How to set up OpenStack on Linux | Cloud & Hybrid Linux Tutorial

How to Set Up OpenStack on Linux: A Complete Installation Guide OpenStack is a powerful open-source cloud computing platform that enables you to build and manage both public and private clouds. This comprehensive guide will walk you through the complete process of setting up OpenStack on Linux, from initial system preparation to deploying your first virtual machine. Whether you're a system administrator looking to implement cloud infrastructure or a developer wanting to understand cloud technologies, this tutorial provides detailed instructions for a successful OpenStack deployment. Table of Contents 1. [Understanding OpenStack](#understanding-openstack) 2. [Prerequisites and System Requirements](#prerequisites-and-system-requirements) 3. [Choosing Your Deployment Method](#choosing-your-deployment-method) 4. [Step-by-Step Installation Guide](#step-by-step-installation-guide) 5. [Configuration and Verification](#configuration-and-verification) 6. [Common Issues and Troubleshooting](#common-issues-and-troubleshooting) 7. [Best Practices and Security](#best-practices-and-security) 8. [Next Steps and Advanced Configuration](#next-steps-and-advanced-configuration) Understanding OpenStack OpenStack is a collection of software components that work together to create a comprehensive cloud computing platform. The core services include: - Nova: Compute service for managing virtual machines - Neutron: Network service for managing network connectivity - Cinder: Block storage service for persistent storage - Glance: Image service for managing VM images - Keystone: Identity service for authentication and authorization - Horizon: Dashboard service providing a web-based user interface - Swift: Object storage service for scalable storage Understanding these components is crucial for a successful OpenStack deployment, as each service plays a vital role in the overall cloud infrastructure. Prerequisites and System Requirements Hardware Requirements Before beginning your OpenStack installation, ensure your system meets the minimum hardware requirements: Minimum Requirements: - CPU: 4 cores (8 cores recommended) - RAM: 8 GB (16 GB or more recommended) - Storage: 40 GB available disk space (100 GB recommended) - Network: Two network interfaces (management and external) Recommended Production Setup: - CPU: 16+ cores with virtualization support (Intel VT-x or AMD-V) - RAM: 32 GB or more - Storage: 200 GB+ SSD storage - Network: Multiple network interfaces for different traffic types Software Requirements Supported Linux Distributions: - Ubuntu 20.04 LTS or 22.04 LTS - CentOS 8 or Rocky Linux 8 - Red Hat Enterprise Linux 8 - SUSE Linux Enterprise Server 15 Network Configuration: Your system should have at least two network interfaces: - Management network (for internal OpenStack communication) - External network (for floating IPs and external connectivity) Pre-installation System Preparation Update your system packages: ```bash For Ubuntu/Debian systems sudo apt update && sudo apt upgrade -y For CentOS/RHEL systems sudo dnf update -y ``` Install essential packages: ```bash Ubuntu/Debian sudo apt install -y python3-pip git curl wget CentOS/RHEL sudo dnf install -y python3-pip git curl wget ``` Configure network time synchronization: ```bash Ubuntu/Debian sudo apt install -y chrony sudo systemctl enable chrony sudo systemctl start chrony CentOS/RHEL sudo dnf install -y chrony sudo systemctl enable chronyd sudo systemctl start chronyd ``` Choosing Your Deployment Method OpenStack offers several deployment methods, each with its own advantages: 1. DevStack (Development/Testing) DevStack is ideal for development, testing, and learning purposes. It provides a quick way to deploy OpenStack on a single machine. Advantages: - Quick setup and deployment - Perfect for learning and development - Minimal resource requirements - Easy to reset and redeploy Disadvantages: - Not suitable for production - Limited scalability - Single point of failure 2. Packstack (Red Hat/CentOS) Packstack is Red Hat's deployment tool for OpenStack, suitable for proof-of-concept deployments. Advantages: - Automated installation process - Good for small-scale deployments - Supports multi-node configurations Disadvantages: - Limited to Red Hat-based distributions - Less flexible than other methods 3. Manual Installation Manual installation provides complete control over the deployment process and is suitable for production environments. Advantages: - Complete control over configuration - Better understanding of components - Suitable for production deployments Disadvantages: - Time-consuming and complex - Requires deep OpenStack knowledge - Higher chance of configuration errors For this guide, we'll focus on DevStack for learning purposes and provide guidance for manual installation. Step-by-Step Installation Guide Method 1: DevStack Installation DevStack is the fastest way to get OpenStack running for development and testing purposes. Step 1: Create a Stack User Create a dedicated user for running DevStack: ```bash sudo useradd -s /bin/bash -d /opt/stack -m stack sudo chmod +x /opt/stack echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack sudo su - stack ``` Step 2: Download DevStack Clone the DevStack repository: ```bash git clone https://opendev.org/openstack/devstack cd devstack ``` Step 3: Create Local Configuration Create a `local.conf` file with your configuration: ```bash cat > local.conf << EOF [[local|localrc]] Passwords ADMIN_PASSWORD=secret DATABASE_PASSWORD=secret RABBIT_PASSWORD=secret SERVICE_PASSWORD=secret Network Configuration HOST_IP=192.168.1.100 # Replace with your actual IP FLOATING_RANGE=192.168.1.224/27 FIXED_RANGE=10.11.12.0/24 FIXED_NETWORK_SIZE=256 FLAT_INTERFACE=eth0 # Replace with your network interface Services to enable enable_service rabbit mysql key enable_service n-api n-crt n-obj n-cpu n-cond n-sch n-novnc n-cauth enable_service neutron q-svc q-agt q-dhcp q-l3 q-meta enable_service c-api c-vol c-sch c-bak enable_service g-api g-reg enable_service horizon enable_service tempest Logging LOGFILE=/opt/stack/logs/stack.sh.log VERBOSE=True LOG_COLOR=True SCREEN_LOGDIR=/opt/stack/logs EOF ``` Step 4: Run the Installation Execute the DevStack installation script: ```bash ./stack.sh ``` The installation process typically takes 15-30 minutes, depending on your system and internet connection. The script will: - Install required packages - Download and install OpenStack services - Configure databases and message queues - Set up networking - Create initial users and projects Step 5: Verify Installation Once the installation completes, you should see output similar to: ``` ========================= DevStack Component Timing (times are in seconds) ========================= run_process 11 test_with_retry 3 apt-get-update 7 osc 178 run_process 41 dbsync 102 apt-get 392 ========================= Total runtime 734 ========================= This is your host IP address: 192.168.1.100 This is your host IPv6 address: ::1 Horizon is now available at http://192.168.1.100/dashboard Keystone is serving at http://192.168.1.100/identity/ The default users are: admin and demo The password: secret ``` Method 2: Manual Installation (Ubuntu 22.04) For production environments or when you need more control, manual installation is recommended. Step 1: Install and Configure Database Install and configure MariaDB: ```bash sudo apt install -y mariadb-server python3-pymysql sudo mysql_secure_installation Create OpenStack database configuration sudo tee /etc/mysql/mariadb.conf.d/99-openstack.cnf << EOF [mysqld] bind-address = 192.168.1.100 # Replace with your management IP default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 EOF sudo systemctl restart mysql ``` Step 2: Install Message Queue Install and configure RabbitMQ: ```bash sudo apt install -y rabbitmq-server sudo rabbitmqctl add_user openstack RABBIT_PASS sudo rabbitmqctl set_permissions openstack "." "." ".*" ``` Step 3: Install and Configure Memcached ```bash sudo apt install -y memcached python3-memcache Edit /etc/memcached.conf sudo sed -i 's/-l 127.0.0.1/-l 192.168.1.100/' /etc/memcached.conf sudo systemctl restart memcached ``` Step 4: Install Keystone (Identity Service) Create the Keystone database: ```bash sudo mysql -e "CREATE DATABASE keystone;" sudo mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';" sudo mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';" ``` Install and configure Keystone: ```bash sudo apt install -y keystone Edit /etc/keystone/keystone.conf sudo tee -a /etc/keystone/keystone.conf << EOF [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@192.168.1.100/keystone [token] provider = fernet EOF Populate the Identity service database sudo su -s /bin/sh -c "keystone-manage db_sync" keystone Initialize Fernet key repositories sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone Bootstrap the Identity service sudo keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://192.168.1.100:5000/v3/ \ --bootstrap-internal-url http://192.168.1.100:5000/v3/ \ --bootstrap-public-url http://192.168.1.100:5000/v3/ \ --bootstrap-region-id RegionOne ``` Configure Apache HTTP server: ```bash sudo apt install -y apache2 libapache2-mod-wsgi-py3 Configure ServerName echo "ServerName 192.168.1.100" | sudo tee -a /etc/apache2/apache2.conf sudo systemctl restart apache2 ``` Configuration and Verification Accessing the OpenStack Dashboard After successful installation, access the OpenStack dashboard (Horizon) through your web browser: 1. Open your browser and navigate to `http://YOUR_HOST_IP/dashboard` 2. Log in using the credentials: - Username: admin - Password: The password you set during installation - Domain: Default Command Line Interface Setup Set up the OpenStack command-line client: ```bash Install OpenStack client pip3 install python-openstackclient Source the admin credentials (for DevStack) source /opt/stack/devstack/openrc admin admin Verify the installation openstack service list openstack endpoint list openstack user list ``` Creating Your First Instance 1. Upload an Image: ```bash Download a test image wget http://download.cirros-cloud.net/0.5.2/cirros-0.5.2-x86_64-disk.img Upload to Glance openstack image create "cirros" \ --file cirros-0.5.2-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public ``` 2. Create a Flavor: ```bash openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano ``` 3. Create Security Group Rules: ```bash openstack security group rule create --proto icmp default openstack security group rule create --proto tcp --dst-port 22 default ``` 4. Launch an Instance: ```bash openstack server create --flavor m1.nano --image cirros \ --nic net-id=private --security-group default \ --key-name mykey test-instance ``` Common Issues and Troubleshooting Installation Issues Problem: DevStack installation fails with package dependency errors Solution: ```bash Clean and update package cache sudo apt clean sudo apt update sudo apt install -f Retry installation ./unstack.sh ./clean.sh ./stack.sh ``` Problem: Network connectivity issues after installation Solution: 1. Verify network interface configuration: ```bash ip addr show ip route show ``` 2. Check OpenStack network services: ```bash sudo systemctl status neutron-server sudo systemctl status neutron-openvswitch-agent ``` 3. Restart networking services: ```bash sudo systemctl restart neutron-server sudo systemctl restart neutron-openvswitch-agent ``` Service Issues Problem: Services fail to start Solution: ```bash Check service status sudo systemctl status nova-compute sudo systemctl status neutron-server Check logs for errors sudo journalctl -u nova-compute -f sudo journalctl -u neutron-server -f Restart services sudo systemctl restart nova-compute sudo systemctl restart neutron-server ``` Problem: Database connection errors Solution: ```bash Verify database connectivity mysql -u keystone -p -h 192.168.1.100 Check database configuration in service config files grep -r "connection.*mysql" /etc/keystone/ grep -r "connection.*mysql" /etc/nova/ ``` Performance Issues Problem: Slow instance creation or poor performance Solution: 1. Check system resources: ```bash htop df -h free -h ``` 2. Monitor OpenStack services: ```bash openstack server list openstack hypervisor list openstack network agent list ``` 3. Optimize configuration: ```bash Increase worker processes in service configurations Example for Nova API sudo sed -i 's/#workers = 1/workers = 4/' /etc/nova/nova.conf sudo systemctl restart nova-api ``` Best Practices and Security Security Hardening 1. Use Strong Passwords: - Generate complex passwords for all service accounts - Use different passwords for each service - Consider using a password manager 2. Enable SSL/TLS: ```bash Generate SSL certificates sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 \ -keyout /etc/ssl/private/openstack.key \ -out /etc/ssl/certs/openstack.crt Configure Apache for HTTPS sudo a2enmod ssl sudo systemctl restart apache2 ``` 3. Configure Firewall: ```bash Ubuntu UFW sudo ufw enable sudo ufw allow 22/tcp sudo ufw allow 80/tcp sudo ufw allow 443/tcp sudo ufw allow 5000/tcp # Keystone sudo ufw allow 8774/tcp # Nova API sudo ufw allow 9696/tcp # Neutron API ``` 4. Regular Updates: ```bash Schedule regular system updates sudo apt update && sudo apt upgrade -y Monitor OpenStack security advisories Subscribe to OpenStack security mailing lists ``` Performance Optimization 1. Resource Allocation: - Allocate sufficient CPU and memory resources - Use SSD storage for better I/O performance - Configure proper network bandwidth 2. Database Optimization: ```bash Optimize MySQL/MariaDB configuration sudo tee -a /etc/mysql/mariadb.conf.d/99-openstack.cnf << EOF [mysqld] innodb_buffer_pool_size = 1G innodb_log_file_size = 256M innodb_flush_log_at_trx_commit = 2 query_cache_size = 128M EOF sudo systemctl restart mysql ``` 3. Monitoring and Logging: ```bash Install monitoring tools sudo apt install -y htop iotop nethogs Configure log rotation sudo tee /etc/logrotate.d/openstack << EOF /var/log/nova/*.log /var/log/neutron/*.log /var/log/keystone/*.log { daily missingok rotate 52 compress delaycompress notifempty create 640 nova nova } EOF ``` Backup and Recovery 1. Database Backups: ```bash Create backup script sudo tee /usr/local/bin/openstack-backup.sh << EOF #!/bin/bash BACKUP_DIR="/backup/openstack" DATE=$(date +%Y%m%d_%H%M%S) mkdir -p $BACKUP_DIR Backup databases mysqldump --all-databases > $BACKUP_DIR/mysql_backup_$DATE.sql Backup configuration files tar -czf $BACKUP_DIR/config_backup_$DATE.tar.gz \ /etc/keystone/ \ /etc/nova/ \ /etc/neutron/ \ /etc/glance/ \ /etc/cinder/ Clean old backups (keep 7 days) find $BACKUP_DIR -name "*.sql" -mtime +7 -delete find $BACKUP_DIR -name "*.tar.gz" -mtime +7 -delete EOF sudo chmod +x /usr/local/bin/openstack-backup.sh Schedule daily backups echo "0 2 * root /usr/local/bin/openstack-backup.sh" | sudo tee -a /etc/crontab ``` Next Steps and Advanced Configuration Scaling Your OpenStack Deployment Once you have a working single-node OpenStack installation, consider these expansion options: 1. Multi-Node Deployment: - Separate controller and compute nodes - Implement high availability with multiple controllers - Add dedicated storage nodes 2. Additional Services: - Heat: Orchestration service for template-based deployments - Ceilometer: Telemetry service for monitoring and metering - Barbican: Key management service for security - Magnum: Container orchestration service 3. Integration Options: - Container orchestration with Kubernetes - CI/CD pipeline integration - Monitoring with Prometheus and Grafana - Log aggregation with ELK stack Learning Resources 1. Official Documentation: - [OpenStack Documentation](https://docs.openstack.org/) - [OpenStack Installation Guide](https://docs.openstack.org/install-guide/) - [OpenStack Administrator Guide](https://docs.openstack.org/admin-guide/) 2. Community Resources: - OpenStack mailing lists and forums - Local OpenStack user groups - OpenStack Summit and PTG events 3. Certification Paths: - Certified OpenStack Administrator (COA) - Red Hat Certified System Administrator in Red Hat OpenStack Conclusion Setting up OpenStack on Linux is a comprehensive process that requires careful planning, proper system preparation, and attention to detail. This guide has provided you with multiple deployment options, from the quick DevStack installation for development purposes to manual installation for production environments. Key takeaways from this guide: - Start Small: Begin with DevStack for learning and development - Plan Carefully: Ensure your hardware meets requirements before installation - Security First: Implement proper security measures from the beginning - Monitor Continuously: Set up monitoring and logging for operational visibility - Stay Updated: Keep your OpenStack installation current with security patches OpenStack is a powerful platform that can transform how you manage computing resources. With the foundation provided in this guide, you're well-equipped to deploy, manage, and scale your OpenStack cloud infrastructure. Remember that OpenStack is an evolving platform, so continue learning and stay engaged with the community to make the most of your cloud deployment. Whether you're building a private cloud for your organization or learning cloud technologies for career advancement, OpenStack provides a robust, open-source foundation for modern cloud computing needs. Take time to experiment with different configurations, explore additional services, and gradually expand your deployment as you gain experience and confidence with the platform.