Add HotStack-OS containerized OpenStack

Introduce HotStack-OS, a minimal containerized OpenStack deployment
for rapid HotStack scenario testing on developer workstations.
Provides a complete OpenStack cloud running in containers via
podman-compose with host integration for compute and networking.

Features:
- Fast deployment: ~10 minutes first build, ~3 minutes subsequent starts
- Full OpenStack services: Keystone, Nova, Neutron, Cinder, Glance,
  Heat, Placement
- Host integration: Uses host libvirt/KVM, OpenvSwitch/OVN, and NFS
- HotStack-ready: Supports Heat orchestration, trunk ports, VLANs,
  boot from volume, NoVNC console, and serial console logging
- Self-contained: File-backed storage with isolated networking

Architecture:
- Hybrid design: Containerized control plane with host compute/networking
- OpenStack stable/2025.1 (Epoxy) release
- Base containerfile with service-specific layers
- Shared common.sh library for entrypoint standardization
- Python-based post-setup automation for cloud initialization
- Unified load balancer and DNS for service access
- Health checks and dependency management

Management:
- Makefile-driven workflow (build, setup, start, stop, status)
- Automated smoke testing with Heat stack validation
- Configurable via .env file (passwords, networks, storage, quotas)

Target users: Developers needing quick OpenStack environments for
HotStack scenario testing without dedicated hardware or lengthy
installation processes.

Assisted-By: Claude Code - claude-4.5-sonnet
Signed-off-by: Harald Jensås <hjensas@redhat.com>

Author: hjensas

README.md

@@ -90,6 +90,14 @@ to install OCP.
 
 ## Pre-requisites
 
+### OpenStack Cloud
+
+HotStack requires an OpenStack cloud to deploy on. See [devsetup](devsetup/) for options:
+
+- **[HotStack-OS](devsetup/hotstack-os/)** - NEW! Containerized OpenStack using podman-compose (2-5 min setup)
+- **[Packstack](devsetup/packstack.md)** - Single-node OpenStack on CentOS Stream 9 (30-60 min setup)
+- **[OpenStack-Ansible](devsetup/osa.md)** - Production-like AIO deployment (60-120 min setup)
+
 ### iPXE image
 
 The ocp_agent_installer is using the "PXE bootstrap-artifacts", so the OCP

devsetup/README.md

@@ -6,16 +6,39 @@ development and testing.
 
 ## Available Setup Guides
 
+### [HotStack-OS - Containerized Setup](hotstack-os/)
+
+A containerized OpenStack deployment using podman-compose that runs on your
+local workstation. Uses host libvirt and OpenvSwitch with all OpenStack
+services in containers.
+
+**Recommended for:**
+
+- **Quick development and testing** (10-15 minutes setup, 2-5 minutes to start)
+- Users who want reproducible, self-contained environments
+- Limited resources (no dedicated machine needed)
+
+**Getting Started:**
+
+1. See [hotstack-os/QUICKSTART.md](hotstack-os/QUICKSTART.md) for step-by-step setup
+2. See [hotstack-os/README.md](hotstack-os/README.md) for architecture and reference
+
+**Requirements:**
+
+- Linux workstation (Fedora/RHEL/CentOS) with libvirt and OpenvSwitch
+- 16GB+ RAM recommended, 50-200GB disk for VM instances
+
 ### [Packstack Setup](packstack.md)
 
 A quick and straightforward way to deploy OpenStack on CentOS Stream 9 using
 RDO Packstack. This is the fastest option for getting a working OpenStack
-environment.
+environment on a dedicated machine.
 
 **Recommended for:**
 
 - CentOS Stream 9 / RHEL-based systems
 - Users familiar with RDO/Packstack
+- Dedicated test machines or VMs
 
 ### [OpenStack-Ansible AIO Setup](osa.md)
 
@@ -27,13 +50,18 @@ deployment in a single node.
 
 - CentOS Stream 9 or 10 / RHEL-based systems
 - Users familiar with Openstack-Ansible
+- More production-like testing
 
 ## Choosing a Setup Method
 
-| Feature | Packstack | OpenStack-Ansible AIO |
-|---------|-----------|----------------------|
-| Base OS | CentOS Stream 9 | CentOS Stream 9 or 10 |
-| OpenStack Release | Dalmatian | Epoxy or later |
+| Feature | HotStack-OS | Packstack | OpenStack-Ansible AIO |
+|---------|-------------|-----------|------------------------|
+| **Deployment Time** | 2-5 minutes | 30-60 minutes | 60-120 minutes |
+| **Host OS** | Fedora/RHEL/CentOS | CentOS Stream 9 | CentOS Stream 9 or 10 |
+| **OpenStack Release** | stable/2025.1 (Epoxy) | Dalmatian | Epoxy or later |
+| **Resource Overhead** | Low (containers) | Medium | High |
+| **Requires Dedicated Machine** | No | Yes | Yes |
+| **Production-like** | No | Yes | Yes |
 
 ## Common Post-Installation Steps
 

devsetup/hotstack-os/.env.example

@@ -0,0 +1,194 @@
+# =============================================================================
+# HotStack-OS Configuration
+# =============================================================================
+# Copy this file to .env and customize as needed
+# Most defaults are fine for a single-node development environment
+# =============================================================================
+
+# -----------------------------------------------------------------------------
+# OpenStack Release
+# -----------------------------------------------------------------------------
+# stable/2025.1 = Epoxy (latest stable)
+# stable/2024.2 = Dalmatian (previous stable)
+# master = development (not recommended for stability)
+OPENSTACK_BRANCH=stable/2025.1
+
+# -----------------------------------------------------------------------------
+# Authentication & Passwords
+# -----------------------------------------------------------------------------
+# SECURITY: Change these passwords for production use!
+# For development, simple passwords are fine
+
+# Admin password for Keystone (user: admin)
+KEYSTONE_ADMIN_PASSWORD=admin
+
+# Root password for MariaDB
+MYSQL_ROOT_PASSWORD=rootpass
+
+# OpenStack services database password (user: openstack)
+DB_PASSWORD=openstack
+
+# Password for inter-service API authentication
+SERVICE_PASSWORD=openstack
+
+# RabbitMQ message broker credentials (required for OpenStack RPC)
+RABBITMQ_DEFAULT_USER=openstack
+RABBITMQ_DEFAULT_PASS=openstack
+
+# -----------------------------------------------------------------------------
+# Logging Configuration
+# -----------------------------------------------------------------------------
+# Enable debug logging for all OpenStack services
+# When false: Only INFO, WARNING, and ERROR messages are logged
+# When true: Verbose DEBUG messages are included (useful for troubleshooting)
+# Default: false (debug logging disabled)
+DEBUG_LOGGING=false
+
+# -----------------------------------------------------------------------------
+# Region & Networking
+# -----------------------------------------------------------------------------
+# OpenStack region name (affects service catalog endpoints)
+REGION_NAME=RegionOne
+
+# -----------------------------------------------------------------------------
+# Network Configuration
+# -----------------------------------------------------------------------------
+# HotStack-OS uses a dedicated address space split into two subnets:
+# 1. Container Network: For podman-managed OpenStack service containers
+# 2. Provider Network: For OVS hot-ex bridge (VM external/floating IPs)
+#
+# REQUIRED: These must be set (defaults work for most users)
+# Change ONLY if the default 172.31.0.0/24 range conflicts with existing networks
+# If changed, ensure all IPs below are within the new CONTAINER_NETWORK range
+# Also update podman-compose.yml networks section to match CONTAINER_NETWORK
+
+# Container network subnet (podman bridge for service containers)
+# Range: 172.31.0.0 - .127 (128 IPs)
+CONTAINER_NETWORK=172.31.0.0/25
+
+# Provider network subnet (hot-ex for VM external connectivity)
+# Range: 172.31.0.128 - .255 (128 IPs)
+PROVIDER_NETWORK=172.31.0.128/25
+
+# IP address for hot-ex bridge (host connectivity to provider network)
+# Must be within PROVIDER_NETWORK range
+BREX_IP=172.31.0.129
+
+# OVN chassis hostname (must match the compute node hostname for Neutron agent registration)
+# Auto-detected at runtime - override only if needed
+# CHASSIS_HOSTNAME=your-hostname.example.com
+
+# Static IP addresses for OpenStack service containers
+# All IPs must be within CONTAINER_NETWORK range (172.31.0.0/25 = .0 to .127)
+# Organized by service group for clarity
+
+# Infrastructure Services
+MARIADB_IP=172.31.0.3
+RABBITMQ_IP=172.31.0.4
+MEMCACHED_IP=172.31.0.5
+
+# Identity & Core Services
+KEYSTONE_IP=172.31.0.11
+GLANCE_IP=172.31.0.12
+PLACEMENT_IP=172.31.0.13
+
+# Compute Services (Nova)
+NOVA_API_IP=172.31.0.21
+NOVA_CONDUCTOR_IP=172.31.0.22
+NOVA_SCHEDULER_IP=172.31.0.23
+NOVA_COMPUTE_IP=172.31.0.24
+NOVA_NOVNCPROXY_IP=172.31.0.26
+
+# Networking Services (OVN/Neutron)
+OVN_NORTHD_IP=172.31.0.31
+NEUTRON_SERVER_IP=172.31.0.32
+
+# Block Storage Services (Cinder)
+CINDER_API_IP=172.31.0.41
+CINDER_SCHEDULER_IP=172.31.0.42
+CINDER_VOLUME_IP=172.31.0.43
+
+# Orchestration Services (Heat)
+HEAT_API_IP=172.31.0.51
+HEAT_ENGINE_IP=172.31.0.53
+
+# -----------------------------------------------------------------------------
+# Storage Paths
+# -----------------------------------------------------------------------------
+# Data directory for all persistent storage (databases, logs, images, volumes)
+# Default: /var/lib/hotstack-os (system path, created with user ownership by setup)
+# Override only if you need a custom location (use absolute paths)
+# HOTSTACK_DATA_DIR=/custom/absolute/path
+
+# Nova VM instances directory on host (requires libvirt access)
+# Default: ${HOTSTACK_DATA_DIR}/nova-instances (isolated from system Nova)
+# Maps to Nova's instances_path configuration option
+# IMPORTANT: This path must be identical in both host and container for libvirt compatibility
+# For custom paths, set correct SELinux context:
+#   sudo semanage fcontext -a -t svirt_image_t "/custom/path(/.*)?"
+#   sudo restorecon -Rv /custom/path
+# NOVA_INSTANCES_PATH=${HOTSTACK_DATA_DIR}/nova-instances
+
+# Nova NFS mount directory on host (for Cinder volume attachments)
+# Default: ${HOTSTACK_DATA_DIR}/nova-mnt (isolated from system Nova)
+# Maps to Nova's libvirt.nfs_mount_point_base configuration option
+# IMPORTANT: This path must be identical in both host and container for libvirt compatibility
+# For custom paths, set correct SELinux context:
+#   sudo semanage fcontext -a -t virt_var_lib_t "/custom/path(/.*)?"
+#   sudo restorecon -Rv /custom/path
+# NOVA_NFS_MOUNT_POINT_BASE=${HOTSTACK_DATA_DIR}/nova-mnt
+
+# Cinder volumes configuration (NFS-based)
+# Directory for Cinder NFS export on host
+# This directory will be exported via NFS and mounted by cinder-volume and nova-compute
+# Default: /var/lib/hotstack-os/cinder-nfs (created by setup)
+# Override only if you need a custom location (use absolute paths)
+# CINDER_NFS_EXPORT_DIR=/custom/path/cinder-nfs
+
+# -----------------------------------------------------------------------------
+# HotStack Project Quotas
+# -----------------------------------------------------------------------------
+# Quotas for the hotstack project created by 'make post-setup'
+# Override these to adjust resource limits for HotStack development/testing
+# Defaults are generous for development purposes
+# HOTSTACK_QUOTA_COMPUTE_CORES=40
+# HOTSTACK_QUOTA_COMPUTE_RAM=102400  # 100GB RAM in MB
+# HOTSTACK_QUOTA_COMPUTE_INSTANCES=20
+# HOTSTACK_QUOTA_COMPUTE_KEY_PAIRS=10
+# HOTSTACK_QUOTA_COMPUTE_SERVER_GROUPS=10
+# HOTSTACK_QUOTA_COMPUTE_SERVER_GROUP_MEMBERS=10
+# HOTSTACK_QUOTA_NETWORK_NETWORKS=20
+# HOTSTACK_QUOTA_NETWORK_SUBNETS=20
+# HOTSTACK_QUOTA_NETWORK_PORTS=100
+# HOTSTACK_QUOTA_NETWORK_ROUTERS=10
+# HOTSTACK_QUOTA_NETWORK_FLOATINGIPS=20
+# HOTSTACK_QUOTA_NETWORK_SECURITY_GROUPS=20
+# HOTSTACK_QUOTA_NETWORK_SECURITY_GROUP_RULES=100
+# HOTSTACK_QUOTA_VOLUME_VOLUMES=20
+# HOTSTACK_QUOTA_VOLUME_SNAPSHOTS=20
+# HOTSTACK_QUOTA_VOLUME_GIGABYTES=1000  # 1TB
+# HOTSTACK_QUOTA_VOLUME_PER_VOLUME_GIGABYTES=500
+
+# -----------------------------------------------------------------------------
+# Post-Setup Network Configuration
+# -----------------------------------------------------------------------------
+# Network settings for 'make post-setup' (private and provider networks)
+# Defaults match the HotStack-OS container network configuration
+# HOTSTACK_PRIVATE_CIDR=192.168.100.0/24
+# HOTSTACK_PROVIDER_CIDR=172.31.0.128/25
+# HOTSTACK_PROVIDER_GATEWAY=172.31.0.129
+
+# -----------------------------------------------------------------------------
+# Post-Setup Image URLs
+# -----------------------------------------------------------------------------
+# Image URLs for 'make post-setup' - download and upload to Glance
+# Defaults use GitHub releases (latest builds)
+# Override to use custom HTTP/HTTPS mirrors (local files not supported)
+# Downloaded images are cached in ~/.cache/hotstack-os/images/
+# HOTSTACK_CIRROS_URL=http://download.cirros-cloud.net/0.6.2/cirros-0.6.2-x86_64-disk.img
+# HOTSTACK_CENTOS_STREAM_9_URL=https://cloud.centos.org/centos/9-stream/x86_64/images/CentOS-Stream-GenericCloud-x86_64-9-latest.x86_64.qcow2
+# HOTSTACK_CONTROLLER_IMAGE_URL=https://github.com/openstack-k8s-operators/hotstack/releases/download/latest-controller/controller-latest.qcow2
+# HOTSTACK_BLANK_IMAGE_URL=https://github.com/openstack-k8s-operators/hotstack/releases/download/latest-blank/blank-image-latest.qcow2
+# HOTSTACK_IPXE_BIOS_URL=https://github.com/openstack-k8s-operators/hotstack/releases/download/latest-ipxe/ipxe-bios-latest.img
+# HOTSTACK_IPXE_EFI_URL=https://github.com/openstack-k8s-operators/hotstack/releases/download/latest-ipxe/ipxe-efi-latest.img
+# HOTSTACK_NAT64_IMAGE_URL=https://github.com/openstack-k8s-operators/openstack-k8s-operators-ci/releases/download/latest/nat64-appliance-latest.qcow2

devsetup/hotstack-os/.gitignore

@@ -0,0 +1,15 @@
+# Environment file with passwords
+.env
+
+# OpenStack credentials
+clouds.yaml
+
+# Temporary files
+*.log
+*.pid
+*.sock
+
+# Python cache
+__pycache__/
+*.pyc
+*.pyo