OpenStack is an open-source cloud computing platform that enables you to build your very own private cloud that is completely under your control. In this six-part guide, Jay will guide you through the finer points of OpenStack with hands-on examples. In the fifth episode, we’ll combine OpenStack with OpenShift!

Thanks to OpenMetal for sponsoring this series! Check out their OpenStack platform here.

Video Notes and Commands

Here, you’ll find some of the commands and notes that were used in the video, as well as other tidbits that might be useful.

Important Disclaimer

Both OpenStack and OpenShift are advanced solutions. It’s not that they’re overly difficult, but there’s a large number of moving parts. Therefore, it’s possible that you might run into errors and the overall process will likely take time. If you run into an issue, then that’s a perfect opportunity to practice your troubleshooting skills. But above all, just take your time and enjoy the process. This really is a fun project!

Setting up the OpenStack CLI

Downloading the requested files

There are two config files you’ll need for this project, both of which are provided within the OpenStack dashboard (Horizon). The first file is clouds.yaml, and the other will be the OpenStack RC file. You can find these under Project, and then API Access.

Let’s create a directory to contain our clouds.yaml file:

mkdir -p ~/.config/openstack

Let’s move the clouds.yaml file into this new directory:

mv /path/to/downloads/clouds.yaml ~/.config/openstack

Set permissions on the clouds.yaml file to make it more restrictive:

chmod 600 /path/to/downloads/clouds.yaml

Although this is technically a bad practice, add your OpenStack user’s password to this file. Make sure you never do this in production. But for testing and evaluation, it’s okay for now.

Setting up a Python Virtual Environment

We’ll be using a Python tool to interact with our OpenStack implementation. A best practice with Python is to use a virtual environment while developing something, so that’s what we’ll be doing. But first, we’ll need to install Python and support for Python Virtual Environments. On Ubuntu, you can do that with the following command:

apt install python3.10-venv python3-dev

After installing the required packages for virtual environments, you can create one with the following command:

python3 -m venv ~/venv

To activate the virtual environment (required for using it) execute the following:

source ~/venv/bin/activate

Within the virtual environment, let’s make sure Python’s pip is fully up to date:

pip install --upgrade pip

Then, use pip to install the python-openstackclient package:

pip install python-openstackclient

Update quotas

Quotas shouldn’t be necessary with OpenStack, since we have more than enough tools for managing this within OpenShift. You can disable quotas with the following commands (note, it’s best to create a project for OpenShift so as not to disable Quotas on the wrong resource!)

openstack quota set --cores -1 MyProject

openstack quota set --ram -1 MyProject

Prepare installation

Let’s set up a working directory for this project on our workstation.

mkdir ~/okd/ && cd ~/okd/

Next, let’s download the OpenShift installer. We can use the curl command for that.

curl -o openshift-install-linux.tar.gz -L https://github.com/openshift/okd/releases/download/4.11.0-0.okd-2022-07-29-154152/openshift-install-linux-4.11.0-0.okd-2022-07-29-154152.tar.gz

After we grab the OpenShift installer, we’ll extract it with the tar command.

tar -xvf openshift-install-linux.tar.gz

Set up SSH

We should create an SSH key that we can use to interact with our instances. With the ssh-keygen command, we can do just that.

ssh-keygen -t ed25519 -N '' -f ~/.ssh/id_okd

Next, let’s set the permissions on this key.

chmod 600 ~/.ssh/id_okd

To make it easier to utilize our new SSH key, let’s set up the ssh agent.

eval "$(ssh-agent -s)"

Create floating IP

We’ll need two floating IPs for this project. One of them we should consider the “APPS” IP, and the other we will consider the “API” IP. Be sure to write these down once they’re generated.

We’ll create the first:

openstack floating ip create --description "API okd test cluster" External

And then the second:

openstack floating ip create --description "APPS okd test cluster" External

Create DNS Entries

This project requires a real domain. It is absolutely possible to bypass this requirement, but the complexity and difficulty would increase as that will require a great deal of manual edits that are rather tedious. For that reason, a domain is a really good idea.

At this point, you should have written down the two floating IP’s that we will be using. It would be a great idea to add those to your DNS server or registrar’s DNS settings to give it time to propagate.

Here are the DNS entries to add:

api.<cluster_name>.<base_domain>. IN A <API_FLOATING_IP>

*.apps.<cluster_name>.<base_domain>. IN A <APPS_FLOATING_IP>

api-int.<cluster_name>.<base_domain>. IN A <API_FLOATING_IP>

Replace <base_domain> with the domain you’ve registered. The domain learnlinux.cloud was used in the video, for example. That’s your base domain. For <cluster_name>, okd was used in the video.

Installing OpenShift

Generating manifest files

It’s time to install OpenShift! To get the process started, we’ll create manifest files that will be used during the course of the video. Let’s create a directory to store these files:

mkdir ~/okd/install-directory

After that, we can kick off the installation process. The following example command was run in the same working directory as the install script was saved in.

./openshift-install --dir ~/okd/install-directory create manifests

From here, you’ll be asked a series of questions regarding how you’d like your cluster to be set up. During the video, the following compute instance flavor was chosen:

choose gp1.xlarge

Pull Secret

At some point during the process of the installer asking you setup questions, you’ll be asked to enter your “pull secret.” If you don’t have one (most of you won’t) then you can just use the following:

{"auths":{"fake":{"auth":"aWQ6cGFzcwo="}}}

Note: Do not use that pull secret in production. Consider that for testing and evaluation purposes only.

Next, run the following command to create the installation configuration:

./openshift-install create install-config --dir ~/okd/install-directory

Create Security Group

It’s a good idea to set up a security group that we’ll use for this process. The following command will utilize the OpenStack CLI to create a security group named okd-deploy:

openstack security group create okd-deploy

Once the okd-deploy security group is created, you’ll see an ID for that security group printed among the output on your screen. Copy that ID into a text editor, we’ll need it later.

But why did we create a security group? One of the reasons is because we’ll need to allow our public IP address (otherwise, we won’t be able to access the cluster and the process will fail). We’ll restrict this to our pubic IP address for security purposes. Click here if you do not know what your public IP is.

Once you have your public IP address, we can complete the next command to create a rule for allowing that IP:

openstack security group rule create okd-deploy --protocol TCP --remote-ip <your_public_ip>/32 --description "Allow deployment host"

Update the Install Config

Remember how I mentioned you should keep a note of the ID that was returned for the security group you created? Well, here is where we’ll use it. The next step is for us to edit the install-config.yaml file and add the security group ID to it.

vim ~/okd/install-directory/install-config.yaml

Look for the controlPlan section that’s most similar to what’s below, and add the security group ID:

controlPlan:
  platform:
    openstack:
      additionalSecurityGroupIDs: ["<security_group_goes_here>"]

Add your “APPS” floating IP further down, within another section that begins with platform – but you’ll know you’re in the right section in particular if you see your “API” IP address already populated. :

platform:
  openstack:
    apiFloatingIP: 173.231.252.153
    ingressFloatingIP: 173.231.252.152

Back up the config file

When we run the installer, it’s might remove our install-config.yaml file, so we should create a backup copy of it:

cp ~/okd/install-directory/install-config.yaml ~/install-config.yaml.bak

If we need to re-run the installer again, all we’d have to do is restore the backed up install-config.yaml file to its original location.

Set up your OpenShift cluster

It’s the moment of truth! We’re going to set up the cluster now, and we’ll do so with the following command:

./openshift-install create cluster --dir ~/okd/install-directory/ --log-level=info

This process will take a while – so it’s probably a good idea to take a break and return later. In the video, the process took a little less than 39 minutes or so. If the process fails for any reason, double-check that you’ve completed every step. And also, see the troubleshooting information in the next section if you happen to need it.

Troubleshooting

It’s possible that you might run into issues, this is a complex build! So that’s perfectly okay. This section will contain troubleshooting information that might be useful to some of you.

If the cluster fails

If for some reason the cluster build process fails, the following command will enable you to wipe out your OpenShift setup. It’s recommended to fully wipe out your installation and re-run it, rather than try and fix the original.

./openshift-install destroy cluster --dir ~/okd/install-directory/ --log-level=info

Relevant Articles and Further Reading

A number of commands used in this video/article came from the following articles:

• Installing an OpenShift Cluster on OpenStack (OpenMetal Documentation)
• Setting Up The OpenStack Client (OpenMetal Documentation)