pivotal-cf / docs-ops-manager Goto Github PK

https://github.com/pivotal-cf/docs-ops-manager/blob/2.8/azure/config-terraform.html.md.erb says
"Click Save. If Enable ICMP checks is not selected, you may see red warnings. You can ignore these warnings.
"
The errors happen even if Enable ICMP checks is enabled:

Pivotal provides the Gitbot service to synchronize issues and pull requests made against public GitHub repos with Pivotal Tracker projects.

If you do not want to use Pivotal Tracker to manage this GitHub repo, you do not need to take any action.

If you are a Pivotal employee, you can configure Gitbot to sync your GitHub repo to your Pivotal Tracker project with a pull request.

Steps:

• Add the Toolsmiths-Bots team to have admin access to your repo
• Add the cf-gitbot ([email protected]) user to have owner access to your Pivotal Tracker project
• Create new branch in this repo: cfgitbot-config (an ask+cf@ ticket is the fastest way to get write access if you get a 404)
• Add your new repo and or project to config-production.yml file
• Submit a PR, which will get auto-merged if you've done it right. Detailed steps here

If you are not a pivotal employee, you can request that [email protected] set up the integration for you.

You might also be interested in configuring GitHub's Service Hook for Tracker on your repo so you can link your commits to Tracker stories. You can do this yourself by following the directions at:

https://www.pivotaltracker.com/blog/guide-githubs-service-hook-tracker/

If there are any questions, please reach out to [email protected].

The link https://docs.pivotal.io/platform/ops-manager/2-10/vsphere/vsphere-service-account.html shows the permission VirtualMachine.Config.Unlock needed for minimum permissions.

This permission can't be found in the recent documentation.
6.5 - https://docs.vmware.com/en/VMware-vSphere/6.5/com.vmware.vsphere.security.doc/GUID-FEAB5DF5-F7A2-412D-BF3D-7420A355AE8F.html
7.0 - https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-FEAB5DF5-F7A2-412D-BF3D-7420A355AE8F.html

URL or GitHub link to the page where you're having the issue
https://docs.pivotal.io/ops-manager/2-9/azure/config-manual.html#director-config
https://docs.pivotal.io/ops-manager/2-10/azure/config-manual.html#director-config

Is your request for a change or addition to content related to a problem? If so, please describe.
Azure NTP works differently than the other iaases. We don't allow the user to configure ntp, instead we use a ptp hardware clock. There's a bit more about it here but it's Azure's supposedly less latent and more accurate solution

Describe the solution you'd like
The docs aren't misleading about ntp usage.

Describe alternatives you've considered
We could revert this commit in the stemcell but it seems like moving in the wrong direction.

Additional context
Add any other context or screenshots about the content request here.

when progressing down the PKS installation path, the Assign Networks Network name is actually, "pks-infrastructure-network"

not "management"

URL or GitHub link to the page where you're having the issue
Where in the documentation set can I see the problem? If it's a more general request, then at least identify the product and version.
https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/login.html?hWord=N4IghgNiBcIQJmADiAvkA#log-in-to-tanzu-operations-manager-with-ldap-4

Describe the solution you'd like
We'd like the Opsman Ldap pages to reflect more of the information provided here in the open source docs and in uaa itself (https://github.com/cloudfoundry/uaa/blob/master/docs/UAA-LDAP.md)

Tied to support request: https://vmware.slack.com/archives/C035LESM2KH/p1707418832292109

Here: https://github.com/pivotal-cf/docs-ops-manager/blob/2.7/gcp/config-terraform.html.md.erb#L205

Goes straight from Security page to Syslog page, but in UI I see there's a BOSH DNS config page for which there's no corresponding walkthrough instruction.

URL or GitHub link to the page where you're having the issue
https://docs.pivotal.io/ops-manager/2-10/release-notes.html
https://github.com/pivotal-cf/docs-ops-manager/blob/2.10/release-notes.html.md.erb
https://network.pivotal.io/products/ops-manager/#/releases/831104

Is your request for a change or addition to content related to a problem? If so, please describe.
Ops Manager v2.10.7 was released on 2021-02-11, but the release notes have not been added.

Describe the solution you'd like
Ops Manager v2.10.7 release notes are added.

Describe alternatives you've considered
n/a

Additional context
n/a

Describe the solution you'd like

This request is likely beyond the scope of the docs team and to the eng team that backs docs however hopefully you can forward it to the correct team.

"90% of the documentation tickets where support providing customers with links to existing docs or kbs that provided a solution to their problem. We want to see the search ability of our docs improved so this information is more discoverable in a self service model. "

This is a feature request for better search on kb articles and docs

Describe alternatives you've considered
A clear and concise description of any alternative solutions or content you've considered.

Additional context
Add any other context or screenshots about the content request here.

Step 4 seems to be missing at
https://docs.pivotal.io/pivotalcf/2-4/om/azure/prepare-env-terraform.html

On the deploy step of the OpsMan OVA, when it comes to the SSH key field as shown here, the screenshot implies that only the encoded string is necessary. I have found this to not be true and the entire public key similar to the format required for authorized_keys is necessary. For example, the format required is similar to the following:

ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAnZBapWsER/EO1hLYvV/rkZe78mUBueZGHx1kw+ByfNbLoA385Cm72L+6qq40yOIH6R42nHN/bynbeHOD4Ptes4/s2lrLJtTzEWgH9XYnId4sE5f+QTFd2kRtTzZcu8WvFudEIyCIWjO+o9yvPETs05dEl/3KDn+t9uXxiszrG9Ycb2uNNpmDES+ohm9BQQFmpwFnao+UuQbRXLCcQ3SoE3Ai5Z9O+3PBwm0IByx87/dUuqvVISAJ8yGu2hJobx9PPStFERtUsfx5x+WIu9XIkrl5tzxgH9hBDsOS9cVUYJ7kKUUf1yyro6ocHyu6TWHJHSJLt8Z2FULxMPpqdn+8Xw== my-key

Either an updated screenshot or, preferably, some expounded instruction which explains this would help others in more quickly deploying the OVA.

URL or GitHub link to the page where you're having the issue
https://docs.pivotal.io/ops-manager/2-10/release-notes.html
https://github.com/pivotal-cf/docs-ops-manager/blob/2.10/release-notes.html.md.erb#L22

Is your request for a change or addition to content related to a problem? If so, please describe.
An addition. Ops Manager v2.10.15 has been released on PivNet, but the release notes are missing in the documentation.

Describe the solution you'd like
Ops Manager v2.10.15 release notes should be in the documentation.

According to the documentation, you must set custom VM types for Azure Government (as well as Azure Stack). Based on the suggested script, the VM types are being changed from ones which support Premium disks to ones that only support Standard disks. See documentation for reference:
https://docs.pivotal.io/pivotalcf/2-3/om/azure/config-manual.html#stack-gov-prereqs

Since all of the DS* and F*s VM types are supported in Azure Government, this script is no longer neccessary. In fact, when you go to select "Premium_LRS" from the Director Config page, you will get an error if you set the custom VM types.

Azure Install Documentation does not reference to Azure Blobstore, instead it is describing AWS configuration, and the Image is also not reflecting the current Opsmanager configuration options.

Docker pull request is failing after updating root CA certificate on PKS clusters. Is there anything to be done after updating root CA certificate

Services Network -> Gateway
Enter the first .1 address from the CIDR. For example, if the CIDR is 192.168.16.0/22, enter 192.168.16.1.

Should be (in consistency with infrastructure and runtime networks)
For example, if the CIDR is 192.168.20.0/22, enter 192.168.20.1.

URL or GitHub link to the page where you're having the issue
Where in the documentation set can I see the problem? If it's a more general request, then at least identify the product and version.

Please remove this page: https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/security-pcf-infrastructure-advanced-certificate-rotation.html

Along with any references to it (e.g. It's referrenced here https://docs.vmware.com/en/VMware-Tanzu-Operations-Manager/3.0/vmware-tanzu-ops-manager/security-pcf-infrastructure-maestro-tile-compatibility.html and maybe elsewhere). When it makes sense, mention that folks in this situation should contact support.

Is your request for a change or addition to content related to a problem? If so, please describe.
A clear and concise description of the problem. For example: "Whenever I upgrade my software I forget to first collect information about the things I've already installed"

Removal of advanced cert rotation instructions since support has raised that customers get into trouble doing this and it would be better to have them contact support.

https://vmware.slack.com/archives/C035LESM2KH/p1707418832292109

Describe the solution you'd like
A clear and concise description of what you want to happen.
Removal of advanced cert rotation instructions

Describe alternatives you've considered
A clear and concise description of any alternative solutions or content you've considered.
We could add more warning to the page however I see it called out that it's not recommended already. I believe that much of this information may already exist in support KB's which we could link.

Additional context
Add any other context or screenshots about the content request here.

Following the steps provided in this document results in an error message Unable to verify email or password. Please try again.
Since the username and password provided in the previous step isn't working there seems to be no way to log in to Ops Manager after initial install.

this warning should recommend customers upgrade to operations manager 2.10 to avoid app downtime. Also we should add this warning to the 2.9 docs. See Slack thread

Here: https://github.com/pivotal-cf/docs-ops-manager/blob/2.7/gcp/config-terraform.html.md.erb#L22

Says "In a web browser, navigate to the fully qualified domain name (FQDN) of the BOSH Director."

Should say: "In a web browser, navigate to the fully qualified domain name (FQDN) of the Ops Manager."

Describe the bug
Anchor missing for "SAML Settings" header in https://docs.pivotal.io/ops-manager/2-10/pcf-interface.html.

I run the terraform apply plan. I configured by variables correct and was about to get this working in aws gov. However on the commercial side. US-EAST i am getting the error:
Error: Error applying plan:

3 error(s) occurred:

• module.pas.aws_lb.ssh: 1 error(s) occurred:

• aws_lb.ssh: Error creating network Load Balancer: InvalidConfigurationRequest: A load balancer cannot be attached to multiple subnets in the same Availability Zone
  status code: 400, request id: 1c9173b3-4de3-11e9-af33-5fa505d58460

• module.pas.aws_lb.web: 1 error(s) occurred:

• aws_lb.web: Error creating network Load Balancer: InvalidConfigurationRequest: A load balancer cannot be attached to multiple subnets in the same Availability Zone
  status code: 400, request id: 1c919b2c-4de3-11e9-bbdc-2df790f44f33

• module.pas.aws_lb.tcp: 1 error(s) occurred:

• aws_lb.tcp: Error creating network Load Balancer: InvalidConfigurationRequest: A load balancer cannot be attached to multiple subnets in the same Availability Zone
  status code: 400, request id: 1c920fa7-4de3-11e9-9370-7540ede32166

Anyone know how to resolve the load balancer issue for Pivotal Cloud Foundry on AWS US-EAST for Elastic Load Balancers?

FYI, i am following this guide: https://docs.pivotal.io/pcf/om/2-3/aws/prepare-env-terraform.html

Here:
https://github.com/pivotal-cf/docs-ops-manager/blob/2.0/azure/deploy-manual.html.md.erb

This command:
az network lb probe create --lb-name pcf-lb
--name http8080 --resource-group $RESOURCE_GROUP
--protocol Http --port 8080

is missing option:
--path /

without it or another correct path the command is failing

In OpsMan v2.5, a feature was added to allow Host Group isolation for availability zones. See release notes here

We wrote an Experience Report on this feature that might be a helpful starter for this documentation, here.

We would expect documentation to be added to docs-ops-manager/vsphere/config.html.md.erb

@z4ce

I was going to do a PR on this but this section looks to be common, so I am not sure how to proceed. Here is what needs to change.

For GCP, we need to set 169.254.169.254 in the Excluded Resources list. This is because that is the IP of the GCP Metadata (and thereby DNS) resolver. Otherwise you get recursive DNS lookups and have failures to resolve hosts. This is the text I would suggest for GCP:

Current Text:
(Optional) Enter your list of comma-separated Excluded Recursors to declare which IP addresses and ports should not be used by the DNS server.

Suggested Text:
Enter your list of comma-separated Excluded Recursors to declare which IP addresses and ports should not be used by the DNS server, this should minimally include the IP of the Metadata Server (169.254.169.254). Adding this IP is required to avoid name resolution issues with Bosh DNS

Not sure if this is an issue later on, for me at the moment, OpsMan isn't working even though the VM is up. I'll have to figure out how to see the logs and then check them for a possible issue, but one issue with the docs for setting up Ops Manager on GCP is in the part where it asks you to create storage buckets on GCP.
GCP requires universally unique bucket names and hence does not take the default names in the documentation. I'm the admin for a single project on the GCP account, trying to install for a Single project (not shared). I created buckets with names different from what the documentation said but I don't know if that can be an issue moving on.

The Link is not working as "Ops Manager" doesn't exist on Azure Marketplace

I have a question about the instructions at location:

PCF 2.5
URL: https://docs.pivotal.io/pivotalcf/2-5/om/aws/config-terraform.html

• Configuring BOSH Director on AWS Using Terraform
• S3 Compatible Blobstore
• 1 S3 Endpoint
• c. "Copy the custom public CA certificate..."

The instructions refer to the "public CA certificate you used to sign the S3 endpoint"
The Note box also refers to a "custom CA certificate"

Two questions:

1. What custom CA cert is being referred to in these S3 blobstore instructions and note?
2. Is "sign the S3 endpoint" correct wording?

This line returns a dead link

Here:
https://github.com/pivotal-cf/docs-ops-manager/blob/2.0/azure/deploy-manual.html.md.erb

Those commands:
$ az network vnet subnet create --name Management
--vnet-name PCF
--resource-group $RESOURCE_GROUP
--address-prefix 10.0.4.0/26
--network-security-group pcf-nsg
$ az network vnet subnet create --name Deployment
--vnet-name PCF
--resource-group $RESOURCE_GROUP
--address-prefix 10.0.12.0/20
--network-security-group pcf-nsg
$ az network vnet subnet create --name Services
--vnet-name PCF
--resource-group $RESOURCE_GROUP
--address-prefix 10.0.8.0/20
--network-security-group pcf-nsg

are always referring to the pcf-nsg. I assume one or more of them should refer also to opsmgr-nsg otherwise this opsmgr-nsg is not used and doesn't have to be created.

URL: https://docs.pivotal.io/ops-manager/2-10/gcp/prepare-env-terraform.html but might be true for other cloud providers (not only GCP).

When trying to download terraform templates from VMware Tanzu Network (TAS for VMs), as mentioned, it seems it's no longer available.

I finally downloaded the templates from github: https://github.com/pivotal/paving

So if I'm not wrong, it could help updating the documentation about terraform templates.