Launching Cloudbreak on OpenStack

These steps describe how to launch Cloudbreak on OpenStack. This is the only deployment options available on OpenStack.
Before launching Cloudbreak on OpenStack, review and meet the prerequisites. Next, follow the steps below.

VM requirements

To launch the Cloudbreak deployer and install the Cloudbreak application, you must have an existing VM.

System requirements

Your system must meet the following requirements:

You can install Cloudbreak on Mac OS X for evaluation purposes only. Mac OS X is not supported for a production deployment of Cloudbreak.

Root access

Every command must be executed as root. In order to get root privileges execute:

sudo -i

System updates

Ensure that your system is up-to-date by executing:

yum -y update

Reboot it if necessary.

Install iptables

Perform these steps to install and configure iptables.


  1. Install iptables-services:

    yum -y install net-tools ntp wget lsof unzip tar iptables-services
    systemctl enable ntpd && systemctl start ntpd
    systemctl disable firewalld && systemctl stop firewalld

    Without iptables-services installed the iptables save command will not be available.

  2. Configure permissive iptables on your machine:

    iptables --flush INPUT && \
    iptables --flush FORWARD && \
    service iptables save


Perform these steps to disable SELINUX.


  1. Disable SELINUX:

    setenforce 0
    sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

  2. Run the following command to ensure that SELinux is not turned on afterwards:


  3. The command should return "Disabled".

Install Docker

Perform these steps to install Docker. The minimum Docker version is 1.13.1. If you are using an older image that comes with an older Docker version, upgrade Docker to 1.13.1 or newer.


  1. Install Docker service:

    CentOS 7

    yum install -y docker
    systemctl start docker
    systemctl enable docker

    RHEL 7

    yum install yum-utils
    yum-config-manager --enable rhui-REGION-rhel-server-extras
    yum install -y docker
    systemctl start docker
    systemctl enable docker

  2. Check the Docker Logging Driver configuration:

    docker info | grep "Logging Driver"

  3. If it is set to Logging Driver: journald, you must set it to "json-file" instead. To do that:

    1. Open the docker file for editing:

      vi /etc/sysconfig/docker

    2. Edit the following part of the file so that it looks like below (showing log-driver=json-file):

      # Modify these options if you want to change the way the docker daemon runs
      OPTIONS='--selinux-enabled --log-driver=json-file --signature-verification=false'

    3. Restart Docker:

      systemctl restart docker
      systemctl status docker

Install Cloudbreak on a VM

Install Cloudbreak using the following steps.


  1. Install the Cloudbreak deployer and unzip the platform-specific single binary to your PATH. For example:

    yum -y install unzip tar
    curl -Ls$(uname)_x86_64.tgz | sudo tar -xz -C /bin cbd
    cbd --version

    Once the Cloudbreak deployer is installed, you can set up the Cloudbreak application.

  2. Create a Cloudbreak deployment directory and navigate to it:

    mkdir cloudbreak-deployment
    cd cloudbreak-deployment

  3. In the directory, create a file called Profile with the following content:

    export PUBLIC_IP=MY_VM_IP

    For example:

    export UAA_DEFAULT_SECRET=MySecret123
    export UAA_DEFAULT_USER_PW=MySecurePassword123
    export PUBLIC_IP=

    You will need to provide the email and password when logging in to the Cloudbreak web UI and when using the Cloudbreak CLI. The secret will be used by Cloudbreak for authentication.

    You should set the CLOUDBREAK_SMTP_SENDER_USERNAME variable to the username you use to authenticate to your SMTP server. You should set the CLOUDBREAK_SMTP_SENDER_PASSWORD variable to the password you use to authenticate to your SMTP server.

  4. Generate configurations by executing:

    rm *.yml
    cbd generate

    The cbd start command includes the cbd generate command which applies the following steps:

    • Creates the docker-compose.yml file, which describes the configuration of all the Docker containers required for the Cloudbreak deployment.
    • Creates the uaa.yml file, which holds the configuration of the identity server used to authenticate users with Cloudbreak.
  5. Start the Cloudbreak application by using the following commands:

    cbd pull-parallel
    cbd start

    This will start the Docker containers and initialize the application. The first time you start the Cloudbreak app, the process will take longer than usual due to the download of all the necessary docker images.

    If you encounter errors during cbd start, refer to Toubleshooting.

  6. Next, check Cloudbreak application logs:

    cbd logs cloudbreak

    You should see a message like this in the log: Started CloudbreakApplication in 36.823 seconds. Cloudbreak normally takes less than a minute to start.

Related links

Access Cloudbreak web UI

Log in to the Cloudbreak UI using the following steps.


  1. You can log into the Cloudbreak application at https://IP_Address. For example You may use cbd start to obtain the login information. Alternatively, you can obtain the VM's IP address from your cloud provider console.

  2. Confirm the security exception to proceed to the Cloudbreak web UI.

    The first time you access Cloudbreak UI, Cloudbreak will automatically generate a self-signed certificate, due to which your browser will warn you about an untrusted connection and will ask you to confirm a security exception.

    Browser Steps
    Firefox Click Advanced > Click Add Exception... > Click Confirm Security Exception
    Safari Click Continue
    Chrome Click Advanced > Click Proceed...
  3. The login page is displayed:

  4. Log in to the Cloudbreak web UI using the credentials that you configured in your Profile file:

    • The username is the UAA_DEFAULT_USER_EMAIL
    • The password is the UAA_DEFAULT_USER_PW
  5. Upon a successful login, you are redirected to the dashboard:

Configure external Cloudbreak database

By default, Cloudbreak uses an embedded PostgreSQL database to persist data related to Cloudbreak configuration, setup, and so on. For a production Cloudbreak deployment, you must configure an external database.

Related links
Configure an external database

Configure a self-signed certificate

If your OpenStack is secured with a self-signed certificate, you need to import that certificate into Cloudbreak, or else Cloudbreak won't be able to communicate with your OpenStack.

To import the certificate, place the certificate file in the /certs/trusted/ directory, follow these steps.


  1. Navigate to the certs directory (automatically generated).
  2. Create the trusted directory.
  3. Copy the certificate to the trusted directory.

Cloudbreak will automatically pick up the certificate and import it into its trust store upon start.

Create Cloudbreak credential

Cloudbreak works by connecting your OpenStack account through this credential, and then uses it to create resources on your behalf. Before you can start provisioning cluster using Cloudbreak, you must create a Cloudbreak credential.


  1. In the Cloudbreak web UI, select Credentials from the navigation pane.

  2. Click Create Credential.

  3. Under Cloud provider, select "OpenStack".

  4. Select the keystone version.

  5. Provide the following information:

    For Keystone v2:

    Parameter Description
    Name Enter a name for your credential.
    Description (Optional) Enter a description.
    User Enter your OpenStack user name.
    Password Enter your OpenStack password.
    Tenant Name Enter the OpenStack tenant name.
    Endpoint Enter the OpenStack endpoint.
    API Facing (Optional) Select public, private, or internal.

    For Keystone v3:

    Parameter Description
    Keystone scope Select the scope: default, domain, or project.
    Name Enter a name for your credential.
    Description (Optional) Enter a description.
    User Enter your OpenStack user name.
    Password Enter your OpenStack password.
    User Domain Enter your OpenStack user domain.
    Endpoint Enter the OpenStack endpoint.
    API Facing (Optional) Select public, private, or internal.
  6. Click Create.

  7. Your credential should now be displayed in the Credentials pane.

    Congratulations! You have successfully launched Cloudbreak and created a Cloudbreak credential. Now you can use Cloudbreak to create clusters.