Installation of OS : Downloaded Ubuntu ISO image and used it for installing nodes.
Cinder storage required a dedicated partition. Ensure that a partition is available for the same.
If the plan is to install openstack services on more than one hosts, ensure that you are able to ping each other with host names. Either you could have the hostnames resolved by a DNS service in your network or you might add required entries in /etc/hosts of all the nodes.
Post installation : Update /etc/hosts – removed IPv6 entries, removed 127.0.1.1 entry – contents after update.
The example is for two node installation, the second one is a dedicated compute node.
Disable swap usage on all nodes.
$ sudo systemctl list-units | grep swap
swapfile.swap loaded active active /swapfile
swap.target loaded active active Swap
sudo systemctl stop swapfile.swap
sudo systemctl stop swap.target sudo systemctl disable swapfile.swap
sudo systemctl disable swap.target
sudo systemctl mask swapfile.swap
sudo systemctl mask swap.target
sudo swapoff -a
$ ls -ltr /swap*
-rw------- 1 root root 746009600 Jan 29 19:56 /swapfile
sudo rm -f /swapfile
Edit /etc/fstab and remove the line related to swap (or comment it out.) After editing
# /etc/fstab: static file system information.
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
# <file system> <mount point> <type> <options> <dump> <pass>
# / was on /dev/vda1 during installation
UUID=5a72ad2d-cb54-4048-a4c6-65332f1d705e / ext4 errors=remount-ro 0 1
#/swapfile none swap sw 0 0
Update repository information and install required tools (without libblockdev-mdraid2 had observed some errors in syslog during startup).
sudo apt update
sudo apt upgrade -y
sudo apt install -y net-tools curl make libblockdev-mdraid2 crudini
Install ifupdown to replace netplan – This is more of a personal choice.
sudo apt install -y ifupdown
With ifupdown, legacy networking, Network configurations to be done in /etc/network/interfaces
Note: We will use only two interfaces, eno1 for management and eno2 for provider network. (In my server interfaces are detected as eno1, eno2 etc)
Update the contents of /etc/network/interfaces with following configuration
iface eno1 inet static
iface eno2 inet manual
up ip link set dev $IFACE up
down ip link set dev $IFACE down
Uncomment and update the configurations in /etc/systemd/resolved.conf.
Create a soft link to the systemd generated resolv.conf
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved.service
Disable systemd-networkd, uninstall netplan and enable legacy networking services.
(I had executed these from console to avoid temporary network connectivity disruptions – probably having a script perform the following steps would be an alternate)
sudo systemctl stop systemd-networkd.socket systemd-networkd networkd-dispatcher.service systemd-networkd-wait-online
sudo systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher.service systemd-networkd-wait-online
sudo systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher.service systemd-networkd-wait-online
sudo apt -y purge nplan netplan.io
sudo systemctl unmask networking
sudo systemctl enable networking
Though not required I rebooted the server to verify the network configurations work as expected.
Disable message of the day. Edit /etc/default/motd-news and set ENABLE=0 and then
sudo systemctl disable motd-news.timer sudo systemctl mask motd-news.timer
Remove execute permissions for motd scripts
sudo chmod -x /etc/update-motd.d/10-help-text /etc/update-motd.d/50-motd-news /etc/update-motd.d/90-updates-available /etc/update-motd.d/91-release-upgrade
Comment out the following lines in /etc/pam.d/sshd as shown below
# session optional pam_motd.so motd=/run/motd.dynamic # session optional pam_motd.so noupdate # session optional pam_mail.so standard noenv # 
Optionally enable ‘root’ login (SSH) to the server – Uncomment and update the following configurations in /etc/ssh/sshd_config file
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
Set a password for ‘root’ account
Restart ssh daemon
sudo service sshd restart
Disable periodic package list updates – Edit /etc/apt/apt.conf.d/10periodic and set all values to zero as shown below.
Disable and stop any upgrade daemons
$ sudo systemctl list-units | grep upgrade
unattended-upgrades.service loaded active running Unattended Upgrades Shutdown
apt-daily-upgrade.timer loaded active waiting Daily apt upgrade and clean activities
$ sudo systemctl stop unattended-upgrades.service
$ sudo systemctl stop apt-daily-upgrade.timer
$ sudo systemctl disable unattended-upgrades.service
Synchronizing state of unattended-upgrades.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable unattended-upgrades
$ sudo systemctl disable apt-daily-upgrade.timer
Check if any snap services are running
sudo snap list
If any applications are listed remove them before uninstalling snap
sudo snap remove lxd
sudo snap remove core
sudo snap remove snapd
sudo apt purge -y snapd
sudo apt -y autoremove
rm -rf ~/snap
sudo rm -rf /snap
sudo rm -rf /var/snap
sudo rm -rf /var/lib/snapd
Configure timezone as required
timedatectl set-timezone Asia/Kolkata
Install and configure chrony for time synchronization
apt install -y chrony
Optional : Edit /etc/chrony/chrony.conf, Comment out pool entries and add one server entry as shown below
#pool ntp.ubuntu.com iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2
server time.google.com iburst
Restart chrony services
systemctl restart chronyd.service
To running out of file descriptor handles – Add the following at the end of /etc/security/limits.conf
* nproc hard 65535 * nproc soft 65535 * nofiles hard 65535 * nofiles soft 65535
Edit /etc/sysctl.conf and ensure the following configuration are uncommented and value set to 1. Add if not present. [ Disabling IPv6 – more of a personal choice ]
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
Reboot the node.