Home | panticz.de

OpenStack: VPNaaS (VPN)

# show VPN objects
openstack vpn ipsec site connection list
openstack vpn endpoint group list
openstack vpn service list
openstack vpn ipsec policy list
openstack vpn ike policy list
 
# show IP
openstack vpn service list --long
openstack vpn service list -c ID -f value | xargs -i openstack vpn service show {}
openstack vpn ipsec site connection list -c ID -f value | xargs -L1 openstack vpn ipsec site connection show

Check VPN peer address

Read more about OpenStack: VPNaaS (VPN)

OpenStack: cinder (volume)

# List your volumes
openstack volume list
 
openstack volume type list --public --long
openstack volume backend pool list
cinder --os-volume-api-version 3.50 attachment-delete <attachment_id>
 
openstack volume set --non-bootable <VOLUME_ID>

Search for multiple volume attachment ids

Read more about OpenStack: cinder (volume)

OpenStack: rescue / recovery system

Download rescure iso
wget https://download.grml.org/grml64-small_2022.11.iso

Create rescure system

openstack image create systemrescuecd \
  --file grml64-small_2022.11.iso \
  --disk-format iso \
  --container-format bare \
  --min-ram 512 \
  --property hw_cdrom_bus=scsi
 
# show image
openstack image list --name systemrescuecd

Attach rescure system

openstack server rescue --image systemrescuecd ${SERVER_ID}

# Login to VM console and fix issues
Detach rescure system

openstack server unrescue ${SERVER_ID}

Links
https://help.switch.ch/engines/documentation/rescue-vm/
https://grml.org/

Read more about OpenStack: rescue / recovery system

OpenStack: User

Debug user
openstack user list
openstack user show USER_ID
openstack domain show DOMAIN_ID
openstack project list --user USER_ID
openstack role assignment list --names --user USER_ID

Add role
openstack role add --user USER_ID --project PROJECT_ID creator

Read more about OpenStack: User

LXD: Migrate / copy / move container to remote host

Configure LXD
# new server (lxd2.example.com, 10.0.0.22)
lxc config set core.https_address 10.0.0.22:8443
lxc config set core.trust_password pass1234

# old server (lxd1.example.com, 10.0.0.11)
lxc config set core.https_address 10.0.0.11:8443
lxc remote add lxd2.example.com 10.0.0.22

Migrate container
# old server
CONTAINER=www
#lxc config show ${CONTAINER}
lxc stop ${CONTAINER}
lxc config set ${CONTAINER} boot.autostart false
lxc snapshot ${CONTAINER}

# move whole container
# lxc move ${CONTAINER} lxd2.example.com:${CONTAINER} --verbose

Read more about LXD: Migrate / copy / move container to remote host

OpenStack: Extend public IP range

Show subnet details
openstack subnet list --network public
openstack subnet show public-10.0.0.0/24

Modify database
DB_PASS=$(grep neutron_database_password /etc/kolla/passwords.yml | cut -d " " -f2)
mysql -h db.service.example.com --password=${DB_PASS} -P 6033 -u neutron -D neutron
select * from neutron.subnets where cidr like '10.0.0%';
update subnets set cidr='10.0.0.0/23' WHERE cidr = '10.0.0.0/24';
exit;

# update subnet name
openstack subnet set --name public-10.0.0.0/23 public-10.0.0.0/24

# extend allocation-pool

Read more about OpenStack: Extend public IP range

Mellanox: automatic firmware update

Latest firmware version
http://www.mellanox.com/page/mlxup_firmware_tool

URL=https://www.mellanox.com/downloads/firmware/mlxup/4.12.0/SFX/linux_x64/mlxup
# short url
URL=https://bit.ly/2NQWo5t

wget ${URL} -qO /tmp/mlxup
chmod +x /tmp/mlxup
/tmp/mlxup -y

Links
http://www.mellanox.com/supportdownloader/
http://www.mellanox.com/page/firmware_table_ConnectX3EN

Read more about Mellanox: automatic firmware update

OpenStack: server (VM)

List
# List instances / VMs
openstack server list
openstack server list -c ID -c Name -c Status -c Networks -c Host --long

Create
openstack server create foo-vm1 \
--image "Ubuntu 18.04" \
--flavor m1.small \
--key-name foo-key \
--network foo-net

# delete instance
openstack server delete "vm-u1804"
# list all servers from all projects
openstack server list --all-projects --os-cloud=stage-admin
# get IDs only from server
openstack server list --os-cloud=dev-foo -c ID -f value
# get all servers using windows images

Read more about OpenStack: server (VM)

Nginx: Log client ip behind NAT with http_x_forwarded_for (X-Forwarded-For Header)

Use nginx real_ip module
nginx -V | grep with-http_realip_module
# /etc/nginx/nginx.conf
...
http {
...
# set_real_ip_from 0.0.0.0/0;
set_real_ip_from x.x.x.x/x; # LB subnet
real_ip_header X-Forwarded-For;
...
}
...

Option 2: customize log_format
cat /etc/nginx/nginx.conf
...
log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
...

Reload Nginx configuration

Read more about Nginx: Log client ip behind NAT with http_x_forwarded_for (X-Forwarded-For Header)

Fix Octavia / Amphora VMs

Show Loadbalancer state
# List all LoadBalancer
openstack loadbalancer list

# List LoadBalancer details
openstack loadbalancer show 0ce30f0e-1d75-486c-a09f-79125abf44b8

# List LoadBalancer VMs details
openstack loadbalancer amphora list --loadbalancer 0ce30f0e-1d75-486c-a09f-79125abf44b8

# List all Octavia LB / VMs
openstack server list --all --long --name amphora --os-cloud=dev-admin

Manual update provisioning_status from PENDING_UPDATE / ERROR state to ACTIVE in Octavia Database

Read more about Fix Octavia / Amphora VMs

Subscribe to