BestHub
Sign in
Cloud Computing 9 min read

Step-by-Step Guide to Deploy OpenStack Icehouse Private Cloud

Learn how to set up a private OpenStack Icehouse cloud by following detailed installation steps, configuring Keystone, setting up networking, creating tenants, roles, and users, and verifying services, complete with command-line examples and essential configuration files.

MaGe Linux Operations
MaGe Linux Operations
MaGe Linux Operations
Step-by-Step Guide to Deploy OpenStack Icehouse Private Cloud

Preface

Cloud hosts are familiar to most users; by selecting configurations on a web page you can quickly provision a virtual machine. This article demonstrates how to implement that process using a private OpenStack Icehouse deployment.

OpenStack

Introduction

OpenStack is an open‑source project launched by Rackspace and NASA to provide a scalable, feature‑rich IaaS solution that anyone can use to build their own cloud environment, breaking the monopoly of providers such as Amazon.

Architecture

Workflow

OpenStack Deployment

Experimental Environment

Experimental Topology

Node Synchronization and Preparation

# All nodes have synchronized time # NetworkManager service disabled on all nodes # Firewall rules cleared and saved # Hostnames resolved via /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.10.123 controller.scholar.com controller
192.168.10.124 compute.scholar.com compute
192.168.10.125 network.scholar.com network
192.168.10.126 block.scholar.com block

# Configure external network interface (example: eth1)

DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none

Routing Configuration

Enable IP forwarding and set up NAT on the Block Storage node.

# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
# sysctl -p
# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 172.16.10.126
# service iptables save

Keystone Installation and Configuration

Install Keystone and its dependencies.

# wget http://rdo.fedorapeople.org/openstack-icehouse/rdo-release-icehouse.rpm
# rpm -ivh rdo-release-icehouse.rpm

Install and initialize MySQL (MariaDB) for OpenStack services.

# yum install mariadb-galera-server -y
# vim /etc/my.cnf
[mysqld]
... (configuration omitted for brevity) ...
# mkdir /mydata/data -p
# chown -R mysql.mysql /mydata/
# mysql_install_db --datadir=/mydata/data/ --user=mysql
# service mysqld start
# chkconfig mysqld on
# mysql_secure_installation

Create the Keystone database.

# openstack-db --init --service keystone --pass keystone

Edit /etc/keystone/keystone.conf to use MySQL.

# openstack-config --set /etc/keystone/keystone.conf \ 
  database connection mysql://keystone:keystone@controller/keystone

Token Configuration

# export ADMIN_TOKEN=$(openssl rand -hex 10)
# export OS_SERVICE_TOKEN=$ADMIN_TOKEN
# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
# echo $ADMIN_TOKEN > ~/openstack_admin_token
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN

Certificate Service Setup

# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone.keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl

Start Services

# service openstack-keystone start
# chkconfig openstack-keystone on
# ss -tnlp | grep keystone-all

Create Tenant, Role, and User

# keystone user-create --name=admin --pass=admin [email protected]
# keystone role-create --name=admin
# keystone tenant-create --name=admin --description="Admin Tenant"
# keystone user-role-add --user=admin --tenant=admin --role=admin
# keystone user-role-add --user=admin --role=_member_ --tenant=admin
# keystone user-create --name=demo --pass=demo [email protected]
# keystone tenant-create --name=demo --description="Demo Tenant"
# keystone user-role-add --user=demo --role=_member_ --tenant=demo
# keystone tenant-create --name=service --description="Service Tenant"

Set Keystone as API Endpoint

# keystone service-create --name=keystone --type=identity \
  --description="OpenStack Identity"
# keystone endpoint-create \
  --service-id=$(keystone service-list | awk '/ identity / {print $2}') \
  --publicurl=http://controller:5000/v2.0 \
  --internalurl=http://controller:5000/v2.0 \
  --adminurl=http://controller:35357/v2.0

Enable Username Authentication

# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
# vim ~/admin-openrc.sh
export OS_USERNAME=admin
export OS_TENANT_NAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v2.0/
# . admin-openrc.sh
# keystone user-list
Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

cloud computingDeploymentLinuxprivate cloudOpenStackKeystone
MaGe Linux Operations
Written by

MaGe Linux Operations

Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment