wget -qO - https://packages.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add -
echo "deb [arch=amd64] https://packages.elastic.co/curator/5/debian stable main" > /etc/apt/sources.list.d/curator.list
sudo apt-get update && sudo apt-get install elasticsearch-curator
 
# sudo apt install -y elasticsearch-curator
# pip install elasticsearch-curator

curl elasticsearch.example.com:9200/_cat/indices

---
client:
  hosts:
    - elasticsearch.example.com
  port: 9200
  url_prefix:
  use_ssl: False
  certificate:
  client_cert:
  client_key:
  ssl_no_validate: False
  http_auth:
  timeout: 30
  master_only: False
 
logging:
  loglevel: INFO
  logfile:
  logformat: default
  blacklist: ['elasticsearch', 'urllib3']

#echo 'designate_tag: "7.0.1.2"' >> /etc/kolla/globals.yml
sed -i 's/[#]dns_interface:/dns_interface:/g' /etc/kolla/globals.yml
sed -i 's/[#]enable_designate: .*/enable_designate: "yes"/g' /etc/kolla/globals.yml
sed -i 's/[#]enable_horizon_designate:/enable_horizon_designate:/g' /etc/kolla/globals.yml
sed -i 's/[#]designate_ns_record: .*/designate_ns_record: "pool.{{ os_environment }}.example.com"/g' /etc/kolla/globals.yml

mkdir -p /etc/kolla/config/foo/designate
 
/etc/kolla/config/foo/designate/pools.yaml
- name: default-bind
  description: Default BIND9 Pool
  attributes: {}
  ns_records:
    - hostname: ns1.dev.i.example.com.
      priority: 1
  nameservers:
    - host: 10.0.4.45
      port: 53
  targets:
    - type: bind9
      description: BIND9 Server 1
      masters:
        - host: 10.0.4.135
          port: 5354
      options:
        host: 10.0.4.45
        port: 53
        rndc_host: 10.0.4.45
        rndc_port: 953
        rndc_key_file: /etc/designate/rndc.key

wget https://github.com/go-acme/lego/releases/download/v3.2.0/lego_v3.2.0_linux_amd64.tar.gz -qO- | tar -C /tmp -xz lego

# stop service on port 80 / 443
service nginx stop
service apache2 stop
 
# Request certificate
/tmp/lego --accept-tos --email="foo@bar.com" --domains="bar.com" --http run
 
# Request wildcard certificate
/tmp/lego --accept-tos --email="foo@bar.com" --domains="bar.com" --domains="*.bar.com" --dns manual run
 
# restart service on port 80 / 443
service nginx start
service apache2 start

ll ~/.lego/certificates/

# test with designage
/tmp/lego --accept-tos --email="foo@bar.com" --domains="*.bar.com" --dns designate run
... designate: some credentials information are missing: OS_AUTH_URL,OS_USERNAME,OS_PASSWORD,OS_TENANT_NAME,OS_REGION_NAME

lxc storage create zfs zfs source=rpool/lxd
lxc profile device add default root disk path=/ pool=zfs

lxc storage list
lxc storage delete default
 
# zfs
lxc storage create zfs zfs source=tank/lxd
lxc storage list
 
# delete default storage
lxc storage volume list default
lxc storage volume delete default image/7d788819a5a97433db8470ee68370ec69e829b429800fa28b5524f0411490ce9
lxc storage delete default
 
# move container to another storage
CONTAINER=www1
lxc move ${CONTAINER} ${CONTAINER}-tmp -s nvme
lxc move ${CONTAINER}-tmp ${CONTAINER}
lxc start ${CONTAINER}

lxc profile device del dev-zfs root
lxc profile device add dev-zfs root disk path=/ pool=zfs

# change container storage quota
lxc config device set <CONTAINER_NAME> root size 100GB
 
# lvm thin pool
lvcreate -L 250G --thinpool kvm system
lxc storage create kvm lvm source=system lvm.thinpool_name=kvm
 
# unix-block
lxc config device add c1 xvdb1 unix-block source=/dev/xvdb1 required=false
lxc config device remove gitlab-runner3-dev xvdb2

CONTAINER_NAME=gitlab-runner1-dev
lxc launch ubuntu:18.04 ${CONTAINER_NAME} -p disk-zfs -p nic-dev-mgmt -c boot.autostart=true -c security.nesting=true -c security.privileged=true
#-c volatile.dev-mgmt.hwaddr=00:11:22:33:44:55
 
lxc exec ${CONTAINER_NAME} -- apt update
lxc exec ${CONTAINER_NAME} -- apt dist-upgrade
lxc exec ${CONTAINER_NAME} -- apt purge -y lxd lxd-client snapd unattended-upgrades
lxc exec ${CONTAINER_NAME} -- apt autoremove
 
lxc file push /root/.ssh/authorized_keys ${CONTAINER_NAME}/root/.ssh/authorized_keys
lxc exec ${CONTAINER_NAME} -- bash -c "sed -i 's/eth0:/dev-mgmt:/g' /etc/netplan/50-cloud-init.yaml"
lxc exec ${CONTAINER_NAME} -- netplan apply
 
printf 'lxc.apparmor.profile = unconfined\nlxc.cgroup.devices.allow = a\nlxc.mount.auto=proc:rw sys:rw\nlxc.cap.drop=' | lxc config set ${CONTAINER_NAME} raw.lxc -
lxc restart ${CONTAINER_NAME}

wget -qO - https://download.jitsi.org/jitsi-key.gpg.key | sudo apt-key add -
sudo sh -c "echo 'deb https://download.jitsi.org stable/' > /etc/apt/sources.list.d/jitsi-stable.list"
sudo apt-get -y update
sudo apt-get -y install jitsi

COMPUTE_NODE=com1-dev
 
# get shutoff VMs on compute node
VMS_COMPUTE=$(ssh ${COMPUTE_NODE} docker exec -i nova_libvirt virsh list --state-shutoff --uuid | sed '/^$/d' | sort)
# echo "${VMS_COMPUTE}"
 
# get shutoff VMs from nova DB
VMS_NOVA=$(ssh os-admin-dev "source /etc/kolla/admin-openrc.sh; openstack server list --all --host ${COMPUTE_NODE} -c ID -f value --status SHUTOFF" | sort)
# echo "${VMS_NOVA}"
 
# diff shutoff VMs
comm -3 <(echo "${VMS_COMPUTE}") <(echo "${VMS_NOVA}")

brctl show | egrep "qvb|tap" | sed '$!N;/\n.*tap/d;P;D' | awk '{print substr($1,4,8)}'

TOKEN=cac559da
 
# show port details
docker exec openvswitch_vswitchd ovsdb-client dump | grep ${TOKEN}
 
# get OVS port
docker exec openvswitch_vswitchd ovs-vsctl list-ports br-int | grep ${TOKEN}
 
# get OVS interface
docker exec openvswitch_vswitchd ovs-vsctl list-ifaces br-int | grep ${TOKEN}
 
# show host bridges
brctl show | grep ${TOKEN}
 
# show host interfaces
ip a | grep ${TOKEN}