Openstack: Difference between revisions

From Halfface
Jump to navigation Jump to search
 
(72 intermediate revisions by the same user not shown)
Line 1: Line 1:
cinder        OpenStack Block Storage service
=What does it mean=
=What does it mean=
aodh                  Alarming service
barbican              REST API designed for the secure storage, provisioning and management of secrets such as passwords, encryption keys and X.509
  cinder                OpenStack Block Storage
  cinder                OpenStack Block Storage
gnocchi              Time Series Database as a Service
glance                OpenStack Image Service
heat                  Deploy instances, volumes and other OpenStack services using YAML based templates.
horizon              Openstack’s Dashboard, which provides a web based user interface to OpenStack services
ironic                bootstrap
keystone              identity service
magnum                container orchestration engines
mistral              workflow service
neutron              networking as a service
nfv                  Network functions virtualization
nova                  cloud computing instance controller, provision compute instances (aka virtual servers).
octavia              Load balancer. Octavia HAProxy Amphora API
  swift                OpenStack Object Storage
  swift                OpenStack Object Storage
tacker                NFV Orchestration
trove                Database as a Service
Zaqar                multi-tenant cloud messaging service
=bash completion=
=bash completion=
  . <(openstack complete 2>/dev/null )
  . <(openstack complete 2>/dev/null )
=flavor=
Which machine types exist.
gp      "General purpose" Well rounded combination of amount of CPUs and the amount of RAM.
hm      "High memory" Optimimzed for applications that need a lot of memory.
hp      "High performance" High frequenzy cpu.
=list volumes=
openstack volume list
=install openstack=
dnf install python3-openstackclient
dnf -y install $(dnf -q search python3- client |grep -i OpenStack | grep -v -- -tests| awk '{print $1}')
=get ip addresses of all host=
openstack server  list -c Networks -f json | jq -r '.[].Networks[][]'
=output=
-f csv,json,table,value,yaml
Get output without headers.
openstack server list -f value
=list all=
openstack command list -f yaml | grep - | grep list | sed 's/^  - /openstack /g' |grep -v "openstack command list" | while read i ; do echo '*' $i ; $i 2>&1 ; done | tee /tmp/openstack_list_resources.${OS_CLOUD}.$(date +%F_%H-%M-%S)
openstack command list -f json | jq -r '.[].Commands[]|select (match("list$"))' | while read i ; do echo '*' openstack $i ; openstack $i 2>&1 ; done | tee /tmp/openstack_list_resources.${OS_CLOUD}.$(date +%F_%H-%M-%S)
=How to reach nodes=
OPENSTACK=$(openstack server  list -c Networks -f json | jq -r '.[].Networks[][]') ; OPENSTACK_JUMP=$(grep 185 <<< "${OPENSTACK}") ; NODES=$(grep -v 185 <<< "${OPENSTACK}") ; for NODE in ${NODES} ; do echo ssh -J core@${OPENSTACK_JUMP} core@${NODE} ; done
=create server=
openstack server create --flavor gp.1x2 --availability-zone europe-se-1a --image fedora-37-x86_64 --boot-from-volume 100 --network abjorklund-01-5tsbc-openshift --security-group ssh_allow --key-name abjorklund_ed25519 abjorklund_$(date_file)
With setting password.
cat << EOF > user-data
#cloud-config
password: Password123!
chpasswd: {expire: False}
ssh_pwauth: True
EOF
openstack server create --flavor gp.1x2 --availability-zone europe-se-1a --image rocky-8-x86_64 --boot-from-volume 30 --network abjorklund-01-bmc7w-openshift --security-group ssh_allow --key-name abjorklund_ed25519 abjorklund_$(date_file) --user-data user-data
=get router ip=
List routers
openstack router list
Get external ip.
openstack router show abjorklund-01-5tsbc-external-router -c external_gateway_info -f json | jq '.external_gateway_info.external_fixed_ips[0].ip_address'
185.102.213.238
Remove subnet from router
openstack router remove subnet <router> <subnet>
=list available images=
openstack image list
=Download image=
Get info about image.
openstack image list | grep -i nord-ic-
| 98c03b69-4ba8-4276-8695-b6c3f006cf20 | nord-ic-bc84t-rhcos            | active |
glance image-download --file nord-ic-bc84t-rhcos --progress 98c03b69-4ba8-4276-8695-b6c3f006cf20
=Upload image=
openstack image create --disk-format qcow2 --container-format bare --public --file CentOS-7-x86_64-GenericCloud-1503.qcow2  CentOS_7_Cloud_IMG
=security=
Get security groups.
openstack security group list -c Name -f json | jq -r '.[].Name'
Get all security groups with rules.
openstack security group list -c Name -f value | while read SECURITY ; do openstack security group show "$SECURITY" ; done > /temp/${OS_CLOUD##*/}}_openstack_security_group_list_openstack_security_group_show.$(date_file).log
Get rules from one security group
openstack security group rule list <group>
Add rule to allow traffic from ip.
openstack security group rule create --proto tcp --dst-port 6443 --remote-ip 185.53.164.10/32 --ingress <group>
Allow nfs4 traffic
# List group to add too.
openstack security group list | grep rw-core
openstack security group rule create --proto tcp --dst-port 2049 --remote-ip 10.2.0.0/16 rw-core-p9dq6-master
=create block device=
openstack volume create --size 50 --type ssd --description "nfs storage block device 0" nfs_storage_abjorklund-01
Resize block device.
os volume set --size 60 nfs_storage_abjorklund-01 --os-volume-api-version 3.42
=set physical ip on host=
openstack port list
List in different view.
openstack port list -f json | jq -r '.[]|[.ID, .Name, .Status, ."Fixed IP Addresses"[].ip_address]| join("\t")' | column -t -s $'\t'
=Change security group on port=
Remove if existing port does not exist.
openstack port set --no-security-group a7434863-fc4d-46ad-b93e-b0f2f717023f
openstack port set --security-group 3723f737-280f-453e-af0b-50aca4ce1b0d a7434863-fc4d-46ad-b93e-b0f2f717023f
=create port=
openstack port create --network abjorklund-01-h4sxm-openshift --fixed-ip subnet=4bb2ab0c-f8f9-4346-b238-5f992f0bcf56,ip-address=10.1.0.5 abjorklund-01-h4sxm-api-port
=manage loadbalancer aurora/haproxy=
openstack loadbalancer
openstack loadbalancer list
openstack loadbalancer show test-lb -c listeners -f value
=view limits=
If you have problems to create something in openstack it could be worth verifying you are within limits.
openstack limits show --absolute -f value | grep -E 'RAM|Cores'
=get project id=
openstack server show $(openstack server list -f value | head -1 | awk '{print $2}') -c project_id -f value
=Create s3 bucket=
openstack ec2 credentials create
openstack ec2 credentials list
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID ; export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY ; export AWS_DEFAULT_REGION=us-west-2 ; aws --endpoint=https://object-eu-se-1a.binero.cloud s3api create-bucket --bucket abjorklund-test-bucket --region us-west-2
=list s3 storage=
swift list blabla/blabla
swift --os-storage-url https://object-eu-se-1a.binero.cloud/swift/v1/AUTH_${OS_PROJECT_ID}/sender list
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID ; export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY ; export AWS_DEFAULT_REGION=us-west-2 ; s3fs -f -d openshift-region /mnt/openshift-region/ -o endpoint=europe-se-1 -o "host=https://object-eu-se-1a.binero.cloud" -o use_path_request_style
=Interact with object storage containers specifically with the Swift service=
openstack container show
=whoami=
openstack configuration show -f json | jq -r '."auth.username"'
=sort=
Sort on column name.
openstack network list --sort-column Name
=selected columns=
Select column name only
openstack server list -c Name -c Status -f table
=create ssh public key(keypair)=
openstack keypair create --public-key /home/abjorklund/.ssh/id_ed25519.pub binero_abjorklund_id_ed25519
=create floating ip=
openstack floating ip create europe-se-1-1a-net0
=assign floating ip to port=
openstack floating ip set --port abjorklund-01-h4sxm-ingress-port 193.93.251.233
=assign ip to server=
openstack server add floating ip binero_abjorklund_dns-lookup 193.93.248.34
=restart server=
openstack server reboot <server>
openstack server reboot --hard <server>
=view events from server=
openstack server event list <server>
openstack server event show <server> <requestid>
=recovery of server using iso=
Upload iso recovery.
openstack image create ubuntu-22.04.4-live-server-amd64.iso --property hw_rescue_device=cdrom --property hw_rescue_bus=scsi --disk-format iso --file ubuntu-22.04.4-live-server-amd64.iso --private --progress
openstack image create Rocky-9.3-x86_64-minimal.iso --property hw_rescue_device=cdrom --property hw_rescue_bus=scsi --disk-format iso --file Rocky-9.3-x86_64-minimal.iso --private --progress
Boot server with recovery iso.
openstack --os-compute-api-version 2.87 server rescue --image Rocky-9.3-x86_64-minimal.iso sentry_rw
openstack --os-compute-api-version 2.87 server rescue --image ubuntu-22.04.3-live-server-amd64.iso sentry_rw
When done disable rescue mode.
openstack server unrescue SERVER

Latest revision as of 15:14, 12 March 2024

What does it mean

aodh                  Alarming service
barbican              REST API designed for the secure storage, provisioning and management of secrets such as passwords, encryption keys and X.509
cinder                OpenStack Block Storage
gnocchi               Time Series Database as a Service
glance                OpenStack Image Service
heat                  Deploy instances, volumes and other OpenStack services using YAML based templates.
horizon               Openstack’s Dashboard, which provides a web based user interface to OpenStack services
ironic                bootstrap
keystone              identity service 
magnum                container orchestration engines
mistral               workflow service
neutron               networking as a service
nfv                   Network functions virtualization
nova                  cloud computing instance controller, provision compute instances (aka virtual servers).
octavia               Load balancer. Octavia HAProxy Amphora API
swift                 OpenStack Object Storage
tacker                NFV Orchestration
trove                 Database as a Service
Zaqar                 multi-tenant cloud messaging service

bash completion

. <(openstack complete 2>/dev/null )

flavor

Which machine types exist.

gp      "General purpose" Well rounded combination of amount of CPUs and the amount of RAM.
hm      "High memory" Optimimzed for applications that need a lot of memory.
hp      "High performance" High frequenzy cpu.

list volumes

openstack volume list

install openstack

dnf install python3-openstackclient
dnf -y install $(dnf -q search python3- client |grep -i OpenStack | grep -v -- -tests| awk '{print $1}')

get ip addresses of all host

openstack server  list -c Networks -f json | jq -r '.[].Networks[][]'

output

-f csv,json,table,value,yaml

Get output without headers.

openstack server list -f value

list all

openstack command list -f yaml | grep - | grep list | sed 's/^  - /openstack /g' |grep -v "openstack command list" | while read i ; do echo '*' $i ; $i 2>&1 ; done | tee /tmp/openstack_list_resources.${OS_CLOUD}.$(date +%F_%H-%M-%S)
openstack command list -f json | jq -r '.[].Commands[]|select (match("list$"))' | while read i ; do echo '*' openstack $i ; openstack $i 2>&1 ; done | tee /tmp/openstack_list_resources.${OS_CLOUD}.$(date +%F_%H-%M-%S)

How to reach nodes

OPENSTACK=$(openstack server  list -c Networks -f json | jq -r '.[].Networks[][]') ; OPENSTACK_JUMP=$(grep 185 <<< "${OPENSTACK}") ; NODES=$(grep -v 185 <<< "${OPENSTACK}") ; for NODE in ${NODES} ; do echo ssh -J core@${OPENSTACK_JUMP} core@${NODE} ; done

create server

openstack server create --flavor gp.1x2 --availability-zone europe-se-1a --image fedora-37-x86_64 --boot-from-volume 100 --network abjorklund-01-5tsbc-openshift --security-group ssh_allow --key-name abjorklund_ed25519 abjorklund_$(date_file)

With setting password.

cat << EOF > user-data
#cloud-config
password: Password123!
chpasswd: {expire: False}
ssh_pwauth: True
EOF
openstack server create --flavor gp.1x2 --availability-zone europe-se-1a --image rocky-8-x86_64 --boot-from-volume 30 --network abjorklund-01-bmc7w-openshift --security-group ssh_allow --key-name abjorklund_ed25519 abjorklund_$(date_file) --user-data user-data

get router ip

List routers

openstack router list

Get external ip.

openstack router show abjorklund-01-5tsbc-external-router -c external_gateway_info -f json | jq '.external_gateway_info.external_fixed_ips[0].ip_address'
185.102.213.238

Remove subnet from router

openstack router remove subnet <router> <subnet>

list available images

openstack image list

Download image

Get info about image.

openstack image list | grep -i nord-ic-
| 98c03b69-4ba8-4276-8695-b6c3f006cf20 | nord-ic-bc84t-rhcos            | active |
glance image-download --file nord-ic-bc84t-rhcos --progress 98c03b69-4ba8-4276-8695-b6c3f006cf20

Upload image

openstack image create --disk-format qcow2 --container-format bare --public --file CentOS-7-x86_64-GenericCloud-1503.qcow2  CentOS_7_Cloud_IMG

security

Get security groups.

openstack security group list -c Name -f json | jq -r '.[].Name'

Get all security groups with rules.

openstack security group list -c Name -f value | while read SECURITY ; do openstack security group show "$SECURITY" ; done > /temp/${OS_CLOUD##*/}}_openstack_security_group_list_openstack_security_group_show.$(date_file).log

Get rules from one security group

openstack security group rule list <group>

Add rule to allow traffic from ip.

openstack security group rule create --proto tcp --dst-port 6443 --remote-ip 185.53.164.10/32 --ingress <group>

Allow nfs4 traffic

# List group to add too.
openstack security group list | grep rw-core
openstack security group rule create --proto tcp --dst-port 2049 --remote-ip 10.2.0.0/16 rw-core-p9dq6-master

create block device

openstack volume create --size 50 --type ssd --description "nfs storage block device 0" nfs_storage_abjorklund-01

Resize block device.

os volume set --size 60 nfs_storage_abjorklund-01 --os-volume-api-version 3.42

set physical ip on host

openstack port list

List in different view.

openstack port list -f json | jq -r '.[]|[.ID, .Name, .Status, ."Fixed IP Addresses"[].ip_address]| join("\t")' | column -t -s $'\t'

Change security group on port

Remove if existing port does not exist.

openstack port set --no-security-group a7434863-fc4d-46ad-b93e-b0f2f717023f
openstack port set --security-group 3723f737-280f-453e-af0b-50aca4ce1b0d a7434863-fc4d-46ad-b93e-b0f2f717023f

create port

openstack port create --network abjorklund-01-h4sxm-openshift --fixed-ip subnet=4bb2ab0c-f8f9-4346-b238-5f992f0bcf56,ip-address=10.1.0.5 abjorklund-01-h4sxm-api-port

manage loadbalancer aurora/haproxy

openstack loadbalancer
openstack loadbalancer list
openstack loadbalancer show test-lb -c listeners -f value

view limits

If you have problems to create something in openstack it could be worth verifying you are within limits.

openstack limits show --absolute -f value | grep -E 'RAM|Cores'

get project id

openstack server show $(openstack server list -f value | head -1 | awk '{print $2}') -c project_id -f value

Create s3 bucket

openstack ec2 credentials create
openstack ec2 credentials list
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID ; export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY ; export AWS_DEFAULT_REGION=us-west-2 ; aws --endpoint=https://object-eu-se-1a.binero.cloud s3api create-bucket --bucket abjorklund-test-bucket --region us-west-2

list s3 storage

swift list blabla/blabla
swift --os-storage-url https://object-eu-se-1a.binero.cloud/swift/v1/AUTH_${OS_PROJECT_ID}/sender list
export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID ; export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY ; export AWS_DEFAULT_REGION=us-west-2 ; s3fs -f -d openshift-region /mnt/openshift-region/ -o endpoint=europe-se-1 -o "host=https://object-eu-se-1a.binero.cloud" -o use_path_request_style

Interact with object storage containers specifically with the Swift service

openstack container show

whoami

openstack configuration show -f json | jq -r '."auth.username"'

sort

Sort on column name.

openstack network list --sort-column Name

selected columns

Select column name only

openstack server list -c Name -c Status -f table

create ssh public key(keypair)

openstack keypair create --public-key /home/abjorklund/.ssh/id_ed25519.pub binero_abjorklund_id_ed25519

create floating ip

openstack floating ip create europe-se-1-1a-net0

assign floating ip to port

openstack floating ip set --port abjorklund-01-h4sxm-ingress-port 193.93.251.233

assign ip to server

openstack server add floating ip binero_abjorklund_dns-lookup 193.93.248.34

restart server

openstack server reboot <server>
openstack server reboot --hard <server>

view events from server

openstack server event list <server>
openstack server event show <server> <requestid>

recovery of server using iso

Upload iso recovery.

openstack image create ubuntu-22.04.4-live-server-amd64.iso --property hw_rescue_device=cdrom --property hw_rescue_bus=scsi --disk-format iso --file ubuntu-22.04.4-live-server-amd64.iso --private --progress
openstack image create Rocky-9.3-x86_64-minimal.iso --property hw_rescue_device=cdrom --property hw_rescue_bus=scsi --disk-format iso --file Rocky-9.3-x86_64-minimal.iso --private --progress

Boot server with recovery iso.

openstack --os-compute-api-version 2.87 server rescue --image Rocky-9.3-x86_64-minimal.iso sentry_rw
openstack --os-compute-api-version 2.87 server rescue --image ubuntu-22.04.3-live-server-amd64.iso sentry_rw

When done disable rescue mode.

openstack server unrescue SERVER