Blog Main Image

Installing Spinnaker on Openstack

By Intuitive / Apr 06,2019


In this post will learn about how to deploy a Spinnaker on Openstack instance. Spinnaker is an open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence.


  • Inorder to run a Spinnaker, Halyard installation needed.
  • Ubuntu 14.04 lts x86_64 openstack instance.
  • Minio for Persistence storage.
  • Openstack API that are required to be enabled on openstack.
    • Keystone (Identity) v3
    • Compute v2
    • LBaaS v2
    • Networking v2
    • Orchestration (Heat)
    • Ceilometer
    • Telemetry Alarming (Aodh)
    • Glance v1
  • Choose an Environment as a Local installations of Debian packages.

Spinnaker Architecture

Installing Spinnaker on Openstack

Spinnaker is composed of a number of independent microservices:

  • Deck is the browser-based UI.
  • Gate is the API gateway. The Spinnaker UI and all api callers communicate with Spinnaker via Gate.
  • Orca is the orchestration engine. It handles all ad-hoc operations and pipelines.
  • Clouddriver is responsible for all mutating calls to the cloud providers and for indexing/caching all deployed resources.
  • Front50 is used to persist the metadata of applications, pipelines, projects and notifications.
  • Rosco is the bakery. It is used to produce machine images (for example GCE images, AWS AMIs, Azure VM images). It currently wraps packer, but will be expanded to support additional mechanisms for producing images.
  • Igor is used to trigger pipelines via continuous integration jobs in systems like Jenkins and Travis CI, and it allows Jenkins/Travis stages to be used in pipelines.
  • Echo is Spinnaker’s eventing bus. It supports sending notifications (e.g. Slack, email, Hipchat, SMS), and acts on incoming webhooks from services like Github.
  • Fiat is Spinnaker’s authorization service. It is used to query a user’s access permissions for accounts, applications and service accounts.
  • Kayenta provides automated canary analysis for Spinnaker.

Install Halyard

Halyard manages the lifecycle of your Spinnaker deployment, including writing & validating your deployment’s configuration, deploying each of Spinnaker’s microservices, and updating the deployment. Created user as a ubuntu with sudo previllages enabled, follow the below steps as a ubuntu user.

    1. Get the latest version of Halyard for Debian/Ubuntu:
    ubuntu@spinnaker:~$ curl -O
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100  9138  100  9138    0     0  18531      0 --:--:-- --:--:-- --:--:-- 18573
    1. Install it:

    If you’re prompted for any information, default answers are usually suitable.

    ubuntu@spinnaker:~$ sudo bash
    Halyard version will be stable
    Halyard will be downloaded from gs://spinnaker-artifacts/halyard
    Halyard config will come from bucket gs://halconfig
    Halconfig will be stored at /home/ubuntu/.hal/config
    Uninstall script is located at /home/ubuntu/.hal/
    1. Check whether Halyard was installed properly:
    ubuntu@spinnaker:~$ hal -v
    1. Run the below to enable command completion:
    ubuntu@spinnaker:~$ . ~/.bashrc

    Configure Minio Locally

    Minio is an S3-compatible object store that you can host yourself. This is the persistent storage solution we recommend when you don’t want to depend on a cloud provider to host your Spinnaker data. Follow the below steps as a root user to configure minio.

    1. Download the latest verison of Minio:
    root@spinnaker:~$ wget
    --2018-07-09 13:46:15--
    Resolving (
    Connecting to (||:443... connected.
    HTTP request sent, awaiting response... 200 OK
    Length: 28048192 (27M) [application/octet-stream]
    Saving to: ‘minio’
    100%[===================================================================================================================================================================================================>] 28,048,192  7.25MB/s   in 3.7s
    2018-07-09 13:46:19 (7.25 MB/s) - ‘minio’ saved [28048192/28048192]
    1. Provide executable permision to Minio file:
    root@spinnaker:~$ chmod +x minio
    1. Below command will give you credential info of Minio to access:

    root@spinnaker:~# ./minio server /mnt/minio

    1. Next step we are going to configure Minio with Halyard using Minio credentials, which we got from previous command:
    ubuntu@spinnaker:~$ hal config storage s3 edit --endpoint http://localhost:9001 \
    > --access-key-id VI82U0FEE674IZBC8TTP \
    > --secret-access-key
    Your AWS Secret Key.:
    + Get current deployment
    + Get persistent store
    Generated bucket name: spin-5accf3fb-f2a2-4eb0-bfc0-150fbdc9d5f5
    + Edit persistent store
    Problems in default.persistentStorage:
    - WARNING Your deployment will most likely fail until you configure
      and enable a persistent store.
    + Successfully edited persistent store "s3".
    ubuntu@spinnaker:~$ hal config storage edit --type s3
    + Get current deployment
    + Get persistent storage settings
    + Edit persistent storage settings
    + Successfully edited persistent storage.

    Minio persistent storage has been configured and ready to use for Spinnaker installation.

    Configure Openstack API on Ubuntu

    Download Openstack RC file v3 from openstack api access & security.

Configure the file and run locally on ubuntu, which is downloaded from openstack.

ubuntu@spinnaker:~$ cat

[2]+  Stopped                 vim
ubuntu@spinnaker:~$ rm
rm: cannot remove ‘’: Is a directory
ubuntu@spinnaker:~$ rm -r
ubuntu@spinnaker:~$ ls
]  minio
ubuntu@spinnaker:~$ vim
ubuntu@spinnaker:~$ cat vm
cat: vm: No such file or directory
ubuntu@spinnaker:~$ cat
#!/usr/bin/env bash

# To use an OpenStack cloud you need to authenticate against the Identity
# service named keystone, which returns a **Token** and **Service Catalog**.
# The catalog contains the endpoints for all services the user/tenant has
# access to - such as Compute, Image Service, Identity, Object Storage, Block
# Storage, and Networking (code-named nova, glance, keystone, swift,
# cinder, and neutron).
# *NOTE*: Using the 3 *Identity API* does not necessarily mean any other
# OpenStack API is version 3. For example, your cloud provider may implement
# Image API v1.1, Block Storage API v2, and Compute API v2.0. OS_AUTH_URL is
# only for the Identity API served through keystone.
export OS_AUTH_URL=

# With the addition of Keystone we have standardized on the term **project**
# as the entity that owns the resources.
export OS_PROJECT_ID=af33d031da1743b199e6f90b75ca3d6d
export OS_PROJECT_NAME="vmware-cloud"
export OS_USER_DOMAIN_NAME="Default"
if [ -z "$OS_USER_DOMAIN_NAME" ]; then unset OS_USER_DOMAIN_NAME; fi

# unset v2.0 items in case set

# In addition to the owning entity (tenant), OpenStack stores the entity
# performing the action as the **user**.
export OS_USERNAME="karthik1"

# With Keystone you pass the keystone password.
echo "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: "

# If your configuration has multiple regions, we set that information here.
# OS_REGION_NAME is optional and only valid in certain environments.
export OS_REGION_NAME="us-east"
# Don't leave a blank variable, unset it if it was empty
if [ -z "$OS_REGION_NAME" ]; then unset OS_REGION_NAME; fi

export OS_INTERFACE=public


Enter the openstack login password for API access:

ubuntu@spinnaker:~$ source
Please enter your OpenStack Password for project vmware-cloud as user karthik1:

Choose an Environment as a Local Debian

The Local Debian installation means Spinnaker will be downloaded and run on the single machine Halyard is currently installed on.

The Local Debian installation is intended for smaller deployments of Spinnaker, and for clouds where the Distributed installation is not yet supported; however, since all services are on a single machine, there will be downtime when Halyard updates Spinnaker.

ubuntu@spinnaker:~$ hal config deploy edit --type localdebian
+ Get current deployment
+ Get the deployment environment
- No changes supplied.

Deploy Spinnaker

Now that we’ve enabled one Cloud Provider, picked a Deployment Environment, and configured Persistent Storage, we’re ready to pick a version of Spinnaker, deploy it, and connect to it.

  1. List the available versions:
ubuntu@spinnaker:~$ hal version list
+ Get current deployment
+ Get Spinnaker version
+ Get released versions
+ You are on version "", and the following are available:
 - 1.5.4 (Atypical):
   Published: Wed Jan 10 18:46:49 UTC 2018
   (Requires Halyard >= 0.40.0)
 - 1.6.1 (GLOW):
   Published: Wed Apr 04 19:20:54 UTC 2018
   (Requires Halyard >= 0.41.0)
 - 1.7.6 (Ozark):
   Published: Tue May 29 16:26:20 UTC 2018
   (Requires Halyard >= 1.0.0)
 - 1.8.0 (Dark):
   Published: Fri Jun 22 17:48:29 UTC 2018
   (Requires Halyard >= 1.0.0)

  1. Set the version you want to use:
ubuntu@spinnaker:~$ hal config version edit --version 1.8.0
+ Get current deployment
+ Edit Spinnaker version
+ Spinnaker has been configured to update/install version "1.8.0".
  Deploy this version of Spinnaker with `hal deploy apply`.
  1. Deploy Spinnaker:
    sudo hal deploy apply

Exposing Spinnaker on OpenStack Network

This post focuses on a Local environment. To prevent inadvertently exposing your cloud infrastructure to the whole world, Halyard installs Spinnaker in its most locked-down form. This means all services only bind to localhost , which only accepts connections from inside the same server.

On the other hand, Distributed environment services bind to , which allows them to receive requests from services running on different hosts. This is essential to scaling Spinnaker to large enterprise deployments as a high-availability service.

Opening Gate and Deck

We’ll specify the host in both gate.yml and deck.yml in our default Halyard deployment with this command:

ubuntu@spinnaker:~$ echo "host:" | tee \
> ~/.hal/default/service-settings/gate.yml \
> ~/.hal/default/service-settings/deck.yml

Run sudo hal deploy apply to update the changes to spinnaker.

Now, You can test this out by navigating to the instance’s public IP address on port 9000 in your browser.

Installing Spinnaker on Openstack


Main Logo