Skip to content

Using your environment

How do I ssh into my Ops Manager instance?

For all versions of TAS running on GCP

  • Fetch the private key via metadata API call (For custom environments, It is also included in the Access & Return info email.). For pooled environment please see here. For custom environment please see here. You can find the private key in the field ops_manager_private_key in the metadata response. Replace '\n' to new line and save it to a file named santaclara.priv. Do not forget to chmod 0600 santaclara.priv. You can replace santaclara with the name of your environment in the example below.
    export TS_G_ENV=santaclara
export TOOLSMITHS_API_TOKEN=aaaaaaaa-bbbb-cccc-dddd-eeeeeeeeeeee
curl "https://environments.toolsmiths.cf-app.com/v1/custom_gcp/pas/metadata?api_token=$TOOLSMITHS_API_TOKEN&name=${TS_G_ENV}" | jq -r .ops_manager_private_key | sed 's/\\n/\
/g' > /tmp/${TS_G_ENV}.priv
chmod 0600 /tmp/${TS_G_ENV}.priv 
ssh -i /tmp/${TS_G_ENV}.priv ubuntu@pcf.${TS_G_ENV}.cf-app.com

How do I target my bosh director?

  • You need to first SSH onto your OpsMan VM, see above.
  • Follow the step "Set the BOSH Environment Variables on the Ops Manager VM" in these directions.

How do I ssh into my bosh director from the Ops Manager instance?

  • GCP
  • TAS Bosh Directors deployed in GCP explicitly disable Google user accounts and the vcap user account from sshing into the instance. The Bosh Backup and Recovery service does provide a user account that you can use to ssh in with key authentication.
  • Retrieve bbr private key from BOSH Director for GCP -> Credentials -> Bbr Ssh Credentials -> private_key_pem
        awk '{gsub(/\\n/,"\n")}1' /tmp/private_key_pem > /tmp/bbr.key
    chmod 600 /tmp/bbr.key
    ssh -i /tmp/bbr.key bbr@10.0.0.5

How do I target my CF API endpoint?

  • Retrieve credentials from Pivotal Elastic Runtime -> Credentials -> UAA Admin

    cf login --skip-ssl-validation -a https://api.sys.<environment name>.cf-app.com
API endpoint: https://api.sys.<environment name>.cf-app.com
Email> admin
Password>
Authenticating...
OK

  • The CF System domain is set to: sys..cf-app.com

  • The CF Apps domain is set to: apps..cf-app.com

How can I use TCP Routing on my environment?

There is a load balancer which can be used for TCP Routing on each TAS that is deployed, but the TAS is not configured to use a TCP Router. The TCP Router is disabled by default on these environments, which is the same as the product default.

This load balancer listens on ports 1024-1123. To enable TCP Routing, follow the Pivotal Docs (here for TAS 2.7), you will need the following information:

  • Download the metadata file from the email labeled “GCP environment: santaclara | Access & Return info”.
  • Find the info needed to configure TCP Routing inside the metadata file:
  • The "GCP TCP load balancer name" is the value inside tcp_router_pool
  • The "TCP Subdomain" is the value inside tcp_domain

How can I test in an internetless environment on GCP?

  • You can use the script located here.
    ./pcf-internetless.sh santaclara

How do I access the AppsMan on my new TAS deployment?

  • Navigate to the Ops Manager on your new TAS deployment
  • Click on the Elastic Runtime Tile --> Errands
  • Switch the Apps Manager errand to "On"
  • Click "Save" at the bottom of the page
  • Navigate back to the Ops Manager and click "Apply Changes"
  • AppsMan will be available at: apps.sys..cf-app.com

What is your strategy for handling different versions of TAS?

Pre-release strategy for OpsMan and TAS

Toolsmiths provide the latest prerelease of TAS when there is a functional alpha release of both OpsMan and TAS. We have automation that tests the subsequent alpha/beta/RCs as they become available on PivNet. If we are able to deploy the latest alpha/beta/RC of either OpsMan or TAS, that new version is automatically used for future deploys. If there is a breaking change in an alpha/beta/RC, then it may take us a a couple of days to handle the changes. We cannot specify a daily build for TAS, as the build could be renamed to an alpha/beta/RC at any given time, creating a big mess for us.

What exact version will I get?

In general, you will get the latest major.minor versions of OpsMan and TAS that is available on PivNet. This could be a daily build. The main exception to this rule is for pre-releases that have the alpha or beta distinction. We gate-test each alpha/beta until we get to an RC, at which point we revert to providing the latest major.minor.

The /versions endpoint will describe the exact versions used in our deploy pipelines at any given time. If the version is fully specified, such as 2.8.0-alpha.1, then we are using that specific version. If we only specify the major.minor, such as 2.7, then we are using the latest build available on PivNet.