Roasts & Ruminations {blog}

Project Openstack

Tags

Peabbery Blog Subscription Form

Openstack is what’s behind much of the cloud. This is used behind the scenes in most cases but I still feel compelled to have my own installation. Openstack offers much more cloud-like functionality when compared to VM systems and I just really like the idea of having my own private cloud in my lab.

There is a TON to know about Openstack. I tend to want to understand how software works under the hood before I care as much about how to use it. Openstack is so vast though that I ended up kinda doing these in parallel. Training videos are helpful but without a sandbox they really only provide a high level understanding. 

Installing

The first thing to know about openstack is that it is not one piece of software, it is a collection of projects that are designed to integrate. There are a few required for basic function and others, like Heat, are popular but not required. The other thing to know is that it is designed to be installed on 3 nodes, although it can be installed on a single machine.

I spend a good amount of time trying to figure out how to install openstack and reading several methods which I later figured out are more opinions of the best way. You can purchase openstack as a service from some cloud providers like openmetal (which sponsors a lot of youtube videos), but if you are like me you want to get into the guts of it. So, here’s a breakdown of the common ways to install.

  • Devstack
    • This is a script that wil automate the entire install with a few keystrokes in about 20 min. This  is designed to be a test environment and if set it up to bridge network to your LAN, it is not designed to survive a reboot. So, use a VM and create snapshots.
  • Pacstack
    • This comes up a lot, but as far as I can tell it’s depreciated or at least not very popular anymore. This is a repository you can add to a linux distro to install on a single node via package manager.
  • Kolla-Ansible
    • This automates the install using Ansible automation software and Kolla is a container deployment tool for openstack. If you are not already familiar with Ansible, this may not be an ‘easy’ install. The openstack configuration is done in the automation software, which, if you aren’t familiar with Openstack or Ansible could lead to confusion as to what is being configured during setup.
  • Tripple-O
    • This stands for Openstack On Openstack. Essentially you use the first install of openstack as a control plane and orchestration for the ‘second’ install of openstack which runs workloads. This is the method described in the RedHat documentation.
  • Manual
    • This means following the Openstack installation guide step by step. This will teach you the most about the structure and configuration of the software. The instructions are pretty detailed and it’s not that difficult, but it is very tedious.

I decided to manually install 3 VM nodes on my server after trying out devstack.I found that understanding how to use Openstack was pretty valuable when leaning how to install it. Due to its modular nature, using it really helped me understand what the components do and what they are called.

My cheatnotes are below:

SERVER MANAGEMENT

openstack help server *for managing instances
openstack help server create *help for all commands
openstack server IMAGE create SERVER --name IMAGE_NAME
openstack server create ... --key-name NAME
openstack server create --image cirros --flavor 1 --network private myinstance
openstack server create --property db=10.100.100.6 *key value pair *can be used multiple times
openstack server create --user-data install.sh *execute a script
openstack server create --user-data FILE *cloud-config file
openstack server create ... --config-drive=true *looks like a cdrom to the VM
openstack server show SERVER
openstack server stop SERVER
openstack server start SERVER
openstack server delete SERVER *deletes disk
openstack server add security group SERVER SECGROUP
openstack server remove security group SERVER SECGROUP
openstack flavor list
openstack server add floating ip SERVER_IP
openstack server remove floating ip SERVER_IP
openstack console url show SERVER
openstack console log show SERVER
curl http://192.168.1.61/compute/v2.1/servers -H "x-auth-token: $T" | python3 -m json.tool # query nova via api

SECURITY GROUPS

openstack security group create NAME
openstack security group rule create --dst-port XX --protocol tcp NAME
openstack security group list --fit-width -f yaml --long # foramt yaml may be easier to read *long shows direction
openstack security group rule list NAME --long

FLOATING IP

openstack floating ip list
openstack floating ip create EXT_NET
openstack floating ip delete IP_ADDR

SSH KEY PAIRS

openstack keypair create NAME >key.pem
chmod 600 key.pem
openstack keypair create --public-key key.pub *add existing pub key
openstack keypair show --public-key NAME
openstack keypair list

NETWORKS

openstack network list
openstack network create NETWORK
openstack network create --external --provider-physical-network [provider <defined in ml2_conf.ini> ]  --provider-network-type flat [new nework name]  # create external network
openstack network set --name OLD NEW

SUBNETS ; DNS IS CONFIGURED ON SUBNETS

openstack subnet set SUBNET --dns-nameserver=[IP address] --host-route destination=[subnet CIDR],gateway=[IP] # --host-route is like a static route
openstack subnet create NETWORK-subnet --network NETWORK --subnet range x.x.x.x 
openstack subnet create --network [external network name]  --subnet-range 203.0.113.0/24 --gateway [physical router IP]  --allocation-pool start=[ipv4 least start],end=[ipv4 lease end] --dns-nameserver 8.8.8.8 public-subnet # for external network, for flat, openstack subnet must match physical iface subnet

ROUTERS

openstack router create ROUTER
openstack router add subnet ROUTER SUBNET
openstack router set [router name] --external-gateway [external network name]
openstack router create ROUTER
openstack router add subnet ROUTER SUBNET
openstack router add subnet ROUTER SUBNET2
openstack router add port PORT_NAME ROUTER
openstack port create PORT_NAME --network NETWORK

CHECK FOR ENDPOINTS

openstack endpoint list
openstack endpoint list --service [service ex. identity]

KEY PAIR

openstack keypair create KEY_NAME > MY_KEY.pem

CREATE / MANAGE PROJECTS, USERS, ROLES ; USER MUST HAVE PROJECT TO LOG IN

openstack role list # list all roles in openstack
openstack role assignment list --user [user_name] --project [project_name] --names # roles assigned to user
openstack role assignment list --project [project_name] --names # list users & roles in a project
openstack project create --domain [dom name] --description "[description]" [project name]
openstack role add --project [project name] --user [username] [role]

GLANCE MANAGEMENT

openstack image create --disk-format qcow2 --container-format bare --public --file ./centos63.qcow2 centos63-image
openstack image list
openstack image show <image_id> -f json # check if image is accessible and available; json optional
openstack image save --file test_image.img <image_id> # download

NETWORK MANAGEMENT

openstack network agent list
openstack network service provider list

OPENVSWITCH MANAGEMENT

nmcli con add type ethernet ifname [link name] con-name [onboot-ovs] ipv4.method disabled ipv6.method ignore connection.autoconnect yes # required profile for bridge
ovs-vsctl show # open vswitch list of bridges
ovs-vsctl add-br [new bridge name]
ovs-vsctl add-port [bridge name] [phy dev] # ip and routing needs to be configured manually
ovs-vsctl list-br # br-tun should be present for vxlan or other tunneling
ovs-vsctl list Open_vSwitch # list config db for open vSwitch
ovs-vsctl list interface
ovs-vsctl add-br br-tun
ovs-vsctl add-port br-tun vxlan0 -- set interface vxlan0 type=vxlan options:local_ip=172.22.2.21 options:remote_ip=flow options:key=flow
ovs-ofctl dump-flows br-tun # checks openflow rules
ovs-appctl fdb/show br-enp2s0 # show known mac addresses

CINDER MANAGEMENT

openstack volume pool list --long
openstack volume backend pool list
openstack volume service list

NOVA MANAGEMENT

openstack compute service list # parts of nova; requires admin
nova compute service list --service [nova-compute or other]
openstack hypervisor list # should be listed with a nonzero number of free VCPUs, RAM, and disk space
openstack hypervisor show [identifier]
openstack usage list
openstack quota show

Posted

in

by

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookie name Active

Privacy Policy

Last Updated: June 2026

1. Who We Are

Our website address is: https://peaberry.cloud (referred to herein as "the Site", "we", "us", or "our"). We operate a self-hosted community and notification platform.

2. What Personal Data We Collect and Why We Collect It

A. Subscriber & System Notifications

If you subscribe to our newsletters, updates, or create an account, we collect your name and email address.

  • Purpose: This data is processed natively within our platform's internal infrastructure database to send transactional updates, account confirmations, and user-requested email marketing.

  • Consent & Legal Basis: We utilize an explicit opt-in mechanism to verify you are the legitimate owner of the inbox. You can withdraw your consent at any time instantly by utilizing the "Unsubscribe" link located at the footer of our emails.

B. Comments & Profiles

When visitors leave comments on the Site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to assist with automated spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After public approval of your comment, your profile picture is visible to the public in the context of your comment.

C. Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images hosted on the Site.

D. Cookies

  • Comment Cookies: If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies last for one year.

  • Authentication Cookies: If you visit our login page, we set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

  • Session & Persistence Cookies: When you log in, we set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

  • Author Cookies: If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 24 hours.

E. Embedded Content From Other Websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These external websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

3. Who We Share Your Data With

We do not sell, rent, lease, or distribute your personal data or subscriber lists to third-party marketing brokers. Data sharing is strictly limited to necessary cloud infrastructure and technical processors required to run this platform safely:

  • Email Delivery Infrastructure: Outbound email processing is securely offloaded to automated cloud-based delivery sub-processors. These external delivery networks process the text payload and destination email addresses strictly to distribute messages on our behalf.

  • Security & Hosting: Our application runs within a secure environment hosted on cloud infrastructure providers where internal server access logs process visitor IP strings to mitigate distributed malicious activities.

  • Password Resets: If you request a password reset, your current IP address will be dynamically included in the automated reset payload email.

4. How Long We Retain Your Data

  • Comments: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a manual moderation queue.

  • Registered Profiles: For users that register on our website, we securely store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

  • Marketing & Analytical Logs: To protect our platform's deliverability, we utilize automated real-time delivery tracking protocols to monitor downstream email delivery failures. If an email address results in a hard bounce or spam complaint, that operational log telemetry is instantly routed back to our internal content management infrastructure to flag, blacklist, and permanently suppress the target address from receiving future communications.

5. What Rights You Have Over Your Data

If you have an automated platform profile account on this site, or have left active comments, you have the right to request an exported file of the personal data we hold about you, including any data you have provided to us.

You can also request that we execute a complete erasure of any personal data we hold about you. This erasure does not include any underlying systemic metadata we are explicitly obliged to retain for administrative, legal, or security purposes.

6. Where Your Data Is Sent

Visitor comments and registration submissions are filtered locally within our own server environment via internal automated spam detection tools before publishing. Outbound email telemetry data (bounces and complaints) passes securely through automated, encrypted routing endpoints operated by our cloud email infrastructure processors.

For a detailed, automated breakdown of the specific tracking files and cookies deployed by this site, please click over to the Cookies list tab at the top of this window.

Save settings
Cookies settings