Pre-requisites for Openstack >>>
Homelab Subnet : 10.99.0.0/16
Gateway : 10.99.0.1
DNS Server : 10.99.0.1
This is a standalone Openstack deployment involving a single server.
Configured two virutal disks configured in my RAID setup – One for OS and Openstack and the other for ‘cinder’ storage.
Add an ‘A’ Record for controller.datachronicles.net (Not mandatory – Home lab UTM device include DNS service)
I installed Ubuntu Bionic following the standard installation using the ISO downloaded.
Post installation after reboot – Updated /etc/hosts – commented out IPv6, removed 127.0.1.1 entry – contents after update
127.0.0.1 localhost
10.99.1.3 controller.datachronicles.net controller
# The following lines are desirable for IPv6 capable hosts
#::1 ip6-localhost ip6-loopback
#fe00::0 ip6-localnet
#ff00::0 ip6-mcastprefix
#ff02::1 ip6-allnodes
#ff02::2 ip6-allrouters
Disable swap usage
sudo systemctl stop swap.img.swap
sudo systemctl disable swap.img.swap
sudo systemctl mask swap.img.swap
sudo swapoff -a
sudo rm -f /swap.img
Edit /etc/fstab and remove the line related to swap – so that the swap disabling gets permanent.
Update repository information and install required tools (without libblockdev-mdraid2 had observed some errors in syslog during startup).
sudo apt update
sudo apt upgrade -y
sudo apt install -y net-tools curl make libblockdev-mdraid2 crudini
Install ifupdown to replace netplan
sudo apt install -y ifupdown
With ifupdown, legacy networking, Network configurations to be done in /etc/network/interfaces
Note: We will use only two interfaces, eno1 for management and eno2 for provider network. (In my server interfaces are detected as eno1, eno2 etc)
Update the contents of /etc/network/interfaces with following configuration
source-directory /etc/network/interfaces
auto eno1
iface eno1 inet static
address 10.99.1.3/16
gateway 10.99.0.1
auto eno2
iface eno2 inet manual
On server boot, we want the DNS server IP properly updated in /etc/resolv.conf.
Uncomment and update the configurations in /etc/systemd/resolved.conf. (Domain name configuration is not mandatory – I have them configured in my UTM device and hence configuring)
[Resolve]
DNS=10.99.0.1
FallbackDNS=8.8.8.8
Create a soft link to the systemd generated resolv.conf
sudo ln -sf /run/systemd/resolve/resolv.conf /etc/resolv.conf
sudo systemctl restart systemd-resolved.service
Disable netplan, systemd-networkd and enable legacy networking services. (I had executed these from console to avoid temporary network connectivity disruptions – probably having a script perform the following steps would be an alternate)
sudo systemctl stop systemd-networkd.socket systemd-networkd networkd-dispatcher.service systemd-networkd-wait-online
sudo systemctl disable systemd-networkd.socket systemd-networkd networkd-dispatcher.service systemd-networkd-wait-online
sudo systemctl mask systemd-networkd.socket systemd-networkd networkd-dispatcher.service systemd-networkd-wait-online
sudo apt -y purge nplan netplan.io
sudo systemctl unmask networking
sudo systemctl enable networking
Though not required I rebooted the server to verify the network configurations work as expected.
sudo reboot
Disable message of the day. Edit /etc/default/motd-news and set ENABLE=0 and then
sudo systemctl disable motd-news.timer
sudo systemctl mask motd-news.timer
Comment out the following lines in /etc/pam.d/sshd as shown below
# session optional pam_motd.so motd=/run/motd.dynamic
# session optional pam_motd.so noupdate
# session optional pam_mail.so standard noenv # [1]
Remove execute permissions for motd scripts
sudo chmod -x /etc/update-motd.d/10-help-text /etc/update-motd.d/50-motd-news /etc/update-motd.d/90-updates-available /etc/update-motd.d/91-release-upgrade
Comment out the following configurations in /etc/pam.d/sshd
#session optional pam_motd.so motd=/run/motd.dynamic
#session optional pam_motd.so noupdate
#session optional pam_mail.so standard noenv # [1]
Optionally enable ‘root’ login (SSH) to the server – Uncomment and update the following configurations in /etc/ssh/sshd_config file
PermitRootLogin yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
Set a password for ‘root’ account
sudo passwd
Restart ssh daemon
sudo service sshd restart
Disable periodic package list updates – Edit /etc/apt/apt.conf.d/10periodic and set all values to zero as shown below.
APT::Periodic::Update-Package-Lists "0";
APT::Periodic::Download-Upgradeable-Packages "0";
APT::Periodic::AutocleanInterval "0";
Check if any snap services are running
sudo snap list
If any applications are listed remove them before uninstalling snap
sudo snap remove lxd
sudo snap remove core
sudo snap remove snapd
sudo apt purge -y snapd
sudo apt -y autoremove
rm -rf ~/snap
sudo rm -rf /snap
sudo rm -rf /var/snap
sudo rm -rf /var/lib/snapd
Configure timezone as required
timedatectl set-timezone Asia/Kolkata
Install and configure chrony for time synchronization
apt install -y chrony
Optional : Edit /etc/chrony/chrony.conf, Comment out pool entries and add one server entry as shown below
#pool ntp.ubuntu.com iburst maxsources 4
#pool 0.ubuntu.pool.ntp.org iburst maxsources 1
#pool 1.ubuntu.pool.ntp.org iburst maxsources 1
#pool 2.ubuntu.pool.ntp.org iburst maxsources 2
server time.google.com iburst
Restart chrony services
systemctl restart chronyd.service
To running out of file descriptor handles – Add the following at the end of /etc/security/limits.conf
* nproc hard 65535
* nproc soft 65535
* nofiles hard 65535
* nofiles soft 65535
Optional and not mandatory – Just a personal choice – reboot the server.
sudo reboot