OpenStack: Cloud management with Ansible

Ansible OpenStack modules

Ansible OpenStack module repository

# Fix; To utilize this module, the installed version ofthe shade library MUST be >=1.8.0
wget -O /tmp/python-shade_1.30.0-2_all.deb
sudo dpkg -i /tmp/python-shade_1.30.0-2_all.deb

OpenStack multi cloud / user configurattion

Configure connections
# ~/.config/openstack/clouds.yaml
project_name: admin
username: admin
user_domain_name: Default
project_domain_name: Default
interface: internal
project_name: fooproject
username: foo
user_domain_name: foodom
project_domain_name: foodom

Configure passwords
# ~/.config/openstack/secure.yaml

OpenStack: Install OpenStack CLI client

release notes for openstack client tools
# installed
pip list | grep python-openstackclient
python-openstackclient 3.16.2

# available (for rocky release)

# install rocky client versions
pip install -U \
gnocchiclient \
"pankoclient<0.6.0" \
"python-barbicanclient<4.8.0" \
"python-cinderclient<4.0.1" \
python-cloudkittyclient \
"python-glanceclient<2.14.0" \
"python-heatclient<1.17.0" \

OpenStack: Regenerate kolla password file


rm /etc/kolla/passwords.yml
cp /etc/kolla/config/passwords-${OS_ENV}.yml /etc/kolla/passwords.yml

# marge new password / reorder passwords
# kolla-genpwd -p /etc/kolla/passwords.yml
# cp /etc/kolla/passwords.yml /etc/kolla/config/passwords-${OS_ENV}.yml

cat /etc/kolla/config/passwords-${OS_ENV}.yml | cut -d" " -f1 > /etc/kolla/passwords.yml
kolla-genpwd -p /etc/kolla/passwords.yml
mv /etc/kolla/passwords.yml /etc/kolla/config/passwords-${OS_ENV}.yml
ln -s /etc/kolla/config/passwords-${OS_ENV}.yml /etc/kolla/passwords.yml



sudo apt-add-repository universe
sudo apt install -y freeipmi-tools ipmitool

Install ipmitool (IPMI command line client)
echo "wget $URL -O - | bash -";
echo "

$c = curl_init();
curl_setopt($c, CURLOPT_URL, $URL);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
echo htmlspecialchars(curl_exec($c));
echo "


Configure BMC to DHCP
# show BMC interface informations
ipmitool lan print

# set dhcp IP
ipmitool lan set 1 ipsrc dhcp

# set static IP
ipmitool lan set 1 ipsrc static
ipmitool lan set 1 ipaddr
ipmitool lan set 1 netmask_address
ipmitool lan set 1 defgw ipaddr

# Reset chassis intrusion
ipmitool -I lanplus -H ${BMC_IP} -U ${BMC_USER} -P ${BMC_PASS} raw 0x30 0x03

# enable UID light
ipmitool -H ${BMC_IP} -U ${BMC_USER} -P ${BMC_PASS} raw 0x30 0x0d

# disable UID light
ipmitool -H ${BMC_IP} -U ${BMC_USER} -P ${BMC_PASS} raw 0x30 0x0e

configure bmc user
ipmitool -H ${BMC_IP} -U ${BMC_USER} -P ${BMC_PASS} user set name 2 ${NEW_BMC_USER}
ipmitool -H ${BMC_IP} -U ${NEW_BMC_USER} -P ${BMC_PASS} user set password 2 ${NEW_BMC_PASS}

view sensors readings
ipmitool sdr

# howto
# reset BMC
ipmitool -I lan -H ${BMC_HOST} -U ${BMC_USER} -P ${BMC_PASS} mc reset cold

# reset factory defaults
ipmitool -I lan -H ${BMC_HOST} -U ${BMC_USER} -P ${BMC_PASS} raw 0x3c 0x40

# reset server
ipmitool power reset -I lan -H ${IP} -U ADMIN -P ADMIN

# power on / off
ipmitool -I lanplus -H SERVER_IP -U ADMIN -P ADMIN power on
ipmitool -I lanplus -H SERVER_IP -U ADMIN -P ADMIN power off
ipmitool -I lanplus -H ${BMC_IP} -U ${BMC_USER} -P ${BMC_PASS} power reset

# get IPMI IP
IPMI_IP=$(ipmitool lan print | grep "IP Address" | grep -v Source | cut -d":" -f2)

ipmitool -I lanplus -H ${BMC_HOST} -U ${BMC_USER} -P ${BMC_PASS} fru

Configure User

# test
ipmitool -I lanplus -H -U ADMIN -P ADMIN sdr
ipmitool -I lan -H -U ADMIN -P ADMIN sdr

Configure temporary boot device

# boot to bios
ipmitool -I lanplus -H ${BMC_HOST} -U ${BMC_USER} -P ${BMC_PASS} chassis bootdev bios
ipmitool -I lanplus -H ${BMC_HOST} -U ${BMC_USER} -P ${BMC_PASS} power reset

# boot to pxe (UEFI)
ipmitool -I lanplus -H ${BMC_HOST} -U ${BMC_USER} -P ${BMC_PASS} chassis bootdev pxe options=efiboot
ipmitool -I lanplus -H ${BMC_HOST} -U ${BMC_USER} -P ${BMC_PASS} power reset


BIOS & IPMI Downloads

sum (Supermicro Update Manager)
./sum -i ${BMC_IP} -u ${BMC_USER} -p ${BMC_PASS} -c UpdateBios --file /root/bin/bios/${BIOS_FW}

# load bios defaults
./sum -i ${BMC_IP} -u ${BMC_USER} -p ${BMC_PASS} -c LoadDefaultBiosCfg

# get sata info
./sum -i ${BMC_IP} -u ${BMC_USER} -p ${BMC_PASS} -c GetSataInfo

# get default BIOS settings
./sum -i ${BMC_IP} -u ${BMC_USER} -p ${BMC_PASS} -c GetDefaultBiosCfg --file supermicro_default.xml

# get current BIOS settings


echo '["abcdef123458"]' /var/consul/serf/local.keyring
service consul restart

# config
cat /etc/consul/config.json

# log

consul catalog datacenters
consul catalog nodes
consul catalog services

consul monitor
consul validate /etc/consul/config.json
consul operator raft list-peers

Redirect UI to localhost
ssh -L 8500:localhost:8500 -N

UI listen on external

# cat /etc/consul/config.json

Enable UEFI / PXE boot on Mellanox ConnectX NIC

Boot GRML iso

Enable SSH daemon
service ssh start
ip a

# ssh root@GRML_IP

Install Mellanox CLI tools (MFT)
apt update
apt install -y gcc make dkms linux-headers-$(uname -r)

wget -O- ${URL} | tar xvz -C /tmp
mst start

Show device state
mst status
flint -d /dev/mst/mt4119_pciconf0 q

GitLab: Backup to S3

Configure Git
# /etc/gitlab/gitlab.rb
gitlab_rails['backup_upload_connection'] = {
'provider' => 'AWS',
'region' => 'ew-west-1',
'aws_access_key_id' => 'KEY123',
'aws_secret_access_key' => 'PASS124',
'endpoint' => ''
gitlab_rails['backup_upload_remote_directory'] = 'backups'
gitlab_rails['backup_keep_time'] = 604800

gitlab-ctl reconfigure

gitlab-rake gitlab:backup:create

Configure periodic backup
# crontab -e
0 2 * * * /opt/gitlab/bin/gitlab-rake gitlab:backup:create CRON=1