openstack

Export server volume as image

SERVER_IDS="
dd799bc6-ded0-4f20-8f24-3e5af5250fd3
46562d71-ba00-47b7-872a-cd759abd014c
5e517453-c87f-4426-b705-96ffc9afe4ce
"
 
function save_image() {
    IMAGE_ID="${1}"
    IMAGE_NAME="${2}"
 
    echo "IMAGE_ID: ${IMAGE_ID}"
    openstack image set --private ${IMAGE_ID}    
 
    echo "Save image as ${IMAGE_NAME}.qcow2 ..."
    openstack image save ${IMAGE_ID} --file ${IMAGE_NAME}.qcow2
 
    openstack image show ${IMAGE_ID} -c size -f value
    ls -l ${IMAGE_NAME}.qcow2
    md5sum ${IMAGE_NAME}.qcow2 > ${IMAGE_NAME}.qcow2.md5sum
 
    openstack image show ${IMAGE_ID} -f json > ${IMAGE_NAME}.json
 
    echo "Delete image ${IMAGE_NAME}"
    openstack image delete ${IMAGE_ID}
}
 
 
for SERVER_ID in ${SERVER_IDS}; do
    echo "SERVER_ID: ${SERVER_ID}"
    SERVER_JSON=$(openstack server show ${SERVER_ID} -f json)
 
    SERVER_NAME=$(echo ${SERVER_JSON} | jq -r .name | tr " " "_")

Read more about Export server volume as image

Migrate OpenStack VM with encrypted volume

SERVER_ID=xxxx-xxxx-xxxx-xxxx-xxxx
 
# VOLUME_ID=$(openstack server show ${SERVER_ID} -c volumes_attached -f value | cut -d "'" -f4)
# VOLUME_TYPE=$(openstack volume show ${VOLUME_ID} -c type -f value)
# openstack volume type show ${VOLUME_TYPE}
 
# add admin to project
PROJECT_ID=$(openstack server show ${SERVER_ID} -c project_id -f value)
openstack role add --user admin --project ${PROJECT_ID} admin
unset OS_PROJECT_DOMAIN_NAME
unset OS_PROJECT_NAME
export OS_PROJECT_ID=${PROJECT_ID}
 
# Live migrate VM
openstack server migrate --os-compute-api-version 2.56 --live-migration --wait --host com10-prod ${SERVER_ID}
openstack server show ${SERVER_ID} -c name -c OS-EXT-SRV-ATTR:host
 
# remove admin from project
unset OS_PROJECT_ID
source /etc/kolla/admin-openrc.sh
openstack role remove --user admin --project ${PROJECT_ID} admin

Allow project to use encrypted volume

openstack volume type set --project ${PROJECT_ID} ${VOLUME_TYPE_ID}

Read more about Migrate OpenStack VM with encrypted volume

Create application credentials as Openstack admin for federated user(s)

Single user

# user OS_TOKEN
export OS_TOKEN=gAAAAABjtUl_4LZr3iNqI7dOoBYMw-...
 
# cat ~/.config/openstack/clouds.yaml
clouds:
  dev-admin-token:
    auth:
      auth_url: https://keystone.service.examle.com/v3
    region_name: "eu-south"
    interface: "public"
    identity_api_version: 3
    project_domain_name: "my-foo"
    project_name: "foo"
    auth_type: "v3token"
 
OS_AC=$(openstack application credential create ${OS_AC_NAME} --unrestricted --os-cloud dev-admin-token -f json)

Multiple user

Read more about Create application credentials as Openstack admin for federated user(s)

OpenStack: Authentificaton (Token, Application credendials)

Token authentificaton

unset $(compgen -v | grep OS_)
 
export OS_TOKEN=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
export OS_AUTH_TYPE=v3token
export OS_AUTH_URL=https://keystone.service.example.com/v3
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE=public
export OS_REGION_NAME=de-b1
export OS_PROJECT_DOMAIN_NAME=test-domain
export OS_PROJECT_NAME=test-project
#export OS_PROJECT_ID=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

OpenStack multi cloud / user configurattion
http://www.panticz.de/openstack-clouds-config

Read more about OpenStack: Authentificaton (Token, Application credendials)

OpenStack: Neutron L3 router

Recreate / move qrouter namespace

ROUTER_ID=74490819-028e-424e-b8f9-c7e48cf672af
 
# list router NS
openstack network agent list --router ${ROUTER_ID} --long
 
# list available l3 agents
openstack network agent list --agent-type l3
 
# recreate L3 agent
SOURCE_NODE=ctl1-dev
TARGET_NODE=ctl2-dev
 
SOURCE_L3_ID=$(openstack network agent list --host ${SOURCE_NODE} --agent-type l3 -f value -c ID)
TARGET_L3_ID=$(openstack network agent list --host ${TARGET_NODE} --agent-type l3 -f value -c ID)
 
openstack network agent add router --l3 ${TARGET_L3_ID} ${ROUTER_ID}
openstack network agent remove router --l3 ${SOURCE_L3_ID} ${ROUTER_ID}

Recreate all network agents

openstack router list --agent $SOURCE_L3_ID -f value -c ID | while read ROUTER_ID; do
    openstack network agent add router --l3 ${TARGET_L3_ID} ${ROUTER_ID}
    openstack network agent remove router --l3 ${SOURCE_L3_ID} ${ROUTER_ID}
done
 
openstack network agent set $SOURCE_L3_ID --disable

List floating IP in qrouter namespace

Read more about OpenStack: Neutron L3 router

OpenStack: submit changes to OpenDev with Gerrit

sudo apt-get install git-review
 
git clone https://opendev.org/openstack/diskimage-builder.git
# add changes
git config --global gitreview.username panticz
git review -s
checkout -b patch_x
git commit -a
git review

Links
https://docs.opendev.org/opendev/infra-manual/latest/gettingstarted.html

Read more about OpenStack: submit changes to OpenDev with Gerrit

OpenStack: Debug / cleanup DHCP

Restart DHCP namespaces

openstack subnet set --no-dhcp ${SUBNET_ID}
openstack subnet set --dhcp ${SUBNET_ID}

Find unnecessary DHCP namespaces

MAX_DHCP_NS=3
SUBNET_IDS=$(openstack subnet list --dhcp -c ID -f value)
for SUBNET_ID in ${SUBNET_IDS}; do
    NETWORK_ID=$(openstack subnet show ${SUBNET_ID} -c network_id -f value)
    DHCP_PORTS="$(openstack port list --device-owner network:dhcp --network ${NETWORK_ID} -c ID -c binding_host_id -c fixed_ips -c status -f value)"
 
    if [ $(echo "${DHCP_PORTS}" | wc -l) -ne ${MAX_DHCP_NS} ]; then
        echo "NETWORK_ID: ${NETWORK_ID}"
        echo "${DHCP_PORTS}"
 
        echo
    fi
done

Add / remove DHCP ports

Read more about OpenStack: Debug / cleanup DHCP

OpenStack: RBAC shared network

# allow access to RBAC net for project 
openstack network rbac create --target-project foo-project1 --action access_as_shared --type network foo-net-01
 
# show rbac quota
neutron quota-show --tenant_id <PROJECT_ID> | grep rbac_policy
 
# set rbac quota to unlimited
openstack quota set --rbac-policies -1 <PROJECT_ID>
 
openstack network rbac list
 
openstack network rbac show ${RBAC_ID}

Links
https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network-rbac.html
https://docs.openstack.org/mitaka/networking-guide/config-rbac.html
https://docs.openstack.org/python-openstackclient/pike/cli/command-objects/quota.html
https://docs.openstack.org/ocata/admin-guide/cli-networking-advanced-quotas.html

Read more about OpenStack: RBAC shared network

DevStack

DevStack XENA

sudo apt -y install git jq vim
sudo apt purge -y python3-distro-info
 
git clone --branch "stable/xena" https://opendev.org/openstack/devstack
 
HOST_IP=$(ip -o -4 -j a | jq -r '.[].addr_info[] | select(.dev == "ens3") .local')
echo ${HOST_IP}

DevStack XENA
https://openstack.goffinet.org/03-02-openstack-lab-devstack.html
http://lia.deis.unibo.it/Courses/CompNetworksM/1718/slides/NetworksM_Cloud180518_v1.pdf
https://opnfvblog.wordpress.com/2016/10/27/devstack-localconf/
https://01.org/sites/default/files/page/accelerating_openstack_networking_with_intel_architecture_rev008.pdf

Read more about DevStack

Create OpenStack VPNaaS with Terraform

terraform.tfvars

os_user = "foo"
psk = "pass1234"
fritzbox_wan_ip = "1.2.3.4"
fritzbox_cidr = "192.168.178.0/24"

terraform.tf

Read more about Create OpenStack VPNaaS with Terraform

Subscribe to openstack