OpenStack

openstack keypair create foo-key --public-key ~/.ssh/id_rsa.pub

. /etc/kolla/admin-openrc.sh
openstack user password set --password new-password --original-password current-admin-password

# connect to specific cloud
openstack server list --os-cloud=dev-foo
 
source /etc/kolla/admin-openrc.sh

openstack image list
openstack network list
openstack keypair list

https://github.com/panticz/ansible/tree/master/roles/devstack
pip install -U openstacksdk python-openstacksdk ansible

sudo apt-get install git
git clone https://git.openstack.org/openstack-dev/devstack
 
cat <<EOF> local.conf 
[[local|localrc]]
ADMIN_PASSWORD=devstack
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
EOF
 
sudo devstack/tools/create-stack-user.sh
su stack
 
cd devstack
./stack.sh
 
ssh -N -L 8080:localhost:80 root@192.168.254.46
 
 
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=stack
export OS_AUTH_URL=http://localhost:35357/v2.0
 
nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
 
nova list
nova floating-ip-create public

openstack network create worker_network
openstack subnet create worker_subnet --network worker_network --subnet-range 10.0.1.0/24
openstack router create project_router
openstack router set project_router --external-gateway public
openstack router add subnet project_router worker_subnet

openstack subnet list
openstack subnet set --allocation-pool start=10.40.0.100,end=10.40.0.200 public1
openstack subnet show public1 -c allocation_pools -f value

sudo apt install -y python-magnumclient
pip install python-magnumclient

sudo snap install microstack --classic --candidate

openstack complete | sudo tee /etc/bash_completion.d/osc.bash_completion > /dev/null
. /etc/bash_completion

openstack project list --domain example.com
openstack domain create example.com
openstack project create openstack --domain example.com
openstack role add --user foo --project openstack admin

cirros password: gocubsgo
for ROUTER in $(ip netns | grep qrouter | cut -d" " -f1); do
    ip netns exec ${ROUTER} ssh cirros@${VM_IP}
done

openstack endpoint list | grep keystone
openstack service list
 
openstack endpoint list | grep 5000
openstack endpoint create identity --region RegionOne internal http://10.0.2.111:5000
 
openstack endpoint list | grep identity
openstack endpoint set --url http://10.0.2.10:5000 --interface public ab00147b8bf44319bf14927d74582359

cat <<EOF>> /etc/modprobe.d/kvm.conf
options kvm_intel nested=1
options kvm_amd nested=1
EOF
 
# modprobe kvm-intel
reboot
cat /sys/module/kvm_intel/parameters/nested
 
# nested networking (disable security on external port)
openstack port set --disable-port-security openstack-net-ext-port1

openstack versions show
openstack module list

# neutron
DB_PASS=$(grep neutron_database_password /etc/kolla/passwords.yml | cut -d " " -f2)
mysql -h db.service.i.ewcs.ch --password=${DB_PASS} -P 6033 -u neutron -D neutron
mysql -B -h db.service.i.ewcs.ch --password=${DB_PASS} -P 6033 -u neutron -D neutron -e "select * from floatingips"
 
# octavia
DB_PASS=$(grep octavia_database_password /etc/kolla/passwords.yml | cut -d " " -f2)
mysql -h db.service.i.ewcs.ch --password=${DB_PASS} -P 6033 -u octavia -D octavia
select * from load_balancer;
 
# service
openstack service list --long
 
# project
openstack project list --my-projects

# show user roles
MGMT_USER_ID=b912ba4325fbb6c18483602245f9b515b
openstack role assignment list --user ${MGMT_USER_ID} --names

openstack secret get --payload_content_type application/octet-stream --file /tmp/file1.out https://barbican.service.example.com/v1/secrets/fc9918f28076-05ae-4ad1-b54d-64e4bb48

PROJECT_ID=$(openstack project list -c ID -f value)
echo ${PROJECT_ID}

openstack quota show
openstack quota show ${PROJECT_ID}
 
# show default quota
penstack quota show --default
 
# set quotas
openstack quota set --class --instances 20 default
openstack quota set --class --cores 	20 default
openstack quota set --class --ram 	$((68 * 1024)) default
 
openstack quota show
openstack quota set --class --gigabytes 10000 default
 
# show quota (admin only)
openstack quota list --project ${PROJECT_ID} --detail --compute 
openstack quota list --project ${PROJECT_ID} --detail --network 
openstack quota list --project ${PROJECT_ID} --detail --volume 
 
# set quota
openstack quota set --secgroups -1 service
openstack quota set --cores -1 service
openstack quota set --ram -1 service
openstack quota set --floating-ips -1 service

openstack project set --domain foo --name bar-dev bar

# grep member /etc/kolla -r 
horizon/local_settings:OPENSTACK_KEYSTONE_DEFAULT_ROLE = "_member_"
 
# docker exec -i neutron_server oslopolicy-policy-generator --namespace neutron | egrep 'create_floatingip|^"(admin_only|context_is_admin)'
"context_is_admin": "role:admin"
"create_floatingip:floating_ip_address": "rule:admin_only"
"admin_only": "rule:context_is_admin"
"create_floatingip": "rule:regular_user"
"create_floatingip_port_forwarding": "rule:admin_or_ext_parent_owner"