Cloud Computing‎ > ‎OpenStack‎ > ‎

One Node Setup


The OpenStack setup on one node is demonstrated using devstack in this post.

The Openstack project is hugely popular, gaining more and more ground with developers. It is also pretty damn complicated to set up.

Fortunately, the good folks as Openstack have set up an ‘all-in-one’ configuration allowing you to install all of the Openstack components on one machine using a fairly straightforward script. This project is called Devstack, and you can read more about is here.

The thing to remember is that devstack is really a developer environment, letting Openstack developers quickly check new code on their machine. It is also useful for a quick demo. It is not a production Openstack environement, nor is it means to be one.

Still, setting up devstack on a network machine and using it as a disposable Openstack environment is an appealing concept. For testing alone, this could be really useful.

The general idea was to have a fully functional Openstack Havana, with Neutron networking, up and running on one dedicated hardware box and available on the local network.


[stack@localhost devstack]$ cat adminrc

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=user123

export OS_AUTH_URL=

[stack@localhost devstack]$ source adminrc

[stack@localhost devstack]$ neutron net-list


| id                                   | name        | subnets                                             |


| 447f5748-cae6-4323-82ae-efc6ecbedd8e | out-net     | e8ee8606-551b-4806-9221-2722bdb668bb |

| 4f737b2e-14ff-45d8-bb80-3ce2b1cdeb1e | public      | 78937db1-216f-4641-bcd3-51115beec741  |

| 708d22c3-38d0-474b-a6c0-f78e7c3210d2 | new_private | 1c87f1c9-7d44-4e60-872d-558d83771190    |


[stack@localhost devstack]$

[stack@localhost devstack]$ neutron router-list


| id                                   | name       | external_gateway_info                                                                                                                                                                    | distributed | ha    |


| 9fd7e58d-99f0-483d-9f8e-7d3f7049c94b | out_router | {"network_id": "447f5748-cae6-4323-82ae-efc6ecbedd8e", "enable_snat": true, "external_fixed_ips": [{"subnet_id": "e8ee8606-551b-4806-9221-2722bdb668bb", "ip_address": ""}]} | False       | False |


[stack@localhost devstack]$

[stack@localhost devstack]$ ip netns







Here Router-ID 9fd7e58d-99f0-483d-9f8e-7d3f7049c94b is not present in netns list.

This means router has not come up successfully.


1. Start with an CentOS\Ubuntu box

Create a CetOS box with high RAM and Disk. This demo is using 16GB RAM and 50 GB disk.

Note: This is hack and needs to be fixed by opening OpenStack ports

Disable FIrewall

systemctl stop firewalld

systemctl disable firewalld

Disable SElinux

setenforce 0


2. Setup your Openstack user

Run the following commands on the machine


sudo bash

# Make current user sudo passwordless

sudo echo "user ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers

adduser stack

passwd stack

Password : user123

sudo echo "stack ALL=(ALL) NOPASSWD:ALL" | sudo tee -a /etc/sudoers


3. Switch to stack user


su stack

cd /home/stack

4. Install git


sudo yum install git -y

5. Download the devstack project

git clone
cd devstack

6. Get a dedicated IP range in your network

For devstack VMs to work correctly on your network, you will need a range of IPs they can use. This may require you to actually go talk to your system administrator. Annoying, I know.

Let's reserve

7. Setup your localrc file

The localrc config is now moved to samples/local.conf in devstack directory with localrc section.

But we will still use the old format to override the local.conf

The localrc file is a configuration file that the devstack script uses. If one does not exit, devstack will use fairly reasonable defaults. That said, you should definitely create your own localrc file if you want to get the most use of your devstack. It also makes it easy ro re-install devstack later on. Don’t forget to make a backup of this file.

Here is the a sample localrc file:


vi /home/stack/devstack/localrc





disable_service n-net

enable_service q-svc

enable_service q-agt

enable_service q-dhcp

enable_service q-l3

enable_service q-meta

enable_service neutron

# Optional, to enable tempest configuration as part of devstack

enable_service tempest



Some things to note about this localrc file:

Not exactly secure passwords – remember, this is not a production set up. You should not be making this environment available on the internet.

The FLAT_INTERFACE value indicates the network interface card that devstack will use for network access. I am assuming ens32 here, but your environment may be a little different. Run ‘ifconfig’ on the CentOSmachine to verify. e.g. FLAT_INTERFACE=eth0

Neutron is enabled and the older nova-network service is disabled.

8. Switch to Kilo branch


$ git checkout stable/kilo

Branch stable/kilo set up to track remote branch stable/kilo from origin.

Switched to a new branch 'stable/kilo'

9. Setup the network environment


sudo bash

echo 1 > /proc/sys/net/ipv4/ip_forward

echo 1 > /proc/sys/net/ipv4/conf/ens32/proxy_arp

iptables -t nat -A POSTROUTING -o ens32 -j MASQUERADE


These command will make sure that network traffic will be correctly routed in and out of the devstack VMs.

The ip_forward and proxy_arp changes will be reset when the machice reboots. You can make these changes permanent by editing /etc/sysctl.conf and adding the following lines:


sudo vi /etc/sysctl.conf and adding the following lines:

net.ipv4.conf.ens32.proxy_arp = 1

net.ipv4.ip_forward = 1

The deployment has two interfaces.

ens32 is kept for openstack

ens34 is kept for management of node using ssh


ens32: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet  netmask  broadcast

ens34: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet  netmask  broadcast

10. Set environment variable


export HOST_IP=

export GIT_BASE=

11. Run the devstack script



Asked to assign password for internal component - Gave 'user123'

Installation completes


This is your host ip:

2015-09-14 13:10:39.030 | Skip setting lvm filters for non Ubuntu systems

Horizon is now available at

Keystone is serving at

The default users are: admin and demo

The password: user123

12. Assign IP to br-ex

sudo ovs-vsctl show

sudo ovs-vsctl add-port br-ex ens32

ifconfig ens32

ifconfig br-ex

13. Add gateway

sudo route add default gw


1. Access Dashboard

2. Create External Network

[stack@localhost devstack]$ neutron net-create out-net  --router:external --provider:physical_network external --provider:network_type flat

Created a new network:


| Field                     | Value                                |


| admin_state_up            | True                                 |

| id                        | 21244547-5d3f-4566-8456-e0d52ad77f8b |

| mtu                       | 0                                    |

| name                      | out-net                              |

| provider:network_type     | flat                                 |

| provider:physical_network | external                             |

| provider:segmentation_id  |                                      |

| router:external           | True                                 |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   |                                      |

| tenant_id                 | 9e8ed8d6295849a2816e68a738f27031     |


3. Check dashboard, the new network out-net is listed

4. Add subnet to network out-net

5. Add subnet named out. Click Next.

6. Add Allocation Pools to be used for floating IP from out-net

Disable DHCP.

Add DNS Name Servers. This is used for DNS resolution.

7. Click Create

8. The subnet got listed for out-net

9. Use Create Network. Add Private network.

10. Give private network subnet and name

11. Enable DHCP. Leave blank. Create.

12. Go to Routers tab. No router present.

Create Router

13. Choose external network as out-net which was created above.

14. The new router is listed

Click at open_router

15. The below router screen will be displayed

Click Add Interface

16. Add interface details for private subnet

17. New interface for private network is added.

The interface for out network is already present.

18. Go to Access & Security tab

Click at Create Key Pair

19. Give key pair name

20. Go to Instances Tab

Launch Instance

21. Go to Access & Security tab and choose openkey kair pair

22. Go to Details tab and add details of Instance to be created

23. Click Launch VM

24. Add private network for VM

25. Validate from Instances that new VM is getting spawned

26. Move to Right of Window and Associate Floating IP to VM

27. Click at Allocate IP. Choose out-net i.e. external network

28. Click Allocate

29. The VM now shows two IPs

30. Goto Access & Security and Security Groups

This is to allow ICMP and SSH to VM

Click Manage Rules

31. This is the Manage Rules window.

Click Add Rule

32. Add ALL ICMP as Ingress rule

33. Add SSH as rule

34. Thats it

      VM instance is created with floating IP and access to it via Security Rules for ICMP and SSH is set.

      Check the state of router and and its ports from router tab

      It should be accessible without password using key-pair and ping should work. If not please Debug ... 

This is typical error in router as Status of Interfaces is down. Such error needs googling 


Check and Open Ports