Skip to content
Snippets Groups Projects
Commit 1fdfac9c authored by František Řezníček's avatar František Řezníček
Browse files

feat: new generation of G2 commandline demo (group/personal project autodetection)

parent 8fda5fe2
No related branches found
No related tags found
No related merge requests found
#!/usr/bin/env bash
# common functions
#
#############################################################################
# functions
......@@ -53,7 +52,7 @@ function test_vm_access() {
local port="${2:-"22"}"
for ((i=0;i<60;i++)); do
if ncat -z "${ip}" "${port}"; then
echo "VM accessible ${ip}:${port}"
echo "VM is accessible at ${ip}:${port}"
break
else
echo -n .
......@@ -62,6 +61,10 @@ function test_vm_access() {
done
}
function test_vm_access_ncat() {
test_vm_access "$@"
}
function delete_common_objects() {
if [ -s "${FIP_FILE}" ]; then
echo -n 'floating-ip '
......@@ -78,8 +81,10 @@ function delete_common_objects() {
function delete_objects_group_project() {
delete_common_objects
echo -n 'disconnect-router-from-subnet '
openstack router remove subnet "${ROUTER_NAME}" "${SUBNET_NAME}" >/dev/null
if openstack router show "${ROUTER_NAME}" &>/dev/null; then
echo -n 'disconnect-router-from-subnet '
openstack router remove subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
fi
echo -n 'router '
delete_object_if_exists router "${ROUTER_NAME}"
echo -n 'subnet '
......@@ -110,18 +115,53 @@ function list_objects() {
done
}
function duration_human() {
local secs="$1"
if [[ "${secs}" -lt 60 ]]; then
echo "${secs}s"
elif [[ "${secs}" -lt $((60*60)) ]]; then
echo "$((${secs} / 60))m$((${secs} % 60))s"
else
echo "$((${secs} / (60*60)))h$(( ( ${secs} % (60*60) ) /60 ))m$((${secs} % 60))s"
fi
}
function log() {
echo -e "\n"
echo ""
echo -e "$@"
export STAGE_NAME="$@"
}
function log_keypress() {
function log_section() {
local terminal_size="${COLUMNS}"
[ -z "${terminal_size}" -o "${terminal_size}" == "0" ] && terminal_size="$(tput cols)"
local input_string="$(echo -e "$@"| tail -1)"
local section_width=$(( ${terminal_size} - ${#input_string} - 2 ))
local section_character="="
local section_string=$(printf -- "${section_character}%.0s" $(seq 1 ${section_width}))
echo ""
echo -e "$@ ${section_string}"
export STAGE_NAME="$@"
}
function wait_keypress_timeout() {
local x=
local duration_seconds=${KEYPRESS_DURATION_SECONDS:-120}
echo -n "... (press Enter or wait $(duration_human ${duration_seconds}))"
read -t ${duration_seconds} x || \
echo " [keyboard input timed out]"
}
function log_keypress() {
log "$@"
echo -n "... (keypress or wait 2m)"
read -t 120 x
wait_keypress_timeout
}
function log_section_keypress() {
log_section "$@"
wait_keypress_timeout
}
function is_personal_project() {
......
#!/usr/bin/env bash
# e-INFRA CZ G2 openstack command-line demo - group project
# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
#
SCRIPT_DIR=$(dirname $(readlink -f $0))
#############################################################################
# variables
#############################################################################
ENTITIES_PREFIX="${1:-"${USERNAME:-"a-group-user"}"}"
EXTERNAL_NETWORK_NAME="provider-ipv4-general-public"
KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
SUBNET_CIDR="192.168.222.0/24"
SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
FLAVOR_NAME="e1.medium"
IMAGE_NAME="ubuntu-jammy-x86_64"
VM_LOGIN="ubuntu"
ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
FIP_FILE="${ENTITIES_PREFIX}-fip.txt"
SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
#############################################################################
# functions
#############################################################################
source ${SCRIPT_DIR}/../../../common/lib.sh.inc
#############################################################################
# main steps
#############################################################################
openstack version show | grep identity
# check we are on group project
if prj_name=$(is_personal_project); then
echo "WARNING: You are using script in a personal project (${prj_name})! You may experience lack of following resources (router, floating ip), to avoid that use cmdline-demo-personal-project.sh instead."
sleep 10
else
log "Execution in a group project: ${prj_name}"
fi
# delete objects (from previous run)
log "Delete previously created objects"
delete_objects_group_project
log "List currently allocated objects"
list_objects
log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
ssh-keygen -t rsa -b 4096 -f "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}"
openstack keypair create --type ssh --public-key "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
mkdir -p ${HOME}/.ssh/g2/ostrava
chmod 700 ${HOME}/.ssh/g2 ${HOME}/.ssh/g2/ostrava
ls -la ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}*
log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
log_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
openstack network create "${NETWORK_NAME}"
NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}" --dns-nameserver 8.8.4.4 --dns-nameserver 8.8.8.8
log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
" flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
" keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})"
openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
--network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
--security-group "${SECGROUP_NAME}" "${SERVER_NAME}"
SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
log "Route VM from internal software defined networking outside"
log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
openstack router create "${ROUTER_NAME}"
openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
if [ -n "${FIP}" ]; then
echo "${FIP}" > "${FIP_FILE}"
echo "Obtained public FIP ${FIP}"
log_keypress " 3] Assign selected FIP with created VM"
openstack server add floating ip "${SERVER_NAME}" "${FIP}"
log "Test access to the VM server instance"
log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
test_vm_access "${FIP}"
log_keypress " 2] SSH command (ssh -i ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
ssh-keygen -R ${FIP} &>/dev/null
ssh -i "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
else
log "Unable to allocate FIP address, VM is created but not accessible from internet."
fi
log_keypress "Object summary:"
list_objects
log_keypress "Teardown of the objects"
delete_objects_group_project
#!/usr/bin/env bash
# e-INFRA CZ G2 openstack command-line demo - personal project
# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
#
SCRIPT_DIR=$(dirname $(readlink -f $0))
#############################################################################
# variables
#############################################################################
ENTITIES_PREFIX="${1:-"${USERNAME:-"an-user"}"}"
EXTERNAL_NETWORK_NAME="provider-ipv4-general-public"
KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
NETWORK_NAME="internal-ipv4-general-private"
SUBNET_NAME="internal-ipv4-general-private-172-22-0-0"
SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
ROUTER_NAME="internal-ipv4-general-private"
FLAVOR_NAME="e1.medium"
IMAGE_NAME="ubuntu-jammy-x86_64"
VM_LOGIN="ubuntu"
FIP_FILE="${ENTITIES_PREFIX}-fip.txt"
SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
#############################################################################
# functions
#############################################################################
source ${SCRIPT_DIR}/../../../common/lib.sh.inc
#############################################################################
# main steps
#############################################################################
openstack version show | grep identity
# check we are on personal project
if prj_name=$(is_personal_project); then
log "Execution in your personal project: ${prj_name}"
else
echo "ERROR: You are not running script on your personal project(${prj_name})! Use cmdline-demo-group-project.sh instead."
exit 1
fi
# delete objects (from previous run)
log "Delete previously created objects"
delete_objects_personal_project
log "List currently allocated objects"
list_objects
log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
ssh-keygen -t rsa -b 4096 -f "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}"
openstack keypair create --type ssh --public-key "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
mkdir -p ${HOME}/.ssh/g2/ostrava
chmod 700 ${HOME}/.ssh/g2 ${HOME}/.ssh/g2/ostrava
ls -la ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}*
log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
log_keypress "Re-use existing network (${NETWORK_NAME}) and subnet (${SUBNET_NAME})"
NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
" flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
" keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})"
openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
--network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
--security-group "${SECGROUP_NAME}" "${SERVER_NAME}"
SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
log "Route VM from internal software defined networking outside"
log " 1] Reuse existing router ${ROUTER_NAME} (not visible in personal project)"
log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
if [ -n "${FIP}" ]; then
echo "${FIP}" > "${FIP_FILE}"
echo "Obtained public FIP ${FIP}"
log_keypress " 3] Assign selected FIP with created VM"
openstack server add floating ip "${SERVER_NAME}" "${FIP}"
log "Test access to the VM server instance"
log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
test_vm_access "${FIP}"
log_keypress " 2] SSH command (ssh -i ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
ssh-keygen -R ${FIP} &>/dev/null
ssh -i "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
else
log "Unable to allocate FIP address, VM is created but not accessible from internet."
fi
log_keypress "Object summary:"
list_objects
log_keypress "Teardown of the objects"
delete_objects_personal_project
# Build OpenStack infrastructure from command-line using openstack client
## Pre-requisites
* Linux/Max/WSL2 terminal
* BASH shell
* installed openstack client ([how?](https://docs.fuga.cloud/how-to-use-the-openstack-cli-tools-on-linux))
* e-INFRA OpenStack cloud personal/group project granted.
* downloaded application credentials from OpenStack Horizon dashboard ([how?](https://docs.e-infra.cz/compute/openstack/how-to-guides/obtaining-api-key/)) and store as text file `project_openrc.sh.inc`.
## How to use the script
```sh
# in bash shell
source project_openrc.sh.inc
./cmdline-demo.sh basic-infrastructure-1
```
See linked reference executions for [personal](./cmdline-demo.sh.personal.log) and [group project](./cmdline-demo.sh.group.log).
## Infrastructure schema
How does the basic infrastructure looks like?
* single VM (ubuntu-jammy)
* VM firewall opening port 22
* VM SSH keypair generated locally and pubkey uploaded to cloud
* private subnet and network (skipped for personal projects where shared entities are used)
* router to external internet (skipped for personal projects where shared entities are used)
* public floating ip address
![basic-infrastructure.png](/clouds/common/pictures/basic-infrastructure.png)
#!/usr/bin/env bash
# e-INFRA CZ G2 openstack command-line demo - group project
# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
#
SCRIPT_DIR=$(dirname $(readlink -f $0))
#############################################################################
# variables
#############################################################################
ENTITIES_PREFIX="${1:-"${USERNAME:-"a-group-user"}"}"
EXTERNAL_NETWORK_NAME="external-ipv4-general-public"
KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
SUBNET_CIDR="192.168.222.0/24"
SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
FLAVOR_NAME="e1.medium"
IMAGE_NAME="ubuntu-jammy-x86_64"
VM_LOGIN="ubuntu"
ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
FIP_FILE="${ENTITIES_PREFIX}-fip.txt"
SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
#############################################################################
# functions
#############################################################################
source ${SCRIPT_DIR}/../../../common/lib.sh.inc
#############################################################################
# main steps
#############################################################################
openstack version show | grep identity
# check we are on group project
if prj_name=$(is_personal_project); then
echo "WARNING: You are using script in a personal project (${prj_name})! You may experience lack of following resources (router, floating ip), to avoid that use cmdline-demo-personal-project.sh instead."
sleep 10
else
log "Execution in a group project: ${prj_name}"
fi
# delete objects (from previous run)
log "Delete previously created objects"
delete_objects_group_project
log "List currently allocated objects"
list_objects
log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
ssh-keygen -t rsa -b 4096 -f "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}"
openstack keypair create --type ssh --public-key "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
mkdir -p ${HOME}/.ssh/g2/ostrava
chmod 700 ${HOME}/.ssh/g2 ${HOME}/.ssh/g2/ostrava
ls -la ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}*
log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
log_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
openstack network create "${NETWORK_NAME}"
NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}" --dns-nameserver 8.8.4.4 --dns-nameserver 8.8.8.8
log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
" flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
" keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})"
openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
--network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
--security-group "${SECGROUP_NAME}" "${SERVER_NAME}"
SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
log "Route VM from internal software defined networking outside"
log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
openstack router create "${ROUTER_NAME}"
openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
if [ -n "${FIP}" ]; then
echo "${FIP}" > "${FIP_FILE}"
echo "Obtained public FIP ${FIP}"
log_keypress " 3] Assign selected FIP with created VM"
openstack server add floating ip "${SERVER_NAME}" "${FIP}"
log "Test access to the VM server instance"
log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
test_vm_access "${FIP}"
log_keypress " 2] SSH command (ssh -i ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
ssh-keygen -R ${FIP} &>/dev/null
ssh -i "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
else
log "Unable to allocate FIP address, VM is created but not accessible from internet."
fi
log_keypress "Object summary:"
list_objects
log_keypress "Teardown of the objects"
delete_objects_group_project
#!/usr/bin/env bash
# e-INFRA CZ G2 openstack command-line demo - personal project
# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
#
SCRIPT_DIR=$(dirname $(readlink -f $0))
#############################################################################
# variables
#############################################################################
ENTITIES_PREFIX="${1:-"${USERNAME:-"an-user"}"}"
EXTERNAL_NETWORK_NAME="external-ipv4-general-public"
KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
NETWORK_NAME="internal-ipv4-general-private"
SUBNET_NAME="internal-ipv4-general-private-172-22-0-0"
SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
ROUTER_NAME="internal-ipv4-general-private"
FLAVOR_NAME="e1.medium"
IMAGE_NAME="ubuntu-jammy-x86_64"
VM_LOGIN="ubuntu"
FIP_FILE="${ENTITIES_PREFIX}-fip.txt"
SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
#############################################################################
# functions
#############################################################################
source ${SCRIPT_DIR}/../../../common/lib.sh.inc
#############################################################################
# main steps
#############################################################################
openstack version show | grep identity
# check we are on personal project
if prj_name=$(is_personal_project); then
log "Execution in your personal project: ${prj_name}"
else
echo "ERROR: You are not running script on your personal project(${prj_name})! Use cmdline-demo-group-project.sh instead."
exit 1
fi
# delete objects (from previous run)
log "Delete previously created objects"
delete_objects_personal_project
log "List currently allocated objects"
list_objects
log_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
ssh-keygen -t rsa -b 4096 -f "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}"
openstack keypair create --type ssh --public-key "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
mkdir -p ${HOME}/.ssh/g2/ostrava
chmod 700 ${HOME}/.ssh/g2 ${HOME}/.ssh/g2/ostrava
ls -la ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}*
log_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
log_keypress "Re-use existing network (${NETWORK_NAME}) and subnet (${SUBNET_NAME})"
NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
log_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
" flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
" keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})"
openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
--network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
--security-group "${SECGROUP_NAME}" "${SERVER_NAME}"
SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
log "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
log "Route VM from internal software defined networking outside"
log " 1] Reuse existing router ${ROUTER_NAME} (not visible in personal project)"
log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
if [ -n "${FIP}" ]; then
echo "${FIP}" > "${FIP_FILE}"
echo "Obtained public FIP ${FIP}"
log_keypress " 3] Assign selected FIP with created VM"
openstack server add floating ip "${SERVER_NAME}" "${FIP}"
log "Test access to the VM server instance"
log_keypress " 1] TCP ping (ncat -z ${FIP} 22)"
test_vm_access "${FIP}"
log_keypress " 2] SSH command (ssh -i ${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
ssh-keygen -R ${FIP} &>/dev/null
ssh -i "${HOME}/.ssh/g2/ostrava/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime'
else
log "Unable to allocate FIP address, VM is created but not accessible from internet."
fi
log_keypress "Object summary:"
list_objects
log_keypress "Teardown of the objects"
delete_objects_personal_project
#!/usr/bin/env bash
# e-INFRA CZ G2 openstack command-line demo - personal/group project
# Usage: cmdline-demo-group-project.sh [ostack-entities-prefix]
#
SCRIPT_DIR=$(dirname $(readlink -f $0))
#############################################################################
# variables
#############################################################################
ENTITIES_PREFIX="${1:-"${USER}_$(hostname)"}"
EXTERNAL_NETWORK_NAME="external-ipv4-general-public"
KEYPAIR_NAME="${ENTITIES_PREFIX}-demo-keypair"
##NETWORK_NAME="${ENTITIES_PREFIX}-demo-network"
##SUBNET_NAME="${ENTITIES_PREFIX}-demo-subnet"
SUBNET_CIDR="192.168.222.0/24"
SERVER_NAME="${ENTITIES_PREFIX}-demo-server"
FLAVOR_NAME="${FLAVOR_NAME:-"e1.medium"}"
IMAGE_NAME="${IMAGE_NAME:-"ubuntu-jammy-x86_64"}"
VM_LOGIN="${VM_LOGIN:-"ubuntu"}"
##ROUTER_NAME="${ENTITIES_PREFIX}-demo-router"
FIP_FILE="${ENTITIES_PREFIX}-fip.txt"
SECGROUP_NAME="${ENTITIES_PREFIX}-demo-secgroup"
EXTRA_VOLUME_SIZE_GB=${EXTRA_VOLUME_SIZE_GB:-"0"}
EXTRA_VOLUME_NAME="${ENTITIES_PREFIX}-demo-volume"
EXTRA_VOLUME_TYPE="${EXTRA_VOLUME_TYPE:-""}"
SERVER_CREATE_ADDITIONAL_ARGS="${SERVER_CREATE_ADDITIONAL_ARGS:-""}"
SERVER_EPHEMERAL_DISK_SIZE="${SERVER_EPHEMERAL_DISK_SIZE:-"0"}"
declare -A ROUTER_NAME_ARR
ROUTER_NAME_ARR[personal]="${ROUTER_NAME:-"internal-ipv4-general-private"}"
ROUTER_NAME_ARR[group]="${ROUTER_NAME:-"${ENTITIES_PREFIX}-demo-router"}"
declare -A NETWORK_NAME_ARR
NETWORK_NAME_ARR[personal]="${NETWORK_NAME:-"internal-ipv4-general-private"}"
NETWORK_NAME_ARR[group]="${NETWORK_NAME:-"${ENTITIES_PREFIX}-demo-network"}"
declare -A SUBNET_NAME_ARR
SUBNET_NAME_ARR[personal]="${SUBNET_NAME:-"internal-ipv4-general-private-172-22-0-0"}"
SUBNET_NAME_ARR[group]="${SUBNET_NAME:-"${ENTITIES_PREFIX}-demo-subnet"}"
CLOUD_ENV_NAME="prod-ostrava"
#############################################################################
# functions
#############################################################################
source ${SCRIPT_DIR}/../../../../common/lib.sh.inc
#############################################################################
# main steps
#############################################################################
log_section "Using commandline tools:"
report_tools || myexit 1
log_section "Using OpenStack cloud:"
openstack version show -fcsv | grep identity || myexit 1
# detect project type (group/personal) --------------------------------------
project_type=group
if prj_name=$(is_personal_project); then
project_type=personal
fi
NETWORK_NAME="${NETWORK_NAME_ARR[${project_type}]}"
SUBNET_NAME="${SUBNET_NAME_ARR[${project_type}]}"
ROUTER_NAME="${ROUTER_NAME_ARR[${project_type}]}"
log "Using OpenStack ${project_type} project named: ${prj_name}"
# delete objects (from previous run) ----------------------------------------
log_section "Delete previously created objects (delete_objects_${project_type}_project)"
delete_objects_${project_type}_project
# ---------------------------------------------------------------------------
log_section "List currently allocated objects"
list_objects
# ---------------------------------------------------------------------------
log_section_keypress "Create (generate) locally SSH keypair, upload public SSH key to cloud"
ssh_keypair_dir="${HOME}/.ssh/${CLOUD_ENV_NAME}"
if [ -s "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}" -a -s "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}.pub" ]; then
log "Reusing already existing SSH keypair at ${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}"
else
ssh-keygen -t rsa -b 4096 -f "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}"
fi
openstack keypair create --type ssh --public-key "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}.pub" "${KEYPAIR_NAME}"
mkdir -p "${ssh_keypair_dir}"
chmod 700 "${ssh_keypair_dir}"
ls -la ${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}*
# ---------------------------------------------------------------------------
log_section_keypress "Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22"
openstack security group create --description "${ENTITIES_PREFIX} demo default security group" "${SECGROUP_NAME}"
openstack security group rule create --ingress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 22 "${SECGROUP_NAME}"
openstack security group rule create --egress --proto tcp --remote-ip 0.0.0.0/0 --dst-port 1:65535 "${SECGROUP_NAME}"
# ---------------------------------------------------------------------------
if [ "${project_type}" == "group" ]; then
log_section_keypress "Create cloud private network and subnet, so far isolated (CIDR:${SUBNET_CIDR})"
openstack network create "${NETWORK_NAME}"
NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
openstack subnet create "${SUBNET_NAME}" --network "${NETWORK_ID}" --subnet-range "${SUBNET_CIDR}" --dns-nameserver 8.8.4.4 --dns-nameserver 8.8.8.8
else
log_section_keypress "Re-use existing network (${NETWORK_NAME}) and subnet (${SUBNET_NAME})"
NETWORK_ID=$(openstack network show "${NETWORK_NAME}" -f value -c id)
fi
# ---------------------------------------------------------------------------
if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
log_keypress "Create cloud VM extra volume \"${EXTRA_VOLUME_NAME}\" with following configuration:\n" \
" size: ${EXTRA_VOLUME_SIZE_GB} GB, volume type: ${EXTRA_VOLUME_TYPE}"
openstack volume create ${EXTRA_VOLUME_TYPE:+--type=${EXTRA_VOLUME_TYPE}} --size "${EXTRA_VOLUME_SIZE_GB}" ${EXTRA_VOLUME_NAME}
fi
# ---------------------------------------------------------------------------
if [ -n "${SERVER_EPHEMERAL_DISK_SIZE}" -a "${SERVER_EPHEMERAL_DISK_SIZE}" -gt "0" ]; then
SERVER_CREATE_ADDITIONAL_ARGS="${SERVER_CREATE_ADDITIONAL_ARGS} --ephemeral=size=${SERVER_EPHEMERAL_DISK_SIZE}"
fi
log_section_keypress "Create cloud VM instance \"${SERVER_NAME}\" with following configuration:\n" \
" flavor: ${FLAVOR_NAME}, image/os: ${IMAGE_NAME}, network: ${NETWORK_NAME}\n" \
" keypair: ${KEYPAIR_NAME}, sec-group/firewall: ${SECGROUP_NAME})" \
" additional arguments: ${SERVER_CREATE_ADDITIONAL_ARGS}"
openstack server create --flavor "${FLAVOR_NAME}" --image "${IMAGE_NAME}" \
--network "${NETWORK_ID}" --key-name "${KEYPAIR_NAME}" \
--security-group "${SECGROUP_NAME}" ${SERVER_CREATE_ADDITIONAL_ARGS} "${SERVER_NAME}"
SERVER_ID=$(openstack server show "${SERVER_NAME}" -f value -c id)
log_section "Wait for VM instance \"${SERVER_NAME}\" being ACTIVE"
vm_wait_for_status "${SERVER_NAME}" "ACTIVE"
if [ "${EXTRA_VOLUME_SIZE_GB}" -gt 0 ]; then
log_section_keypress "Attach extra volume \"${EXTRA_VOLUME_NAME}\" (${EXTRA_VOLUME_SIZE_GB} GB) to VM \"${SERVER_NAME}\""
openstack server add volume ${SERVER_NAME} ${EXTRA_VOLUME_NAME} --device /dev/sdb
fi
# ---------------------------------------------------------------------------
if [ "${project_type}" == "group" ]; then
log_section "Route VM from internal software defined networking outside"
log_keypress " 1] Create route, associate router with external provider network and internal subnet (${SUBNET_CIDR})"
openstack router create "${ROUTER_NAME}"
openstack router set "${ROUTER_NAME}" --external-gateway "${EXTERNAL_NETWORK_NAME}"
openstack router add subnet "${ROUTER_NAME}" "${SUBNET_NAME}"
else
log " 1] Reuse existing router ${ROUTER_NAME} (may not be visible from personal projects)"
fi
# ---------------------------------------------------------------------------
log_keypress " 2] Allocate single FIP (floating ip) from external provider network"
FIP=$(openstack floating ip create "${EXTERNAL_NETWORK_NAME}" -f value -c name)
if [ -n "${FIP}" ]; then
echo "${FIP}" > "${FIP_FILE}"
echo "Successfully obtained public ipv4 floating IP adress (FIP): ${FIP}"
log " 3] Associate selected FIP with created VM"
openstack server add floating ip "${SERVER_NAME}" "${FIP}"
log_section "VM server instance access tests"
log_keypress " 1] TCP access (ncat -z ${FIP} 22)"
test_vm_access_ncat "${FIP}"
log_keypress " 2] SSH access (ssh -i ${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME} ${VM_LOGIN}@${FIP})"
ssh-keygen -R ${FIP} &>/dev/null
ssh -o StrictHostKeyChecking=no -i "${ssh_keypair_dir}/id_rsa.${KEYPAIR_NAME}" "${VM_LOGIN}@${FIP}" 'echo "";uname -a;uptime; echo "VM access succeeded!"'
else
log "Unable to allocate FIP address, VM is created but not accessible from internet."
fi
# ---------------------------------------------------------------------------
log_section_keypress "Object summary in profile ${ENTITIES_PREFIX}"
list_objects
# ---------------------------------------------------------------------------
log_section_keypress "Teardown of the objects (delete_objects_${project_type}_project)" \
"(Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction)"
delete_objects_${project_type}_project
[freznicek@lenovo-t14 commandline 0]$ source ~/conf/g2-prod-ostrava-meta-cloud-training-all-roles-openrc.sh
[freznicek@lenovo-t14 commandline 0]$ ./cmdline-demo.sh group-project-infra | tee -a ./cmdline-demo.sh.group.log
Using commandline tools: ==================================================================================
openstack --version:
openstack 5.5.0
bash --version:
GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
awk -W version:
GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
ssh -V:
OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
which ssh-keygen:
/usr/bin/ssh-keygen
ncat --version:
Ncat: Version 7.93 ( https://nmap.org/ncat )
grep --version:
grep (GNU grep) 3.7
Using OpenStack cloud: ====================================================================================
"Ostrava","identity","3.14","CURRENT","https://identity.ostrava.openstack.cloud.e-infra.cz/v3/","",""
Using OpenStack group project named: meta-cloud-training
Delete previously created objects (delete_objects_group_project) ==========================================
server volume keypair router subnet network security-group
List currently allocated objects ==========================================================================
Create (generate) locally SSH keypair, upload public SSH key to cloud =====================================
... (press Enter or wait 2m) [keyboard input timed out]
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Generating public/private rsa key pair.
Your identification has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair
Your public key has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair.pub
The key fingerprint is:
SHA256:0rDmjE2hNNVMoQFWgjlBj4qYBo2KdIh5f1JSpSLtqTw freznicek@lenovo-t14
The key's randomart image is:
+---[RSA 4096]----+
| .o++o==+. |
|.+== + +o |
|=o=oB * |
|B+.= B = |
|B. * * S |
|.. . X . |
| E . + |
| . |
| |
+----[SHA256]-----+
+-------------+------------------------------------------------------------------+
| Field | Value |
+-------------+------------------------------------------------------------------+
| created_at | None |
| fingerprint | 73:5e:1c:02:bd:78:84:5f:86:48:a0:a3:10:b8:48:88 |
| id | group-project-infra-demo-keypair |
| is_deleted | None |
| name | group-project-infra-demo-keypair |
| type | ssh |
| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
+-------------+------------------------------------------------------------------+
-rw-------. 1 freznicek freznicek 3389 30. čec 19.50 /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair
-rw-r--r--. 1 freznicek freznicek 746 30. čec 19.50 /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair.pub
Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22 =
... (press Enter or wait 2m) [keyboard input timed out]
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-07-30T17:50:44Z |
| description | group-project-infra demo default security group |
| id | 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 |
| name | group-project-infra-demo-secgroup |
| project_id | 7587d86892f449c3b11fdedb05976007 |
| revision_number | 1 |
| rules | created_at='2023-07-30T17:50:44Z', direction='egress', ethertype='IPv4', id='078691bb-2ade-4311-9c05-3ec1d2f5f7c1', standard_attr_id='69083', updated_at='2023-07-30T17:50:44Z' |
| | created_at='2023-07-30T17:50:44Z', direction='egress', ethertype='IPv6', id='288be142-3143-4977-aeac-8543b6de26fb', standard_attr_id='69086', updated_at='2023-07-30T17:50:44Z' |
| stateful | True |
| tags | [] |
| updated_at | 2023-07-30T17:50:44Z |
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2023-07-30T17:50:46Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | 8ffe0827-37e5-48b1-9645-984ed558a87f |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 7587d86892f449c3b11fdedb05976007 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 |
| tags | [] |
| updated_at | 2023-07-30T17:50:46Z |
+-------------------------+--------------------------------------+
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2023-07-30T17:50:47Z |
| description | |
| direction | egress |
| ether_type | IPv4 |
| id | b4051757-5575-4bb4-a78b-39ad86b51bca |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 7587d86892f449c3b11fdedb05976007 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 |
| tags | [] |
| updated_at | 2023-07-30T17:50:47Z |
+-------------------------+--------------------------------------+
Create cloud private network and subnet, so far isolated (CIDR:192.168.222.0/24) ==========================
... (press Enter or wait 2m) [keyboard input timed out]
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | nova |
| availability_zones | |
| created_at | 2023-07-30T17:50:50Z |
| description | |
| dns_domain | None |
| id | da572ed6-0f65-44f6-8024-3d1f2b8ea64e |
| ipv4_address_scope | None |
| ipv6_address_scope | None |
| is_default | False |
| is_vlan_transparent | None |
| mtu | 8950 |
| name | group-project-infra-demo-network |
| port_security_enabled | True |
| project_id | 7587d86892f449c3b11fdedb05976007 |
| provider:network_type | None |
| provider:physical_network | None |
| provider:segmentation_id | None |
| qos_policy_id | None |
| revision_number | 1 |
| router:external | Internal |
| segments | None |
| shared | False |
| status | ACTIVE |
| subnets | |
| tags | |
| updated_at | 2023-07-30T17:50:50Z |
+---------------------------+--------------------------------------+
+----------------------+--------------------------------------+
| Field | Value |
+----------------------+--------------------------------------+
| allocation_pools | 192.168.222.2-192.168.222.254 |
| cidr | 192.168.222.0/24 |
| created_at | 2023-07-30T17:50:53Z |
| description | |
| dns_nameservers | 8.8.4.4, 8.8.8.8 |
| dns_publish_fixed_ip | None |
| enable_dhcp | True |
| gateway_ip | 192.168.222.1 |
| host_routes | |
| id | 4cf944c3-7fc8-4d94-8e3e-32982d71a135 |
| ip_version | 4 |
| ipv6_address_mode | None |
| ipv6_ra_mode | None |
| name | group-project-infra-demo-subnet |
| network_id | da572ed6-0f65-44f6-8024-3d1f2b8ea64e |
| prefix_length | None |
| project_id | 7587d86892f449c3b11fdedb05976007 |
| revision_number | 0 |
| segment_id | None |
| service_types | |
| subnetpool_id | None |
| tags | |
| updated_at | 2023-07-30T17:50:53Z |
+----------------------+--------------------------------------+
Create cloud VM instance "group-project-infra-demo-server" with following configuration:
flavor: e1.medium, image/os: ubuntu-jammy-x86_64, network: group-project-infra-demo-network
keypair: group-project-infra-demo-keypair, sec-group/firewall: group-project-infra-demo-secgroup) additional arguments: =
... (press Enter or wait 2m) [keyboard input timed out]
+-------------------------------------+------------------------------------------------------------------+
| Field | Value |
+-------------------------------------+------------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | P2F7CuwBuQdb |
| config_drive | |
| created | 2023-07-30T17:50:56Z |
| flavor | e1.medium (eaf0fbe1-c099-4cd6-b782-67e1ba9b1654) |
| hostId | |
| id | b494a8eb-2f3c-4536-b31f-43e56af8bee1 |
| image | ubuntu-jammy-x86_64 (9a071dba-67d5-445f-9d32-0f56360fb10f) |
| key_name | group-project-infra-demo-keypair |
| name | group-project-infra-demo-server |
| progress | 0 |
| project_id | 7587d86892f449c3b11fdedb05976007 |
| properties | |
| security_groups | name='04d9f7d1-48bd-44e3-bec2-0213ab2971a5' |
| status | BUILD |
| updated | 2023-07-30T17:50:56Z |
| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
| volumes_attached | |
+-------------------------------------+------------------------------------------------------------------+
Wait for VM instance "group-project-infra-demo-server" being ACTIVE =======================================
BUILD ACTIVE
Route VM from internal software defined networking outside ================================================
1] Create route, associate router with external provider network and internal subnet (192.168.222.0/24)
... (press Enter or wait 2m) [keyboard input timed out]
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| admin_state_up | UP |
| availability_zone_hints | nova |
| availability_zones | |
| created_at | 2023-07-30T17:51:06Z |
| description | |
| external_gateway_info | null |
| flavor_id | None |
| id | a36a839d-6b0f-452d-a762-4c3fb6585da6 |
| name | group-project-infra-demo-router |
| project_id | 7587d86892f449c3b11fdedb05976007 |
| revision_number | 1 |
| routes | |
| status | ACTIVE |
| tags | |
| updated_at | 2023-07-30T17:51:06Z |
+-------------------------+--------------------------------------+
2] Allocate single FIP (floating ip) from external provider network
... (press Enter or wait 2m) [keyboard input timed out]
Successfully obtained public ipv4 floating IP adress (FIP): 195.113.243.74
3] Associate selected FIP with created VM
VM server instance access tests ===========================================================================
1] TCP access (ncat -z 195.113.243.74 22)
... (press Enter or wait 2m) [keyboard input timed out]
..VM is accessible at 195.113.243.74:22
2] SSH access (ssh -i /home/freznicek/.ssh/prod-ostrava/id_rsa.group-project-infra-demo-keypair ubuntu@195.113.243.74)
... (press Enter or wait 2m) [keyboard input timed out]
Warning: Permanently added '195.113.243.74' (ED25519) to the list of known hosts.
Linux group-project-infra-demo-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
17:51:58 up 0 min, 0 users, load average: 0.82, 0.24, 0.08
VM access succeeded!
Object summary in profile group-project-infra =============================================================
... (press Enter or wait 2m) [keyboard input timed out]
keypairs:
+----------------------------------+-------------------------------------------------+------+
| Name | Fingerprint | Type |
+----------------------------------+-------------------------------------------------+------+
| group-project-infra-demo-keypair | 73:5e:1c:02:bd:78:84:5f:86:48:a0:a3:10:b8:48:88 | ssh |
+----------------------------------+-------------------------------------------------+------+
networks:
+--------------------------------------+----------------------------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------------------------------+--------------------------------------+
| da572ed6-0f65-44f6-8024-3d1f2b8ea64e | group-project-infra-demo-network | 4cf944c3-7fc8-4d94-8e3e-32982d71a135 |
+--------------------------------------+----------------------------------+--------------------------------------+
subnets:
+--------------------------------------+------------------------------------------+--------------------------------------+------------------+
| ID | Name | Network | Subnet |
+--------------------------------------+------------------------------------------+--------------------------------------+------------------+
| 4cf944c3-7fc8-4d94-8e3e-32982d71a135 | group-project-infra-demo-subnet | da572ed6-0f65-44f6-8024-3d1f2b8ea64e | 192.168.222.0/24 |
+--------------------------------------+------------------------------------------+--------------------------------------+------------------+
routers:
+--------------------------------------+---------------------------------+--------+-------+----------------------------------+
| ID | Name | Status | State | Project |
+--------------------------------------+---------------------------------+--------+-------+----------------------------------+
| a36a839d-6b0f-452d-a762-4c3fb6585da6 | group-project-infra-demo-router | ACTIVE | UP | 7587d86892f449c3b11fdedb05976007 |
+--------------------------------------+---------------------------------+--------+-------+----------------------------------+
floating_ips:
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| bf3c9f36-8a05-42af-a7d3-05e3adeb51d4 | 195.113.243.74 | 192.168.222.102 | 9a5cfd85-ef27-4298-b6f8-b61a7cf7f06d | 5a778b8d-4194-48fd-880d-181aaf7222c2 | 7587d86892f449c3b11fdedb05976007 |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
security_groups:
+--------------------------------------+-----------------------------------+-------------------------------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+-----------------------------------+-------------------------------------------------+----------------------------------+------+
| 04d9f7d1-48bd-44e3-bec2-0213ab2971a5 | group-project-infra-demo-secgroup | group-project-infra demo default security group | 7587d86892f449c3b11fdedb05976007 | [] |
+--------------------------------------+-----------------------------------+-------------------------------------------------+----------------------------------+------+
servers:
+--------------------------------------+---------------------------------+--------+------------------------------------------------------------------+---------------------+-----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+---------------------------------+--------+------------------------------------------------------------------+---------------------+-----------+
| b494a8eb-2f3c-4536-b31f-43e56af8bee1 | group-project-infra-demo-server | ACTIVE | group-project-infra-demo-network=192.168.222.102, 195.113.243.74 | ubuntu-jammy-x86_64 | e1.medium |
+--------------------------------------+---------------------------------+--------+------------------------------------------------------------------+---------------------+-----------+
Teardown of the objects (delete_objects_group_project) (Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction) =
... (press Enter or wait 2m) [keyboard input timed out]
floating-ip server volume keypair disconnect-router-from-subnet router subnet network security-group
[freznicek@lenovo-t14 commandline 0]$
[freznicek@lenovo-t14 commandline 0]$ source ~/conf/g2-prod-ostrava-freznicek-all-roles.sh.inc
[freznicek@lenovo-t14 commandline 0]$ ./cmdline-demo.sh personal-project-infra
Using commandline tools: =========================================================================================================================================
openstack --version:
openstack 5.5.0
bash --version:
GNU bash, verze 5.2.15(1)-release (x86_64-redhat-linux-gnu)
awk -W version:
GNU Awk 5.1.1, API: 3.1 (GNU MPFR 4.1.0-p13, GNU MP 6.2.1)
ssh -V:
OpenSSH_8.8p1, OpenSSL 3.0.8 7 Feb 2023
which ssh-keygen:
/usr/bin/ssh-keygen
ncat --version:
Ncat: Version 7.93 ( https://nmap.org/ncat )
grep --version:
grep (GNU grep) 3.7
Using OpenStack cloud: ===========================================================================================================================================
"Ostrava","identity","3.14","CURRENT","https://identity.ostrava.openstack.cloud.e-infra.cz/v3/","",""
Using OpenStack personal project named: c2bf29961b887b399a456269bbcb7aedd3127a26@einfra.cesnet.cz
Delete previously created objects (delete_objects_personal_project) ==============================================================================================
server volume keypair security-group
List currently allocated objects =================================================================================================================================
networks:
+--------------------------------------+-------------------------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------------------------+--------------------------------------+
| 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | internal-ipv4-general-private | 3170bacf-72e9-418f-8b0c-72f2e67eefd1 |
+--------------------------------------+-------------------------------+--------------------------------------+
subnets:
+--------------------------------------+------------------------------------------+--------------------------------------+---------------+
| ID | Name | Network | Subnet |
+--------------------------------------+------------------------------------------+--------------------------------------+---------------+
| 3170bacf-72e9-418f-8b0c-72f2e67eefd1 | internal-ipv4-general-private-172-22-0-0 | 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | 172.22.0.0/16 |
+--------------------------------------+------------------------------------------+--------------------------------------+---------------+
Create (generate) locally SSH keypair, upload public SSH key to cloud =====================================================
... (press Enter or wait 2m) [keyboard input timed out]
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Generating public/private rsa key pair.
Your identification has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair
Your public key has been saved in /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair.pub
The key fingerprint is:
SHA256:er9CpFZqTqVue764L02is3v9c5GzdWAdvKbTfE4zDPQ freznicek@lenovo-t14
The key's randomart image is:
+---[RSA 4096]----+
| . |
| . o |
| . ..o|
| + .oE.|
| BS oB. |
| O.o +o.*+|
| B.*. =.++|
| o *o=.. o .|
| o*+B++++ |
+----[SHA256]-----+
+-------------+------------------------------------------------------------------+
| Field | Value |
+-------------+------------------------------------------------------------------+
| created_at | None |
| fingerprint | 7c:e9:d5:74:a4:48:c5:55:cb:a6:1c:26:03:e8:d6:0a |
| id | personal-project-infra-demo-keypair |
| is_deleted | None |
| name | personal-project-infra-demo-keypair |
| type | ssh |
| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
+-------------+------------------------------------------------------------------+
-rw-------. 1 freznicek freznicek 3389 30. čec 19.49 /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair
-rw-r--r--. 1 freznicek freznicek 746 30. čec 19.49 /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair.pub
Create cloud security groups (custom VM firewall) to allow outgoing traffic and incomming SSH traffic on port 22 ==========
... (press Enter or wait 2m) [keyboard input timed out]
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| created_at | 2023-07-30T17:49:36Z |
| description | personal-project-infra demo default security group |
| id | cb447523-4f3c-4561-8c3e-2977502e3d3d |
| name | personal-project-infra-demo-secgroup |
| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
| revision_number | 1 |
| rules | created_at='2023-07-30T17:49:36Z', direction='egress', ethertype='IPv4', id='2faa5355-4645-4300-9272-252121c49c3c', standard_attr_id='69059', updated_at='2023-07-30T17:49:36Z' |
| | created_at='2023-07-30T17:49:36Z', direction='egress', ethertype='IPv6', id='f2ea2665-077e-4191-84db-9b2994928015', standard_attr_id='69062', updated_at='2023-07-30T17:49:36Z' |
| stateful | True |
| tags | [] |
| updated_at | 2023-07-30T17:49:36Z |
+-----------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2023-07-30T17:49:38Z |
| description | |
| direction | ingress |
| ether_type | IPv4 |
| id | ede41c2d-53e5-4686-a125-03bb702a0a8b |
| name | None |
| port_range_max | 22 |
| port_range_min | 22 |
| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | cb447523-4f3c-4561-8c3e-2977502e3d3d |
| tags | [] |
| updated_at | 2023-07-30T17:49:38Z |
+-------------------------+--------------------------------------+
+-------------------------+--------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------+
| created_at | 2023-07-30T17:49:40Z |
| description | |
| direction | egress |
| ether_type | IPv4 |
| id | 02a516ba-ef9f-4750-bacf-3df7b2250017 |
| name | None |
| port_range_max | None |
| port_range_min | None |
| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
| protocol | tcp |
| remote_address_group_id | None |
| remote_group_id | None |
| remote_ip_prefix | 0.0.0.0/0 |
| revision_number | 0 |
| security_group_id | cb447523-4f3c-4561-8c3e-2977502e3d3d |
| tags | [] |
| updated_at | 2023-07-30T17:49:40Z |
+-------------------------+--------------------------------------+
Re-use existing network (internal-ipv4-general-private) and subnet (internal-ipv4-general-private-172-22-0-0) =============
... (press Enter or wait 2m) [keyboard input timed out]
Create cloud VM instance "personal-project-infra-demo-server" with following configuration:
flavor: e1.medium, image/os: ubuntu-jammy-x86_64, network: internal-ipv4-general-private
keypair: personal-project-infra-demo-keypair, sec-group/firewall: personal-project-infra-demo-secgroup) additional arguments: =
... (press Enter or wait 2m) [keyboard input timed out]
+-------------------------------------+------------------------------------------------------------------+
| Field | Value |
+-------------------------------------+------------------------------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | None |
| OS-EXT-SRV-ATTR:hypervisor_hostname | None |
| OS-EXT-SRV-ATTR:instance_name | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | Sxh4saKRLm87 |
| config_drive | |
| created | 2023-07-30T17:49:46Z |
| flavor | e1.medium (eaf0fbe1-c099-4cd6-b782-67e1ba9b1654) |
| hostId | |
| id | 576e7581-7852-40d7-953f-cd1b76fee7be |
| image | ubuntu-jammy-x86_64 (9a071dba-67d5-445f-9d32-0f56360fb10f) |
| key_name | personal-project-infra-demo-keypair |
| name | personal-project-infra-demo-server |
| progress | 0 |
| project_id | 1b20bb11afbe41c1bd681d2e319ab9a0 |
| properties | |
| security_groups | name='cb447523-4f3c-4561-8c3e-2977502e3d3d' |
| status | BUILD |
| updated | 2023-07-30T17:49:46Z |
| user_id | bc28a25a73e89b176d4b9bb181cd7842a9101472a3117c689560d4858be0c191 |
| volumes_attached | |
+-------------------------------------+------------------------------------------------------------------+
Wait for VM instance "personal-project-infra-demo-server" being ACTIVE ====================================================
BUILD ACTIVE
1] Reuse existing router internal-ipv4-general-private (may not be visible from personal projects)
2] Allocate single FIP (floating ip) from external provider network
... (press Enter or wait 2m) [keyboard input timed out]
Successfully obtained public ipv4 floating IP adress (FIP): 195.113.243.132
3] Associate selected FIP with created VM
VM server instance access tests ===========================================================================================
1] TCP access (ncat -z 195.113.243.132 22)
... (press Enter or wait 2m) [keyboard input timed out]
.VM is accessible at 195.113.243.132:22
2] SSH access (ssh -i /home/freznicek/.ssh/prod-ostrava/id_rsa.personal-project-infra-demo-keypair ubuntu@195.113.243.132)
... (press Enter or wait 2m) [keyboard input timed out]
Warning: Permanently added '195.113.243.132' (ED25519) to the list of known hosts.
Linux personal-project-infra-demo-server 5.15.0-73-generic #80-Ubuntu SMP Mon May 15 15:18:26 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
17:50:26 up 0 min, 0 users, load average: 0.93, 0.21, 0.07
VM access succeeded!
Object summary in profile personal-project-infra ==========================================================================
... (press Enter or wait 2m) [keyboard input timed out]
keypairs:
+-------------------------------------+-------------------------------------------------+------+
| Name | Fingerprint | Type |
+-------------------------------------+-------------------------------------------------+------+
| personal-project-infra-demo-keypair | 7c:e9:d5:74:a4:48:c5:55:cb:a6:1c:26:03:e8:d6:0a | ssh |
+-------------------------------------+-------------------------------------------------+------+
networks:
+--------------------------------------+-------------------------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+-------------------------------+--------------------------------------+
| 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | internal-ipv4-general-private | 3170bacf-72e9-418f-8b0c-72f2e67eefd1 |
+--------------------------------------+-------------------------------+--------------------------------------+
subnets:
+--------------------------------------+------------------------------------------+--------------------------------------+---------------+
| ID | Name | Network | Subnet |
+--------------------------------------+------------------------------------------+--------------------------------------+---------------+
| 3170bacf-72e9-418f-8b0c-72f2e67eefd1 | internal-ipv4-general-private-172-22-0-0 | 968fe5cf-e7b3-4d47-8239-d6f3ea2edd16 | 172.22.0.0/16 |
+--------------------------------------+------------------------------------------+--------------------------------------+---------------+
floating_ips:
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| ID | Floating IP Address | Fixed IP Address | Port | Floating Network | Project |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
| 3dc64a05-fac7-493f-8779-6e38d036675b | 195.113.243.132 | 172.22.1.73 | 3c53172e-9454-4c4d-ae0b-a494d5ff9c01 | 5a778b8d-4194-48fd-880d-181aaf7222c2 | 1b20bb11afbe41c1bd681d2e319ab9a0 |
+--------------------------------------+---------------------+------------------+--------------------------------------+--------------------------------------+----------------------------------+
security_groups:
+--------------------------------------+--------------------------------------+----------------------------------------------------+----------------------------------+------+
| ID | Name | Description | Project | Tags |
+--------------------------------------+--------------------------------------+----------------------------------------------------+----------------------------------+------+
| cb447523-4f3c-4561-8c3e-2977502e3d3d | personal-project-infra-demo-secgroup | personal-project-infra demo default security group | 1b20bb11afbe41c1bd681d2e319ab9a0 | [] |
+--------------------------------------+--------------------------------------+----------------------------------------------------+----------------------------------+------+
servers:
+--------------------------------------+------------------------------------+--------+------------------------------------------------------------+---------------------+-----------+
| ID | Name | Status | Networks | Image | Flavor |
+--------------------------------------+------------------------------------+--------+------------------------------------------------------------+---------------------+-----------+
| 576e7581-7852-40d7-953f-cd1b76fee7be | personal-project-infra-demo-server | ACTIVE | internal-ipv4-general-private=172.22.1.73, 195.113.243.132 | ubuntu-jammy-x86_64 | e1.medium |
+--------------------------------------+------------------------------------+--------+------------------------------------------------------------+---------------------+-----------+
Teardown of the objects (delete_objects_personal_project) (Interrupt with CTRL-C if you want to keep the created infrastructure and skip its destruction) =
... (press Enter or wait 2m) [keyboard input timed out]
floating-ip server volume keypair security-group
[freznicek@lenovo-t14 commandline 0]$
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment