OpenStack
Siehe auch
Komponenten
Funktion |
Name der Komponente in OpenStack |
---|---|
Identity |
Keystone |
Images |
Glance |
Compute |
Nova |
Networking |
Neutron |
Block Storage |
Cinder |
Object Storage |
Swift |
OpenStack.rc File
Beispiel:
export OS_AUTH_URL=https://api.pub1.infomaniak.cloud/identity/v3
export OS_PROJECT_NAME=PCP-08154711
export OS_PROJECT_DOMAIN_NAME=default
export OS_USERNAME=PCU-08154711
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_ID=d45356a7-4d01-4c5f-b560-38a8f24e521b
export OS_IDENTITY_API_VERSION=3
export OS_INTERFACE=public
export OS_REGION_NAME=dc3-a
# To avoid being prompted for your password each time,
# write your password below and uncomment the line
OS_PASSWORD='linuxfabrik'
[ -z "$OS_PASSWORD" ] && read -e -p "Please enter your OpenStack Password for project $OS_PROJECT_NAME as user $OS_USERNAME: " OS_PASSWORD
export OS_PASSWORD
Umgang mit dem openstack CLI
source path/to/openstack.rc-file
openstack project list
openstack flavor list
openstack image list
openstack volume list
openstack container create <container>
openstack container list
openstack container show <container>
openstack container delete --recursive <container> # swift delete <container> works much faster
# s3
openstack ec2 credentials create
openstack ec2 credentials list
openstack server create --image "Debian 11.4 bullseye" --flavor a2-ram4-disk20-perf1 --key-name mykeypair --network ext-net1 infomaniak-vm-1
openstack server show <server>
openstack security group create --description "WordPress (80 - 443 - 22)" WordPress
openstack security group rule create --dst-port 443 --protocol TCP WordPress
openstack security group rule create --ingress --protocol tcp --dst-port 22 --ethertype IPv4 default
Rescue eines nicht-bootenden Servers
Folgendes Scenario:
Der
server1
bootet nicht mehr, mit der Grub2-FehlermeldungDatei 'grub2/i386-pc/normal.mod' nicht gefunden
.Der Server hat eine 20GB Disk, direkt durch seinen OpenStack-Flavor.
Zusätzlich hat der Server ein 50GB Volume als
/dev/vdb
.Beide Platten sind per LVM gemountet und werden unter anderem für die
/
Partition verwendet.
Ziel ist es, den Grub2-Bootloader per grub2-install
wiederherzustellen.
Dies ist jedoch nicht so einfach über OpenStack möglich.
Ein normaler Rescue-Vorgang funktioniert im OpenStack wie folgt:
Man startet den Vorgang entweder per WebGUI oder openstack rescue
.
Dabei kann man auswählen, welches Image gebootet werden soll.
Hier empfiehlt es sich, möglichst die gleiche Distribution und Version wie das zu rettende System zu verwenden.
Nun kommt aber die Krux: OpenStack mountet beim Rescue keine Volumes, sondern nur die Disk vom Flavor.
Das bedeutet, dass LVM nicht vollständig ist und daher nicht ohne weiteres verwendet werden kann.
Wenn man sich die OpenStack-Doku genauer zu Gemüte führt, findet man die hw_rescue_device
-Option.
Diese steuert (wie man hier erfährt)
wie das Rescue-Image eingebunden wird, zum Beispiel als USB-Stick oder CD-ROM.
Damit soll verhindert werden, dass sich die Laufwerksbuchstaben ändern (vorher war das Rescue-Image immer sda
) und auch alle Volumes gemountet werden.
openstack server stop server1
# takes 2 to 3 mins to force off
openstack server show server1
# upload local iso image
openstack image create --file Rocky-8.8-x86_64-dvd1.iso --disk-format iso --container-format bare Rocky-8.8-x86_64-dvd1.iso --progress
openstack image set --property hw_rescue_bus=usb Rocky-8.8-x86_64-dvd1.iso
openstack --os-compute-api-version 2.87 server rescue --image 'Rocky-8.8-x86_64-dvd1.iso' server1
Man kommt bis zum Boot-Menu, und kann auch Troubleshooting > Rescue a RHEL system anwählen, allerdings bekommnt man danach keinen Ouput mehr (weder auf der Console noch im Log).
Wenn man ohne die Option hw_rescue_bus
bootet, kommt man bis zur Shell:
openstack image unset --property hw_rescue_bus 'Rocky-8.8-x86_64-dvd1.iso'
In der Shell hat man aber leider kein Grub2, und kann diesen wegen fehlenden Repo-Files auch nicht so einfach installieren. Daher also der nächste Versuch mit einer Rocky8 LiveCD:
openstack image create --file Rocky-8-Workstation-Lite-x86_64-latest.iso --disk-format iso --container-format bare Rocky-8-Workstation-Lite-x86_64-latest.iso --progress
openstack server rescue --image 'Rocky-8-Workstation-Lite-x86_64-latest.iso' server1
# works, but only first disk
Nun hat man aber nur Zugriff auf die erste Disk, daher kann man kein chroot
machen.
Ein grub2-install
funktioniert trotzdem:
sudo -i
mount /dev/vdb2 /mnt
ll /mnt
# server is completely missing the "grub2" folder
grub2-install --boot-directory /mnt /dev/vdb
ll /mnt
# has a grub2 folder
umount /mnt
reboot
Nach dem Booten erhält man jetzt eine grub>
-Shell, da die Grub-Config noch fehlt.
Erfolgslos versucht, direkt per Grub-Shell zu booten:
ls
# find /boot
ls (hd,msdos2)
set root=(hd,msdos2)
insmod lvm
linux /vmlinuz-4.18.0-477.13.1.el8_8.x86_64 root=/dev/mapper/rl-root ro rd.break
initrd /initramfs-4.18.0-477.13.1.el8_8.x86_64.img
boot
Also wurde nochmals mit der LiveCD gebootet, und die /boot/grub2/grub.cfg
aus dem letzten Backup wiederhergestellt.
Jetzt kommt man bis zum Grub2-Bootloader und kann dort den „rescue“-Kernel auswählen, um die Grub-Config neu zu generieren:
grub2-mkconfig -o /boot/grub2/grub.cfg
dnf reinstall 'kernel*'
# default is an kernel. adjust to newest
grubby --info ALL
grubby --default-index
grubby --set-default 0
reboot
OpenStack CLI Cheat Sheet
Application commands (type help <topic>):
=========================================
access rule delete
access rule list
access rule show
access token create
address group create
address group delete
address group list
address group set
address group show
address group unset
address scope create
address scope delete
address scope list
address scope set
address scope show
aggregate add host
aggregate cache image
aggregate create
aggregate delete
aggregate list
aggregate remove host
aggregate set
aggregate show
aggregate unset
application credential create
application credential delete
application credential list
application credential show
availability zone list
bgp dragent add speaker
bgp dragent list
bgp dragent remove speaker
bgp peer create
bgp peer delete
bgp peer list
bgp peer set
bgp peer show
bgp speaker add network
bgp speaker add peer
bgp speaker create
bgp speaker delete
bgp speaker list
bgp speaker list advertised routes
bgp speaker remove network
bgp speaker remove peer
bgp speaker set
bgp speaker show
bgp speaker show dragents
bgpvpn create
bgpvpn delete
bgpvpn list
bgpvpn network association create
bgpvpn network association delete
bgpvpn network association list
bgpvpn network association show
bgpvpn port association create
bgpvpn port association delete
bgpvpn port association list
bgpvpn port association set
bgpvpn port association show
bgpvpn port association unset
bgpvpn router association create
bgpvpn router association delete
bgpvpn router association list
bgpvpn router association set
bgpvpn router association show
bgpvpn router association unset
bgpvpn set
bgpvpn show
bgpvpn unset
catalog list
catalog show
command list
complete
compute agent create
compute agent delete
compute agent list
compute agent set
compute service delete
compute service list
compute service set
configuration show
consistency group add volume
consistency group create
consistency group delete
consistency group list
consistency group remove volume
consistency group set
consistency group show
consistency group snapshot create
consistency group snapshot delete
consistency group snapshot list
consistency group snapshot show
console log show
console url show
consumer create
consumer delete
consumer list
consumer set
consumer show
container create
container delete
container list
container save
container set
container show
container unset
credential create
credential delete
credential list
credential set
credential show
domain create
domain delete
domain list
domain set
domain show
ec2 credentials create
ec2 credentials delete
ec2 credentials list
ec2 credentials show
endpoint add project
endpoint create
endpoint delete
endpoint group add project
endpoint group create
endpoint group delete
endpoint group list
endpoint group remove project
endpoint group set
endpoint group show
endpoint list
endpoint remove project
endpoint set
endpoint show
extension list
extension show
federation domain list
federation project list
federation protocol create
federation protocol delete
federation protocol list
federation protocol set
federation protocol show
firewall group create
firewall group delete
firewall group list
firewall group policy add rule
firewall group policy create
firewall group policy delete
firewall group policy list
firewall group policy remove rule
firewall group policy set
firewall group policy show
firewall group policy unset
firewall group rule create
firewall group rule delete
firewall group rule list
firewall group rule set
firewall group rule show
firewall group rule unset
firewall group set
firewall group show
firewall group unset
flavor create
flavor delete
flavor list
flavor set
flavor show
flavor unset
floating ip create
floating ip delete
floating ip list
floating ip pool list
floating ip port forwarding create
floating ip port forwarding delete
floating ip port forwarding list
floating ip port forwarding set
floating ip port forwarding show
floating ip set
floating ip show
floating ip unset
group add user
group contains user
group create
group delete
group list
group remove user
group set
group show
help
host list
host set
host show
hypervisor list
hypervisor show
hypervisor stats show
identity provider create
identity provider delete
identity provider list
identity provider set
identity provider show
image add project
image create
image delete
image list
image member list
image remove project
image save
image set
image show
image unset
implied role create
implied role delete
implied role list
ip availability list
ip availability show
keypair create
keypair delete
keypair list
keypair show
limit create
limit delete
limit list
limit set
limit show
limits show
mapping create
mapping delete
mapping list
mapping set
mapping show
module list
network agent add network
network agent add router
network agent delete
network agent list
network agent remove network
network agent remove router
network agent set
network agent show
network auto allocated topology create
network auto allocated topology delete
network create
network delete
network flavor add profile
network flavor create
network flavor delete
network flavor list
network flavor profile create
network flavor profile delete
network flavor profile list
network flavor profile set
network flavor profile show
network flavor remove profile
network flavor set
network flavor show
network list
network log create
network log delete
network log list
network log set
network log show
network loggable resources list
network meter create
network meter delete
network meter list
network meter rule create
network meter rule delete
network meter rule list
network meter rule show
network meter show
network onboard subnets
network qos policy create
network qos policy delete
network qos policy list
network qos policy set
network qos policy show
network qos rule create
network qos rule delete
network qos rule list
network qos rule set
network qos rule show
network qos rule type list
network qos rule type show
network rbac create
network rbac delete
network rbac list
network rbac set
network rbac show
network segment create
network segment delete
network segment list
network segment range create
network segment range delete
network segment range list
network segment range set
network segment range show
network segment set
network segment show
network service provider list
network set
network show
network subport list
network trunk create
network trunk delete
network trunk list
network trunk set
network trunk show
network trunk unset
network unset
object create
object delete
object list
object save
object set
object show
object store account set
object store account show
object store account unset
object unset
policy create
policy delete
policy list
policy set
policy show
port create
port delete
port list
port set
port show
port unset
project cleanup
project create
project delete
project list
project purge
project set
project show
quota list
quota set
quota show
region create
region delete
region list
region set
region show
registered limit create
registered limit delete
registered limit list
registered limit set
registered limit show
request token authorize
request token create
role add
role assignment list
role create
role delete
role list
role remove
role set
role show
router add port
router add route
router add subnet
router create
router delete
router list
router remove port
router remove route
router remove subnet
router set
router show
router unset
security group create
security group delete
security group list
security group rule create
security group rule delete
security group rule list
security group rule show
security group set
security group show
security group unset
server add fixed ip
server add floating ip
server add network
server add port
server add security group
server add volume
server backup create
server create
server delete
server dump create
server evacuate
server event list
server event show
server group create
server group delete
server group list
server group show
server image create
server list
server lock
server migrate
server migrate confirm
server migrate revert
server migration abort
server migration confirm
server migration force complete
server migration list
server migration revert
server migration show
server pause
server reboot
server rebuild
server remove fixed ip
server remove floating ip
server remove network
server remove port
server remove security group
server remove volume
server rescue
server resize
server resize confirm
server resize revert
server restore
server resume
server set
server shelve
server show
server ssh
server start
server stop
server suspend
server unlock
server unpause
server unrescue
server unset
server unshelve
server volume list
server volume update
service create
service delete
service list
service provider create
service provider delete
service provider list
service provider set
service provider show
service set
service show
sfc flow classifier create
sfc flow classifier delete
sfc flow classifier list
sfc flow classifier set
sfc flow classifier show
sfc port chain create
sfc port chain delete
sfc port chain list
sfc port chain set
sfc port chain show
sfc port chain unset
sfc port pair create
sfc port pair delete
sfc port pair group create
sfc port pair group delete
sfc port pair group list
sfc port pair group set
sfc port pair group show
sfc port pair group unset
sfc port pair list
sfc port pair set
sfc port pair show
sfc service graph create
sfc service graph delete
sfc service graph list
sfc service graph set
sfc service graph show
subnet create
subnet delete
subnet list
subnet pool create
subnet pool delete
subnet pool list
subnet pool set
subnet pool show
subnet pool unset
subnet set
subnet show
subnet unset
token issue
token revoke
trust create
trust delete
trust list
trust show
usage list
usage show
user create
user delete
user list
user password set
user set
user show
versions show
volume backup create
volume backup delete
volume backup list
volume backup record export
volume backup record import
volume backup restore
volume backup set
volume backup show
volume create
volume delete
volume host set
volume list
volume migrate
volume qos associate
volume qos create
volume qos delete
volume qos disassociate
volume qos list
volume qos set
volume qos show
volume qos unset
volume service list
volume service set
volume set
volume show
volume snapshot create
volume snapshot delete
volume snapshot list
volume snapshot set
volume snapshot show
volume snapshot unset
volume transfer request accept
volume transfer request create
volume transfer request delete
volume transfer request list
volume transfer request show
volume type create
volume type delete
volume type list
volume type set
volume type show
volume type unset
volume unset
vpn endpoint group create
vpn endpoint group delete
vpn endpoint group list
vpn endpoint group set
vpn endpoint group show
vpn ike policy create
vpn ike policy delete
vpn ike policy list
vpn ike policy set
vpn ike policy show
vpn ipsec policy create
vpn ipsec policy delete
vpn ipsec policy list
vpn ipsec policy set
vpn ipsec policy show
vpn ipsec site connection create
vpn ipsec site connection delete
vpn ipsec site connection list
vpn ipsec site connection set
vpn ipsec site connection show
vpn service create
vpn service delete
vpn service list
vpn service set
vpn service show