Home | panticz.de

Nginx: Log client ip behind NAT with http_x_forwarded_for (X-Forwarded-For Header)

Use nginx real_ip module
nginx -V | grep with-http_realip_module
# /etc/nginx/nginx.conf
...
http {
...
# set_real_ip_from 0.0.0.0/0;
set_real_ip_from x.x.x.x/x; # LB subnet
real_ip_header X-Forwarded-For;
...
}
...

Option 2: customize log_format
cat /etc/nginx/nginx.conf
...
log_format main '$http_x_forwarded_for - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log main;
...

Reload Nginx configuration

Read more about Nginx: Log client ip behind NAT with http_x_forwarded_for (X-Forwarded-For Header)

Fix Octavia LB provisioning_status from PENDING_UPDATE or ERROR to ACTIVE

Show Loadbalancer state
# List all LoadBalancer
openstack loadbalancer list

# List LoadBalancer details
openstack loadbalancer show 0ce30f0e-1d75-486c-a09f-79125abf44b8

# List LoadBalancer VMs details
openstack loadbalancer amphora list --loadbalancer 0ce30f0e-1d75-486c-a09f-79125abf44b8

# List all Octavia LB / VMs
openstack server list --all --long --name amphora --os-cloud=dev-admin

Manual update provisioning_status from PENDING_UPDATE / ERROR state to ACTIVE in Octavia Database

Read more about Fix Octavia LB provisioning_status from PENDING_UPDATE or ERROR to ACTIVE

OpenStack: flavor

# list all flavors
openstack flavor list --sort-column Name --all

# create
openstack server create --flavor m1.small --image "Ubuntu 18.04" --nic net-id=foo-network --security-group default --key-name foo-key foo-vm1

Formated output
for FLAVOR in $(openstack flavor list --sort-column Name -c Name -f value); do
echo ${FLAVOR}
openstack flavor show ${FLAVOR}
echo
done

delete all flavors
openstack flavor list --all -c ID -f value | xargs openstack flavor delete

Read more about OpenStack: flavor

OpenStack: Allow user access to tanent projects

Get mgmt user data
# get user ID and domain ID
MGMT_USER_ID=$(openstack user list --long -c ID -c Name -f value | grep | cut -d" " -f1)
echo ${MGMT_USER_ID}

# get projects
openstack project list --long | grep safyievOokEgavUtdytPeurmebKowEff

# get assignments
openstack role assignment list --user JekUvyeijHaDrithWianvestUtevLiUk --project e72c94c20b4d40e3b971bc510d536e87 --names

# get Domain name
openstack domain list | grep safyievOokEgavUtdytPeurmebKowEff

Search tanent data
# get user domain ID

Read more about OpenStack: Allow user access to tanent projects

kubectl - Kubernetes CLI client

Client
sudo apt-get update
sudo apt-get install -y apt-transport-https
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | sudo tee -a /etc/apt/sources.list.d/kubernetes.list
sudo apt-get update
sudo apt-get install -y kubectl kubeadm

Bash completion
kubectl completion bash | sudo tee /etc/bash_completion.d/kubectl

Manual installation

Read more about kubectl - Kubernetes CLI client

OpenStack: Magnum

openstack coe service list
openstack stack list
openstack stack show d8a1c3af-7993-4493-91be-19cfce38a870
openstack coe cluster update k8s-cluster replace node_count=2

Configure deployment kolla-ansible
# cat /etc/kolla/config/magnum.conf
[cinder]
default_docker_volume_type = VT1

[trust]
cluster_user_trust = True

/etc/kolla/config/heat.conf
[DEFAULT]
#region_name = ch-zh1
region_name_for_services = RegionOne

# /etc/kolla/globals.yml
# magnum_tag: "7.0.0.1"
enable_magnum: "yes"

Redeploy / Reconfigure container

Read more about OpenStack: Magnum

Kubernetes dashboard UI

Add user and configure permissions
cat < /tmp/dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
kubectl apply -f /tmp/dashboard-adminuser.yaml

cat < /tmp/kubernetes-dashboard-admin.rbac.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF

Read more about Kubernetes dashboard UI

iLO recovery broken flash

# Install ftp client
sudo apt install -y ftp

# Connect to iLo IP
ftp ILO_IP
# user: root
# pass: flash

# Transfer iLo image in binary mode
bin
put ilo4_262.bin

# Links
https://community.hpe.com/t5/BladeSystem-Management-Software/iLO-network-flash-recovery-state/td-p/2322975#.XLyRCt9fi00

Read more about iLO recovery broken flash

Visual Studio Code

# deb download
# https://code.visualstudio.com/docs/setup/linux
curl https://packages.microsoft.com/keys/microsoft.asc | gpg --dearmor > microsoft.gpg
sudo install -o root -g root -m 644 microsoft.gpg /etc/apt/trusted.gpg.d/
sudo sh -c 'echo "deb [arch=amd64] https://packages.microsoft.com/repos/vscode stable main" > /etc/apt/sources.list.d/vscode.list'

sudo apt-get install apt-transport-https
sudo apt-get update
sudo apt-get install code # or code-insiders

# manual download
wget -q https://update.code.visualstudio.com/latest/linux-deb-x64/stable -O /tmp/code.deb

Read more about Visual Studio Code

Snap (Ubuntu package management)

Install
sudo apt install -y snapd

CLI
snap find
snap install

Configure proxy
sudo mkdir -p /etc/systemd/system/snapd.service.d/
echo -e '[Service]\nEnvironment="http_proxy=http://proxy.example.com:3128/"' | sudo tee /etc/systemd/system/snapd.service.d/http-proxy.conf
echo -e '[Service]\nEnvironment="https_proxy=http://proxy.example.com:3128/"' | sudo tee /etc/systemd/system/snapd.service.d/https-proxy.conf
sudo systemctl daemon-reload
sudo systemctl restart snapd

# debug proxy
systemctl show snapd | grep proxy

Read more about Snap (Ubuntu package management)

Subscribe to