Skip to content

Goodbye Openstack

This does not work. As far as I can tell you can only install devstack on raw hardware and let it install all of its ever moving dependencies. I was able to do this where pike was 6 months ago but not uninstall and reinstall is using the same version.

I don't believe it can trust anything this moving to be sane let alone secure.


Best attempt at lxc in a container

Now we want to see about the devstack container. It should have its own network interface (eno3) and disk /dev/sdf. * use lxd init to create zfs filesystem for devstack At some point we should figure out how to configure both zfs and the appropriate bridge configuration without these two steps.

root@bs2020:~# lxd init
root@bs2020:~# zfs list
NAME                          USED  AVAIL  REFER  MOUNTPOINT
lxd4devstack                  243M   132G    19K  none
lxd4infra                     200M   132G    19K  none
lxd4infra/naomi               200M   132G   200M  /var/lib/lxc/naomi/rootfs
  • setup br1 use dpkg-reconfigure to point the network at br1

    root@bs2020:~# nano /etc/network/interfaces ... add the following ... auto br1 iface br1 inet static address dns-nameservers bridge_ports eno3

    iface eno3 inet manual root@bs2020:~# ifdown br1 && ifup br1 root@bs2020:~# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1 ... 12: br1: mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether d4:be:d9:ec:ee:d2 brd ff:ff:ff:ff:ff:ff inet6 fe80::d6be:d9ff:feec:eed2/64 scope link valid_lft forever preferred_lft forever

  • set up lxc config file

    root@bs2020:~# nano /etc/lxc/devstack.conf


    Permit access to /dev/loop*

    lxc.cgroup.devices.allow = b 7:* rwm

    Setup access to /dev/net/tun and /dev/kvm

    lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file 0 0 lxc.mount.entry = /dev/kvm dev/kvm none bind,create=file 0 0

    Networking = veth = up = br1 = 00:16:3d:xx:xx:xx = = = 1 lxc.start.delay = 7 lxc.start.order = 150

  • create the image

    root@bs2020:~# lxc-create -n theswedishchef -t ubuntu -f /etc/lxc/devstack.conf -B zfs \
    --zfsroot=lxd4devstack \ -- --packages=bsdmainutils,git,nano,ebtables,openvswitch-common

  • add local admin users, setup network and lockdown ubuntu user.

    root@bs2020:~# passwd -l ubuntu -R /var/lib/lxc/theswedishchef/rootfs passwd: password expiry information changed. root@bs2020:~# cd /var/lib/lxc/theswedishchef/rootfs/ root@bs2020:~# cat ~feurig/passed.add>>etc/passwd root@bs2020:~# cat ~feurig/shadow.add>>etc/shadow root@bs2020:~# tar -xzvf ~feurig fnj.tgz drwxr-xr-x root/root 0 2017-09-27 17:58 home/ ... home directories for admins mostly for the following file ... -rw-rw-r-- joe/joe 402 2017-09-25 23:51 home/joe/.ssh/authorized_keys root@bs2020:~# cd root@bs2020:~# usermod -R /var/lib/lxc/theswedishchef/rootfs -G sudo,root joe root@bs2020:~# usermod -R /var/lib/lxc/theswedishchef/rootfs -G sudo,root feurig root@bs2020:~# groupadd -R /var/lib/lxc/theswedishchef/rootfs -g 1001 feurig root@bs2020:~# groupadd -R /var/lib/lxc/theswedishchef/rootfs -g 1002 feurig root@bs2020:~# groupadd -R /var/lib/lxc/theswedishchef/rootfs -g 1002 joe root@bs2020:~# cat <>/var/lib/lxc/theswedishchef/rootfs/etc/resolvconf/resolv.conf.d/base dns-nameserver nameserver eod root@bs2020:~# cat <>/var/lib/lxc/theswedishchef/rootfs/etc/network/interfaces iface eth0 inet static address gateway dns-nameservers dns-search eod2

  • check for ebtables module

    root@bs2020:~# lsmod |grep ebt ebtable_broute 16384 0 ebtable_nat 16384 0 ebtable_filter 16384 0 ebtables 36864 3 ebtable_broute,ebtable_nat,ebtable_filter x_tables 36864 9 xt_CHECKSUM,ip_tables,xt_tcpudp,ipt_MASQUERADE,xt_conntrack,iptable_filter,ebtables,ipt_REJECT,iptable_mangle bridge 126976 1 ebtable_broute

  • run up instance and install devstack

    root@bs2020:~# lxc-start -n theswedishchef root@bs2020:~# lxc-attach -n theswedishchef root@theswedishchef:~# apt-get install --reinstall ca-certificates root@theswedishchef:/# useradd -s /bin/bash -d /opt/stack -m stack root@theswedishchef:/# echo "stack ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/stack stack ALL=(ALL) NOPASSWD: ALL root@theswedishchef:/# su - stack stack@theswedishchef:~$ git clone Cloning into 'devstack'... ... done. stack@theswedishchef:~$ cd devstack/ stack@theswedishchef:~/devstack$ nano local.conf [[local|localrc]] ADMIN_PASSWORD=B0rkB0rkB0rk DATABASE_PASSWORD=$ADMIN_PASSWORD RABBIT_PASSWORD=$ADMIN_PASSWORD SERVICE_PASSWORD=$ADMIN_PASSWORD PUBLIC_INTERFACE=eth0 HOST_IP= FLOATING_RANGE= PUBLIC_NETWORK_GATEWAY= Q_FLOATING_ALLOCATION_POOL=start=,end=


    stack@theswedishchef:~/devstack$ ./ ... don't even look at it just walk away ....

Approaches Attempted

  • (lxd fights with yet another fucking automated deployment system (snapd) this is lxd not lxc.... Bottom line snapd and therefore juju wont run in a container on LTS until at least 18.04
  • All three "stable" releases. Most of them had issues with different kernel dependencies.

wasted time

  • dbclinton (dbclin) wrote on 2017-07-26: #36 Just to update my previous comment: poking around St├ęphane Graber's blog a bit suggests to me that I really shouldn't expect success with this using less than 16.10.