Start Your Free Trial

How to install OpenStack Liberty in your lab using nested KVM

In this blog, we will describe the process of setting up an All-in-One fully functional environment with the latest upstream release of OpenStack Liberty on public cloud. This eliminates the need to have physical hardware and gives capability to build environments that can scale up for testing, demo, training purposes. We have built the environment in Ravello Systems and saved it as a blueprint. Ravello Systems nested virtualization capability enables setup of nested KVM environments required for running OpenStack on AWS and Google Cloud.

Get it on Repo

REPO by Ravello Systems, is a library of public blueprints shared by experts in the infrastructure community.

With this blueprint, you can in minutes, setup a fully functional OpenStack Liberty environment and run it either on AWS or Google Cloud. You can extend this setup with your own customizations, add more components etc. Most common uses of this setup are for on-demand development, testing, sales demo and training environment.

This blog is first in a series of blogs on building and scaling out OpenStack Liberty environments, without any real hardware. In the follow up to this blog, we will talk about deploying neutron, scaling out Nova compute and much more.

What’s New in OpenStack Liberty?

Liberty is the [L] release from OpenStack. Here are the highlights of some of the new functionality in this release.

In Nova:

The Liberty release attempts to further improve stability and performance with the introduction of Nova Cells v2 iteration provides an updated model to support for very large and multi-location compute deployments. The primary benefit here will more robust compute management and better scaling as a result. Other compute updates include a focus on enhanced database upgrade performance, new bare metal drivers for Ironic and improvements to the Nova scheduler interface to simplify writing and customizing scheduling algorithms.

In Neutron:

Neutron now does IPv6 prefix delegation and enables automatic assignment of CIDRs which makes setting up a network much easier. The LBaaS is now based on an operator-grade load balancer platform called Octavia which is now out of the experimental stage. QoS upgrades now allow for more robust bandwidth controls.

In Cinder:

The Cinder client can now request a list of capabilities from the backend provides, keeping users from requesting unsupported actions. This is very cool. When deployed, commonly used images can now be cached, improving performance as large images will no longer need to be pulled over the network and enabling faster creation of volumes from these images. Also support for quota enforcement in hierarchical projects.

In Glance:

Glance now allows users to sign an image using their private key so that its integrity can be verified and no malicious code can be inserted. Glance can now be used from multiple networks with an S3 backend over an HTTP proxy.

In Swift:

Operators can now use ring-builder-analyzer to test out different ring operations quickly. Users can now set “per object” metadata for exploding archives. Better performance when there are slow drives, as well as removing latency spikes and limiting data movement during cluster management. Users can count on significant fixes and improvements to erasure coding.

In Keystone:

The keystone cli has been deprecated. Make sure to start using the new openstack cli instead. Liberty updates to keystone makes it possible to control WebSSO for individual IDP backends. Liberty distinguish between users who come from different clouds but have the same username.


Liberty includes a snazzy new network topology view and new launch instance dialog which can be turned on and off. Also you can control IDP-specific WebSSO from Horizon.

In the next section you will see the procedure for installing and configure an all-in-one OpenStack environment. You can find this pre-built environment with nested virt enabled in the Ravello repository. You can find it here.

This is a good place to start and to test out a very basic OpenStack Liberty environment. The compute node running in the controller is using nested virtualization. Upon launching this blueprint you can simply go to the public IP address assigned to your Ravello application and access the Horizon dashboard. Then you can: Upload an images, Create private and public networks and launch instances.

Login Credentials are below:
OpenStack keystone admin username: admin
OpenStack keystone admin password: Ravell0!
Console root password: Ravell0!

This section details the procedure for creating the Liberty OSP environment from the blueprint

Blueprint Description

Operating System: CentOS 7.2
OpenStack Version: Liberty

This blueprint is configured with cloud-init and built on top of CentOS 7. For more information on how to use cloud-init see the following link Cloud Ready CentOS 7.

Pre-Install Steps

Login to your OpenStack controller via terminal.


Note: Replace xxx with your public ip address (use your cloud key if you used cloud-init)

Next update the OS to the latest binaries.

yum update -y

Note: The updating process can take 5-10 minutes. It will give you a command prompt upon completion.

Upstream OpenStack requires EPEL repos to be install in order to satisfy dependencies.

yum install epel-release -y

For best practice and to avoid potential stale repo configurations, please flush yum cache.

yum clean all
yum repolist

Next we install the OpenStack repos.

yum install -y
yum repolist

Packstack Configuration

Now that we have successfully installed EPEL and OpenStack repos, we can install PackStack which is a tool that is used to install and configure OpenStack.

yum install openstack-packstack -y

In order to customize our installation, we need to generate an answer file.

packstack --gen-answer-file=osp.packstack

Note: Edit the answer file to enable or disable components. Make sure to update the management IP address to match your network.

In Ravello, the network info can be found in the network tab.

Below is a diagram of the environment that we built.

Liberty on OpenStack

Now we need to edit the packstack file to match the network configured in this blueprint.

You can edit the osp.packstack file using a text editor like vi.

NOTE: If you want to use ssl support for horizon, you need to copy your certs into /etc/ssl/certs on the controller and set CONFIG_HORIZON_SSL=y in the answer file.

The following parameters need to be updated:


Sample of packsack configuration can be cloned from my repo.

Installation Steps

Before we can kick off the packstack build, we need to stop and disable the network manager.

systemctl stop NetworkManager.service
systemctl disable NetworkManager.service

Now we can start the packstack build process.

packstack --answer-file=osp.packstack

Disclaimer: The binaries used in this blueprint are from the upstream version of OpenStack and may contain bugs. Please see OpenStack Launchpad for current release notes and open bugs.

Upon successful installation you now have a base liberty build of OpenStack. As noted above you can save yourself a lot of time by launching the preconfigured blueprint on Ravello. You can find it here. Enjoy!

Get it on Repo

REPO by Ravello Systems, is a library of public blueprints shared by experts in the infrastructure community.

About Ravello Systems

Ravello is the industry’s leading nested virtualization and software-defined networking SaaS. It enables enterprises to create cloud-based development, test, UAT, integration and staging environments by automatically cloning their VMware-based applications in AWS. Ravello is built by the same team that developed the KVM hypervisor in Linux.

Check our product demo video

How to install OpenStack Liberty in your lab using nested KVM