How to Build OpenStack Compute and Networking Services from Scratch

OpenStack Compute Service Setup

OpenStack Compute (Nova) provides the core IaaS functionality for managing virtual machine instances. It interacts with Identity (Keystone), Image (Glance), and other services, and can scale horizontally on standard hardware.

Nova Service Overview

nova-api

– Handles user API requests, supporting OpenStack Compute API, EC2 API, and admin operations.

nova-api-metadata

– Serves metadata requests from instances.

nova-compute

– Daemon that creates and deletes VM instances via libvirt, XenAPI, or VMwareAPI.

nova-placement-api

– Tracks resource inventories and usage.

nova-scheduler

– Determines on which compute host a new instance should run.

nova-conductor

– Mediates communication between

nova-compute

and the database.

nova-consoleauth

,

nova-novncproxy

,

nova-spicehtml5proxy

,

nova-xvpvncproxy

– Provide VNC/SPICE console access.

Message queue (RabbitMQ) – Central hub for inter‑service messaging.

SQL database – Stores most state; supports SQLite, MySQL, MariaDB, PostgreSQL.

Install and Configure Nova on the Controller Node

1. Create databases and grant privileges:

mysql -uroot -p

CREATE DATABASE nova_api;

CREATE DATABASE nova;

CREATE DATABASE nova_cell0;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';

2. Load OpenStack environment:

. admin-openrc

3. Create the Nova user and assign the admin role:

openstack user create --domain default --password-prompt nova

openstack role add --project service --user nova admin

4. Register the Compute service and its endpoints:

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

5. Install Nova packages and edit

/etc/nova/nova.conf

:

yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y

Key configuration sections (values shown in English):

<code>[DEFAULT]
enable_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@controller
my_ip = 173.168.16.224
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:nova@controller/nova_api

[database]
connection = mysql+pymysql://nova:nova@controller/nova

[api]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = placement</code>

Enable Placement API access in Apache:

<code>&lt;Directory /usr/bin&gt;
  &lt;IfVersion&gt;= 2.4&gt;
    Require all granted
  &lt;/IfVersion&gt;
  &lt;IfVersion&lt; 2.4&gt;
    Order allow,deny
    Allow from all
  &lt;/IfVersion&gt;
&lt;/Directory&gt;</code>

Restart Apache and enable Nova services:

systemctl restart httpd

systemctl enable openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy

systemctl start openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy

Initialize Nova Databases and Cells

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

su -s /bin/sh -c "nova-manage db sync" nova

Verify cells:

nova-manage cell_v2 list_cells

OpenStack Networking Service Setup

OpenStack Networking (Neutron) provides flexible networking for instances, supporting plugins for various back‑ends.

Neutron Service Overview

neutron-server – API endpoint.

ML2 plugin – Core networking plugin; can use linuxbridge, openvswitch, etc.

Message queue – Routes information between server and agents.

Install and Configure Neutron on the Controller Node

1. Create the neutron database and grant privileges:

mysql -uroot -p

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

2. Create the neutron user and service:

. admin-openrc

openstack user create --domain default --password-prompt neutron

openstack role add --project service --user neutron admin

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

3. Install Neutron packages and edit

/etc/neutron/neutron.conf

:

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

<code>[database]
connection = mysql+pymysql://neutron:neutron@controller/neutron

[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp</code>

4. Configure ML2 plugin (

/etc/neutron/plugins/ml2/ml2_conf.ini

) to use the linuxbridge mechanism and provider networks:

<code>[ml2]
type_drivers = flat,vlan
mechanism_drivers = linuxbridge
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[securitygroup]
enable_ipset = true</code>

5. Configure the linuxbridge agent (

/etc/neutron/plugins/ml2/linuxbridge_agent.ini

) and DHCP agent (

/etc/neutron/dhcp_agent.ini

) – set the physical interface mapping (replace

ens33

with your NIC) and enable security groups.

<code>[linux_bridge]
physical_interface_mappings = provider:ens33

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver</code>

6. Configure the metadata agent (

/etc/neutron/metadata_agent.ini

) to point to the Nova metadata host:

<code>[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = neutron</code>

7. Tell Nova to use Neutron by editing

/etc/nova/nova.conf

:

<code>[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = neutron</code>

8. Initialize the Neutron database and start services:

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

Install and Configure Neutron on Compute Nodes

Install packages:

yum install openstack-neutron-linuxbridge ebtables ipset -y

Edit

/etc/neutron/neutron.conf

– comment out any

connection

option in the

[database]

section because the compute node does not access the DB directly. Keep the same RabbitMQ and Keystone settings as on the controller.

Configure the linuxbridge agent on the compute node with the same physical interface mapping:

<code>[linux_bridge]
physical_interface_mappings = provider:ens33

[vxlan]
enable_vxlan = false

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver</code>

Tell Nova on the compute node to use Neutron:

<code>[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron</code>

Enable and start the compute‑node services:

systemctl restart openstack-nova-compute.service

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

Verification

Load the OpenStack environment and list services to confirm they are up:

. admin-openrc

openstack compute service list

openstack network agent list

At this point both Nova and Neutron services are fully installed and operational.

Reference links: OpenStack Nova Installation Guide , OpenStack Neutron Installation Guide .