How to Deploy a Private OpenStack Cloud on Hetzner

Looking to run your own OpenStack environment without the overhead of managing hardware? Hetzner’s flexible bare‑metal and virtual servers make it an ideal platform for a private cloud. This guide walks beginners through every step – from selecting the right servers to launching your first instance.

Why Choose Hetzner for a Private OpenStack?

• Cost‑effective hardware: Dedicated servers start at €34/month, giving you plenty of RAM and CPU for a small OpenStack cluster.
• Excellent network: 1 Gbps uplink with optional 10 Gbps trunk ensures low latency for inter‑node traffic.
• Automation friendly: Hetzner’s API and Cloud‑Init support let you script provisioning.
• European data‑centers: GDPR‑compliant locations with high security standards.

Prerequisites

Hardware Requirements

For a minimal, production‑ready OpenStack you need at least three nodes:

1. Controller node: 8 vCPU, 16 GB RAM, 200 GB SSD – runs API, scheduler, dashboard, and database.
2. Compute node: 16 vCPU, 32 GB RAM, 500 GB SSD – hosts VMs.
3. Storage node (optional): 8 vCPU, 16 GB RAM, 2 TB HDD – provides Cinder block storage.

If you’re just testing, a single 8 vCPU/32 GB RAM server can run all services with the all‑in‑one mode.

Step‑by‑Step Installation

1. Order Servers from Hetzner

Log in to the Hetzner Cloud Console and create the required servers. Choose the “Root Server” option for dedicated hardware or “CX31”/“CX41” for virtual machines. Enable Rescue Mode and generate SSH keys.

2. Prepare the Base OS

We recommend Ubuntu 22.04 LTS because it’s the official OpenStack distribution. After the server boots, run:

sudo apt update && sudo apt upgrade -y sudo apt install -y curl gnupg2 software-properties-common

Disable unwanted services (e.g., snapd) to free resources.

3. Add the OpenStack Repository

sudo add-apt-repository cloud-archive:wallaby sudo apt update

Replace “wallaby” with the latest stable release when you read this guide.

4. Install the Production Packages

On the **controller** node, run:

# Install the core services sudo apt install -y mariadb-server rabbitmq-server memcached  # OpenStack packages sudo apt install -y keystone glance nova-api nova-conductor nova-scheduler nova-novncproxy nova-common database dashboard

On the **compute** node, install only the compute services:

sudo apt install -y nova-compute qemu-kvm libvirt-daemon-system

Repeat similar steps for the storage node, installing cinder-volume and ceph if you prefer block storage.

5. Configure Networking

OpenStack uses Neutron for software‑defined networking. A simple setup with a single flat network works for most labs:

# On the controller sudo nano /etc/neutron/plugins/ml2/ml2_conf.ini # Enable the linuxbridge driver and flat network

Don’t forget to open the required ports in Hetzner’s firewall – TCP 5000, 8774, 9696, and UDP 67 for DHCP.

6. Initialize the Database and Identity Service

# Create the OpenStack database sudo mysql -u root -p CREATE DATABASE keystone; CREATE DATABASE glance; CREATE DATABASE nova; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'STRONG_PASS'; # ... repeat for other services exit  # Populate the tables echo "CREATE EXTENSION IF NOT EXISTS pgcrypto;" | sudo -u postgres psql openstack-db-manage --config-file /etc/keystone/keystone.conf upgrade  # Source the admin credentials export OS_USERNAME=admin export OS_PASSWORD=STRONG_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2

7. Verify the Installation

Run a quick health check from the controller:

openstack service list openstack compute service list openstack network agent list

If all services return up, you’re ready to launch your first VM.

Launching Your First Instance

1. Upload a cloud‑init enabled image (e.g., Ubuntu 22.04) via the Horizon dashboard or CLI.
2. Create a flavor that matches your compute node’s resources.
3. Define a network and a subnet.
4. Run openstack server create --flavor m1.small --image ubuntu‑2204 --network private test‑vm.

After a minute, the VM appears in the dashboard. Use openstack console url show test‑vm to access the serial console.

Maintenance Tips

• Back up the database nightly: mysqldump -u root -p keystone > keystone.sql.
• Monitor resource usage: Hetzner’s Robot panel provides CPU, RAM, and bandwidth graphs.
• Apply security updates weekly: sudo unattended-upgrade keeps the host OS patched.
• Scale out: Add more compute nodes via Hetzner’s API and run nova-manage cell_v2 discover_hosts to register them.

FAQ

Is OpenStack supported on Hetzner’s virtual servers?

Yes, but for production you’ll want dedicated hardware to avoid noisy‑neighbor issues. The virtual CX series works well for labs and development.

Do I need a separate storage solution?

OpenStack can use local disks for cinder volumes, but integrating a Ceph cluster on Hetzner’s storage nodes gives better redundancy and scalability.

How much does a small private cloud cost?

A three‑node setup (one controller, one compute, one storage) starts around €120/month in Hetzner’s Frankfurt data centre.

Can I automate the whole deployment?

Absolutely. Tools like Ansible and Kolla‑Ansible can provision the OS, install OpenStack, and configure networking in under 30 minutes.

What’s the best way to secure my OpenStack?

Enable TLS for all API endpoints, use strong passwords for service accounts, and restrict API access to specific IP ranges via Hetzner’s firewall.

Ready to Build Your Private Cloud?

Hetzner gives you the raw power, and OpenStack adds the flexibility of a public‑cloud‑style API. Follow this guide, iterate on your configuration, and you’ll have a fully functional private cloud in a few hours.

Start today: Sign up for Hetzner, spin up the recommended servers, and run the steps above. Need personalized help? Contact our cloud experts for a free consultation.