OpenStack Installer (for RHEL-OSP) pt6

If all went well with your deployment of the RHEL-OSP Installer, then you likely didn’t wait for me to do a post on how to put up a cursory instance or two. If you fall into that category, good for you. If you’re really new to this stuff and were patient, that’s okay too. We’re going to not only stand up an instance, but all of the little things that you need to do as well.

Let’s get going.

So there really aren’t that many steps, but I’ll outline them here, then I’ll skip to the video version. I like filming the stuff and my viewers seem to like the visuals.

The steps:

Copy the keystonerc_admin file to the Neutron node. If you’re new to OpenStack, the Keystone is the authentication service and the aforementioned file is the credentials needed to get anything done. It needs to be “sourced” in order to take affect – `source keystone_rc`.

Copy the “” script from the Installer host (I’ll copy the script below). The script is not something that comes with RHEL-OSP or the RHEL-OSP Installer. It’s just something that I wrote as I knew that I would be building up and tearing down my environment a lot. Anytime you know you’re going to do a task more than twice, you should figure out how to script it. Pick a language, it doesn’t matter, just script it.

Upload an image via Horizon Dashboard. This could be a full RHEL image or CentOS or whatever. In this case, I uploaded a Cirros image which is specifically designed for this type of scenario where you just want to make sure that everything works. I’m not testing workloads, just connectivity. You can download Cirros at Just pick a non-“pre” directory, then any “.img” file.

Create a Security Group and upload a Key Pair via Horizon Dashboard. This is just a means of granting SSH and Ping access to our instance as well as an SSH public/private key pair. By default, all access to the instances are denied and we are required to create security groups that allow specific access that we then apply to instances.

The we run the “” script to create our public and private subnets, then our router. The public subnet matches the “public/external/floating IP” network that we’ve been working with thus far. In my lab, it’s my home network and has access to the internet. The private subnet matches the “tunnel/VXLAN” network that we’ve been working with thus far and only carries instance traffic. If we had multiple tenants/customers/business units, we would likely have a different private tunnel/VXLAN subnet for each one.

Create our instance! We essentially bring our pieces together in that we click “launch”, but we have to pick a name, an image (that we uploaded), a key pair (that we uploaded), a security group (that we created), and a private network (that we created). Once it is launched, we can associate a floating IP.

Now, when you go to ping the floating IP, it should not work by default at first. BUT, it’s an easy fix, and I go over this in the video. It’s a quick edit in /etc/neutron/l3_agent.ini file in the neutron node and a quick edit in the RHEL-OSP installer (puppet configuration management). Just watch the video. It would take me longer to type up the explanation that it would for you to actually see and fix it. Seriously. l3 agent on the neutron node, host group on the installer. Boom.

And the video!! Just like the others, it’s best in full screen, just give a moment to focus.

With any luck, the next post will be the Full HA build, so keep watching.

Hope this helps,

Captain KVM

The “” script (obviously, change the values for your environment)


## This little script is simply meant to automate the final 
## network config for RHEL-OSP
## for serving out a RHEL 7 repo on the same physical server
## as the RHEL-OSP Installer application.
## Please change the values to match your environment
## If you have any well thought out, well intended suggestions, find 
## one of the RHEL-OSP Installer related blog posts on my site 
## CaptainKVM dot com and I'd love to see them. You're welcome to 
## disagree respectfully and I will still post your comments. 

# GPL 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <>
# sourch admin 
source /root/keystonerc_admin

# create the public network and subnet
neutron net-create public --router:external=True 
neutron subnet-create public --name internet\
 --enable_dhcp=False --allocation-pool start=,\
 end= --gateway=

# create the private network and subnet
neutron net-create private
neutron subnet-create private --name pxe_mgmt\
 --allocation-pool start=,end=\

# create the router, interface for the private subnet, and gateway for the public subnet
neutron router-create router1
neutron router-interface-add router1 pxe_mgmt
neutron router-gateway-set router1 public

# restart the OpenStack Neutron services 
openstack-service restart neutron

Agree? Disagree? Something to add to the conversation?