Pre-requisites

This document describes the infrastructure pre-requisites to get your Private Cloud Director private cloud up and running. If you're looking to deploy Self-Hosted version of Private Cloud Director, please follow Self Hosted Pre Requisites first.

Hypervisor Host Prerequisites

Each physical server or host that you will use as a hypervisor with Private Cloud Director must meet the following requirements:

1. x86 server

2. Running Ubuntu 22.04 LTS (Jammy Jellyfish) AMD64 cloud image with the following resources. Note: A full server distribution is not required, and the minimal distribution is not supported.

   1. 8 vCPUs

   2. 16GB RAM

   3. 250GB of disk space (95GB If Cinder volumes are used for VM storage)

3. sudo access enabled to log into the server and install the Platform9 agent

4. The host name should contain at least one non-numeric character

5. When using SaaS hosted deployment model, outbound connectivity (port 443) must be enabled on each server so that the Platform9 agent can connect to the Private Cloud Director SaaS management plane.

6. In case of multi-domain environment , host onboarding should be done by the admin user in the default domain and not the secondary domains.

7. If you want to use virtual machine high availability feature (VM HA) (read more in Cluster Resource Management), there must be at least 4 hosts in the cluster for successful VM recovery.

Storage Prerequisites

Private Cloud Director supports a wide variety of enterprise storage solutions, using the OpenStack Cinder driver. Verify you have access to the administrative console of your storage solution and can lookup the required configuration information from your admin console.

• See the list of supported storage drivers

• See also: latest compatibility matrix of Cinder storage drivers and devices as maintained by the OpenStack project.

If you plan to enable Virtual Machine High Availability (VM HA), virtual machines and associated volumes must be using shared storage that is accessible to all hypervisor hosts in the cluster.

Networking Prerequisites

Hosts should have a minimum of 1 network interface, and ideally 4 network interfaces to enable redundancy across network interface failure. A typical configuration would look like:

1. bond0 mapped to two adapters: eth0 and eth1

2. bond1 mapped to two adapters: eth2 and eth3

Key Networking Decisions

Your key decisions before configuring networking in Private Cloud Director are:

1. Use of bonded network interfaces (recommended) to ensure availability if a physical network interface fails

2. Desired network topology and separation:

   1. Management network

   2. Workload network (e.g. a VM network)

   3. Storage network

   4. Backup/DR network

3. Use of physical networks vs "virtual" software defined networks:

   1. A common use case is that external north-south connectivity is available via an existing physical network in your infrastructure; but a group of users may want to use a virtual network that doesn't need to consume ports from this external network

   2. You may have limitations on the VLANs that are available to use, and may want to expand the logical network range by using an IP overlay such as VXLAN or GENEVE networking

   3. Groups of users and workloads that have overlapping IP ranges can be isolated easily using virtual networks

4. External firewall (outside cluster) vs in-cluster firewall

Segregation of traffic can be done within the Private Cloud Director if you aren't already using VLAN or VXLAN based network segments.

For further reading, see Typical Network Architectures.

Outbound Connectivity Requirements

You would need to configure outbound access on port 443 from your hosts for atleast the below domain names to ensure they can be onboarded to our management plane successfully.

1. Private Cloud Director management plane url is accessed over port 443.

2. For cloud-ctl CLI download on hosts, https://cloud-ctl.s3.us-west-1.amazonaws.com

3. APT sources list for installing packages on the Ubuntu host using cloud-ctl prep-node :

   1. http://security.ubuntu.com/ubuntu

   2. http://us.archive.ubuntu.com/ubuntu

   3. http://ubuntu-cloud.archive.canonical.com/ubuntu

   4. http://nova.clouds.archive.ubuntu.com/ubuntu

   5. https://wiki.ubuntu.com/OpenStack/CloudArchive

Image Library Prerequisites

The Image Library service manages virtual machine images in the Private Cloud Director environment. To enable its proper operation, the following prerequisites must be met.

1. Ensure that port 9494 is allowed, used by the Image Library API for image operations.

2. The Image Library service must operate with admin permissions to read and write image files to persistent storage.

External Connectivity

The hypervisor node that you've assigned image library role (the image library node) must have external connectivity to be accessible via a browser. This requirement is necessary for:

• Uploading images through the Private Cloud Director UI.

• Verifying and accepting self-signed certificates.

Self-Signed Certificates

The image library node uses self-signed certificates. To enable image uploads from the UI, users need to:

• Navigate to the image library endpoint in a browser.

  • Click Access & Security Menu -> API Access -> and look for glance-cluster.

• Accept the insecure certificate when prompted.

Why Self-Signed Certificate?

The self-signed certificate is needed because the image library node secures communication with SSL/TLS and uses a self-generated certificate instead of one from a public CA.

Since browsers and CLI tools trust only publicly verified certificates, users must manually accept the self-signed certificate when accessing the Image Library Admin endpoint.

Similarly, the --insecure flag is required for the OpenStack CLI to bypass certificate verification during image uploads.

Load Balancer As a Service (LBaaS) Prerequisites

These pre-requisites only apply if you plan to deploy Load Balancer as a Service (LBaaS) implementation offered by Private Cloud Director to create one or more software-defined load balancers for your application services.

CLI Update

You need to install the Octavia extension to the OpenStack CLI in order to use the LBaaS specific OpenStack CLI commands. Run the following command on a machine where you want to run OpenStack CLI to install both packages.

Alternatively, run the following command on the machine where you already have OpenStack CLI running, to add the LBaaS extension.

Network Requirements

You will need:

• An internal network (a physical or virtual network) that will be used both by your load balancer instance, and your pool of virtual machines that will run the service and receive client requests.

• (Optionally) An external network if you plan to use public (floating) IPs for your load balancer.

Pool of Virtual Machines

The pool of virtual machines that will run your application that requires load balancing must meet the following requirements:

• Be running and in an 'active' state

• Have a valid IP address assigned from the same tenant network that you will use to create a new load balancer instance.

• Have your application (e.g., web server) running and accessible

Router Configuration

If you plan to use public (floating) IPs for your load balancer, you need:

• A router connecting the tenant network used by the load balancer and the pool of VMs, and your external network.

• Available public (floating) IPs in your quota

Kubernetes Pre-requisites

Read Kubernetes Pre-requisites for requirements to setup a Kubernetes cluster in Private Cloud Director