Access OpenStack

  1. From the bastion server access the Control Plane:

    ssh root@192.168.123.100
oc rsh -n openstack openstackclient

  2. On Control Plane verify OpenStack Services:

    cd /home/cloud-admin
openstack compute service list
    Sample Output
    +--------------------------------------+----------------+--------------------------------+----------+---------+-------+----------------------------+
| ID                                   | Binary         | Host                           | Zone     | Status  | State | Updated At                 |
+--------------------------------------+----------------+--------------------------------+----------+---------+-------+----------------------------+
| 8c787286-4ef0-486d-90bc-a99b423fedb4 | nova-scheduler | nova-scheduler-0               | internal | enabled | up    | 2024-05-24T08:56:03.000000 |
| 70cd6e5c-5fae-4641-8693-f0616c1a287b | nova-conductor | nova-cell0-conductor-0         | internal | enabled | up    | 2024-05-24T08:56:09.000000 |
| 8c708776-539a-4fd8-8e67-61711e07e800 | nova-conductor | nova-cell1-conductor-0         | internal | enabled | up    | 2024-05-24T08:56:02.000000 |
| a43ed3dc-a274-49e3-8956-2e80c8269bba | nova-compute   | edpm-compute-0.aio.example.com | nova     | enabled | up    | 2024-05-24T08:56:07.000000 |
+--------------------------------------+----------------+--------------------------------+----------+---------+-------+----------------------------+

  3. Verify OpenStack networks:

    openstack network agent list
exit
    Sample Output
    +--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------------------+
| ID                                   | Agent Type                   | Host                           | Availability Zone | Alive | State | Binary                     |
+--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------------------+
| 4d89ad82-485c-41a2-9427-2420ee0129ec | OVN Controller Gateway agent | ocp4-worker1.aio.example.com   |                   | :-)   | UP    | ovn-controller             |
| bfbc013b-5e2d-4454-8b11-63cb63ebef16 | OVN Controller Gateway agent | ocp4-worker2.aio.example.com   |                   | :-)   | UP    | ovn-controller             |
| 6b17396e-1129-4b39-953c-b3735e401743 | OVN Controller Gateway agent | ocp4-worker3.aio.example.com   |                   | :-)   | UP    | ovn-controller             |
| c9d07b3c-5889-4fdf-bc27-19dd197d6a32 | OVN Controller agent         | edpm-compute-0.aio.example.com |                   | :-)   | UP    | ovn-controller             |
| d2bf2749-5744-5e96-b3fc-fb2708e8fb30 | OVN Metadata agent           | edpm-compute-0.aio.example.com |                   | :-)   | UP    | neutron-ovn-metadata-agent |
+--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------------------+

  4. Map the Compute nodes to the Compute cell that they are connected to:

    oc rsh nova-cell0-conductor-0 nova-manage cell_v2 discover_hosts --verbose
    Sample Output
    Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
2024-05-24 18:06:57.493 4576 WARNING oslo_policy.policy [None req-69d81d0b-1e8a-4cdb-9f08-19767ca33c21 - - - - - -] JSON formatted policy_file support is deprecated since Victoria release. You need to use YAML format which will be default in future. You can use ``oslopolicy-convert-json-to-yaml`` tool to convert existing JSON-formatted policy file to YAML-formatted in backward compatible way: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html.
2024-05-24 18:06:57.493 4576 WARNING oslo_policy.policy [None req-69d81d0b-1e8a-4cdb-9f08-19767ca33c21 - - - - - -] JSON formatted policy_file support is deprecated since Victoria release. You need to use YAML format which will be default in future. You can use ``oslopolicy-convert-json-to-yaml`` tool to convert existing JSON-formatted policy file to YAML-formatted in backward compatible way: https://docs.openstack.org/oslo.policy/latest/cli/oslopolicy-convert-json-to-yaml.html.
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': e35f1b96-fc8d-4b4d-8d47-24f3a0d38bbc
Checking host mapping for compute host 'edpm-compute-0.aio.example.com': ffc784cb-f1e2-4a9f-850f-c865214d3edd
Creating host mapping for compute host 'edpm-compute-0.aio.example.com': ffc784cb-f1e2-4a9f-850f-c865214d3edd
Found 1 unmapped computes in cell: e35f1b96-fc8d-4b4d-8d47-24f3a0d38bbc

  5. Create a VM

    oc rsh -n openstack openstackclient
export GATEWAY=192.168.123.1
export PUBLIC_NETWORK_CIDR=192.168.123.1/24
export PRIVATE_NETWORK_CIDR=192.168.100.0/24
export PUBLIC_NET_START=192.168.123.91
export PUBLIC_NET_END=192.168.123.99
export DNS_SERVER=8.8.8.8
openstack flavor create --ram 512 --disk 1 --vcpu 1 --public tiny
curl -O -L https://github.com/cirros-dev/cirros/releases/download/0.6.2/cirros-0.6.2-x86_64-disk.img
openstack image create cirros --container-format bare --disk-format qcow2 --public --file cirros-0.6.2-x86_64-disk.img

  6. Create Network and Security for the VM

    ssh-keygen -m PEM -t rsa -b 2048 -f ~/.ssh/id_rsa_pem
openstack keypair create --public-key ~/.ssh/id_rsa_pem.pub default
openstack security group create basic
openstack security group rule create basic --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
openstack security group rule create --protocol icmp basic
openstack security group rule create --protocol udp --dst-port 53:53 basic
openstack network create --external --provider-physical-network datacentre --provider-network-type flat public
openstack network create --internal private
openstack subnet create public-net \
--subnet-range $PUBLIC_NETWORK_CIDR \
--no-dhcp \
--gateway $GATEWAY \
--allocation-pool start=$PUBLIC_NET_START,end=$PUBLIC_NET_END \
--network public
openstack subnet create private-net \
--subnet-range $PRIVATE_NETWORK_CIDR \
--network private
openstack router create vrouter
openstack router set vrouter --external-gateway public
openstack router add subnet vrouter private-net

  7. Create the Server and a Floating IP

    openstack server create \
    --flavor tiny --key-name default --network private --security-group basic \
    --image cirros test-server
openstack floating ip create public

  8. Add the floating IP above to the new VM in the next step.

    openstack server add floating ip test-server <FLOATING_IP>
exit

  9. From the bastion access to the VM.

    ssh cirros@<FLOATING_IP> (password is gocubsgo)
    exit

  10. Optional: To enable Horizon, execute below from the Bastion:

    oc patch openstackcontrolplanes/openstack-galera-network-isolation -p='[{"op": "replace", "path": "/spec/horizon/enabled", "value": true}]' --type json

  11. Get the Route

    ROUTE=$(oc get routes horizon  -o go-template='https://{{range .status.ingress}}{{.host}}{{end}}')
echo $ROUTE
    Sample Output
    https://horizon-openstack.apps.86dgb.dynamic.redhatworkshops.io

  12. Click the url and log in as username admin password openstack