devnull

Man of many talents. Server janitor, Chief Googler, Vice President of Pencil Sharpening, Director of Turning Things Off and On Again. Technology Plumber using Linux for stuff like Satellite STB, home CCTV system, kitchen sound bar, workstations, even car onboard computer. And servers, oh yeah - lots of them. I've been a Linux Mercenary for quite a while now, often using information posted by kind strangers on the Internet to solve problems during this journey. This blog is a humble attempt to give something back to the community.

OpenStack – working with command line (CLI)

 linux  No Responses »
Jan 272016
 

dell rackI keep forgetting syntax for these commands, maybe simply because I’m not using them too often. We mainly use Horizon web interface, do we? Anyway, here we go:

Keystone

keystone user-list
keystone token-get

Glance

glance image-list
glance image-create --min-disk 20 --name="CentOS 7 2015-12-17" \
--disk-format=qcow2 --container-format=bare --property architecture=x86_64 \
--progress --is-public yes --is-protected true \
--file CentOS-7-x86_64-GenericCloud.qcow2

Nova

nova list
nova image-list
nova host-list
nova service-list
nova-manage service describe_resource prod018.openstack.mielnet.pl
nova hypervisor-show prod017.openstack.mielnet.pl
#on the controller
multitail /var/log/nova/{scheduler.log,console.log,conductor.log}
# on the compute node
multitail /var/log/nova/compute.log

 

Neutron

neutron ext-list
neutron security-group-list
neutron security-group-show 626de015-b43f-405f-add2-e9797bcdb1d6
neutron router-list
neutron subnet-list
neutron net-external-list
neutron quota-list
neutron net-list

Cinder

cinder absolute-limits
cinder backup-list
cinder list
cinder service-list
cinder type-list
cinder-manage service list
cinder service-disable prod016.openstack.mielnet.pl cinder-volume
cinder service-disable prod016.openstack.mielnet.pl@gluster cinder-volume
cinder service-list
# I messed up and had to resolve problem in a brutal way, don't try this at home:
mysql -e "update services set deleted = 1 where host like 'prod016.openstack.mielnet.pl%' and disabled = 1 " cinder

 

Swift

swift-init all restart
swift list
head -c 1024 /dev/urandom > data1.file ; swift upload c1 data1.file
head -c 1024 /dev/urandom > data2.file ; swift upload c1 data2.file
head -c 1024 /dev/urandom > data3.file ; swift upload c1 data3.file
swift list
swift list c1

 

New release KILO comes with command “openstack”

openstack user list
openstack role list
openstack service list
openstack endpoint list
openstack endpoint show 75141ca587a64e3bbf76476dc0b28c87

Openvswitch

ovs-vsctl -v
ovs-vsctl show

ovs-vsctl list-br 
ovs-vsctl list-ports br-tun
ovs-vsctl list-ports br-int
ovs-vsctl list-ports br-ex

ovs-vsctl list interface

ovs-ofctl dump-flows br-tun
ovs-ofctl dump-flows br-int
ovs-ofctl dump-flows br-ex

ovs-ofctl show br-ex
ovs-ofctl show br-int
ovs-ofctl show br-tun

ovs-ofctl dump-ports br-ex
ovs-ofctl dump-ports br-tun
ovs-ofctl dump-ports br-int

watch "ovs-ofctl dump-flows br-tun"

ovs-dpctl dump-flows

ovs-appctl fdb/show br-int

ip neighbor 

ip netns exec qrouter-94f86c98-4a32-4e24-a0bc-03e6b330bf09 bash
ip netns exec qrouter-94f86c98-4a32-4e24-a0bc-03e6b330bf09 tcpdump -qnntpi any icmp
ip netns exec qrouter-94f86c98-4a32-4e24-a0bc-03e6b330bf09 tcpdump -e -n -l -i qg-938cc240-04

neutron router-list
neutron l3-agent-list-hosting-router 94f86c98-4a32-4e24-a0bc-03e6b330bf09
neutron l3-agent-router-remove a5ac220d-f1c7-42bc-8b55-db9cdf4bc198 94f86c98-4a32-4e24-a0bc-03e6b330bf09
neutron agent-list
neutron l3-agent-router-add a5ac220d-f1c7-42bc-8b55-db9cdf4bc198 94f86c98-4a32-4e24-a0bc-03e6b330bf09

 

Fixing things that went wrong

tgt-admin -s

mysql -e "update services set deleted = 1 where host like 'prod016.openstack.mielnet.pl%' and disabled = 1 " cinder

# mysql nova
delete from instance_faults where instance_faults.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from instance_id_mappings where instance_id_mappings.uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from instance_info_caches where instance_info_caches.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from instance_system_metadata where instance_system_metadata.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from security_group_instance_association where security_group_instance_association.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from block_device_mapping where block_device_mapping.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from fixed_ips where fixed_ips.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from instance_actions_events where instance_actions_events.action_id in (select id from instance_actions where instance_actions.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8');
delete from instance_actions where instance_actions.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from virtual_interfaces where virtual_interfaces.instance_uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
delete from instances where instances.uuid = 'ae7b9c84-4861-47a5-83af-4bd04b8d20c8';
update instances set deleted='1', vm_state='deleted', deleted_at='now()' where uuid='ae7b9c84-4861-47a5-83af-4bd04b8d20c8';

Managing Linux firewall – ufw and firewall-cmd

 centos, debian, linux, server  No Responses »
Dec 172015
 

Come Back Later

These are just examples to pick your imagination, please do refrain from blindly coping and pasting as you can cut yourself off 😀

UFW quick setup (Debian/Ubuntu)

 

aptitude install ufw
ufw allow 22/tcp
ufw allow from 124.111.0.0/16 to any port 22
ufw allow 80/tcp
ufw allow 443/tcp
ufw allow proto tcp from IP.ADD.Here to any port 3306
ufw allow proto udp from IP.ADD.Here to any port 161
ufw allow proto udp from IP.ADD.Here to any port 161
ufw allow from 10.10.1.0/24
# allow traffic on interface
ufw allow in on em3

ufw enable
ufw status
ufw status numbered
ufw delete 10
# ufw supports connection rate limiting, which is useful for protecting against brute-force login attacks. 
# ufw will deny connections if an IP address has attempted to initiate 6 or more connections in the last 30 seconds.
ufw limit ssh
ufw logging off #once it working stop flooding logs!

# ufw on KVM server, edit /etc/ufw/sysctl.conf
# and make sure we don't filter packets to our libvirt guests
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

firewall-cmd quick setup (RedHat/CentOS 7)

firewall-cmd --get-services
firewall-cmd --permanent --add-service=http
firewall-cmd --permanent --add-service=https

# punch a hole for CIFS
firewall-cmd --permanent --add-service=samba

firewall-cmd --permanent --add-port 5989/tcp
firewall-cmd --list-all-zones
firewall-cmd --list-ports

firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-all
firewall-cmd --permanent --remove-service=dhcpv6-client

firewall-cmd --zone=trusted --add-source=10.100.1.18 --permanent
firewall-cmd --reload

Some say firewalld is too complicated for most server type of use, who am I to judge? Alegedly firewalld also requires Network Manager so if Network Manager is disabled then we need to go back. If you want to replace firewalld with good ol’ iptables:

systemctl disable firewalld
systemctl stop firewalld
yum -y install iptables-services
touch /etc/sysconfig/iptables
touch /etc/sysconfig/iptables6
systemctl start iptables
systemctl start ip6tables
systemctl enable iptables
systemctl enable ip6tables
 Older Entries  Newer Entries