This guide describes how to provision the OpenStack infrastructure where you need to install VMware Tanzu Operations Manager (Ops Manager). Use this topic when Installing Ops Manager on OpenStack.
After completing this procedure, complete all of the steps in Configuring BOSH Director on OpenStack and Configuring TAS for VMs.
Note: This document uses Mirantis OpenStack for screenshots and examples. The screens of your OpenStack vendor configuration interface may differ.
Log in to the OpenStack Horizon dashboard.
From the Project drop-down menu, set the active project by selecting the project where you deploy Ops Manager.
Important: If you are using OpenStack Liberty or Mitaka, do not create the key pair with the OpenStack Horizon dashboard. Instead make sure that you generate the SSH key pair manually. For example, use the ssh-keygen command. Then follow the procedure below to import that key pair into OpenStack. This is due to an OpenStack bug.
In the left navigation menu of your OpenStack Horizon dashboard, click Project > Compute > Access & Security.
On the Access & Security page, click the Key Pairs tab.
Click Import Key Pair.
Enter a Key Pair Name.
In the Public Key text box, enter the contents of your public key.
Click Import Key Pair.
In the left navigation menu, click Access & Security to refresh the page. The new key pair appears in the list.
Click the Security Groups tab. Click Create Security Group and create a group with the following properties:
opsmanagerOps Manager
The Security Groups tab contains a table of the Security Groups. Select the check box for the opsmanager Security Group row and click Manage Rules in the Actions column.
On the Access & Security page, add the ingress access rules for HTTP, HTTPS, and SSH as shown in the table below. The rules with opsmanager in the Remote column have restricted access to that particular Security Group.
Note: Adjust the remote sources as necessary for your own security compliance. VMware recommends limiting remote access to Ops Manager to IP ranges within your organization.
| Direction | Ether Type | IP Protocol | Port/Port Range | Remote |
|---|---|---|---|---|
| Ingress | IPv4 | TCP | 22 (SSH) | 0.0.0.0/0 (CIDR) |
| Ingress | IPv4 | TCP | 80 (HTTP) | 0.0.0.0/0 (CIDR) |
| Ingress | IPv4 | TCP | 443 (HTTPS) | 0.0.0.0/0 (CIDR) |
| Ingress | IPv4 | TCP | 4222 (NATS) | opsmanager |
| Ingress | IPv4 | TCP | 6868 (BOSH Agent) | opsmanager |
| Ingress | IPv4 | TCP | 8844 (CredHub) | opsmanager |
| Ingress | IPv4 | TCP | 8853 (BOSH Health Monitor) | opsmanager |
| Ingress | IPv4 | TCP | 25250 (BOSH Blobstore) | opsmanager |
| Ingress | IPv4 | TCP | 25555 (BOSH Director) | opsmanager |
| Ingress | IPv4 | TCP | 25777 (BOSH Registry) | opsmanager |
| Egress | IPv4 | TCP | 1-65535 | 0.0.0.0/0 (CIDR) |
Do not change the existing default egress access rules. As shown in the image, the Egress rows contain ETHER TYPE ‘IPv4’ and ‘IPv6’, respectively. Both IP PROTOCOL and PORT RANGE are set to ‘Any’.
As an optional but recommended step, you can now run the CF OpenStack Validator tool against your OpenStack tenant to verify support for Ops Manager.
Follow the directions for running the CF OpenStack Validator Tool.
When configuring the CPI version used by the Validator, specify the OpenStack CPI version indicated in the Ops Manager Release Notes for the Ops Manager release that you are planning to deploy.
Troubleshooting the output of the CF OpenStack Validator tool is beyond the scope of this document.
You can create the Ops Manager image in OpenStack using the OpenStack Horizon dashboard.
Note: If your Horizon Dashboard does not support file uploads, you must use the Glance CLI client.
To create an Ops Manager image in OpenStack, perform the following steps:
Download the Ops Manager for OpenStack image file from VMware Tanzu Network.
In the left navigation of your OpenStack dashboard, click Project > Compute > Images.
Click Create Image.
Complete the Create An Image page with the following information:
Ops Manager.80.8192.Select the Protected checkbox.
Click Create Image.
In the left navigation of your OpenStack dashboard, click Project > Compute > Images.
Select the ‘Ops Manager’ row, and in the Actions column, click Launch.
In the Details tab, specify the following values:
Ops Manager.Count: Do not change from the default value of 1.
Click the Source tab in the left navigation menu, and specify the following values:
Allocated: Make sure Ops Manager is selected.
Click the Flavor tab, and configure the OpenStack VM flavors as follows:
Note: Do not change the names of the VM flavors.
| ID | Name | Memory_MB | Disk | Ephemeral | VCPUs |
|---|---|---|---|---|---|
| 1 | m1.small | 2048 | 20 | 0 | 1 |
| 2 | m1.medium | 4096 | 40 | 0 | 2 |
| 3 | m1.large | 8192 | 80 | 0 | 4 |
| 4 | m1.xlarge | 16384 | 160 | 0 | 8 |
Click the Networks tab, and select a private subnet. You will add a Floating IP to this network in a later step.
Skip the Network Ports tab.
Click the Security Groups tab, and select the opsmanager security group that you created in Step 2: Configure Security. Deselect all other Security Groups.
Click the Key Pair tab, and select the key pair that you imported in Step 2: Configure Security.
Skip the Configuration and Metadata tabs.
Click the Launch Instance button. This starts your new Ops Manager instance.
In the left navigation of your OpenStack dashboard, click Project > Compute > Instances. The Instances table appears. You will see a row with INSTANCE NAME Ops Manager.
Wait until the Power State of the Ops Manager instance shows as Running.
Record the private IP Address of the Ops Manager instance from the row.
You must provide this IP Address when you perform Step 6: Complete the Create Networks Page in Ops Manager.
Select the Ops Manager row by clicking the check box in the left-most column.
In the Actions column, use the drop-down menu to select Associate Floating IP. The Manage Floating IP Associations screen appears.
Beside IP Address, click the plus button (+). The Allocate Floating IP screen appears.
In the Pool drop-down menu, select an IP Pool and click Allocate IP.
In the Port to be associated drop-down menu, select your Ops Manager instance.
Click Associate.
In the left navigation of your OpenStack dashboard, click Project > Object Store > Containers.
Click Create Container. Create a container with the following properties:
pcf.Container Access: Leave the public check box unselected.
Click Create.
In the left navigation menu on the OpenStack dashboard, click Project > Compute > Access & Security. Click the API Access tab.
Click Download EC2 Credentials.
Unzip the downloaded credentials file.
If you select S3 Compatible Blobstore in your BOSH Director Config, you need the contents of this file to complete the configuration.
Create a DNS entry for the floating IP address that you assigned to Ops Manager in Step 6: Associate a Floating IP Address.
You must use this fully qualified domain name when you log into Ops Manager for the first time.
After completing this procedure, complete all of the steps in the Configuring BOSH Director on OpenStack and Configuring TAS for VMs.
Return to Installing Ops Manager on OpenStack.
