SERVER_ID=xxxx-xxxx-xxxx-xxxx-xxxx
 
# VOLUME_ID=$(openstack server show ${SERVER_ID} -c volumes_attached -f value | cut -d "'" -f4)
# VOLUME_TYPE=$(openstack volume show ${VOLUME_ID} -c type -f value)
# openstack volume type show ${VOLUME_TYPE}
 
# add admin to project
PROJECT_ID=$(openstack server show ${SERVER_ID} -c project_id -f value)
openstack role add --user admin --project ${PROJECT_ID} admin
unset OS_PROJECT_DOMAIN_NAME
unset OS_PROJECT_NAME
export OS_PROJECT_ID=${PROJECT_ID}
 
# Live migrate VM
openstack server migrate --os-compute-api-version 2.56 --live-migration --wait --host com10-prod ${SERVER_ID}
openstack server show ${SERVER_ID} -c name -c OS-EXT-SRV-ATTR:host
 
# remove admin from project
unset OS_PROJECT_ID
source /etc/kolla/admin-openrc.sh
openstack role remove --user admin --project ${PROJECT_ID} admin

DEVICE=/dev/sdb
VOLUME=MultiBootUSB
 
# create filesystem on usb pen
sudo mkfs.vfat -n ${VOLUME} ${DEVICE}1
 
# mount usb
mount ${DEVICE}1 /mnt/
 
# install grub2 on usb pen
grub-install --no-floppy --root-directory=/mnt ${DEVICE}
 
# create grub config
cat <<EOF> /mnt/boot/grub/grub.cfg
menuentry "Ubuntu Live 11.04 64bit" {
        loopback loop /boot/iso/ubuntu-11.04-desktop-amd64.iso
        linux (loop)/casper/vmlinuz boot=casper iso-scan/filename=/boot/iso/ubuntu-11.04-desktop-amd64.iso noeject noprompt --
        initrd (loop)/casper/initrd.lz
}
 
menuentry "Ubuntu Live 9.10 32bit" {
 loopback loop /boot/iso/ubuntu-9.10-desktop-i386.iso

# user OS_TOKEN
export OS_TOKEN=gAAAAABjtUl_4LZr3iNqI7dOoBYMw-...
 
# cat ~/.config/openstack/clouds.yaml
clouds:
  dev-admin-token:
    auth:
      auth_url: https://keystone.service.examle.com/v3
    region_name: "eu-south"
    interface: "public"
    identity_api_version: 3
    project_domain_name: "my-foo"
    project_name: "foo"
    auth_type: "v3token"
 
OS_AC=$(openstack application credential create ${OS_AC_NAME} --unrestricted --os-cloud dev-admin-token -f json)

unset $(compgen -v | grep OS_)
 
export OS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
export OS_AUTH_TYPE=v3token
export OS_AUTH_URL=https://keystone.service.example.com/v3
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE=public
export OS_REGION_NAME=de-b1
export OS_PROJECT_DOMAIN_NAME=test-domain
export OS_PROJECT_NAME=test-project
#export OS_PROJECT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

pyenv install --list

pip install -U virtualenv --user
mkdir -vp ~/test
cd ~/test
virtualenv .venv
source .venv/bin/activate
pip install -U pip
pip install -U python-openstackclient

sudo apt install dropbear-initramfs
 
sudo sed -i 's/#DROPBEAR_OPTIONS=/DROPBEAR_OPTIONS="-I 180 -j -k -p 4000 -s -c cryptroot-unlock"/g' /etc/dropbear/initramfs/dropbear.conf
 
# optional: configure IP if no DHCP avaiable
# echo 'IP=192.168.2.123::192.168.2.1:255.255.254.0:my-wks01' >> /etc/initramfs-tools/initramfs.conf
 
sudo ssh-import-id gh:<my_user_id> -o /etc/dropbear/initramfs/authorized_keys
 
sudo update-initramfs -u
 
ssh root@your_workstation_ip -p 4444
 
# unlock disk
unlock-cryptroot

# Install collection
ansible-galaxy collection install ansible.posix
ansible-galaxy collection install git@git.example.com:foo/ansible-collections/bar
ansible-galaxy collection install git+file:///home/user/path/to/repo_name
 
# List collections
ansible-galaxy collection list

# default user Ansible collection directory
~/.ansible/collections/ansible_collections/
 
# env vars
ANSIBLE_COLLECTIONS_PATHS
 
# ~/.ansible.cfg 
[defaults]
collections_paths = /path/to/collection
 
# get current path
ansible-config dump | grep -i collection

- hosts: all
  collections:
    - my_namespace.my_collection
 
 
- hosts: all
  tasks:
    - import_role:
        name: my_namespace.my_collection.my_role

ROUTER_ID=74490819-028e-424e-b8f9-c7e48cf672af
 
# list router NS
openstack network agent list --router ${ROUTER_ID} --long
 
# list available l3 agents
openstack network agent list --agent-type l3
 
# recreate L3 agent
SOURCE_NODE=ctl1-dev
TARGET_NODE=ctl2-dev
 
SOURCE_L3_ID=$(openstack network agent list --host ${SOURCE_NODE} --agent-type l3 -f value -c ID)
TARGET_L3_ID=$(openstack network agent list --host ${TARGET_NODE} --agent-type l3 -f value -c ID)
 
openstack network agent add router --l3 ${TARGET_L3_ID} ${ROUTER_ID}
openstack network agent remove router --l3 ${SOURCE_L3_ID} ${ROUTER_ID}

openstack router list --agent $SOURCE_L3_ID -f value -c ID | while read ROUTER_ID; do
    openstack network agent add router --l3 ${TARGET_L3_ID} ${ROUTER_ID}
    openstack network agent remove router --l3 ${SOURCE_L3_ID} ${ROUTER_ID}
done
 
openstack network agent set $SOURCE_L3_ID --disable

sudo apt install -y wireguard
 
cd /etc/wireguard
umask 077;
wg genkey | tee privatekey | wg pubkey > publickey
 
/etc/wireguard/wg0.conf
[Interface]
Address = 192.168.6.1/24
ListenPort = 1194
PrivateKey = qz3LQkTEA8tOJEORyUxT2w2SIwdXwCLcO7joKq58tUs=
PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE
PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE     
 
[Peer]
PublicKey = wL+h2EqxaQpcWgwO8SIXPGqhHgssvj9xqjHAPjYLJ28=
AllowedIPs = 192.168.6.2/32
 
sudo ufw allow 1194/udp
sudo ufw status
 
sudo systemctl enable wg-quick@wg0
sudo systemctl start wg-quick@wg0
sudo systemctl status wg-quick@wg0
 
# watch connections
watch -n1 wg