OpenStack: Difference between revisions
From Cheatsheet
Jump to navigationJump to search
(→Nova) |
|||
| (22 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
* https://clouddocs.web.cern.ch/ | * https://clouddocs.web.cern.ch/ | ||
== OpenStack CLI client == | Contents are written with kolla-ansible in mind. | ||
== Common == | |||
=== Commands === | |||
<syntaxhighlight lang="bash"> | |||
# Enter OpenStack interactive mode | |||
openstack | |||
# Leave OpenStack interactive mode | |||
exit | |||
# Show all OpenStack commands and parameters | |||
openstack --help | |||
openstack help | |||
# Show all OpenStack commands and parameters relating to the "server" parameter | |||
openstack --help server | |||
openstack help server | |||
</syntaxhighlight> | |||
=== OpenStack CLI client === | |||
* https://docs.openstack.org/newton/user-guide/common/cli-install-openstack-command-line-clients.html | * https://docs.openstack.org/newton/user-guide/common/cli-install-openstack-command-line-clients.html | ||
* https://help.dreamhost.com/hc/en-us/articles/235817468-Getting-started-with-the-OpenStack-command-line-client | * https://help.dreamhost.com/hc/en-us/articles/235817468-Getting-started-with-the-OpenStack-command-line-client | ||
| Line 25: | Line 45: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== | == Checks == | ||
=== Commands === | === Commands === | ||
Some of these checks require an OpenStack admin OpenRC and for others the OpenRC of the Tenant you want to check on. | Some of these checks require an OpenStack admin OpenRC and for others the OpenRC of the Tenant you want to check on. | ||
==== Admin ==== | |||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# List all compute nodes | # List all compute nodes and hypervisors | ||
openstack compute service list | openstack compute service list | ||
# List all hypervisors (nodes hosting VMs only) | |||
openstack hypervisor list | |||
# List all network-devices used by the compute nodes | # List all network-devices used by the compute nodes | ||
| Line 53: | Line 62: | ||
# List all storage-devices/enclosures | # List all storage-devices/enclosures | ||
openstack volume service list | openstack volume service list | ||
# List all OpenStack endpoints | |||
openstack endpoint list | |||
# List all users | # List all users | ||
| Line 58: | Line 70: | ||
# List all projects | # List all projects | ||
openstack project list | openstack project list | ||
# List all available Flavors (admin) | |||
openstack flavor list --all | |||
# Show the rights the manila user has for the service Tenant | |||
openstack role assignment list --user manila --project service --names | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="bash"> | |||
# Show all OpenStack VMs (admin) | # Show all OpenStack VMs (admin) | ||
openstack server list --all | openstack server list --all | ||
openstack server list --all-project | |||
# List all Instances but only show only the Name column | |||
openstack server list --all-project -c Name | |||
# List all Instances of the current Tenant hosted on compute-node host1 | |||
openstack server list --host host1 | |||
# List all existing Instances on host3 and show only the Name and Status column | |||
openstack server list --all-project --host host3 -c Name -c Status | |||
</syntaxhighlight> | |||
# List all available VMs | ==== Common ==== | ||
<syntaxhighlight lang="bash"> | |||
# List all available VMs for the current Tenant | |||
openstack server list | openstack server list | ||
| Line 80: | Line 114: | ||
# Show resource-usage per hour for a month, for each project | # Show resource-usage per hour for a month, for each project | ||
openstack usage list | openstack usage list | ||
# Show specific Flavor information | # Show specific Flavor information | ||
| Line 93: | Line 124: | ||
# Deploy a CD-based Instance | # Deploy a CD-based Instance | ||
nova boot --flavor c2r4 --nic net-id=asd897-as987d6-as789d-as8d76-as8d67 --block-device id=as7das90d-asd867as89d6sa9-7a6sd78as6d78,source=image,dest=volume,bus=usb,device=/dev/vdb,size=5,type=cdrom,bootindex=0 MyInstance | nova boot --flavor c2r4 --nic net-id=asd897-as987d6-as789d-as8d76-as8d67 --block-device id=as7das90d-asd867as89d6sa9-7a6sd78as6d78,source=image,dest=volume,bus=usb,device=/dev/vdb,size=5,type=cdrom,bootindex=0 MyInstance | ||
# Deploy an instance with basic parameters set | |||
openstack server create --image ubuntu-v3 --flavor c1r1 --network mynetwork --boot-from-volume 15 --key-name richard instance0001 | |||
# Deploy an instance on a specific host (admin) | |||
openstack server create --image ubuntu-v3 --flavor c1r1 --host compute02 --network mynetwork --boot-from-volume 15 --key-name richard --os-compute-api-version instance0002 | |||
# Stop a started VM | |||
openstack server stop asd987-asd8-asd8-qwe9-asd89eqw7 | |||
# Start a stopped VM | |||
openstack server start asd987-asd8-asd8-qwe9-asd89eqw7 | |||
# Change the state of a VM to active | |||
openstack server set --state active asd987-asd8-asd8-qwe9-asd89eqw7 | |||
</syntaxhighlight> | |||
==== Flavors ==== | |||
* https://docs.openstack.org/nova/latest/user/flavors.html | |||
* https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/wallaby/app-pci-passthrough-gpu.html | |||
* https://docs.openstack.org/nova/queens/admin/virtual-gpu.html | |||
<syntaxhighlight lang="bash"> | |||
# Modify a Flavor so that it is only visible to a specific project | |||
openstack flavor set --project 92kjd-812as-324ajs-18asd-fhpo4 c4r2 | |||
# Create a publically accessible flavor, 0 disk value because you want minimum required size to be defined by your Images instead | |||
openstack flavor create c4r2 --id c4.r2 --ram 2048 --disk 0 --vcpus 4 | |||
# Flavor accounting for terrible Windows hardware socket-limits | |||
openstack flavor create c16r128 --id c16.r128 --ram 131072 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16 | |||
# Private Flavor only accessible to Tenants you specify | |||
openstack flavor create c16r4 --id c16.r4 --ram 4096 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16 --private | |||
# Use the pci_passthrough:alias parameter to specify a PCI-alias (GPU) to 'bind' to the Flavor | |||
openstack flavor create gpu-h100_c8r128 --id gpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property "pci_passthrough:alias"="gpu:1" --private | |||
# vGPU version, assuming VGPU types have been enabled | |||
openstack flavor create vgpu-h100_c8r128 --id vgpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property --property resources:VGPU=1 --private | |||
</syntaxhighlight> | |||
=== Neutron === | |||
* https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network.html | |||
* https://docs.openstack.org/ocata/user-guide/cli-create-and-manage-networks.html | |||
<syntaxhighlight lang="bash"> | |||
# VLAN 77 tagged network | |||
openstack network create --provider-physical-network my-trunk-network --provider-network-type vlan --provider-segment 77 --project MyTenant --internal MyNetwork | |||
# Add a Subnet to the new network | |||
openstack subnet create --project MyTenant --network MyNetwork --subnet-range 192.168.77.0/24 --gateway 192.168.77.1 --allocation-pool start=192.168.77.100,end=192.168.77.200 --dns-nameserver 192.168.77.1 --dns-nameserver 8.8.8.8 MyNetwork-Subnet | |||
# Create an interface within a subnet, with port-security disabled | |||
openstack port create --project MyTenant --network MyNetwork --fixed-ip ip-address=192.168.77.2 --disable-port-security VLAN77-host02 | |||
</syntaxhighlight> | |||
==== Security Groups ==== | |||
* https://docs.openstack.org/nova/queens/admin/security-groups.html | |||
<syntaxhighlight lang="bash"> | |||
openstack security group create --description "Generic access rules for MyTenant Instances." --project MyTenant MyTenant-Security | |||
# Allow ingress ICMP traffic on the local network | |||
openstack security group rule create --project MyTenant --description "Allow ICMP for Instances on the local network" --protocol icmp --ingress --ethertype IPv4 --remote-ip 192.168.77.0/24 MyTenant-Security | |||
# Allow ingress SSH access from a specific IP | |||
openstack security group rule create --project MyTenant --description "Allow SSH access from my office" --protocol tcp --ingress --ethertype IPv4 --remote-ip 1.2.3.4/32 --dst-port 22 MyTenant-Security | |||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 142: | Line 241: | ||
== Other == | == Other == | ||
=== Migrate Hyper-V VM to OpenStack === | === Migrate Hyper-V VM to OpenStack === | ||
<pre> | |||
Install Virtio drivers: https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/ | |||
Apply CloudInit: https://cloudbase.it/cloudbase-init/#download | |||
Disable Secure boot for VM on Hyper-V if enabled. | |||
Convert Hyper-V VHDX -> VHD | |||
Convert VHD -> QCOW2 | |||
Convert QCOW2 -> RAW | |||
Upload Image to OpenStack | |||
Open Openstack CLI | |||
Modify the OpenStack Image: openstack image set –property hw_firmware_type=’uefi’ –property hw_machine_type=’q35’ –property architecture=’x86_64’ MyImage | |||
Deploy an Instance based on the Image | |||
</pre> | |||
== Infrastructure management == | |||
<syntaxhighlight lang="bash"> | |||
# Enter bash in the gnocchi-statsd container and check the status of healthcheck_port | |||
docker exec -it gnocchi-statsd /bin/bash | |||
cat /usr/local/bin/healthcheck_port | |||
</syntaxhighlight> | |||
Latest revision as of 20:18, 12 April 2024
Contents are written with kolla-ansible in mind.
Common
Commands
# Enter OpenStack interactive mode openstack # Leave OpenStack interactive mode exit # Show all OpenStack commands and parameters openstack --help openstack help # Show all OpenStack commands and parameters relating to the "server" parameter openstack --help server openstack help server
OpenStack CLI client
- https://docs.openstack.org/newton/user-guide/common/cli-install-openstack-command-line-clients.html
- https://help.dreamhost.com/hc/en-us/articles/235817468-Getting-started-with-the-OpenStack-command-line-client
- https://pip.pypa.io/en/stable/installation/
- https://docs.openstack.org/install-guide/environment-packages-rdo.html
yum update yum install python3 yum install python-openstackclient python3 -m pip install --upgrade pip pip3 install python-openstackclient
# Source the OpenRC you configured or downloaded from the Horizon dashboard source Tenant-openrc-new.sh # Issue a token openstack token issue
Checks
Commands
Some of these checks require an OpenStack admin OpenRC and for others the OpenRC of the Tenant you want to check on.
Admin
# List all compute nodes and hypervisors openstack compute service list # List all hypervisors (nodes hosting VMs only) openstack hypervisor list # List all network-devices used by the compute nodes openstack network agent list # List all storage-devices/enclosures openstack volume service list # List all OpenStack endpoints openstack endpoint list # List all users openstack user list # List all projects openstack project list # List all available Flavors (admin) openstack flavor list --all # Show the rights the manila user has for the service Tenant openstack role assignment list --user manila --project service --names
# Show all OpenStack VMs (admin) openstack server list --all openstack server list --all-project # List all Instances but only show only the Name column openstack server list --all-project -c Name # List all Instances of the current Tenant hosted on compute-node host1 openstack server list --host host1 # List all existing Instances on host3 and show only the Name and Status column openstack server list --all-project --host host3 -c Name -c Status
Common
# List all available VMs for the current Tenant openstack server list # Show information of a specific VM openstack server show as8d7as98d-aisd7-as7d86-a7s6d-asdas789d6a987d # List all available Networks openstack network list # List all available Volumes openstack volume list # List all images openstack image list # Show resource-usage per hour for a month, for each project openstack usage list # Show specific Flavor information openstack flavor show m1.small
Modules - CLI
Nova
# Deploy a CD-based Instance nova boot --flavor c2r4 --nic net-id=asd897-as987d6-as789d-as8d76-as8d67 --block-device id=as7das90d-asd867as89d6sa9-7a6sd78as6d78,source=image,dest=volume,bus=usb,device=/dev/vdb,size=5,type=cdrom,bootindex=0 MyInstance # Deploy an instance with basic parameters set openstack server create --image ubuntu-v3 --flavor c1r1 --network mynetwork --boot-from-volume 15 --key-name richard instance0001 # Deploy an instance on a specific host (admin) openstack server create --image ubuntu-v3 --flavor c1r1 --host compute02 --network mynetwork --boot-from-volume 15 --key-name richard --os-compute-api-version instance0002 # Stop a started VM openstack server stop asd987-asd8-asd8-qwe9-asd89eqw7 # Start a stopped VM openstack server start asd987-asd8-asd8-qwe9-asd89eqw7 # Change the state of a VM to active openstack server set --state active asd987-asd8-asd8-qwe9-asd89eqw7
Flavors
- https://docs.openstack.org/nova/latest/user/flavors.html
- https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/wallaby/app-pci-passthrough-gpu.html
- https://docs.openstack.org/nova/queens/admin/virtual-gpu.html
# Modify a Flavor so that it is only visible to a specific project openstack flavor set --project 92kjd-812as-324ajs-18asd-fhpo4 c4r2 # Create a publically accessible flavor, 0 disk value because you want minimum required size to be defined by your Images instead openstack flavor create c4r2 --id c4.r2 --ram 2048 --disk 0 --vcpus 4 # Flavor accounting for terrible Windows hardware socket-limits openstack flavor create c16r128 --id c16.r128 --ram 131072 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16 # Private Flavor only accessible to Tenants you specify openstack flavor create c16r4 --id c16.r4 --ram 4096 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16 --private # Use the pci_passthrough:alias parameter to specify a PCI-alias (GPU) to 'bind' to the Flavor openstack flavor create gpu-h100_c8r128 --id gpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property "pci_passthrough:alias"="gpu:1" --private # vGPU version, assuming VGPU types have been enabled openstack flavor create vgpu-h100_c8r128 --id vgpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property --property resources:VGPU=1 --private
Neutron
- https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network.html
- https://docs.openstack.org/ocata/user-guide/cli-create-and-manage-networks.html
# VLAN 77 tagged network openstack network create --provider-physical-network my-trunk-network --provider-network-type vlan --provider-segment 77 --project MyTenant --internal MyNetwork # Add a Subnet to the new network openstack subnet create --project MyTenant --network MyNetwork --subnet-range 192.168.77.0/24 --gateway 192.168.77.1 --allocation-pool start=192.168.77.100,end=192.168.77.200 --dns-nameserver 192.168.77.1 --dns-nameserver 8.8.8.8 MyNetwork-Subnet # Create an interface within a subnet, with port-security disabled openstack port create --project MyTenant --network MyNetwork --fixed-ip ip-address=192.168.77.2 --disable-port-security VLAN77-host02
Security Groups
openstack security group create --description "Generic access rules for MyTenant Instances." --project MyTenant MyTenant-Security # Allow ingress ICMP traffic on the local network openstack security group rule create --project MyTenant --description "Allow ICMP for Instances on the local network" --protocol icmp --ingress --ethertype IPv4 --remote-ip 192.168.77.0/24 MyTenant-Security # Allow ingress SSH access from a specific IP openstack security group rule create --project MyTenant --description "Allow SSH access from my office" --protocol tcp --ingress --ethertype IPv4 --remote-ip 1.2.3.4/32 --dst-port 22 MyTenant-Security
Glance
Tenant example: as8d76asd976ds798a6d78sa95das7968d5as978
Image example: as7das90d-asd867as89d6sa9-7a6sd78as6d78
# List all available images for the current Tenant openstack image list # Set an Image owner to a specific project openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --project as8d76asd976ds798a6d78sa95das7968d5as978 # Set an image to Private openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --private
Image sharing
# From the Image owners' OpenRC openstack image add project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978 # Verify status of the shared image openstack image member list as7das90d-asd867as89d6sa9-7a6sd78as6d78 # Source the receiving Tenant's OpenRC # Accept the image openstack image set --accept as7das90d-asd867as89d6sa9-7a6sd78as6d78 # Stop sharing from the owners' OpenRC openstack image remove project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978
Magnum
Magnum is used to create Kubernetes clusters.
# Check the Tenants' Overview tab to verify sufficient Quota has been assigned for the new nodes. # Source the relevant OpenRC file. # Create a Magnum template. openstack coe cluster template create --coe kubernetes --image fedora-coreos-36 --external-network Internet-network --network-driver flannel --dns-nameserver 1.1.1.1 --master-flavor c2r4 --flavor c2r4 --docker-storage-driver overlay2 MyTemplate-v1.00 # Deploy cluster based on previously created template. openstack coe cluster create --cluster-template MyTemplate-v1.00 --keypair MyKeyPair-2023 --master-count 1 --node-count 2 --master-flavor c1r4 --flavor c2r4 --fixed-network Tenant-Tnternal-Network --fixed-subnet Tenant-Tnternal-Network_Subnet --floating-ip-disabled MyClusterName-v1.00
Other
Migrate Hyper-V VM to OpenStack
Install Virtio drivers: https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/ Apply CloudInit: https://cloudbase.it/cloudbase-init/#download Disable Secure boot for VM on Hyper-V if enabled. Convert Hyper-V VHDX -> VHD Convert VHD -> QCOW2 Convert QCOW2 -> RAW Upload Image to OpenStack Open Openstack CLI Modify the OpenStack Image: openstack image set –property hw_firmware_type=’uefi’ –property hw_machine_type=’q35’ –property architecture=’x86_64’ MyImage Deploy an Instance based on the Image
Infrastructure management
# Enter bash in the gnocchi-statsd container and check the status of healthcheck_port docker exec -it gnocchi-statsd /bin/bash cat /usr/local/bin/healthcheck_port
