OpenStack 11 (Ocata) Lab Installation and Configuration Guide

11 minute read



In this article we will focus on installing and configuring OpenStack Ocata using RDO and the packstack installer. RDO is a community platform around Red Hat’s OpenStack Platform. It allows you to test the latest OpenStack capabilities on a stable platform such as Red Hat Enterprise Linux (RHEL) or CentOS. This guide will take you through installing the OpenStack Liberty release, configuring networking, security groups, flavors, images and are other OpenStack related services. The outcome is a working OpenStack environment based on the Ocata release that you can use as a baseline for testing your applications with OpenStack capabilities.

Install and Configure OpenStack Ocata

In this configuration we will go with one controller and two compute nodes.

[All Nodes]

  • Install RHEL or CentOS 7.3 or 7.4.
  • Ensure name resolution is working.
# vi /etc/hosts ospctr.lab ospctr ospcmp1.lab ospcmp1 ospcmp2.lab ospcpmp2
  • Set hostname.

We will have three nodes: ospctrl.lab (controller), ospcmp1.lab (compute) and ospcmp2.lab (compute).

# hostnamectl set-hostname ospctr.lab

Note: set hostname for other nodes (ospcmp1.lab and ospcmp2.lab)

  • Disable firewalld since this is for a lab environment.
# systemctl disable firewalld
# systemctl stop firewalld
  • Disable NetworkManager, it is still not recommended for Liberty (at least RDO).
# systemctl stop NetworkManager
# systemctl disable NetworkManager
  • For RHEL systems register with subscription manager.
# subscription-manager register
# subscription-manager list --available
# subscription-manager attach --pool=<pool id>
# subscription-manager repos --disable=*
# subscription-manager repos --enable=rhel-7-server-rpms
# subscription-manager repos --enable=rhel-7-server-rh-common-rpms
# subscription-manager repos --enable=rhel-7-server-extras-rpms
# subscription-manager repos --enable=rhel-7-server-openstack-11-rpms
# subscription-manager repos --enable=rhel-7-server-openstack-11-devtools-rpms
  • Install yum-utils and update the system.
# yum install -y yum-utils
# yum update -y
  • Reboot.
# systemctl reboot


  • Install packstack packages.
# yum install -y openstack-packstack

You can install packstack by providing command-line options or using the answers file.


  • Create packstack answers file for customizing the installer.
# packstack --gen-answer-file /root/answers.txt
  • Update the packstack answers file and enable other OpenStack services. Note: as of the writing of this guide SSL is not working in combination with Horizon so don’t enable SSL.
# vi /root/answers.txt,,
  • Install OpenStack Liberty using packstack.
# packstack --answer-file /root/answers.txt
  • Source the keystone admin profile.
# . /root/keystonerc_admin
  • Backup the ifcfg-etho script.
# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /root/
  • Configure external bridge for floating ip networks.
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
# vi /etc/sysconfig/network-scripts/ifcfg-br-ex
  • Add the eht0 physical interface to the br-ex bridge in openVswitch for floating IP networks.
# ovs-vsctl add-port br-ex eth0 ; systemctl restart network.service


  • Create private network.
# neutron net-create private
# neutron subnet-create private --name private_subnet --allocation-pool start=,end=
  • Create public network. Note: these steps assume the physical network connected to eth0 is
# neutron net-create public --provider:network_type flat --provider:physical_network extnet --router:external
# neutron subnet-create public --name public_subnet --allocation-pool start=,end= --disable-dhcp --gateway
  • Add a new router and configure router interfaces.
# neutron router-create router1 --ha False
# neutron router-gateway-set router1 public
# neutron router-interface-add router1 private_subnet
  • Check to ensure network connectivity is working in router network namespace by pinging the external gateway.
# ip netns show
# ip netns exec qrouter-88dde0ef-22a2-44b1-baa9-304273653bb1 ping
  • Upload a glance image. In this case we will use a Cirros image because it is small and thus good for testing OpenStack.
# yum install -y wget
# wget
# glance image-create --name "Cirros 0.3.4" --disk-format qcow2 --container-format bare --visibility public --file /root/cirros-0.3.4-x86_64-disk.img
  • Create a new m1.nano flavor for running Cirros image.
# nova flavor-create m1.nano 42 64 0 1
  • Create security group and allow all TCP ports.
# openstack security group create all --description "Allow all ports"
# openstack security group rule create --protocol TCP --dst-port 1:65535 --remote-ip all
# openstack security group rule create --protocol ICMP --remote-ip all
  • Create security group for base access
# openstack security group create base --description "Allow base ports"
# openstack security group rule create --protocol TCP --dst-port 22 --remote-ip base
# openstack security group rule create --protocol TCP --dst-port 80 --remote-ip base
# openstack security group rule create --protocol ICMP --remote-ip base
  • Create a private ssh key for connecting to instances remotely.
# nova keypair-add admin
  • Create admin.pem file and add private key from output of keypair-add command.
# vi /root/admin.pem
# chmod 400 /root/admin.pem
  • List the network IDs.
# neutron net-list
 | id | name | subnets |
 | d4f3ed19-8be4-4d56-9f95-cfbac9fdf670 | private | 92d82f53-6e0b-4eef-b8b9-cae32cf40457     |
 | 37c024d6-8108-468c-bc25-1748db7f5e8f | public  | 22f2e901-186f-4041-ad93-f7b5ccc30a81 |
  • Start an instance and make sure to replace network id from above command.
# nova boot --flavor m1.nano --image "Cirros 0.3.4" --nic net-id=92d82f53-6e0b-4eef-b8b9-cae32cf40457 --key-name admin --security-groups all mycirros
# nova list
| ID | Name | Status | Task State | Power State | Networks |
| 18450c0f-3410-4b8a-a35e-2964242f33cb | mycirros | ACTIVE | - | Running | private= |
  • Create a floating IP and assign it to the mycirros instance.
# nova floating-ip-create
| Id | IP | Server Id | Fixed IP | Pool |
| 4b71690d-d881-4f32-9587-89c814617c74 | | - | - | public |
# nova floating-ip-associate mycirros
  • Check the OpenStack router network namespace and you should also see floating ip
#ip netns exec qrouter-88dde0ef-22a2-44b1-baa9-304273653bb1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 inet scope host lo
 valid_lft forever preferred_lft forever
 inet6 ::1/128 scope host 
 valid_lft forever preferred_lft forever
15: qg-7b3b000a-6f: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN qlen 1000
 link/ether fa:16:3e:3c:e0:49 brd ff:ff:ff:ff:ff:ff
 inet brd scope global qg-7b3b000a-6f
 valid_lft forever preferred_lft forever
 inet brd scope global qg-7b3b000a-6f
 valid_lft forever preferred_lft forever
 inet6 fe80::f816:3eff:fe3c:e049/64 scope link 
 valid_lft forever preferred_lft forever
16: qr-4fe396dd-2d: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN qlen 1000
 link/ether fa:16:3e:97:1b:e6 brd ff:ff:ff:ff:ff:ff
 inet brd scope global qr-4fe396dd-2d
 valid_lft forever preferred_lft forever
 inet6 fe80::f816:3eff:fe97:1be6/64 scope link 
 valid_lft forever preferred_lft forever
  • Connect to mycirros instance using the private ssh key stored in the admin.pem file. Note: The first floating IP in the range
# ssh -i admin.pem cirros@
$ ping
PING ( 56 data bytes
64 bytes from seq=0 ttl=54 time=37.692 ms
64 bytes from seq=1 ttl=54 time=27.758 ms
64 bytes from seq=2 ttl=54 time=25.640 ms

Nova Nested Virtualization

Most OpenStack lab or test environments will install OpenStack on a hypervisor platform inside virtual machines. I would strongly recommend KVM. If you are running OpenStack on KVM (Nova nested virtualization) make sure to follow these tips and tricks to get the best performance.


This article was intended as a hands on guide for standing up an OpenStack Ocata lab environment using RDO. As mentioned RDO is a stable community platform built around Red Hat’s OpenStack Platform. It provides the ability to test the latest OpenStack features against either an enterprise platform (RHEL) or community platform (CentOS). Hopefully you found the information in this article useful. If you have anything to add or feedback, feel free to leave your comments.

Happy OpenStacking!

(c) 2017 Keith Tenzer