Terraform: OpenStack
OpenStack Providery
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs
# Configure the OpenStack Provider provider "openstack" { user_name = "admin" tenant_name = "admin" password = "pwd" auth_url = "http://myauthurl:5000/v2.0" region = "RegionOne" } # cloud.yaml provider "openstack" { cloud = "dev-foo" }
resource "openstack_networking_router_v2" "router_1" { name = "foo-router" external_network_id = "88934cac-8d55-40d5-8ff9-bde65011741d" } resource "openstack_networking_router_interface_v2" "terraform" { router_id = openstack_networking_router_v2.router_1.id subnet_id = openstack_networking_subnet_v2.subnet_1.id }
nextcloud
# install nextcloud with snap snap install nextcloud # set domain nextcloud.occ config:system:set trusted_domains 0 --value="nextcloud.example.com"
cloud-config
LXD cloud-config profile
Launch QEMU Virtual Machines with LXD
Since version 4.0 LXD also natively supports virtual machines and thanks to a built-in agent, they can be used almost like containers.
lxc image list images: | grep VIRTUAL-MACHINE lxc launch images:ubuntu/21.04 vm2104 --vm lxc launch images:ubuntu/21.04/cloud vm2104c --vm
Links
https://linuxcontainers.org/lxd/getting-started-cli/#launch-a-virtual-machine
Microsoft teams under Linux / Ubuntu
Install Microsoft Teams
wget https://packages.microsoft.com/keys/microsoft.asc -qO-| sudo apt-key add - sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" > /etc/apt/sources.list.d/teams.list' sudo apt update sudo apt install -y teams
Ansible
cat <<EOF> /tmp/teams.yml --- - hosts: localhost tasks: - name: Add teams APT key apt_key: url: https://packages.microsoft.com/keys/microsoft.asc become: yes - name: Add teams repository apt_repository: repo: "deb [arch=amd64] https://packages.microsoft.com/repos/ms-teams stable main" become: yes - name: Install teams apt: update_cache: yes name: teams become: yes EOF ansible-playbook /tmp/teams.yml --ask-become-pass
Install by snap
sudo snap install teams
2Factor authentification
# Google Authentificaor
https://blog.paranoidpenguin.net/2018/06/office-365-multi-factor-authentication-with-google-authenticator/
# Microsoft Authenticator for Android
https://play.google.com/store/apps/details?id=com.azure.authenticator
Webclient
https://teams.microsoft.com
Links
https://docs.microsoft.com/de-de/microsoftteams/get-clients
ufw
ufw status ufw enable sudo ufw allow 22/tcp sudo ufw allow 4500/udp ufw start sudo ufw deny 41194/udp ufw app list ufw status ufw status numbered ufw delete 1
Links
https://linuxconfig.org/how-to-delete-ufw-firewall-rules-on-ubuntu-18-04-bionic-beaver-linux
WireGuard
Server
sudo apt install -y wireguard cd /etc/wireguard umask 077; wg genkey | tee privatekey | wg pubkey > publickey /etc/wireguard/wg0.conf [Interface] Address = 192.168.6.1/24 ListenPort = 1194 PrivateKey = qz3LQkTEA8tOJEORyUxT2w2SIwdXwCLcO7joKq58tUs= PostUp = iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o ens3 -j MASQUERADE PostDown = iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o ens3 -j MASQUERADE [Peer] PublicKey = wL+h2EqxaQpcWgwO8SIXPGqhHgssvj9xqjHAPjYLJ28= AllowedIPs = 192.168.6.2/32 sudo ufw allow 1194/udp sudo ufw status sudo systemctl enable wg-quick@wg0 sudo systemctl start wg-quick@wg0 sudo systemctl status wg-quick@wg0 # watch connections watch -n1 wg
Client
Kubernetes the hard way
Links
https://github.com/kelseyhightower/kubernetes-the-hard-way
Configure OpenStack application credentials
mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo: auth_type: "v3applicationcredential" auth: auth_url: https://keystone.service.dev.example.com/v3 application_credential_id: "YOUR_CREDENTIAL_ID" application_credential_secret: "YOUR_CREDENTIAL_PASS" EOF
Install Terraform
cat <<EOF> /tmp/install-terraform.yml --- - hosts: localhost tasks: - name: Get latest Terraform version uri: url: https://checkpoint-api.hashicorp.com/v1/check/terraform register: response - set_fact: terraform_download_url: "{{ response.json.current_download_url }}" terraform_version: "{{ response.json.current_version }}" - name: Download Terraform {{ terraform_version }} unarchive: src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system | lower }}_amd64.zip" remote_src: yes dest: ~/bin creates: ~/bin/terraform mode: 0550 EOF ansible-playbook /tmp/install-terraform.yml
Create test env on OpenStack
OpenStack: Octavia / Amphora LB check
#!/bin/bash source /etc/kolla/admin-openrc.sh function show_lb_owner() { LB_ID=$1 # show project PROJECT_ID=$(openstack loadbalancer show -c project_id -f value ${LB_ID}) PROJECT_NAME=$(openstack project show -c name -f value ${PROJECT_ID}) # show domain DOMAIN_ID=$(openstack project show -c domain_id -f value ${PROJECT_ID}) DOMAIN_NAME=$(openstack domain show -c name -f value ${DOMAIN_ID}) echo "Domain: ${DOMAIN_NAME}" echo "Project: ${PROJECT_NAME}" } EXIT_CODE=0 # list broken LB OUTPUT="$(openstack loadbalancer amphora list --provisioning-status ERROR)" if [ -n "${OUTPUT}" ]; then echo "${OUTPUT}" EXIT_CODE=1 fi # search for broken LB