LXD: Create container with HTTP(s) proxy

CONTAINER=haproxy
 
# Create container
lxc launch ubuntu:18.04 ${CONTAINER}
sleep 10
 
# Deploy SSH key
lxc file push --uid 0 --gid 0 --mode 600 ~/.ssh/id_rsa.pub ${CONTAINER}/root/.ssh/authorized_keys
 
# Configure http(s) proxy inside of container (if set on host)
[ -z ${http_proxy} ] || echo "export http_proxy=$http_proxy" | lxc shell ${CONTAINER} -- tee -a /etc/environment
[ -z ${https_proxy} ] || echo "export https_proxy=$https_proxy" | lxc shell ${CONTAINER} -- tee -a /etc/environment
 
# Update APT repository
lxc exec ${CONTAINER} -- bash -c ". /etc/environment && apt update"
 
# Optional: install applications
lxc exec ${CONTAINER} -- bash -c ". /etc/environment && apt install -y haproxy"

YouTube download and convert to mp3

https://yt-dl.org/update
https://github.com/ytdl-org/youtube-dl/releases

wget -q https://github.com/ytdl-org/youtube-dl/releases/download/2019.04.30/youtube-dl -O /tmp/youtube-dl
sudo cp /tmp/youtube-dl /usr/local/sbin/
sudo chmod a+x /usr/local/sbin/youtube-dl
 
# download audio (mp3) only
youtube-dl --extract-audio --audio-format mp3 -o "%(title)s.%(ext)s" https://www.youtube.com/watch?v=foo
 
# download whole channel starting from 3 months
youtube-dl --extract-audio --audio-format mp3 -o "%(upload_date)s_%(title)s.%(ext)s" --dateafter now-3months -v https://www.youtube.com/user/OpenStackFoundation/videos
 
# update
sudo youtube-dl -U

# output template
https://github.com/ytdl-org/youtube-dl/blob/master/README.md#output-template

Install tftp server

Install tftp server package
sudo apt-get install -y xinetd tftpd tftp

Create xinetd tftp configuration

cat <<EOF> /etc/xinetd.d/tftp
service tftp
{
protocol        = udp
port            = 69
socket_type     = dgram
wait            = yes
user            = nobody
server          = /usr/sbin/in.tftpd
server_args     = /tftpboot
disable         = no
}
EOF

Create /tftpboot folder

sudo mkdir /tftpboot
sudo chmod -R 777 /tftpboot
sudo chown -R nobody /tftpboot

Restart the xinetd service

sudo service xinetd restart

Testing our tftp server

ip a add 192.168.1.1/24 dev eth0:1
echo foo > /tftpboot/testfile
tftp 192.168.1.1
get testfile
quit

Links
https://askubuntu.com/questions/201505/how-do-i-install-and-run-a-tftp-server

OpenStack: VPNaaS (VPN)

openstack vpn service list -c ID -f value |
    xargs -L1 openstack vpn service show
 
openstack vpn ipsec site connection list -c ID -f value |
    xargs -L1 openstack vpn ipsec site connection show

Check VPN peer address

PRIVATE_PEER_ADDRESSES=$(openstack vpn ipsec site connection list -c "Peer Address" -f value | egrep "^10.|^172.|^192.")
for PRIVATE_PEER_ADDRESSE in ${PRIVATE_PEER_ADDRESSES}; do
    echo "PRIVATE_PEER_ADDRESSES: ${PRIVATE_PEER_ADDRESSE}"
 
    CONNECTION_ID=$(openstack vpn ipsec site connection list | grep ${PRIVATE_PEER_ADDRESSE} | cut -d" " -f2)
    openstack vpn ipsec site connection show ${CONNECTION_ID}
 
    VPN_SERVICE_ID=$(openstack vpn ipsec site connection show ${CONNECTION_ID} -c "VPN Service" -f value)
    openstack vpn service show ${VPN_SERVICE_ID}
 
    PROJECT_ID=$(openstack vpn service show ${VPN_SERVICE_ID} -c project_id -f value)
    openstack project show ${PROJECT_ID}
done

Links
https://docs.openstack.org/neutron/rocky/admin/vpnaas-scenario.html

OpenStack: Volume

# List your volumes
openstack volume list
 
openstack volume type list --public --long
openstack volume backend pool list
cinder --os-volume-api-version 3.50 attachment-delete <attachment_id>
 
openstack volume set --non-bootable <VOLUME_ID>

Search for multiple volume attachment ids

OpenStack: rescue / recovery system

Download rescure iso
wget http://download.grml.org/grml64-small_2018.12.iso

Create rescure system

openstack image create systemrescuecd \
  --file grml64-small_2018.12.iso \
  --disk-format iso \
  --container-format bare \
  --min-ram 512 \
  --property hw_cdrom_bus=scsi
 
# show image
openstack image list --name systemrescuecd

Attach rescure system

openstack server rescue --image systemrescuecd ${SERVER_ID}

# Login to VM console and fix issues
Detach rescure system

openstack server unrescue ${SERVER_ID}

Links
https://help.switch.ch/engines/documentation/rescue-vm/
https://grml.org/

OpenStack: User

Debug user
openstack user list
openstack user show USER_ID
openstack domain show DOMAIN_ID
openstack project list --user USER_ID
openstack role assignment list --names --user USER_ID

Add role
openstack role add --user USER_ID --project PROJECT_ID creator

LXD: Move / copy container to remote host

Configure LXD
# new server (lxd2.example.com, 10.0.0.22)
lxc config set core.https_address 10.0.0.22:8443
lxc config set core.trust_password pass1234

# old server (lxd1.example.com, 10.0.0.11)
lxc config set core.https_address 10.0.0.11:8443
lxc remote add lxd2.example.com 10.0.0.22

Migrate container
# old server
CONTAINER=www
#lxc config show ${CONTAINER}
lxc stop ${CONTAINER}
lxc config set ${CONTAINER} boot.autostart false
lxc snapshot ${CONTAINER}

# move whole container
# lxc move ${CONTAINER} lxd2.example.com:${CONTAINER} --verbose

OpenStack: Extend public IP range

Show subnet details
openstack subnet list --network public
openstack subnet show public-10.0.0.0/24

Modify database
DB_PASS=$(grep neutron_database_password /etc/kolla/passwords.yml | cut -d " " -f2)
mysql -h db.service.example.com --password=${DB_PASS} -P 6033 -u neutron -D neutron
select * from neutron.subnets where cidr like '10.0.0%';
update subnets set cidr='10.0.0.0/23' WHERE cidr = '10.0.0.0/24';
exit;

# update subnet name
openstack subnet set --name public-10.0.0.0/23 public-10.0.0.0/24

# extend allocation-pool