openstack

# create image from iso
openstack image create --file /tmp/ubuntu-24.04.1-live-server-amd64.iso --disk-format iso --progress ubuntu-24.04.1-live-server-amd64.iso
 
# create volume for the final VM
openstack volume create test-vm1-vol1 --size 10 --bootable
 
# create temporary installation VM
openstack server create test-vm1-inst --image ubuntu-24.04.1-live-server-amd64.iso --flavor m1.small --key-name test-keypair --network test-network
 
# attach volume to temporary VM
openstack server add volume test-vm1-inst test-vm1-vol1
 
# show console url from temporary VM
openstack console url show -c url -f value test-vm1-inst
 
# install OS in console
 
# delete temporary VM
openstack server stop test-vm1-inst
openstack server delete test-vm1-inst
 
# create final VM
openstack server create test-vm1 --volume test-vm1-vol1 --flavor m1.small --key-name test-keypair --network test-network
openstack console url show -c url -f value test-vm1
 
# remove iso imagge
openstack image delete ubuntu-24.04.1-live-server-amd64.iso

sudo apt install -y certbot
 
pyenv activate osc
pip install python-designateclient certbot-dns-openstack zope
 
# list available zones
openstack zone list
 
# Create letsencrypt directory
mkdir ~/letsencrypt
 
# Request wildcard certificate
DOMAIN=example.com
certbot -a dns-openstack certonly \
    --agree-tos \
    --register-unsafely-without-email \
    --work-dir ~/letsencrypt/work \
    --config-dir ~/letsencrypt/etc \
    --logs-dir ~/letsencrypt/log \
    --dns-openstack-propagation-seconds 60 \
    -d *.${DOMAIN}
#    -d *.example.com,example.com
 
# List certificates
ls -l ~/letsencrypt/etc/archive/*/*

watch -n1 openstack recordset list example.com

# Create router
openstack router create test-router1 \
  --centralized \
  --ha \
  --external-gateway public
 
# Show available tenant IPv6 subnet
openstack subnet pool list --share | grep tenant-subnet-pool-v6
 
# Create network
openstack network create test-network1
 
# DUAL-STACK: Create IPv4 subnet (skip for IPv6 only)
openstack subnet create test-subnet1-ipv4 \
  --network test-network1 \
  --subnet-range 10.11.12.0/24
 
# DUAL-STACK: Attach IPv4 subnet to router (skip for IPv6 only)
openstack router add subnet test-router1 test-subnet1-ipv4
 
# Create IPv6 subnet
openstack subnet create test-subnet1-ipv6 \
  --network test-network1 \
  --ip-version 6 \
  --subnet-pool tenant-subnet-pool-v6 \
  --prefix-length 64 \
  --ipv6-ra-mode dhcpv6-stateless \
  --ipv6-address-mode dhcpv6-stateless
 
# Attach IPv6 subnet to router
openstack router add subnet test-router1 test-subnet1-ipv6
 
# OPTINAL: allow access from outside
SECURITY_GROUP=test-secgroup
openstack security group create ${SECURITY_GROUP}
 
# DUAL-STACK: allow access to Floating FIP from outside (skip for IPv6 only)
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol icmp --ingress --remote-ip 0.0.0.0/0
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol icmp --egress --remote-ip 0.0.0.0/0
openstack security group rule create ${SECURITY_GROUP} --ethertype IPv4 --protocol tcp --dst-port 22 --remote-ip 0.0.0.0/0

shopt -s nullglob
for g in $(find /sys/kernel/iommu_groups/* -maxdepth 0 -type d | sort -V); do
    echo "IOMMU Group ${g##*/}:"
    for d in $g/devices/*; do
        echo -e "\t$(lspci -nns ${d##*/})"
    done;
done;

FLOATING_IP=1.2.3.4
 
# search in floating IP table
ROUTER_ID=$(openstack floating ip list --floating-ip-address ${FLOATING_IP} --long -c Router -f value)
if [ -z ${ROUTER_ID} ]; then
    # search in router
    ROUTER_ID=$(openstack router list --long | grep ${FLOATING_IP} | cut -d" " -f2)
fi
 
PROJECT_ID=$(openstack router show ${ROUTER_ID} -c project_id -f value)
 
echo -e "\e[34m# Project"
openstack router show ${ROUTER_ID} -c id -c name 
 
echo
echo -e "\e[34m# Router"
openstack project show ${PROJECT_ID} -c id -c name -c description
 
echo
echo -e "\e[34m# Router namespaces"
openstack network agent list --router ${ROUTER_ID} --long --sort-column 'HA State'
echo
 

# Configure the OpenStack Provider
provider "openstack" {
  user_name   = "admin"
  tenant_name = "admin"
  password    = "pwd"
  auth_url    = "http://myauthurl:5000/v2.0"
  region      = "RegionOne"
}
 
# cloud.yaml
provider "openstack" {
  cloud      = "dev-foo"
}

resource "openstack_networking_router_v2" "router_1" {
  name       = "foo-router"
  external_network_id = "88934cac-8d55-40d5-8ff9-bde65011741d"
}
 
resource "openstack_networking_router_interface_v2" "terraform" {
  router_id = openstack_networking_router_v2.router_1.id
  subnet_id = openstack_networking_subnet_v2.subnet_1.id
}

resource "openstack_compute_instance_v2" "basic" {
  name            = "basic"
  image_id        = "ad091b52-742f-469e-8f3c-fd81cadf0743"
  flavor_id       = "3"
  key_pair        = "my_key_pair_name"
  security_groups = ["default"]
 
  metadata = {
    this = "that"
  }
 
  network {
    name = "my_network"
  }
}

ROUTER_ID=f2d3e40f-cea5-4a2b-bac7-eba0700f449c
 
# DB
openstack port list --device-owner network:router_gateway --router ${ROUTER_ID} -c id -f value | xargs openstack port show -c binding_host_id -f value
 
# active
openstack network agent list --router ${ROUTER_ID} --long -f json | jq -r '.[] | select(."HA State" == "active").Host'

ROUTER_IDS=$(openstack router list  -c ID -f value)
for ROUTER_ID in ${ROUTER_IDS}; do
    ROUTER_PORT_ID=$(openstack port list --device-owner network:router_gateway --router ${ROUTER_ID} -c id -f value)
    ROUTER_NODE_DB=""
    if [ ! -z ${ROUTER_PORT_ID} ]; then
        ROUTER_NODE_DB=$(openstack port show ${ROUTER_PORT_ID} -c binding_host_id -f value)    
    fi
    ROUTER_NODE_ACTIVE=$(openstack network agent list --router ${ROUTER_ID} --long -f json | jq -r '.[] | select(."HA State" == "active").Host')