OpenStack

• https://clouddocs.web.cern.ch/

Contents are written with kolla-ansible in mind.

Common

Commands

# Enter OpenStack interactive mode
openstack

# Leave OpenStack interactive mode
exit

# Show all OpenStack commands and parameters
openstack --help
openstack help

# Show all OpenStack commands and parameters relating to the "server" parameter
openstack --help server
openstack help server

OpenStack CLI client

• https://docs.openstack.org/newton/user-guide/common/cli-install-openstack-command-line-clients.html
• https://help.dreamhost.com/hc/en-us/articles/235817468-Getting-started-with-the-OpenStack-command-line-client
• https://pip.pypa.io/en/stable/installation/
• https://docs.openstack.org/install-guide/environment-packages-rdo.html

yum update
yum install python3
yum install python-openstackclient
python3 -m pip install --upgrade pip
pip3 install python-openstackclient

# Source the OpenRC you configured or downloaded from the Horizon dashboard
source Tenant-openrc-new.sh

# Issue a token
openstack token issue

Checks

Commands

Some of these checks require an OpenStack admin OpenRC and for others the OpenRC of the Tenant you want to check on.

Admin

# List all compute nodes and hypervisors
openstack compute service list 

# List all hypervisors (nodes hosting VMs only)
openstack hypervisor list

# List all network-devices used by the compute nodes
openstack network agent list 

# List all storage-devices/enclosures
openstack volume service list 

# List all OpenStack endpoints
openstack endpoint list

# List all users
openstack user list 

# List all projects
openstack project list

# List all available Flavors (admin)
openstack flavor list --all

# Show the rights the manila user has for the service Tenant
openstack role assignment list --user manila --project service --names

# Show all OpenStack VMs (admin)
openstack server list --all
openstack server list --all-project

# List all Instances but only show only the Name column
openstack server list --all-project -c Name

# List all Instances of the current Tenant hosted on compute-node host1
openstack server list --host host1

# List all existing Instances on host3 and show only the Name and Status column
openstack server list --all-project --host host3 -c Name -c Status

Common

# List all available VMs for the current Tenant
openstack server list

# Show information of a specific VM
openstack server show as8d7as98d-aisd7-as7d86-a7s6d-asdas789d6a987d

# List all available Networks
openstack network list

# List all available Volumes
openstack volume list

# List all images
openstack image list 

# Show resource-usage per hour for a month, for each project
openstack usage list 

# Show specific Flavor information
openstack flavor show m1.small

Modules - CLI

Nova

# Deploy a CD-based Instance
nova boot --flavor c2r4 --nic net-id=asd897-as987d6-as789d-as8d76-as8d67 --block-device id=as7das90d-asd867as89d6sa9-7a6sd78as6d78,source=image,dest=volume,bus=usb,device=/dev/vdb,size=5,type=cdrom,bootindex=0  MyInstance

# Deploy an instance with basic parameters set
openstack server create --image ubuntu-v3 --flavor c1r1 --network mynetwork --boot-from-volume 15 --key-name richard instance0001

# Deploy an instance on a specific host (admin)
openstack server create --image ubuntu-v3 --flavor c1r1 --host compute02 --network mynetwork --boot-from-volume 15 --key-name richard --os-compute-api-version instance0002

# Stop a started VM
openstack server stop asd987-asd8-asd8-qwe9-asd89eqw7

# Start a stopped VM
openstack server start asd987-asd8-asd8-qwe9-asd89eqw7

# Change the state of a VM to active
openstack server set --state active asd987-asd8-asd8-qwe9-asd89eqw7

Flavors

• https://docs.openstack.org/nova/latest/user/flavors.html
• https://docs.openstack.org/project-deploy-guide/charm-deployment-guide/wallaby/app-pci-passthrough-gpu.html
• https://docs.openstack.org/nova/queens/admin/virtual-gpu.html

# Modify a Flavor so that it is only visible to a specific project
openstack flavor set --project 92kjd-812as-324ajs-18asd-fhpo4 c4r2

# Create a publically accessible flavor, 0 disk value because you want minimum required size to be defined by your Images instead
openstack flavor create c4r2 --id c4.r2 --ram 2048 --disk 0 --vcpus 4

# Flavor accounting for terrible Windows hardware socket-limits
openstack flavor create c16r128 --id c16.r128 --ram 131072 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16

# Private Flavor only accessible to Tenants you specify
openstack flavor create c16r4 --id c16.r4 --ram 4096 --disk 0 --vcpus 16 --property hw:cpu_sockets=1 --property hw:cpu_cores=16 --private

# Use the pci_passthrough:alias parameter to specify a PCI-alias (GPU) to 'bind' to the Flavor
openstack flavor create gpu-h100_c8r128 --id gpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property "pci_passthrough:alias"="gpu:1" --private

# vGPU version, assuming VGPU types have been enabled
openstack flavor create vgpu-h100_c8r128 --id vgpu-h100_c8.r128 --ram 131072 --disk 0 --vcpus 8 --property hw:cpu_sockets=1 --property hw:cpu_cores=8 --property --property resources:VGPU=1 --private

Neutron

• https://docs.openstack.org/python-openstackclient/latest/cli/command-objects/network.html
• https://docs.openstack.org/ocata/user-guide/cli-create-and-manage-networks.html

# VLAN 77 tagged network
openstack network create --provider-physical-network my-trunk-network --provider-network-type vlan --provider-segment 77 --project MyTenant --internal MyNetwork

# Add a Subnet to the new network
openstack subnet create --project MyTenant --network MyNetwork --subnet-range 192.168.77.0/24 --gateway 192.168.77.1 --allocation-pool start=192.168.77.100,end=192.168.77.200 --dns-nameserver 192.168.77.1 --dns-nameserver 8.8.8.8 MyNetwork-Subnet

#  Create an interface within a subnet, with port-security disabled
openstack port create --project MyTenant --network MyNetwork --fixed-ip ip-address=192.168.77.2 --disable-port-security VLAN77-host02

Security Groups

• https://docs.openstack.org/nova/queens/admin/security-groups.html

openstack security group create --description "Generic access rules for MyTenant Instances." --project MyTenant MyTenant-Security

# Allow ingress ICMP traffic on the local network
openstack security group rule create --project MyTenant --description "Allow ICMP for Instances on the local network" --protocol icmp --ingress --ethertype IPv4 --remote-ip 192.168.77.0/24 MyTenant-Security

# Allow ingress SSH access from a specific IP
openstack security group rule create --project MyTenant --description "Allow SSH access from my office" --protocol tcp --ingress --ethertype IPv4 --remote-ip 1.2.3.4/32 --dst-port 22 MyTenant-Security

Glance

Tenant example: as8d76asd976ds798a6d78sa95das7968d5as978
Image example: as7das90d-asd867as89d6sa9-7a6sd78as6d78

# List all available images for the current Tenant
openstack image list

# Set an Image owner to a specific project
openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --project as8d76asd976ds798a6d78sa95das7968d5as978

# Set an image to Private
openstack image set as7das90d-asd867as89d6sa9-7a6sd78as6d78 --private

Image sharing

# From the Image owners' OpenRC
openstack image add project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978

# Verify status of the shared image
openstack image member list as7das90d-asd867as89d6sa9-7a6sd78as6d78

# Source the receiving Tenant's OpenRC
# Accept the image
 openstack image set --accept as7das90d-asd867as89d6sa9-7a6sd78as6d78

# Stop sharing from the owners' OpenRC
 openstack image remove project as7das90d-asd867as89d6sa9-7a6sd78as6d78 as8d76asd976ds798a6d78sa95das7968d5as978

Magnum

Magnum is used to create Kubernetes clusters.

# Check the Tenants' Overview tab to verify sufficient Quota has been assigned for the new nodes.
# Source the relevant OpenRC file.

# Create a Magnum template.
openstack coe cluster template create --coe kubernetes --image fedora-coreos-36 --external-network Internet-network --network-driver flannel --dns-nameserver 1.1.1.1 --master-flavor c2r4 --flavor c2r4 --docker-storage-driver overlay2 MyTemplate-v1.00

# Deploy cluster based on previously created template.
openstack coe cluster create --cluster-template MyTemplate-v1.00 --keypair MyKeyPair-2023 --master-count 1 --node-count 2 --master-flavor c1r4 --flavor c2r4 --fixed-network Tenant-Tnternal-Network --fixed-subnet Tenant-Tnternal-Network_Subnet --floating-ip-disabled MyClusterName-v1.00

Other

Migrate Hyper-V VM to OpenStack

Install Virtio drivers: https://docs.fedoraproject.org/en-US/quick-docs/creating-windows-virtual-machines-using-virtio-drivers/
Apply CloudInit: https://cloudbase.it/cloudbase-init/#download
Disable Secure boot for VM on Hyper-V if enabled.
Convert Hyper-V VHDX -> VHD
Convert VHD -> QCOW2
Convert QCOW2 -> RAW
Upload Image to OpenStack
Open Openstack CLI
Modify the OpenStack Image: openstack image set –property hw_firmware_type=’uefi’ –property hw_machine_type=’q35’ –property architecture=’x86_64’ MyImage
Deploy an Instance based on the Image

Infrastructure management

# Enter bash in the gnocchi-statsd container and check the status of healthcheck_port
docker exec -it gnocchi-statsd /bin/bash
cat /usr/local/bin/healthcheck_port