This guide describes how you can provision the OpenStack infrastructure and where you need to install VMware Tanzu Operations Manager. Use this topic when Installing Tanzu Operations Manager on OpenStack.

After you complete this procedure, complete all of the steps in Configuring BOSH Director on OpenStack and in the TAS for VMs documentation.

Note This document uses Mirantis OpenStack for images and examples. The screenshots of your OpenStack vendor configuration interface might be different.

Step 1: Log in to the OpenStack Horizon dashboard

  1. Log in to the OpenStack Horizon dashboard.

    OpenStack Dashboard login page

  2. From the Project drop-down menu, set the active project by selecting the project where you deploy Tanzu Operations Manager.

    Select project

Step 2: Configure security

Important If you are using OpenStack Liberty or Mitaka, do not create the key pair with the OpenStack Horizon dashboard. Instead make sure that you generate the SSH key pair manually. For example, use the ssh-keygen command. Then follow this procedure to import that key pair into OpenStack. This is due to an OpenStack bug.

  1. In your OpenStack Horizon dashboard, click Project, then Compute, followed by Access & Security.

  2. On the Access & Security page, click the Key Pairs tab.

  3. Click Import Key Pair.

  4. Enter a Key Pair Name.

  5. In the Public Key text box, enter the contents of your public key.

    Import Key Pair pane

  6. Click Import Key Pair.

  7. In the navigation menu, click Access & Security to refresh the page. The new key pair appears in the list.

  8. Click the Security Groups tab, then click Create Security Group and create a group with the following properties:

    • Name: opsmanager
    • Description: Tanzu Operations Manager

    Create Security Group pane

  9. The Security Groups tab contains a table of the Security Groups. Select the check box for the opsmanager Security Group row and click Manage Rules in the Actions column.

    Table of Security Groups, with columns Name, Description, and Actions. The Actions column contains a Manage Rules drop-down menu for each security group.

  10. On the Access & Security page, add the ingress access rules for HTTP, HTTPS, and SSH as shown in the following table. The rules with opsmanager in the Remote column have restricted access to that particular Security Group.

    Adjust the remote sources as necessary for your own security compliance. VMware recommends limiting remote access to Tanzu Operations Manager to IP ranges within your organization.

    Direction Ether type IP protocol Port/port range Remote
    Ingress IPv4 TCP 22 (SSH) 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 80 (HTTP) 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 443 (HTTPS) 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 4222 (NATS) opsmanager
    Ingress IPv4 TCP 6868 (BOSH Agent) opsmanager
    Ingress IPv4 TCP 8844 (CredHub) opsmanager
    Ingress IPv4 TCP 8853 (BOSH Health Monitor) opsmanager
    Ingress IPv4 TCP 25250 (BOSH Blobstore) opsmanager
    Ingress IPv4 TCP 25555 (BOSH Director) opsmanager
    Ingress IPv4 TCP 25777 (BOSH Registry) opsmanager
    Egress IPv4 TCP 1-65535 0.0.0.0/0 (CIDR)

  11. Do not change the existing default egress access rules. As shown in the image, the Egress rows contain ETHER TYPE IPv4 and IPv6, respectively. Both IP PROTOCOL and PORT RANGE are set to Any.

    Access & Security table

Step 3: Run the CF OpenStack Validator tool (optional)

As an optional but recommended step, you can now run the CF OpenStack Validator tool against your OpenStack tenant to verify support for Tanzu Operations Manager.

  1. Follow the directions for running the CF OpenStack Validator Tool.

  2. When configuring the CPI version used by the Validator, specify the OpenStack CPI version indicated in the Tanzu Operations Manager Release Notes for the Tanzu Operations Manager release that you are planning to deploy.

Troubleshooting the output of the CF OpenStack Validator tool is beyond the scope of this document.

Step 4: Create Tanzu Operations Manager image

You can create the Tanzu Operations Manager image in OpenStack using the OpenStack Horizon dashboard.

If your Horizon Dashboard does not support file uploads, you must use the Glance CLI client.

To create a Tanzu Operations Manager image in OpenStack, complete the following steps:

  1. Download the Tanzu Operations Manager for OpenStack image file from the Broadcom Support portal.

  2. In the navigation menu, of your OpenStack dashboard, click Project, then Compute, followed by Images.

  3. Click Create Image.

  4. Complete the Create An Image page with the following information:

    • Name: Enter Tanzu Operations Manager.
    • Image Source: Select Image File.
    • Image File: Click Choose File. Browse to and select the image file that you downloaded from the Broadcom Support portal.
    • Format: Select Raw.
    • Minimum Disk (GB): Enter 80.
    • Minimum RAM (MB): Enter 8192.
    • Deselect the Public check box.

    • Select the Protected check box.

      Create an Image pane

  5. Click Create Image.

Step 5: Launch Tanzu Operations Manager VM

  1. In the navigation menu of your OpenStack dashboard, click Project, then Compute, followed by Images.

  2. Select the Ops Manager row, and in the Actions column, click Launch.

    Table of images and their attributes

  3. In the Details tab, specify the following values:

  4. Click the Source tab in the left navigation menu, and specify the following values:

    • Select Boot Source: Select Image.
    • Create New Volume: Leave No selected.

    • Allocated: Make sure Tanzu Operations Manager is selected.

      Launch Instance pane, Source tab

  5. Click the Flavor tab, and configure the OpenStack VM flavors as follows: Do not change the names of the VM flavors.

    ID Name Memory_MB Disk Ephemeral VCPUs
    1 m1.small 2048 20 0 1
    2 m1.medium 4096 40 0 2
    3 m1.large 8192 80 0 4
    4 m1.xlarge 16384 160 0 8

  6. Click the Networks tab, and select a private subnet. You need to add a Floating IP to this network in a later step.

    Launch Instance pane, Networks tab

  7. Skip the Network Ports tab.

  8. Click the Security Groups tab, and click the opsmanager security group that you created in Step 2: Configure security. Deselect all other Security Groups.

    Launch Instance pane, Security Groups tab

  9. Click the Key Pair tab, and select the key pair that you imported in Step 2: Configure security.

    Launch Instance pane, Key Pair tab

  10. Skip the Configuration and Metadata tabs.

  11. Click the Launch Instance button. This starts your new Tanzu Operations Manager instance.

Step 6: Associate a floating IP address

  1. In the navigation of your OpenStack dashboard, click Project, then Compute, followed by Instances. The Instances table appears. You see a row with INSTANCE NAME Tanzu Operations Manager.

  2. Wait until the Power State of the Tanzu Operations Manager instance shows as Running.

  3. Record the private IP Address of the Tanzu Operations Manager instance from the row.

    Instances table

    You must provide this IP Address when you complete Step 6: Complete the Create Networks page in Tanzu Operations Manager.

  4. Select the Tanzu Operations Manager row by clicking the check box in the left-most column.

  5. In the Actions column, use the drop-down menu to select Associate Floating IP. The Manage Floating IP Associations screen appears.

    Manage Floating IP Associations pane,showing no associations

  6. Beside IP Address, click the plus button (+). The Allocate Floating IP screen appears.

  7. In the Pool drop-down menu, select an IP Pool and click Allocate IP.

    Allocate Floating IP pane

  8. In the Port to be associated drop-down menu, select your Tanzu Operations Manager instance.

    Manage Floating IP Associations pane, with an IP address added

  9. Click Associate.

Step 7: Add Blob storage

  1. In the navigation of your OpenStack dashboard, click Project, then Object Store, followed by Containers.

  2. Click Create Container. Create a container with the following properties:

    • Container Name: Enter pcf.

    • Container Access: Leave the public check box unselected.

      Create Container

  3. Click Create.

Step 8: Download credentials for S3 Blob storage

  1. In the left navigation menu on the OpenStack dashboard, click Project, then Compute, then Access & Security. Click the API Access tab.

    OpenStack Access & Security pane with table of API endpoints.

  2. Click Download EC2 Credentials.

  3. Unzip the downloaded credentials file.

  4. If you select S3 Compatible Blobstore in your BOSH Director Config, you need the contents of this file to complete the configuration.

Step 9: Create a DNS entry

Create a DNS entry for the floating IP address that you assigned to Tanzu Operations Manager in Step 6: Associate a floating IP address.

You must use this fully qualified domain name when you log in to Tanzu Operations Manager for the first time.

Step 10: Configure BOSH Director for OpenStack

After you complete this procedure, then complete all of the steps in the Configuring BOSH Director on OpenStack and in the TAS for VMs documentation.

Return to Installing Tanzu Operations Manager on OpenStack.

check-circle-line exclamation-circle-line close-line
Scroll to top icon