Installing Pivotal Cloud Foundry on OpenStack
Page last updated:
This guide describes how to install Pivotal Cloud Foundry (PCF) on OpenStack.
PCF is supported on the OpenStack Liberty, Mitaka, and Newton releases. OpenStack is a collection of interoperable components and requires general OpenStack expertise to troubleshoot issues that may occur when installing Pivotal Cloud Foundry on particular releases and distributions.
In addition, to verify that your OpenStack platform is compatible with PCF, you can use the OpenStack Validator Tool.
The following are general requirements for deploying and managing a PCF deployment with Ops Manager and Pivotal Application Service (PAS):
A wildcard DNS record that points to your router or load balancer. Alternatively, you can use a service such as xip.io. For example,
- PAS gives each application its own hostname in your app domain.
- With a wildcard DNS record, every hostname in your domain resolves to the IP address of your router or load balancer, and you do not need to configure an A record for each app hostname. For example, if you create a DNS record
*.example.compointing to your load balancer or router, every application deployed to the
example.comdomain resolves to the IP address of your router.
At least one wildcard TLS certificate that matches the DNS record you set up above,
Sufficient IP allocation:
- One static IP address for each job in the Ops Manager tile. See the Resource Config pane for each tile for a full list.
- One static IP address for each job listed below:
- File Storage
- MySQL Proxy
- MySQL Server
- Backup Prepare Node
- MySQL Monitor
- Diego Brain
- TCP Router
- One IP for each VM instance created by the service.
- An additional IP address for each compilation worker. So the formula for total IPs needed is
IPs needed = static IPs + VM instances + compilation workers.
Note: Pivotal recommends that you allocate at least 36 dynamic IP addresses when deploying Ops Manager and PAS. BOSH requires additional dynamic IP addresses during installation to compile and deploy VMs, install PAS, and connect to services.
One or more NTP servers if not already provided by your IaaS.
(Recommended) A network without DHCP available for deploying the PAS VMs.
Note: If you have DHCP, refer to the Troubleshooting Guide to avoid issues with your installation.
(Optional) External storage. When you deploy PCF, you can select internal file storage or external file storage, either network-accessible or IaaS-provided, as an option in the PAS tile. Pivotal recommends using external storage whenever possible. See Upgrade Considerations for Selecting File Storage in Pivotal Cloud Foundry for a discussion of how file storage location affects platform performance and stability during upgrades.
(Optional) External databases. When you deploy PCF, you can select internal or external databases for the BOSH Director and for PAS. Pivotal recommends using external databases in production deployments. An external database must be configured to use the UTC timezone.
(Optional) External user stores. When you deploy PCF, you can select a SAML user store for Ops Manager or a SAML or LDAP user store for PAS, to integrate existing user accounts.
The most recent version of the Cloud Foundry Command Line Interface (cf CLI).
To deploy Pivotal Cloud Foundry on OpenStack, you must have a dedicated OpenStack project (formerly known as an OpenStack tenant) that meets the requirements described in this section.
You must have Keystone access to the OpenStack tenant, including the following:
- Auth URL
- Username and password
- Project name
- Region (with multiple availability zones if you require high availability)
- SSL certificate for your wildcard domain (see below)
You must have the ability to do the following:
- Create and modify VM flavors. See the VM flavor configuration table
- Enable DHCP if required
- Create a network and then connect that network with a router to an external network
- Create an external network with a pool of floating IP addresses
- Boot VMs directly from image
- Create two wildcard domains for separate system and app domains
Your OpenStack project must have the following resources before you install PCF:
- 118 GB of RAM
- 22 available instances
- 16 small VMs (1 vCPU, 1024 MB of RAM, 10 GB of root disk)
- 3 large VMs (4 vCPU, 16384 MB of RAM, 10 GB of root disk)
- 3 extra-large VMs (8 vCPU, 16 GB of RAM, 160 GB of ephemeral disk)
- 56 vCPUs
- 1 TB of storage
- Nova or Neutron networking with floating IP support
By default, Pivotal Application Service (PAS) deploys the number of VM instances required to run a highly available configuration of PCF. If you are deploying a test or sandbox PCF that does not require HA, then you can scale down the number of instances in your deployment. For information about the number of instances required to run a minimal, non-HA PCF deployment, see Scaling PAS.
Requirements for your Cinder back end:
- PCF requires RAW root disk images. The Cinder back end for your OpenStack project must support RAW.
- Pivotal recommends that you use a Cinder back end that supports snapshots. This is required for some BOSH functionalities.
- Pivotal recommends enabling your Cinder back end to delete block storage asynchronously. If this is not possible, it must be able to delete multiple 20 GB volumes within 300 seconds.
Using an Overlay Network with VXLAN or GRE Protocols:
- If an overlay network is being used with VXLAN or GRE protocols, the MTU of the created VMs must be adjusted to the best practices recommended by the plugin vendor (if any).
- DHCP must be enabled in the internal network for the MTU to be assigned to the VMs automatically.
- Review the Installing PAS on OpenStack topic to adjust your MTU values.
- Failure to configure your overlay network correctly could cause Apps Manager to fail since applications will not be able to connect to the UAA.
Note: If you are using IPsec, your resource usage will increase by approximately 36 bytes. View the Installing IPsec topic for information, including setting correct MTU values.
- Pivotal recommends granting complete access to the OpenStack logs to the operator managing the installation process.
- Your OpenStack environment should be thoroughly tested and considered stable before deploying PCF. To validate that your OpenStack platform meets the needs of PCF, you can use the OpenStack Validator Tool.
Pivotal recommends following the principle of least privilege by scoping privileges to the most restrictive permissions possible for a given role. See IaaS Permissions Guidelines for recommendations on how to create and scope OpenStack accounts for PCF.
Configure your OpenStack VM flavors as follows:
Note: Do not change the names of the VM flavors in the table below.
- OpenStack credential configuration
- OpenStack credential creation
- OpenStack deployment configuration
These documents provide a general reference for OpenStack service credential management.
Complete the following procedures to install PCF on OpenStack: