OpenStack: Debug / cleanup DHCP
Restart DHCP namespaces
openstack subnet set --no-dhcp ${SUBNET_ID} openstack subnet set --dhcp ${SUBNET_ID}
Find unnecessary DHCP namespaces
MAX_DHCP_NS=3 SUBNET_IDS=$(openstack subnet list --dhcp -c ID -f value) for SUBNET_ID in ${SUBNET_IDS}; do NETWORK_ID=$(openstack subnet show ${SUBNET_ID} -c network_id -f value) DHCP_PORTS="$(openstack port list --device-owner network:dhcp --network ${NETWORK_ID} -c ID -c binding_host_id -c fixed_ips -c status -f value)" if [ $(echo "${DHCP_PORTS}" | wc -l) -ne ${MAX_DHCP_NS} ]; then echo "NETWORK_ID: ${NETWORK_ID}" echo "${DHCP_PORTS}" echo fi done
Add / remove DHCP ports
OpenStack: RBAC shared network
# allow access to RBAC net for project openstack network rbac create --target-project foo-project1 --action access_as_shared --type network foo-net-01 # show rbac quota neutron quota-show --tenant_id <PROJECT_ID> | grep rbac_policy # set rbac quota to unlimited openstack quota set --rbac-policies -1 <PROJECT_ID> openstack network rbac list openstack network rbac show ${RBAC_ID}
Links
https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network-rbac.html
https://docs.openstack.org/mitaka/networking-guide/config-rbac.html
https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/quota.html
https://docs.openstack.org/ocata/admin-guide/cli-networking-advanced-quotas.html
Create anyconnect VPN connection on command line with nmcli
Create connection
VPN_GATEWAY=vpn1.example.com VPN_USER=foo VPN_ROUTES=192.168.11.0/24 nmcli connection add \ connection.id vpn1 \ connection.type vpn \ connection.permissions "user:${USER}" \ ipv4.routes "${VPN_ROUTES}" \ ipv4.ignore-auto-routes yes \ vpn.service-type org.freedesktop.NetworkManager.openconnect \ vpn.data " protocol = anyconnect, authtype = cert, gateway = ${VPN_GATEWAY}, cacert = ${HOME}/vpn1/ca.pem, usercert = ${HOME}/vpn1/certificate.pem, userkey = ${HOME}/vpn1/priv.pem, cookie-flags = 2 " \ vpn.secrets " form:main:group_list=CLIENTGROUP, form:main:username=${VPN_USER}, save_passwords=yes "
Start connection and enter password once
nmcli connection up vpn1
Debug
#journalctl -fxe NM_CONNECTION=8d5ec3cb-99c5-47ea-84e2-38174cd14702 journalctl -fxe -t NetworkManager cat /etc/NetworkManager/system-connections/vpn1.nmconnection nmcli con show vpn1
Links
https://0xsys.blogspot.com/2019/06/configure-vpn-using-nmcli.html
LXD: Create WireGuard container
Create container
CONTAINER=wireguard # Add ubuntu-minimal repository lxc remote add --protocol simplestreams ubuntu-minimal https://cloud-images.ubuntu.com/minimal/releases/ # Create LXD container #lxc launch ubuntu-minimal:lts ${CONTAINER} lxc launch ubuntu-minimal:22.04 ${CONTAINER} # update APT packages lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt update && apt -y dist-upgrade && apt -y autoremove" # Install WireGuard lxc exec ${CONTAINER} -- bash -c "export http_proxy=${http_proxy} && apt install -y wireguard iptables iputils-ping"
Configure UDP 4000 port forward to wireguard container
lxc config device add ${CONTAINER} udp51820 proxy listen=udp:0.0.0.0:51820 connect=udp:127.0.0.1:51820
Configure WireGuard
Rundeck CLI
Install
https://rundeck.github.io/rundeck-cli/
https://github.com/rundeck/rundeck-cli/releases
sudo apt-get install -y default-jre-headless wget -q https://github.com/rundeck/rundeck-cli/releases/download/v2.0.0/rundeck-cli_2.0.0-1_all.deb sudo dpkg -i rundeck-cli_*_all.deb # sudo apt-get install rundeck-cli
Configuration
https://rundeck.github.io/rundeck-cli/configuration/
# ~/.rd/rundeck-dev.conf export RD_URL=http://rundeck.dev.example.com:80 export RD_USER=admin export RD_PASSWORD=admin # load configuration source ~/.rd/rundeck-dev.conf
LXD: profile
Copy profiles between LXD cluster nodes
lxc profile copy profile-name new-lxd-server:
Export all profiles
for PROFILE in $(lxc profile list --format json | jq -r '.[].name'); do lxc profile show ${PROFILE} > ${PROFILE} done
Import profiles
for PROFILE in $(ls nic* disk*); do lxc profile create ${PROFILE} < ${PROFILE} done
DevStack
DevStack XENA
sudo apt -y install git jq vim sudo apt purge -y python3-distro-info git clone --branch "stable/xena" https://opendev.org/openstack/devstack HOST_IP=$(ip -o -4 -j a | jq -r '.[].addr_info[] | select(.dev == "ens3") .local') echo ${HOST_IP}
DevStack XENA
https://openstack.goffinet.org/03-02-openstack-lab-devstack.html
http://lia.deis.unibo.it/Courses/CompNetworksM/1718/slides/NetworksM_Cloud180518_v1.pdf
https://opnfvblog.wordpress.com/2016/10/27/devstack-localconf/
https://01.org/sites/default/files/page/accelerating_openstack_networking_with_intel_architecture_rev008.pdf
Flash LineageOS on Google Pixel 2 XL (taimen)
Prepare
https://wiki.lineageos.org/devices/taimen/install
# Enable debug mode on phone # Enable OEM unlocking # Enable USB debugging adb reboot bootloader fastboot flashing unlock # confirm with keys
Boot bootloader
adb reboot bootloader
Boot TWRP
https://dl.twrp.me/taimen/
https://dl.twrp.me/taimen/twrp-3.7.0_9-0-taimen.img
fastboot boot Downloads/twrp-3.7.0_9-0-taimen.img adb shell twrp wipe data adb shell twrp wipe dalvik
LineageOS image
https://download.lineageos.org/devices/taimen/builds
https://mirrorbits.lineageos.org/full/taimen/20240822/lineage-21.0-20240822-nightly-taimen-signed.zip
adb shell twrp sideload zip from host adb adb sideload Downloads/lineage-*nightly-taimen-signed.zip
OPTIONAL: Install Gapps
https://wiki.lineageos.org/gapps
https://github.com/MindTheGapps/14.0.0-arm64/releases/download/MindTheGapps-14.0.0-arm64-20240612_135921/MindTheGapps-14.0.0-arm64-20240612_135921.zip adb sideload Downloads/MindTheGapps-*.zip
Upgrade
https://wiki.lineageos.org/devices/taimen/upgrade
http://downloads.codefi.re/d/CNzxbgzaLdfGLGZSIP-cUQ/1685985608/jdcteam/javelinanddart/gapps/MindTheGapps-12.1.0-arm64-20220605_112439.zip