-
Notifications
You must be signed in to change notification settings - Fork 68
/
Copy path_preparing-for-bbr.html.md.erb
233 lines (163 loc) · 8.92 KB
/
_preparing-for-bbr.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
Before you use BBR to either back up TKGI or restore TKGI from backup,
follow these steps to retrieve deployment information and credentials:
* [Verify your BBR Version](#verify-bbr-version)
* [Retrieve the BBR SSH Credentials](#bbr-ssh-creds)
* [Retrieve the BOSH Director Credentials](#bosh-creds)
* [Retrieve the UAA Client Credentials](#cluster-creds)
* [Retrieve the BOSH Director Address](#bosh-address)
* [Download the Root CA Certificate](#root-ca-cert)
* [Retrieve the BOSH Command Line Credentials](#bosh-cli-creds)
* [Retrieve Your Cluster Deployment Names](#cluster-deployment-name)
### <a id='verify-bbr-version'></a> Verify Your BBR Version
Before running BBR, verify that the installed version of BBR is compatible with the version of Ops Manager
your TKGI tile is on:
1. To determine the Ops Manager BBR version requirements,
see the [Ops Manager Release Notes](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-0/tanzu-ops-manager/release-notes.html)
for the version of Ops Manager you are using.
1. To verify the currently installed BBR version, run the following command:
```
bbr version
```
1. If the installed BBR version does not meet the Ops Manager BBR version requirement, or BBR is not installed, you must upgrade BBR.
For more information, see [Installing BOSH Backup and Restore](bbr-install.html).
### <a id='bbr-ssh-creds'></a> Retrieve the BBR SSH Credentials
There are two ways to retrieve BOSH Director credentials:
* [Ops Manager Installation Dashboard](#bbr-ssh-creds-via-ui)
* [Ops Manager API](#bbr-ssh-creds-via-api)
#### <a id='bbr-ssh-creds-via-ui'></a> Ops Manager Installation Dashboard
To retrieve your BBR SSH Credentials using the Ops Manager Installation Dashboard:
1. Navigate to the Ops Manager Installation Dashboard.
1. Click the BOSH Director tile.
1. Click the **Credentials** tab.
1. Locate **Bbr Ssh Credentials**.
1. Click **Link to Credentials** next to it.
1. Copy the `private_key_pem` field value.
#### <a id='bbr-ssh-creds-via-api'></a> Ops Manager API
To retrieve your BBR SSH Credentials using the Ops Manager API:
1. Obtain your UAA access token. For more information,
see [Access the Ops Manager API](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-0/tanzu-ops-manager/install-ops-man-api.html#access).
1. Retrieve the **Bbr Ssh Credentials** by running the following command:
```
curl "https://OPS-MAN-FQDN/api/v0/deployed/director/credentials/bbr_ssh_credentials" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
```
Where:
* `OPS-MAN-FQDN` is the fully-qualified domain name (FQDN) for your Ops Manager deployment.
* `UAA-ACCESS-TOKEN` is your UAA access token.
1. Copy the value of the `private_key_pem` field.
#### <a id='bbr-ssh-creds-save'></a> Save the BBR SSH Credentials to File
To save the BBR SSH credentials to a private key file:
1. To reformat the copied `private_key_pem` value and save it to a file in the current directory:
```
printf -- "YOUR-PRIVATE-KEY" > PRIVATE-KEY-FILE
```
Where:
* `YOUR-PRIVATE-KEY` is the text of your private key.
* `PRIVATE-KEY-FILE` is the path to the private key file you are creating.
For example:
```console
$ printf -- "-----begin rsa private key----- fake key contents ----end rsa private key-----" > bbr_key.pem
```
### <a id='bosh-creds'></a> Retrieve the BOSH Director Credentials
There are two ways to retrieve BOSH Director credentials:
* [Ops Manager Installation Dashboard](#bosh-creds-via-ui)
* [Ops Manager API](#bosh-creds-via-api)
#### <a id='bosh-creds-via-ui'></a> Ops Manager Installation Dashboard
To retrieve your BOSH Director credentials using the Ops Manager Installation Dashboard, perform the following steps:
1. Navigate to the Ops Manager Installation Dashboard.
1. Click the BOSH Director tile.
1. Click the **Credentials** tab.
1. Locate **Director Credentials**.
1. Click **Link to Credentials** next to it.
1. Copy and record the value of the `password` field.
#### <a id='bosh-creds-via-api'></a> Ops Manager API
To retrieve your BOSH Director credentials using the Ops Manager API, perform the following steps:
1. Obtain your UAA access token. For more information, see
[Access the Ops Manager API](https://techdocs.broadcom.com/us/en/vmware-tanzu/platform/tanzu-operations-manager/3-0/tanzu-ops-manager/install-ops-man-api.html#access).
1. Retrieve the **Director Credentials** by running the following command:
```
curl "https://OPS-MAN-FQDN/api/v0/deployed/director/credentials/bbr_ssh_credentials" \
-X GET \
-H "Authorization: Bearer UAA-ACCESS-TOKEN"
```
Where:
* `OPS-MAN-FQDN` is the fully-qualified domain name (FQDN) for your Ops Manager deployment.
* `UAA-ACCESS-TOKEN` is your UAA access token.
1. Copy and record the value of the `password` field.
### <a id='cluster-creds'></a> Retrieve the UAA Client Credentials
To obtain BOSH credentials for your BBR operations, perform the following steps:
1. From the Ops Manager Installation Dashboard, click the **Tanzu Kubernetes Grid Integrated Edition** tile.
1. Select the **Credentials** tab.
1. Navigate to **Credentials > UAA Client Credentials**.
1. Record the value for `uaa_client_secret`.
1. Record the value for `uaa_client_name`.
<p class="note"><strong>Note</strong>: You must use BOSH credentials that limit the scope of BBR activity to your cluster deployments.</p>
### <a id='bosh-address'></a> Retrieve the BOSH Director Address
You access the BOSH Director using an IP address.
To obtain your BOSH Director's IP address:
1. Open the Ops Manager Installation Dashboard.
1. Select **BOSH Director > Status**.
1. Select the listed Director IP Address.
#### <a id='bosh-address-log-in'></a> Log In To BOSH Director
1. If you are not using the Ops Manager VM as your jump box, install the latest [BOSH CLI](https://bosh.io/docs/cli-v2.html#install) on your jump box.
1. To log in to BOSH Director, using the IP address that you recorded above, run the following command line:
```
bosh -e BOSH-DIRECTOR-IP \
--ca-cert PATH-TO-BOSH-SERVER-CERTIFICATE log-in
```
Where:
* `BOSH-DIRECTOR-IP` is the BOSH Director IP address recorded above.
* `PATH-TO-BOSH-SERVER-CERTIFICATE` is the path to the root Certificate Authority (CA) certificate
as outlined in [Download the Root CA Certificate](#root-ca-cert).
1. To specify **Email**, specify `director`.
1. To specify **Password**, enter the **Director Credentials** that you obtained in
[Retrieve the BOSH Director Credentials](#bosh-creds).
<br>
For example:
```console
$ bosh -e 10.0.0.3 \
--ca-cert /var/tempest/workspaces/default/root_ca_certificate log-in
Email (): director
Password (): *******************
Successfully authenticated with UAA
Succeeded
```
### <a id='root-ca-cert'></a> Download the Root CA Certificate
To download the root CA certificate for your Tanzu Kubernetes Grid Integrated Edition deployment,
perform the following steps:
1. Open the Ops Manager Installation Dashboard.
1. In the top right corner, click your user name.
1. Navigate to **Settings** > **Advanced**.
1. Click **Download Root CA Cert**.
### <a id='bosh-cli-creds'></a> Retrieve the BOSH Command Line Credentials
1. Open the Ops Manager Installation Dashboard.
1. Click the **BOSH Director** tile.
1. In the BOSH Director tile, click the **Credentials** tab.
1. Navigate to **Bosh Commandline Credentials**.
1. Click **Link to Credential**.
1. Copy the credential value.
### <a id='cluster-deployment-name'></a> Retrieve Your Cluster Deployment Names
To locate and record a cluster deployment name, follow the steps below for each cluster:
1. <%= partial 'login-api' %>
1. Identify the cluster ID:
```
tkgi cluster CLUSTER-NAME
```
Where `CLUSTER-NAME` is the name of your cluster.
1. From the output of this command, record the **UUID** value.
1. Open the Ops Manager Installation Dashboard.
1. Click the **BOSH Director** tile.
1. Select the **Credentials** tab.
1. Navigate to **Bosh Commandline Credentials** and click **Link to Credential**.
1. Copy the credential value.
1. SSH into your jump box. For more information about the jump box, see [Installing BOSH Backup and Restore](bbr-install.html#jumpbox-setup).
1. To retrieve your cluster deployment name, run the following command:
```
BOSH-CLI-CREDENTIALS deployments | grep UUID
```
Where:
* `BOSH-CLI-CREDENTIALS` is the full value that you copied from the BOSH Director tile
in [Retrieve the BOSH Command Line Credentials](bbr-backup.html#bosh-cli-creds).
* `UUID` is the cluster UUID that you recorded in the previous step.
<br>