Installing Pivotal Cloud Foundry on OpenStack
Page last updated:
This guide describes how to install Pivotal Cloud Foundry (PCF) on OpenStack Juno and Kilo distributions.
Complete the following procedures to install PCF on OpenStack:
(Optional) Installing the PCF IPsec Add-On
Pivotal’s automated testing environments have been built using OpenStack releases and distributions based on Havana, Icehouse, Juno, Kilo (Keystone v2, and v3), Liberty, and Mitaka from different vendors including Canonical, EMC, Mirantis, Red Hat, and SUSE. The nature of OpenStack as a collection of interoperable components requires OpenStack expertise to troubleshoot issues that may occur when installing Pivotal Cloud Foundry on particular releases and distributions.
In order to deploy Pivotal Cloud Foundry on OpenStack, you must have a dedicated OpenStack tenant (formerly known as an OpenStack project) that meets the following requirements.
You must have keystone credentials for the OpenStack tenant, including:
- Auth URL
- API key
- Project name
- SSL certificate for your wildcard domain (see below).
Create any necessary OpenStack network objects.
The following must be enabled for the tenant:
- The ability to upload custom images to Glance
- The ability to create and modify VM flavors. See the VM flavor configuration table.
- The ability to allocate floating IPs.
- The ability for VMs inside a tenant to send messages via the floating IP.
- Permissions for VMs to boot directly from image.
- One wildcard DNS domain. Pivotal recommends using two wildcard domains if system and apps need to be separated.
Note: For information on how IaaS user roles are configured, refer to the Pivotal Cloud Foundry IaaS User Role Guidelines topic.
Note: It is possible to avoid using wildcard DNS domains by using a service such as xip.io. However, this option requires granting external internet access from inside VMs.
Your OpenStack tenant must have the following resources before you install Pivotal Cloud Foundry:
- 118 GB of RAM
- 22 available instances
- 16 small VMs (1 vCPU, 1024 MB of RAM, 10 GB of root disk)
- 3 large VMs (4 vCPU, 16384 MB of RAM, 10 GB of root disk)
- 3 extra-large VMs (8 vCPU, 16 GB of RAM, 160 GB of ephemeral disk)
- 56 vCPUs
- 1 TB of storage
- Neutron networking with floating IP support
Note: If you are using IPsec, your resource usage will increase by approximately 36 bytes. View the Installing IPsec topic for information, including setting correct MTU values.
Requirements for your Cinder back end:
- PCF requires RAW root disk images. The Cinder back end for your OpenStack tenant must support RAW.
- Pivotal recommends that you use a Cinder back end that supports snapshots. This is required for some BOSH functionalities.
- Pivotal recommends enabling your Cinder back end to delete block storage asynchronously. If this is not possible, it must be able to delete multiple 20GB volumes within 300 seconds.
Using an Overlay Network with VXLAN or GRE Protocols:
- If an overlay network is being used with VXLAN or GRE protocols, the MTU of the created VMs must be adjusted to the best practices recommended by the plugin vendor (if any). If Neutron is configured with VXLAN via the Open vSwitch mechanism, the MTU should be 1400. For GRE, the recommended number is 1460.
- DHCP must be enabled in the internal network for the MTU to be assigned to the VMs automatically.
- Review the Installing Elastic Runtime on OpenStack topic to adjust your MTU values.
- Failure to configure your overlay network correctly could cause Apps Manager to fail since applications will not be able to connect to the UAA.
- Pivotal recommends granting complete access to the OpenStack logs to the operator managing the installation process.
- Your OpenStack environment should be thoroughly tested and considered stable before deploying PCF.
Do not change the names of the VM flavors in the table below.