Comprehensive Guide to Install OpenStack Manually on Linux

Table of Contents

1. Introduction

OpenStack is an open-source platform used to build and manage public and private clouds. This guide walks you through a manual installation of OpenStack on a Linux server. Understanding the complexities of OpenStack is vital for successful deployment. This comprehensive guide details the process of a manual OpenStack installation.

2. Prerequisites

Ensure your system meets the following prerequisites:

• A Linux server (Ubuntu or CentOS recommended)
• Root or sudo privileges
• Basic Linux command-line knowledge
• Sufficient hardware resources (at least 8GB RAM, 50GB disk space)
• Network connectivity

3. Environment Setup

Update and Upgrade Your System

Before beginning, update and upgrade your system to ensure you have the latest packages and security patches.

$ sudo apt update && sudo apt upgrade -y

Install Essential Packages

Install the necessary packages for Python development, database connectivity, and other dependencies.

$ sudo apt install -y python3-pip python3-dev libffi-dev gcc libssl-dev

4. Install and Configure OpenStack Components

a. Keystone (Identity Service)

Keystone is the identity service for OpenStack, responsible for authentication and authorization.

1. Install Keystone:

$ sudo apt install -y keystone

2. Configure Keystone:

Edit the /etc/keystone/keystone.conf file:

$ sudo nano /etc/keystone/keystone.conf

Set the following values:

[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet

Replace KEYSTONE_DBPASS with a secure password for the Keystone database.

3. Initialize the Keystone database:

$ sudo keystone-manage db_sync

4. Setup Fernet keys and credentials:

$ sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
$ sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

5. Bootstrap Keystone:

$ sudo keystone-manage bootstrap --bootstrap-password ADMIN_PASS 
  --bootstrap-admin-url http://controller:5000/v3/ 
  --bootstrap-internal-url http://controller:5000/v3/ 
  --bootstrap-public-url http://controller:5000/v3/ 
  --bootstrap-region-id RegionOne

Replace ADMIN_PASS with a secure password for the OpenStack administrator user.

6. Configure Apache:

Edit the /etc/apache2/apache2.conf file:

$ sudo nano /etc/apache2/apache2.conf

Add the following:

ServerName controller

Enable the Apache and WSGI services:

$ sudo service apache2 restart

b. Glance (Image Service)

Glance is the image service for OpenStack, responsible for storing and managing virtual machine images.

1. Install Glance:

$ sudo apt install -y glance

2. Configure Glance:

Edit the /etc/glance/glance-api.conf file:

$ sudo nano /etc/glance/glance-api.conf

Set the following values:

[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone

Replace GLANCE_DBPASS with a secure password for the Glance database and GLANCE_PASS with a secure password for the Glance service user.

3. Initialize the Glance database:

$ sudo glance-manage db_sync

4. Restart the Glance API service:

$ sudo service glance-api restart

c. Nova (Compute Service)

Nova is the compute service for OpenStack, responsible for managing virtual machines.

1. Install Nova:

$ sudo apt install -y nova-api nova-conductor nova-consoleauth nova-novncproxy nova-scheduler

2. Configure Nova:

Edit the /etc/nova/nova.conf file:

$ sudo nano /etc/nova/nova.conf

Set the following values:

[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292

Replace NOVA_DBPASS with a secure password for the Nova database, NOVA_PASS with a secure password for the Nova service user, and MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of your management interface.

3. Initialize the Nova database and cells:

$ sudo nova-manage api_db sync
$ sudo nova-manage cell_v2 map_cell0
$ sudo nova-manage cell_v2 create_cell --name=cell1
$ sudo nova-manage db sync

4. Restart the Nova services:

$ sudo service nova-api restart
$ sudo service nova-scheduler restart
$ sudo service nova-conductor restart
$ sudo service nova-novncproxy restart

d. Neutron (Networking Service)

Neutron is the networking service for OpenStack, responsible for managing virtual networks.

1. Install Neutron:

$ sudo apt install -y neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent

2. Configure Neutron:

Edit the /etc/neutron/neutron.conf file:

$ sudo nano /etc/neutron/neutron.conf

Set the following values:

[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True

Replace NEUTRON_DBPASS with a secure password for the Neutron database and NEUTRON_PASS with a secure password for the Neutron service user.

Edit the /etc/neutron/plugins/ml2/ml2_conf.ini file:

$ sudo nano /etc/neutron/plugins/ml2/ml2_conf.ini

Set the following values:

[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = True

3. Initialize the Neutron database:

$ sudo neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head

4. Restart the Neutron services:

$ sudo service neutron-server restart
$ sudo service neutron-linuxbridge-agent restart
$ sudo service neutron-dhcp-agent restart
$ sudo service neutron-metadata-agent restart

e. Cinder (Block Storage Service)

Cinder is the block storage service for OpenStack, responsible for managing persistent storage volumes.

1. Install Cinder:

$ sudo apt install -y cinder-api cinder-scheduler

2. Configure Cinder:

Edit the /etc/cinder/cinder.conf file:

$ sudo nano /etc/cinder/cinder.conf

Set the following values:

[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = CINDER_PASS
[DEFAULT]
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

Replace CINDER_DBPASS with a secure password for the Cinder database, CINDER_PASS with a secure password for the Cinder service user, and MANAGEMENT_INTERFACE_IP_ADDRESS with the IP address of your management interface.

3. Initialize the Cinder database:

$ sudo cinder-manage db sync

4. Restart the Cinder services:

$ sudo service cinder-api restart
$ sudo service cinder-scheduler restart

f. Horizon (Dashboard)

Horizon is the web-based dashboard for OpenStack, providing a graphical interface for managing resources.

1. Install Horizon:

$ sudo apt install -y openstack-dashboard

2. Configure Horizon:

Edit the /etc/openstack-dashboard/local_settings.py file:

$ sudo nano /etc/openstack-dashboard/local_settings.py

Set the following values:

OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

3. Reload the Apache service:

$ sudo service apache2 reload

5. Verification and Troubleshooting

1. Verify Service Status:

Ensure all OpenStack services are running:

$ sudo systemctl status <service-name>

Replace <service-name> with the name of the service you want to check (e.g., keystone, glance-api, nova-api, etc.).

2. Authenticate with the OpenStack CLI:

Authenticate using the OpenStack command-line interface:

$ export OS_USERNAME=admin
$ export OS_PASSWORD=ADMIN_PASS
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:5000/v3
$ export OS_IDENTITY_API_VERSION=3

Replace ADMIN_PASS with the password you set during the Keystone bootstrap process.

Check Keystone service:

$ openstack token issue

3. Upload a Sample Image:

Upload a sample image to Glance:

$ wget http://download.cirros-cloud.net/0.5.2/cirros-0.5.2-x86_64-disk.img
$ openstack image create "cirros" --file cirros-0.5.2-x86_64-disk.img --disk-format qcow2 --container-format bare --public

List images:

$ openstack image list

4. Create a Flavor:

Create a flavor (instance type) in Nova:

$ openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

List flavors:

$ openstack flavor list

5. Create a Network:

Create a network and subnet in Neutron:

$ openstack network create demo-net
$ openstack subnet create --network demo-net --subnet-range 10.0.0.0/24 demo-subnet

List networks:

$ openstack network list

6. Create a Volume:

Create a volume in Cinder:

$ openstack volume create --size 1 demo-volume

List volumes:

$ openstack volume list

7. Access Horizon:

Open a web browser and navigate to http://<controller-ip>/dashboard. Log in with your admin credentials.

6. Conclusion

Manually installing OpenStack can be complex due to its numerous components and dependencies. However, by following this guide, you should be able to set up a functional OpenStack environment. This process for OpenStack installation requires careful attention to detail.

For further customization and scaling, refer to the official OpenStack documentation and community resources.

Troubleshooting Tips

• Database Connection Issues: Ensure the database server is running and that the OpenStack components can connect to it using the specified credentials.
• Keystone Authentication Problems: Verify the Keystone configuration and ensure the service endpoints are correctly configured.
• Networking Errors: Check the Neutron configuration and ensure the network agents are running correctly.
• Firewall Issues: Ensure that firewalls are not blocking communication between OpenStack services.

Additional Resources

• Official OpenStack Documentation
• OpenStack Community Forum
• OpenStack Installation Guides

By following these steps, you should have a working OpenStack environment tailored to your needs. The manual OpenStack installation detailed here allows for a deep understanding of the platform.

Alternative Solutions for Deploying OpenStack

While manual installation provides granular control, it’s often time-consuming and error-prone. Here are two alternative solutions for deploying OpenStack:

1. Using DevStack

Explanation:

DevStack is a shell script-based tool that deploys OpenStack in a single-node environment, typically for development and testing purposes. It’s significantly simpler than manual installation because it automates most of the configuration steps. DevStack is not intended for production use, but it’s an excellent way to quickly set up an OpenStack environment and experiment with its features. It’s a great alternative to the more complex manual OpenStack installation.

Code Example:

First, clone the DevStack repository:

git clone https://opendev.org/openstack/devstack
cd devstack

Then, create a local.conf file to configure DevStack. A minimal example:

[[local|localrc]]
ADMIN_PASSWORD=YourAdminPassword
DATABASE_PASSWORD=YourDatabasePassword
SERVICE_PASSWORD=YourServicePassword

Finally, run the stack.sh script:

./stack.sh

This script will download and install all the necessary OpenStack components and configure them automatically. The installation process may take some time, depending on your internet connection and hardware resources. Once completed, you’ll have a fully functional OpenStack environment.

2. Using Kolla-Ansible

Explanation:

Kolla-Ansible is a production-ready deployment tool that uses Docker containers and Ansible playbooks to deploy and manage OpenStack. It offers a more robust and scalable solution compared to manual installation or DevStack. Kolla-Ansible leverages containerization to simplify dependencies and provide a consistent deployment experience across different environments. It is an excellent way to install OpenStack.

Code Example:

First, install the necessary packages:

sudo apt install python3-pip git
sudo pip3 install --upgrade pip
sudo pip3 install ansible docker docker-compose

Clone the Kolla-Ansible repository:

git clone https://github.com/openstack/kolla-ansible
cd kolla-ansible

Copy the example configuration files:

cp -r etc/kolla /etc/

Edit the /etc/kolla/globals.yml file to configure global settings such as network interfaces, passwords, and deployment mode.

---
kolla_base_distro: "ubuntu"
kolla_install_type: "binary"
openstack_release: "2023.2" # Example: Antelope

network_interface: "eth0" # Or your network interface
neutron_external_interface: "{{ network_interface }}"

enable_haproxy: "yes"
enable_keystone: "yes"
enable_glance: "yes"
# ... enable other services as needed

Generate passwords:

kolla-genpwd

Run the deployment:

ansible-playbook -i inventory/localhost/hosts -b --become-user kolla -e @/etc/kolla/globals.yml  deploy.yml

This process will build and deploy OpenStack using Docker containers. It handles the intricate configurations, making OpenStack installation more manageable. Kolla-Ansible’s containerized approach makes updates and scaling easier to manage compared to a manual install.

These alternative solutions offer different levels of complexity and suitability depending on the intended use case. DevStack is ideal for quick prototyping and learning, while Kolla-Ansible provides a production-grade deployment solution.