This topic describes how to deploy VMware Tanzu Operations Manager (Ops Manager) on Amazon Web Services (AWS).
Before you deploy Ops Manager, see the preparation steps in Preparing to Deploy Ops Manager on AWS.
After you complete this procedure, follow the instructions in Configuring BOSH Director on AWS.
To launch an Amazon Machine Image (AMI) for Ops Manager:
Navigate to the Ops Manager section of VMware Tanzu Network.
Select the version of Ops Manager you want to install from the Releases drop-down menu.
In the Release Download Files, click the file named Ops Manager for AWS to download a PDF.
Open the PDF and identify the AMI ID for your region.
Return to the EC2 Dashboard.
Click AMIs from the Images menu.
Using the Owned by me drop-down filter, select Public images .
Paste the AMI ID for your region into the search bar and press enter.
Note: There is a different AMI for each region. If you cannot locate the AMI for your region, verify that you have set your AWS Management Console to your desired region. If you still cannot locate the AMI, log in to the VMware Tanzu Network and file a Support ticket.
(Optional) If you want to encrypt the VM that runs Ops Manager with AWS Key Management Service (KMS), perform the following additional steps:
Select the row that lists your Ops Manager AMI and click Launch instance from AMI.
On the Launch an instance page, for Name, enter a name for the Ops Manager VM. For example, enter pcf-ops-manager
.
Select m5.large for your instance type.
Select the pcf-ops-manager-key
key pair, and confirm that you have access to the private key file. You use this key pair to access the Ops Manager VM.
In the Network settings section, click Edit and configure the following for your instance:
pcf-public-subnet-az0
to allow traffic from public IP addresses, or pcf-management-subnet-az0
to allow traffic only from private IP addresses.pcf-ops-manager-security-group
that you created in Configure a Security Group for Ops Manager in Preparing to Deploy Ops Manager on AWS.In the Configure storage section, adjust the Size (GiB) value. The default persistent disk value is 8 GB. VMware recommends increasing this value to a minimum of 100 GB.
(Optional) If you are using IAM roles, perform the following additional steps:
In the Summary section, ensure that the number of instances is 1.
Click Launch instance.
Click View all instances to access the Instances page on the EC2 Dashboard.
On the EC2 Dashboard, click Load Balancers.
Click Create Load Balancer.
Under Application Load Balancer, click Create.
For Step 1: Configure Load Balancer, do the following:
Under Basic Configuration, do the following:
pcf-web-elb
.pcf-public-subnet-az0
to allow traffic from public IP addresses, or pcf-management-subnet-az0
to allow traffic only from private IP addresses.For Step 2: Configure Security Settings, do the following:
Under Select default certificate, do one of the following:
Note: For a production or production-like environment, use a certificate from a Certificate Authority (CA). This can be an internal certificate or a purchased certificate. For a sandbox environment, you can use a self-signed certificate, leaving the Certificate chain entry blank.
Click Next: Configure Security Groups.
For Step 3: Configure Security Groups, do the following:
pcf-web-elb-security-group
security group that you configured in Configure a Security Group for the Web ELB in Preparing to Deploy Ops Manager on AWS.For Step 4: Configure Routing, do the following:
Under Target Group, enter the following values:
pcf-web-elb-target-group
.80
.Under Health checks, enter the following values:
/health
.Under Advanced health check settings, enter the following values:
8080
.6
.3
.3
.5
.200
.Click Next: Register Targets.
For Step 5: Register Targets, accept the default values and click Next: Review.
For Step 6: Review, review the load balancer details and then click Create. A message appears to confirm that AWS has successfully created the load balancer.
From the Load Balancers page, click Create Load Balancer.
Select Network Load Balancer.
For Step 1: Configure Load Balancer, do the following:
Under Basic Configuration, do the following:
pcf-ssh-elb
.Under Listeners, edit the existing listener. For Load Balancer Protocol, select TCP, for Load Balancer Port, enter 2222
.
pcf-public-subnet-az0
to allow traffic from public IP addresses, or pcf-management-subnet-az0
to allow traffic only from private IP addresses.On the Configure Security Settings page, ignore the Improve your load balancer’s security error message and click Next: Configure Routing.
For Step 3: Configure Routing, do the following:
Under Target Group, enter the following values:
pcf-ssh-elb-target-group
.2222
.Under Health checks, enter the following values:
Under Advanced health check settings, enter the following values:
6
.10 seconds
.Click Next: Register Targets.
For Step 4: Register Targets, accept the default values and click Next: Review.
For Step 5: Review, review the load balancer details and then click Create. A message appears to confirm that AWS has successfully created the load balancer.
On the Load Balancers page, click Create Load Balancer.
Select Classic Load Balancer.
Configure the load balancer with the following information:
pcf-tcp-elb
.pcf-vpc
VPC that you created in Create a VPC in Preparing to Deploy Ops Manager on AWS.Under Listener Configuration, add the following rules:
Load Balancer Protocol | Load Balancer Port | Instance Protocol | Instance Port |
---|---|---|---|
TCP | 1024 | TCP | 1024 |
TCP | 1025 | TCP | 1025 |
TCP | 1026 | TCP | 1026 |
... | ... | ... | ... |
TCP | 1123 | TCP | 1123 |
The ...
entry above indicates that you must add listening rules for each port between 1026 and 1123.
Under Select Subnets, select either the public or private subnets you configured in Create a VPC in Preparing to Deploy Ops Manager on AWS, and click Next: Assign Security Groups.
On the Assign Security Groups page, select the security group pcf-tcp-elb-security-group
you configured in Configure a Security Group for the TCP ELB in Preparing to Deploy Ops Manager on AWS, and click Next: Configure Security Settings.
On the Configure Security Settings page, ignore the Improve your load balancer’s security error message and click Next: Configure Health Check.
On the Configure Health Check page, enter the following values:
TCP
.80
.3
seconds.5
seconds.3
.6
.Click Next: Add EC2 Instances.
Accept the defaults on the Add EC2 Instances page and click Next: Add Tags.
Accept the defaults on the Add Tags page and click Review and Create.
Review and confirm the load balancer details, and click Create.
Perform the following steps for all three of the load balancers you created in previous steps, named pcf-web-elb
, pcf-ssh-elb
, and pcf-tcp-elb
:
Click Instances on the left navigation menu to view your EC2 instances.
Select the pcf-ops-manager
instance created in Step 1: Launch an Ops Manager AMI.
On the Description tab, record the value for IPv4 Public IP.
Navigate to your DNS provider and create the following CNAME and A records:
*.apps.DOMAIN.com
and *.system.DOMAIN.com
points to the DNS name of the pcf-web-elb
load balancer.ssh.system.DOMAIN.com
points to the DNS name of the pcf-ssh-elb
load balancer.tcp.system.DOMAIN.com
points to the DNS name of the pcf-tcp-elb
load balancer.pcf.DOMAIN.com
points to the public IP address of the pcf-ops-manager
EC2 instance.Where DOMAIN
is a domain name. VMware recommends that you use the same domain name for each record.
Click Assign Security Groups.
Navigate to the RDS Dashboard.
Perform the following steps to create a RDS Subnet Group for the two RDS subnets:
Enter the following values:
pcf-rds-subnet-group
.pcf-vpc
.pcf-rds-subnet-az0
and click Add.Repeat the steps above to add pcf-rds-subnet-az1
and pcf-rds-subnet-az2
to the group.
Note: On the Subnet Group page, you may need to refresh the page to view the new group.
Note: On the Subnet Group page, you may need to refresh the page to view the new group.
Note: You must have an empty MySQL database when you install or reinstall Ops Manager on AWS.
Navigate to the RDS Dashboard.
Click Create database to launch the wizard.
Under Engine type, select MySQL.
Under Templates, select Production to create a database for production environments.
Specify the following database details:
pcf-ops-manager-director
.Enter a secure Master Username and Master Password.
Note: Record the username and password. You need these credentials later when configuring the Director Config page in the BOSH Director tile.
DB Instance Class: Select db.m5.large - 2 vCPU, 7.5 GiB RAM.
Provisioned IOPS SSD
.In the Connectivity section, enter the following values:
pcf-vpc
.pcf-rds-subnet-group
you created in Step 6: Create RDS Subnet Group.pcf-mysql-security-group
that you created in Configure a Security Group for MySQL in Preparing to Deploy Ops Manager on AWS.In the Additional configuration section, enter the following values:
bosh
.Click Launch DB Instance. Launching the instance may take several minutes.
When the instance has launched, you the following: