Attach a Tanzu Platform for Cloud Foundry foundation as a Tanzu Platform hub data source

If you have one or more Tanzu Platform for Cloud Foundry (formerly known as Tanzu Application Service or TAS) foundations, you can attach them to Tanzu Platform hub as data sources. Doing so allows you to view your Tanzu Cloud Foundry foundation alongside other resources in your Tanzu Platform hub-managed infrastructure.

Before you begin

  • Tanzu Cloud Foundry must be installed.
  • Tanzu Operations Manager must be deployed in an environment of your choice.
  • The BOSH Director tile must be fully configured in Tanzu Operations Manager.
  • The Tanzu Operations Manager CLI must be installed if you plan to attach a Tanzu Cloud Foundry foundation through the CLI rather than the Tanzu Operations Manager interface.

  • When you attach a Tanzu Cloud Foundry foundation as data source in Tanzu Platform, SBOM and Spring properties data are automatically collected and sent to Tanzu Platform. You can view the collected data on Tanzu Platform hub in Applications > Business Applications and manage the applications on Tanzu Platform. However, you must configure your Spring applications and micrometer libraries to ensure that Git properties and metrics are discoverable. For more information, see Configure your Spring applications for application management in Tanzu Platform. For more information about managing your applications in Tanzu Platform, see Managing your applications in Tanzu Platform.

    Note

    The SBOM and Spring properties data are captured by the droplet exporter job running on the HUB TAS Agent Bosh VM. In larger foundations, you may need to increase the CPU and Ephemeral Disk size of the HUB TAS Agent Bosh VM.

Overview of steps

Attaching a Tanzu Cloud Foundry foundation requires the following steps:

  1. Download and install the Tanzu Platform hub collector tile in Tanzu Operations Manager.

  2. Collect data from the BOSH Director VM by creating new UAA client credentials.

  3. Create a Tanzu Cloud Foundry Foundation collector in Tanzu Platform hub, then enter the provided credentials in the Tanzu Platform hub collector on Tanzu Operations Manager to establish a connection between the Tanzu Platform hub Collector tile and Tanzu Platform hub.

While you can perform some of these actions in a different order, this guide is constructed to take you through all available configuration steps in Tanzu Operations Manager before creating a Tanzu Cloud Foundry Foundation collector in Tanzu Platform hub.

Note

Each Tanzu Platform hub collector-Tanzu Cloud Foundry Foundation collector pair can support one Tanzu Cloud Foundry foundation. If you have multiple Tanzu Cloud Foundry foundations, you must add and configure a Tanzu Cloud Foundry-Hub collector per foundation.

Install the Tanzu Platform hub collector in Tanzu Operations Manager

Do the following to install the Tanzu Platform hub collector tile in the Tanzu Operations Manager Installation Dashboard:

  1. Go to the Tanzu Platform hub page on VMware Tanzu Network.

  2. From the Releases dropdown, select the version of the tile you want to install.

  3. Click the name of the tile you want to install to download the .pivotal file for the tile.

  4. Navigate to the Tanzu Operations Manager Installation Dashboard.

  5. Click Import a Product.

  6. Select the .pivotal file that you downloaded from VMware Tanzu Network.

  7. Click Open. If the tile is successfully uploaded, it appears in the product list beneath the Import a Product button.

  8. Once the upload is complete, click the + icon next to the tile listing to add the tile to your staging area.

  9. Click the Tanzu Hub Collector tile.

  10. Under Place singleton jobs in AZ, select the first AZ. Tanzu Operations Manager runs any job with a single instance in this AZ.

  11. Under Balance other jobs in AZs, select one or more other AZs. Tanzu Operations Manager balances instances of jobs with more than one instance across the AZs that you specify.

  12. From the Network dropdown, select a subnet on which to install the collector.

    Important

    Make sure that you select a subnet that has access to the TAS VMs. See Configuring BOSH Director for your IaaS.

  13. Click Save.

For more information, see the Tanzu Operations Manager documentation.

Create a UAA Client for the Tanzu Platform hub collector in Tanzu Operations Manager

The Tanzu Platform hub collector works by accessing the BOSH director VM and viewing information about deployments, then exporting that information to Tanzu Platform hub. This requires creating a new UAA client for the Tanzu Platform hub collector, the details for which differ depending on the authentication settings of your Tanzu Operations Manager to deployment.

To begin, select an authentication method and follow the instructions.

Local
If your Tanzu Operations Manager deployment uses internal authentication:

  1. From the Tanzu Operations Manager Installation Dashboard, click the BOSH Director tile.

  2. Select the Status tab.

  3. Record the IP address in the IPs column of the BOSH Director row.

  4. Select the Credentials tab.

  5. In the Bosh Commandline Credentials row of the BOSH Director section, click Link to Credential.

  6. Record the values for BOSH_CLIENT and BOSH_CLIENT_SECRET. Use these to log in to the UAA client in a later step.

For more information about internal authentication settings for your Tanzu Operations Manager deployment, see the Tanzu Operations Manager documentation.

SAML
If your Tanzu Operations Manager deployment uses SAML authentication:

  1. Click the user account menu in the upper-right corner of the Tanzu Operations Manager Installation Dashboard.

  2. Click Settings .

  3. Select SAML Settings.

  4. Click the Provision an Admin Client in the BOSH UAA checkbox.

  5. Click Enable SAML Authentication.

  6. Return to the Tanzu Operations Manager Installation Dashboard.

  7. Click the BOSH Director tile.

  8. Select the Status tab.

  9. Record the IP address in the IPs column of the BOSH Director row.

  10. Select the Credentials tab.

  11. In the Uaa Bosh Client Credentials row of the BOSH Director section, click Link to Credential.

  12. Record the value of password. This value is the secret for Uaa Bosh Client Credentials.

For more information about SAML authentication settings for your Tanzu Operations deployment, see the Tanzu Operations Manager documentation

LDAP
If your Tanzu Operations Manager deployment uses LDAP authentication:

  1. Click the user account menu in the upper-right corner of the Tanzu Operations Manager Installation Dashboard.

  2. Click Settings .

  3. Select LDAP Settings.

  4. Click the Provision an Admin Client in the BOSH UAA checkbox.

  5. Click Enable LDAP Authentication.

  6. Return to the Tanzu Operations Manager Installation Dashboard.

  7. Click the BOSH Director tile.

  8. Select the Status tab.

  9. Record the IP address in the IPs column of the BOSH Director row.

  10. Select the Credentials tab.

  11. In the Uaa Bosh Client Credentials row of the BOSH Director section, click Link to Credential.

  12. Record the value of password. This value is the secret for Uaa Bosh Client Credentials.

For more information about LDAP authentication settings for your Tanzu Operations deployment, see the Tanzu Operations Manager documentation

Once you have the credentials for your authentication method, you can connect to the Tanzu Operations Manager VM:

  1. Establish an SSH connection with the Tanzu Operations Manager VM by following the procedure in the Tanzu Operations Manager documentation.

  2. Target the UAA instance for the BOSH Director by running:

    uaac target https://BOSH-DIRECTOR-IP:8443

    Where BOSH-DIRECTOR-IP is the IP address for the BOSH Director VM that you recorded from the Status tab in the BOSH Director tile in a previous step.

  3. Log in to the UAA instance by running:

    uaac token client get

  4. When prompted, enter the credentials you recorded in the previous step for client and secret.

  5. Create a UAA client for the Tanzu Platform hub collector by running:

    uaac client add hub-tas-collector \
 --secret 'CLIENT-SECRET' \
 --authorized_grant_types client_credentials,refresh_token \
 --authorities bosh.read \
 --scope bosh.read

    Where:

    • CLIENT-SECRET is the secret you want to set for the UAA client.

  6. Return to the Tanzu Operations Manager Installation Dashboard.

  7. Click the Tanzu Hub Collector tile.

  8. Click Collector Configuration.

  9. For BOSH UAA client credentials, enter hub-tas-collector for the username and the secret for the UAA client you just created.

  10. If your deployment of Tanzu Operations Manager uses a self-signed certification, click the Skip TLS Verification when Querying Ops Manager API checkbox. Otherwise you can leave it blank.

  11. For Link TAS Entities to IAAS Entity Collection, click Disable.

  12. For Log level, enter info.

  13. For HTTP Proxy Configuration if you need to egress entities through an HTTP proxy on your network, then select Enable and configure the fields for your proxy server.

  14. Click Save.

Create a Tanzu Cloud Foundry foundation collector in Tanzu Platform hub

With the Tanzu Platform hub collector in Tanzu Operations Manager mostly configured, you must also create Tanzu Cloud Foundry Foundation collector in Tanzu Platform hub. The process is similar to attaching a Kubernetes cluster.

  1. In Tanzu Platform hub, select Setup & Configure > Foundation Management.

  2. Click Add New.

  3. Enter a name for your foundation. It’s a best practice use the same name as your Tanzu Operations Manager.

  4. Click Next.

  5. Select a method for configuring the Tanzu Cloud Foundry foundation collector.

    Tanzu Operations Manager
    Select the Configuration details for Tanzu Operations Manager option to configure the collector through the Tanzu Operations Manager interface.

    1. Copy all the configuration details to a text file as a back-up during this procedure.

    2. Log in to Tanzu Operations Manager while keeping the Tanzu Platform hub page open.

    3. From Tanzu Operations Manager, select the tile for your Tanzu Platform hub collector.

    4. Click Tanzu Hub Configuration.

    5. Enter the configuration details copied from Tanzu Platform hub in the matching fields for Tanzu Operations Manager.

    6. Click Save.

    OM-CLI
    Select the OM-cli using YAML file option if you want to configure the collector on a command line interface.

    1. Download the provided YAML file and rename it to your preference.

    2. Open your preferred CLI shell on an environment where the Tanzu Operations Manager CLI is installed.

    3. Upload the YAML file to the host, then run this command to configure the collector:

      $ om configure-product -c <filename>.yaml

    4. Go back to the Tanzu Platform hub page and click Complete.

Verify stemcell version and apply all changes

To verify your stemcell version and apply all changes:

  1. Click Stemcell Library. For more information about using the Stemcell Library, see Importing and managing stemcells.

  2. Verify and, if necessary, import a new stemcell version.

  3. From the Tanzu Operations Manager Installation Dashboard, click Review Pending Changes.

  4. Click Apply Changes.

  5. Return to Tanzu Platform hub and click Complete. Once configuration is complete, you should see your Tanzu Cloud Foundry foundation listed with a Pending status. It may take up to 20 minutes for Tanzu Operations Manager and Tanzu Platform hub to begin communicating, at which point the status should change to Ready.

You can view your Tanzu Cloud Foundry Foundation by going to Infrastructure > Foundations in Tanzu Platform hub and find it in the list of Foundations on the dashboard.

Configure TAS logs to send to Tanzu Platform

To send TAS logs to Tanzu Platform, do the following setup in Tanzu Ops Manager. After you have done the following configurations, you can view the logs in Tanzu Platform hub.

To view the TAS Platform logs, on Tanzu Platform hub, go to Infrastructure > Foundations.

To view application logs, on Tanzu Platform hub, go to Applications > Apps and microservices.

Configure TAS Platform logs

On the Ops Manager Installation Dashboard, do the following:

  1. Open the VMware Tanzu Application Service tile.
  2. Click Settings and select System Logging.
  3. For Syslog server address, enter telegraf.hub-collector.service.internal.
  4. For Syslog server port, enter 6515.
  5. For Transport protocol, select TCP protocol.
  6. Optional Environment identifier.
  7. Click Save.

Configure Application Logs for TAS 5 and above versions

Follow these steps for TAS 5 and above versions deployed in a secure environment. If the deployment is in a non-secure environment, see Configure Application Logs for version below TAS 5 versions.

Configure CF Hub Collector

  1. Navigate to the CF Hub Collector tile in Ops Manager installation dashboard.
  2. Click the Settings and select Collector Configuration
  3. Tick the checkbox next to Enable Mutual TLS for Application Logs.

  4. Click the Credentials tab:

    1. Click Link to Credential next to Syslog Mtls.

    2. Escape newline characters from credential values.

      printf -- <private_key_pem>

      printf -- <cert_pem>
    3. Save the certificate content. The cert and key will be used when configuring the aggregate syslog drain destinations.
  5. Navigate to the Ops Manager Installation Dashboard.
    1. From the dropdown in the upper-right corner of the Ops Manager Installation Dashboard, click Settings.
    2. Select Advanced Options.
    3. Click DOWNLOAD ROOT CA CERT. The Ops Manager root CA will be used when configuring the aggregate syslog drain destinations.

Configure TAS

  1. Open the VMware Tanzu Application Service tile.
  2. Click Settings and select System Logging.
  3. Scroll down to Aggregate syslog drain destinations and click Add.
    1. Add Syslog Drain URL syslog-tls://telegraf.hub-collector.service.internal:6514.
    2. Certificate Authority is the Ops Manager root CA.
    3. Under Client Certificate:
      • Client Certificate is the cert_pem of the CF Hub Collector Syslog mTLS credential.
      • PRIVATE_KEY_PEM is the private_key_pem of the CF Hub Collector Syslog mTLS credential.
    4. Click Save.
  4. Apply pending changes.
    1. Navigate to the Ops Manager installation dashboard.
    2. Click Review Pending Changes.
    3. Select VMware Tanzu Application Service and CF Hub Collector.
    4. Click Apply Changes.

Configure Application Logs for version below TAS 5 versions

Follow these steps for versions below TAS 5 and for deployments in non-secure environments. Use these steps for TAS 5 and above versions if the deployment is in a non-secure environment.

Configure CF Hub Collector

  1. On the Ops Manager Installation Dashboard, open the CF Hub Collector tile.
  2. On the Settings tab and select Collector Configuration.
  3. Make sure checkbox next to Enable Mutual TLS for Application Logs is not checked.

Configure TAS

  1. Open the VMware Tanzu Application Service for VMs tile.
  2. Click Settings and select System Logging.
  3. Scroll down to Aggregate log and metric drain destinations.
  4. Add syslog://telegraf.hub-collector.service.internal:6514.
  5. Click Save.
  6. Apply pending changes.
    1. Navigate to the Ops Manager Installation Dashboard.
    2. Click Review Pending Changes.
    3. Select VMware Tanzu Application Service and CF Hub Collector.
    4. Click Apply Changes.

Manage alerts for Cloud Foundry foundations

When you connect a Cloud Foundry foundation, alerts are automatically deployed for the foundation. To see the alerts that are deployed, on Tanzu Platform hub, in the left navigation pane, go to Setup & Configuration > Alert Management.

You can enable or disable the alert, configure the trigger conditions, and set the notification target.

For information about setting up a notification target, see Add alert notifications.

check-circle-line exclamation-circle-line close-line
Scroll to top icon