{"id":21356422,"url":"https://github.com/equinix/terraform-equinix-metal-openstack","last_synced_at":"2025-07-24T11:35:07.678Z","repository":{"id":53624562,"uuid":"254750252","full_name":"equinix/terraform-equinix-metal-openstack","owner":"equinix","description":"OpenStack Cloud on Equinix Metal","archived":false,"fork":false,"pushed_at":"2024-09-11T20:48:38.000Z","size":18465,"stargazers_count":13,"open_issues_count":18,"forks_count":12,"subscribers_count":10,"default_branch":"main","last_synced_at":"2024-09-12T07:10:24.847Z","etag":null,"topics":["baremetal","hybrid-cloud","openstack","packet","virtual-machines"],"latest_commit_sha":null,"homepage":"https://registry.terraform.io/modules/equinix/openstack/metal/latest","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/equinix.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2020-04-10T22:42:11.000Z","updated_at":"2024-09-11T20:48:42.000Z","dependencies_parsed_at":"2023-12-15T18:47:53.188Z","dependency_job_id":"94f21b6d-e6b3-40e1-90a5-3d8ba8ff4cb9","html_url":"https://github.com/equinix/terraform-equinix-metal-openstack","commit_stats":null,"previous_names":["equinix/terraform-equinix-metal-openstack"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equinix%2Fterraform-equinix-metal-openstack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equinix%2Fterraform-equinix-metal-openstack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equinix%2Fterraform-equinix-metal-openstack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/equinix%2Fterraform-equinix-metal-openstack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/equinix","download_url":"https://codeload.github.com/equinix/terraform-equinix-metal-openstack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225844870,"owners_count":17533160,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["baremetal","hybrid-cloud","openstack","packet","virtual-machines"],"created_at":"2024-11-22T04:31:51.923Z","updated_at":"2024-11-22T04:31:52.469Z","avatar_url":"https://github.com/equinix.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"![](https://img.shields.io/badge/Stability-Experimental-red.svg)\n[![Equinix Community](https://img.shields.io/badge/Equinix%20Community%20-%20%23E91C24?logo=equinixmetal)](https://community.equinix.com)\n\n# OpenStack on Equinix Metal\n\nThis repository is [Experimental](https://github.com/packethost/standards/blob/master/experimental-statement.md) meaning that it's based on untested ideas or techniques and not yet established or finalized or involves a radically new and innovative style! This means that support is best effort (at best!) and we strongly encourage you to NOT use this in production.\n\n## Overview\n\nUse Terraform to quickly and easily create an OpenStack cloud powered by Armv8 and/or x86 bare metal servers at Equinix Metal. Specifically, this deployment showcases how a multi-node cloud can be deployed on Equinix Metal bare metal.\n\nThis repo supports the [OpenStack Ussuri](https://www.openstack.org/software/ussuri/) version.\n\nThe deployment defaults to a minimum 3 node OpenStack cloud, consisting of 2 x86 infrastructure nodes and a single x86 compute node.\n\n- It is possible to modify the total number of nodes and the type (various sizes of x86 and ARM hardware provided by Equinix Metal).\n- By default, the template uses third generation Equinix Metal hardware.\n\nContributions are welcome to help extend this work!\n\n## Walk Throughs\n\nTo see a walk through of this repo, please checkout this [YouTube video](https://www.youtube.com/watch?v=2I5YG6gq1cE).\n\n## Cloud Abilities\n\nThe default deployment supports both ARM and x86 based virtual workloads across multiple compute nodes. Inter-node communication is setup allowing virtual machines within the same overlay network but on different compute nodes to communicate with each other across underlying VXLAN networks. This is a transparent capability of OpenStack. Management and inter-node traffic traverses the private Equinix Metal project network (10 subnet). Public OpenStack services are available via the public IP addresses assigned by Equinix Metal. DNS is not setup as part of this deployment so use IP addresses to access the services. The backend private IP addresses are mapped automatically into the node hostfiles via the deployment process.\n\nThe virtual machine images are deployed with enabled usernames and passwords allowing console login. For more details please see \"userdata.txt\", the cloud-init file that is used for the CentOS, Fedora, and Ubuntu virtual machines. The Cirros default login information is displayed on the console when logging in. The controller and compute nodes are configured with VNC console access for all the x86 machines. Console access is via the Horizon GUI dashboard. Since the ARM virtual machines do not support VNC console access, novaconsole has been made available on the controller via CLI.\n\nBy default, upstream connectivity from inside the cloud (virtual machines/networks) to the Internet is not enabled. Connectivity within internal virtual networks is enabled. The sample workload has SSH (TCP-22) and ICMP traffic enabled via security groups.\n\n## Prerequisites\n\n### Equinix Metal Project ID \u0026 API Key\n\nThis deployment requires a Equinix Metal account for the provisioned bare metal. You'll need your \"Equinix Metal Organization ID\" and your \"Equinix Metal API Key\" to proceed. You can use an existing project or create a new project for the deployment. [See the full list of inputs](https://registry.terraform.io/modules/equinix/openstack/metal/latest?tab=inputs) for details.\n\nIn this walk-through, we will let Terraform create a randomly named project in the organization that you define.\n\nWe recommend setting the Equinix Metal API Token and Organization ID as environment variables since this prevents tokens from being included in source code files. These values can also be stored within a variables file later if using environment variables isn't desired.\n\n```bash\nexport TF_VAR_metal_organization_id=YOUR_ORGANIZATION_ID_HERE\nexport TF_VAR_metal_auth_token=YOUR_PACKET_TOKEN_HERE\n```\n\n#### Where is my Equinix Metal Organization ID?\n\nYou can find your Organization ID in the organization settings. Click \"Settings\" in the \"Hello, ...\" profile menu. Make sure you copy the Organization ID, not the Account ID.\n\n#### Where is my Equinix Metal Project ID?\n\nYou can find your Project ID under the 'Manage' section in the Equinix Metal Portal. They are listed underneath each project in the listing. You can also find the project ID on the project 'Settings' tab, which also features a very handy \"copy to clipboard\" piece of functionality, for the clicky among us.\n\n#### How can I create a Equinix Metal API Key?\n\nYou will find your API Key on the left side of the portal. If you have existing keys you will find them listed on that page. If you haven't created one yet, you can click here:\n\n\u003chttps://console.equinix.com/#/api-keys/new\u003e\n\n#### Ensure that your Equinix Metal account has an SSh key attached\n\nWhen provisioning the machines, Equinix Metal will preset an SSH key to allow administrative access. If no SSH keys are available, it will fail with a \"Must have at least one SSH key\" error. To fix this, [add an ssh key](https://metal.equinix.com/developers/docs/accounts/ssh-keys/) in your Equinix Metal account.\n\n### Terraform\n\nThese instructions use Terraform from Hashicorp to drive the deployment. If you don't have Terraform installed already, you can download and install Terraform using the instructions on the link below:\nhttps://www.terraform.io/downloads.html\n\n## Deployment Prep\n\nDownload the terraform-metal-openstack manifests from GitHub into a local directory.\n\n```bash\ngit clone URL_TO_REPO\ncd terraform-metal-openstack\n```\n\nDownload the Terraform providers required:\n\n```bash\nterraform init\n```\n\nAn SSH keypair will be created and managed by this plan to access the hosts in your Metal account's project. \n\n## Cloud Sizing Defaults\n\nSeveral configurations files are available each building the cloud with a different mix of hardware architectures and capacity.\n\n| Filename | Description | Controller | Dashboard | x86 Compute Nodes | ARM Compute Nodes |\n| :--------------------------- | :---------------------- | :------------ | :------------ | :---------------- | :---------------- |\n| default | Minimal Config | c3.medium.x86 | c3.medium.x86 | c3.medium.x86 | none |\n| sample.terraform.tfvars | ARM \u0026 x86 compute | c2.medium.x86 | c2.medium.x86 | n2.xlarge.x86 | c2.large.arm |\n| sample-arm.terraform.tfvars | Equinix Metal Gen 2 ARM | c2.large.arm | c2.large.arm | none | c2.large.arm |\n| sample-gen2.terraform.tfvars | Equinix Metal Gen 2 x86 | c2.medium.x86 | c2.medium.x86 | n2.xlarge.x86 | none |\n| sample-gen3.terraform.tfvars | Equinix Metal Gen 3 x86 | c3.medium.x86 | c3.medium.x86 | s3.xlarge.x86 | none |\n\nRunning without a \"terraform.tfvars\" will result in the \"default\" configuration using Equinix Metal c3.medium.x86 hardware devices\nand no ARM capabilities. The other sample configurations deploy a mix of ARM and x86 hardware across different Equinix Metal hardware generations.\n\nThere are a number of defaults that can be modified as desired. Any deviations from the defaults can be set in terraform.tfvars. No modifications to defaults are required except for the Equinix Metal Project ID and API Token if not set as environment variables.\n\nCopy over the sample terraform settings:\n\n```bash\ncp sample.terraform.tfvars terraform.tfvars\n```\n\nIf the Equinix Metal API Token and Project ID were not saved as environment variables then they'll need to be stored in the terraform.tfvars.\n\n| Name | Software | Default Count | Minimum Count |\n| :---------- | :--------------------- | ------------: | ------------: |\n| Controller | Keystone, Glance, Nova | 1 | 1 |\n| Dashboard | Horizon | 1 | 0 or more |\n| Compute x86 | Neutron | 1 | 0 or more |\n\nIn terraform.tfvars, the type of all these nodes can be changed. The size of the cloud can also be grown by increasing the count of ARM and x86 compute nodes above the default count of 1. A count of 0 of any compute node type (ARM or x86) will render the cloud unable to provision virtual machines of said type. While this deployment will cluster and support multiple compute nodes, it does not support multiple controller or dashboard nodes.\n\n## Deployment\n\nStart the deployment:\n\n```bash\nterraform apply\n```\n\nAt the conclusion of the deployment, the final settings will be displayed. These values can also be output:\n\n```bash\nterraform output\n```\n\nSample output as follows:\n\n```\nCloud_ID_Tag = \"5077f6895d12fce0\"\nCompute_ARM_IPs = [\n \"139.178.89.34\",\n]\nCompute_ARM_Type = [\n \"c2.large.arm\",\n]\nCompute_x86_IPs = [\n \"147.75.70.59\",\n]\nCompute_x86_Type = [\n \"n2.xlarge.x86\",\n]\nController_Provider_Private_IPv4 = \"10.88.70.16/28\"\nController_Provider_Public_IPv6 = \"2604:1380:1000:7c01::/64\"\nController_SSH = \"ssh root@147.75.70.123 -i metal-key\"\nController_SSH6 = \"ssh root@2604:1380:1000:7c00::7 -i metal-key\"\nController_Type = \"c2.medium.x86\"\nHorizon_dashboard_via_IP = \"http://147.75.109.135/horizon/ default/admin/GgT0VzyrX6Jm9Hd9\"\nHorizon_dashboard_via_IP6 = \"http://[2604:1380:1000:7c00::3]/horizon/ default/admin/GgT0VzyrX6Jm9Hd9\"\nOpenStack_API_Endpoint = \"http://147.75.70.123:5000/v3\"\nOpenStack_API_Endpoint_ipv6 = \"http://[2604:1380:1000:7c00::7]:5000/v3\"\nOpenStack_admin_pass = \u003csensitive\u003e\n```\n\nThe OpenStack Horizon dashboard can be pulled up at the URL listed with the domain/username/password provided.\nThe OpenStack Controller (CLI) can be accessed at the SSH address listed with the key provided.\n\n## Sample Workload\n\nThis deployment includes the following additional items in addition atop of the OpenStack installation. This includes a set of virtual machine images (Cirros, CentOS, Fedora, Ubuntu), a virtual network and some running virtual machines. For more information on the deployed workloads, please see:\n\nhttps://github.com/equinix/terraform-metal-openstack/blob/master/OpenStackSampleWorkload.tf\n\n## Validation\n\nThe deploy can be verified via the OpenStack CLI and/or via the OpenStack GUI (Horizon). The CLI commands can be run on the Contoller node (via SSH). The GUI commands are run on a web browser using the URL and credentials output by Terraform. The individual CLI commands and GUI drill down paths are listed below. This validation checks that all the compute nodes are running and the same workload virtual machines images are running.\n\nWhen running the CLI, the OpenStack credentials need to be setup by reading in the openrc file.\n\n- Setup the OpenStack credentials\n\n```bash\nsource admin-openrc\n```\n\n- Validate that all the OpenStack compute services are running. There will be one nova-compute per bare metal compute node provisioned (ARM or x86).\n- Horizon: Admin-\u003eSystem Information-\u003eCompute Services\n\n```\nroot@controller:~# openstack compute service list\n+----+----------------+----------------+----------+---------+-------+----------------------------+\n| ID | Binary | Host | Zone | Status | State | Updated At |\n+----+----------------+----------------+----------+---------+-------+----------------------------+\n| 1 | nova-conductor | controller | internal | enabled | up | 2020-04-10T22:34:31.000000 |\n| 10 | nova-scheduler | controller | internal | enabled | up | 2020-04-10T22:34:32.000000 |\n| 16 | nova-compute | compute-x86-00 | nova | enabled | up | 2020-04-10T22:34:39.000000 |\n+----+----------------+----------------+----------+---------+-------+----------------------------+\n```\n\n- Validate that all the images have been installed\n- Horizon: Admin-\u003eCompute-\u003eImages\n\n```\nroot@controller:~# openstack image list\n+--------------------------------------+-----------------+--------+\n| ID | Name | Status |\n+--------------------------------------+-----------------+--------+\n| 2f873bcc-e4ef-471d-a413-6c7bd17c6be0 | Bionic-amd64 | active |\n| bc1cac00-996a-4d69-be24-dcdcbc80b812 | Bionic-arm64 | active |\n| 4928c2c6-a27d-4e0f-ad71-746ee6d6ab3d | CentOS-8-arm64 | active |\n| 6bbb17d2-16df-45a9-bd68-70e89147996c | CentOS-8-x86_64 | active |\n| 0c41cdcb-0f8e-488c-9732-4f549aafe640 | Cirros-arm64 | active |\n| 68368d34-48d0-4b47-85d4-990457621f97 | Cirros-x86_64 | active |\n| 039a1fff-f9d7-45b5-af6f-76c7c0e6f2d3 | Fedora-32-arm64 | active |\n| ef2958fc-5ad0-4780-8d1f-0900eaeedf22 | Trusty-arm64 | active |\n| 8708ae1b-210d-4bff-8547-93be0c787072 | Xenial-arm64 | active |\n+--------------------------------------+-----------------+--------+\n\n```\n\n- Validate that all the x86 compute node has the appropriate number of vCPUs and memory\n\n```\nroot@controller:~# openstack hypervisor show compute-x86-00 -f table -c service_host -c vcpus -c memory_mb -c running_vms\n+--------------+----------------+\n| Field | Value |\n+--------------+----------------+\n| memory_mb | 385434 |\n| running_vms | 1 |\n| service_host | compute-x86-00 |\n| vcpus | 56 |\n+--------------+----------------+\n```\n\n- Validate that all the virtual machines are running\n- Horizon: Admin-\u003eCompute-\u003eInstances\n\n```\nroot@controller:~# openstack server list\n+--------------------------------------+------+--------+---------------------------+---------------+-----------+\n| ID | Name | Status | Networks | Image | Flavor |\n+--------------------------------------+------+--------+---------------------------+---------------+-----------+\n| 841ab626-9ad9-492c-ad83-ecdf0d8680b8 | foo | ACTIVE | 192.168.0.0=192.168.0.116 | Cirros-x86_64 | m1.medium |\n+--------------------------------------+------+--------+---------------------------+---------------+-----------+\n```\n\n## External Networking Support\n\nExternal (Provider) networking allows VMs to be assigned Internet addressable floating IPs. This allows the VMs to offer Internet accessible services (i.e. SSH and HTTP). This requires the a block of IP addresses from Equinix Metal (elastic IP address). These can be requested through the Equinix Metal Web GUI. Please see https://www.packet.com/developers/docs/network/basic/elastic-ips/ for more details. Public IPv4 of at least /29 is recommended. A /30 will provide only a single floating IP. A /29 allocation will provide 5 floating IPs.\n\nOnce the Terraform has finished, the following steps are required to enable the external networking.\n\n- Assign the elastic IP subnet to the \"Controller\" physical host via the Equinix Metal Web GUI.\n- Log into the Controller physical node via SSH and execute:\n\n```\nsudo bash ExternalNetwork.sh \u003cELASTIC_CIDR\u003e\n```\n\nFor example, if your CIDR subnet is 10.20.30.0/24 the command would be:\n\n```\nsudo bash ExternalNetwork.sh 10.20.30.0/24\n```\n\nFrom there, assign a floating IPs via the dashboard and update security groups to permit the desired ports.\n\n## External Block Storage\n\nEquinix Metal offeres block storage that can be attached to compute nodes and used as ephemeral storage for VMs. This involves creating the storage via the Equinix Metal Web App, associating the storage with a compute node, and setting up the volume within the compute node. In this example, a 1TB volume is being created for use as ephemeral storage.\n\n# Stop the OpenStack Nova Compute service\n\n```\nservice nova-compute stop\n```\n\n# Create and assign a storage volume\n\nCreate the volume via the Equinix Metal Web App and assign to the compute node.\nSee the steps at: https://metal.equinix.com/developers/docs/servers/elastic-block-storage/\n\n```\napt-get -y install jq\npacket-block-storage-attach\nfdisk /dev/mapper/volume-YOUR_ID_HERE # create a new volume (n) and accept defaults\nmkfs.ext4 /dev/mapper/volume-YOUR_ID_HERE-part1\nblkid | grep volume-YOUR_ID_HERE-part1 # take note of the UUID\n```\n\n# Copy over the existing Nova data\n\n```\nmnt /dev/mapper/volume-YOUR_ID_HERE /mnt\nrsync -avxHAX --progress /var/lib/nova/ /mnt\numount /mnt\nrm -rf /var/lib/nova/*\nvi /etc/fstab # add a line like UUID=YOUR-UUID-HERE /var/lib/nova ext4 0 2\nmount -a\n```\n\n# Start the OpenStack Nova Compute service\n\n```\nservice nova-compute start\n```\n\n# Tearing it all down\n\nTo decommission a compute node, the above steps must be done in reverse order.\n\n```\numount /var/lib/nova\npacket-block-storage-deatach\n```\n\nVia the Equinix Metal Web App, detach the volume from the host, and then delete the volume. The physical host can then be deprovisioned via Terraform destroy.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequinix%2Fterraform-equinix-metal-openstack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fequinix%2Fterraform-equinix-metal-openstack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fequinix%2Fterraform-equinix-metal-openstack/lists"}