In this article, I will explore how to install and configure OpenStack in an easy way.

Let start to discuss OpenStack little bit. It is a broad and very complicated system because it uses a lot of services which work together via API. It supports a lot of Hypervisors (KVM, XEN, Qemu, ESXI, HyperV). I will describe some of the services as following:

Nova – Controls all compute nodes (which are hypervisors – KVM, XEN, Qemu, ESXI, HyperV).

Horizon – The dashboard, WEB user interface.

Keystone – Identity service. Identifies the tenant users and gives access to the internal resources.

Swift – Object storage service. Represent access to the object storage via API.

Glance – Image manager. Controls images for virtual instances.

Cinder – Block storage service. Controls block devices used by virtual instances.

Neutron – A Software Defined Networking service. Controls network resources between instances, Controller and Compute nodes via OpenvSwitch (software-based network switch) which supports VXLAN. Agents are used as a communication point. It is the most complicated service in the OpenStack.

The configuration of OpenStack is consists of one Controller and three Compute nodes with CentOS7.2 operating system. The network topology will be as following:

Prior to starting the installation and configuration we must use DNS names or /etc/hosts file for all Linux machines. I use domain name and my A records as following:

root password for all servers is the same.
The following steps must be performed on all servers (controller and compute nodes).

Change network card name to legacy ethX format.

Add net.ifnames=0 biosdevname=0 to the end of the GRUB_CMDLINE_LINUX variable in the /etc/default/grub file:

Create /etc/sysconfig/network-scripts/ifcfg-eth0 file and add the following lines to it (Do not forget to change IP address for all servers):

Create /etc/sysconfig/network-scripts/ifcfg-eth1 file and add the following lines to it (Do not forget to change IP address for all servers):

Update GRUB configuration file and reboot all servers:


Perform the system update, install required tools and update the system time (at the end restart the system):

The following steps must be performed only on the


Generate the answer file for our OpenStack configuration:
[[email protected] ~]# packstack –gen-answer-file=/root/answer.txt

Content of the answer.txt file will be as indicated below:

To configure ssh token authentication automatically you can use the script from my GitHub repository:

Edit the iplist file, add IP addresses of the Controller and all Compute nodes (root password for all servers must be the same):

Execute the script and after that SSH token authentication will be ready:

After installation, we must change network configuration for all servers as follows

Create the /etc/sysconfig/network-scripts/ifcfg-eth0 file and add the following lines to it:

Create the /etc/sysconfig/network-scripts/ifcfg-eth1 file and add the following lines to it:

Create the /etc/sysconfig/network-scripts/ifcfg-br-ex file and add the following lines to it (Do not forget to change IP address for all servers):


Create /etc/sysconfig/network-scripts/ifcfg-br-eth1 file and add the following lines to this file(Do not forget change IP address for all servers):

Restart all servers:


The output of the ovs-vsctl show command in the controller node must be as follows:


To check the status of the OpenStack services use the following command:


The next step is to configure a new Project for our tenant users. Please go to the Identity -> Projects -> Create Project, add the project name Engineering and press the Create Project button.


We must to add 2 new users. The users will be user (simple user with simple privileges) and adm (admin user with tenant admin privileges)
Go to the Identity -> Users -> Create User page


In the Next step we must create our new Flavor for our Tenant. Go to the Admin -> Flavors -> Create Flavor page.


Then we must download new image templates from the official OpenStack web page:

Now we can Sign Out and Login back with username user.
Go to the Project -> Compute -> Images -> Create Image

As the first image I selected CentOS6.7 and URL is

We must copy and paste this URL in the Image location place.


Repeat this step for Debian and Ubuntu. Used URLS are following:

At the next step, we must configure the network for our new tenant environment.

Go to the Project -> Network -> Networks -> Create Network

Enter the network name – int – and click Subnet button:

Enter the Subnet name and Local network address for Virtual Instances and press Next button.


Enter the subnet range and DNS for Virtual Instances and press Create button.


Press Create Network button again to create External network (repeat above steps).

Enter network name – Ext – and select Subnet tab

Enter Subnet Name, Network Address, Gateway IP and select Subnet Details.


Uncheck “Enable DHCP”, enter a range of IP addresses, DNS IP addresses, and press Create button.


Go to the Project -> Network -> Routers -> Create Router

Enter Router Name and press Create Router button.

Log out from the system and log back in with the tenant admin (username: adm) user. Go to the Admin -> System -> Networks and click Edit Network for the network ext

Select the External Network checkbox and press Save Changes button:


Sign Out from the system as tenant admin (username: adm) and Sign In back with tenant user (username: user)

Go to the Project -> Network -> Routers and press button Set Gateway for our router


Select External Network (our external subnet: ext) and press Submit button:



Click to the router link:

Go to the Interfaces -> Add Interface, select Subnet as local subnet (local subnet is for internal network interface on our software router) int and press Submit button


As a result we will see the following configuration of the router:


Next, we must configure Floating IP addresses. Go to the Project -> Compute -> Access & Security and select tab Floating IPs

Then press Allocate IP To Project button. Select ext pool and press Allocate IP button:


Repeat this step for every PUBLIC IP address (which is already specified in our ext pool). In my case result was the following:

Go to the Security Groups -> Create Security Group and press Create Security Group button:


Press Manage Rules:


Press Add Rule button and add rules for incoming ICMP, SSH, HTTPS:






At the end we accept the HTTP traffic from other instances:


End result will be as following:


Go back to the Project -> Access & Security page and select Key Pairs tab and press Create Key Pair button


Enter Key pair Name and press Create Key Pair button:

Save this file in the secure place. You will use this key to connect to your virtual instances over SSH.

Now we have finished the network configuration. Go to the Project -> Network -> Network Topology page to perform a check.


At the end of the network configuration we can see network namespaces with the following commands:

You can get the overall configuration using the following commands:



Create new Instance

Sign in as the tenant user (username: user). Go to the Project -> Compute -> Instances and press Launch Instance button. Enter the name of the instance and press Next button:


Select the Debian Image and press Next button:


Select m2.small flavor which we created before and press Next button:

Select int interface to use IP address from the subnet for the new instance and press Next button:


Go to the Security Groups, select sec1 and press Next button:

Press Key Pair button, select engkey Key Pair which we created before and press Launch Instance button:


The result must be as following:


In the right side of our Virtual Instance in the drop down list select Associate Floating IP


Select one of IP addresses which we created before and press Associate button:

Then press to the instance name (in our case the name was WEB which we created before) and go to the Console tab.


The Debian server console looks like this:

By default, Debian image has the debian user. We must connect to this server via SSH from another Linux or Windows machine with the engkey.pem file which we generated before:

Note: Do not forget to upload the engkey.pem file to you client (Linux or
Windows) machine, which will be use to connect to the Debian server.

Congratulations your OpenStack environment is ready

Jamal Shahverdiyev, I was born in Azerbaijan. I have 10 years experience in IT especially in open source technologies. I have worked as a lead specialist in many important government projects. I am author of dozens of books about open source technologies in my native language and three of them have been published. I share my knowledge in universities regularly and teach Unix/Linux.



Please enter your comment!
Please enter your name here