domain.com"

dns_subdomain         = "pcfcontrolplane"

• Create Infrastructure

terraform init
terraform apply

• Back on the Azure Console, you will see that a resource group named controlplane has been created and you can view all the resources that where created.

  

• Create an NS record on the parent DNS Zone with the records returned by the following. You can test

terraform output env_dns_zone_name_servers

• Verify connectivity with the following command:

dig pcfcontrolplane.<your domain> NS +short

STEP 4: Configure BOSH Director

• From any browser, access Ops Manger using URL defined by:

echo https://"$(terraform output ops_manager_dns)"

• Follow the Pivotal documentation Configuring BOSH Director on Azure

Note: On the Create Networks Page only create one network, following the infrastructure network guide, and set the Name field to control-plane-subnet

• For automated configuration run script deploy-om-director.sh

../../azure-platform-automation-example/scripts/deploy-om-director.sh

STEP 5: Deploy Control Plane via Manifest

• Retrieve the assets from Pivotal Network. Download the manifest and all of the releases from Pivotal Control Plane Components

Note: Currently you need to select Release 0.0.31

• Download the stemcell for the releases from Stemcells for PCF

  

• Move downloaded files to current directory (it will make it easier to upload the assets later)

cp ~/Downloads/{control-plane*.yml,uaa-release*.tgz,credhub-release*.tgz,postgres-release*.tgz,garden-runc*.tgz,concourse-release*.tgz,*bosh-stemcell*.tgz} .

• You need to upload each asset to your Ops Manager VM in order to upload them to BOSH. Save the Ops Manager SSH KEY to an environment variable (the OPS_MANAGER_KEY_PATH variable can be arbitrary)

export OPS_MANAGER_KEY_PATH=./ops_manager_ssh_private_key

terraform output ops_manager_ssh_private_key > $OPS_MANAGER_KEY_PATH
chmod 0600 $OPS_MANAGER_KEY_PATH

• Save the Ops Manager environment variables for connecting with the om CLI

export OM_TARGET="https://$(terraform output ops_manager_dns)"
export OM_USERNAME="admin"
export OM_PASSWORD="$(terraform output ops_manager_password)"

• Set environment variables for connecting to BOSH

eval "$(om --skip-ssl-validation bosh-env --ssh-private-key $OPS_MANAGER_KEY_PATH)"

• Upload the assets to BOSH

bosh upload-stemcell *bosh-stemcell*.tgz
bosh upload-release concourse-release-*.tgz
bosh upload-release credhub-release-*.tgz
bosh upload-release garden-runc-release-*.tgz
bosh upload-release postgres-release-*.tgz
bosh upload-release uaa-release-*.tgz

• Retrieve the Control Plane domain and availability zones from Terraform.

export CONTROL_PLANE_ROOT_DOMAIN="$(terraform output control_plane_domain)"

• Make a bosh-vars.yml to hold these deployment vars:

---
external_url: https://plane.pcfcontrolplane.<your domain>
persistent_disk_type: 1048576
vm_type: Standard_F4s
azs: ["null"]
network_name: control-plane
wildcard_domain: "plane.pcfcontrolplane.<your domain>"
uaa_url: https://uaa.pcfcontrolplane.<your domain>
uaa_ca_cert: |
  $(credhub get -n /p-bosh/control-plane/control-plane-tls -k certificate | awk ‘{printf “%s\r\n  “, $0}’)

• Create an operations file azure-vm-extension.yml with a single operation that replaces value of vm_extension.

- type: replace
  path: /instance_groups/name=web/vm_extensions?
  value: [control-plane-lb]

• Deploy the manifest from the Ops Manager VM

bosh deploy -d control-plane control-plane-*.yml \
  --vars-file=./bosh-vars.yml \
  --ops-file=./azure-vm-extension.yml

• Run the following command to verify that the deployment instances are running:

bosh instances -d control-plane

Login to Control Plane

STEP 6: Login to Control Plane UI

• You should also be logged into credhub if you have used the om bosh-env eval line from above. This allows you to easily get the credential we need to test the login of our control-plane.

credhub get -n $(credhub find | grep uaa_users_admin | awk '{print $3}')

• From any browser, access Concourse UI using URL defined by:

echo https://"$(terraform output control_plane_domain)"

• CLick login in the upper right hand corner.

• Enter admin for the username, and the password retrieved from Credhub as the password and click SIGN IN.

  

• Click Authorize

Note: If the redirect fails, refresh the browser and click login again

STEP 7: Login using FLY CLI

• If you don't already have the fly cli install you can download from the concourse page. Just click on the icon for you operating system.

  

• After the fly cli is downloaded make it executable and copy to a location in your path.

  

• login to Concourse using the main team.

Note: You will be ask to authenticate via the browser. Copy the URL into your browser. Since we already authenticated in previous step you should not be ask to login.

fly login --target main -k -c https://$(terraform output control_plane_domain)

• After authenticating into Concourse, Create a team name dev for development pipelines..

fly set-team -t main -n dev --allow-all-users

• Login to the new team:

fly login --target dev -k -c https://$(terraform output control_plane_domain)