OpenStack Setup
Overviewβ
This document describes the OpenStack setup deployed on an HPE ProLiant DL360 Gen9 server. The infrastructure is divided into two main environments:
- INF1: A local OpenStack environment used for testing and development.
- INF2: A production-grade, exposed OpenStack infrastructure intended for public-facing services.
Both environments are virtualized on top of Proxmox VE (type 1 hypervisor) hosted on the same physical server. OpenStack services are deployed using containerization and follow a modular architecture, with centralized identity and networking services.
Host Hardwareβ
- Model: HPE ProLiant DL360 Gen9
- CPUs: 2x Intel Xeon E5-series processors
- Total RAM: 128 GB
- Disk: RAID-backed SSD storage
- Hypervisor: Proxmox VE (Type 1)
The Proxmox host is partitioned into multiple virtual machines used to build INF1 and INF2.
ποΈ Overview of Environmentsβ
πΉ INF1 β Local OpenStack (Testing/Staging)β
- Purpose: Development, testing, internal validation
- Access: Local network only (non-exposed)
- Components:
- 1 Γ Controller Node
- 3 Γ Compute Node
- 1 Γ Block Storage Node
- Features:
- Mail server (Mailcow) installed on the controller node
- Reverse proxy configured locally (for internal tests)
- Testing of networking, floating IPs, and OpenStack APIs
- VM images include Cirros, Ubuntu, Alpine
Check the full set of configuration files for INF1 here:
π github.com/NidhalOunissi/openstack-config/tree/main/inf1
πΉ INF2 β Public OpenStack (Production-like)β
- Purpose: Exposed infrastructure for real-world use cases and client services
- Access: Accessible over the internet (secured)
- Components:
- 1 Γ Controller Node
- 1 Γ Compute Node
- 1 Γ Block Storage Node
- External access to Horizon, APIs, and services
- Features:
- Proper domain + SSL setup (using NGINX reverse proxy)
- Reverse proxy hosted on separate VM / VPS (optional)
- Integrated with Keycloak for IAM
- Secure services: Keystone, Nova, Glance, Neutron, Cinder
- Projects per user, managed with OpenStack4j via custom backend
Check the full set of configuration files for INF2 here:
π github.com/NidhalOunissi/openstack-config/tree/main/inf2
π Reverse Proxy Setupβ
- All OpenStack endpoints are exposed via NGINX reverse proxy
- Reverse proxy handles:
- TLS termination (Letβs Encrypt certificates)
- Path-based routing to Horizon, Keystone, Nova API, etc.
- Connection forwarding from external public IP to internal INF2 services
Details of networking and reverse proxy setup are covered in
networking.md.
π§ Mail Integrationβ
- Mail Server: Mailcow
- Location: INF1 Controller Node
- Usage: Internal transactional email testing and marketing platform integration
- DNS: Managed for internal domain, not publicly exposed
- Future: May be replaced or mirrored on INF2 for production mail delivery
Virtualization Architectureβ
Each OpenStack environment (INF1 and INF2) is deployed on its own set of Proxmox virtual machines:
+-----------------------------+
| Proxmox VE Hypervisor |
| (HPE DL360 Gen9 Host) |
+-------------+---------------+
|
+----------------------+----------------------+
| |
+-----v-----+ +-----v-----+
| INF1 | | INF2 |
| (Local) | | (Exposed) |
+-----------+ +-----------+