-
Notifications
You must be signed in to change notification settings - Fork 2
/
installing.html.md.erb
145 lines (123 loc) · 9.18 KB
/
installing.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
---
title: Installing and Configuring F5 Container Connector for PCF
owner: Partners
---
This topic describes how to install and configure F5 Container Connector for Pivotal Cloud Foundry (PCF).
## <a id='install'></a>Installing and Configuring F5 Container Connector for PCF
<ol>
<li>Download the product file from <a href="https://network.pivotal.io/">Pivotal Network</a>.</li>
<li>Navigate to the Ops Manager Installation Dashboard and click <strong>Import a Product</strong> to upload the product file.</li>
<li>Under the <strong>Import a Product</strong> button, click <strong>+</strong> next to the version number of F5 Container Connector for PCF. This adds the tile to your staging area.</li>
<li>Click the <strong>F5 Container Connector for PCF</strong> tile.</li>
<li>Under the Settings tab, configure the following settings:
<ol>
<li>Assign an Availability Zone and a network for the Container Connector to connect to.<br/>
<img src="./images/config1.png" alt="Settings tab"></li>
<li>Under the Connection Information page, configure the following settings:<br/>
<img src="./images/config2.png" alt="Connection information page">
<ul>
<li><strong>BIG-IP IP Address or FQDN</strong>: The IP address of either the MGMT interface or another interface configured to handle MGMT traffic. This can also be a FQDN that PCF can resolve.</li>
<li><strong>BIG-IP Username and BIG-IP Password</strong>: The BIG-IP username and password for an account that has administrator privileges.</li>
<li><strong>BIG-IP Partition</strong>: The name of the partition on the BIG-IP that you created specifically for Container Connector. All the App connection information will go in this partition.</li>
<li><strong>BIG-IP Virtual Server IP Address</strong>: The IP address that is the entry point for all PCF apps. Wildcard DNS entries should reference this IP address.</li>
<li><strong>BIG-IP Policies</strong>: The full path to a BIG-IP Policy object (i.e., /Common/VALID_URL). In this field, you can enforce security policies, add X-Headers to requests, and more.</li>
</ul>
<img src="./images/config3.png">
<ul>
<li><strong>BIG-IP Profiles</strong>: The full path to a BIG-IP Profile object. This can be any valid traffic profile.</li>
<li><strong>BIG-IP Health Monitors</strong>: The full path to a BIG-IP Health Monitor. You will use this to determine the health of all the apps running in the PCF environment.</li>
<li><strong>NATS Host IP Address</strong>: View this IP address in Pivotal Elastic Runtime, under the <strong>Status</strong> tab.</li>
<li><strong>NATS Host Port</strong>: By default, this is <code>4222</code>.</li>
<li><strong>NATS User Password</strong>: View these credentials in Pivotal Elastic Runtime, under the <strong>Credentials</strong> tab, under the <strong>NATS</strong> line entry. Click on <strong>Link to Credential</strong> to view the password. </li>
<li><strong>OAuth Endpoint</strong>: The FQDN of the UAA service. By default, this is <code>uaa.YOUR-SYSTEM-DOMAIN</code>. View your system domain on the <strong>Domains</strong> page of Pivotal Elastic Runtime's <strong>Settings</strong> tab.</li>
<li><strong>OAuth Secret</strong>: View this secret in Pivotal Elastic Runtime, under the <strong>Credentials</strong> tab. Look for the <strong>UAA</strong> line, and find the <strong>Gorouter Client Credentials</strong>. Click on <strong>Link to Credential</strong> to view the password.</li>
<li><strong>PCF API Endpoint</strong>: The FQDN of the <strong>API</strong> service. By default, this is <code>api.YOUR-SYSTEM-DOMAIN</code>. View your system domain on the <strong>Domains</strong> page of Pivotal Elastic Runtime's <strong>Settings</strong> tab.</li>
</ul>
</li>
</ol>
</li>
<li>Click <strong>Save</strong>.</li>
<li>Return to the Ops Manager Installation Dashboard and click <strong>Apply changes</strong> to install the F5 Container Connector for PCF tile.</li>
</ol>
## <a id="manual"></a>Manually Installing F5 Container Connector for PCF
If necessary, you can install the F5 Container Connector for PCF manually. You may want to install the Container Connector manually if you need to specify which Org or Space to use.
A manual install is useful if you run into any issues with the tile installing correctly after following the procedure in <a href="#install">Installing and Configuring F5 Container Connector for PCF</a>. The manual install process is also faster.
The F5 Container Connector for PCF is located on the [Public Docker Registry](https://hub.docker.com/r/f5networks/cf-bigip-ctlr/). You can pull it down from within a ``cf push`` command.
### <a id="manual-process"></a>How to Manually Install F5 Container Connector for PCF
<ol>
<li>Create a <code>cf push</code> manifest file. This manifest tells PCF what the app should be named, how to check its health, and sets up the environment variables for the Container Connector that store its configuration information.<br/>
Below is an example <strong>manifest.yml</strong> file. You can use this as the basis for your manifest. Modify the <code>{EXAMPLE}</code> fields with information that pertains to your PCF installation:<br/>
<pre class="terminal">
applications:
- name: {Appname - cc4pcf is what we have been using.}
health-check-type: http
health-check-http-endpoint: /health
routes:
- route: {App Route - like cc4pcf.apps.company.com}
env:
BIGIP_CTLR_CFG: |
bigip:
url: https://{IP Address of BIG-IP MGMT interface}
user: {BIG-IP Username that has 'admin' rights}
pass: {Password for above Username}
partition:
- {Partition for Container Connector's sole use - like 'pcf'}
balance: round-robin
verify_interval: 1000000
external_addr: {BIG-IP Virtual Server IP Address for external connections}
policies:
- {BIG-IP Policy path #1 - like '/Common/my-policy'}
- {BIG-IP Policy path #2 - multiple policies can be defined}
profiles:
- {BIG-IP Profile path #1 - like '/Common/forwarded-for'}
- {BIG-IP Profile path #2 - multiple profiles can be defined}
health_monitors:
- {BIG-IP Monitor path #1 - like '/Common/tcp_half_open'}
- {BIG-IP Monitor path #2 - multiple health monitors can be defined}
status:
user: admin
pass: admin
nats:
- host: {IP Address of NATS host}
port: {Port of NATS service - default is 4222}
user: nats
pass: {Admin password of 'nats' user}
logging:
file: /tmp/cf-bigip.ctlr.log
syslog: vcap.cf-bigip-ctlr
level: info
loggregator_enabled: false
metron_address: "localhost:3457"
go_max_procs: -1
prune_stale_droplets_interval: 30s
droplet_stale_threshold: 120s
suspend_pruning_if_nats_unavailable: false
oauth:
token_endpoint: {FQDN of UAA Service - like 'uaa.service.company.com'}
client_name: "gorouter"
client_secret: {Gorouter Client Credentials}
port: 443
skip_ssl_validation: true
ca_certs:
routing_api:
uri: {URI of API Serivce - like 'api.service.company.com'}
port: 80
auth_disabled: false
start_response_delay_interval: 20s
token_fetcher_max_retries: 3
token_fetcher_retry_interval: 5s
token_fetcher_expiration_buffer_time: 30
</pre>
</li>
<li><code>cf push</code> to finish the install.<br/>
<pre class="terminal">
cf push cc4pcf -f ./manifest.yml -o f5networks/cf-bigip-ctlr -k 128M -m 128M
</pre><br/>
This assumes that your <strong>manifest.yml</strong> file is in the local directory. The <code>-k 128M -m 128M</code> is optional to limit the amount of Memory and Disk space to 128 Mb, since PCF defaults to 1 GB for each.
</li>
<li>Install complete. Log into your BIG-IP and confirm there is a <code>routing-vip-http</code> virtual service. If its not there, see the <strong>Troubleshooting</strong> section of the documentation.</li>
### <a id="reminders"></a>Useful Reminders About Manual Installation
* You can configure multiple Policies and Profiles - one per line in the manifest - in the appropriate sections above.
* Your endpoints may have a different configuration from the examples used above. They all default to whatever is set up for the `service` domain in the ERT Domain configuration.
* Most of the PCF services use default IP ports, but if your PCF installation uses different ports, you will need to do the manual install in order to specify the different port values.
* The **status** section of the Manifest file is for BasicAuth access to a `/routes` endpoint on the Container Connector. This API will return all the running apps that it knows about in a JSON format.