Deploying Cloud Foundry on AWS with BOSH AWS Bootstrap
WARNING: The command |
Cloud Foundry tools simplify the process of deploying a Cloud Foundry instance to a variety of platforms, including Amazon Web Services. The following sections guide you through using BOSH and cf to deploy Cloud Foundry to Amazon Web Services.
First, pick a DNS domain name for your Cloud Foundry instance. If you pick cloud.example.com, your applications will be available as app-name.cloud.example.com.
Create an AWS Route 53 Hosted Zone for your domain at the Route 53 control panel. The control panel shows you a “delegation set”, or a list of addresses to which you must delegate DNS authority for your domain. If your domain is cloud.example.com, each address in the delegation set should become an NS record in the DNS server for example.com.
Ruby 1.9.3 and git (1.8 or later) are prerequisites for the following
steps. After you install Ruby and git, install the
$ gem install bundler
Create a deployments directory with a subdirectory for your
particular deployment. For example,
the particular deployment’s sub-directory, create a file named
Gemfile with the following contents:
source 'https://rubygems.org' ruby "1.9.3" gem "bosh_cli_plugin_aws"
$ cd ~/deployments/cf-example ~/deployments/cf-example$ bundle install
Next, set environment variables required for deploying to AWS. Create
a file called
bosh_environment and add the following, changing the
value for each line to suit your configuration:
export BOSH_VPC_DOMAIN=example.com export BOSH_VPC_SUBDOMAIN=cloud # Pick something more unique than 'cloud' to work around a temporary shortcoming of the tool export BOSH_AWS_ACCESS_KEY_ID=AWS_ACCESS_KEY_ID export BOSH_AWS_SECRET_ACCESS_KEY=AWS_SECRET_ACCESS_KEY export BOSH_AWS_REGION=us-east-1 export BOSH_VPC_SECONDARY_AZ=us-east-1a # see note below export BOSH_VPC_PRIMARY_AZ=us-east-1d # see note below
BOSH_VPC_SUBDOMAIN must correspond to
the DNS domain name you set up when configuring Route 53. The values
shown above correspond to the earlier Route 53 example of
Note: The following steps only support deployment to the |
To deploy MicroBOSH, please review the following guide.
Choose availability zones that are listed as “operating normally” on the AWS Console Status Health Section for your region.
source to set them for the current shell:
~/deployments/cf-example$ source bosh_environment
bosh aws create to create a VPC Internet Gateway, VPC subnets,
three RDS databases, and a NAT VM for Cloud Foundry subnet routing.
The command takes some time but not require user input. This command
generates receipt files that you use when deploying Cloud Foundry
~/cf$ bundle exec bosh aws create Executing migration CreateKeyPairs allocating 1 KeyPair(s) Executing migration CreateVpc . . . details in S3 receipt: aws_rds_receipt and file: aws_rds_receipt.yml Executing migration CreateS3 creating bucket xxxx-bosh-blobstore creating bucket xxxx-bosh-artifacts
Note: RDS database creation may take 20+ minutes to finish.
Deploy Micro BOSH from the workspace directory, using the
bootstrap micro command:
~/deployments/cf-example$ bundle exec bosh aws bootstrap micro WARNING! Your target has been changed to `https://10.10.0.6:25555'! Deployment set to '/Users/pivotal/cf/deployments/micro/micro_bosh.yml' Deploying new micro BOSH instance `micro/micro_bosh.yml' to `https://10.10.0.6:25555' (type 'yes' to continue): yes Deploy Micro BOSH using existing stemcell (00:00:00) . . . Deployed `micro/micro_bosh.yml' to `https://10.10.0.6:25555', took 00:04:57 to complete Logged in as `admin' Enter username: foo Enter password: *** User `foo' has been created Logged in as `foo' User `hm' has been created Logged in as `hm'
The command prompts you for a username and password. Choose a username and password that you want to use later to access your Micro BOSH installation.
After Micro BOSH has deployed successfully, you can check its status:
~/deployments/cf-example$ bundle exec bosh status Updating director data... done Config ~/.bosh_config Director Name micro-xxxx URL https://x.x.x.x:25555 Version 1.5.0.pre.xxx (release:xxxxx bosh:xxxxx) User hm UUID xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx CPI aws dns enabled (domain_name: microbosh) compiled_package_cache disabled Deployment Manifest ~/cf/deployments/micro/micro_bosh.yml
Get the list of available public stemcells.
~/deployments/cf-example$ bundle exec bosh public stemcells +---------------------------------------------+ | Name | +---------------------------------------------+ | bosh-stemcell-1657-aws-xen-ubuntu.tgz | | bosh-stemcell-1657-aws-xen-centos.tgz | | light-bosh-stemcell-1657-aws-xen-ubuntu.tgz | | light-bosh-stemcell-1657-aws-xen-centos.tgz | | bosh-stemcell-1657-openstack-kvm-ubuntu.tgz | | bosh-stemcell-1657-vsphere-esxi-ubuntu.tgz | | bosh-stemcell-1657-vsphere-esxi-centos.tgz | +---------------------------------------------+ To download use `bosh download public stemcell <stemcell_name>'. For full url use --full.
Download the latest ubuntu aws stemcell.
~/deployments/cf-example$ bundle exec bosh download public stemcell bosh-stemcell-1657-aws-xen-ubuntu.tgz
Upload the stemcell to the BOSH director:
~/deployments/cf-example$ bosh upload stemcell ./bosh-stemcell-1657-aws-xen-ubuntu.tgz
You can now deploy Cloud Foundry.
Create a stub file called
cf-aws-stub.yml for spiff. You will use this to generate a BOSH manifest for the CF deployment.
--- name: cf-example director_uuid: 80be9b46-435f-41db-96a4-453f8d59f53c releases: - name: cf version: latest networks: - name: cf1 type: manual subnets: - range: 10.10.16.0/20 name: default_unused reserved: - 10.10.16.2 - 10.10.16.9 static: - 10.10.16.10 - 10.10.16.253 gateway: 10.10.16.1 dns: - 10.10.0.2 cloud_properties: security_groups: - cf subnet: (( properties.template_only.aws.subnet_ids.cf1 )) - name: cf2 type: manual subnets: - range: 10.10.80.0/20 name: default_unused reserved: - 10.10.80.2 - 10.10.80.9 static: - 10.10.80.10 - 10.10.80.253 gateway: 10.10.80.1 dns: - 10.10.0.2 cloud_properties: security_groups: - cf subnet: (( properties.template_only.aws.subnet_ids.cf2 )) properties: template_only: aws: access_key_id: PLACEHOLDER-ACCESS-KEY-ID secret_access_key: PLACEHOLDER-SECRET-KEY availability_zone: us-east-1a # Change this if you'd like to availability_zone2: us-east-1b # Change this if you'd like to subnet_ids: cf1: PLACEHOLDER-SUBNET-FOR-AZ1 cf2: PLACEHOLDER-SUBNET-FOR-AZ2 domain: PLACEHOLDER-DOMAIN nats: user: PLACEHOLDER-NATS-USER password: PLACEHOLDER-NATS-PASSWORD cc: db_encryption_key: PLACEHOLDER-CC-DB-ENCRYPTION-KEY bulk_api_password: PLACEHOLDER-BULK-API-PASSWORD staging_upload_password: PLACEHOLDER-STAGING-UPLOAD-PASSWORD staging_upload_user: PLACEHOLDER-STAGING-UPLOAD-USER uaa: scim: users: - admin|the_admin_pw|scim.write,scim.read,openid,cloud_controller.admin #change if you like - services|the_services_pw|scim.write,scim.read,openid,cloud_controller.admin #change if you like admin: client_secret: PLACEHOLDER-UAA-ADMIN-CLIENT-SECRET jwt: signing_key: PLACEHOLDER-UAA-JWT-SIGNING-KEY verification_key: PLACEHOLDER-UAA-JWT-VERIFICATION-KEY clients: login: secret: PLACEHOLDER-UAA-CLIENTS-LOGIN-SECRET developer_console: secret: PLACEHOLDER-UAA-CLIENTS-DEVELOPER-CONSOLE-SECRET app-direct: secret: PLACEHOLDER-UAA-CLIENTS-APP-DIRECT-SECRET support-services: secret: PLACEHOLDER-UAA-CLIENTS-SUPPORT-SERVICES-SECRET servicesmgmt: secret: PLACEHOLDER-UAA-CLIENTS-SERVICESMGMT-SECRET space-mail: secret: PLACEHOLDER-UAA-CLIENTS-SPACE-MAIL-SECRET notifications: secret: PLACEHOLDER-UAA-CLIENTS-NOTIFICATION-SECRET batch: username: PLACEHOLDER-UAA-BATCH-USERNAME password: PLACEHOLDER-UAA-BATCH-PASSWORD cc: client_secret: PLACEHOLDER-UAA-CC-CLIENT-SECRET uaadb: PLACEHOLDER_UAADB_PROPERTIES ccdb: PLACEHOLDER_CCDB_PROPERTIES router: status: user: PLACEHOLDER-ROUTER-STATUS-USER password: PLACEHOLDER-ROUTER-STATUS-PASSWORD dea_next: disk_mb: 400001 memory_mb: 6656 loggregator_endpoint: shared_secret: PLACEHOLDER-LOGGREGATOR-SECRET ssl: skip_cert_verify: false
Replace placeholders with the approriate data:
PLACEHOLDER-DIRECTOR-UUID- the bosh director UUID. You can get it by running
bundle exec bosh status.
PLACEHOLDER-SECRET-KEY- AWS access key id and secret key. You can use the same ones as you used in the
bosh_environmentfile above, or generate new ones.
PLACEHOLDER-SUBNET-FOR-AZ2- Look in
~/deployments/cf-example/aws_vpc_receipt.yml(this file was generated when you ran
bosh aws create). They are under ‘subnets’ ‘cf1’ and ‘cf2’.
bosh_environmentfile above (hosted domain created in route 53).
PLACEHOLDER-CCDB-PROPERTIES- copy these from
Generate secure keys for the following placeholders:
Generate RSA key pair for:
You can also replace the users username/password in uaa->scim->users list.
If you are using Self-Signed SSL certificates:
cf-release into a convenient location, e.g.
~/releases$ git clone https://github.com/cloudfoundry/cf-release.git
Update cf-release submodules. You can use helper script
update in cf-release:
~/releases$ cd cf-release ~/releases/cf-release$ ./update
Install spiff using instructions from the Spiff Readme.
Generate a BOSH deployment manifest:
~/releases/cf-release$ ./generate_deployment_manifest aws templates/cf-minimal-dev.yml ~/deployments/cf-example/cf-aws-stub.yml > ~/deployments/cf-example/cf.yml
Deploy CF using BOSH.
~/releases/cf-release$ bundle install
Check whether you are still targeting your new BOSH director:
~/releases/cf-release$ bundle exec bosh target Current target is https://x.x.x.x:25555 (micro-xxxxxx)If this does not match the name of your deployed micro BOSH, you can target the director using the IP from
Set your deployment to the generated manifest:
~/releases/cf-release$ bundle exec bosh deployment ~/deployments/cf-example/cf.yml
Create a Cloud Foundry release. The command prompts you for a development release name. You can use
cf, which is specified in the deployment manifest under releases->name.
~/releases/cf-release$ bundle exec bosh create release
Upload the generated release to the BOSH director:
~/releases/cf-release$ bundle exec bosh upload release
Deploy the uploaded Cloud Foundry release:
~/releases/cf-release$ bundle exec bosh deploy
This process can take some time (2-3 hours), especially during its first run when all the jobs are compiled for the first time. If
bosh deploy fails, it is usually possible to rerun it.
To test the Cloud Foundry installation, test the API endpoint:
~/releases/cf-release$ curl api.subdomain.domain/info
If that is successful, it should return the information as json. Otherwise, check your networking. Tip: Make sure your domain has an NS record for your subdomain.
At this point it should be possible to target the install with the cf cli tool and login as an administrator. The user name,
admin and the password,
the_admin_pw, are in the deployment manifest under uaa->scim->users. For more information about managing organizations, spaces, users, and applications, refer to the cf topic.
If you want to update your deploy of cf-release to reflect changes in the cf-release directory, rerun
bosh create release && bosh upload release && bosh deploy. If you only have changes in your manifest, just run
If you want your Cloud Foundry to be able to provision services, you must deploy a services release. Refer to the services documentation here.
You also might be interested in checking out the community-managed services release.
WARNING: The command |
Finally, cleanup any YAML artifacts that are no longer valid:
~/deployments/cf-example$ bundle exec bosh aws destroy ~/deployments/cf-example$ rm -f *.yml