NEW! Mirantis Academy -   Learn confidently with expert guidance and On-demand content.   Learn More


Rolling up your sleeves for OpenStack: How to install services manually

Andrew Lee - April 26, 2018
When is the last time you witnessed a technology and felt compelled to learn all about its inner workings?
The growing list of “as-a-service” model software products allows anyone to be a consumer. When using a product this consumer shows a degree of complacency to its features or lack thereof. They are not dissimilar to the begrudging line of people at the airport security whose only way to the final destination is through an endurance test in the economy rows. So today I invite you to take the first step to be the Captain. Roll up your sleeves for OpenStack and get ready to deploy its services from scratch!
The following steps will take you through setting up an all-in-one VM in preparation for deploying OpenStack Ocata manually. Then we will deploy Keystone to help you get started on your journey.
Before we dive into OpenStack, we need to configure our VM. Steps 1~4 will guide you through this process.

Step 1: Download VirtualBox

Download VirtualBox. VirtualBox is an open source hypervisor that runs on most operating systems and is perfect for DIY’ers like us! We will use VirtualBox to easily create VMs on our work laptops or PC.

Step 2: Download Ubuntu 16.04

Download Ubuntu 16.04 server Operating System. We will run OpenStack on top of this Operating System.
(This is a direct link that will start downloading when you click it)

Step 3: Create the host VM

Create and set up your OpenStack “Host” virtual machine. This VM will take the role of both Control and Compute node.
  1. Open VirtualBox and create a new virtual machine with the following settings:
    Name, type, version‘Openstack’, ‘Linux’, ‘Ubuntu (64-bit)’
    Memory size4096 MB
    Hard diskCreate a virtual hard disk now
    Disk size: 15 GB
    File type: Virtualbox Machine Disk (VMDK)
    Storage on physical disk: Dynamically allocated
  2. Launch the VM and select ubuntu-16.04.4-server-amd64.iso as boot disk.
  3. Follow the on-screen instructions of Ubuntu installation guide.image2
  4. When you have finished the installation process, log-in to your VM to test your username & password. Then shut-down the VM for the next step.

Step 4: Set up OpenStack networking

In a production OpenStack environment you will typically have 3 or more types of networks. Example network types are public API network, Admin network, and Guest network (guest machine communication).  To simulate these networks, we will create 3 separate interfaces in our VM.
Open your VirtualBox interface and do the following tasks on the virtual machine you created.
  1. After selecting your VM, go to Settings > Network
    1. Choose NAT for Adapter 1
    2. Enable Adapter2, Adapter3. You can leave these devices as Not attached; to get better control over them and so that you can better see what's happening, we'll configure them from the command line.
  2. Boot your VM and log-in.
  3. Check your interfaces by running ifconfig -a:image3As you can see, the interfaces are not set up yet. Note down the HWaddr of all 3 interfaces; we will use these values in the next few steps.
  4. Edit the /etc/network/interfaces file with the following contents:
    auto lo
    iface lo inet loopback

    auto eth0
    iface eth0 inet dhcp

    auto eth1
    iface eth1 inet static
    pre-up ifconfig eth1 hw ether <HWaddr of eth1>

    auto eth2
    iface eth2 inet static
    pre-up ifconfig eth2 hw ether <HWaddr of eth2>
  5. Create the /etc/udev/rules.d/70-persistent-net.rules file to rename the existing network interfaces from default VirtualBox names to eth0, eth1, and eth2.
    $ sudo touch /etc/udev/rules.d/70-persistent-net.rules
  6. Edit the 70-persistent-net.rules file with the following content to rename your interfaces:
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="<HWaddr eth0>", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth0"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="<HWaddr eth1>", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth1"
    SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="<HWaddr eth2>", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth2"
    You can get the HWaddr of network devices from the output of ifconfig -a.
  7. Reboot your VM and check your interfaces by again running ifconfig -a:image1
Great! eth0, eth1, and eth2 are configured and ready to be used!  
Make note of the IP addresses; you'll need them later.
The rest of this guide outlines the steps you need to run in the OpenStack VM you just created. It consists of downloading the corresponding packages and modifying configuration files to our needs.

Step 5: Add the Cloud Archive repo

Ubuntu has a repository called “Cloud Archive,” which you can use to install OpenStack releases. Ubuntu 16.04 supports Newton, Ocata, and Pike releases, and today we will install the Ocata version. Run the following commands in your virtual machine to add the cloud-archive Ocata repository:
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository cloud-archive:ocata
$ sudo apt-get update

Step 6: Set the time zone to UTC

OpenStack is composed of multiple software components, which coordinate closely with each other. Many of these programs use the UTC time zone for timestamps, so it’s a good idea to also set our environment to UTC to be consistent (and for easy debugging). Run these commands to do that:
$ date
Mon Apr 23 13:31:06 PDT 2018
$ timedatectl set-timezone UTC
Password: # You may need to provide password for the VM user
$ date
Mon Apr 23 20:34:21 UTC 2018

Step 7: Install mysql and rabbitmq

OpenStack programs leverage two important components that are considered “supporting services”. They are not OpenStack programs, but they are important in its functionality. These are the MySQL database and the RabbitMQ message queue. Install and configure these components using these steps:
  1. Install and configure MySQL. Enter a password when prompted; in our example we will use ‘stack’ for the ‘root’ user password. The python-pymysql package is a Python library that enables OpenStack services to make changes to a MySQL database.
    $ sudo apt-get install -y mysql-server python-pymysql
    New password for the MySQL “root” user:
  2. Edit the MySQL configuration file and set the indicated values. Replace the bind-address with its respective value.
    $ vim /etc/mysql/mysql.conf.d/mysqld.cnf
    bind-address = <eth0 ip address>
    collation-server = utf8_general_ci
    character-set-server = utf8
    init-connect= ‘SET NAMES utf8’
  3. Restart the MySQL service to load the changes made to the configuration file.
    $ sudo service mysql restart
    1. Secure your MySQL installation with the following command. Because this is just a test environment, you can skip changing the root password for now. Read through the rest of the prompts carefully and select yes for everything else.
      $ sudo mysql_secure_installation
      . . .
      All done!
  4. Let’s install RabbitMQ, the message queue service that OpenStack services use to coordinate with one another.
    $ sudo apt-get install -y rabbitmq-server
  5. Set a password for the guest account. We like bunny for the password, but you can choose what you would like. (You will frequently reference this password later on in OpenStack configuration files.)
    $ sudo rabbitmqctl change_password guest bunny
  6. Allow configuration, write, and read access for the guest user:
    $ sudo rabbitmqctl set_permissions guest ".*" ".*" ".*"
  7. By default, the guest user can only connect over the loopback interface. Let’s enable connection over other interfaces (such as eth0). Create a new file, /etc/rabbitmq/rabbitmq.config, and set the following content:
    [{rabbit, [{loopback_users, []}]}].
  8. Restart the RabbitMQ service:
    $ sudo service rabbitmq-server restart

Step 8: Deploy the first OpenStack component

We are now ready to start deploying OpenStack components! Let’s run through how to install Keystone. To start with, the majority of the OpenStack programs require setting up a database, which is populated by a “manage” utility as we will see later on. Then it’s up to you to edit the configuration files to your liking and set up “endpoints” for API access. Follow this process:
  1. Create a Keystone database by logging in to MySQL using the root user with its password and running through the provided SQL commands:
    $ sudo mysql -u root -p
    mysql> create database keystone;
    mysql> create user ‘keystoneUser’@’%’ identified by ‘keystonePass’;
    mysql> create user ‘keystoneUser’@’localhost’ identified by ‘keystonePass’
    mysql> grant all on keystone.* to ‘keystoneUser’@’%’ identified by ‘keystonePass’;
    mysql> grant all on keystone.* to ‘keystoneUser’@’localhost’ identified by ‘keystonePass’;
    mysql> flush privileges;
    mysql> exit;
  2. You can test database access for the user you just created:
    $ sudo mysql -u keystoneUser -p -e “show databases;”
    Enter password: keystonePass
    | Database           |
    | information_schema |
    | keystone           |
  3. Now that the database is set up, let’s install the Keystone package.
    $ sudo apt-get install -y keystone
  4. You will need to know the IP addresses of the interfaces you created for your VM. List the interfaces and note the IP’s -- these addresses are unique to your environment for the specified networks.
    $ ip addr
    eth0: … inet       # <mgmt IP>
    eth1: … inet      # <ext IP>
    eth2: … inet     # <pvt IP>
  5. Open the Keystone configuration file and make the following changes. Remember the keystoneUser and keystonePass you setup using MySQL commands? This is where you tell Keystone how to connect to the database.
    $ sudo vim /etc/keystone/keystone.conf
    connection = mysql+pymysql://keystoneUser:keystonePass@<mgmt IP>/keystone
  6. Use the keystone-manage utility to populate the Keystone database:
    $ sudo keystone-manage db_sync
  7. Use the keystone-manage utility to initialize the Fernet key repositories:
    $ sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
    $ sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  8. Lastly, use the keystone-manage utility to bootstrap the identity service. Note the admin password we chose here. For your environment you can use a password you feel comfortable with for the admin user:
    $ sudo keystone-manage bootstrap --bootstrap-password admin \
       --bootstrap-admin-url http://<mgmt IP>:35357/v3/ \
       --bootstrap-internal-url http://<mgmt IP>:5000/v3/ \
       --bootstrap-public-url http://<ext IP>:5000/v3/ \
       --bootstrap-region-id RegionOne
  9. Check out the database tables that have been created by the keystone-manage utility:
    $ sudo mysql -u keystoneUser -p -e “show databases;”
  10. By default, Keystone uses the Apache HTTP server with mod_wsgi to serve requests on ports 5000 and 35357. We need to make one more small change in the Apache configuration, but everything else will be managed by Keystone. First, figure out your VM’s hostname by running the hostname command. Then open the Apache configuration file and insert the ServerName key at the end of the file, providing your hostname as the value:
    $ hostname
    $ sudo vim /etc/apache2/apache2.conf
    ServerName mylab
    $ sudo service apache2 restart
  11. Great job! Keystone is now ready to be used.

Step 9: Use the OpenStack client

Now to the fun bits: executing OpenStack commands related to Identity service!
  1. Install the OpenStack command line client. This client allows you to send queries to OpenStack program API’s in a convenient openstack command. For more information on its usage, you can run openstack help after installation:
    $ sudo apt-get install -y python-openstackclient
  2. First you need to set environment variables for authentication with Keystone. After you set these once, the rest of the commands will be authenticated using these values as long as you are still in the uninterrupted terminal session. Make sure to replace the OS_PASSWORD with your own password if you changed the admin password during the keystone bootstrap process. Make sure you also insert the management network's IP address.
    $ export OS_USERNAME=admin
    $ export OS_PASSWORD=admin
    $ export OS_PROJECT_NAME=admin
    $ export OS_AUTH_URL=http://<mgmt IP>:35357/v3
    $ export OS_USER_DOMAIN_NAME=Default
    $ export OS_PROJECT_DOMAIN_NAME=Default
  3. Try out the Identity service OpenStack commands. If any of these commands return an error, check the keystone logs located at /var/log/apache2/ for some hints
    $ openstack user list
    $ openstack project list
    $ openstack role list
OK, that’s one program down and few more to go for a basic OpenStack installation! Obviously, there are many more services, such as Nova, Neutron, Cinder, and so on. So why stop here? The general process is the same, and you can continue the installation process by checking out the official documentation:

Want a deeper look?

Take our OpenStack Bootcamp (OS250) for a full rundown of everything OpenStack, from installation to administration. (Special offer: You can get a $200 gift card if you complete this course before December 31, 2018! See full details at:

Choose your cloud native journey.

Whatever your role, we’re here to help with open source tools and world-class support.


Subscribe to our bi-weekly newsletter for exclusive interviews, expert commentary, and thought leadership on topics shaping the cloud native world.