This document shows how to initialize new environment on OpenStack.

Step 1: Create a Deployment Manifest

  1. Create a deployment directory.

    $ mkdir ~/my-bosh
    
  2. Create a deployment manifest file named bosh.yml in the deployment directory based on the template below.

    In the template, you must replace the NETWORK-UUID, PRIVATE-IP, PRIVATE-CIDR, PRIVATE-GATEWAY-IP, DNS-IP, FLOATING-IP, OPENSTACK-PASSWORD, IDENTITY-API-ENDPOINT, OPENSTACK-PROJECT, OPENSTACK-DOMAIN, and OPENSTACK-USERNAME properties. We describe replacing these properties in Step 2: Prepare an OpenStack environment.

    Note: The example below uses several predefined passwords. We recommend replacing them with passwords of your choice.

---
name: bosh

releases:
- name: bosh
  url: https://bosh.io/d/github.com/cloudfoundry/bosh?v=261.4
  sha1: 4da9cedbcc8fbf11378ef439fb89de08300ad091
- name: bosh-openstack-cpi
  url: https://bosh.io/d/github.com/cloudfoundry-incubator/bosh-openstack-cpi-release?v=31
  sha1: ed48a0e021805448e4581764d11d20696a4eaecb

resource_pools:
- name: vms
  network: private
  stemcell:
    url: https://bosh.io/d/stemcells/bosh-openstack-kvm-ubuntu-trusty-go_agent?v=3363.12
    sha1: 7b95f76ce3539f9ae78c403f9805a62d30a63710
  cloud_properties:
    instance_type: m1.xlarge

disk_pools:
- name: disks
  disk_size: 20_000

networks:
- name: private
  type: manual
  subnets:
  - range: PRIVATE-CIDR # <--- Replace with a private subnet CIDR
    gateway: PRIVATE-GATEWAY-IP # <--- Replace with a private subnet's gateway
    dns: [DNS-IP] # <--- Replace with your DNS
    cloud_properties: {net_id: NETWORK-UUID} # <--- # Replace with private network UUID
- name: public
  type: vip

jobs:
- name: bosh
  instances: 1

  templates:
  - {name: nats, release: bosh}
  - {name: postgres, release: bosh}
  - {name: blobstore, release: bosh}
  - {name: director, release: bosh}
  - {name: health_monitor, release: bosh}
  - {name: registry, release: bosh}
  - {name: openstack_cpi, release: bosh-openstack-cpi}

  resource_pool: vms
  persistent_disk_pool: disks

  networks:
  - name: private
    static_ips: [PRIVATE-IP] # <--- Replace with a private IP
    default: [dns, gateway]
  - name: public
    static_ips: [FLOATING-IP] # <--- Replace with a floating IP

  properties:
    nats:
      address: 127.0.0.1
      user: nats
      # password: nats-password # <--- Uncomment & change

    postgres: &db
      listen_address: 127.0.0.1
      host: 127.0.0.1
      user: postgres
      # password: postgres-password # <--- Uncomment & change
      database: bosh
      adapter: postgres

    registry:
      address: PRIVATE-IP # <--- Replace with a private IP
      host: PRIVATE-IP # <--- Replace with a private IP
      db: *db
      http:
        user: admin
        # password: admin # <--- Uncomment & change
        port: 25777
      username: admin
      # password: admin # <--- Uncomment & change
      port: 25777

    blobstore:
      address: PRIVATE-IP # <--- Replace with a private IP
      port: 25250
      provider: dav
      director:
        user: director
        # password: director-password # <--- Uncomment & change
      agent:
        user: agent
        # password: agent-password # <--- Uncomment & change

    director:
      address: 127.0.0.1
      name: my-bosh
      db: *db
      cpi_job: openstack_cpi
      max_threads: 3
      user_management:
        provider: local
        local:
          users:
          # - {name: admin, password: admin} # <--- Uncomment & change
          # - {name: hm, password: hm-password} # <--- Uncomment & change

    hm:
      director_account:
        user: hm
        # password: hm-password # <--- Uncomment & change
      resurrector_enabled: true

    openstack: &openstack
      auth_url: IDENTITY-API-ENDPOINT # <--- Replace with OpenStack Identity API endpoint
      project: OPENSTACK-PROJECT # <--- Replace with OpenStack project name
      domain: OPENSTACK-DOMAIN # <--- Replace with OpenStack domain name
      username: OPENSTACK-USERNAME # <--- Replace with OpenStack username
      api_key: OPENSTACK-PASSWORD # <--- Replace with OpenStack password
      default_key_name: bosh
      default_security_groups: [bosh]

    # agent: {mbus: "nats://nats:nats-password@PRIVATE-IP:4222"} # <--- Uncomment & change

    ntp: &ntp [0.pool.ntp.org, 1.pool.ntp.org]

cloud_provider:
  template: {name: openstack_cpi, release: bosh-openstack-cpi}

  ssh_tunnel:
    host: FLOATING-IP # <--- Replace with a floating IP
    port: 22
    user: vcap
    private_key: ./bosh.pem # Path relative to this manifest file

  # mbus: "https://mbus:mbus-password@FLOATING-IP:6868" # <--- Uncomment & change

  properties:
    openstack: *openstack
    # agent: {mbus: "https://mbus:mbus-password@0.0.0.0:6868"} # <--- Uncomment & change
    blobstore: {provider: local, path: /var/vcap/micro_bosh/data/cache}
    ntp: *ntp

Step 2: Prepare an OpenStack environment

Prerequisites

  1. An OpenStack environment running one of the following supported releases:

    Note: Juno has a bug that prevents BOSH to assign specific IPs to VMs. You have to apply a Nova patch to avoid this problem.

  2. The following OpenStack services:

    • Identity: BOSH authenticates credentials and retrieves the endpoint URLs for other OpenStack services.
    • Compute: BOSH boots new VMs, assigns floating IPs to VMs, and creates and attaches volumes to VMs.
    • Image: BOSH stores stemcells using the Image service.
    • (Optional) OpenStack Networking: Provides network scaling and automated management functions that are useful when deploying complex distributed systems. Note: OpenStack networking is used as default as of v28 of the OpenStack CPI. To disable the use of the OpenStack Networking project, see using nova-networking.
  3. The following OpenStack networks:

    • An external network with a subnet.
    • An private network with a subnet. The subnet must have an IP address allocation pool.
  4. Configuration of a new OpenStack Project

    1. Automated configuration

      You can use a Terraform enviroment template to configure your OpenStack project.

    2. Manual configuration

      Note: See the OpenStack documentation for help finding more information.

      Alternatively, you can do the following things manually as described below:


Create a Keypair

  1. Select Access & Security from the left navigation panel.

  2. Select the Keypairs tab.

  3. Click Create Keypair.

  4. Name the Keypair “bosh” and click Create Keypair.

  5. Save the bosh.pem file.

  6. Move the bosh.pem file into your deployment directory. For example, on UNIX run this command:

    $ mv ~/Downloads/bosh.pem ~/my-bosh/bosh.pem
    

Create and Configure Security Groups

You must create and configure two Security Groups to restrict incoming network traffic to the BOSH VMs.

BOSH Security Group

  1. Select Access & Security from the left navigation panel.

  2. Select the Security Groups tab.

  3. Click Create Security Group.

  4. Name the security group “bosh” and add the description “BOSH Security Group”

  5. Click Create Security Group.

  6. Select the BOSH Security Group and click Edit Rules.

  7. Click Add Rule.

  8. Add the following rules to the BOSH Security Group:

    Note: It highly discouraged to run any production environment with 0.0.0.0/0 source or to make any BOSH management ports publicly accessible.

    Direction Ether Type IP Protocol Port Range Remote Purpose
    IngressIPv4TCP220.0.0.0/0 (CIDR)SSH access from bosh-init
    IngressIPv4TCP68680.0.0.0/0 (CIDR)BOSH Agent access from bosh-init
    IngressIPv4TCP255550.0.0.0/0 (CIDR)BOSH Director access from CLI
    EgressIPv4Any-0.0.0.0/0 (CIDR)
    EgressIPv6Any-::/0 (CIDR)
    IngressIPv4TCP1-65535boshManagement and data access

Allocate a floating IP address

  1. Select Access & Security from the left navigation panel.

  2. Select the Floating IPs tab.

  3. Click Allocate IP to Project.

  4. Select External from the Pool dropdown menu.

  5. Click Allocate IP.

  6. Replace FLOATING-IP in your deployment manifest with the allocated Floating IP Address.


Step 3: Deploy

  1. Install bosh-init.

  2. Run bosh-init deploy ./bosh.yml to start the deployment process.

    $ bosh-init deploy ./bosh.yml
    ...
    

    See OpenStack CPI errors for list of common errors and resolutions.

  3. Install the BOSH Command Line Interface (CLI).

  4. Use bosh target FLOATING-IP-ADDRESS to log into your new BOSH Director. The default username and password are admin and admin.

    $ bosh target 173.81.16.12
    
    Target set to 'bosh'
    Your username: admin
    Enter password: *****
    Logged in as 'admin'
    
    $ bosh vms
    
    No deployments
    
  5. Save the deployment state file left in your deployment directory so you can later update/delete your Director. See Deployment state section of ‘Using bosh-init’ for more details.


Back to Table of Contents

Previous: Bootstrapping an environment


Contribute changes to this page