updated: 2023-06-07 Wed 00:00

setup OpenStack on Debian 12

This OpenStack setup for home lab setup.
Application developers may run virtual machine on their local OpenStack for development and testing.

get setup script

git clone https://dynamicmalloc.com/cgit/debian_openstack_installer.git

setup static IP


allow-hotplug eno1
iface eno1 inet static

We will same ethernet connection for host and virtual machines.

# systemctl restart networking

run setup script

edit debian_openstack_installer/openstack_setup.sh and adjust the following:

# chmod +x openstack_setup.sh
# ./openstack_setup.sh &> output.txt


Initial configurations


$ . debian_openstack_installer/admin-openrc

verify network agents are ready

$ openstack network agent list

Create network and subnet

$ openstack network create --share --external \
  --provider-physical-network provider \
  --provider-network-type flat provider

$ openstack subnet create --network provider \
  --allocation-pool start=,end= \
  --dns-nameserver --gateway \
  --subnet-range provider

enable icmp and ssh ports

$ openstack security group rule create --proto icmp default
$ openstack security group rule create --proto tcp --dst-port 22 default

OpenStack keypair

Generate a key

$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
$ openstack keypair list

create cpu flavor

$ openstack flavor create --id 0 --vcpus 2 --ram 1024 --disk 10 m1.nano

Debian OpenStack image

download from https://cdimage.debian.org/cdimage/openstack/

upload image

$ openstack image create \
  --container-format bare \
  --disk-format qcow2 \
  --property hw_disk_bus=scsi \
  --property hw_scsi_model=virtio-scsi \
  --property os_type=linux \
  --property os_distro=debian \
  --property os_admin_user=debian \
  --property os_version='10' \
  --public \
  --file debian-10-openstack-amd64.qcow2 \

create an instance

get network ID

$ openstack network list
| ID                                   | Name     | Subnets                              |
| da5f9aa8-1bac-4aab-9931-0ce4d835783a | provider | eeeb4a46-8bb0-442b-b81c-20103c2d7f80 |

copy ID as net-id

$ openstack server create --flavor m1.nano \
  --image debian-10-openstack-amd64 \
  --nic net-id=da5f9aa8-1bac-4aab-9931-0ce4d835783a \
  --security-group default \
  --key-name mykey \


$ openstack server list

error duplicate SecurityGroups or server list failed

If you get error like "More than one SecurityGroup exists with the name 'default'."

$ openstack security group list
| ID                                   | Name    | Description            | Project                          | Tags |
| cd54c8c9-d754-434a-9f5c-807c3288fced | default | Default security group | 53c2118ffdbb4b6388611480c7c7a7c0 | []   |
| f9151d2a-f49b-4828-9467-418d7cdfd1e8 | default | Default security group | 87b3104005904a2fbe18ad1a7ab601b3 | []   |

inspect which one you enabled icmp and port 22 using the following command

$ openstack security group show cd54c8c9-d754-434a-9f5c-807c3288fced

delete the other one

$ openstack security group delete ID

you may also specify security group id instead of name

$ openstack server create --flavor m1.nano \
  --image debian-10-openstack-amd64 \
  --nic net-id=b2d69a6e-3a77-4d55-94fd-308558088a3d \
  --security-group cd54c8c9-d754-434a-9f5c-807c3288fced \
  --key-name mykey \

You may need to delete other default security group.

note: openstack server list may fail if multiple default profiles are present.

login to the virtual server

$ ssh debian@IP

note: If you ssh before server is ready it might ask for password instead of using your ssh key. Wait until the server add your key after initial boot.

You may install apache2/nginx for testing in vm.

enable port 80 to allow access from other hosts.

$ openstack security group rule create --proto tcp --dst-port 80 default

(better create a new security group instead of enabling port 80 for default profile)

Dashboard login

You may access dashboard:
login: openstack
pass: openstack
Domain: default

login: admin
Domain: default