Setting up Node Network Configuration Policy

Rederence: See Section 3.4. Preparing RHOCP for RHOSP network isolation from Deploying Red Hat OpenStack Platform 18.0 Development Preview 3 on Red Hat OpenShift Container Platform guide.

Create required projects for the Openstack Operator installation.

The next installation step for the OpenStack Operators involves creating the openstack-operators and openstack projects for the RHOSO operators.
```
oc new-project openstack-operators
oc new-project openstack
```

get list of worker nodes in your ocp cluster.

oc get nodes -l node-role.kubernetes.io/worker -o jsonpath="{.items[*].metadata.name}"

Sample output

ocp4-worker1.aio.example.com ocp4-worker2.aio.example.com ocp4-worker3.aio.example.com

Copy sample nncp configuration from step #4 in the documentation link provided on the section page.

or

use the provided sample configuration file single-nic-vlan-nncp.sample.

Create a copy of sample config for one of your nodes.

cp single-nic-vlan-nncp.sample osp-ng-nncp-worker1.yaml

Edit the file for use with the relevant node.

Refer to the network configuration table you have created earlier.
```
vi osp-ng-nncp-worker1.yaml
```
Customize the copy of sample configuration as per requirement.
1. Change the metadata name to reflect the node name and interface name strings.
2. Change the name of the interface as per the network configuration table.
3. Change the vlan id as per your setup.
4. Change the ipaddress of the interface as per the network configuration table.
5. Repeat above steps for all network configuration blocks: internalapi, storage, tenant and interface configuration.
6. Change the hostname under nodeselector to match your hostname.
Apply the configuration
```
oc apply -f  osp-ng-nncp-worker1.yaml
```

Create copy of your current edited file for other nodes, it will be easier to edit.

cp osp-ng-nncp-worker1.yaml osp-ng-nncp-worker2.yaml
cp osp-ng-nncp-worker1.yaml osp-ng-nncp-worker3.yaml

Edit the other files with relevant network configuration as per network configuration table.
Most likely you will need to change only the metadata name, the ip addresses and nodeselector hostname configuration.

Apply newly configured yamls indivdually:

oc apply -f osp-ng-nncp-worker2.yaml
oc apply -f osp-ng-nncp-worker3.yaml

Wait until they are in an available state before proceeding:

oc get nncp -w

Sample Output

NAME                              STATUS      REASON
osp-enp1s0-worker-ocp4-worker1    Available   SuccessfullyConfigured
osp-enp1s0-worker-ocp4-worker2    Available   SuccessfullyConfigured
osp-enp1s0-worker-ocp4-worker3    Available   SuccessfullyConfigured

Verify that the network settings are applied on the relevant node by listing ip settings on the node.

Connect to node:

oc debug node/ocp4-worker1.aio.example.com

Sample output

Temporary namespace openshift-debug-cp7xd is created for debugging node...
Starting pod/ocp4-master1aioexamplecom-debug ...
To use host binaries, run `chroot /host`
Pod IP: 192.168.123.101
If you don't see a command prompt, try pressing enter.
sh-4.4#

Check IP address listing to verify the desired settings are applied.

ip address show

Sample output

. . .
66: enp1s0.20@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether de:ad:be:ef:00:01 brd ff:ff:ff:ff:ff:ff
    inet 172.17.0.10/24 brd 172.17.0.255 scope global noprefixroute enp1s0.20
       valid_lft forever preferred_lft forever
67: enp1s0.21@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether de:ad:be:ef:00:01 brd ff:ff:ff:ff:ff:ff
    inet 172.18.0.10/24 brd 172.18.0.255 scope global noprefixroute enp1s0.21
       valid_lft forever preferred_lft forever
68: enp1s0.22@enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether de:ad:be:ef:00:01 brd ff:ff:ff:ff:ff:ff
    inet 172.19.0.10/24 brd 172.19.0.255 scope global noprefixroute enp1s0.22
. . .