OpenStack: Complete Private Cloud Platform Deployment Guide

OpenStack is the leading open-source cloud computing platform for building public and private clouds. Used by thousands of organizations worldwide, OpenStack provides Infrastructure-as-a-Service (IaaS) capabilities comparable to public cloud providers. This comprehensive guide covers OpenStack architecture, deployment, and production best practices.

What is OpenStack?

OpenStack is a collection of open-source software projects that together provide a complete cloud infrastructure platform:

Key Capabilities

Compute: On-demand virtual machines (Nova)
Storage: Object and block storage (Swift, Cinder)
Networking: Software-defined networking (Neutron)
Identity: Authentication and authorization (Keystone)
Images: VM image management (Glance)
Orchestration: Infrastructure as code (Heat)
Dashboard: Web-based UI (Horizon)

OpenStack vs. Other Cloud Platforms

Feature	OpenStack	VMware vCloud	Apache CloudStack	Public Cloud
Cost	Open Source	Commercial	Open Source	Pay-per-use
Control	Full control	Vendor-controlled	Full control	Limited
Customization	Highly flexible	Limited	Moderate	Very limited
Community	Large, active	Vendor-driven	Smaller	N/A
Multi-tenancy	✅ Native	✅ Yes	✅ Yes	✅ Yes
Use Case	Private/Public cloud	Private cloud	Private cloud	Public consumption

Architecture

OpenStack Components

┌──────────────────────────────────────────────────────────────┐
│                    Horizon (Dashboard)                        │
│                  Web UI for all services                      │
└──────────────────────────────────────────────────────────────┘
                           │
┌──────────────────────────────────────────────────────────────┐
│                    Keystone (Identity)                        │
│         Authentication, Authorization, Service Catalog        │
└──────────────────────────────────────────────────────────────┘
                           │
    ┌──────────────────────┼──────────────────────┐
    ▼                      ▼                      ▼
┌─────────┐          ┌─────────┐          ┌─────────┐
│  Nova   │          │ Neutron │          │ Glance  │
│(Compute)│◄────────►│(Network)│◄────────►│(Images) │
│         │          │         │          │         │
│• VMs    │          │• L2/L3  │          │• VM     │
│• Flavor │          │• DHCP   │          │  Images │
│• Keys   │          │• Router │          │• Formats│
└────┬────┘          │• LB     │          └─────────┘
     │               │• FW     │
     │               └─────────┘
     │
     ▼
┌─────────┐          ┌─────────┐          ┌─────────┐
│ Cinder  │          │  Swift  │          │  Heat   │
│(Block   │          │(Object  │          │(Orchest)│
│Storage) │          │Storage) │          │         │
│         │          │         │          │• HOT    │
│• Volumes│          │• S3-like│          │• Stack  │
│• Attach │          │• Replicated       │• Auto   │
└─────────┘          └─────────┘          └─────────┘
     │                    │                    │
     ▼                    ▼                    ▼
┌──────────────────────────────────────────────────────────────┐
│              Infrastructure Layer                             │
│                                                                │
│  • Compute Nodes (Hypervisors: KVM, Xen, VMware)             │
│  • Storage Nodes (Ceph, LVM, NFS)                            │
│  • Network Nodes (Open vSwitch, Linux Bridge)                │
└──────────────────────────────────────────────────────────────┘

Deployment Architecture

┌────────────────────────────────────────────────────────────┐
│                    Controller Node(s)                       │
│  • Keystone, Glance, Nova API, Neutron API                 │
│  • Horizon, Heat, Cinder API                               │
│  • MariaDB/MySQL Galera Cluster                            │
│  • RabbitMQ Cluster                                        │
│  • Memcached                                               │
└────────────────────────────────────────────────────────────┘
                           │
         ┌─────────────────┼─────────────────┐
         ▼                 ▼                 ▼
┌──────────────┐  ┌──────────────┐  ┌──────────────┐
│   Network    │  │   Compute    │  │   Storage    │
│    Node(s)   │  │   Node(s)    │  │   Node(s)    │
│              │  │              │  │              │
│• L3 Agent    │  │• nova-       │  │• Ceph OSD    │
│• DHCP Agent  │  │  compute     │  │• Swift       │
│• Metadata    │  │• Hypervisor  │  │  Object      │
│• LBaaS       │  │  (KVM)       │  │  Server      │
└──────────────┘  └──────────────┘  └──────────────┘

Deployment Methods

1. Kolla-Ansible (Recommended)

Kolla-Ansible uses Ansible and Docker containers for deployment.

# Install dependencies
apt install -y python3-dev libffi-dev gcc libssl-dev python3-pip
pip3 install -U pip

# Install Ansible and Kolla-Ansible
pip3 install ansible kolla-ansible

# Create configuration directory
mkdir -p /etc/kolla
chown $USER:$USER /etc/kolla

# Copy globals and passwords
cp -r /usr/local/share/kolla-ansible/etc_examples/kolla/* /etc/kolla/
cp /usr/local/share/kolla-ansible/ansible/inventory/* .

# Generate passwords
kolla-genpwd

# Edit global configuration
cat > /etc/kolla/globals.yml << 'EOF'
---
kolla_base_distro: "ubuntu"
kolla_install_type: "source"
openstack_release: "2024.1"  # Caracal

# Network interfaces
network_interface: "ens3"
neutron_external_interface: "ens4"
kolla_internal_vip_address: "10.0.1.100"

# Enable services
enable_haproxy: "yes"
enable_mariadb: "yes"
enable_memcached: "yes"
enable_rabbitmq: "yes"

enable_keystone: "yes"
enable_glance: "yes"
enable_nova: "yes"
enable_neutron: "yes"
enable_cinder: "yes"
enable_heat: "yes"
enable_horizon: "yes"

# Ceph integration
enable_ceph: "no"
glance_backend_ceph: "no"
cinder_backend_ceph: "no"
nova_backend_ceph: "no"

# Neutron options
neutron_plugin_agent: "openvswitch"
enable_neutron_provider_networks: "yes"

# Nova options
nova_compute_virt_type: "kvm"
EOF

# Edit inventory
cat > multinode << 'EOF'
[control]
controller1 ansible_host=10.0.1.11
controller2 ansible_host=10.0.1.12
controller3 ansible_host=10.0.1.13

[network]
network1 ansible_host=10.0.1.21
network2 ansible_host=10.0.1.22

[compute]
compute1 ansible_host=10.0.1.31
compute2 ansible_host=10.0.1.32
compute3 ansible_host=10.0.1.33

[storage]
storage1 ansible_host=10.0.1.41
storage2 ansible_host=10.0.1.42
storage3 ansible_host=10.0.1.43

[monitoring]
monitoring1 ansible_host=10.0.1.51

[deployment]
localhost ansible_connection=local
EOF

# Bootstrap servers
kolla-ansible -i ./multinode bootstrap-servers

# Prechecks
kolla-ansible -i ./multinode prechecks

# Deploy OpenStack
kolla-ansible -i ./multinode deploy

# Post-deploy
kolla-ansible -i ./multinode post-deploy

# Install OpenStack CLI
pip3 install python-openstackclient

# Source admin credentials
source /etc/kolla/admin-openrc.sh

# Verify deployment
openstack service list
openstack compute service list
openstack network agent list

2. DevStack (Development Only)

# DevStack for development/testing only
git clone https://opendev.org/openstack/devstack
cd devstack

# Create local.conf
cat > local.conf << 'EOF'
[[local|localrc]]
ADMIN_PASSWORD=secret
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD

# Neutron
disable_service n-net
enable_service q-svc q-agt q-dhcp q-l3 q-meta

# Enable Cinder
enable_service c-api c-vol c-sch c-bak

# Enable Heat
enable_service h-eng h-api h-api-cfn h-api-cw

# IP Configuration
HOST_IP=10.0.1.10
SERVICE_HOST=$HOST_IP
MYSQL_HOST=$HOST_IP
RABBIT_HOST=$HOST_IP
GLANCE_HOSTPORT=$SERVICE_HOST:9292

# Logging
LOGFILE=$DEST/logs/stack.sh.log
LOGDAYS=2
EOF

# Run stack.sh
./stack.sh

Core Services Configuration

Keystone (Identity)

# Create domain
openstack domain create --description "Dev Domain" dev-domain

# Create project
openstack project create --domain default --description "Production Project" production

# Create user
openstack user create --domain default --password-prompt john

# Assign role
openstack role add --project production --user john member

# Create service user
openstack user create --domain default --password servicepass neutron
openstack role add --project service --user neutron admin

# List users
openstack user list
openstack role assignment list --user john --project production

Glance (Images)

# Download image
wget https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2

# Upload image
openstack image create "Debian 12" \
  --file debian-12-genericcloud-amd64.qcow2 \
  --disk-format qcow2 \
  --container-format bare \
  --public

# Image with metadata
openstack image create "Ubuntu 22.04" \
  --file ubuntu-22.04-server-cloudimg-amd64.img \
  --disk-format qcow2 \
  --container-format bare \
  --property os_distro=ubuntu \
  --property os_version=22.04 \
  --property hw_qemu_guest_agent=yes \
  --public

# List images
openstack image list

# Image details
openstack image show "Debian 12"

Nova (Compute)

# Create flavor
openstack flavor create m1.small \
  --ram 2048 \
  --disk 20 \
  --vcpus 1 \
  --public

openstack flavor create m1.medium \
  --ram 4096 \
  --disk 40 \
  --vcpus 2 \
  --public

# Flavor with extra specs
openstack flavor create m1.large.ssd \
  --ram 8192 \
  --disk 80 \
  --vcpus 4 \
  --property aggregate_instance_extra_specs:ssd=true

# Create keypair
ssh-keygen -t rsa -b 4096 -f ~/.ssh/openstack_key -N ""
openstack keypair create --public-key ~/.ssh/openstack_key.pub my-key

# Launch instance
openstack server create \
  --flavor m1.small \
  --image "Debian 12" \
  --key-name my-key \
  --network private-net \
  --security-group default \
  web-server-01

# List instances
openstack server list

# Instance details
openstack server show web-server-01

# Console access
openstack console url show web-server-01

# Stop/start instance
openstack server stop web-server-01
openstack server start web-server-01

# Delete instance
openstack server delete web-server-01

Neutron (Networking)

# Create provider network (external)
openstack network create \
  --share \
  --external \
  --provider-network-type flat \
  --provider-physical-network provider \
  public-net

openstack subnet create \
  --network public-net \
  --subnet-range 192.168.1.0/24 \
  --gateway 192.168.1.1 \
  --allocation-pool start=192.168.1.100,end=192.168.1.200 \
  --dns-nameserver 8.8.8.8 \
  public-subnet

# Create private network
openstack network create private-net

openstack subnet create \
  --network private-net \
  --subnet-range 10.0.0.0/24 \
  --gateway 10.0.0.1 \
  --dns-nameserver 8.8.8.8 \
  private-subnet

# Create router
openstack router create main-router

# Connect router to external network
openstack router set main-router --external-gateway public-net

# Add internal network to router
openstack router add subnet main-router private-subnet

# Create security group
openstack security group create web-servers \
  --description "Security group for web servers"

# Add rules
openstack security group rule create web-servers \
  --protocol tcp \
  --dst-port 22 \
  --remote-ip 0.0.0.0/0

openstack security group rule create web-servers \
  --protocol tcp \
  --dst-port 80 \
  --remote-ip 0.0.0.0/0

openstack security group rule create web-servers \
  --protocol tcp \
  --dst-port 443 \
  --remote-ip 0.0.0.0/0

# Create floating IP
openstack floating ip create public-net

# Assign floating IP to instance
openstack server add floating ip web-server-01 192.168.1.150

Cinder (Block Storage)

# Create volume
openstack volume create \
  --size 100 \
  --description "Database volume" \
  db-volume

# Create volume from image
openstack volume create \
  --size 20 \
  --image "Debian 12" \
  bootable-volume

# Attach volume to instance
openstack server add volume web-server-01 db-volume --device /dev/vdb

# List volumes
openstack volume list

# Detach volume
openstack server remove volume web-server-01 db-volume

# Create snapshot
openstack volume snapshot create \
  --volume db-volume \
  --description "Before upgrade" \
  db-volume-snap-20260210

# Create volume from snapshot
openstack volume create \
  --snapshot db-volume-snap-20260210 \
  --size 100 \
  db-volume-restored

Heat (Orchestration)

heat_template_version: 2021-04-16

description: Web application stack

parameters:
  key_name:
    type: string
    description: SSH key pair name
    default: my-key

  image:
    type: string
    description: Image name
    default: "Debian 12"

  flavor:
    type: string
    description: Instance flavor
    default: m1.small

resources:
  web_security_group:
    type: OS::Neutron::SecurityGroup
    properties:
      description: Security group for web servers
      rules:
        - protocol: tcp
          port_range_min: 22
          port_range_max: 22
          remote_ip_prefix: 0.0.0.0/0
        - protocol: tcp
          port_range_min: 80
          port_range_max: 80
          remote_ip_prefix: 0.0.0.0/0
        - protocol: tcp
          port_range_min: 443
          port_range_max: 443
          remote_ip_prefix: 0.0.0.0/0

  web_server:
    type: OS::Nova::Server
    properties:
      name: web-server
      image: { get_param: image }
      flavor: { get_param: flavor }
      key_name: { get_param: key_name }
      networks:
        - network: private-net
      security_groups:
        - { get_resource: web_security_group }
      user_data: |
        #!/bin/bash
        apt update
        apt install -y nginx
        systemctl enable nginx
        echo "<h1>Hello from OpenStack</h1>" > /var/www/html/index.html

  floating_ip:
    type: OS::Neutron::FloatingIP
    properties:
      floating_network: public-net

  floating_ip_assoc:
    type: OS::Nova::FloatingIPAssociation
    properties:
      floating_ip: { get_resource: floating_ip }
      server_id: { get_resource: web_server }

outputs:
  instance_ip:
    description: Public IP of the web server
    value: { get_attr: [floating_ip, floating_ip_address] }

  instance_name:
    description: Name of the instance
    value: { get_attr: [web_server, name] }

# Create stack
openstack stack create -t heat-template.yaml \
  --parameter key_name=my-key \
  web-stack

# List stacks
openstack stack list

# Stack details
openstack stack show web-stack

# Stack resources
openstack stack resource list web-stack

# Stack outputs
openstack stack output show web-stack instance_ip

# Update stack
openstack stack update -t heat-template-v2.yaml web-stack

# Delete stack
openstack stack delete web-stack

Storage Backend: Ceph Integration

# Install Ceph on storage nodes (using cephadm)
curl --silent --remote-name --location https://github.com/ceph/ceph/raw/quincy/src/cephadm/cephadm
chmod +x cephadm
./cephadm add-repo --release quincy
./cephadm install

# Bootstrap first monitor
cephadm bootstrap --mon-ip 10.0.1.41

# Add more hosts
ssh-copy-id -f -i /etc/ceph/ceph.pub root@storage2
ceph orch host add storage2 10.0.1.42
ceph orch host add storage3 10.0.1.43

# Add OSDs
ceph orch daemon add osd storage1:/dev/sdb
ceph orch daemon add osd storage1:/dev/sdc
ceph orch daemon add osd storage2:/dev/sdb
ceph orch daemon add osd storage2:/dev/sdc
ceph orch daemon add osd storage3:/dev/sdb
ceph orch daemon add osd storage3:/dev/sdc

# Create pools for OpenStack
ceph osd pool create volumes 128
ceph osd pool create images 64
ceph osd pool create vms 128

# Enable RBD application
ceph osd pool application enable volumes rbd
ceph osd pool application enable images rbd
ceph osd pool application enable vms rbd

# Create cephx keys for OpenStack
ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes, allow rwx pool=vms'
ceph auth get-or-create client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=images'

# Export keys
ceph auth get-key client.cinder > /etc/kolla/config/cinder/cinder.client.keyring
ceph auth get-key client.glance > /etc/kolla/config/glance/glance.client.keyring

Update Kolla globals:

enable_ceph: "yes"
glance_backend_ceph: "yes"
cinder_backend_ceph: "yes"
nova_backend_ceph: "yes"

ceph_glance_user: "glance"
ceph_cinder_user: "cinder"

Monitoring and Operations

Prometheus + Grafana

# Enable monitoring in Kolla
cat >> /etc/kolla/globals.yml << 'EOF'
enable_prometheus: "yes"
enable_grafana: "yes"
enable_prometheus_openstack_exporter: "yes"
enable_prometheus_node_exporter: "yes"
EOF

# Redeploy
kolla-ansible -i ./multinode deploy

# Access Grafana
# http://kolla_internal_vip_address:3000
# Default: admin/admin

Log Aggregation

# Enable central logging
cat >> /etc/kolla/globals.yml << 'EOF'
enable_central_logging: "yes"
enable_elasticsearch: "yes"
enable_kibana: "yes"
EOF

# Deploy
kolla-ansible -i ./multinode deploy

# Access Kibana
# http://kolla_internal_vip_address:5601

High Availability

Controller HA (via Kolla)

Kolla-Ansible automatically configures HA:

HAProxy for API load balancing
MariaDB Galera cluster
RabbitMQ cluster
Pacemaker (optional)

Compute Node Failure

# Evacuate instances from failed node
nova host-evacuate compute1

# Disable compute node
openstack compute service set compute1 nova-compute --disable

# Enable after recovery
openstack compute service set compute1 nova-compute --enable

Production Checklist

Infrastructure

Minimum 3 controller nodes for HA
Separate network nodes or OVN
Redundant storage (Ceph with 3+ nodes)
10 Gbps networking minimum
Dedicated management network
IPMI/iLO for all nodes

Configuration

SSL/TLS for all API endpoints
Keystone domains and projects configured
RBAC policies defined
Quotas configured per project
Security groups configured
Network segmentation (VLANs/VXLANs)

Storage

Ceph cluster with 3+ OSDs per node
Separate networks for Ceph (public/cluster)
Backup strategy defined
Disaster recovery plan tested

Monitoring

Prometheus and Grafana deployed
Log aggregation configured
Alert rules defined
On-call rotation established

Security

Conclusion

OpenStack provides a comprehensive, enterprise-grade cloud infrastructure platform with the flexibility and transparency of open source. While the initial learning curve is steep, the platform’s maturity, extensive community support, and production deployments at scale demonstrate its viability for private cloud infrastructure.

Success with OpenStack requires careful planning, proper hardware selection, and ongoing operational expertise. Organizations that invest in OpenStack gain complete control over their cloud infrastructure, freedom from vendor lock-in, and the ability to customize the platform to their specific needs.

Master cloud infrastructure with OpenStack and other platforms through our comprehensive training programs. Contact us for customized training designed for your team’s needs.