Here is brave attempt to install minimalist OpenStack manually on Ubuntu 22.04 LTS. I strongly recommend using Ubuntu because:

Hot News!

Finally I was able to to make simplest possible OpenStack setup (with single network interface eth0 connected to static bridge br-ex which is also used for VMs). Please see https://github.com/hpaluch/osfs for details.

Text below is kept for reference only. I now put all my OpenStack effort to scripted setup in https://github.com/hpaluch/osfs project.

• it is default distribution used on OpenStack (OpenDev) infrastructure

• guides are most up-to-date for Ubuntu, for example from https://docs.openstack.org/install-guide/environment-packages-ubuntu.html (Nov 2023):

  OpenStack 2023.2 Bobcat for Ubuntu 22.04 LTS

  which is fine.

• On other side, if you look on package guide for openSUSE it is very out-of-date - is if for LEAP 15.1 while current stable version is 15.4: https://docs.openstack.org/install-guide/environment-packages-obs.html

WARNING! This guide is incomplete. I make no promises that it will be completed in future :-)

At first we must have network with bridge. I disabled annoying predictable NIC names adding net.ifnames=0 biosdevname=0 to /etc/default/grub:

GRUB_CMDLINE_LINUX_DEFAULT="video=Virtual-1:800x600 net.ifnames=0 biosdevname=0"

(You can also add that video= if your machine is VM under KVM/Spice - it will limit SPICE console resolution so sane 800x600)

Now update grub using obvious:

sudo update-grub

Rename enXX interface to eth0 in /etc/netplan/00-installer-config.yaml, my looks this:

# This is the network config written by 'subiquity'
network:
  ethernets:
    eth0:
      dhcp4: true
  version: 2

Do not forget to generate network configuration:

sudo netplan generate

And then test - this will save you time when something breaks...

sudo netplan test

Reboot machine and test that network still works.

In our exmple I use local private network 192.168.0.0/24. I will assign 192.168.0.4 as static IP to my machine for OpenStack.

Basically all KVM setups (including OpenStack) need to wrap ethernet to bridge interface so virtual machines can transparently access physical network. At first we need to install bridge-utils:

sudo apt-get install bridge-utils

Now we need to create entirely new NetPlan file that will use static IP address and wrap eth0 to bridge. So do this:

• move original (DHCP) netplan file to backup location:

  sudo mv /etc/netplan/00-installer-config.yaml /root

• create new /etc/netplan/99-myopenstack.yaml with contents like - from https://netplan.readthedocs.io/en/stable/examples/#configuring-network-bridges

  network:
    version: 2
    ethernets:
      eth0:
        dhcp4: no
        dhcp6: no
    bridges:
      br-ex:
        interfaces: [eth0]
        dhcp4: no
        dhcp6: no
        addresses: [192.168.0.4/24]
        gateway4: 192.168.0.1
        nameservers:
          addresses: [8.8.8.8]

• again we must generate new configuration

  sudo netplan generate

• now login from LOCAL console and run

  sudo netplan try

• this WILL break your existing connection because we are changing IP address to static 192.168.0.4.

• verify locally that it works and press ENTER to accept new network settings

• and reboot

• in my example the machine should be reachable on static ip 192.168.0.4

Now we should ensure that we have proper hostname.

• I added to my /etc/hosts:

  192.168.0.4 x2-oss.example.com x2-oss
  

• and set my new hostname x2-oss (osfs means "OpenStack from Scratch):

  hostnamectl set-hostname x2-oss

• and test that hostname resolves to proper IP address:

  $ hostname -i
  
  192.168.0.4

We need to enable OpenStack repository as described on page:

• https://docs.openstack.org/install-guide/environment-packages-ubuntu.html

Latest release for Ubuntu 22.04 LTS is Bobcat - but it is buggy, so run this command: (Antelope is previous release that at least works...)

sudo add-apt-repository cloud-archive:antelope

WARNING! Bobcat on latest Ubuntu 22.04.3 crashes with:

File "/usr/lib/python3/dist-packages/eventlet/green/thread.py", line 34, in get_ident
AttributeError: 'NoneType' object has no attribute 'getcurrent'

Someone already reported here:

• https://bugs.launchpad.net/keystone/+bug/2042744 Starting to being curious how it was tested...

So rather stick with Antelope...

Following https://docs.openstack.org/install-guide/environment-packages-ubuntu.html

sudo eatmydata apt-get install python3-openstackclient

From https://docs.openstack.org/install-guide/environment-sql-database-ubuntu.html:

sudo eatmydata apt-get install mariadb-server python3-pymysql

And as advised on https://mariadb.com/docs/reference/es/system-variables/innodb_flush_log_at_trx_commit/ create /etc/mysql/mariadb.conf.d/99-openstack.cnf with contents like:

[mysqld]
bind-address = 192.168.0.4

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
# my additions
innodb_buffer_pool_size = 256m
# see: https://mariadb.com/docs/reference/es/system-variables/innodb_flush_log_at_trx_commit/
innodb_flush_log_at_trx_commit = 0

And restart MySQL/MariaDB:

sudo systemctl restart mariadb

Run (as from guide):

sudo mysql_secure_installation
# answer no to socket auth
# set MySQL's root password and note it to some file.

Now we will install m4 so we can create templates for DB creation.

sudo apt-get install m4

Now create simple template file to setup database, user and password called mysql_setup_template.m4

changequote(`[',`]')
CREATE DATABASE MYDB;
GRANT ALL PRIVILEGES ON MYDB.* TO 'MYDB'@'localhost' IDENTIFIED BY 'MYPW';
GRANT ALL PRIVILEGES ON MYDB.* TO 'MYDB'@'%' IDENTIFIED BY 'MYPW';
FLUSH PRIVILEGES;

Memcached is recommended caching layer for OpenStack so we will install it using:

sudo apt-get install memcached telnet

Change memcached to listen on our official IP address 192.168.0.4:

• change in file /etc/memcached.conf

  diff -u /etc/memcached.conf{.orig,}
  --- /etc/memcached.conf.orig	2023-04-28 14:27:39.632946410 +0000
  +++ /etc/memcached.conf	2023-04-28 14:27:49.684267716 +0000
  @@ -32,7 +32,7 @@
   # Specify which IP address to listen on. The default is to listen on all IP addresses
   # This parameter is one of the only security measures that memcached has, so make sure
   # it's listening on a firewalled interface.
  --l 127.0.0.1
  +-l 192.168.0.4
   
   # Limit the number of simultaneous incoming connections. The daemon default is 1024
   # -c 1024

• restart service:

  sudo systemctl restart memcached

And test it with telnet:

telnet `hostname -i` 11211
Connected to localhost.
Escape character is '^]'.
stats
STAT pid 8635
STAT uptime 24
...
END
quit
Connection closed by foreign host.

We need to follow: https://docs.openstack.org/install-guide/openstack-services.html

So we must install these services in specified order:

• Identity service – keystone
• Image service – glance
• Placement service – placement
• Compute service – nova
• Networking service – neutron

We need to follow guide on https://docs.openstack.org/keystone/latest/install/keystone-install-ubuntu.html Setup MySQL database and user for keystone (we will utilize our m4 template):

m4 -D MYDB=keystone -D MYPW=$(openssl rand -hex 10) \
    mysql_setup_template.m4 > mysql_setup_keystone.sql

And invoke it:

# as noted in OpenStack docs
# root connects via socket so we must use sudo mysql...
sudo mysql -p`cat mysql_root_pwd.txt` < mysql_setup_keystone.sql

Install keystone package:

sudo eatmydata apt-get install keystone

Now we need to update database connection and token type in /etc/keystone/keystone.conf, in my example:

diff -u /etc/keystone/keystone.conf{.orig,}
--- /etc/keystone/keystone.conf.orig	2023-04-28 14:32:12.231188779 +0000
+++ /etc/keystone/keystone.conf	2023-04-28 14:35:23.864847458 +0000
@@ -410,7 +410,7 @@
 # dogpile.cache.memory - <No description provided>
 # dogpile.cache.memory_pickle - <No description provided>
 # dogpile.cache.null - <No description provided>
-#backend = dogpile.cache.null
+backend = dogpile.cache.memcached 
 
 # Arguments supplied to the backend module. Specify this option once per
 # argument to be passed to the dogpile.cache backend. Example format:
@@ -423,7 +423,7 @@
 #proxies =
 
 # Global toggle for caching. (boolean value)
-#enabled = true
+enabled = true
 
 # Extra debugging from the cache backend (cache keys, get/set/delete/etc
 # calls). This is only really useful if you need to see the specific cache-
@@ -440,7 +440,7 @@
 # ``inet6:[controller-0.internalapi]:11211``). If the address family is not
 # given then these backends will use the default ``inet`` address family which
 # corresponds to IPv4 (list value)
-#memcache_servers = localhost:11211
+memcache_servers = 192.168.0.4:11211
 
 # Number of seconds memcached server is considered dead before it is tried
 # again. (dogpile.cache.memcache and oslo_cache.memcache_pool backends only).
@@ -658,7 +658,9 @@
 
 
 [database]
-connection = sqlite:////var/lib/keystone/keystone.db
+#connection = sqlite:////var/lib/keystone/keystone.db
+connection = mysql+pymysql://keystone:[email protected]/keystone
+
 
 #
 # From oslo.db
@@ -2665,11 +2667,11 @@
 # tokens are only signed. Please be sure to consider this if your deployment
 # has security requirements regarding payload contents used to generate token
 # IDs. (string value)
-#provider = fernet
+provider = fernet
 
 # Toggle for caching token creation and validation data. This has no effect
 # unless global caching is enabled. (boolean value)
-#caching = true
+caching = true
 
 # The number of seconds to cache token creation and validation data. This has
 # no effect unless both global and `[token] caching` are enabled. (integer

WARNING! You must use Static IP address of host to connect to MySQL (here 192.168.0.4) - because MySQL is bound just there. It is intentional - to avoid MySQL binding to bridged VM addresses etc...

Bootstrap database:

sudo -u keystone keystone-manage db_sync

WARNING! The keystone-manage does NOT report errors. You must look into /var/log/keystone/keystone-manage.log for errors.

There should be NO ERROR level messages, only INFO messages like:

... INFO alembic.runtime.migration [-] Running upgrade 27e647c0fad4 -> 29e87d24a316, Initial no-op Yoga expand migration.

Continue with Token setup:

sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

Again: Always verify that there are no errors in /var/log/keystone/keystone-manage.log

Now generate Keystone admin user's password to some file:

openssl rand -hex 10 > ~/keystone_admin_pwd.txt

And bootstrap Admin user (I recommend to write this command to shell script file first):

#!/bin/bash

set -xe

sudo keystone-manage bootstrap --bootstrap-password $(cat ~/keystone_admin_pwd.txt) \
  --bootstrap-admin-url http://$(hostname -i):5000/v3/ \
  --bootstrap-internal-url http://$(hostname -i):5000/v3/ \
  --bootstrap-public-url http://$(hostname -i):5000/v3/ \
  --bootstrap-region-id RegionOne

Again: Verify that there are no errors in /var/log/keystone/keystone-manage.log

In my case there was warning which I ignored :-)

WARNING py.warnings [None req-59de97a3-f6b9-43a3-bb79-d883da61a34d - - - - - -] /usr/lib/python3/dist-packages/pycadf/identifier.py:71: UserWarning: Invalid uuid: RegionOne. To ensure interoperability, identifiers should be a valid uuid.
  warnings.warn(('Invalid uuid: %s. To ensure interoperability, '

Now restart Apache (I skipped setting ServerName):

sudo systemctl restart apache2

Ensure that Keystone is listening on port 5000

$ ss -ltn | grep :5000

LISTEN   0         128                       *:5000                   *:*

Now the point of truth - create script ~/keystonerc_admin with contents like:

export OS_USERNAME=admin
# paste password from ~/keystone_admin_pwd.txt
export OS_PASSWORD=b43c96485199590f3288
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
# replace with you static IP address
export OS_AUTH_URL=http://192.168.0.4:5000/v3
export OS_IDENTITY_API_VERSION=3
export PS1='\u@\h:\w(keystonerc_admin)\$ '

And try it on separate shell instance (so it will not noise current environment):

$ bash
$ source keystonerc_admin
(keystonerc_admin)$ openstack service list

+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| ac65aaf4c97d4e01b9d4ff6b9184e377 | keystone | identity |
+----------------------------------+----------+----------+


(keystonerc_admin)$ openstack endpoint list -f yaml

Example output:

- Enabled: true
  ID: 11a6bfb9fbd84942a58022cfabce0f82
  Interface: admin
  Region: RegionOne
  Service Name: keystone
  Service Type: identity
  URL: http://192.168.0.4:5000/v3/
- Enabled: true
  ID: 33d34e7e66014d679085519a24c3967d
  Interface: internal
  Region: RegionOne
  Service Name: keystone
  Service Type: identity
  URL: http://192.168.0.4:5000/v3/
- Enabled: true
  ID: 39ccc3ad08aa406ea30cab66a027cbfc
  Interface: public
  Region: RegionOne
  Service Name: keystone
  Service Type: identity
  URL: http://192.168.0.4:5000/v3/

Continue with setup:

# needed by glance etc...
openstack project create --domain default \
  --description "Service Project" service

# not sure if these are really needed:
openstack domain create --description "An Example Domain" example
openstack project create --domain default \
  --description "Demo Project" myproject
openstack user create --domain default --password looser myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole

One can also try these commands to get more timing information:

# Dumps HTTP request timing table after data
openstack service list --timing
# Dumps executed curl commands (ehm,....)
openstack service list --debug

Profiling OpenStack client (this one is also slow) from https://stackoverflow.com/a/582337:

python3 -m cProfile -s cumtime /usr/bin/openstack service list

But the output seems to be strange, that 5 seconds were spend in executed commands - you can see them using --debug parameter, for example:

openstack service list --debug

Glance is image service (like AMI in Amazon AWS) that is necessary to start VM (called "instance"). We will follow this guide:

• https://docs.openstack.org/glance/latest/install/install-ubuntu.htmlk0

Create database for glance

cd
m4 -D MYDB=glance -D MYPW=$(openssl rand -hex 10) \
    mysql_setup_template.m4 > mysql_setup_glance.sql
sudo mysql -p`cat mysql_root_pwd.txt` < mysql_setup_glance.sql

Now we will have to register glance in Keystone:

source ~/keystonerc_admin
# test that openstack client really works
openstack service list
# create password for glance
openssl rand -hex 10 > ~/glance_keystone_pwd.txt
openstack user create --domain default \
    --password $(cat  ~/glance_keystone_pwd.txt) glance
openstack role add --project service --user glance admin
openstack service create --name glance \
  --description "OpenStack Image" image
openstack endpoint create --region RegionOne \
   image public http://$(hostname -i):9292
openstack endpoint create --region RegionOne \
   image internal http://$(hostname -i):9292
openstack endpoint create --region RegionOne \
   image admin http://$(hostname -i):9292

Now we can install and configure glance:

sudo eatmydata apt-get install glance

And edit configuration file /etc/glance/glance-api.conf:

diff -u /etc/glance/glance-api.conf{.orig,}
--- /etc/glance/glance-api.conf.orig	2023-04-28 14:54:51.621943338 +0000
+++ /etc/glance/glance-api.conf	2023-04-28 15:01:42.146553952 +0000
@@ -1716,7 +1716,8 @@
 
 
 [database]
-connection = sqlite:////var/lib/glance/glance.sqlite
+#connection = sqlite:////var/lib/glance/glance.sqlite
+connection = mysql+pymysql://glance:[email protected]/glance
 backend = sqlalchemy
 
 #
@@ -3122,6 +3123,9 @@
 
 
 [glance_store]
+stores = file,http
+default_store = file
+filesystem_store_datadir = /var/lib/glance/images/
 
 #
 # From glance.multi_store
@@ -4972,6 +4976,17 @@
 
 
 [keystone_authtoken]
+www_authenticate_uri = http://192.168.0.4:5000
+auth_url = http://192.168.0.4:5000
+memcached_servers = 192.168.0.4:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = glance
+# password from ~/glance_keystone_pwd.txt
+password = ad0912e1e52c39cb8ad3
+ 
 
 #
 # From keystonemiddleware.auth_token
@@ -5851,6 +5866,7 @@
 
 
 [paste_deploy]
+flavor = keystone
 
 #
 # From glance.api

And run db_sync:

$ sudo -u glance glance-manage db_sync

...
Database is synced successfully.

Finally prepare image directory and restart service:

# this should be already done at least for Antelope:
sudo mkdir -p /var/lib/glance/images/
sudo chown glance:glance /var/lib/glance/images/

sudo systemctl restart glance-api

And now test glance - uploading cirros image:

cd
curl -OLf http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img
# now you should be in shell with keystone admin:
source keystonerc_admin
openstack image create --public --container-format bare \
   --disk-format qcow2 --file cirros-0.5.1-x86_64-disk.img cirros

And verify that image exist:

$ openstack image list

+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| c7d0b85c-89be-44a4-8603-a061930c9976 | cirros | active |
+--------------------------------------+--------+--------+

$ sudo ls -l /var/lib/glance/images

total 15956
-rw-r----- 1 glance glance 16338944 Apr 28 15:12 c7d0b85c-89be-44a4-8603-a061930c9976

As we can (unfortunately) see on

• https://docs.openstack.org/install-guide/openstack-services.html

There is new mandatory service called placement. So we need to setup it using:

• https://docs.openstack.org/placement/latest/install/install-ubuntu.html

Setup MySQL database as usual:

cd
m4 -D MYDB=placement -D MYPW=$(openssl rand -hex 10) \
    mysql_setup_template.m4 > mysql_setup_placement.sql
sudo mysql -p`cat mysql_root_pwd.txt` < mysql_setup_placement.sql

Now setup Keystone for Placement service:

source ~/keystonerc_admin
# test that openstack client really works
openstack service list
# create password for placement
openssl rand -hex 10 > ~/placement_keystone_pwd.txt
openstack user create --domain default \
    --password $(cat  ~/placement_keystone_pwd.txt) placement
openstack role add --project service --user placement admin
openstack service create --name placement \
  --description "Placement API" placement
for i in public internal admin;do \
  openstack endpoint create --region RegionOne \
  placement $i http://$(hostname -i):8778; done

Now install Placement:

sudo eatmydata apt-get install placement-api python3-osc-placement

Update configuration file /etc/placement/placement.conf:

diff -u /etc/placement/placement.conf{.orig,}
--- /etc/placement/placement.conf.orig	2023-04-28 15:17:41.758559170 +0000
+++ /etc/placement/placement.conf	2023-04-28 15:20:16.481164730 +0000
@@ -189,6 +189,7 @@
 
 
 [api]
+auth_strategy = keystone
 #
 # Options under this group are used to define Placement API.
 
@@ -238,6 +239,14 @@
 
 
 [keystone_authtoken]
+auth_url = http://192.168.0.4:5000/v3
+memcached_servers = 192.168.0.4:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = placement
+password = d349d7af7061e3c6e63b
 
 #
 # From keystonemiddleware.auth_token
@@ -512,7 +521,8 @@
 
 
 [placement_database]
-connection = sqlite:////var/lib/placement/placement.sqlite
+#connection = sqlite:////var/lib/placement/placement.sqlite
+connection = mysql+pymysql://placement:[email protected]/placement
 #
 # The *Placement API Database* is a the database used with the placement
 # service. If the connection option is not set, the placement service will

And run db_sync and restart Apache2:

sudo -u placement placement-manage db sync
# WARNING! Found no log and no output from above command...
sudo systemctl restart apache2

Here is example how to test that Placement is responding

• see https://docs.openstack.org/placement/latest/user/index.html

bash # do not clutter main shell with admin environment
source ~/keystonerc_admin
openstack resource class list

Last command should show something like:

+----------------------------------------+
| name                                   |
+----------------------------------------+
| VCPU                                   |
| MEMORY_MB                              |
| DISK_GB                                |
...

Remember to press Ctrl-D or type exit to exit shell configured for admin environment.

Both Neutron and Nova require RabbitMQ so we have to install it now following:

• https://docs.openstack.org/install-guide/environment-messaging-ubuntu.html

Install RabbitMQ:

sudo eatmydata apt-get install -y rabbitmq-server

openssl rand -hex 10 > ~/rabbit_pwd.txt

Now edit /etc/rabbitmq/rabbitmq-env.conf this way (bind on specific IP address):

diff -u /etc/rabbitmq/rabbitmq-env.conf{.orig,}
--- /etc/rabbitmq/rabbitmq-env.conf.orig	2023-11-16 15:22:18.844662649 +0000
+++ /etc/rabbitmq/rabbitmq-env.conf	2023-11-16 15:22:29.220032146 +0000
@@ -7,7 +7,7 @@
 # By default RabbitMQ will bind to all interfaces, on IPv4 and IPv6 if
 # available. Set this if you only want to bind to one network interface or#
 # address family.
-#NODE_IP_ADDRESS=127.0.0.1
+NODE_IP_ADDRESS=192.168.0.4
 
 # Defaults to 5672.
 #NODE_PORT=5672

Restart rabbitmq, verify LISTEN address and setup user and permissions:

$ sudo systemctl restart rabbitmq-server.service

$ ss -ltn | grep :5672

LISTEN 0      128      192.168.0.4:5672       0.0.0.0:* 

$ sudo rabbitmqctl add_user openstack $(cat rabbit_pwd.txt)

$ sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Because Neutron (network) and Nova (compute) depends on each other we have to first setup Database and Service for both components and then continue.

Setup MySQL database as usual:

cd
m4 -D MYDB=neutron -D MYPW=$(openssl rand -hex 10) \
    mysql_setup_template.m4 > mysql_setup_neutron.sql
sudo mysql -p`cat mysql_root_pwd.txt` < mysql_setup_neutron.sql

Now setup Keystone for Neutron service:

source keystonerc_admin
# test that openstack client really works
openstack service list
openssl rand -hex 10 > ~/neutron_keystone_pwd.txt
openstack user create --domain default \
    --password $(cat  ~/neutron_keystone_pwd.txt) neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron \
  --description "OpenStack Networking" network
for i in public internal admin;do \
  openstack endpoint create --region RegionOne \
  network $i http://$(hostname -i):9696; done

Start with easy part:

• generate common DB password:

  openssl rand -hex 10 > ~/nova_db_pwd.txt

• prepare 3 databases with same password (it seems that cell0 is somehow inherited)

Create special template mysql_setup_nova_template.m4 with contents:

changequote(`[',`]')
CREATE DATABASE MYDB;
GRANT ALL PRIVILEGES ON MYDB.* TO 'nova'@'localhost' IDENTIFIED BY 'MYPW';
GRANT ALL PRIVILEGES ON MYDB.* TO 'nova'@'%' IDENTIFIED BY 'MYPW';
FLUSH PRIVILEGES;

m4 -D MYDB=nova -D MYPW=$(cat ~/nova_db_pwd.txt) \
    mysql_setup_nova_template.m4 > mysql_setup_nova.sql
sudo mysql -p`cat mysql_root_pwd.txt` < mysql_setup_nova.sql

m4 -D MYDB=nova_api -D MYPW=$(cat ~/nova_db_pwd.txt) \
    mysql_setup_nova_template.m4 > mysql_setup_nova_api.sql
sudo mysql -p`cat mysql_root_pwd.txt` < mysql_setup_nova_api.sql

m4 -D MYDB=nova_cell0 -D MYPW=$(cat ~/nova_db_pwd.txt) \
    mysql_setup_nova_template.m4 > mysql_setup_nova_cell0.sql
sudo mysql -p`cat mysql_root_pwd.txt` < mysql_setup_nova_cell0.sql

Now OpenStack setup:

openssl rand -hex 10 > ~/nova_keystone_pwd.txt
openstack user create --domain default \
    --password $(cat  ~/nova_keystone_pwd.txt) nova
openstack role add --project service --user nova admin
openstack service create --name nova \
  --description "OpenStack Compute" compute
for i in public internal admin;do \
  openstack endpoint create --region RegionOne \
  compute $i http://$(hostname -i):8774/v2.1; done

Now we can install packages (TODO refine):

sudo apt-get install neutron-server neutron-plugin-ml2 \
       neutron-linuxbridge-agent python3-neutronclient

For me best option seems to be MACVTAP combined with FLAT network:

• https://docs.openstack.org/neutron/latest/admin/config-macvtap.html
• https://docs.openstack.org/neutron/latest/install/controller-install-option1-ubuntu.html

Compute service (Nova) requires at least partially installed and configured Neutron (Network layer). So we have to follow https://docs.openstack.org/neutron/latest/install/controller-install-ubuntu.html#configure-the-compute-service-to-use-the-networking-service first.

TODO:

Now we want so called "Provider" network but without VLANs. Some resources:

• https://docs.openstack.org/neutron/pike/admin/deploy-lb-provider.html
• https://docs.openstack.org/neutron/latest/install/controller-install-option1-ubuntu.html
• https://docs.openstack.org/nova/latest/install/controller-install-ubuntu.html#install-and-configure-components
• https://opensource.com/article/17/4/openstack-neutron-networks
• https://blog.oddbit.com/post/2015-06-26-openstack-networking-without-d/

Studying 'local' driver but it is undocmented:

• https://wiki.openstack.org/wiki/Neutron/ML2/LenovoML2Mechanism
• https://github.com/openstack/neutron/blob/master/neutron/plugins/ml2/drivers/type_local.py

My final plant is to use:

• Flat network type
• Linux bridge ML2 agent
• https://docs.openstack.org/neutron/2023.2/admin/config-ml2.html
• https://docs.openstack.org/neutron/2023.2/configuration/linuxbridge-agent.html

This seems to be most close to my needs:

• https://www.server-world.info/en/note?os=Ubuntu_20.04&p=openstack_yoga2&f=5

TODO:

To Follow:

• https://docs.openstack.org/nova/latest/#installation

First we have to install controller portion as pointed here:

• https://docs.openstack.org/nova/latest/install/controller-install-ubuntu.html

Following:

• https://docs.openstack.org/nova/latest/install/controller-install-ubuntu.html#install-and-configure-components

Install packages:

sudo eatmydata apt-get install nova-api nova-conductor nova-novncproxy nova-scheduler

Now edit /etc/nova/nova.conf this way:

TODO - missing Neutron part

diff -u /etc/nova/nova.conf{.orig,}
--- /etc/nova/nova.conf.orig	2023-11-16 15:32:47.730486103 +0000
+++ /etc/nova/nova.conf	2023-11-16 15:53:51.491113117 +0000
@@ -2,6 +2,8 @@
 log_dir = /var/log/nova
 lock_path = /var/lock/nova
 state_path = /var/lib/nova
+# replace 730e38f884fa84ba35b8 with content of rabbit_pwd.txt
+transport_url = rabbit://openstack:[email protected]:5672/
 
 #
 # From nova.conf
@@ -505,7 +507,7 @@
 # This option has a sample default set, which means that
 # its actual default value may vary from the one documented
 # below.
-#my_ip = <host_ipv4>
+my_ip = 192.168.0.4
 
 #
 # The IP address which is used to connect to the block storage network. For more
@@ -884,6 +886,8 @@
 
 
 [api]
+auth_strategy = keystone
+
 #
 # Options under this group are used to define Nova API.
 
@@ -1095,7 +1099,9 @@
 
 
 [api_database]
-connection = sqlite:////var/lib/nova/nova_api.sqlite
+# replace 5762358da4cfed74c272 with password from  nova_db_pwd.txt
+connection = mysql+pymysql://nova:[email protected]/nova_api
+
 #
 # The *Nova API Database* is a separate database which is used for information
 # which is used across *cells*. This database is mandatory since the Mitaka
@@ -1856,7 +1862,8 @@
 
 
 [database]
-connection = sqlite:////var/lib/nova/nova.sqlite
+# replace 5762358da4cfed74c272 with password from  nova_db_pwd.txt
+connection = mysql+pymysql://nova:[email protected]/nova
 #
 # The *Nova Database* is the primary database which is used for information
 # local to a *cell*.
@@ -2185,6 +2192,7 @@
 # retained temporarily to allow consumers time to cut over to a real load
 # balancing solution.
 #api_servers = <None>
+api_servers = http://192.168.0.4:9292
 
 #
 # Enable glance operation retries. For more information, refer to the
@@ -2874,7 +2882,16 @@
 
 
 [keystone_authtoken]
-
+www_authenticate_uri = http://192.168.0.4:5000/
+auth_url = http://192.168.0.4:5000/
+memcached_servers = 192.168.0.4:11211
+auth_type = password
+project_domain_name = Default
+user_domain_name = Default
+project_name = service
+username = nova
+# replace 057837ac4a860b1352b8 with content of nova_keystone_pwd.txt
+password = 057837ac4a860b1352b8
 #
 # From keystonemiddleware.auth_token
 #
@@ -4032,7 +4049,7 @@
 # to environment variable OSLO_LOCK_PATH. If external locks are used, a lock
 # path must be set (string value)
 #lock_path = <None>
-
+lock_path = /var/lib/nova/tmp
 
 [oslo_limit]
 
@@ -4769,7 +4786,15 @@
 
 
 [placement]
-
+region_name = RegionOne
+project_domain_name = Default
+project_name = service
+auth_type = password
+user_domain_name = Default
+auth_url = http://192.168.0.4:5000/v3
+username = placement
+# replace bedd9a4467415e9481d0 with content of placement_keystone_pwd.txt
+password = bedd9a4467415e9481d0
 #
 # From nova.conf
 #
@@ -5271,6 +5296,17 @@
 
 
 [service_user]
+send_service_user_token = true
+auth_url = http://192.168.0.4/identity
+auth_strategy = keystone
+auth_type = password
+project_domain_name = Default
+project_name = service
+user_domain_name = Default
+username = nova
+# replace 057837ac4a860b1352b8 with content of nova_keystone_pwd.txt
+password = 057837ac4a860b1352b8
+
 #
 # Configuration options for service to service authentication using a service
 # token. These options allow sending a service token along with the user's token
@@ -5843,18 +5879,18 @@
 # Enable VNC related features. For more information, refer to the documentation.
 # (boolean value)
 # Deprecated group/name - [DEFAULT]/vnc_enabled
-#enabled = true
+enabled = true
 
 #
 # The IP address or hostname on which an instance should listen to for
 # incoming VNC connection requests on this node.
 #  (host address value)
-#server_listen = 127.0.0.1
+server_listen = 192.168.0.4
 
 #
 # Private, internal IP address or hostname of VNC console proxy. For more
 # information, refer to the documentation. (host address value)
-#server_proxyclient_address = 127.0.0.1
+server_proxyclient_address = 192.168.0.4
 
 #
 # Public address of noVNC VNC console proxy. For more information, refer to the

TODO

• install Packages https://docs.openstack.org/nova/latest/install/controller-install-ubuntu.html
• configure ...

Then we can install compute portion...

TODO