erol.name

30. 04. 202030. 04. 2020

Openstack orchestration

Colection of Openstack resources that work together as three-tier application is called a stack. Stack uses openstack resources like instances, networks, volumes and objects, and other elements. The application runs on a stack.

Stack can be set-up via CLI or Horizon GUI which will send API request to various Openstack services (Keystone, Nova, Neutron, Cinder, Swift, Glance …).

Heat is the Openstack orchestration service that sends these API requests automatically. Stack description is taken by heat and interpreted to API requests. Heat accepts AWS Cloudformation templates written in JSON, but heat has it’s own native format called Heat Orchestration Template (HOT) based on YAML.

Create simple stack with heat orchestration template:

heat_template_version: newton

resources:
   myserver:
      type: OS::Nova::Server
      properties:
         config_drive: true
         key_name: 'erol-keypair'
         image: 'cirros-image'
         flavor: 1
         networks:
           - network: 'private_network'

Validate
`openstack orchestration template validate --template simple-stack.yaml`
If everything is ok, there will be no errors shown:
`Description: No description Parameters: {}`
Create stack:
`openstack stack create -t simple-stack.yaml simple-stack`

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | c0e028fd-6d10-4bd5-b3a0-5b0509ded846 |
| stack_name          | simple-stack                         |
| description         | No description                       |
| creation_time       | 2020-04-30T13:06:57Z                 |
| updated_time        | None                                 |
| stack_status        | CREATE_IN_PROGRESS                   |
| stack_status_reason | Stack CREATE started                 |
+---------------------+--------------------------------------+

List stacks to check if it has finished creating:
`openstack stack list`

+--------------------------------------+--------------+-----------------+----------------------+--------------+
| ID                                   | Stack Name   | Stack Status    | Creation Time        | Updated Time |
+--------------------------------------+--------------+-----------------+----------------------+--------------+
| c0e028fd-6d10-4bd5-b3a0-5b0509ded846 | simple-stack | CREATE_COMPLETE | 2020-04-30T13:06:57Z | None         |
+--------------------------------------+--------------+-----------------+----------------------+--------------+

List all resources belonging to the stack:
`openstack stack resource list simple-stack`

+---------------+--------------------------------------+------------------+-----------------+----------------------+
| resource_name | physical_resource_id                 | resource_type    | resource_status | updated_time         |
+---------------+--------------------------------------+------------------+-----------------+----------------------+
| myserver      | d6d86e6d-d904-4f90-90af-8efebf45aea2 | OS::Nova::Server | CREATE_COMPLETE | 2020-04-30T13:06:57Z |
+---------------+--------------------------------------+------------------+-----------------+----------------------+

Change server name in simple-stack.yaml:
`myserver`	;
to:
`server`
Update the stack:
`openstack stack update -t simple-stack.yaml.1 simple-stack`*

* Changing the resource name of the server will delete old instance and create new instance with new resource_name.

+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | c0e028fd-6d10-4bd5-b3a0-5b0509ded846 |
| stack_name          | simple-stack                         |
| description         | No description                       |
| creation_time       | 2020-04-30T13:06:57Z                 |
| updated_time        | 2020-04-30T13:14:59Z                 |
| stack_status        | UPDATE_IN_PROGRESS                   |
| stack_status_reason | Stack UPDATE started                 |
+---------------------+--------------------------------------+

Check if stack was updated successfuly:
`openstack stack list`

+--------------------------------------+--------------+-----------------+----------------------+----------------------+
| ID                                   | Stack Name   | Stack Status    | Creation Time        | Updated Time         |
+--------------------------------------+--------------+-----------------+----------------------+----------------------+
| c0e028fd-6d10-4bd5-b3a0-5b0509ded846 | simple-stack | UPDATE_COMPLETE | 2020-04-30T13:06:57Z | 2020-04-30T13:14:59Z |
+--------------------------------------+--------------+-----------------+----------------------+----------------------+

Check if resource list was updated:
`openstack stack resource list simple-stack`

+---------------+--------------------------------------+------------------+-----------------+----------------------+
| resource_name | physical_resource_id                 | resource_type    | resource_status | updated_time         |
+---------------+--------------------------------------+------------------+-----------------+----------------------+
| server        | 62d20902-ee6c-40a0-bdc6-e38ed81fdf7c | OS::Nova::Server | CREATE_COMPLETE | 2020-04-30T13:14:59Z |
+---------------+--------------------------------------+------------------+-----------------+----------------------+

Change network in simple-stack.yaml.1:
`network: 'private_network'`
to:
`network: 'external_network'`

openstack stack update -t simple-stack.yaml.2 simple-stack
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | c0e028fd-6d10-4bd5-b3a0-5b0509ded846 |
| stack_name          | simple-stack                         |
| description         | No description                       |
| creation_time       | 2020-04-30T13:06:57Z                 |
| updated_time        | 2020-04-30T13:39:28Z                 |
| stack_status        | UPDATE_IN_PROGRESS                   |
| stack_status_reason | Stack UPDATE started                 |
+---------------------+--------------------------------------+
openstack stack resource list simple-stack
+---------------+--------------------------------------+------------------+-----------------+----------------------+
| resource_name | physical_resource_id                 | resource_type    | resource_status | updated_time         |
+---------------+--------------------------------------+------------------+-----------------+----------------------+
| server        | 62d20902-ee6c-40a0-bdc6-e38ed81fdf7c | OS::Nova::Server | UPDATE_COMPLETE | 2020-04-30T13:39:31Z |
+---------------+--------------------------------------+------------------+-----------------+----------------------+

Retrieve all parameter functions supported by Openstack version:

openstack orchestration template version list
+--------------------------------------+------+
| version                              | type |
+--------------------------------------+------+
| AWSTemplateFormatVersion.2010-09-09  | cfn  |
| HeatTemplateFormatVersion.2012-12-12 | cfn  |
| heat_template_version.2013-05-23     | hot  |
| heat_template_version.2014-10-16     | hot  |
| heat_template_version.2015-04-30     | hot  |
| heat_template_version.2015-10-15     | hot  |
| heat_template_version.2016-04-08     | hot  |
| heat_template_version.2016-10-14     | hot  |
+--------------------------------------+------+
openstack orchestration template function list heat_template_version.2016-10-14
+-----------------+-------------------------------------------------------------------------+
| functions       | description                                                             |
+-----------------+-------------------------------------------------------------------------+
| list_join       | A function for joining one or more lists of strings.                    |
| if              | A function to return corresponding value based on condition evaluation. |
| yaql            | A function for executing a yaql expression.                             |
| digest          | A function for performing digest operations.                            |
| get_attr        | A function for resolving resource attributes.                           |
| repeat          | A function for iterating over a list of items.                          |
| resource_facade | A function for retrieving data in a parent provider template.           |
| map_replace     | A function for performing substitutions on maps.                        |
| str_replace     | A function for performing string substitutions.                         |
| get_resource    | A function for resolving resource references.                           |
| map_merge       | A function for merging maps.                                            |
| str_split       | A function for splitting delimited strings into a list.                 |
| get_param       | A function for resolving parameter references.                          |
| get_file        | A function for including a file inline.                                 |
+-----------------+-------------------------------------------------------------------------+

Parameters can be provided via command line with
--parameter imgname=cirros-image keyname=erol-keypair
Or combine several parameters under one option:
--parameter "imgname=cirros-image; keyname=erol-keypair"

If you have a lot of parameters it is probably better to put them in a file again in YAML format, with single parameters key and parameter key value pairs under that key. For example create myparameters.yaml file with following contents:

parameters:
   keyname: erol-keypair
   imgname: cirros-image

You can now use –enviroment option to include the parameter keypairs from your file to the heat orchestration template.

Contents of parameters-stack.yaml:

heat_template_version: newton

parameters:
  keyname:
    type: string
    default: erol-keypair
    description: .....
  imgname:
    type: string

resources:
   server:
      type: OS::Nova::Server
      properties:
         config_drive: true
         key_name: { get_param: keyname }
         image: { get_param: imgname }
         flavor: 1
         networks:
           - network: 'private_network'

You can create your new stack with new template and parameters file:

openstack stack create myfirststack --template parameters-stack.yaml -e myparameters.yaml
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | ccc6b0a3-f690-479b-87fd-d36b1077f53c |
| stack_name          | myfirststack                         |
| description         | No description                       |
| creation_time       | 2020-04-30T14:08:58Z                 |
| updated_time        | None                                 |
| stack_status        | CREATE_IN_PROGRESS                   |
| stack_status_reason | Stack CREATE started                 |
+---------------------+--------------------------------------+
[root@packstack ~(keystone_admin)]# openstack stack list
+--------------------------------------+--------------+-----------------+----------------------+----------------------+
| ID                                   | Stack Name   | Stack Status    | Creation Time        | Updated Time         |
+--------------------------------------+--------------+-----------------+----------------------+----------------------+
| ccc6b0a3-f690-479b-87fd-d36b1077f53c | myfirststack | CREATE_COMPLETE | 2020-04-30T14:08:58Z | None                 |
| c0e028fd-6d10-4bd5-b3a0-5b0509ded846 | simple-stack | UPDATE_COMPLETE | 2020-04-30T13:06:57Z | 2020-04-30T13:39:28Z |
+--------------------------------------+--------------+-----------------+----------------------+----------------------+
openstack stack resource list myfirststack
+---------------+--------------------------------------+------------------+-----------------+----------------------+
| resource_name | physical_resource_id                 | resource_type    | resource_status | updated_time         |
+---------------+--------------------------------------+------------------+-----------------+----------------------+
| server        | e7378fa5-ed43-48eb-b00e-17952d4aad97 | OS::Nova::Server | CREATE_COMPLETE | 2020-04-30T14:08:59Z |
+---------------+--------------------------------------+------------------+-----------------+----------------------+

Create a modified version of your HOT file called linking-stack.yaml:

heat_template_version: newton

parameters:
  keyname:
    type: string
    default: erol-keypair
    description: .....
  imgname:
    type: string

resources:
   fip:
     type: OS::Nova::FloatingIP
     properties:
       pool: external_network
   fip_assoc:
     type: OS::Nova::FloatingIPAssociation
     properties:
       server_id: { get_resource: server }
       floating_ip: { get_resource: fip }

   server:
      type: OS::Nova::Server
      properties:
         config_drive: true
         key_name: { get_param: keyname }
         image: { get_param: imgname }
         flavor: 1
         networks:
           - network: 'private_network'
outputs:
   fip_address:
      description: Floating IP address value
      value:
         get_attr: [ fip, ip ]

Create a modified version of your HOT file called linking-stack.yaml:

openstack stack create linkstack --template linking-stack.yaml -e myparameters.yaml
+---------------------+--------------------------------------+
| Field               | Value                                |
+---------------------+--------------------------------------+
| id                  | eb146b58-a00e-4d5c-897f-243d6c55c4ea |
| stack_name          | linkstack                            |
| description         | No description                       |
| creation_time       | 2020-04-30T14:22:51Z                 |
| updated_time        | None                                 |
| stack_status        | CREATE_IN_PROGRESS                   |
| stack_status_reason | Stack CREATE started                 |
+---------------------+--------------------------------------+
openstack stack list
+--------------------------------------+--------------+-----------------+----------------------+----------------------+
| ID                                   | Stack Name   | Stack Status    | Creation Time        | Updated Time         |
+--------------------------------------+--------------+-----------------+----------------------+----------------------+
| eb146b58-a00e-4d5c-897f-243d6c55c4ea | linkstack    | CREATE_COMPLETE | 2020-04-30T14:22:51Z | None                 |
| ccc6b0a3-f690-479b-87fd-d36b1077f53c | myfirststack | CREATE_COMPLETE | 2020-04-30T14:08:58Z | None                 |
| c0e028fd-6d10-4bd5-b3a0-5b0509ded846 | simple-stack | UPDATE_COMPLETE | 2020-04-30T13:06:57Z | 2020-04-30T13:39:28Z |
+--------------------------------------+--------------+-----------------+----------------------+----------------------+
openstack stack event list linkstack
2020-04-30 14:22:52Z [linkstack]: CREATE_IN_PROGRESS  Stack CREATE started
2020-04-30 14:22:54Z [linkstack.fip]: CREATE_IN_PROGRESS  state changed
2020-04-30 14:22:58Z [linkstack.link-server]: CREATE_IN_PROGRESS  state changed
2020-04-30 14:22:59Z [linkstack.fip]: CREATE_COMPLETE  state changed
2020-04-30 14:23:19Z [linkstack.link-server]: CREATE_COMPLETE  state changed
2020-04-30 14:23:24Z [linkstack.fip_assoc]: CREATE_IN_PROGRESS  state changed
2020-04-30 14:23:36Z [linkstack.fip_assoc]: CREATE_COMPLETE  state changed
2020-04-30 14:23:37Z [linkstack]: CREATE_COMPLETE  Stack CREATE completed successfully
openstack stack show linkstack
+-----------------------+----------------------------------------------------------------------------------------------------------------------------+
| Field                 | Value                                                                                                                      |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------+
| id                    | eb146b58-a00e-4d5c-897f-243d6c55c4ea                                                                                       |
| stack_name            | linkstack                                                                                                                  |
| description           | No description                                                                                                             |
| creation_time         | 2020-04-30T14:22:51Z                                                                                                       |
| updated_time          | None                                                                                                                       |
| stack_status          | CREATE_COMPLETE                                                                                                            |
| stack_status_reason   | Stack CREATE completed successfully                                                                                        |
| parameters            | OS::project_id: 7f64b208cc8b4a5988317789af7f827f                                                                           |
|                       | OS::stack_id: eb146b58-a00e-4d5c-897f-243d6c55c4ea                                                                         |
|                       | OS::stack_name: linkstack                                                                                                  |
|                       | imgname: cirros-image                                                                                                      |
|                       | keyname: erol-keypair                                                                                                      |
|                       |                                                                                                                            |
| outputs               | - description: Floating IP address value                                                                                   |
|                       |   output_key: fip_address                                                                                                  |
|                       |   output_value: 172.30.152.22                                                                                              |
|                       |                                                                                                                            |
| links                 | - href: http://172.30.152.4:8004/v1/7f64b208cc8b4a5988317789af7f827f/stacks/linkstack/eb146b58-a00e-4d5c-897f-243d6c55c4ea |
|                       |   rel: self                                                                                                                |
|                       |                                                                                                                            |
| parent                | None                                                                                                                       |
| disable_rollback      | True                                                                                                                       |
| deletion_time         | None                                                                                                                       |
| stack_user_project_id | 0d97b86e82234c028d9c5f785aeeb3c9                                                                                           |
| capabilities          | []                                                                                                                         |
| notification_topics   | []                                                                                                                         |
| stack_owner           | None                                                                                                                       |
| timeout_mins          | None                                                                                                                       |
| tags                  | null                                                                                                                       |
|                       | ...                                                                                                                        |
|                       |                                                                                                                            |
+-----------------------+----------------------------------------------------------------------------------------------------------------------------+
openstack stack output list linkstack
+-------------+---------------------------+
| output_key  | description               |
+-------------+---------------------------+
| fip_address | Floating IP address value |
+-------------+---------------------------+
openstack stack output show linkstack fip_address
+--------------+---------------------------+
| Field        | Value                     |
+--------------+---------------------------+
| description  | Floating IP address value |
| output_key   | fip_address               |
| output_value | 172.30.152.22             |
+--------------+---------------------------+
openstack stack resource list linkstack
+---------------+--------------------------------------+---------------------------------+-----------------+----------------------+
| resource_name | physical_resource_id                 | resource_type                   | resource_status | updated_time         |
+---------------+--------------------------------------+---------------------------------+-----------------+----------------------+
| fip           | 732de760-891d-4684-9853-874527c8dfdf | OS::Nova::FloatingIP            | CREATE_COMPLETE | 2020-04-30T14:22:53Z |
| fip_assoc     | 4                                    | OS::Nova::FloatingIPAssociation | CREATE_COMPLETE | 2020-04-30T14:22:53Z |
| link-server   | 4174ee39-6dce-4683-8d7c-8e9a00dc9907 | OS::Nova::Server                | CREATE_COMPLETE | 2020-04-30T14:22:53Z |
+---------------+--------------------------------------+---------------------------------+-----------------+----------------------+

30. 04. 202030. 04. 2020

Openstack telemetry: Ceilometer, Gnocchi and Aodh

In Openstack Ceilometer is the component that gathers data from the cloud and pre-processes it. It distinguishes between samples (CPU time) and events (creation of an instance). Resources, Meters and Samples are fundamental concepts in Ceilometer.

Samples are retrieved at regular intervals and if Ceilometar fails to get the sample it can be estimated by interpolation. Events are retrieved as they happen and cannot be estimated.

Ceilometer sends events to the a storage service, while samples are sent to a service named Gnocchi, which is optimized to handle large amount of time-series data.

Aodh gets measures from Gnocchi, checks whether certain conditions are met and triggers actions. This is the foundation for application auto-scaling.

Other uses for Gnocchi data are monitoring the health of the cloud and billing.

Ceilometer has three ways retrieving samples and events:

Services may voluntarily provide them by sending Ceilometer notification via Openstack’s messaging system. This is preferred way since it is based on internal knowledge that the service has about it’s resources and it is fast without much overhead and stress on the systems.
Ceilometer actively retrieves data via APIs which is a costly method for billing and alarming.
Ceilometer can get data by accessing sub-components of services such as the hypervisor that run the instances.

Second and third method are referred also as methods where Ceilometer “polls” the samples.

More details on Openstack telemetry can be found on this link:
https://docs.openstack.org/ceilometer/latest/admin/telemetry-measurements.html

While Ceilometer has resources, meters and samples Gnocchi has resources, metrics and measures. Gnocchi resource corresponds to Ceilometer resource. Metric is roughly equivalent to a meter in Ceilometer. Gnocchi does not store every metric value it receives from Ceilomter, but rather it combines values and stores the results at regular intervals according to Archive policy.

Listing gnocchi resources, metrics, measures:
Resources:
`gnocchi resource list gnocchi resource show UUID`
Metrics:
`gnocchi metric list* gnocchi metric show cpu --resource UUID`
Measures:
`gnocchi measures show cpu --resource UUID --start YYYY-MM-DDTHH:MM:SS+00:00`

* Output will be empty for non-admin users.

Listing resources, metrics, measures with openstack client:
Resources:
`openstack metric resource list openstack metric resource show UUID`
Metrics:
`openstack metric metric list* openstack metric metric show cpu --resource UUID`
Measures:
`openstack metric measures show cpu --resource UUID --start YYYY-MM-DDTHH:MM:SS+00:00`

* Output will be empty for non-admin users.

Aggregation:
Server grouping:
`openstack server create --property metering.server_group=Mail*`
Metrics aggregation:
`gnocchi measures aggregation --query server_group=Mail --resource-type=instance --aggregation mean -m cpu_util`

* For gnocchi all servers with ‘–property metering.server_group=Mail’ can be considered tagged.

Listing Ceilometer Events:
Event types are defined in a YAML type:
`/etc/ceilometer/event_definitions.yaml`
List event types, events and event details:
`ceilometer event-type-list` `ceilometer event-list` `ceilometer event-show EVENT_ID`

* For gnocchi all servers with ‘–property metering.server_group=Mail’ can be considered tagged.
** There is no option in horizon GUI to view events or statictics, but gnocchi visualisation can be provided by Grafana.

Example generating CPU and disk load and showing gnocchi measures:
Create two instances:
`openstack server create --image cirros-image --flavor 1 --nic net-id=... --user-data cpu.sh cpu-user` `openstack server create --image cirros-image --flavor 1 --nic net-id=... --user-data disk.sh disk-user`
Let the instances finish creating and leave them running for a while:
`openstack server list`
Show cpu usage measures from cpu-user server:
`gnocchi measures show cpu.delta --resource-id SERVER_UUID 795 gnocchi measures show cpu_util --resource-id SERVER_UUID`
Show disk usage measures from disk-user server:
`gnocchi measures show disk.read.requests --resource-id SERVER_UUID gnocchi measures show disk.read.requests.rate --resource-id SERVER_UUID`

* Files cpu.sh and disk.sh are your bash scripts to generate CPU load and disk load.
** Don’t forget to stop cpu-server and disk-server after you have finished, since they will continue to generate CPU and disk load.

Alarms:
An alarm has:
`Type Condition: depends on type Evaluation window State: OK/Alarm/Insufficient Data Actions for state transitions`
Condition example:
`mean cpu_util > 60 all resources tagged server_group=Mail`
Single Resource Threshold Alarm:
`openstack alarm create --name cpuhigh \ --type gnocchi_resources_threshold \ --aggregation-method mean --metric cpu_util \ --comparison-operator gt --threshold 30 \ --resource-type instance \ --resource-id INSTANCE_UUID \ --granularity 60 --evaluation-periods 2 \ --alarm-action http://127.0.0.1:1234 \ --ok-action http://127.0.0.1:1234`
Alarm based on resource aggregates:
`openstack alarm create --name cpuhigh \ --type gnocchi_aggregation_by_resources_threshold \ --aggregation-method mean --metric cpu_util \ --comparison-operator gt --threshold 30 \ --resource-type instance \ --query '{ "=": { "server_group" : "Mail" }}' \ --granularity 60 --evaluation-periods 2 \ --alarm-action http://127.0.0.1:1234 \ --ok-action http://127.0.0.1:1234`
Alarm commands:
`openstack alarm list openstack alarm show ALARM_ID openstack alarm-history show ALARM_ID openstack alarm state get ALARM_ID openstack alarm update ALARM_ID ...`

29. 04. 202030. 04. 2020

Openstack storage cookbook list of useful commands with examples

Here is the list of openstack storage commands and examples that I collected and found useful:

Openstack commands: Cinder commands:

Volume opearations: Cinder operations:

openstack volume create --size 1 [NAME] openstack volume create --size 1 --image [IMAGE] [NAME] openstack volume create --size 1 --source [VOLUME] [NAME] openstack volume create --size 1 --snapshot [SNAPSHOT] [NAME] openstack volume list openstack volume show [VOLUME] openstack volume set [VOLUME] --size 2 openstack volume set [VOLUME] --name [NEW_NAME] openstack volume set [VOLUME] --property [KEY]=[VALUE] openstack volume delete [VOLUME]* cinder create 1 cinder create 1 --image [IMAGE] cinder create 1 --source-volid [VOLUME_ID] cinder create 1 --snapshot-id [SNAPSHOT_ID] cinder list cinder show [VOLUME] cinder extend [VOLUME] 2 cinder rename [VOLUME] [NEW_NAME] cinder metadata [VOLUME] set [KEY]=[VALUE] cinder delete [VOLUME]*

Openstack commands:	Cinder commands:
Volume opearations:	Cinder operations:
`openstack volume create --size 1 [NAME] openstack volume create --size 1 --image [IMAGE] [NAME] openstack volume create --size 1 --source [VOLUME] [NAME] openstack volume create --size 1 --snapshot [SNAPSHOT] [NAME] openstack volume list openstack volume show [VOLUME] openstack volume set [VOLUME] --size 2 openstack volume set [VOLUME] --name [NEW_NAME] openstack volume set [VOLUME] --property [KEY]=[VALUE] openstack volume delete [VOLUME]*`	`cinder create 1 cinder create 1 --image [IMAGE] cinder create 1 --source-volid [VOLUME_ID] cinder create 1 --snapshot-id [SNAPSHOT_ID] cinder list cinder show [VOLUME] cinder extend [VOLUME] 2 cinder rename [VOLUME] [NEW_NAME] cinder metadata [VOLUME] set [KEY]=[VALUE] cinder delete [VOLUME]*`

Volumes can not be smaller than 1GB, that is why –size 1 is used.
* It is not posible to undo a delete operation
** Adding –type [VOLUME_TYPE] to create options

Volume types:
Volume operations:
`openstack volume type create thin --property volume_backend_name=lvm --property lvm:provisioning=thin` `openstack volume types openstack volume type show [NAME] openstack volume create --type thin --size 1 [thinvol] openstack volume list --long*`

* In reality lvm backend does not have parameter provisioning, actually it has no parameters at all, but this “fake” property “thin” is used to show how types are used
** In order to see parameter type use the “–long” option

Openstack commands:	Nova commands:
Attaching and detaching volumes:
`openstack server add volume SERVER_REF VOLUME_REF openstack server add volume --device /dev/vdc* SERVER_REF VOLUME_REF openstack server remove volume SERVER_REF VOLUME_REF`	`nova volume-attach SERVER_REF VOLUME_ID [DEVICE] nova volume-dettach SERVER_REF VOLUME_ID`
Boot from a volume CLI commands:
`openstack volume create --image IMAGE_REF mybootvol openstack volume create --image SNAPSHOT_REF mybootvol openstack server create --volume mybootvol -- flavor ... --nic ... myinstance`	`nova boot myinstance --nic .. --flavor .. --block-device source=volume,id=VOLUME_ID,dest=volume, size=SIZE,bootindex=0 nova boot myinstance --nic .. --flavor .. --block-device source=image,id=IMAGE_ID,dest=volume, size=SIZE,bootindex=0 nova boot myinstance --nic .. --flavor .. --block-device source=snapshot,id=SNAPSHOT_ID,dest=volume, size=SIZE,bootindex=0`

When instances are launched from images, instance’s internal disk is created from image and the instance boot from it’s that disk. Such internal disk is called ephemeral storage. It dissapears when instance is deleted.
* Libvirt (QEMU and KVM) ignore ‘–device’ parameter and you are stuck with whatever device filename Nova assigns

Openstack commands:	Cinder commands:
Create snapshot:
`openstack snapshot create --name myvol-snap4 myvol`*	`cinder snapshot-create --name myvol-snap4 myvol`*
Create volume from snapshot:
`openstack volume create --snapshot myvol-snap4 myvol-lastweek`
Backup create:	Backup restore:
`openstack volume backup create --name mybck myvol openstack volume backup create --name mybck --snapshot SNAP myvol *`	`openstack volume backup restore mybck myvol2`

*This command will fail on attached volumes, so ‘–force’ parameter must be specified.
** To backup attached volume add parameter ‘–force’ , or ‘–incremental’ which stores the difference between current volume and previous backup. Base for incremental backup is the backup with the most recent timestamp.
*** Cinder client has ‘backup-create’ and ‘backup-restore’ commands.
**** Other openstack commands include ‘delete/list/show/set’ to delete backup, list backups, show backup details and set backup properties respectively.

Recover deleted files from a snapshot:
Identify volume for backup:
`openstack volume list --long`
Indentify network where to launch new server:
`openstack network list`
Use clone of the image to launch an instance:
`openstack server create --volume myclonevol --nic net-id=... --flavor 1 --keyname mykey volserver`
To connect to this image security group and floating ip must be assigned:
`openstack server add security group volserver ssh openstack server add floating ip volserver 172.24.4.230 ssh -i mykey.pem username@ip_address`
Create some files to be recovered:
`cp /etc/passwd /home/username/file1 cp /etc/fstab /home/username/file2`
Create a snapshot of a still attached volume:
`openstack snapshot create --name myclonesnap myclonevol --force`
Remove a file:
`rm /home/username/file1 exit`
Since snapshot can not be attached to instance create volume first:
`openstack volume create --snapshot myclonesnap --size 1 tempvol`
Attach the new volume
`openstack server add volume volserver tempvol`
Log back to the server:
`ssh -i mykey.pem username@ip_address`
List block storage devices:
`lsblk`
Mount the new attached volume:
`mount /dev/vdb1 /mnt/temp`
List the same directory from backup volume, both files should be present:
`ls -la /mnt/temp/home/username/`
Copy the backup file from temporary mount to previous location:
`cp /mnt/temp/home/username/file1 /home/username/`
Unmount backup volume:
`umount /mnt/temp`
Remove and delete redundant copy of the snapshot data:
`openstack server remove ovlume volserver tempvol openstack volume delete tempvol`

Backup up and restoring volumes:
Identify the server:
`openstack server list`
Show volume details:
`openstack volume show myclonevol`
Create backup of this attached volume:
`openstack volume backup create --name myclonevol.backup.$date +%y%m%d) --force`
Check the backup progress*:
`openstack volume backup list`
Create another file on the instance:
`ssh -i mykey.pem username@ip_address cp /etc/group /home/username/file3`
Create an incremental backup:
`openstack volume backup create --name myclonevol.backup.$date +%y%m%d)-1 --force --incremental`
Check the incremental backup progress:
`openstack volume backup list`
Inspect the backups:
`openstack volume backup show myclonevol.backup.YYMMDD` `openstack volume backup show myclonevol.backup.YYMMDD-1*`
Add another file to the instance:
`ssh -i mykey.pem username@ip_address cp /etc/shadow/home/username/file4`
Create another incremental backup:
`openstack volume backup create --name myclonevol.backup.$date +%y%m%d)-2 --force --incremental`
Check the incremental backup progress:
`openstack volume backup list`
Inspect the incremental backups::
`openstack volume backup show myclonevol.backup.YYMMDD-1****`
Simulate failure by removing files from this instance*****:
`rm -rf /` `exit`
Identify backup to restore the instance from:
`openstack volume backup list`
Restore most recent backup to an empty volume******:
`openstack volume create --size 1 myclonevol2` `openstack volume backup restore myclonevol.backup.YYMMDD-2 myclonevol2`
Launch an instance from the restored volume:
`openstack server create --volume myclonevol2 --nic net-id=... --flavor 1 --key-name mykey volserver-restored`
Add a security group and floating IP address and login:
`openstack server add security group volserver-restored ssh openstack server add floating ip volserver 172.24.4.233 ssh -i mykey.pem username@172.24.4.233`
Check that all files are restored:
`ls -la /`

* Backup process takes some time, and while working it is shown as ‘creating’ when completed it will show ‘available’.
** Initial backup should have ‘has_dependant_backups’ set to ‘True’ and ‘is_incremental’ set to ‘False’.
*** Incremental backup should have ‘is_incremental’ set to ‘True’ and has no dependant backups so ‘has_dependant_backups’ is ‘False’.
**** Incremental backup is always created from the backup with the latest timestamp, which in this case is our previous incremental backup who should have now ‘has_dependant_backups’ set to ‘True’.
***** System is now broken beyond repair. Something that I always wanted to do 🙂
****** To restore to attached volume instance must be shutdown, that is why we are restoring to empty volume.
******* To enable volume backup option in the horizon dashboard ‘/etc/openstack-dashboard/local_settings’ should be edited and ‘OPENSTACK_CINDER_FEATURES = { ‘enable_backup’: False. }’ should be changed to ‘True’.

Openstack commands:	Swift commands:
Creating containers and objects:
`openstack container create myphotos` `openstack object create myphotos moon.jpg`	`swift post myphotos` `swift upload myphotos moon.jpg*`
Access data via URL:
`http://CLOUD-ADDRESS:8080/v1/ACCOUNT/myphotos/moon.jpg`
Object with ‘/’ in the name	Switch change object name:
`openstack object create myphotos localdir/moon.jpg**`	`swift upload myphotos localdir/moon.jpg --object-name=moon.jpg`
Show object details:
`openstack show object myphotos moon.jpg`	`swift stat myphotos moon.jpg -v`
Deleting an object:
`openstack object delete myphotos moon.jpg ***`
List containers and objects:
`openstack container list` `openstack object list myphotos --long`	`swift list --lh` `swift list myphotos --lh`
Downloading an object:
`openstack object save myphotos sun/2020.jpg****`
Downloading objects with wget:
`wget --user demo --password ******** $OBJECT_URL`
Setting Metadata:
`openstack object store account set --property category=astronomy openstack container set --property type=pictures myphotos opestack object set --property location=japan myphotos moon.jpg`	`swift post -m location:japan myphotos moon.jpg`
Deleting Metadata*****:
`openstack object store account unset --property category=astronomy openstack container unset --property type=pictures myphotos opestack object unset --property location=japan myphotos moon.jpg`	`swift post -H "X-Remove-Object-Meta-Location: x"****** myphotos moon.jpg`

* Swift upload command creates container if it does not exist.
** Name of the object created with openstack command can not be changed, while swift client can change the name.
*** Deleted objects can not be undeleted.
**** Will create direcotry ‘sun’ and store ‘2020.jpg’ in it. You could also specify an alternate local filename with ‘–file sun.jpg’ parameter.
*****Setting an empty metadata item also deletes it, but is not documented.
****** String ‘Location’ is actually the attribute you want to remove from object and ‘x’ is to satisfy HTTP syntax and it is ignored.

Access control lists:
Permissions based on PROJECT:USER
`demo:demo :admin :*`
Permissions based on referrer:
`.r:* .r:erol.name`
Set ACLs:
`swift post -r ACL CONTAINER swift post -w ACL CONTAINER`
Clear ACLs:
`swift post -r "" CONTAINER swift post -w "" CONTAINER`
Downloading object with wget using auth-token header:
`wget --header "x-auth-token: TOKEN_UUID*" $OBJECT_URL`
Allow any referrer to access file:
`swift post myvideos --read-acl '.referrer:'*`

* TOKEN_UUID value is ‘Auth Token’ value shown with ‘swift stat -v myphotos moon.jpg”
** In oreder to allow listings of a container add parameter ‘.referrer:*,.rlistings’ instead of just ‘.referrer:*’.

Temporary URLs:
Create TempURL key:
`openstack object store account set --property temp-url-key=abc123` `openstack container set --property temp-url-key=abc123`
Generate TempURL:
`swift tempurl GET 86400 /v1/AUTH_..../myvideos/vid.mp4 abc123`*
Generated URL:
`/v1/AUTH_..../myvideos/vid.mp4?temp_url_sig=fa28...&temp_url_expires=...`
Download TempURL with wget
`wget -O my-temp-titan.mp4 "http://CLOUD_IP:8080/v1/AUTH_..../myvideos/vid.mp4?temp_url_sig=fa28...&temp_url_expires=..."`

* To allow read access GET is used, 86400 is the validity of the temporary URL in seconds.

Large objects:
Upload object and segment it into smaller parts:
`swift upload --segment-size=100M mycontainer bigobject*`
Example:
`swift upload --segment-size=1M big-container myvideo.mp4`
Show object details:
`openstack object list big-container --long openstack object show big-container myvideo.mp4 openstack object list big-container_segments --long openstack object list big-container_segments`
Delete containers:
`openstack container delete big-container swift delete big-container*`

* Any size objects can be segmented, but since limitation on object size is 5GB larger objects than this must be split into segments. Container ‘mycontainer’ in this case is empty it only has metadata. The actual data goes into second container whose name is derived from original container f.e. ‘mycontainer_segments’ where one object per segment is stored.
** Openstack will not delete container while there are segments in it.
*** Swift client will delete the main container ‘big-container’ and all it’s segments, but it will not delete container ‘big-container_segments’.

27. 04. 202030. 04. 2020

Openstack cookbook list of useful commands with examples

I have decided to summarize in one page all useful Openstack commands. This post will be useful to anyone interested in learning Openstack cloud commands or use it as a daily reference.

Openstack commands:	Old equivalents:
General commands:
`openstack image list openstack flavor list openstack network list openstack server list`	`glance image-list nova flavor-list neutron net-list nova list`
Server commands:
`openstack server show [SERVER] openstack server stop [SERVER] openstack server start [SERVER] openstack server delete [SERVER] openstack server image create [IMAGE]`	`nova show [SERVER] nova stop [SERVER] nova start [SERVER] nova delete [SERVER] nova image-create [IMAGE]`
Server console commands:
`openstack console log show openstack console url show`	`nova console-log nova get-vnc-console`
SSH Keypairs*:
`openstack keypair create [KEYPAIR] > key.pem` `openstack keypair show[KEYPAIR] --public-key > key.pub` `openstack keypair show --public-key [KEYPAIR]`	`nova keypair-add [KEYPAIR] > key.pem` `nova keypair-show [KEYPAIR] \| grep Public \| awk -F': ' '{print $2}' > ./.ssh/key.pub` `nova keypair-show [KEYPAIR]`
Metadata**:
Key-value pairs: `openstack server create --property [KEY]=[VALUE]` Script (any language): `openstack server create --user-data [SCRIPT]` Cloud-config file (yaml) `openstack server create --user-data [FILE]` File injection `openstack server create --file [DEST_FILE]=[SRC_FILE]`	`nova boot --meta [KEY]=[VALUE]` `nova boot --user-data [SCRIPT]` `nova boot --user-data [FILE]` `nova boot --file [DEST_FILE]=[SRC_FILE]`

* Don’t forget to chmod 600 key.pem in order to protect it and make it usable by SSH command
** There can only be 1 user-data option, but many property and file options .
Metadata is retrieved by process cloud-int in cloud images .
Server requests with curl http://169.254.169.254 –> Metadata service (nova) which replies with
data in JSON format <– (Restful API).

Openstack network related commands:
Security group:
`openstack security group create [SEC_GROUP] openstack security group rule create --dst-port 12345 [SEC_GROUP]* openstack server add security group [SERVER] [SEC_GROUP] openstack security group rule list [SEC_GROUP] --long`
Network:
`openstack network list openstack network show [NETWORK] openstack network create [NETWORK] openstack network delete [NETWORK]`
Subnet:
`openstack subnet list openstack subnet show [SUBNET] openstack subnet create --network --subnet-range [CIDR] [SUBNET] openstack subnet delete [SUBNET]`
Port:
`openstack port list openstack port show [PORT] openstack port create --network [NETWORK] [PORT]** openstack port delete [PORT]`
Floating IP:
`openstack floating ip list openstack floating ip create [EXT_NET]* openstack server add floating ip [SERVER] [IP_ADDRESS] openstack server remove floating ip [SERVER] [IP_ADDRESS] openstack floating ip delete [IP_ADDRESS] openstack floating ip set [IP_ADDRESS]*`
Router:
`openstack router create [ROUTER] openstack router show [ROUTER] openstack router delete [ROUTER] openstack router list` set [ROUTER] gateway: `neutron router-gateway-set [ROUTER] public` clear [ROUTER] gateway: `neutron router-gateway-clear [ROUTER]` add private subnet to [ROUTER]: `openstack router add subnet [ROUTER] private_subnet` remove private subnet to [ROUTER]: `openstack router remove subnet [ROUTER] private_subnet` list [ROUTER] interfaces: `openstack port list --router [ROUTER]`

* You can add additional parameters here like –egress for outgoing traffic or –protocol [UDP|ICMP]
** You can associate floating ip with specific port by adding –port PORT
*** You could also add –fixed-ip [subnet=SUBNET|ip-address=IP_ADDRESS]

Metadata related commands

Server*:

Metadata related commands
Server*:
retrieve metadata info: `curl http://169.254.169.254/`retrieve latest metadata: `curl http://169.254.169/254/latest`meta-data/$: `curl http://169.254.169/254/latest/meta-data`retrieve floating ip: `curl http://169.254.169/254/latest/meta-data/public-ipv4`retrieve openstack metadata: `curl http://169.254.169.254/openstack`retrieve latest metadata: `curl http://169.254.169.254/openstack/metadata`retrieve meta_data.json: `curl http://169.254.169.254/openstack/meta_data.json`

retrieve metadata info:

curl http://169.254.169.254/

retrieve latest metadata:

curl http://169.254.169/254/latest

meta-data/$:

curl http://169.254.169/254/latest/meta-data

retrieve floating ip:

curl http://169.254.169/254/latest/meta-data/public-ipv4

retrieve openstack metadata:

curl http://169.254.169.254/openstack

retrieve latest metadata:

curl http://169.254.169.254/openstack/metadata

retrieve meta_data.json:
curl http://169.254.169.254/openstack/meta_data.json

* Curl commands are to be ran from running server

Openstack commands:	Old commands:
Server creation*:
`openstack server create \ --image [IMAGE] \ --flavor [FLAVOR] \ --nic [net-id=NETWORK_UUID\|port-id=PORT_UUID] \ --key-name [KEYPAIR] \ [SERVER]`	`nova boot --image [IMAGE] \ --flavor [FLAVOR] \ --nic [net-id=NETWORK_UUID\|port-id=PORT_UUID] \ --key-name [KEYPAIR] \ [SERVER]`

* You could use –nic net-id=NETWORK_UUID,v4-fixed-ip=IP_ADDRESS to specify fixed IP for SERVER

Few examples:
Create cirros-image:
`openstack image create --public --container-format=bare --disk-format=qcow2 --file cirros-0.3.4-x86_64-disk.img cirros-image`
Create network:
`neutron net-create external_network --provider:network_type flat --provider:physical_network extnet --router:external`
Create subnet:
`neutron subnet-create --name public_subnet --enable_dhcp=False --allocation-pool=start=172.30.152.10,end=172.30.152.40 --gateway=172.30.152.1 external_network 172.30.152.0/24`
Create server:
`openstack server create --image 9d904b2f-8774-4db8-b195-8aa47e3ebe3c --flavor 1 --nic net-id=4d75d36b-cc99-46b3-83aa-6ae5a96ae38e cirros`

Cloud config* examples:
Configure time zone:
`#cloud-config timezone: "Europe/Sarajevo"`
Install packages, specific versions**
`#cloud-config packages: - pwgen - pastebinit - [libpython2.7, 2.7.3-0ubuntu3.1]`
Upgrade all packages**:
`#cloud-config package_upgrade: true`
Install NTP if neccessary and configure NTP server map
`#cloud-config ntp: servers: - my.ntp.server - ntp.ubuntu.com - 192.168.23.2`
Configure CentOS users centos and root with password
`#cloud-config chpasswd: list: \| root:changeme centos:changeme expire: False ssh_pwauth: True`

* Yaml format text files that begin with #cloud-config and are executed by cloud-init process present in most cloud image files, but not in cirros.
** Works with all package managers if specific distro-package is not specified f.e. 2.7.3-0ubuntu3.1

21. 04. 202021. 04. 2020

Mount removable drives and network locations in the Windows Subsystem for Linux

You can mount a removable device or mounted network drive by using drvfs:

sudo mkdir /mnt/x
sudo mount -t drvfs X: /mnt/x

Or you could use UNC (Universal Naming Convention) format to mount:

sudo mkdir /mnt/folder
sudo mount -t '\\server\folder' /mnt/folder