# install sudo microstack init --auto --control sudo snap install microstack --beta --devmode # stop sudo snap disable microstack # start vm microstack launch cirros --name test ssh -i /home/ubuntu/snap/microstack/common/.ssh/id_microstack cirros@10.20.20.3
Links
https://github.com/kelseyhightower/kubernetes-the-hard-way
Configure OpenStack application credentials
mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo: auth_type: "v3applicationcredential" auth: auth_url: https://keystone.service.dev.example.com/v3 application_credential_id: "YOUR_CREDENTIAL_ID" application_credential_secret: "YOUR_CREDENTIAL_PASS" EOF
Install Terraform
cat <<EOF> /tmp/install-terraform.yml --- - hosts: localhost tasks: - name: Get latest Terraform version uri: url: https://checkpoint-api.hashicorp.com/v1/check/terraform register: response - set_fact: terraform_download_url: "{{ response.json.current_download_url }}" terraform_version: "{{ response.json.current_version }}" - name: Download Terraform {{ terraform_version }} unarchive: src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system | lower }}_amd64.zip" remote_src: yes dest: ~/bin creates: ~/bin/terraform mode: 0550 EOF ansible-playbook /tmp/install-terraform.yml
Create test env on OpenStack
#!/bin/bash source /etc/kolla/admin-openrc.sh function show_lb_owner() { LB_ID=$1 # show project PROJECT_ID=$(openstack loadbalancer show -c project_id -f value ${LB_ID}) PROJECT_NAME=$(openstack project show -c name -f value ${PROJECT_ID}) # show domain DOMAIN_ID=$(openstack project show -c domain_id -f value ${PROJECT_ID}) DOMAIN_NAME=$(openstack domain show -c name -f value ${DOMAIN_ID}) echo "Domain: ${DOMAIN_NAME}" echo "Project: ${PROJECT_NAME}" } EXIT_CODE=0 # list broken LB OUTPUT="$(openstack loadbalancer amphora list --provisioning-status ERROR)" if [ -n "${OUTPUT}" ]; then echo "${OUTPUT}" EXIT_CODE=1 fi # search for broken LB
# create container lxc launch ubuntu:20.04 osc lxc shell osc # install OpenStack CLI apt install -y python3-openstackclient python3-neutron-vpnaas python3-octaviaclient python3-barbicanclient openstack complete | sudo tee /etc/bash_completion.d/openstack source /etc/bash_completion # configure connection mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo-app: auth: auth_url: https://keystone.service.example.com/v3 application_credential_id: "xxxxxxxx" application_credential_secret: "xxxxxxxx" region_name: "eu-fra1" interface: "public" identity_api_version: 3 auth_type: "v3applicationcredential" EOF echo export OS_CLOUD=dev-foo-app >> .bashrc # test export OS_CLOUD=dev-foo-app openstack image list
List
openstack vpn ipsec site connection list openstack vpn endpoint group list openstack vpn service list openstack vpn ipsec policy list openstack vpn ike policy list
Setup
# install sudo apt-get install -y strongswan # Left (Peer client, behind NAT) Ubuntu Client IP: 212.8.9.10 Ubuntu net: 192.168.178.0/24 OpenStack VPN IP: 217.50.60.70 OpenStack Net: 10.0.1.0/24
Create OpenStack VPN endpoint
http://www.panticz.de/openstack/vpn-fritzbox
/etc/ipsec.conf
IFS=$(echo -en "\n\b") PROJECTS_JSON=$(openstack project list --long -f json) for PROJECT_JSON in $(echo "${PROJECTS_JSON}" | jq -c '.[]'); do PROJECT_ID=$(echo ${PROJECT_JSON} | jq -r .ID) PROJECT_NAME=$(echo ${PROJECT_JSON} | jq -r .Name) DOMAIN_ID=$(echo ${PROJECT_JSON} | jq -r '."Domain ID"') DOMAIN_JSON=$(openstack domain show ${DOMAIN_ID} -f json) DOMAIN_NAME=$(echo ${DOMAIN_JSON} | jq -r .name) openstack server list --all-projects --long --project ${PROJECT_ID} --sort-column Name -f json | jq .[] | \
source /etc/kolla/admin-openrc.sh IFS=$(echo -en "\n\b") function get_vm_details() { LINE=$1 SERVER_ID=$(echo ${LINE} | cut -d" " -f3) SERVER_JSON=$(openstack server show ${SERVER_ID} -f json) SERVER_NAME=$(echo ${SERVER_JSON} | jq -r .name) SERVER_PROJECT_ID=$(echo ${SERVER_JSON} | jq -r .project_id) SERVER_PROJECT_JSON=$(openstack project show ${SERVER_PROJECT_ID} -f json) SERVER_PROJECT_NAME=$(echo ${SERVER_PROJECT_JSON} | jq -r .name) echo "${LINE} ${SERVER_NAME} ${SERVER_PROJECT_NAME}" }
Ping VM from IP namespace
#!/bin/bash export OS_ENV="@globals.environment@" if [ "${OS_ENV}" == "dev" ]; then export PYENV_ROOT="$HOME/.pyenv" export PATH="$PYENV_ROOT/bin:$PATH" eval "$(pyenv init -)" fi source /etc/kolla/admin-openrc.sh EXIT_CODE=0 # search for broken ovs entry in DB for NODE in $(openstack compute service list -c Host -f value | sort -u); do OUTPUT=$(ssh ${NODE} docker exec openvswitch_vswitchd ovsdb-client dump | grep qvo | egrep -v "tag|mac" | cut -d "\"" -f2) for PORT in ${OUTPUT}; do printf "%-20s %s\n" "${NODE}" "${PORT}" EXIT_CODE=1
#!/bin/bash source /etc/kolla/admin-openrc.sh EXIT_CODE=0 # search for server with status ERROR OUTPUT="$(openstack server list --all --status=ERROR -c ID -c Name -c Status -f value)" #openstack server show ${SERVER_ID} -c fault -f value if [ -n "${OUTPUT}" ]; then echo "${OUTPUT}" EXIT_CODE=1 fi # search for server with status VERIFY_RESIZE OUTPUT="$(openstack server list --all --status=VERIFY_RESIZE -c ID -c Name -c Status -f value)" if [ -n "${OUTPUT}" ]; then echo "${OUTPUT}" EXIT_CODE=1 fi # search for server processes on wrong compute node for COMPUTE_NODE in $(openstack compute service list --service nova-compute -c Host -f value); do for SERVER_ID in $(ssh ${COMPUTE_NODE} pgrep qemu -a | grep -o -P '(?<=-uuid ).*(?= -smbios)'); do