Provisioning the OpenStack Infrastructure

Page last updated:

This guide describes how to provision the OpenStack infrastructure where you need to install Pivotal Cloud Foundry. Use this topic when Installing Pivotal Cloud Foundry on OpenStack.

After completing this procedure, complete all of the steps in the Configuring Ops Manager Director on OpenStack and Deploying Elastic Runtime on OpenStack topics.

Note: This document uses Mirantis Openstack for screenshots and examples. The screens of your OpenStack vendor configuration interface may differ.

Step 1: Log in to the OpenStack Horizon Dashboard

  1. Log in to the OpenStack Horizon dashboard.

    Log in

  2. Click Connect.

  3. From the OpenStack project list dropdown, set the active project by selecting the project where you will deploy PCF.

    Project list

Step 2: Configure Security

WARNING: If you are using OpenStack Liberty or Mitaka, do not create the key pair with the OpenStack Horizon dashboard. Instead make sure that you generate the SSH key pair manually. For example, use the ssh-keygen command. Then follow the procedure below to import that key pair into OpenStack. This is due to an OpenStack bug.

  1. In the left navigation of your OpenStack Horizon dashboard, click Project > Compute > Access & Security.

  2. Select the Key Pairs tab on the Access & Security page.

  3. Click Import Key Pair.

  4. Enter a Key Pair Name and the contents of your public key in the Public Key field.

    Import key pair

  5. Click Import Key Pair.

  6. In the left navigation, click Access & Security to refresh the page. The new key pair appears in the list.

  7. Select the Security Groups tab. Click Create Security Group and create a group with the following properties:

    • Name: opsmanager
    • Description: Ops Manager

    Create security

  8. Select the checkbox for the opsmanager Security Group and click Manage Rules.

    Manage security rules

  9. Add the following ingress access rules for HTTP, HTTPS, and SSH as shown in the table below. The rules with opsmanager in the Remote column have restricted access to that particular Security Group.

    Note: Adjust the remote sources as necessary for your own security compliance. Pivotal recommends limiting remote access to Ops Manager to IP ranges within your organization.

    Direction Ether Type IP Protocol Port/Port Range Remote
    Ingress IPv4 TCP 22 (SSH) 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 80 (HTTP) 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 443 (HTTPS) 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 25555 0.0.0.0/0 (CIDR)
    Ingress IPv4 TCP 1-65535 opsmanager
    Ingress IPv4 UDP 1-65535 opsmanager
  10. Leave the existing default egress access rules as shown in the screenshot below. Ingress egress rules

Step 3: (Optional) Run the CF OpenStack Validator Tool

As an optional but recommended step, you can now run the CF OpenStack Validator tool against your OpenStack tenant to verify support for PCF.

  1. Follow the directions for running the CF OpenStack Validator Tool.

  2. When configuring the CPI version used by the Validator, specify the OpenStack CPI version indicated in the PCF Ops Manager Release Notes for the PCF release that you are planning to deploy.

Troubleshooting the output of the CF OpenStack Validator tool is beyond the scope of this document.

Step 4: Create Ops Manager Image

You can create the Ops Manager image in OpenStack using the OpenStack Horizon dashboard.

Note: If your Horizon Dashboard does not support file uploads, you must use the Glance CLI client.

To create an Ops Manager image in OpenStack, perform the following steps:

  1. Download the Pivotal Cloud Foundry Ops Manager for OpenStack image file from Pivotal Network.

  2. In the left navigation of your OpenStack dashboard, click Project > Compute > Images.

  3. Click Create Image. Complete the Create An Image page with the following information:

    • Name: Enter Ops Manager.
    • Image Source: Select Image File.
    • Image File: Click Choose File. Browse to and select the image file that you downloaded from Pivotal Network.
    • Format: Select Raw.
    • Minimum Disk (GB): Enter 80.
    • Minimum RAM (MB): Enter 8192.
    • Deselect the Public checkbox.
    • Select the Protected checkbox.

    Create image

  4. Click Create Image.

Step 5: Launch Ops Manager VM

  1. In the left navigation of your OpenStack dashboard, click Project > Compute > Images.

  2. Click Launch.

    Launch image

  3. In the Details tab, specify the following values:

  4. In the Source tab, specify the following values:

    • Select Boot Source: Select Image.
    • Create New Volume: Leave No selected.
    • Allocated: Make sure Ops Manager is selected. Instance source
  5. In the Flavor tab, click the plus button for m1.large. Instance flavor

  6. In the Networks tab, select a private subnet. You add a Floating IP to this network in a later step. Instance networks

  7. Skip the Network Ports tab.

  8. In the Security Groups tab, select the opsmanager security group that you created in Step 2: Configure Security. Deselect all other Security Groups. Instance security groups

  9. In the Key Pair tab, select the key pair that you imported in Step 2: Configure Security. Instance key pairs

  10. Skip the Configuration and Metadata tabs.

  11. Click Launch Instance. This step starts your new Ops Manager instance.

Step 6: Associate a Floating IP Address

  1. In the left navigation of your OpenStack dashboard, click Project > Compute > Instances.

  2. Wait until the Power State of the Ops Manager instance shows as Running.

  3. Record the private IP Address of the Ops Manager instance. Instance running You must provide this IP Address when you perform Step 6: Complete the Create Networks Page in Ops Manager.

  4. Select the Ops Manager checkbox. Click the Actions drop-down menu and select Associate Floating IP. The Manage Floating IP Associations screen appears. Floating ip create

  5. Under IP Address, click the plus button (+). The Allocate Floating IP screen appears.

  6. Under Pool, select an IP Pool and click Allocate IP.

    Floating ip allocate

  7. Under Port to be associated, select your Ops Manager instance.

    Floating ip assign

  8. Click Associate.

Step 7: Add Blob Storage

  1. In the left navigation of your OpenStack dashboard, click Project > Object Store > Containers.

  2. Click Create Container. Create a container with the following properties:

    • Container Name: Enter pcf.
    • Container Access: Leave public unselected.

    Create container

  3. Click Create.

Step 8: Download Credentials for S3 Blob Storage

  1. In the left navigation of your OpenStack dashboard, click Project > Compute > Access & Security. Select the API Access tab.

    Download credentials

  2. Click Download EC2 Credentials.

  3. Unzip the downloaded credentials.

  4. If you select S3 Compatible Blobstore in your Ops Manager Director Config, you need the contents of this file to complete the configuration.

Step 9: Create a DNS Entry

Note: For security, Ops Manager v1.7 and later require you to create a fully qualified domain name in order to access Ops Manager during the initial configuration.

Create a DNS entry for the floating IP address that you assigned to Ops Manager in Step 6: Associate a Floating IP Address.

You must use this fully qualified domain name when you log into Ops Manager for the first time.

Step 10: Configure Ops Manager Director for OpenStack

After completing this procedure, complete all of the steps in the Configuring Ops Manager Director on OpenStack and Deploying Elastic Runtime on OpenStack topics.


Return to Installing Pivotal Cloud Foundry on OpenStack.

Create a pull request or raise an issue on the source for this page in GitHub