Accéder à OpenStack
Depuis le serveur bastion, accédez au Plan de Contrôle :
oc rsh -n openstack openstackclientSur le Plan de Contrôle, vérifiez les Services OpenStack :
cd /home/cloud-admin
openstack compute service listExemple de sortie
+--------------------------------------+----------------+------------------------+----------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +--------------------------------------+----------------+------------------------+----------+---------+-------+----------------------------+ | 9d95d098-7666-4be8-8c70-230f474b625b | nova-conductor | nova-cell1-conductor-0 | internal | enabled | up | 2024-04-17T18:58:07.000000 | | d283fd97-657c-422f-9572-be71c6a5b804 | nova-conductor | nova-cell0-conductor-0 | internal | enabled | up | 2024-04-17T18:58:05.000000 | | 3abb8a21-1b8d-48f2-adfc-663d52344229 | nova-scheduler | nova-scheduler-0 | internal | enabled | up | 2024-04-17T18:58:10.000000 | +--------------------------------------+----------------+------------------------+----------+---------+-------+----------------------------+
Vérifiez les réseaux OpenStack :
openstack network agent list
exitExemple de sortie
+--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------+ | 7a0966e9-e6ef-49f3-ba9e-e16d2c96f0b3 | OVN Controller Gateway agent | ocp4-worker3.aio.example.com | | :-) | UP | ovn-controller | | 696925cf-518f-410c-bb0d-cd1cdc753393 | OVN Controller Gateway agent | ocp4-worker1.aio.example.com | | :-) | UP | ovn-controller | | 881583db-0ef8-425f-afe8-d2eaef68bc32 | OVN Controller Gateway agent | ocp4-worker2.aio.example.com | | :-) | UP | ovn-controller | | 0cc63eb1-f7c9-482d-8a1f-80e9bcbc62e5 | OVN Controller agent | edpm-compute-0.aio.example.com | | :-) | UP | ovn-controller | +--------------------------------------+------------------------------+--------------------------------+-------------------+-------+-------+----------------+
Mappez les nœuds de calcul à la cellule de calcul à laquelle ils sont connectés :
oc rsh nova-cell0-conductor-0 nova-manage cell_v2 discover_hosts --verboseAccès au pod openstackclient
oc rsh -n openstack openstackclientCréer une image et des flavors
export GATEWAY=192.168.123.1
export PUBLIC_NETWORK_CIDR=192.168.123.1/24
export PRIVATE_NETWORK_CIDR=192.168.100.0/24
export PUBLIC_NET_START=192.168.123.91
export PUBLIC_NET_END=192.168.123.99
export DNS_SERVER=8.8.8.8
openstack flavor create --ram 512 --disk 1 --vcpu 1 --public tiny
curl -O -L https://github.com/cirros-dev/cirros/releases/download/0.6.2/cirros-0.6.2-x86_64-disk.img
openstack image create cirros --container-format bare --disk-format qcow2 --public --file cirros-0.6.2-x86_64-disk.imgGénérer une paire de clés ssh :
ssh-keygen -m PEM -t rsa -b 2048 -f ~/.ssh/id_rsa_pemCréer un réseau et la sécurité pour la machine virtuelle
openstack keypair create --public-key ~/.ssh/id_rsa_pem.pub default
openstack security group create basic
openstack security group rule create basic --protocol tcp --dst-port 22:22 --remote-ip 0.0.0.0/0
openstack security group rule create --protocol icmp basic
openstack security group rule create --protocol udp --dst-port 53:53 basic
openstack network create --external --provider-physical-network datacentre --provider-network-type flat public
openstack network create --internal private
openstack subnet create public-net \
--subnet-range $PUBLIC_NETWORK_CIDR \
--no-dhcp \
--gateway $GATEWAY \
--allocation-pool start=$PUBLIC_NET_START,end=$PUBLIC_NET_END \
--network public
openstack subnet create private-net \
--subnet-range $PRIVATE_NETWORK_CIDR \
--network private
openstack router create vrouter
openstack router set vrouter --external-gateway public
openstack router add subnet vrouter private-netCréer la machine virtuelle et une IP flottante
openstack server create \
--flavor tiny --key-name default --network private --security-group basic \
--image cirros test-server
openstack floating ip create publicAjoutez l’IP flottante ci-dessus à la nouvelle machine virtuelle.
openstack server add floating ip test-server $(openstack floating ip list -c "Floating IP Address" -f value)
exitDu bastion, accéder à la machine virtuelle.
ssh cirros@<FLOATING_IP> (password is gocubsgo)exitFacultatif : Activer Horizon
Du bastion :
oc patch openstackcontrolplanes/openstack-galera-network-isolation -p='[{"op": "replace", "path": "/spec/horizon/enabled", "value": true}]' --type json
oc patch openstackcontrolplane/openstack-galera-network-isolation -p '{"spec": {"horizon": {"template": {"customServiceConfig": "USE_X_FORWARDED_HOST = False" }}}}' --type=mergeVérifiez que les pods Horizon fonctionnent après l’avoir activé :
oc get pods -n openstackExemple de sortie:
[...]
glance-default-single-0 3/3 Running 0 7h3m
horizon-5dbc7bd48c-hfxvw 0/1 Terminating 0 3s
horizon-6bc6f585c5-c8bhn 0/1 ContainerCreating 0 2s
horizon-84f6cc96d7-zhc4k 0/1 ContainerCreating 0 3s
[...]Obtenir la route
ROUTE=$(oc get routes horizon -o go-template='https://{{range .status.ingress}}{{.host}}{{end}}')
echo $ROUTEExemple de sortie
https://horizon-openstack.apps.86dgb.dynamic.redhatworkshops.io
Cliquez sur l’URL et connectez-vous avec le nom d’utilisateur admin et le mot de passe openstack