forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
openstack.html.md.erb
97 lines (64 loc) · 6.99 KB
/
openstack.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
---
title: Installing Pivotal Platform on OpenStack
owner: Ops Manager
---
<% current_page.data.title = "Installing " + vars.product_name + " on OpenStack" %>
This guide describes how to install <%= vars.product_name %> on OpenStack with Pivotal Operations Manager and Pivotal Application Service (PAS).
## <a id="overview"></a> Overview
OpenStack is a cloud operating system that controls large pools of compute, storage, and networking resources throughout a datacenter. For guidance on OpenStack service credential management, see [Open Stack Security Documents](#security) below.
## <a id="security"></a> OpenStack Security Documents
These documents provide a general reference for OpenStack service credential management.
* [OpenStack credential configuration](https://docs.openstack.org/openstack-ansible/13.3.6/install-guide/configure-creds.html)
* [OpenStack credential creation](http://docs.openstack.org/project-install-guide/ec2-api/draft/credentials-creation.html)
* [OpenStack deployment configuration](http://docs.openstack.org/project-deploy-guide/openstack-ansible/newton/configure.html)
## <a id="requirements"></a> Requirements
This section describes the requirements for installing <%= vars.product_name %> on OpenStack, including general requirements for installing <%= vars.product_name %> with Ops Manager and PAS as well as OpenStack requirements.
<p class="note"><strong>Note:</strong> You can install <%= vars.product_name %> on OpenStack with the Pivotal Application Service (PAS) runtime. The Pivotal Container Service (PKS) runtime is not supported for OpenStack. For more information about PAS, see <a href="../concepts/index.html">PAS Concepts</a>. For more information about PKS, see <a href="https://docs.pivotal.io/pks/index.html">Pivotal Container Service (PKS)</a>.</p>
### <a id="general"></a> General Resource Requirements
<%# Find this partial in GitHub at `pivotal-cf/docs-partials` %>
<%= partial "/pcf/core/#{vars.current_major_version.sub('.', '-')}/requirements" %>
### <a id="openstack"></a> OpenStack Requirements
The following are OpenStack requirements for deploying <%= vars.product_name %>:
* <%= vars.product_name %> is supported on the OpenStack Ocata, Pike, Queens, Rocky, and Stein releases. OpenStack is a collection of inter-operable components and requires general OpenStack expertise to troubleshoot issues that may occur when installing <%= vars.product_name %> on particular releases and distributions. To verify that your OpenStack platform is compatible with <%= vars.product_name %>, use the OpenStack Validator tool. To access the OpenStack Validator tool, see [CF OpenStack Validator](https://github.com/cloudfoundry-incubator/cf-openstack-validator) on GitHub.
* Pivotal recommends granting complete access to the OpenStack logs to the operator managing the <%= vars.product_name %> installation process.
* For OpenStack accounts for <%= vars.product_name %>, Pivotal recommends following the principle of least privilege by scoping privileges to the most restrictive permissions possible for a given role.
* You must have a dedicated OpenStack project, formerly known as an OpenStack tenant.
* You must have Keystone access to the dedicated OpenStack project, including the following:
* Auth URL
* Username and password. The `PrimaryProject` for the user must be the project you want to use to deploy <%= vars.product_name %>. For more information, see [Manage projects and users](https://docs.openstack.org/horizon/rocky/admin/manage-projects-and-users.html) in the OpenStack documentation.
* Project name
* Region (with multiple availability zones if you require high availability)
* SSL certificate for your wildcard domain (see below)
* You must have the ability to do the following in OpenStack:
* Create and modify VM flavors
* Enable DHCP if required
* Create a network and then connect that network with a router to an external network
* Create an external network with a pool of floating IP addresses
* Boot VMs directly from image
* Create two wildcard domains for separate system and app domains
* The following are resource requirements for the dedicated OpenStack project:
* 118 GB of RAM
* 22 available instances
* 14 small VMs (1 vCPU, 1024 MB of RAM, 10 GB of root disk)
* 2 high-CPU VMs (2 vCPU, 1024 MB of RAM, 10 GB of root disk)
* 3 large VMs (4 vCPU, 16384 MB of RAM, 10 GB of root disk)
* 3 extra-large VMs (8 vCPU, 16 GB of RAM, 160 GB of ephemeral disk)
* 58 vCPUs
* 1 TB of storage
* Nova or Neutron networking with floating IP support
<p class="note"><b>Note:</b> By default, PAS deploys the number of VM instances required to run a highly available configuration of <%= vars.product_name %>. If you are deploying a test or sandbox <%= vars.product_name %> that does not require HA, then you can scale down the number of instances in your deployment. For information about the number of instances required to run a minimal, non-HA <%= vars.product_name %> deployment, see [Scaling PAS](../opsguide/scaling-ert-components.html).</p>
* The following are requirements for the OpenStack Cinder back end:
* <%= vars.product_name %> requires RAW root disk images. The Cinder back end for your OpenStack project must support RAW.
* Pivotal recommends that you use a Cinder back end that supports snapshots. This is required for some BOSH functionalities.
* Pivotal recommends enabling your Cinder back end to delete block storage asynchronously. If this is not possible, it must be able to delete multiple 20 GB volumes within 300 seconds.
* The following are requirements for using an Overlay Network with VXLAN or GRE Protocols:
* If an overlay network is being used with VXLAN or GRE protocols, the MTU of the created VMs must be adjusted to the best practices recommended by the plugin vendor (if any).
* DHCP must be enabled in the internal network for the MTU to be assigned to the VMs automatically.
* Review the [Configuring PAS](../customizing/configure-pas.html#networking) topic to adjust your MTU values.
* Failure to configure your overlay network correctly could cause Apps Manager to fail since applications will not be able to connect to the UAA.
<p class='note'><strong>Note:</strong> If you are using IPsec, your resource usage will increase by approximately 36 bytes. View the <a href="https://docs.pivotal.io/addon-ipsec/installing.html"> Installing IPsec topic</a> for information, including setting correct MTU values.</p>
## <a id='outputs'></a> Install <%= vars.product_name %> on OpenStack with PAS
To install <%= vars.product_name %> on OpenStack with the PAS runtime, do the following:
1. Deploy Ops Manager. See [Deploying Ops Manager on OpenStack](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/openstack/setup.html).
1. Configure BOSH Director on OpenStack. See [Configuring BOSH Director on OpenStack](/platform/ops-manager/<%= vars.current_major_version.sub('.', '-') %>/openstack/config.html).
1. Configure PAS. See [Configuring PAS](./configure-pas.html).