Access OpenStack

From the bastion server access the Control Plane:

sudo -i
ssh root@192.168.123.100
oc rsh -n openstack openstackclient

On Control Plane verify OpenStack Services:

cd /home/cloud-admin
openstack compute service list
Sample Output
+--------------------------------------+----------------+------------------------+----------+---------+-------+----------------------------+
| ID                                   | Binary         | Host                   | Zone     | Status  | State | Updated At                 |
+--------------------------------------+----------------+------------------------+----------+---------+-------+----------------------------+
| 9d95d098-7666-4be8-8c70-230f474b625b | nova-conductor | nova-cell1-conductor-0 | internal | enabled | up    | 2024-04-17T18:58:07.000000 |
| d283fd97-657c-422f-9572-be71c6a5b804 | nova-conductor | nova-cell0-conductor-0 | internal | enabled | up    | 2024-04-17T18:58:05.000000 |
| 3abb8a21-1b8d-48f2-adfc-663d52344229 | nova-scheduler | nova-scheduler-0       | internal | enabled | up    | 2024-04-17T18:58:10.000000 |
+--------------------------------------+----------------+------------------------+----------+---------+-------+----------------------------+

Verify OpenStack networks:

openstack network agent list
exit
Sample Output
+--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------+
| ID                                   | Agent Type                   | Host                           | Availability Zone | Alive | State | Binary         |
+--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------+
| 7a0966e9-e6ef-49f3-ba9e-e16d2c96f0b3 | OVN Controller Gateway agent | ocp4-worker3.aio.example.com   |                   | :-)   | UP    | ovn-controller |
| 696925cf-518f-410c-bb0d-cd1cdc753393 | OVN Controller Gateway agent | ocp4-worker1.aio.example.com   |                   | :-)   | UP    | ovn-controller |
| 881583db-0ef8-425f-afe8-d2eaef68bc32 | OVN Controller Gateway agent | ocp4-worker2.aio.example.com   |                   | :-)   | UP    | ovn-controller |
| 0cc63eb1-f7c9-482d-8a1f-80e9bcbc62e5 | OVN Controller agent         | edpm-compute-0.aio.example.com |                   | :-)   | UP    | ovn-controller |
+--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------+

Map the Compute nodes to the Compute cell that they are connected to:

oc rsh nova-cell0-conductor-0 nova-manage cell_v2 discover_hosts --verbose

Create a VM

oc rsh -n openstack openstackclient
export GATEWAY=192.168.123.1
export PUBLIC_NETWORK_CIDR=192.168.123.1/24
export PRIVATE_NETWORK_CIDR=192.168.100.0/24
export PUBLIC_NET_START=192.168.123.91
export PUBLIC_NET_END=192.168.123.99
export DNS_SERVER=8.8.8.8
openstack flavor create --ram 512 --disk 1 --vcpu 1 --public tiny
curl -O -L https://github.com/cirros-dev/cirros/releases/download/0.6.2/cirros-0.6.2-x86_64-disk.img
openstack image create cirros --container-format bare --disk-format qcow2 --public --file cirros-0.6.2-x86_64-disk.img

Create Network and Security for the VM

ssh-keygen -m PEM -t rsa -b 2048 -f ~/.ssh/id_rsa_pem
openstack keypair create --public-key ~/.ssh/id_rsa_pem.pub default
openstack security group create basic
openstack security group rule create basic --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
openstack security group rule create --protocol icmp basic
openstack security group rule create --protocol udp --dst-port 53:53 basic
openstack network create --external --provider-physical-network datacentre --provider-network-type flat public
openstack network create --internal private
openstack subnet create public-net \
--subnet-range $PUBLIC_NETWORK_CIDR \
--no-dhcp \
--gateway $GATEWAY \
--allocation-pool start=$PUBLIC_NET_START,end=$PUBLIC_NET_END \
--network public
openstack subnet create private-net \
--subnet-range $PRIVATE_NETWORK_CIDR \
--network private
openstack router create vrouter
openstack router set vrouter --external-gateway public
openstack router add subnet vrouter private-net

Create the Server and a Floating IP

openstack server create \
    --flavor tiny --key-name default --network private --security-group basic \
    --image cirros test-server
openstack floating ip create public

Add the floating IP above to the new VM in the next step.

openstack server add floating ip test-server $(openstack floating ip list -c "Floating IP Address" -f value)
exit

From the bastion access to the VM.

ssh cirros@<FLOATING_IP> (password is gocubsgo)
exit

Optional: Enable Horizon

From the Bastion:

oc patch openstackcontrolplanes/openstack-galera-network-isolation -p='[{"op": "replace", "path": "/spec/horizon/enabled", "value": true}]' --type json
oc patch openstackcontrolplane/openstack-galera-network-isolation -p '{"spec": {"horizon": {"template": {"customServiceConfig": "USE_X_FORWARDED_HOST = False" }}}}' --type=merge

Check that the horizon pods are running after enabling it:

oc get pods -n openstack
Sample Output:
[...]
glance-default-single-0                                           3/3     Running             0          7h3m
horizon-5dbc7bd48c-hfxvw                                          0/1     Terminating         0          3s
horizon-6bc6f585c5-c8bhn                                          0/1     ContainerCreating   0          2s
horizon-84f6cc96d7-zhc4k                                          0/1     ContainerCreating   0          3s
[...]

Get the Route

ROUTE=$(oc get routes horizon  -o go-template='https://{{range .status.ingress}}{{.host}}{{end}}')
echo $ROUTE
Sample Output
https://horizon-openstack.apps.86dgb.dynamic.redhatworkshops.io

Click the url and log in as username admin password openstack