openstack
OpenStack Debug VPN
Find the VPN server and the relevant router UUID
# get VPN connection ID openstack vpn ipsec site connection list | grep foo openstack vpn ipsec site connection list --long | grep <project_id> VPN_CONNECTION_ID=142dc25f-13bb-4fda-b093-edf13df98ed8 openstack vpn ipsec site connection show ${VPN_CONNECTION_ID} VPN_SERVICE_ID=$(openstack vpn ipsec site connection show ${VPN_CONNECTION_ID} -c 'VPN Service' -f value) openstack vpn service show ${VPN_SERVICE_ID} # get router ID ROUTER_ID=$(openstack vpn service show ${VPN_SERVICE_ID} -c Router -f value) echo "ROUTER_ID=${ROUTER_ID}"
Find the ctl Node where the active router is running
ROUTER_PORT_ID=$(openstack port list --device-owner network:router_gateway -f value -c id --router ${ROUTER_ID}) CONTROL_NODE=$(openstack port show ${ROUTER_PORT_ID} -c binding_host_id -f value) echo "CONTROL_NODE: ${CONTROL_NODE}" echo "ssh ${CONTROL_NODE} sudo ip netns exec qrouter-${ROUTER_ID} ip a s"
Connect to that ctl node and "jump" in its neutron-l3-agent docker container
Snapshot
Create VM image / snapshot
# backup openstack --os-cloud=openstack-lab server image create foo-vm1 --name foo-vm1-$(date -I) openstack --os-cloud=openstack-lab image list
Links
https://docs.openstack.org/ocata/user-guide/cli-use-snapshots-to-migrate-instances.html
Terraform: Create LoadBalancer in OpenStack
provider "openstack" { cloud = "lab-admin" use_octavia = true } # data "template_file" "user_data" { # template = file("user-data.txt") # } data "template_file" "user_data" { template = <<EOF #cloud-config package_update: true packages: - nginx runcmd: - hostname -f | sudo tee /var/www/html/index.nginx-debian.html - id > /tmp/debug EOF } variable "http_instance_names" { type = set(string) default = ["www1", "www2"] } resource "openstack_compute_instance_v2" "http" { for_each = var.http_instance_names name = each.key #name = "www${count.index + 1}" #count = 2 image_name = "Ubuntu 20.04 minimal" flavor_name = "m1.small" key_pair = "lab-key" security_groups = ["default"] user_data = data.template_file.user_data.rendered network { name = "demo-net" } } data "openstack_networking_network_v2" "network_1" { name = "demo-net" } data "openstack_networking_subnet_v2" "subnet_1" { name = "demo-subnet" network_id = data.openstack_networking_network_v2.network_1.id } # Create loadbalancer resource "openstack_lb_loadbalancer_v2" "http" { name = "demo-lb1" vip_subnet_id = data.openstack_networking_subnet_v2.subnet_1.id }
MicroStack
# install sudo microstack init --auto --control sudo snap install microstack --beta --devmode # stop sudo snap disable microstack # start vm microstack launch cirros --name test ssh -i /home/ubuntu/snap/microstack/common/.ssh/id_microstack cirros@10.20.20.3
Kubernetes the hard way
Links
https://github.com/kelseyhightower/kubernetes-the-hard-way
Configure OpenStack application credentials
mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo: auth_type: "v3applicationcredential" auth: auth_url: https://keystone.service.dev.example.com/v3 application_credential_id: "YOUR_CREDENTIAL_ID" application_credential_secret: "YOUR_CREDENTIAL_PASS" EOF
Install Terraform
cat <<EOF> /tmp/install-terraform.yml --- - hosts: localhost tasks: - name: Get latest Terraform version uri: url: https://checkpoint-api.hashicorp.com/v1/check/terraform register: response - set_fact: terraform_download_url: "{{ response.json.current_download_url }}" terraform_version: "{{ response.json.current_version }}" - name: Download Terraform {{ terraform_version }} unarchive: src: "{{ terraform_download_url }}terraform_{{ terraform_version }}_{{ ansible_system | lower }}_amd64.zip" remote_src: yes dest: ~/bin creates: ~/bin/terraform mode: 0550 EOF ansible-playbook /tmp/install-terraform.yml
Create test env on OpenStack
OpenStack: Octavia / Amphora LB check
#!/bin/bash source /etc/kolla/admin-openrc.sh function show_lb_owner() { LB_ID=$1 # show project PROJECT_ID=$(openstack loadbalancer show -c project_id -f value ${LB_ID}) PROJECT_NAME=$(openstack project show -c name -f value ${PROJECT_ID}) # show domain DOMAIN_ID=$(openstack project show -c domain_id -f value ${PROJECT_ID}) DOMAIN_NAME=$(openstack domain show -c name -f value ${DOMAIN_ID}) echo "Domain: ${DOMAIN_NAME}" echo "Project: ${PROJECT_NAME}" } EXIT_CODE=0 # list broken LB OUTPUT="$(openstack loadbalancer amphora list --provisioning-status ERROR)" if [ -n "${OUTPUT}" ]; then echo "${OUTPUT}" EXIT_CODE=1 fi # search for broken LB
LXD: OpenStack CLI (OSC) container
# create container lxc launch ubuntu:20.04 osc lxc shell osc # install OpenStack CLI apt install -y python3-openstackclient python3-neutron-vpnaas python3-octaviaclient python3-barbicanclient openstack complete | sudo tee /etc/bash_completion.d/openstack source /etc/bash_completion # configure connection mkdir -p ~/.config/openstack cat <<EOF> ~/.config/openstack/clouds.yaml clouds: dev-foo-app: auth: auth_url: https://keystone.service.example.com/v3 application_credential_id: "xxxxxxxx" application_credential_secret: "xxxxxxxx" region_name: "eu-fra1" interface: "public" identity_api_version: 3 auth_type: "v3applicationcredential" EOF echo export OS_CLOUD=dev-foo-app >> .bashrc # test export OS_CLOUD=dev-foo-app openstack image list