I’ve never been really good with the openssl tool, but in the case your seeing an oddity with the SSL cert, you’ll probably want to try and make a HTTPS exchange with some debug using the openssl tool. Here’s how to do it, very simple.
openssl s_client -connect www.mywebsite.com:443
So you are looking to use github / gitlab to manage your infrastructure and development. To do this effectively you will need to prepare your environment. Here is an example.
This is for our ansible playbook.
yum update -y yum install -y vim git ansible tree fail2ban
useradd -m -G wheel osan passwd osan
sed 's/#PermitRootLogin yes/PermitRootLogin no/g;s/#Port 22/Port 222/g' -i /etc/ssh/sshd_config firewall-cmd --add-port=666/tcp --permanent firewall-cmd --reload systemctl restart sshd.service
su - osan ssh-keygen -f ~/.ssh/id_rsa -t rsa -N ''
cat ~/.ssh/id_rsa.pub
The next step is adding your SSH key above to the ‘profiles’ section of your gitlab/github user. Find this in my profile, under ‘SSH KEYS’.
USERNAME=yourgitlabusername git config --global user.name $USERNAME git config --global user.email "[email protected]"
git clone [email protected]:$USERNAME/projectname.git
I am working on a project at work to deploy Keystone and Glance. I’ve currently been tasked with finishing off the glance role part of the playbook with the basic setup tasks and retrieving the basic qcow2 images for the various distributions and automatically retrieving and populating the glance API image-list. Here is how I did it;
This is using an encrypted group_vars all vars.yml which contains sensitive password variables like GLANCE_DBPASS
This file shows how Glance SQL database, permissions, population and images are uploaded to glance for use by openstack compute.
File: osan/roles/glance/tasks/main.yml
---
- name: Create keystone database
mysql_db:
name: glance
- name: Configure database user privileges
mysql_user:
name: glance
host: "{{ item }}"
password: "{{ GLANCE_DBPASS }}"
priv: glance.*:ALL
with_items:
- "%"
- localhost
# - name: Set credentials to admin
# command: source admin-openrc.sh
- name: Create the Glance user service credentials
command: openstack user create --domain default --password {{ GLANCE_PASS }} glance
environment: admin_env
ignore_errors: yes
- name: Add the admin role to the glance user and service project
command: openstack role add --project service --user glance admin
environment: admin_env
ignore_errors: yes
- name: Create the glance service entity
command: openstack service create --name glance --description "OpenStack Image service" image
environment: admin_env
ignore_errors: yes
- name: Create the Image service API endpoints for glance
command: openstack endpoint create --region RegionOne image public http://controller:9292
environment: admin_env
ignore_errors: yes
- name: Create the Image service API endpoints for glance
command: openstack endpoint create --region RegionOne image internal http://controller:9292
environment: admin_env
ignore_errors: yes
- name: Create the Image service API endpoints for glance
command: openstack endpoint create --region RegionOne image admin 'http://controller:9292'
environment: admin_env
ignore_errors: yes
- name: Install Glance and Dependencies
yum: pkg={{item}} state=installed
with_items:
- openstack-glance
- python-glance
- python-glanceclient
- name: replace glance-api.conf file
template: src=glance-api.conf.ansible dest=/etc/glance/glance-api.conf owner=root
- name: replace glance-registory.conf file
template: src=glance-registry.conf.ansible dest=/etc/glance/glance-registory.conf owner=root
- name: Populate the Image service database
command: su -s /bin/sh -c "glance-manage db_sync" glance
- name: Start & Enable openstack-glance-registry.service
service: name=openstack-glance-registry.service enabled=yes state=started
- name: Start & Enable openstack-glance-api.service
service: name=openstack-glance-api.service enabled=yes state=started
- name: Retrieve CentOS 7 x86_64.qcow2
get_url: url=http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud-1503.qcow2 dest=/root/CentOS-7-x86_64-GenericCloud-1503.qcow2 mode=0600
- name: Populate Glance DB with CentOS 7 qcow2 Image
command: glance image-create --name "centos7-x86_x64" --file /root/CentOS-7-x86_64-GenericCloud-1503.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress
- name: Retrieve Cirros qcow2 Image
get_url: url=http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img dest=/root/cirros-0.3.4-x86_64-disk.img mode=0600
- name: Import Cirros qcow Image to Glance
command: glance image-create --name "cirros-0.3.4_x86_64" --file /root/cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
- name: Retrieve Ubuntu 14.04 Trusty Tahr qcow2 Image
get_url: url=http://cloud-images.ubuntu.com/releases/14.04/release-20140416.1/ubuntu-14.04-server-cloudimg-amd64-disk1.img dest=/root/ubuntu-14.04-server-cloudimg-amd64-disk1.img mode=0600
- name: Import Ubuntu 14.04 Trusty Tahr to Glance
command: glance image-create --name "ubuntu-14.04-lts-trusty-tahr-amd64" --file /root/ubuntu-14.04-server-cloudimg-amd64-disk1.img --disk-format qcow2 --container-format bare --visibility public --progress
- name: Retrieve Fedora 23 qcow2 Image
get_url: url=https://download.fedoraproject.org/pub/fedora/linux/releases/23/Cloud/x86_64/Images/Fedora-Cloud-Base-23-20151030.x86_64.qcow2 dest=/root/Fedora-Cloud-Base-23-20151030.x86_64.qcow2 mode=0600
- name: Import Fedora 23 qcow2 Image to Glance
command: glance image-create --name "fedora-23-amd64" --file /root/Fedora-Cloud-Base-23-20151030.x86_64.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress
- name: Retrieve Debian 8 amd64 qcow2 Image
get_url: url=http://cdimage.debian.org/cdimage/openstack/current/debian-8.2.0-openstack-amd64.qcow2 dest=/root/debian-8.2.0-openstack-amd64.qcow2 mode=0600
- name: Import Debian 8 to Glance
command: glance image-create --name "debian8-2-0-amd64" --file /root/debian-8.2.0-openstack-amd64.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress
- name: Retrieve OpenSuSE 13.2 Guest Qcow2 Image
get_url: url=http://download.opensuse.org/repositories/Cloud:/Images:/openSUSE_13.2/images/openSUSE-13.2-OpenStack-Guest.x86_64.qcow2 dest=/root/openSUSE-13.2-OpenStack-Guest.x86_64.qcow2 mode=0600
- name: Import OpenSuSE 13.2 to Glance
command: glance image-create --name "opensuse-13-2-amd64" --file /root/openSUSE-13.2-OpenStack-Guest.x86_64.qcow2 --disk-format qcow2 --container-format bare --visibility public --progress
The above is in yaml format which is really tricky so what your syntax when using it. It is VERY sensitive.
After this runs we are left with a nice glance image-list output. Glance is ready for compute to use the qcow2 images we associated using the openstack Glance API.
+--------------------------------------+------------------------------------+ | ID | Name | +--------------------------------------+------------------------------------+ | f58aaed4-fda7-41b3-a0c9-e99d6c956afd | centos7-x86_x64 | | b4c7224b-0e0d-475c-880c-f48e1c0608b2 | cirros-0.3.4_x86_64 | | 975accd5-d9bc-4485-86df-88e97e7f3237 | debian8-2-0-amd64 | | 41e7949c-3e17-434f-8008-4551673da496 | fedora-23-amd64 | | 092338df-6e8e-471b-93ff-07b339510636 | opensuse-13-2-amd64 | | ae707804-3dd5-474f-ab8d-3d6e855e420d | ubuntu-14.04-lts-trusty-tahr-amd64 | +--------------------------------------+------------------------------------+
I’ve been working on some glance automation and I wanted to quickly delete all the glance images so I can test if my ansible playbook is downloading all the reference cloud qcow2 images and populating glance with them correctly.
bash-4.2# glance image-list | awk '{print $2}' | grep -v ID | xargs -i echo glance image-delete {}
glance image-delete 8d73249e-c616-4481-8256-f634877eb5a2
glance image-delete 2ea3faef-530c-4679-9faf-b11c7e7889eb
glance image-delete 697efb18-72fe-4305-8e1d-18e0f1481bd6
glance image-delete 555811e2-f941-4cb5-bba2-6ed8751bf188
glance image-delete 7182dca4-f0f4-4176-a706-d8ca0598ef9f
glance image-delete 0f5f2bc5-94a4-4361-a17e-3fed96f07c4e
glance image-delete a01580c2-f264-4058-a366-30d726c2c496
glance image-delete 92a39f49-b6e5-4d32-9856-37bbdac6c285
glance image-delete c01a6464-8e2c-4edb-829e-6d123bc3c8f4
-bash-4.2# glance image-delete 8d73249e-c616-4481-8256-f634877eb5a2
-bash-4.2# glance image-delete 2ea3faef-530c-4679-9faf-b11c7e7889eb
-bash-4.2# glance image-delete 697efb18-72fe-4305-8e1d-18e0f1481bd6
-bash-4.2# glance image-delete 555811e2-f941-4cb5-bba2-6ed8751bf188
-bash-4.2# glance image-delete 7182dca4-f0f4-4176-a706-d8ca0598ef9f
-bash-4.2# glance image-delete 0f5f2bc5-94a4-4361-a17e-3fed96f07c4e
-bash-4.2# glance image-delete a01580c2-f264-4058-a366-30d726c2c496
-bash-4.2# glance image-delete 92a39f49-b6e5-4d32-9856-37bbdac6c285
-bash-4.2# glance image-delete c01a6464-8e2c-4edb-829e-6d123bc3c8f4
6 sudo rpm -iUvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm 7 sudo yum -y update 8 yum -y install ansible
Doesn’t get much easier than this D:
What it says on the tin!
ssh-keygen -t dsa
ssh-copy-id root@iporhostnamehere /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
So simple. Thanks to my colleague Jan for this.