IK.AM

Dev > PaaS > CloudFoundry > PCF

Notes on Installing VMware Tanzu Operations Manager 3.0 and BOSH Director on AWS

Jun 25, 2024
Jun 26, 2024
N/A Views
MD
AWSCloud FoundryPivotal Cloud FoundryOps ManagerTASTerraform

Warning

This article was automatically translated by OpenAI (gpt-4o).It may be edited eventually, but please be aware that it may contain incorrect information at this time.

This article details the installation of VMware Tanzu Operations Manager (Ops Manager) on AWS. In the next article, we will install Tanzu Application Service 6.0 (TAS) on the environment built here.

This guide is targeted at first-time installers, focusing on GUI-based configuration as much as possible.

Table of Contents

Preparing the AWS Environment

First, we create the AWS resources that will serve as the foundation for installing Ops Manager and TAS.

The network configuration will look like the diagram below.

image

The required resources are detailed in the documentation, but creating them manually can be cumbersome, so we will use Terraform.

Refer to this guide for installing the Terraform CLI.

The content of this article has been verified to work with the following CLI version on Ubuntu Jammy.

$ terraform --version
Terraform v1.8.5
on linux_amd64

Additionally, you will need one Route 53 Hosted Zone as a prerequisite. In this guide, we use aws.maki.lol as an example Hosted Zone.

image

Retrieve the Terraform template.

git clone https://github.com/making/tas-paving-aws
cd tas-paving-aws

This template will create:

  • VPC
  • Subnet
  • Security Group
  • EIP
  • NLB
  • Internet Gateway
  • NAT Gateway
  • IAM Role
  • IAM Policy
  • IAM Instance Profile
  • Route53 Record
  • S3 Bucket

Set the following environment variables.

export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=... (Optional)
export AWS_REGION=ap-northeast-1

export TF_VAR_availability_zones='["ap-northeast-1a","ap-northeast-1c","ap-northeast-1d"]'
export TF_VAR_environment_name=sandbox
export TF_VAR_hosted_zone=aws.maki.lol

Note

AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY are only used for running Terraform and creating the Ops Manager VM. Afterwards, AWS API access will be through the Instance Profile created by Terraform. AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY will not be set for TAS itself.

Tip

VMware employees can use temporary credentials from Cloud Gate with Power User permissions.

Run Terraform.

cd aws
terraform init
terraform plan -out plan
terraform apply plan
cd ..

You will see that the network depicted in the diagram has been created in the AWS Console.

image

Installing Ops Manager

Install Ops Manager, which is required to install TAS. Ops Manager is created on the public network and accessed via EIP as shown below.

image

Using the AWS Console to install Ops Manager is tedious, so we will use the om CLI to create the Ops Manager VM.

curl https://github.com/pivotal-cf/om/releases/download/7.12.0/om-linux-amd64-7.12.0 -sL -o om
chmod +x om
sudo mv om /usr/local/bin/om

Create a configuration file for the Ops Manager VM as follows.

cat <<EOF > opsman.yml
---
opsman-configuration:
  aws:
    region: ${AWS_REGION}
    vpc_subnet_id: $(cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_subnet_id)
    security_group_ids:
    - $(cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_security_group_id)
    - $(cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .platform_vms_security_group_id)
    key_pair_name: $(cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_key_pair_name)
    iam_instance_profile_name: $(cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_iam_instance_profile_name)
    access_key_id: ${AWS_ACCESS_KEY_ID}
    secret_access_key: ${AWS_SECRET_ACCESS_KEY}
    public_ip: $(cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_public_ip)
    private_ip: 10.0.0.10
---
EOF

You need to get the Ops Manager AMI image ID from the Broadcom Support Portal (BSP). Log in to BSP and select "Tanzu" as shown below.

image

Select "VMware Tanzu Operation Manager" from "My Downloads."

image

Click "VMware Tanzu Operation Manager."

image

Select the latest version. In the image below, it is 3.0.30+LTS-T.

image

Check "I agree to the Terms and Conditions" and download "Tanzu Ops Manager YAML for AWS ..."

image

You will get a YAML file like this.

$ cat ops-manager-aws-3.0.30+LTS-T.yml 
---
ap-south-2: ami-079351fec0d47937b
# ...
ap-northeast-1: ami-00d6d7bbd9d6a202f
# ...

Use the previously created opsman.yml and the YAML downloaded from BSP to create the Ops Manager VM with the om command.

om vm-lifecycle create-vm --config=opsman.yml --image-file=ops-manager-aws-3.0.30+LTS-T.yml

You will see logs like the following, and the Ops Manager VM will be created.

Using aws...

Executing: "aws ec2 run-instances --tag-specifications ResourceType=instance,Tags=[{Key=Name,Value=ops-manager-vm}] --image-id ami-00d6d7bbd9d6a202f --subnet-id subnet-014057c9d1c4a7bd6 --security-group-ids sg-01e92981c8c881bec sg-0ffd0662a685d574f --count 1 --instance-type m5.large --key-name sandbox-ops-manager-key --no-associate-public-ip-address --iam-instance-profile Name=sandbox-ops-manager --query Instances[0].InstanceId --private-ip-address 10.0.0.10"
This could take a few moments...
aws[stdout]: "i-0ddbef586f5731165"

Executing: "aws ec2 describe-volumes --filters Name=attachment.instance-id,Values=i-0ddbef586f5731165 Name=attachment.status,Values=attached Name=status,Values=in-use --query Volumes[0].VolumeId"
This could take a few moments...
aws[stdout]: "vol-0a4005fe1de960ff7"

Executing: "aws ec2 modify-volume --volume-id vol-0a4005fe1de960ff7 --size 200"
This could take a few moments...
aws[stdout]: {
aws[stdout]:     "VolumeModification": {
aws[stdout]:         "VolumeId": "vol-0a4005fe1de960ff7",
aws[stdout]:         "ModificationState": "modifying",
aws[stdout]:         "TargetSize": 200,
aws[stdout]:         "TargetIops": 600,
aws[stdout]:         "TargetVolumeType": "gp2",
aws[stdout]:         "TargetMultiAttachEnabled": false,
aws[stdout]:         "OriginalSize": 10,
aws[stdout]:         "OriginalIops": 100,
aws[stdout]:         "OriginalVolumeType": "gp2",
aws[stdout]:         "OriginalMultiAttachEnabled": false,
aws[stdout]:         "Progress": 0,
aws[stdout]:         "StartTime": "2024-06-25T03:08:34+00:00"
aws[stdout]:     }
aws[stdout]: }

Executing: "aws ec2 describe-addresses --filters Name=public-ip,Values=54.65.94.27 --query Addresses[0].AllocationId"
This could take a few moments...
aws[stdout]: "eipalloc-0b56ffe4ab20a23d2"

Executing: "aws ec2 associate-address --allocation-id eipalloc-0b56ffe4ab20a23d2 --instance-id i-0ddbef586f5731165"
This could take a few moments...
aws[stdout]: {
aws[stdout]:     "AssociationId": "eipassoc-0b5a6e1c26ee8d6ec"
aws[stdout]: }

Executing: "aws ec2 stop-instances --instance-ids i-0ddbef586f5731165"
This could take a few moments...
aws[stdout]: {
aws[stdout]:     "StoppingInstances": [
aws[stdout]:         {
aws[stdout]:             "CurrentState": {
aws[stdout]:                 "Code": 64,
aws[stdout]:                 "Name": "stopping"
aws[stdout]:             },
aws[stdout]:             "InstanceId": "i-0ddbef586f5731165",
aws[stdout]:             "PreviousState": {
aws[stdout]:                 "Code": 16,
aws[stdout]:                 "Name": "running"
aws[stdout]:             }
aws[stdout]:         }
aws[stdout]:     ]
aws[stdout]: }

Executing: "aws ec2 describe-instances --instance-ids i-0ddbef586f5731165 --query Reservations[*].Instances[*].State.Name"
This could take a few moments...
aws[stdout]: [
aws[stdout]:     [
aws[stdout]:         "stopping"
aws[stdout]:     ]
aws[stdout]: ]

Executing: "aws ec2 describe-instances --instance-ids i-0ddbef586f5731165 --query Reservations[*].Instances[*].State.Name"
This could take a few moments...
aws[stdout]: [
aws[stdout]:     [
aws[stdout]:         "stopping"
aws[stdout]:     ]
aws[stdout]: ]

Executing: "aws ec2 describe-instances --instance-ids i-0ddbef586f5731165 --query Reservations[*].Instances[*].State.Name"
This could take a few moments...
aws[stdout]: [
aws[stdout]:     [
aws[stdout]:         "stopping"
aws[stdout]:     ]
aws[stdout]: ]

...

Executing: "aws ec2 describe-instances --instance-ids i-0ddbef586f5731165 --query Reservations[*].Instances[*].State.Name"
This could take a few moments...
aws[stdout]: [
aws[stdout]:     [
aws[stdout]:         "stopped"
aws[stdout]:     ]
aws[stdout]: ]

Executing: "aws ec2 start-instances --instance-ids i-0ddbef586f5731165"
This could take a few moments...
aws[stdout]: {
aws[stdout]:     "StartingInstances": [
aws[stdout]:         {
aws[stdout]:             "CurrentState": {
aws[stdout]:                 "Code": 0,
aws[stdout]:                 "Name": "pending"
aws[stdout]:             },
aws[stdout]:             "InstanceId": "i-0ddbef586f5731165",
aws[stdout]:             "PreviousState": {
aws[stdout]:                 "Code": 80,
aws[stdout]:                 "Name": "stopped"
aws[stdout]:             }
aws[stdout]:         }
aws[stdout]:     ]
aws[stdout]: }
OpsMan VM created successfully

You will see an instance named ops-manager-vm in the ECS dashboard.

image

The DNS name of this Ops Manager can be checked with the following command. It should be opsmanager.${TF_VAR_environment_name}.${TF_VAR_hosted_zone}.

cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_dns

Since a self-signed certificate is used, you will see a warning when accessing via the browser. Type this is unsafe on the browser screen.

image

The initial setup screen of Ops Manager will be displayed. Click the "Internal Authentication" button.

image

Set the admin user's username, password, and decryption passphrase, then click the "Setup Authentication" button.

image

Wait for a while.

image

The login screen will be displayed.

image

Enter the admin user's username and password and click the "SIGN IN" button. You will see a dashboard screen like this.

image

Tip

To access Ops Manager via ssh, use the following command to get the SSH private key.

cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_ssh_private_key > opsman.pem
chmod 600 opsman.pem

You can access via SSH using the following command with the obtained SSH private key.

ssh ubuntu@$(cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_dns) -i opsman.pem

Creating Certificates with Let's Encrypt

Although installation can proceed with the self-signed certificate, we will use a certificate issued by Let's Encrypt for this installation. The certificate created here will also be used for the TAS installation in the next article.

Install the lego CLI.

sudo apt-get install lego -y

Set the following environment variables.

export AWS_REGION=...
export AWS_ACCESS_KEY_ID=...
export AWS_SECRET_ACCESS_KEY=...
export AWS_SESSION_TOKEN=... (Optional)
export AWS_HOSTED_ZONE_ID=$(aws route53 list-hosted-zones | jq -r --arg NAME "${TF_VAR_hosted_zone}." '.HostedZones[] | select(.Name == $NAME) | .Id' | sed 's|/hostedzone/||')
export SUBDOMAIN=${TF_VAR_environment_name}.${TF_VAR_hosted_zone}
export EMAIL=<your email address>

Create the certificate with the following command.

lego --accept-tos \
  --key-type=rsa4096 \
  --domains="*.${SUBDOMAIN}" \
  --domains="*.apps.${SUBDOMAIN}" \
  --domains="*.sys.${SUBDOMAIN}" \
  --email=${EMAIL} \
  --dns=route53 \
  run

Certificates will be generated in the following directory.

$ ls -la .lego/certificates/
total 16
drwx------ 6 tmaki tmaki  192 Jun 25 08:00 .
drwx------ 4 tmaki tmaki  128 Jun 25 07:56 ..
-rw------- 1 tmaki tmaki 4014 Jun 25 08:00 _.sandbox.aws.maki.lol.crt
-rw------- 1 tmaki tmaki 1802 Jun 25 08:00 _.sandbox.aws.maki.lol.issuer.crt
-rw------- 1 tmaki tmaki  243 Jun 25 08:00 _.sandbox.aws.maki.lol.json
-rw------- 1 tmaki tmaki 3243 Jun 25 08:00 _.sandbox.aws.maki.lol.key

You can verify the Subject Alternative Names of the certificate with the following command.

$ cat .lego/certificates/_.sandbox.aws.maki.lol.crt | openssl x509 -noout -text | grep DNS:
                DNS:*.apps.sandbox.aws.maki.lol, DNS:*.sandbox.aws.maki.lol, DNS:*.sys.sandbox.aws.maki.lol

To set this certificate in Ops Manager, use the om CLI.

Describe the information to access Ops Manager in env.yml.

export OM_USERNAME=<opsmanager username>
export OM_PASSWORD=<opsmanager password>
export OM_DECRYPTION_PASSPHRASE=<opsmanager decryption passphrase>

cat <<EOF > env.yml
target: https://opsmanager.${SUBDOMAIN}
connect-timeout: 30
request-timeout: 1800
skip-ssl-validation: true
username: ${OM_USERNAME}
password: ${OM_PASSWORD}
decryption-passphrase: ${OM_DECRYPTION_PASSPHRASE}
EOF

Define the certificate to be set in Ops Manager in ssl-certificate.yml.

cat <<EOF > ssl-certificate.yml
ssl-certificate:
  certificate: |
$(cat .lego/certificates/_.${SUBDOMAIN}.crt | sed 's/^/    /g')
  private_key: |
$(cat .lego/certificates/_.${SUBDOMAIN}.key | sed 's/^/    /g')
EOF

Set the certificate in Ops Manager with the following command.

om --env env.yml configure-opsman --config ssl-certificate.yml

After a while, the certificate warning will disappear when accessing via the browser. It is faster to access in a new window.

image

Tip

If you want to set it from the Ops Manager GUI, click your username in the upper right corner, select "Settings" → "SSL Certificate," and set the Certificate and Private Key, then save.

image

Installing BOSH Director

Next, use Ops Manager to install BOSH Director. BOSH Director is a crucial component that manages the installation, updates, and health monitoring of TAS. It is analogous to Kubernetes for VMs.

BOSH Director is installed on the management network as shown below.

image

AWS Config

Configure the information for BOSH Director to access AWS. Instead of using AWS access keys, use Instance Profiles.

https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/aws-config-manual.html#step-2-configure-aws-1

image
  1. Select Use AWS Instance Profile and set AWS IAM Instance Profile to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_iam_instance_profile_name
  2. Set Security Group ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .platform_vms_security_group_id
  3. Set Key Pair Name to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_key_pair_name
  4. Set SSH Private Key to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .ops_manager_ssh_private_key
  5. Set Region to the result of echo $AWS_REGION

Click the "Save" button to save the settings.

Director Config

Configure BOSH Director itself. Use the S3 bucket created by Terraform as the Blobstore.

https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/aws-config-manual.html#step-3-complete-the-director-config-page-2

image
  1. Set the address of the NTP server in NTP Servers (comma delimited) (e.g., time.google.com)
  2. Check Enable VM Resurrector Plugin
  3. Select S3 Compatible Blobstore for Blobstore Location and:
    1. Set the S3 Endpoint to the S3 Endpoint URL for your region, typically the value of echo https://s3.${AWS_REGION}.amazonaws.com
    2. Select IAM Instance Profile for Credentials Source
    3. Select V4 Signature for S3 Signature Version and set Region to the value of echo $AWS_REGION
    4. Select Use a versioned bucket for S3 Backup Strategy
  4. Select On for Certificate Duration Overrides (to extend the certificate duration to 10 years and prevent expiration-related incidents)
    1. Set CA Certificate Duration (days) to 3650
    2. Set Leaf Certificate Duration (days) to 3650

Click the "Save" button to save the settings.

Create Availability Zones

Set the options for the Availability Zones where BOSH Director will deploy VMs.

https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/aws-config-manual.html#step-4-create-availability-zones-3

image
  1. Click the "Add" button as many times as the number of Availability Zones output by cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .availability_zones and set the values accordingly.

Click the "Save" button to save the settings.

Create Networks

Set the options for the Network where BOSH Director will deploy VMs. This is the most complex part of the installation, including TAS.

https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/aws-config-manual.html#step-5-create-networks-4

image
  1. Click the "Add Network" button and set Name to management (the network where BOSH Director is installed)
  2. In Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_ids[0]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_cidrs[0] (default: 10.0.16.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_reserved_ip_ranges[0] (default: 10.0.16.1-10.0.16.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_gateways[0] (default: 10.0.16.1)
    6. Select the first Availability Zone for Availability Zones
  3. Click the "Add Subnet" button and in Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_ids[1]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_cidrs[1] (default: 10.0.17.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_reserved_ip_ranges[1] (default: 10.0.17.1-10.0.17.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_gateways[1] (default: 10.0.17.1)
    6. Select the second Availability Zone for Availability Zones
  4. Click the "Add Subnet" button and in Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_ids[2]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_cidrs[2] (default: 10.0.18.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_reserved_ip_ranges[2] (default: 10.0.18.1-10.0.18.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .management_subnet_gateways[2] (default: 10.0.18.1)
    6. Select the third Availability Zone for Availability Zones
  5. Set Name to tas (the network for installing main products, including TAS)
  6. In Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_ids[0]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_cidrs[0] (default: 10.0.4.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_reserved_ip_ranges[0] (default: 10.0.4.1-10.0.4.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_gateways[0] (default: 10.0.4.1)
    6. Select the first Availability Zone for Availability Zones
  7. Click the "Add Subnet" button and in Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_ids[1]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_cidrs[1] (default: 10.0.5.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_reserved_ip_ranges[1] (default: 10.0.5.1-10.0.5.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_gateways[1] (default: 10.0.5.1)
    6. Select the second Availability Zone for Availability Zones
  8. Click the "Add Subnet" button and in Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_ids[2]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_cidrs[2] (default: 10.0.6.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_reserved_ip_ranges[2] (default: 10.0.6.1-10.0.6.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_tas.value -r | jq -r .tas_subnet_gateways[2] (default: 10.0.6.1)
    6. Select the third Availability Zone for Availability Zones
  9. Set Name to services (the network for installing on-demand services like MySQL, PostgreSQL, RabbitMQ)
  10. In Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_ids[0]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_cidrs[0] (default: 10.0.8.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_reserved_ip_ranges[0] (default: 10.0.8.1-10.0.8.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_gateways[0] (default: 10.0.8.1)
    6. Select the first Availability Zone for Availability Zones
  11. Click the "Add Subnet" button and in Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_ids[1]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_cidrs[1] (default: 10.0.9.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_reserved_ip_ranges[1] (default: 10.0.9.1-10.0.9.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_gateways[1] (default: 10.0.9.1)
    6. Select the second Availability Zone for Availability Zones
  12. Click the "Add Subnet" button and in Subnets:
    1. Set VPC Subnet ID to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_ids[2]
    2. Set CIDR to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_cidrs[2] (default: 10.0.10.0/24)
    3. Set Reserved IP Ranges to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_reserved_ip_ranges[2] (default: 10.0.10.1-10.0.10.9)
    4. Set DNS to 10.0.0.2
    5. Set Gateway to the result of cat tas-paving-aws/terraform.tfstate | jq .outputs.stable_config_opsmanager.value -r | jq -r .services_subnet_gateways[2] (default: 10.0.10.1)
    6. Select the third Availability Zone for Availability Zones

Click the "Save" button to save the settings.

Assign AZs and Networks

Set the AZ and Network for deploying BOSH Director itself.

https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/aws-config-manual.html#step-6-assign-azs-and-networks-5

image
  1. Select any Availability Zone for Singleton Availability Zone (BOSH Director will be installed in this AZ)
  2. Select management for Network

Click the "Save" button to save the settings.

Security

Set the TLS certificates that BOSH Director will trust for the VMs it creates.

https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/aws-config-manual.html#step-7-configure-security-6

image
  1. Check Include Tanzu Ops Manager Root CA in Trusted Certs

Click the "Save" button to save the settings.

Return to the dashboard.

image

Click the "REVIEW PENDING CHANGES" button.

image

Click the "APPLY CHANGES" button.

image

If "Changes Applied" is displayed, the installation was successful.

In the next article, we will install Tanzu Application Service on this environment.

Found a mistake? Update the entry.
Share this article: