Add FIPless UPI/IPI on OSP.

- Remove FIP config mod from OSP install assemblies - Generalize 'Enabling access' OSP mod - Add DNS note to no-FIP OSP module - Add /etc/hosts note to FIPless mod - Add osp_bootstrap_fip to no-floating mod - Add UPI bootstrap FIP to floating mod - Add IPI externalNetwork note to fipless module
2026-02-05 12:46:18 +01:00 · 2020-09-02 13:32:25 -04:00
parent a179077fb3
commit 93e6561409
14 changed files with 233 additions and 100 deletions
--- a/installing/installing_openstack/installing-openstack-installer-custom.adoc
+++ b/installing/installing_openstack/installing-openstack-installer-custom.adoc
@@ -38,7 +38,6 @@ include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]

 == Next steps

@@ -46,3 +45,4 @@ include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
 * If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a NodePort].
+* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
--- a/installing/installing_openstack/installing-openstack-installer-kuryr.adoc
+++ b/installing/installing_openstack/installing-openstack-installer-kuryr.adoc
@@ -44,7 +44,6 @@ include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]

 == Next steps

@@ -52,3 +51,4 @@ include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
 * If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a NodePort].
+* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
--- a/installing/installing_openstack/installing-openstack-installer-restricted.adoc
+++ b/installing/installing_openstack/installing-openstack-installer-restricted.adoc
@@ -31,11 +31,7 @@ include::modules/installation-osp-control-compute-machines.adoc[leveloffset=+2]
 include::modules/installation-osp-bootstrap-machine.adoc[leveloffset=+2]
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 include::modules/installation-osp-enabling-swift.adoc[leveloffset=+1]
-// Do we need an equivalent for this in a restricted flow?
-// include::modules/installation-osp-verifying-external-network.adoc[leveloffset=+1]
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
-// This is completely contained in the bastion assembly?
-// include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
 include::modules/installation-osp-creating-image-restricted.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
 include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
@@ -47,11 +43,11 @@ include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]

 .Next steps

 * xref:../../installing/install_config/customizations.adoc#customizations[Customize your cluster].
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* Learn how to xref:../../operators/admin/olm-restricted-networks.html#olm-understanding-operator-catalog-images_olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks].
+* Learn how to xref:../../operators/admin/olm-restricted-networks.html#olm-understanding-operator-catalog-images_olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks].
+* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
--- a/installing/installing_openstack/installing-openstack-installer.adoc
+++ b/installing/installing_openstack/installing-openstack-installer.adoc
@@ -33,7 +33,6 @@ include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-cluster-status.adoc[leveloffset=+1]
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
-include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]

 == Next steps

--- a/installing/installing_openstack/installing-openstack-user-kuryr.adoc
+++ b/installing/installing_openstack/installing-openstack-user-kuryr.adoc
@@ -39,6 +39,7 @@ include::modules/installation-osp-creating-image.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-external-network.adoc[leveloffset=+1]
 include::modules/installation-osp-accessing-api.adoc[leveloffset=+1]
 include::modules/installation-osp-accessing-api-floating.adoc[leveloffset=+2]
+include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
 include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
@@ -58,11 +59,11 @@ include::modules/installation-osp-deleting-bootstrap-resources.adoc[leveloffset=
 include::modules/installation-osp-creating-compute-machines.adoc[leveloffset=+1]
 include::modules/installation-approve-csrs.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-installation.adoc[leveloffset=+1]
-include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]

 == Next steps

 * xref:../../installing/install_config/customizations.adoc#customizations[Customize your cluster].
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a NodePort].
+* If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a NodePort].
+* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
--- a/installing/installing_openstack/installing-openstack-user.adoc
+++ b/installing/installing_openstack/installing-openstack-user.adoc
@@ -34,6 +34,7 @@ include::modules/installation-osp-creating-image.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-external-network.adoc[leveloffset=+1]
 include::modules/installation-osp-accessing-api.adoc[leveloffset=+1]
 include::modules/installation-osp-accessing-api-floating.adoc[leveloffset=+2]
+include::modules/installation-osp-accessing-api-no-floating.adoc[leveloffset=+2]
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
 include::modules/installation-configuration-parameters.adoc[leveloffset=+1]
@@ -52,11 +53,11 @@ include::modules/installation-osp-deleting-bootstrap-resources.adoc[leveloffset=
 include::modules/installation-osp-creating-compute-machines.adoc[leveloffset=+1]
 include::modules/installation-approve-csrs.adoc[leveloffset=+1]
 include::modules/installation-osp-verifying-installation.adoc[leveloffset=+1]
-include::modules/installation-osp-configuring-floating-ip.adoc[leveloffset=+1]

 == Next steps

 * xref:../../installing/install_config/customizations.adoc#customizations[Customize your cluster].
 * If necessary, you can
 xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
-* If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a NodePort].
+* If you need to enable external access to node ports, xref:../../networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-nodeport.adoc#nw-using-nodeport_configuring-ingress-cluster-traffic-nodeport[configure ingress cluster traffic by using a NodePort].
+* If you did not configure {rh-openstack} to accept application traffic over floating IP addresses, xref:../../post_installation_configuration/network-configuration.adoc#installation-osp-configuring-api-floating-ip_post-install-network-configuration[configure {rh-openstack} access with floating IP addresses].
--- a/modules/installation-configuration-parameters.adoc
+++ b/modules/installation-configuration-parameters.adoc
@@ -409,10 +409,6 @@ ifdef::osp[]
 |`platform.openstack.computeFlavor`
 |The {rh-openstack} flavor to use for control plane and compute machines.
 |String, for example `m1.xlarge`.
-
-|`platform.openstack.lbFloatingIP`
-|An existing floating IP address to associate with the load balancer API.
-|An IP address, for example `128.0.0.1`.
 |====

 .Optional {rh-openstack} parameters
@@ -470,6 +466,13 @@ The value can also be the name of an existing Glance image, for example `my-rhco
   }
 }
 ----
+|`platform.openstack.ingressFloatingIP`
+|An existing floating IP address to associate with the Ingress port. To use this property, you must also define the `platform.openstack.externalNetwork` property.
+|An IP address, for example `128.0.0.1`.
+
+|`platform.openstack.lbFloatingIP`
+|An existing floating IP address to associate with the API load balancer. To use this property, you must also define the `platform.openstack.externalNetwork` property.
+|An IP address, for example `128.0.0.1`.

 |`platform.openstack.externalDNS`
 |IP addresses for external DNS servers that cluster instances use for DNS resolution.
--- a/modules/installation-osp-accessing-api-floating.adoc
+++ b/modules/installation-osp-accessing-api-floating.adoc
@@ -5,13 +5,19 @@
 // * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc

+ifeval::["{context}" == "installing-openstack-user"]
+:osp-user:
+endif::[]
+ifeval::["{context}" == "installing-openstack-user-kuryr"]
+:osp-user:
+endif::[]
+
 [id="installation-osp-accessing-api-floating_{context}"]
 = Enabling access with floating IP addresses

-Create two floating IP (FIP) addresses: one for external access to the {product-title} API, the `API FIP`, and one for {product-title} applications, the `apps FIP`.
-
-[IMPORTANT]
-The API FIP is also used in the `install-config.yaml` file.
+Create floating IP (FIP) addresses for external access to the {product-title} 
+ifdef::osp-user[API, cluster applications, and the bootstrap process.]
+ifndef::osp-user[API and cluster applications.]

 .Procedure

@@ -19,17 +25,26 @@ The API FIP is also used in the `install-config.yaml` file.
 +
 [source,terminal]
 ----
-$ openstack floating ip create --description "API <cluster_name>.<base_domain>" <external network>
+$ openstack floating ip create --description "API <cluster_name>.<base_domain>" <external_network>
 ----

 . Using the {rh-openstack-first} CLI, create the apps, or Ingress, FIP:
 +
 [source,terminal]
 ----
-$ openstack floating ip create --description "Ingress <cluster_name>.<base_domain>" <external network>
+$ openstack floating ip create --description "Ingress <cluster_name>.<base_domain>" <external_network>
 ----

-. To reflect the new FIPs, add records that follow these patterns to your DNS server:
+ifdef::osp-user[]
+. By using the {rh-openstack-first} CLI, create the bootstrap FIP:
+
+[source,terminal]
+----
+$ openstack floating ip create --description "bootstrap machine" <external_network>
+----
+endif::osp-user[]
+
+. Add records that follow these patterns to your DNS server for the API and Ingress FIPs:
 +
 [source,dns]
 ----
@@ -39,10 +54,39 @@ api.<cluster_name>.<base_domain>.  IN  A  <API_FIP>
 +
 [NOTE]
 ====
-If you do not control the DNS server you can add the record to your `/etc/hosts` file instead. This action makes the API accessible to you only, which is not suitable for production deployment but does allow installation for development and testing.
+If you do not control the DNS server, you can add the record to your `/etc/hosts` file. This action makes the API accessible to only you, which is not suitable for production deployment but does allow installation for development and testing.
 ====

+. Add the FIPs to the
+ifdef::osp-user[`inventory.yaml`]
+ifndef::osp-user[`install-config.yaml`]
+file as the values of the following
+ifdef::osp-user[variables:]
+ifndef::osp-user[parameters:]
+
+ifdef::osp-user[]
+* `os_api_fip`
+* `os_bootstrap_fip`
+* `os_ingress_fip`
+endif::osp-user[]
+
+ifndef::osp-user[]
+* `platform.openstack.ingressFloatingIP`
+* `platform.openstack.lbFloatingIP`
+endif::osp-user[]
+
+If you use these values, you must also enter an external network as the value of the
+ifdef::osp-user[`os_external_network` variable in the `inventory.yaml` file.]
+ifndef::osp-user[`platform.openstack.externalNetwork` parameter in the `install-config.yaml` file.]
+
 [TIP]
 ====
 You can make {product-title} resources available outside of the cluster by assigning a floating IP address and updating your firewall configuration.
 ====
+
+ifeval::["{context}" == "installing-openstack-user"]
+:!osp-user:
+endif::[]
+ifeval::["{context}" == "installing-openstack-user-kuryr"]
+:!osp-user:
+endif::[]
--- a/modules/installation-osp-accessing-api-no-floating.adoc
+++ b/modules/installation-osp-accessing-api-no-floating.adoc
@@ -3,10 +3,88 @@
 // * installing/installing_openstack/installing-openstack-installer.adoc
 // * installing/installing_openstack/installing-openstack-installer-custom.adoc
 // * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
+// * installing/installing_openstack/installing-openstack-user.adoc
+// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
+
+ifeval::["{context}" == "installing-openstack-installer-custom"]
+:osp-ipi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-installer-kuryr"]
+:osp-kuryr:
+:osp-ipi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-user"]
+:osp-upi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-user-kuryr"]
+:osp-kuryr:
+:osp-upi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-installer-restricted"]
+:osp-ipi:
+:osp-restricted:
+endif::[]

 [id="installation-osp-accessing-api-no-floating_{context}"]
-= Enabling access without floating IP addresses
+= Completing installation without floating IP addresses

-If you cannot use floating IP addresses, the {product-title} installation might still finish. However, the installation program fails after it times out waiting for API access.
+You can install {product-title} on {rh-openstack-first} without providing floating IP addresses.

-After the installation program times out, the cluster might still initialize. After the bootstrapping processing begins, it must complete. You must edit the cluster's networking configuration after it is deployed.
+In the
+ifdef::osp-ipi[`install-config.yaml`]
+ifdef::osp-upi[`inventory.yaml`]
+file, do not define the following
+ifdef::osp-ipi[parameters]
+ifdef::osp-upi[variables]
+blank:
+
+ifdef::osp-ipi[]
+* `platform.openstack.ingressFloatingIP`
+* `platform.openstack.lbFloatingIP`
+
+If you cannot provide an external network, you can also leave `platform.openstack.externalNetwork` blank. If you do not provide a value for `platform.openstack.externalNetwork`, a router is not created for you, and, without additional action, the installer will fail to retrieve an image from Glance. You must configure external connectivity on your own.
+endif::osp-ipi[]
+
+ifdef::osp-upi[]
+* `os_api_fip`
+* `os_bootstrap_fip`
+* `os_ingress_fip`
+
+If you cannot provide an external network, you can also leave `os_external_network` blank. If you do not provide a value for `os_external_network`, a router is not created for you, and, without additional action, the installer will fail to retrieve an image from Glance. Later in the installation process, when you create network resources, you must configure external connectivity on your own.
+endif::osp-upi[]
+
+If you run the installer
+ifdef::osp-upi[with the `wait-for` command]
+from a system that cannot reach the cluster API due to a lack of floating IP addresses or name resolution, installation fails. To prevent installation failure in these cases, you can use a proxy network or run the installer from a system that is on the same network as your machines.
+
+[NOTE]
+====
+You can enable name resolution by creating DNS records for the API and Ingress ports. For example:
+
+[source,dns]
+----
+api.<cluster_name>.<base_domain>.  IN  A  <api_port_IP>
+*.apps.<cluster_name>.<base_domain>. IN  A <ingress_port_IP>
+----
+
+If you do not control the DNS server, you can add the record to your `/etc/hosts` file. This action makes the API accessible to only you, which is not suitable for production deployment but does allow installation for development and testing.
+====
+
+ifeval::["{context}" == "installing-openstack-installer-custom"]
+:!osp-ipi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-installer-kuryr"]
+:!osp-kuryr:
+:!osp-ipi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-user"]
+:!osp-upi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-user-kuryr"]
+:!osp-kuryr:
+:!osp-upi:
+endif::[]
+ifeval::["{context}" == "installing-openstack-installer-restricted"]
+:!osp-ipi:
+:!osp-restricted:
+endif::[]
--- a/modules/installation-osp-accessing-api.adoc
+++ b/modules/installation-osp-accessing-api.adoc
@@ -5,26 +5,12 @@
 // * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
 // * installing/installing_openstack/installing-openstack-user.adoc
 // * installing/installing_openstack/installing-openstack-user-kuryr.adoc
-
-ifeval::["{context}" == "installing-openstack-user"]
-:osp-user:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:osp-user:
-endif::[]
+//
+// Stub module. To be used with other FIP OSP modules only. 

 [id="installation-osp-accessing-api_{context}"]
 = Enabling access to the environment

 At deployment, all {product-title} machines are created in a {rh-openstack-first}-tenant network. Therefore, they are not accessible directly in most {rh-openstack} deployments.

-You can configure the {product-title} API and applications that run on the cluster to be accessible 
-ifdef::osp-user[by using floating IP addresses.]
-ifndef::osp-user[with or without floating IP addresses.]
-
-ifeval::["{context}" == "installing-openstack-user"]
-:!osp-user:
-endif::[]
-ifeval::["{context}" == "installing-openstack-user-kuryr"]
-:!osp-user:
-endif::[]
+You can configure {product-title} API and application access by using floating IP addresses (FIPs) during installation. You can also complete an installation without configuring FIPs, but the installer will not configure a way to reach the API or applications externally. 
--- a/modules/installation-osp-configuring-api-floating-ip.adoc
+++ b/modules/installation-osp-configuring-api-floating-ip.adoc
@@ -0,0 +1,58 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/network-configuration.adoc
+
+[id="installation-osp-configuring-api-floating-ip_{context}"]
+= Configuring application access with floating IP addresses
+
+After you install {product-title}, configure {rh-openstack-first} to allow application network traffic.
+
+[NOTE]
+====
+You do not need to perform this procedure if you provided values for `platform.openstack.lbFloatingIP` and `platform.openstack.ingressFloatingIP` in the `install-config.yaml` file, or `os_api_fip` and `os_ingress_fip` in the `inventory.yaml` playbook, during installation. The floating IP addresses are already set.
+====
+
+.Prerequisites
+
+* {product-title} cluster must be installed
+* Floating IP addresses are enabled as described in the {product-title} on {rh-openstack} installation documentation.
+
+.Procedure
+
+After you install the {product-title} cluster, attach a floating IP address to the ingress port:
+
+. Show the port:
+
+[source,terminal]
+----
+$ openstack port show <cluster_name>-<cluster_ID>-ingress-port
+----
+
+. Attach the port to the IP address:
+
+[source,terminal]
+----
+$ openstack floating ip set --port <ingress_port_ID> <apps_FIP>
+----
+
+. Add a wildcard `A` record for `*apps.` to your DNS file:
+
+[source,dns]
+----
+*.apps.<cluster_name>.<base_domain>  IN  A  <apps_FIP>
+----
+
+[NOTE]
+====
+If you do not control the DNS server but want to enable application access for non-production purposes, you can add these hostnames to `/etc/hosts`:
+
+[source,dns]
+----
+<apps_FIP> console-openshift-console.apps.<cluster name>.<base domain>
+<apps_FIP> integrated-oauth-server-openshift-authentication.apps.<cluster name>.<base domain>
+<apps_FIP> oauth-openshift.apps.<cluster name>.<base domain>
+<apps_FIP> prometheus-k8s-openshift-monitoring.apps.<cluster name>.<base domain>
+<apps_FIP> grafana-openshift-monitoring.apps.<cluster name>.<base domain>
+<apps_FIP> <app name>.apps.<cluster name>.<base domain>
+----
+====
--- a/modules/installation-osp-configuring-floating-ip.adoc
+++ b/modules/installation-osp-configuring-floating-ip.adoc
@@ -1,55 +0,0 @@
-// Module included in the following assemblies:
-//
-// * installing/installing_openstack/installing-openstack-installer.adoc
-// * installing/installing_openstack/installing-openstack-installer-custom.adoc
-// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
-
-[id="installation-osp-configuring-api-floating-ip_{context}"]
-= Configuring application access with floating IP addresses
-
-After you install {product-title}, configure {rh-openstack-first} to allow application network traffic.
-
-.Prerequisites
-
-* {product-title} cluster must be installed
-* Floating IP addresses are enabled as described in _Enabling access to the environment_.
-
-.Procedure
-
-After you install the {product-title} cluster, attach a floating IP address to the ingress port:
-
-. Show the port:
-+
-[source,terminal]
----
-$ openstack port show <cluster name>-<clusterID>-ingress-port
----
-
-. Attach the port to the IP address:
-+
-[source,terminal]
----
-$ openstack floating ip set --port <ingress port ID> <apps FIP>
----
-
-. Add a wildcard `A` record for `*apps.` to your DNS file:
-+
-[source,dns]
----
-*.apps.<cluster name>.<base domain>  IN  A  <apps FIP>
----
-
-[NOTE]
-====
-If you do not control the DNS server but want to enable application access for non-production purposes, you can add these hostnames to `/etc/hosts`:
-
-[source,dns]
----
-<apps FIP> console-openshift-console.apps.<cluster name>.<base domain>
-<apps FIP> integrated-oauth-server-openshift-authentication.apps.<cluster name>.<base domain>
-<apps FIP> oauth-openshift.apps.<cluster name>.<base domain>
-<apps FIP> prometheus-k8s-openshift-monitoring.apps.<cluster name>.<base domain>
-<apps FIP> grafana-openshift-monitoring.apps.<cluster name>.<base domain>
-<apps FIP> <app name>.apps.<cluster name>.<base domain>
----
-====
--- a/modules/installation-osp-creating-network-resources.adoc
+++ b/modules/installation-osp-creating-network-resources.adoc
@@ -21,6 +21,16 @@ include::https://raw.githubusercontent.com/openshift/installer/release-4.6/upi/o
 ----
 include::https://raw.githubusercontent.com/openshift/installer/release-4.6/upi/openstack/inventory.yaml[]
 ----
+
+[IMPORTANT]
+====
+If you do not define values for `os_api_fip` and `os_ingress_fip`, you must perform post-installation network configuration.
+
+If you do not define a value for `os_bootstrap_fip`, the installer cannot download debugging information from failed installations.
+
+See "Enabling access to the environment" for more information.
+====
+
 . Insert the following content into a local file that is called `01_security-groups.yaml`
 +
 [source,yaml]
@@ -54,3 +64,8 @@ $ ansible-playbook -i inventory.yaml 02_network.yaml
 ----
 $ openstack subnet set --dns-nameserver <server_1> --dns-nameserver <server_2> "$INFRA_ID-nodes"
 ----
+
+[NOTE]
+====
+If you did not provide a value for `os_external_network` in the `inventory.yaml` file, you must ensure that VMs can access Glance and an external connection yourself.
+====
--- a/post_installation_configuration/network-configuration.adoc
+++ b/post_installation_configuration/network-configuration.adoc
@@ -85,3 +85,10 @@ The {product-title} HAProxy router scales to optimize performance.
 include::modules/baseline-router-performance.adoc[leveloffset=+2]

 include::modules/router-performance-optimizations.adoc[leveloffset=+2]
+
+[id="post-installation-osp-fips"]
+== Post-installation {rh-openstack} network configuration
+
+You can configure some aspects of a {product-title} on {rh-openstack-first} cluster after installation.
+
+include::modules/installation-osp-configuring-api-floating-ip.adoc[leveloffset=+1]