Skip to content

Instantly share code, notes, and snippets.

Last active Aug 13, 2021
What would you like to do?
Scripted version of the how-to article by Rodrigo Nascimento "OpenStack Single-Node (MicroStack)" Part 2 with Kubernetes can be found here


OS configuration

Add user to sudoers without password

echo 'user ALL=(ALL) NOPASSWD: ALL' | sudo tee /etc/sudoers.d/user

Kernel optimizations

echo fs.inotify.max_queued_events=1048576 | sudo tee -a /etc/sysctl.conf
echo fs.inotify.max_user_instances=1048576 | sudo tee -a /etc/sysctl.conf
echo fs.inotify.max_user_watches=1048576 | sudo tee -a /etc/sysctl.conf
echo vm.max_map_count=262144 | sudo tee -a /etc/sysctl.conf
echo vm.swappiness=1 | sudo tee -a /etc/sysctl.conf

Disable ipv6

echo net.ipv6.conf.all.disable_ipv6=1 | sudo tee -a /etc/sysctl.conf
echo net.ipv6.conf.default.disable_ipv6=1 | sudo tee -a /etc/sysctl.conf
echo net.ipv6.conf.lo.disable_ipv6=1 | sudo tee -a /etc/sysctl.conf

Persist to grub:

sudo vim /etc/default/grub
# find these options and replace them with
# speed up boot
# disable IPv6
sudo update-grub
sudo reboot

Remove LXD

sudo snap remove lxd

Microstack installation

Install microstack from snap

sudo snap install microstack --devmode --beta

Add CLI aliases

sudo snap alias microstack.openstack openstack
sudo snap alias microstack.ovs-vsctl ovs-vsctl

Initialize microstack services

sudo microstack init --auto --control

Persist network configuration

Configure Open vSwitch bridge

Move host IP address from the physical interface to Open vSwitch managed bridge.

Save script that restores the IP address and default route

sudo tee /usr/local/bin/microstack-br-workaround > /dev/null << EOL
ovs-vsctl add-port br-ex enp5s0 || :
ip addr flush dev enp5s0 || :
ip address add dev br-ex || :
ip link set br-ex up || :
ip route add default via || :
sudo chmod +x /usr/local/bin/microstack-br-workaround
sudo /usr/local/bin/microstack-br-workaround

Create systemd startup service which runs the script on boot

sudo tee /etc/systemd/system/microstack-br-workaround.service > /dev/null << EOL
Description=Service for adding physical ip to microstack bridge



Enable the service

sudo systemctl daemon-reload
sudo systemctl enable microstack-br-workaround.service

Restore dnsmasq ability to forward DNS after network manipulations

sudo tee /etc/systemd/resolved.conf > /dev/null << EOL
Restart the systemd service
sudo systemctl restart systemd-resolved.service

Reboot to test

sudo reboot

Prepare Openstack

Clean-up default networks and router

Delete default router

openstack router remove subnet test-router test-subnet
openstack router unset --external-gateway test-router
openstack router delete test-router

Delete default networks

openstack subnet  delete test-subnet external-subnet
openstack network delete test        external

Extend quotas

openstack quota set \
    --secgroups -1 \
    --cores 128 \
    --instances 100 \
    --ram 52000 \

Setup networking

Create a public network

openstack network create \
    --enable \
    --project admin \
    --external \
    --default \
    --provider-network-type flat \
    --provider-physical-network physnet1 \

Subnet without DHCP:

openstack subnet create \
    --project admin \
    --subnet-range \
    --no-dhcp \
    --gateway \
    --network public \
    --allocation-pool start=,end= \

Create a private network

openstack network create \
    --enable \
    --project admin \
    --internal \

Subnet with DHCP:

openstack subnet create \
    --project admin \
    --subnet-range \
    --dhcp \
    --network private \

Create the router as NAT gateway for private network

openstack router create \
    --disable \
    --project admin \

Attach the router to private network:

openstack router add subnet router private

Set the router gateway through public network and enable SNAT:

openstack router set \
    --enable \
    --enable-snat \
    --external-gateway public \

Pre-allocate floating IPs

for i in $(seq 1 50)
    openstack floating ip create public >/dev/null

Create keypair

ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ''
openstack keypair create --public-key ~/.ssh/ default 

Replace default security group

Delete default security group:

SEC_GROUP=$(openstack security group list --project admin -c ID -f value)
openstack security group delete $SEC_GROUP

Create allow-all security group:

openstack security group create --project admin allow

Delete default rules:

openstack security group rule list allow -f value -c ID \
    | xargs -n1 -I{} openstack security group rule delete {}

Add allow-all rules.

openstack security group rule create allow \
    --project admin \
    --ethertype IPv4 \


openstack security group rule create allow \
    --project admin \
    --ethertype IPv4 \

Prepare virtual machine flavors

Delete default flavours

openstack flavor list -c Name -f value \
    | xargs -n1 -I{} openstack flavor delete {}

Create new flavours

1,2,4,8 VCPUs; 1024, 2048, 4096, 8192 RAM; 5, 10, 20 disk.

for i in 1 2 4 8
    for j in 1024 2048 4096 8192
        for k in 5 10 20
            openstack flavor create "$i.$j.$k" --vcpus $i --ram $j --disk $k >/dev/null
openstack flavor list --sort-column VCPUs --sort-column RAM --sort-column Disk -c Name -c VCPUs -c RAM -c Disk

Import VM OS image

Download the cloud Ubuntu OS image

Redefine the SERIES with another Ubuntu release (e.g. bionic, xenial) if necessary.


Create the image to Openstack Glance

openstack image create ubuntu.${SERIES} \
      --public \
      --disk-format=qcow2 \
      --container-format=bare \
      --property os_distro='ubuntu' \


Install Openstack Barbican, Barbican Vault, Octavia

Add DNS support

TODO: investigate possibility to use let's encrypt

Test Openstack

Launch instance

openstack server create \
    --image ubuntu.focal \
    --flavor 8.2048.5 \
    --security-group allow \
    --key-name default \
    --network private \
    --wait \

Assign floating IP

FLOAT_IP=$(openstack floating ip list -f value | grep None | head -n1 | awk '{print $2}')
openstack server add floating ip test $FLOAT_IP


ssh ubuntu@$FLOAT_IP

Kill instance

openstack server delete test

This comment has been minimized.

Copy link
Owner Author

@meetmatt meetmatt commented Jul 4, 2021


This comment has been minimized.

Copy link
Owner Author

@meetmatt meetmatt commented Jul 4, 2021

Next step: deploy Kubernetes cluster to Single Node Microstack

Using Juju:

Or alternative from the series of articles about running K8S on Devstack:
(hosted at

And finally, probably the most involved, following offical Charmed Kubernetes on OpenStack documentation from Ubuntu:


This comment has been minimized.

Copy link
Owner Author

@meetmatt meetmatt commented Jul 4, 2021

Quick research note how to use netplan instead of systemd workaround from the original article.

This is what I have on the host after Ubuntu 20.04 LTS installation (manually configured in the install GUI with static IPv4):

sudo cat /etc/netplan/00-installer-config.yaml

# This is the network config written by 'subiquity'
        search: []
  version: 2

And this is how the config presumably should look to reach the same result as in the article:

    version: 2
    renderer: networkd
            - [enp5s0]
        enp5s0: {}
            addresses: []
            interfaces: [enp5s0]
            mtu: 9000
            openvswitch: {}

Haven't tested, but I think it will remove the port to the br-int, which will definitely impact the OpenStack installation


This comment has been minimized.

Copy link

@anazeer-netstratum anazeer-netstratum commented Jul 7, 2021

Hi Matt,

Thanks for putting this together. The script seem to work without errors. I see the UI with right network and routers. But I still see a br-ex interface with the original 10.20.x ip address when issuing an ifconfig.

br-ex: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet netmask broadcast
inet6 fe80::907a:c8ff:fe5b:6348 prefixlen 64 scopeid 0x20
ether b8:2a:72:cf:cb:9e txqueuelen 1000 (Ethernet)
RX packets 14 bytes 680 (680.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15 bytes 1146 (1.1 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

  Project Network Name Subnets Associated DHCP Agents Shared External Status Admin State Availability Zones Actions
  admin private private_subnet 0 No No Active UP - Edit Network
  admin public public_subnet 0 No Yes Active UP -

When creating an instance I get the following error (from UI):

Build of instance 0d9c8161-849e-4e06-a68d-4ae5c9c5b8e5 aborted: Volume 160f8afa-ba68-409c-aa4f-7ddbdc184f35 did not finish being created even after we waited 0 seconds or 1 attempts. And its status is error.

and on command line:

microstack launch cirros --name test --availability-zone nova:pmatulis-ss-mstack-2.project.serverstack
Creating local "microstack" ssh key at /home/root/snap/microstack/common/.ssh/id_microstack
Launching server ...
No Network found for test
Traceback (most recent call last):
File "/snap/microstack/233/bin/microstack", line 11, in


This comment has been minimized.

Copy link
Owner Author

@meetmatt meetmatt commented Jul 15, 2021

Hi @anazeer-netstratum,

It's hard to say what happened in your case just by looking at ifconfig. Have you checked the routing table?
Also I did a restart after the last line just to check that network indeed works as expected.

I'm planning to rebuild that workaround with a proper netplan configuration.

And there's another issue btw that you may encounter later related to default ubuntu systemd resolv.conf.
The issue is that openstack, by default, will inherit the /etc/resolv.conf which just contains a link to local dnsmasq systemd service which is obviously not available in the VM's private network.
The solution is to replace the systemd service with static configuration via resolvconf snap or with some other similar workarounds.
Stay tuned for updates.

Best regards,


This comment has been minimized.

Copy link
Owner Author

@meetmatt meetmatt commented Jul 15, 2021

Hey @anazeer-netstratum,

I've read your message again and actually it's alright that you still see the 10.20.x.x bridge, don't touch it!
When I was preparing this gist I noticed the same and deleted it, and then it broke everything, not sure what exactly but basically nothing was working for me.
In the initial revision of this gist I had this comment:

# remove previous IP from the bridge
# sudo ip addr del dev br-ex

May be this is somehow related to your case? Can you show the output ofip r?

Bests, Matt


This comment has been minimized.


This comment has been minimized.

Copy link
Owner Author

@meetmatt meetmatt commented Jul 28, 2021

Netplan idea failed because it conflicts with integrated systemd script from the microstack distribution:


This comment has been minimized.

Copy link
Owner Author

@meetmatt meetmatt commented Jul 28, 2021

Extracted part 2 with Kubernetes to separate gist


This comment has been minimized.

Copy link

@tomchean tomchean commented Aug 13, 2021

Hi meetmatt:

Thanks for your useful guide, but I encountered some problem in network.

My local LAN range is, and machine IP is, gateway is, and I launch a cirros instance with IP
In cirros, I can ping, (gateway of openstack router), but I can't ping and

Following is my network info

Should I delete the second default routing rule, or is there anything wrong in my setting.

Thanks in advance.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment