openstack

Show neutron router namespaces by floating IP (FIP)

FLOATING_IP=1.2.3.4
 
# search in floating IP table
ROUTER_ID=$(openstack floating ip list --floating-ip-address ${FLOATING_IP} --long -c Router -f value)
if [ -z ${ROUTER_ID} ]; then
    # search in router
    ROUTER_ID=$(openstack router list --long | grep ${FLOATING_IP} | cut -d" " -f2)
fi
 
PROJECT_ID=$(openstack router show ${ROUTER_ID} -c project_id -f value)
 
echo -e "\e[34m# Project"
openstack router show ${ROUTER_ID} -c id -c name 
 
echo
echo -e "\e[34m# Router"
openstack project show ${PROJECT_ID} -c id -c name -c description
 
echo
echo -e "\e[34m# Router namespaces"
openstack network agent list --router ${ROUTER_ID} --long --sort-column 'HA State'
echo
 

Terraform: OpenStack

OpenStack Providery
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs

# Configure the OpenStack Provider
provider "openstack" {
  user_name   = "admin"
  tenant_name = "admin"
  password    = "pwd"
  auth_url    = "http://myauthurl:5000/v2.0"
  region      = "RegionOne"
}
 
# cloud.yaml
provider "openstack" {
  cloud      = "dev-foo"
}

Router
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/networking_router_v2

resource "openstack_networking_router_v2" "router_1" {
  name       = "foo-router"
  external_network_id = "88934cac-8d55-40d5-8ff9-bde65011741d"
}
 
resource "openstack_networking_router_interface_v2" "terraform" {
  router_id = openstack_networking_router_v2.router_1.id
  subnet_id = openstack_networking_subnet_v2.subnet_1.id
}

Compute
https://registry.terraform.io/providers/terraform-provider-openstack/openstack/latest/docs/resources/compute_instance_v2

resource "openstack_compute_instance_v2" "basic" {
  name            = "basic"
  image_id        = "ad091b52-742f-469e-8f3c-fd81cadf0743"
  flavor_id       = "3"
  key_pair        = "my_key_pair_name"
  security_groups = ["default"]
 
  metadata = {
    this = "that"
  }
 
  network {
    name = "my_network"
  }
}

Image

Find router binding_host_id mismatch

ROUTER_ID=f2d3e40f-cea5-4a2b-bac7-eba0700f449c
 
# DB
openstack port list --device-owner network:router_gateway --router ${ROUTER_ID} -c id -f value | xargs openstack port show -c binding_host_id -f value
 
# active
openstack network agent list --router ${ROUTER_ID} --long -f json | jq -r '.[] | select(."HA State" == "active").Host'
ROUTER_IDS=$(openstack router list  -c ID -f value)
for ROUTER_ID in ${ROUTER_IDS}; do
    ROUTER_PORT_ID=$(openstack port list --device-owner network:router_gateway --router ${ROUTER_ID} -c id -f value)
    ROUTER_NODE_DB=""
    if [ ! -z ${ROUTER_PORT_ID} ]; then
        ROUTER_NODE_DB=$(openstack port show ${ROUTER_PORT_ID} -c binding_host_id -f value)    
    fi
    ROUTER_NODE_ACTIVE=$(openstack network agent list --router ${ROUTER_ID} --long -f json | jq -r '.[] | select(."HA State" == "active").Host')
 

Debug VPN

#!/bin/bash
 
export DEBUG=@option.debug@
export VPN_CONNECTION_ID=$(echo @option.vpn_connection_id@ | sed -e 's/^[[:space:]]*//')
 
[ "${DEBUG}" == "yes" ] && set -x
 
source /etc/kolla/admin-openrc.sh
source /usr/local/pyenv/versions/osc/bin/activate
 
# check parameter
if [[ ! ${VPN_CONNECTION_ID//-/} =~ ^[[:xdigit:]]{32}$ ]]; then
#if [ -z "${VPN_CONNECTION_ID}" ]; then
    echo -e "\e[34mPlease specify the VPN ipsec site connection ID"
    openstack vpn ipsec site connection list --long
 
    exit
fi 
 
 
VPN_CONNECTION_JSON=$(openstack vpn ipsec site connection show ${VPN_CONNECTION_ID} -f json)
 

Export server volume as image

SERVER_IDS="
dd799bc6-ded0-4f20-8f24-3e5af5250fd3
46562d71-ba00-47b7-872a-cd759abd014c
5e517453-c87f-4426-b705-96ffc9afe4ce
"
 
function save_image() {
    IMAGE_ID="${1}"
    IMAGE_NAME="${2}"
 
    echo "IMAGE_ID: ${IMAGE_ID}"
    openstack image set --private ${IMAGE_ID}    
 
    echo "Save image as ${IMAGE_NAME}.qcow2 ..."
    openstack image save ${IMAGE_ID} --file ${IMAGE_NAME}.qcow2
 
    openstack image show ${IMAGE_ID} -c size -f value
    ls -l ${IMAGE_NAME}.qcow2
    md5sum ${IMAGE_NAME}.qcow2 > ${IMAGE_NAME}.qcow2.md5sum
 
    openstack image show ${IMAGE_ID} -f json > ${IMAGE_NAME}.json
 
    echo "Delete image ${IMAGE_NAME}"
    openstack image delete ${IMAGE_ID}
}
 
 
for SERVER_ID in ${SERVER_IDS}; do
    echo "SERVER_ID: ${SERVER_ID}"
    SERVER_JSON=$(openstack server show ${SERVER_ID} -f json)
 
    SERVER_NAME=$(echo ${SERVER_JSON} | jq -r .name | tr " " "_")

Migrate OpenStack VM with encrypted volume

SERVER_ID=xxxx-xxxx-xxxx-xxxx-xxxx
 
# VOLUME_ID=$(openstack server show ${SERVER_ID} -c volumes_attached -f value | cut -d "'" -f4)
# VOLUME_TYPE=$(openstack volume show ${VOLUME_ID} -c type -f value)
# openstack volume type show ${VOLUME_TYPE}
 
# add admin to project
PROJECT_ID=$(openstack server show ${SERVER_ID} -c project_id -f value)
openstack role add --user admin --project ${PROJECT_ID} admin
unset OS_PROJECT_DOMAIN_NAME
unset OS_PROJECT_NAME
export OS_PROJECT_ID=${PROJECT_ID}
 
# Live migrate VM
openstack server migrate --os-compute-api-version 2.56 --live-migration --wait --host com10-prod ${SERVER_ID}
openstack server show ${SERVER_ID} -c name -c OS-EXT-SRV-ATTR:host
 
# remove admin from project
unset OS_PROJECT_ID
source /etc/kolla/admin-openrc.sh
openstack role remove --user admin --project ${PROJECT_ID} admin

Create application credentials as Openstack admin for federated user(s)

Single user

# user OS_TOKEN
export OS_TOKEN=gAAAAABjtUl_4LZr3iNqI7dOoBYMw-...
 
# cat ~/.config/openstack/clouds.yaml
clouds:
  dev-admin-token:
    auth:
      auth_url: https://keystone.service.examle.com/v3
    region_name: "eu-south"
    interface: "public"
    identity_api_version: 3
    project_domain_name: "my-foo"
    project_name: "foo"
    auth_type: "v3token"
 
OS_AC=$(openstack application credential create ${OS_AC_NAME} --unrestricted --os-cloud dev-admin-token -f json)

Multiple user

OpenStack: Authentificaton (Token, Application credendials)

Token authentificaton

unset $(compgen -v | grep OS_)
 
export OS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
export OS_AUTH_TYPE=v3token
export OS_AUTH_URL=https://keystone.service.example.com/v3
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE=public
export OS_REGION_NAME=de-b1
export OS_PROJECT_DOMAIN_NAME=test-domain
export OS_PROJECT_NAME=test-project
#export OS_PROJECT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

OpenStack multi cloud / user configurattion
http://www.panticz.de/openstack-clouds-config

OpenStack: Neutron L3 router

Recreate / move qrouter namespace

ROUTER_ID=74490819-028e-424e-b8f9-c7e48cf672af
 
# list router NS
openstack network agent list --router ${ROUTER_ID} --long
 
# list available l3 agents
openstack network agent list --agent-type l3
 
# recreate L3 agent
SOURCE_NODE=ctl1-dev
TARGET_NODE=ctl2-dev
 
SOURCE_L3_ID=$(openstack network agent list --host ${SOURCE_NODE} --agent-type l3 -f value -c ID)
TARGET_L3_ID=$(openstack network agent list --host ${TARGET_NODE} --agent-type l3 -f value -c ID)
 
openstack network agent add router --l3 ${TARGET_L3_ID} ${ROUTER_ID}
openstack network agent remove router --l3 ${SOURCE_L3_ID} ${ROUTER_ID}

Recreate all network agents

openstack router list --agent $SOURCE_L3_ID -f value -c ID | while read ROUTER_ID; do
    openstack network agent add router --l3 ${TARGET_L3_ID} ${ROUTER_ID}
    openstack network agent remove router --l3 ${SOURCE_L3_ID} ${ROUTER_ID}
done
 
openstack network agent set $SOURCE_L3_ID --disable

List floating IP in qrouter namespace