Installing Pivotal Cloud Foundry on OpenStack
Page last updated:
This guide describes how to install Pivotal Cloud Foundry (PCF) on OpenStack Juno and Kilo distributions.
Pivotal’s automated testing environments have been built using OpenStack releases and distributions based on Havana, Icehouse, Juno, Kilo (Keystone v2, and v3), Liberty, and Mitaka from different vendors including Canonical, EMC, Mirantis, Red Hat, and SUSE. The nature of OpenStack as a collection of interoperable components requires OpenStack expertise to troubleshoot issues that may occur when installing Pivotal Cloud Foundry on particular releases and distributions.
The following sections describe general requirements for running PCF and specific requirements for running PCF on OpenStack.
The following are general requirements for deploying and managing a PCF deployment with Ops Manager and Elastic Runtime:
(Recommended) Ability to create a wildcard DNS record to point to your router or load balancer. Alternatively, you can use a service such as xip.io. For example,
Elastic Runtime gives each application its own hostname in your app domain. With a wildcard DNS record, every hostname in your domain resolves to the IP address of your router or load balancer, and you do not need to configure an A record for each app hostname. For example, if you create a DNS record
*.example.compointing to your router, every application deployed to the
example.comdomain resolves to the IP address of your router.
(Recommended) A network without DHCP available for deploying the Elastic Runtime VMs
Note: If you have DHCP, refer to the Troubleshooting Guide to avoid issues with your installation.
Sufficient IP allocation:
- One IP address for each VM instance
- An additional IP address for each instance that requires static IPs
- An additional IP address for each errand
- An additional IP address for each compilation worker:
IPs needed = VM instances + static IPs + errands + compilation workers
Note: BOSH requires that you allocate a sufficient number of additional dynamic IP addresses when configuring a reserved IP range during installation. BOSH uses these IPs during installation to compile and deploy VMs, install Elastic Runtime, and connect to services. We recommend that you allocate at least 36 dynamic IP addresses when deploying Ops Manager and Elastic Runtime.
The most recent version of the Cloud Foundry Command Line Interface (cf CLI)
One or more NTP servers
To deploy Pivotal Cloud Foundry on OpenStack, you must have a dedicated OpenStack tenant (formerly known as an OpenStack project) that meets the following requirements.
You must have keystone credentials for the OpenStack tenant, including the following:
- Auth URL
- API key
- Project name
- SSL certificate for your wildcard domain (see below)
All necessary OpenStack network objects
The following must be enabled for the tenant:
- The ability to upload custom images to Glance
- The ability to create and modify VM flavors. See the VM flavor configuration table
- The ability to allocate floating IPs
- The ability for VMs inside a tenant to send messages via the floating IP.
- Permissions for VMs to boot directly from image
- One wildcard DNS domain. Pivotal recommends using two wildcard domains if system and apps need to be separated.
Note: For information about how IaaS user roles are configured, refer to the Pivotal Cloud Foundry IaaS User Role Guidelines topic.
Note: It is possible to avoid using wildcard DNS domains by using a service such as xip.io. However, this option requires granting external internet access from inside VMs.
Your OpenStack tenant must have the following resources before you install Pivotal Cloud Foundry:
- 118 GB of RAM
- 22 available instances
- 16 small VMs (1 vCPU, 1024 MB of RAM, 10 GB of root disk)
- 3 large VMs (4 vCPU, 16384 MB of RAM, 10 GB of root disk)
- 3 extra-large VMs (8 vCPU, 16 GB of RAM, 160 GB of ephemeral disk)
- 56 vCPUs
- 1 TB of storage
- Neutron networking with floating IP support
Note: If you are using IPsec, your resource usage will increase by approximately 36 bytes. View the Installing IPsec topic for information, including setting correct MTU values.
Requirements for your Cinder back end:
- PCF requires RAW root disk images. The Cinder back end for your OpenStack tenant must support RAW.
- Pivotal recommends that you use a Cinder back end that supports snapshots. This is required for some BOSH functionalities.
- Pivotal recommends enabling your Cinder back end to delete block storage asynchronously. If this is not possible, it must be able to delete multiple 20GB volumes within 300 seconds.
Using an Overlay Network with VXLAN or GRE Protocols:
- If an overlay network is being used with VXLAN or GRE protocols, the MTU of the created VMs must be adjusted to the best practices recommended by the plugin vendor (if any).
- DHCP must be enabled in the internal network for the MTU to be assigned to the VMs automatically.
- Review the Installing Elastic Runtime on OpenStack topic to adjust your MTU values.
- Failure to configure your overlay network correctly could cause Apps Manager to fail since applications will not be able to connect to the UAA.
- Pivotal recommends granting complete access to the OpenStack logs to the operator managing the installation process.
- Your OpenStack environment should be thoroughly tested and considered stable before deploying PCF.
Do not change the names of the VM flavors in the table below.
Complete the following procedures to install PCF on OpenStack:
(Optional) Installing the PCF IPsec Add-On