Preparing Existing Linux Images for OpenStack



The requirements for having a Linux image boot within the OpenStack framework are quite basic.  Effectively, this is a matter of having the appropriate virtio drivers loaded.  However, in order to make full use of OpenStack's orchestration capabilities, several optimizations should be applied.

Additional packages to be added

Ubuntu 12.04

vim tcpdump

Ubuntu 14.04

vim tcpdump mtr traceroute tcptraceroute telnet

CentOS 6.x

vim tcpdump mtr traceroute tcptraceroute telnet ping

CentOS 7.x

net-tools vim tcpdump mtr traceroute tcptraceroute telnet ping

Authentication and SSH Best Practices 

Disable password and root based SSH logins.  Edit /etc/ssh/sshd_config and set the following:

PasswordAuthentication no
PermitRootLogin no

Allow anyone in the "sudo" (Ubuntu) or "wheel" (RHEL) group to obtain root without a password:


Create a "cloud" user, add them to the sudo group and set their password to the default image password:

useradd -m -G sudo -s /bin/bash cloud
passwd cloud

Remove any associated root password:

passwd -d root

MAC Address Binding

MAC addresses are generated dynamically each time an instance is spawned.  Thus, an image needs to eliminate any notion of tying MAC addresses to specific interfaces.

  1. Remove any udev rules:

    rm -r /etc/udev/rules.d/70-persistent-net.rules
    rm -r /lib/udev/write_net_rules
  2. Remove or comment out HWADDR in /etc/sysconfig/network-scripts/ifcfg-eth* (CentOS/RHEL only).

Configure the DHCP Client for Persistence

There is no reasons VMs should ever give up trying to obtain a DHCP lease if the altnerative is to fall off the network and require adminstrative intervention.  Thus, we need to configure operatating systems to retry forever, wherever possible.  RHEL has proper support for this, where Ubuntu/Debian support happens by accident (found out how by reading code).


vi /etc/sysconfig/network-scripts/ifcfg-eth0

Ubuntu 12.04

rm /sbin/dhclient3

This file is a symlink to dhclient.  Hard coded within dhclient is a conditional, which checks ARGV[0] to determine how it was called.  When called as dhclient3, the -1 (one shot) argument is passed, which is the opposite of what we want.  Simply deleting the symlink causes the -1 argument to be omitted, meaning the client tries forever.  It is suspected Debian/Ubuntu intentionally make a single attempt at DHCP to avoid hanging or delaying the boot process.  This makes sense for a desktop but not a server which ends up being useless without an IP.

Ubuntu 14.04

Not necessary.

Load Hotplug Kernel Modules on Boot

We need to load a couple of kernel modules so that dynamically adding and removing volumes can occur without requiring a reboot of the guest OS.  More information about this topic is covered here.  The easiest way to make sure this happens is the following.

Edit /etc/rc.local to add the following commands:

modprobe acpiphp
modprobe pci_hotplug

You can optionally use /etc/modprobe.conf or /etc/modules.conf.  As long as the modules get loaded on boot, the approach does not matter.

Install Cloud Init

Cloud Init provides integration between the guest VM and the orchestration stack.  The tool is largely a fancy init script, which ranges from inserting SSH public keys, to executing Puppet/Chef with seed information.  There are a variety of modules included out of the box but we only use a subset of these.  Cloud init makes use of instance metadata, which works the same way with OpenStack as it does with EC2.  Most of the popular images available via Amazon for EC2 already include and launch cloud-init on start.


Packages are provided as part of the distribution. There are two packages: cloud-init and cloud-initramfs-growroot.  The first is the collection of Python scripts and necessary init configuration which runs on system start.  The second adds modules for inclusion in initrd images, which dynamically re-size the root partition on boot.  Growing the root partition is handled automatically by OpenStack if the image type is an AMI (explained elsewhere).

apt-get update
apt-get install cloud-init cloud-initramfs-growroot


Install the repository RPM packages:

The first step requires downloading some RPM files that contain the additional YUM repository definitions. The instructions below point to the 64-bit versions that work with most Cloud Server instances.

Centos 5.x

sudo rpm -Uvh epel-release-5*.rpm

Centos 6.x

sudo rpm -Uvh epel-release-6*.rpm


Centos 7.x

sudo rpm -Uvh epel-release-7*.rpm


Once installed you should see some additional repo definitions under the /etc/yum.repos.d directory.

$ ls -1 /etc/yum.repos.d/epel*


Now you can install the cloud-init package via yum.

# yum install cloud-init
Loaded plugins: fastestmirror
Determining fastest mirrors
 * base:
 * epel:
 * extras:
 * updates:
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package cloud-init.noarch 0:0.6.3-0.12.bzr532.el6 will be installed
--> Finished Dependency Resolution
Dependencies Resolved
 Package                                      Arch                                   Version                          Repository                Size
 cloud-init                                   noarch                                   0.6.3-0.12.bzr532.el6                                 epel                                   163 k
Transaction Summary
Install       1 Package(s)
Total download size: 163 k
Installed size: 473 k
Is this ok [y/N]: y
Downloading Packages:
cloud-init-0.6.3-0.12.bzr532.el6.noarch.rpm                                                                           | 163 kB     00:00    
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing : cloud-init-0.6.3-0.12.bzr532.el6.noarch                                                                                                                                     1/1
  Verifying  : cloud-init-0.6.3-0.12.bzr532.el6.noarch                                                                                                                                     1/1
  cloud-init.noarch 0:0.6.3-0.12.bzr532.el6                                                                                                                                                   


Configuration (Centos/RHEL and Ubuntu 12.04)

Edit /etc/cloud/cloud.cfg to reflect the following:

user: cloud
disable_root: 1
preserve_hostname: False

Configuration (Ubuntu 14.04)

Run "dpkg-reconfigure cloud-init" and select ONLY the two openstack items, the Ec2 item, and the None item.

Edit /etc/cloud/cloud.cfg to reflect the following:

disable_root: true
preserve_hostname: false
  name: cloud
  lock_passwd: false

Ubuntu tty fix (grizzly+)

Fix console issues in ubuntu images:

cp /etc/init/tty6.conf /etc/init/tty7.conf
sed -i 's/tty6/tty7/' /etc/init/tty7.conf





rm -f /var/cache/apt/archives/*


rm -f /var/cache/yum/*


export HISTFILE=/dev/null
rm -f ~root/.bash_history
rm -f ~root/.ssh/authorized_keys
rm -f ~cloud/.bash_history
rm -f ~cloud/.ssh/authorized_keys
rm -fr /var/lib/cloud/*
Have more questions? Submit a request
Powered by Zendesk