New and Changed Information
The following table provides an overview of the significant changes up to this current release. The table does not provide an exhaustive list of all changes or of the new features up to this release.
Cisco APIC Release Version |
Feature |
Description |
---|---|---|
Release 3.1(2) |
Support for open-source Cloud Foundry in Cisco ACI |
This release enables the deployment of Cloud Foundry in the Cisco ACI fabric. |
Cisco ACI and Cloud Foundry Integration
Cloud Foundry is a platform as a service (PAAS) that uses Linux containers to deploy and manage applications. It works as an overlay on various infrastructure systems like VMware vSphere and Amazon Web Services (AWS) and operates on the underlying network used by these systems.
Beginning with Cisco APIC Release 3.1(2), Cloud Foundry is integrated with Cisco Application Centric Infrastructure (ACI). This enables customers to use all Cisco ACI security and policy features with Cloud Foundry containers.
In the Cisco APIC Release 3.1(2), Cisco ACI integration applies to Cloud Foundry deployed on VMware vSphere where the Cisco ACI provides the network fabric for VMware vSphere.
This document is a guide to deploying open-source Cloud Foundry integrated with Cisco ACI and describes the use of Cisco ACI-specific extensions to Cloud Foundry.
Preparation
Cloud Foundry Compatibility
Cloud Foundry is compatible with the following software:
-
Cisco APIC Release 3.1(2)
-
Cloud Foundry cf-deployment 1.29.0 on Ubuntu Trusty
-
Cisco ACI add-ons 0.2.0
Note |
This document does not include deployment of isolation segments. |
Preparing for Cloud Foundry ACI Integration
Before you begin
It is assumed that you have completed the following tasks:
-
Set up the Cisco ACI fabric to use with a VMware vCenter deployment.
See the Cisco ACI and Cisco APIC documentation on Cisco.com.
-
Set up the node subnet as a private subnet and made sure that it has access to the Cisco APIC management address.
-
Deployed BOSH Director and Cloud Foundry components to the same Cisco ACI endpoint group (EPG).
-
Read and understood the guidelines in the knowledge base article Cisco ACI and OpFlex Connectivity for Orchestrators.
Procedure
Step 1 |
Create a VMware VMM domain in Cisco APIC that uses the desired VMware vCenter data center. |
Step 2 |
Ensure that you have an Attachable Entity Profile (AEP) in Cisco APIC that enables communication on the switch ports that are connected to ESXi hypervisors. |
Step 3 |
Create a VRF that to hold all your endpoints (BOSH Director, Cloud Foundry component VMs, and containers). |
Step 4 |
Create and provision L3Out in Cisco APIC for external communication and associate it with the VRF you created in the previous step. |
Step 5 |
Create an external network under the L3Out that allows traffic to all destinations (0.0.0.0/0). |
Step 6 |
Create a working directory and extract the Cisco ACI add-ons distribution file (dist-generics-cloudfoundryxxxxxx.tgz). |
Step 7 |
Install the acc_provision Debian package. |
Step 8 |
Ensure that your machine is a development machine; you will use this machine for compiling source code during BOSH deployment. See Before you Begin" in the section "Deploying BOSH Director" for the list of required packages. |
Step 9 |
Ensure that Ruby 2.4.1 or higher is installed on your machine. If you have older version installed, remove them (packages ruby and rubydev) and install a newer version of Ruby. |
Step 10 |
Download and install BOSH (v2) CLI. |
Step 11 |
Install the cf CLI Debian package. |
Step 12 |
Get source code for bosh-deployment and cf-deployment:
|
Step 13 |
If your machine requires a proxy to reach the Internet, set the no_proxy environment variablefor the following: VMware vCenter server, Cisco APIC server, the BOSH Director IP you will choose (in the section Provisioning ACI for CloudFoundry) and the system domain you will choose section Deploying Cloud Foundry with Cisco ACI Add-Ons). For the examples in this document this environmental variable is set as:
|
Deployment
Provisioning Cisco ACI to Work with Cloud Foundry
Before you begin
Ensure that you have completed the tasks in the section "Preparation for Cisco ACI Deployment for Cloud Foundry" in this guide.
Procedure
Step 1 |
Create a provisioning config file, using the following example. Change the values in the example to fit your environment. Example:
In the preceding example, node subnet 10.1.0.0/16 will be used for the BOSH Director virtual machine (VM) and Cloud Foundry component VM. Reserve three IP addresses within this range for the following VMs:
|
Step 2 |
Configure Cisco APIC and generate a configuration file for cf-deployment. Example:
This command configures Cisco APIC for Cloud Foundry and generates a file called mycf0-vars.yaml. |
Step 3 |
Make a note of the following values in the file mycf0-vars.yaml: apic_dvs and apic_node_portgroup. |
Deploying BOSH Director
Before you begin
build-essential |
libssl-dev |
curl |
libxsltdev |
git-core |
libyaml-dev |
libreadline6 |
openssl |
libreadline6-dev |
sqlite3 |
libsqlite3-dev |
wget |
libxml2-dev |
zlib1g-dev |
libxslt-dev |
zlibc |
Procedure
Step 1 |
Create a file containing BOSH Director deployment parameters, boshvars.yaml. Ensure that internal_cidr and internal_gw match the values you picked earlier for the node subnet. Also, ensure that internal_ipis set to the address you reserved for BOSH Director. Example:
|
Step 2 |
Deploy BOSH Director. Example:
If your environment requires a proxy to access the Internet, also include this parameter: -o bosh-deployment/misc/proxy.yml. If your environment doesn’t allow name resolution using public DNS servers, also include this parameter: -o bosh-deployment/misc/dns.yml. |
Step 3 |
Create an alias for the BOSH Director for ease of use using the following command: Example:
|
Step 4 |
Set up a few environment variables to use with BOSH CLI. Example:
bosh env You should |
Step 5 |
Verify that you have a successful deployment by entering the following command:bosh env Output appears similar to the following example:
|
Deploying Cloud Foundry with Cisco ACI Add-Ons
Procedure
Step 1 |
Set up BOSH cloud configuration by creating a file, mycf0-cloud-config.yml. Example:
|
Step 2 |
Update the cloud configuration using the following command:
|
Step 3 |
Upload the required stemcell to BOSH Director.
|
Step 4 |
Upload the Cisco ACI add-ons BOSH release file to BOSH Director.
|
Step 5 |
Choose a DNS name (system domain) for your deployment and ensure that this name resolves to the reserved IP addresses you chose for GoRouter. (For example, 10.1.0.3 and 10.1.0.4) |
Step 6 |
Ensure that wildcard DNS resolution is allowed. That is, if your system domain is mycf0.fab15.local, then all names like *.mycf0.fab15.local will resolve to the GoRouter’s address. |
Step 7 |
Create a cf-deployment operations file, router-static-cf.yml to assign a static address to the GoRouter.
|
Step 8 |
Deploy Cloud Foundry. Example:
Remember to replace your-system-domain. The deployment can take a while. |
Step 9 |
Verify that CloudFoundry has been deployed successfully.
Output appears similar to the following example:
|
Removing Cisco ACI Add-ons from Cloud Foundry
Installed Cisco ACI add-ons can be removed by running the command in this section. After you run the command, the Cloud Foundry deployment uses Cisco ACI as a pure underlay.
Procedure
Remove the Cisco ACI add-ons. Example:
|
Unprovisioning Cloud Foundry from the ACI Fabric
This section describes how to uprovision Cloud Foundry from the ACI fabric.
Before you begin
Before unprovisioning the resources allocated to your Cloud Foundry installation from your Cisco ACI fabric, ensure that Cloud Foundry and BOSH Director have been removed.
Procedure
Step 1 |
Delete Cloud Foundry Example:
|
||
Step 2 |
Delete BOSH Director. Example:
|
||
Step 3 |
Unprovision the fabric. Example:
|
Operations
Using Cisco ACI-Specific Extensions
You can access Cisco ACI-specific Cloud Foundry extensions through a Python CLI script, cf-aci.py. Extensions features include EPG annotations and external IP address.
The Python CLI script is in the scripts/ directory of the distribution files (dist-generics-cloudfoundryxxxxxx.tgz). Most commands are self- explanatory and take one or two arguments.
Procedure
Run the Python CLI script to access the Cisco ACI-specific Cloud Foundry extensions, using the following example:
|
Collecting Log Files for Support Requests
If problems arise, Cisco support may ask that you submit log files to help them troubleshoot the problems. Follow the steps in this section to collect the log files for Cloud Foundry.
Procedure
Step 1 |
Get the list of VM instances in your deployment. Example:
|
Step 2 |
Generate report on the desired VM instance (diego-api or diego-cell). Example:
|
Step 3 |
Note the report file mentioned in the output. |
Step 4 |
Copy over the report file. Example:
|