OpenStack: Difference between revisions

From Cheatsheet
Jump to navigationJump to search
VisualWikitext
(Created page with "Cheatsheets == Modules == === Magnum === Magnum is used to create Kubernetes clusters.")
 
 
(36 intermediate revisions by the same user not shown)
Line 1: Line 1:
[[Category:Cheatsheet|Cheatsheets]]
[[Category:Cheatsheet|Cheatsheets]]


== Modules ==
* https://clouddocs.web.cern.ch/
 
Contents are written with kolla-ansible in mind.
 
== Common ==
=== Commands ===
<syntaxhighlight lang="bash">
# Enter OpenStack interactive mode
openstack
 
# Leave OpenStack interactive mode
exit
 
# Show all OpenStack commands and parameters
openstack --help
openstack help
 
# Show all OpenStack commands and parameters relating to the "server" parameter
openstack --help server
openstack help server
</syntaxhighlight>
 
=== OpenStack CLI client ===
* https://docs.openstack.org/newton/user-guide/common/cli-install-openstack-command-line-clients.html
* https://help.dreamhost.com/hc/en-us/articles/235817468-Getting-started-with-the-OpenStack-command-line-client
* https://pip.pypa.io/en/stable/installation/
* https://docs.openstack.org/install-guide/environment-packages-rdo.html
 
<syntaxhighlight lang="bash">
yum update
yum install python3
yum install python-openstackclient
python3 -m pip install --upgrade pip
pip3 install python-openstackclient
</syntaxhighlight>
 
<syntaxhighlight lang="bash">
# Source the OpenRC you configured or downloaded from the Horizon dashboard
source Tenant-openrc-new.sh
 
# Issue a token
openstack token issue
</syntaxhighlight>
 
== Checks ==
=== Commands ===
Some of these checks require an OpenStack admin OpenRC and for others the OpenRC of the Tenant you want to check on.
 
==== Admin ====
<syntaxhighlight lang="bash">
# List all compute nodes and hypervisors
openstack compute service list
 
# List all hypervisors (nodes hosting VMs only)
openstack hypervisor list
 
# List all network-devices used by the compute nodes
openstack network agent list
 
# List all storage-devices/enclosures
openstack volume service list
 
# List all OpenStack endpoints
openstack endpoint list
 
# List all users
openstack user list
 
# List all projects
openstack project list
 
# List all available Flavors (admin)
openstack flavor list --all
 
# Show the rights the manila user has for the service Tenant
openstack role assignment list --user manila --project service --names
</syntaxhighlight>
 
<syntaxhighlight lang="bash">
# Show all OpenStack VMs (admin)
openstack server list --all
openstack server list --all-project
 
# List all Instances but only show only the Name column
openstack server list --all-project -c Name
 
# List all Instances of the current Tenant hosted on compute-node host1
openstack server list --host host1
 
# List all existing Instances on host3 and show only the Name and Status column
openstack server list --all-project --host host3 -c Name -c Status
 
</syntaxhighlight>
 
==== Common ====
<syntaxhighlight lang="bash">
# List all available VMs for the current Tenant
openstack server list
 
# Show information of a specific VM
openstack server show as8d7as98d-aisd7-as7d86-a7s6d-asdas789d6a987d
 
# List all available Networks
openstack network list
 
# List all available Volumes
openstack volume list
 
# List all images
openstack image list
 
# Show resource-usage per hour for a month, for each project
openstack usage list
 
# Show specific Flavor information
openstack flavor show m1.small
</syntaxhighlight>
 
== Modules - CLI ==
=== Nova ===
<syntaxhighlight lang="bash">
# Deploy a CD-based Instance
nova boot --flavor c2r4 --nic net-id=asd897-as987d6-as789d-as8d76-as8d67 --block-device id=as7das90d-asd867as89d6sa9-7a6sd78as6d78,source=image,dest=volume,bus=usb,device=/dev/vdb,size=5,type=cdrom,bootindex=0  MyInstance
 
# Deploy an instance with basic parameters set
openstack server create --image ubuntu-v3 --flavor c1r1 --network mynetwork --boot-from-volume 15 --key-name richard instance0001
 
# Deploy an instance on a specific host (admin)
openstack server create --image ubuntu-v3 --flavor c1r1 --host compute02 --network mynetwork --boot-from-volume 15 --key-name richard --os-compute-api-version instance0002
 
# Stop a started VM
openstack server stop asd987-asd8-asd8-qwe9-asd89eqw7
 
# Start a stopped VM
openstack server start asd987-asd8-asd8-qwe9-asd89eqw7
 
# Change the state of a VM to active
openstack server set --state active asd987-asd8-asd8-qwe9-asd89eqw7
</syntaxhighlight>
 
==== Flavors ====
* https://docs.openstack.org/nova/latest/user/flavors.html
* https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/wallaby/app-pci-passthrough-gpu.html
* https://docs.openstack.org/nova/queens/admin/virtual-gpu.html
 
<syntaxhighlight lang="bash">
# Modify a Flavor so that it is only visible to a specific project
openstack flavor set --project 92kjd-812as-324ajs-18asd-fhpo4 c4r2
 
# Create a publically accessible flavor, 0 disk value because you want minimum required size to be defined by your Images instead
openstack flavor create c4r2 --id c4.r2 --ram 2048 --disk 0 --vcpus 4
 
# Flavor accounting for terrible Windows hardware socket-limits
openstack flavor create c16r128 --id c16.r128 --ram 131072 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16
 
# Private Flavor only accessible to Tenants you specify
openstack flavor create c16r4 --id c16.r4 --ram 4096 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16 --private
 
# Use the pci_passthrough:alias parameter to specify a PCI-alias (GPU) to 'bind' to the Flavor
openstack flavor create gpu-h100_c8r128 --id gpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property "pci_passthrough:alias"="gpu:1" --private
 
# vGPU version, assuming VGPU types have been enabled
openstack flavor create vgpu-h100_c8r128 --id vgpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property --property resources:VGPU=1 --private
</syntaxhighlight>
 
=== Neutron ===
* https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network.html
* https://docs.openstack.org/ocata/user-guide/cli-create-and-manage-networks.html
 
<syntaxhighlight lang="bash">
# VLAN 77 tagged network
openstack network create --provider-physical-network my-trunk-network --provider-network-type vlan --provider-segment 77 --project MyTenant --internal MyNetwork
 
# Add a Subnet to the new network
openstack subnet create --project MyTenant --network MyNetwork --subnet-range 192.168.77.0/24 --gateway 192.168.77.1 --allocation-pool start=192.168.77.100,end=192.168.77.200 --dns-nameserver 192.168.77.1 --dns-nameserver 8.8.8.8 MyNetwork-Subnet
 
#  Create an interface within a subnet, with port-security disabled
openstack port create --project MyTenant --network MyNetwork --fixed-ip ip-address=192.168.77.2 --disable-port-security VLAN77-host02
</syntaxhighlight>
 
==== Security Groups ====
* https://docs.openstack.org/nova/queens/admin/security-groups.html
 
<syntaxhighlight lang="bash">
openstack security group create --description "Generic access rules for MyTenant Instances." --project MyTenant MyTenant-Security
 
# Allow ingress ICMP traffic on the local network
openstack security group rule create --project MyTenant --description "Allow ICMP for Instances on the local network" --protocol icmp --ingress --ethertype IPv4 --remote-ip 192.168.77.0/24 MyTenant-Security
 
# Allow ingress SSH access from a specific IP
openstack security group rule create --project MyTenant --description "Allow SSH access from my office" --protocol tcp --ingress --ethertype IPv4 --remote-ip 1.2.3.4/32 --dst-port 22 MyTenant-Security
</syntaxhighlight>
 
=== Glance ===
Tenant example: '''as8d76asd976ds798a6d78sa95das7968d5as978''' </br>
Image example: '''as7das90d-asd867as89d6sa9-7a6sd78as6d78'''
 
<syntaxhighlight lang="bash">
# List all available images for the current Tenant
openstack image list
 
# Set an Image owner to a specific project
openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --project as8d76asd976ds798a6d78sa95das7968d5as978
 
# Set an image to Private
openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --private
</syntaxhighlight>
 
==== Image sharing ====
<syntaxhighlight lang="bash">
# From the Image owners' OpenRC
openstack image add project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978
 
# Verify status of the shared image
openstack image member list as7das90d-asd867as89d6sa9-7a6sd78as6d78
 
# Source the receiving Tenant's OpenRC
# Accept the image
openstack image set --accept as7das90d-asd867as89d6sa9-7a6sd78as6d78
 
# Stop sharing from the owners' OpenRC
openstack image remove project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978
</syntaxhighlight>
 
=== Magnum ===
=== Magnum ===
Magnum is used to create Kubernetes clusters.
Magnum is used to create Kubernetes clusters.
<syntaxhighlight lang="bash">
# Check the Tenants' Overview tab to verify sufficient Quota has been assigned for the new nodes.
# Source the relevant OpenRC file.
# Create a Magnum template.
openstack coe cluster template create --coe kubernetes --image fedora-coreos-36 --external-network Internet-network --network-driver flannel --dns-nameserver 1.1.1.1 --master-flavor c2r4 --flavor c2r4 --docker-storage-driver overlay2 MyTemplate-v1.00
# Deploy cluster based on previously created template.
openstack coe cluster create --cluster-template MyTemplate-v1.00 --keypair MyKeyPair-2023 --master-count 1 --node-count 2 --master-flavor c1r4 --flavor c2r4 --fixed-network Tenant-Tnternal-Network --fixed-subnet Tenant-Tnternal-Network_Subnet --floating-ip-disabled MyClusterName-v1.00
</syntaxhighlight>
== Other ==
=== Migrate Hyper-V VM to OpenStack ===
<pre>
Install Virtio drivers: https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/
Apply CloudInit: https://cloudbase.it/cloudbase-init/#download
Disable Secure boot for VM on Hyper-V if enabled.
Convert Hyper-V VHDX -> VHD
Convert VHD -> QCOW2
Convert QCOW2 -> RAW
Upload Image to OpenStack
Open Openstack CLI
Modify the OpenStack Image: openstack image set –property hw_firmware_type=’uefi’ –property hw_machine_type=’q35’ –property architecture=’x86_64’ MyImage
Deploy an Instance based on the Image
</pre>
== Infrastructure management ==
<syntaxhighlight lang="bash">
# Enter bash in the gnocchi-statsd container and check the status of healthcheck_port
docker exec -it gnocchi-statsd /bin/bash
cat /usr/local/bin/healthcheck_port
</syntaxhighlight>

Latest revision as of 20:18, 12 April 2024


Contents are written with kolla-ansible in mind.

Common

Commands

# Enter OpenStack interactive mode
openstack

# Leave OpenStack interactive mode
exit

# Show all OpenStack commands and parameters
openstack --help
openstack help

# Show all OpenStack commands and parameters relating to the "server" parameter
openstack --help server
openstack help server

OpenStack CLI client

yum update
yum install python3
yum install python-openstackclient
python3 -m pip install --upgrade pip
pip3 install python-openstackclient
# Source the OpenRC you configured or downloaded from the Horizon dashboard
source Tenant-openrc-new.sh

# Issue a token
openstack token issue

Checks

Commands

Some of these checks require an OpenStack admin OpenRC and for others the OpenRC of the Tenant you want to check on.

Admin

# List all compute nodes and hypervisors
openstack compute service list 

# List all hypervisors (nodes hosting VMs only)
openstack hypervisor list

# List all network-devices used by the compute nodes
openstack network agent list 

# List all storage-devices/enclosures
openstack volume service list 

# List all OpenStack endpoints
openstack endpoint list

# List all users
openstack user list 

# List all projects
openstack project list

# List all available Flavors (admin)
openstack flavor list --all

# Show the rights the manila user has for the service Tenant
openstack role assignment list --user manila --project service --names
# Show all OpenStack VMs (admin)
openstack server list --all
openstack server list --all-project

# List all Instances but only show only the Name column
openstack server list --all-project -c Name

# List all Instances of the current Tenant hosted on compute-node host1
openstack server list --host host1

# List all existing Instances on host3 and show only the Name and Status column
openstack server list --all-project --host host3 -c Name -c Status

Common

# List all available VMs for the current Tenant
openstack server list

# Show information of a specific VM
openstack server show as8d7as98d-aisd7-as7d86-a7s6d-asdas789d6a987d

# List all available Networks
openstack network list

# List all available Volumes
openstack volume list

# List all images
openstack image list 

# Show resource-usage per hour for a month, for each project
openstack usage list 

# Show specific Flavor information
openstack flavor show m1.small

Modules - CLI

Nova

# Deploy a CD-based Instance
nova boot --flavor c2r4 --nic net-id=asd897-as987d6-as789d-as8d76-as8d67 --block-device id=as7das90d-asd867as89d6sa9-7a6sd78as6d78,source=image,dest=volume,bus=usb,device=/dev/vdb,size=5,type=cdrom,bootindex=0  MyInstance

# Deploy an instance with basic parameters set
openstack server create --image ubuntu-v3 --flavor c1r1 --network mynetwork --boot-from-volume 15 --key-name richard instance0001

# Deploy an instance on a specific host (admin)
openstack server create --image ubuntu-v3 --flavor c1r1 --host compute02 --network mynetwork --boot-from-volume 15 --key-name richard --os-compute-api-version instance0002

# Stop a started VM
openstack server stop asd987-asd8-asd8-qwe9-asd89eqw7

# Start a stopped VM
openstack server start asd987-asd8-asd8-qwe9-asd89eqw7

# Change the state of a VM to active
openstack server set --state active asd987-asd8-asd8-qwe9-asd89eqw7

Flavors

# Modify a Flavor so that it is only visible to a specific project
openstack flavor set --project 92kjd-812as-324ajs-18asd-fhpo4 c4r2

# Create a publically accessible flavor, 0 disk value because you want minimum required size to be defined by your Images instead
openstack flavor create c4r2 --id c4.r2 --ram 2048 --disk 0 --vcpus 4

# Flavor accounting for terrible Windows hardware socket-limits
openstack flavor create c16r128 --id c16.r128 --ram 131072 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16

# Private Flavor only accessible to Tenants you specify
openstack flavor create c16r4 --id c16.r4 --ram 4096 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16 --private

# Use the pci_passthrough:alias parameter to specify a PCI-alias (GPU) to 'bind' to the Flavor
openstack flavor create gpu-h100_c8r128 --id gpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property "pci_passthrough:alias"="gpu:1" --private

# vGPU version, assuming VGPU types have been enabled
openstack flavor create vgpu-h100_c8r128 --id vgpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property --property resources:VGPU=1 --private

Neutron

# VLAN 77 tagged network
openstack network create --provider-physical-network my-trunk-network --provider-network-type vlan --provider-segment 77 --project MyTenant --internal MyNetwork

# Add a Subnet to the new network
openstack subnet create --project MyTenant --network MyNetwork --subnet-range 192.168.77.0/24 --gateway 192.168.77.1 --allocation-pool start=192.168.77.100,end=192.168.77.200 --dns-nameserver 192.168.77.1 --dns-nameserver 8.8.8.8 MyNetwork-Subnet

#  Create an interface within a subnet, with port-security disabled
openstack port create --project MyTenant --network MyNetwork --fixed-ip ip-address=192.168.77.2 --disable-port-security VLAN77-host02

Security Groups

openstack security group create --description "Generic access rules for MyTenant Instances." --project MyTenant MyTenant-Security

# Allow ingress ICMP traffic on the local network
openstack security group rule create --project MyTenant --description "Allow ICMP for Instances on the local network" --protocol icmp --ingress --ethertype IPv4 --remote-ip 192.168.77.0/24 MyTenant-Security

# Allow ingress SSH access from a specific IP
openstack security group rule create --project MyTenant --description "Allow SSH access from my office" --protocol tcp --ingress --ethertype IPv4 --remote-ip 1.2.3.4/32 --dst-port 22 MyTenant-Security

Glance

Tenant example: as8d76asd976ds798a6d78sa95das7968d5as978
Image example: as7das90d-asd867as89d6sa9-7a6sd78as6d78 

# List all available images for the current Tenant
openstack image list

# Set an Image owner to a specific project
openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --project as8d76asd976ds798a6d78sa95das7968d5as978

# Set an image to Private
openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --private

Image sharing

# From the Image owners' OpenRC
openstack image add project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978

# Verify status of the shared image
openstack image member list as7das90d-asd867as89d6sa9-7a6sd78as6d78

# Source the receiving Tenant's OpenRC
# Accept the image
 openstack image set --accept as7das90d-asd867as89d6sa9-7a6sd78as6d78

# Stop sharing from the owners' OpenRC
 openstack image remove project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978

Magnum

Magnum is used to create Kubernetes clusters. 

# Check the Tenants' Overview tab to verify sufficient Quota has been assigned for the new nodes.
# Source the relevant OpenRC file.

# Create a Magnum template.
openstack coe cluster template create --coe kubernetes --image fedora-coreos-36 --external-network Internet-network --network-driver flannel --dns-nameserver 1.1.1.1 --master-flavor c2r4 --flavor c2r4 --docker-storage-driver overlay2 MyTemplate-v1.00

# Deploy cluster based on previously created template.
openstack coe cluster create --cluster-template MyTemplate-v1.00 --keypair MyKeyPair-2023 --master-count 1 --node-count 2 --master-flavor c1r4 --flavor c2r4 --fixed-network Tenant-Tnternal-Network --fixed-subnet Tenant-Tnternal-Network_Subnet --floating-ip-disabled MyClusterName-v1.00

Other

Migrate Hyper-V VM to OpenStack

Install Virtio drivers: https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/
Apply CloudInit: https://cloudbase.it/cloudbase-init/#download
Disable Secure boot for VM on Hyper-V if enabled.
Convert Hyper-V VHDX -> VHD
Convert VHD -> QCOW2
Convert QCOW2 -> RAW
Upload Image to OpenStack
Open Openstack CLI
Modify the OpenStack Image: openstack image set –property hw_firmware_type=’uefi’ –property hw_machine_type=’q35’ –property architecture=’x86_64’ MyImage
Deploy an Instance based on the Image

Infrastructure management

# Enter bash in the gnocchi-statsd container and check the status of healthcheck_port
docker exec -it gnocchi-statsd /bin/bash
cat /usr/local/bin/healthcheck_port
Retrieved from "https://wiki.brammerloo.nl/index.php?title=OpenStack&oldid=647"