Configuration, Installation, and Use of Red Hat OpenStack Services on OpenShift

Access Your Lab Environment

During this lab you will be instructed to ssh to your hypervisor at IP address {bastion_public_hostname}. Use username {bastion_ssh_user_name} and password {bastion_ssh_password}. The uuid of your lab is: my-guid

Once logged in the hypervisor you can access to the bastion at IP address 192.168.123.100 as root using password redhat.

If needed, you can navigate to the OpenShift console URL: {ocp_console_url}[{ocp_console_url}^] using user admin and password {ocp_admin_password}

Prerequisites for Installation

Some prerequisites needed to install Red Hat OpenStack Services on OpenShift (RHOSO) are already included in the lab environment such as:

  • An operational OpenShift cluster which supports Multus CNI

  • oc command line tool on your workstation (bastion host)

  • k9s command line tool on your workstation (bastion host)

  • podman command line tool on your workstation (bastion host)

  • Access to repositories which contain the Dev Preview code

  • Access to an existing registry or create a local Quay registry

  • Example YAML files are available in this repository which can be cloned or copy and pasted for use. For ease of instructions it will be assumed the repo has been cloned

Install the Prerequisite Operators

There are three operators that are required to be installed before you can install the OpenStack Operator, the NMState Operator the MetalLB Operator and the Cert-Manager + Operator

Accessing the Cluster

From the hypervisor, log in to the bastion

sudo -i
ssh root@192.168.123.100

Password is redhat.

Sample Output
[root@ocp4-bastion ~]

Make sure you can reach out to the OpenShift cluster, for instance, by listing the nodes in your cluster:

oc get nodes
Sample Output
NAME                           STATUS   ROLES                  AGE   VERSION
ocp4-master1.aio.example.com   Ready    control-plane,master   26h   v1.25.16+9946c63
ocp4-master2.aio.example.com   Ready    control-plane,master   26h   v1.25.16+9946c63
ocp4-master3.aio.example.com   Ready    control-plane,master   26h   v1.25.16+9946c63
ocp4-worker1.aio.example.com   Ready    worker                 25h   v1.25.16+9946c63
ocp4-worker2.aio.example.com   Ready    worker                 25h   v1.25.16+9946c63
ocp4-worker3.aio.example.com   Ready    worker                 25h   v1.25.16+9946c63

NMState Operator

Create the nmstate Operator namespace:

cat << EOF | oc apply -f -
apiVersion: v1
kind: Namespace
metadata:
  labels:
    kubernetes.io/metadata.name: openshift-nmstate
    name: openshift-nmstate
  name: openshift-nmstate
spec:
  finalizers:
  - kubernetes
EOF

Create the OperatorGroup:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  annotations:
    olm.providedAPIs: NMState.v1.nmstate.io
  name: openshift-nmstate
  namespace: openshift-nmstate
spec:
  targetNamespaces:
  - openshift-nmstate
EOF

Confirm the OperatorGroup is installed in the namespace:

oc get operatorgroup -n openshift-nmstate

Subscribe to the nmstate Operator:

cat << EOF| oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  labels:
    operators.coreos.com/kubernetes-nmstate-operator.openshift-nmstate: ""
  name: kubernetes-nmstate-operator
  namespace: openshift-nmstate
spec:
  channel: stable
  installPlanApproval: Automatic
  name: kubernetes-nmstate-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOF

Confirm that NMstate operator is running. Repeat this command until you see the desired output:

oc get clusterserviceversion -n openshift-nmstate  -o custom-columns=Name:.metadata.name,Phase:.status.phase
Sample Output
Name                                              Phase
kubernetes-nmstate-operator.4.13.0-202402211707   Succeeded

Create instance of the nmstate operator:

cat << EOF | oc apply -f -
apiVersion: nmstate.io/v1
kind: NMState
metadata:
  name: nmstate
EOF

Confirm that the deployment for the nmstate operator is running:

oc get clusterserviceversion -n openshift-nmstate \
 -o custom-columns=Name:.metadata.name,Phase:.status.phase

MetalLB Operator

Create the MetalLB Operator namespace:

cat << EOF | oc apply -f -
apiVersion: v1
kind: Namespace
metadata:
  name: metallb-system
EOF

Create the OperatorGroup:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: metallb-operator
  namespace: metallb-system
EOF

Confirm the OperatorGroup is installed in the namespace:

oc get operatorgroup -n metallb-system

Subscribe to the metallb Operator:

cat << EOF| oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  name: metallb-operator-sub
  namespace: metallb-system
spec:
  channel: stable
  name: metallb-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOF

Confirm the metallb installplan is in the namespace:

oc get installplan -n metallb-system

Confirm the metallb operator is installed:

oc get clusterserviceversion -n metallb-system \
 -o custom-columns=Name:.metadata.name,Phase:.status.phase

Repeat the query until the Phase is Succeeded.

Create a single instance of a metallb resource:

cat << EOF | oc apply -f -
apiVersion: metallb.io/v1beta1
kind: MetalLB
metadata:
  name: metallb
  namespace: metallb-system
spec:
  nodeSelector:
    node-role.kubernetes.io/worker: ""
EOF

Verify that the deployment for the controller is running:

oc get deployment -n metallb-system controller

Repeat the command until AVAILABLE is 1

Verify that the daemon set for the speaker is running:

oc get daemonset -n metallb-system speaker

Cert-Manager Operator

Create the cert-manager-operator Operator namespace:

cat << EOF | oc apply -f -
apiVersion: v1
kind: Namespace
metadata:
    name: cert-manager-operator
    labels:
      pod-security.kubernetes.io/enforce: privileged
      security.openshift.io/scc.podSecurityLabelSync: "false"
EOF

Create the OperatorGroup:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1
kind: OperatorGroup
metadata:
  name: cert-manager-operator
  namespace: cert-manager-operator
spec:
  targetNamespaces:
  - cert-manager-operator
  upgradeStrategy: Default
EOF

Confirm the OperatorGroup is installed in the namespace:

oc get operatorgroup -n cert-manager-operator

Subscribe to the cert-manager Operator:

cat << EOF | oc apply -f -
apiVersion: operators.coreos.com/v1alpha1
kind: Subscription
metadata:
  labels:
    operators.coreos.com/openshift-cert-manager-operator.cert-manager-operator: ""
  name: openshift-cert-manager-operator
  namespace: cert-manager-operator
spec:
  channel: stable-v1
  installPlanApproval: Automatic
  name: openshift-cert-manager-operator
  source: redhat-operators
  sourceNamespace: openshift-marketplace
EOF

Confirm the cert-manager installplan is in the namespace:

oc get installplan -n cert-manager-operator

Confirm the cert-manager operator is installed:

oc get clusterserviceversion -n cert-manager-operator \
 -o custom-columns=Name:.metadata.name,Phase:.status.phase

Verify that cert-manager pods are up and running by entering the following command:

oc get pods -n cert-manager

Repeat command until all pods are showing READY 1/1

Sample Output
NAME                                      READY   STATUS    RESTARTS   AGE
cert-manager-cainjector-5df47878b-knmwg   1/1     Running   0          19s
cert-manager-webhook-66c75fcddf-8kldt     1/1     Running   0          23s