<aside> 💡 A guide detailing the installation of OpenStack on a Ubuntu 24.04 server using a private network.

</aside>

Revision: 20250424-0 (init: 20240220)

Kolla Ansible provides production-ready containers (here, Docker) and deployment tools for operating OpenStack clouds. This guide explains how to install a single-host (all-in-one) OpenStack Cloud on a Ubuntu 24.04 server using a private network. We specify values and variables that can easily be adapted to others’ networks. We do not address encryption for the different OpenStack services and will use an HTTPS reverse proxy to access the dashboard.

This setup requires two physical NICs in the computer you will use.

Preamble

We will install OpenStack on a private network on a single host using a clean Ubuntu Linux 24.04 server installation. We will use Kolla Ansible to add floating IPs directly to the private network’s IP range.
We will not address HTTPS terminations on our private network. We will use another host to configure an HTTPS reverse proxy for the HTTP-configured OpenStack install and investigate how to integrate it separately, particularly regarding the SECURE_PROXY_SSL_HEADER, as detailed at https://docs.openstack.org/security-guide/dashboard/https-hsts-xss-ssrf.html.
Our installation uses a /openstack folder for creating the disk images and volumes.
- If you have a NAS where you want to store your VM disk images, use this method: Cinder can have more than one destination location in its /etc/kolla/config/nfs_shares.
OpenStack will use your host's various cores and memory as needed, so it is recommended that you dedicate the host to only OpenStack.

How to use this guide

Some of the files listed below are available at

geekierblog-artifacts/20250424-u24_openstack at main · mmartial/geekierblog-artifacts

After obtaining the different files, perform a find and replace process for the different values you will need to customize for your setup. This will allow you to copy/paste directly from the source file.

Values to adjust (in no particular order):

eno1 is the host's primary NIC.
- 10.30.0.20 is the DHCP (or manual) IP of that primary NIC.
enp1s0 is the secondary NIC of the host that should not have an IP and will be used for neutron.
kaosu, the user we are using for installation.
/openstack the location where we prepare the installation (in a kaos directory) and store Cinder’s NFS disks.
10.30.0.1 with your network’s gateway.
10.30.0.100 is the start IP for the OpenSack Floating IPs range.
10.30.0.199 is the end IP for the OpenStack Floating IPs range.
10.30.0.254 is the OpenStack internal VIP address.
os.example.com, the URL for OpenStack for our HTTPS upgrading reverse proxy.

We are not addressing user choices like Cinder or values for disk size/memory/number of cores/quotas in the my-init-runonce.sh script or later command lines.

Most steps in the “Post-installation” section require you to select your preferred user/project/IPs; adapt as needed in those steps.

Requirements

Hardware:
- Make sure virtualization is enabled in your host’s BIOS.
- Enough cores on the host to run the VMs: OpenStack is a cloud operating system. Learn more about it and its different services at https://www.openstack.org/
- At least 8GB RAM to run OpenStack, recommended a lot more to run the VMs themselves.
- We recommend at least 40GB of disk storage on the disk where the containers will be installed and a lot of extra storage for the VMs and disk images. We will use Cinder and NFS to store VM images.
- 2x physical NICs are needed. Their configuration is in /etc/netplan/50-cloud-init.yaml Here:
  - eno1 is the primary NIC, with IP 10.30.0.20
    - Make sure to have dhcp6: false in the netplan for that section.
  - enp1s0 is the secondary NIC, which should not have an IP assigned.
    - Disable its DHCP, set dhcp4: false and dhcp6: false for enp1s0
  - To apply changes to the configuration file: sudo netplan apply
A Linux host, here, an Ubuntu 24.04 server.
- With ssh set up.
- With system upgrades done, as needed.
- With a sudo-capable kaosu user for our OpenStack Kolla Ansible installation: sudo adduser kaosu; sudo usermod -aG sudo kaosu
- a /openstack directory for installing the different components: sudo mkdir /openstack
Networking with routing capabilities (i.e., a home router connecting to the internet). For our private network:
- The router’s gateway is 10.30.0.1.
- We will use a static IP for the primary NIC (here eno1 on 10.30.0.20).
- We reserved a range of IPs on the subnet that are unused, consecutive, and not assigned to the router’s DHCP range. We will use an IP range of 100 IPs: 10.30.0.100 - 10.30.0.199.
- We reserved one unused IP for the OpenStack connection; here 10.30.0.254.

Pre-installation steps

Hardware Enablement (HWE, optional)

To enable the later 6.x kernel:

sudo apt-get install -y linux-generic-hwe-24.04

sudo reboot -h now

Docker installation

As the kaosu user (latest instructions from https://docs.docker.com/engine/install/ubuntu/):

# Remove potential older versions
for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do sudo apt-get remove $pkg; done

# Add Docker's official GPG key:
sudo apt-get update
sudo apt-get install ca-certificates curl
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL <https://download.docker.com/linux/ubuntu/gpg> -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc

# Add the repository to Apt sources:
echo \\
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] <https://download.docker.com/linux/ubuntu> \\
  $(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \\
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update

sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin

sudo usermod -aG docker $USER

# logout from ssh and log back in, test that a sudo-less docker is available to your user
docker run hello-world

Passwordless sudo

To make our koasu user use the sudo command without being prompted for a password:

sudo visudo -f /etc/sudoers.d/kaosu-Overrides

# Add and adapt kaosu as needed
kaosu ALL=(ALL) NOPASSWD:ALL

# save the file and test in a new terminal or login
sudo echo works

NFS for Cinder

Additional details at https://docs.openstack.org/kolla-ansible/latest/reference/storage/cinder-guide.html and https://www.digitalocean.com/community/tutorials/how-to-set-up-an-nfs-mount-on-ubuntu-22-04.

We want to use NFS on /openstack/nfs to store Cinder-created volumes:

# Install nfs server
sudo apt-get install -y nfs-kernel-server

# Create the destination directory and make it nfs-permissions ready
sudo mkdir -p /openstack/nfs
sudo chown nobody:nogroup /openstack/nfs

# edit the `exports` configuration file
sudo nano /etc/exports

# Wihin this file: add the directory and the access host (ourselves, ie, our 10. IP) to the authorized list
/openstack/nfs       10.30.0.20(rw,sync,no_subtree_check)

# After saving, restart the nfs server
sudo systemctl restart nfs-kernel-server

# Prepare the cinder configuration to enable the NFS mount
sudo mkdir -p /etc/kolla/config
sudo nano /etc/kolla/config/nfs_shares

# Add the "remote" to mount in the file and save
10.30.0.20:/openstack/nfs

Kolla Ansible OpenStack (KAOS)

Latest instructions at https://docs.openstack.org/kolla-ansible/latest/user/quickstart.html.

We will work from/openstack/kaos for this install as the kaosu user (we recommend the use of a tmux).

Preparation

cd /openstack
sudo mkdir kaos
sudo chown $USER:$USER kaos
cd kaos

# Install a few things that might otherwise fail during ansible prechecks
sudo apt-get install -y git python3-dev libffi-dev gcc \\
  libssl-dev build-essential libdbus-glib-1-dev libpython3-dev \\
  cmake libglib2.0-dev python3-venv python3-pip

# Activate a venv
python3 -m venv venv
source venv/bin/activate
pip install -U pip

# Install extra python packages
pip install docker pkgconfig dbus-python

# Install Kolla Ansible from git
pip install git+https://opendev.org/openstack/kolla-ansible@master

# Create the /etc/kolla director, and populate it
sudo mkdir -p /etc/kolla
sudo chown $USER:$USER /etc/kolla
cp -r venv/share/kolla-ansible/etc_examples/kolla/* /etc/kolla
# we are going to do an all-in-one (single host) install, copy it in the current folder for easy edits
cp venv/share/kolla-ansible/ansible/inventory/all-in-one .

# Install Ansible Galaxy requirements
kolla-ansible install-deps

# generate random passwords (stored into /etc/kolla/passwords.yml)
kolla-genpwd

Edit and adapt the sudo nano /etc/kolla/globals.yml file as follows (search for matching keys):

kolla_base_distro: "ubuntu”
kolla_internal_vip_address: "10.30.0.254"
network_interface: "eno1"
neutron_external_interface: "enp1s0”
enable_cinder: "yes"
enable_cinder_backend_nfs: "yes"

Before we try the deployment, let’s ensure the Python interpreter is the venv one: at the top of the /openstack/kaos/all-in-one file, add:

localhost ansible_python_interpreter=/openstack/kaos/venv/bin/python

The proposed files are available:

raw.githubusercontent.com

Deployment

As the kaosu user in /openstack/kaos with the venv activated:

Bootstrap the host:
Do pre-deployment checks for the host:
Perform the OpenStack deployment:

If all goes well, you will have a PLAY RECAP at the end of a successful install, which might look similar to the following:

PLAY RECAP ****...
localhost                  : ok=425  changed=280  unreachable=0    failed=0    skipped=249  rescued=0    ignored=1

The Dashboard will be on our host's port 80 at *http://10.30.0.20/*. The admin user password can be found using:

 fgrep keystone_admin_password /etc/kolla/passwords.yml

CLI

Untitled