Deploying Cloud Foundry on AWS
WARNING: The command |
Cloud Foundry tools simplify the process of deploying a Cloud Foundry instance to a variety of platforms, including Amazon Web Services. The following sections guide you through using BOSH and cf to deploy Cloud Foundry to Amazon Web Services.
The first thing to do is to pick a DNS domain name for your Cloud Foundry instance. If you pick cloud.mydomain.com, your applications will be available as app-name.cloud.mydomain.com.
Create an AWS Route 53 Hosted Zone for your domain at the Route 53 control panel. The control panel shows you a “delegation set” - a list of addresses to which you must delegate DNS authority for your domain. If your domain is cloud.mydomain.com, each address in the delegation set should become an NS record in the DNS server for mydomain.com.
Ruby 1.9.3 and git (1.8 or later) are prerequisites for the following steps. After you install Ruby and git, install the
$ gem install bundler
Create a working directory from which to deploy the environment. For example,
$HOME/cf. In that directory, create a file named
Gemfile with the following contents:
source 'https://rubygems.org' ruby "1.9.3" gem "bootstrap-cf-plugin", :git => "git://github.com/cloudfoundry/bootstrap-cf-plugin" gem "bosh"
Install the latest release of the bootstrap plugin.
$ cd $HOME/cf ~/cf$ bundle install
Next, set environment variables required for deploying to AWS. Create a file called
bosh_environment and add the following, changing the value for each line to suit your configuration:
export BOSH_VPC_DOMAIN=mydomain.com export BOSH_VPC_SUBDOMAIN=cloud # Pick something more unique than 'cloud' to work around a temporary shortcoming of the tool export BOSH_AWS_ACCESS_KEY_ID=your_key_asdv34tdf export BOSH_AWS_SECRET_ACCESS_KEY=your_secret_asdf34dfg export BOSH_AWS_REGION=us-east-1 export BOSH_VPC_SECONDARY_AZ=us-east-1a # see note below export BOSH_VPC_PRIMARY_AZ=us-east-1d # see note below
BOSH_VPC_SUBDOMAIN must correspond to the DNS domain name you set up when configuring Route 53. The values shown above correspond to the earlier Route 53 example of cloud.mydomain.com.
Note: Now only deployment to
us-east-1 region is supported by next
steps. For MicroBOSH deploy please review following guide.
Note: Pull request in review process to add support for other AWS regions (https://github.com/cloudfoundry/bosh/pull/323)
Choose availability zones that are listed as “operating normally” on the AWS Console Status Health Section for your region.
source to set them for the current shell:
~/cf$ source bosh_environment
bosh aws create to create a VPC Internet Gateway, VPC subnets, 3 RDS databases, and a NAT VM for Cloud Foundry subnet routing. The command does not require user input, so start it and grab a coffee at the trendiest place across town!
~/cf$ bosh aws create Executing migration CreateKeyPairs allocating 1 KeyPair(s) Executing migration CreateVpc . . . details in S3 receipt: aws_rds_receipt and file: aws_rds_receipt.yml Executing migration CreateS3 creating bucket xxxx-bosh-blobstore creating bucket xxxx-bosh-artifacts
Note: RDS database creation may take 20+ minutes to finish.
Deploy Micro BOSH from the workspace directory, using the
bosh aws bootstrap micro command:
~/cf$ bosh aws bootstrap micro WARNING! Your target has been changed to `https://10.10.0.6:25555'! Deployment set to '/Users/pivotal/cf/deployments/micro/micro_bosh.yml' Deploying new micro BOSH instance `micro/micro_bosh.yml' to `https://10.10.0.6:25555' (type 'yes' to continue): yes Deploy Micro BOSH using existing stemcell (00:00:00) . . . Deployed `micro/micro_bosh.yml' to `https://10.10.0.6:25555', took 00:04:57 to complete Logged in as `admin' Enter username: foo Enter password: *** User `foo' has been created Logged in as `foo' User `hm' has been created Logged in as `hm'
After Micro BOSH has been deployed succesfully, you can check its status:
~/cf$ bosh status Updating director data... done Config ~/.bosh_config Director Name micro-xxxx URL https://x.x.x.x:25555 Version 1.5.0.pre.xxx (release:xxxxx bosh:xxxxx) User hm UUID xxxxxx-xxxx-xxxx-xxxx-xxxxxxxx CPI aws dns enabled (domain_name: microbosh) compiled_package_cache disabled Deployment Manifest ~/cf/deployments/micro/micro_bosh.yml
Cloud Foundry can now be deployed using the
bundle exec cf bootstrap aws command from the bootstrap-cf-plugin gem.
~/cf$ bundle exec cf bootstrap aws
This process can take some time (2-3 hours), especially during its first run when all the jobs are compiled for the first time. When the bootstrap has finished installing Cloud Foundry, it should be possible to target the install with cf and login as an administrator with the user name
admin and the password
If this command fails, it's usually possible to rerun it again. You can also rerun it to deploy the latest version of CF, unless there are changes to the resources created in the “bosh aws create” step above (in which case it should fail).
If this command fails with the following error - Error 400007: service_gateways/0' is not running after update - your networking is probably not set up correctly. You can check that with the following command (substituting your own subdomain and domain):
~/cf$ curl api.subdomain.domain/info
If that is successful it should return the information as json. Otherwise, check your networking. Tip - make sure your domain has an NS record for your subdomain.
This bootstrap command runs two phases: first, several BOSH commands are executed and then several CF commands are executed. At the end of the process, you have the following primitives:
- 2 BOSH releases: cf-release and cf-services-release, each pulled from the latest “green” release-candidate branch in github.
- The latest “green” BOSH stemcell, downloaded from our CI server.
- 2 already-deployed BOSH deployments: CF core and CF services, backed by generated manifest files described below.
- 2 CF admin user accounts with randomly-generated passwords (find in cf-shared-secrets.yml).
- A default CF organization called “bootstrap-org”.
- A default CF space called “bootstrap-space”.
- CF service-auth-tokens allowing CF core to authenticate to CF services.
At this point your “cf” command-line tool is targeted to your CF deployment and you are authenticated as the admin user, meaning you're ready to push an app!
Once Cloud Foundry has been deployed using the bootstrap cf plugin, there will be several files left in the
|cf-aws.yml||BOSH manifest file for Cloud Foundry that was used to deploy to AWS. You can use this file to redeploy the Cloud Foundry instance again. For more information, see managing BOSH deployments.|
|cf-services-aws.yml||BOSH manifest file for Cloud Foundry services.|
|cf-shared-secrets.yml||Shared secrets file for usernames and passwords used in various Cloud Foundry components.|
|director.key and director.pem||Self-signed SSL certificate used to encrypt the connection between BOSH CLI and Micro BOSH.|
|elb-cfrouter.key and elb-cfrouter.pem||Self-signed SSL certificate installed on the AWS ELB that fronts the Cloud Foundry routing layer.|
|aws_rds_receipt.yml, aws_route53_receipt.yml, aws_vpc_receipt.yml||At the end of the MicroBOSH bootstrapping procedure, these ‘receipt’ files are written to provide data used to template the manifest file used for deploying Cloud Foundry.|
For more information about managing organizations, spaces, and users, go to the cf page.
WARNING: The command |
You also want to cleanup any YAML artifacts that are no longer valid:
~/cf$ bosh aws destroy ~/cf$ rm -f *.yml
Photo: Creative Commons / CTBTO Photostream at http://www.flickr.com/photos/ctbto/6476282811/