Skip to content
A repository of terraform configs to install CloudFoundry in Openstack
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

terraform-openstack-cf-install Build Status

This is part of a project that aims to create a one click deploy of Cloud Foundry into an Openstack Tenant. This is (probably) the repo you want to use.


This will create a bastion host and CloudFoundry install that is confined to one subnet, pulling external IPs from a second subnet.

Upstream Cloud Foundry issues

Issues/Pull Requests pending across Cloud Foundry projects:

None as of right now

Deploy Cloud Foundry


You must manually create a "Tenant" to use within Openstack, terraform is unable to do that for you. Note the name and ID of the tenant for use later.

You must create a separate user just for this purpose, that does not have admin privileges. If the user does, you will be unable to create more than one CloudFoundry instance per Openstack install, even if you have them in separate tenants.

Unlike the AWS version of this, you do not need to upload your SSH key before starting. Note the path to the pem/private key files that you want to use and we will put them in the config file further down.

You must being using at least terraform version 0.6.3 with the openstack provider compiled and in the same directory as your terraform binary.

$ terraform -v
Terraform v0.6.3

You can install terraform 0.6.3+ via [] or using brew package manager on Mac OS X.

Your chosen region must have sufficient quota to spin up all of the machines. While building various bits, the install process can use up to 13 VMs, settling down to use 7 machines long-term (more, if you want more runners).

You must have a local install of git.

NOTE: Building the entire Cloud Foundry cluster will take a little over an hour! It hasn't hung (probably), it just takes a little while to do ALL THE THINGS.

git clone
cd terraform-openstack-cf-install
cp terraform.tfvars.example terraform.tfvars

Next, edit terraform.tfvars using your text editor and fill out the variables with your own values (Openstack credentials, region, etc).

Run the following to create the networking, subnets, security groups, ports and create a bastion server:

make plan
make apply

Once the bastion server is created, run the following to create a provision script with all the variables assigned, copy the script to the Bastion server then remotely execute the script. This allows the script to be executed multiple times, as needed, without needing to destroy the Bastion server.

make provision

After Initial Install

At the end of the output of the terraform run, there will be a section called Outputs that will have at least bastion_ip and an IP address. If not, or if you cleared the terminal without noting it, you can log into the Openstack console and look for an instance called 'bastion', with the bastion security group. Use the public IP associated with that instance, and ssh in as the ubuntu user, using the ssh key listed as public_key_path in your configuration (if you used the Unattended Install).

ssh -i ~/.ssh/example.pem ubuntu@$(terraform output bastion_ip)

As an alternative there is a script provided for you which will execute ssh with all the necessary parameters. From the root of the project folder run

make ssh

Once in, you can look in workspace/deployments/cf-boshworkspace/ for the bosh deployment manifest and template files. Any further updates or changes to your microbosh or Cloud Foundry environment will be done manually using this machine as your work space. Terraform provisioning scripts are not intended for long-term updates or maintenance.

Cloud Foundry

To login to Cloud Foundry as an administrator:

cf login --skip-ssl-validation -a $(terraform output cf_api) -u admin -p $(terraform output cf_admin_pass)

You can also log into the cf api from the inception server itself, though you have to manually replace the calls to terraform from above with the actual values.

Cleanup / Tear down

Terraform does not yet quite cleanup after itself. You can run make destroy to get quite a few of the resources you created, but you will probably have to manually track down some of the bits and manually remove them. Once you have done so, run make clean to remove the local cache and status files, allowing you to run everything again without errors.

Specifically, you may have to manually remove volumes, images (BOSH-*), security groups, key pairs, and floating IPs.

Module Outputs



Look in to see all of the variables that can be set or overriden. The mandatory variables are:

network # The first two octets to use within the VPC, e.g. 10.0 or 192.168
auth_url # The API of your Openstack instance to auth against, like
tenant_name # The name of the tenant to use - this will be used to create names for your resources
tenant_id # The ID of the tenant
username # User to authenticate against the Openstack API
password # Password for that user
public_key_path # Literal path to public ssh key file on the computer running Terraform - /home/user/keys/
key_path # Literal path to private ssh key file on the computer running Terraform - /home/user/keys/example
floating_ip_pool # Name of the subnet to use for floating/external IPs, e.g. "net04_ext"
network_external_id # UUID of the external network to use
region # Which region to use

Installing Sample Docker Services

If you would like sample services like PostgreSQL, MySQL, Rabbit MQ, Mongo, etcd, consul (and others) there is a github repo that you can clone on the Bastion server or there is a flag you can set in your terraform.tfvars for this project which will install these services after Cloud Foundry is installed.

To enable these services to be installed automatically, add the following line to terraform.tfvars:

install_docker_services = "true"

There is already a subnet defined in where this server will be created.

You can’t perform that action at this time.