Guides on Documentation

Affinity Policy

Mon, 01 Jan 0001 00:00:00 +0000

Overview

Here is how to avoid that groups of instances run on the same compute node. This can be relevant when configuring resilience.

Create an anti affinity group.
Take note of the group UUID that is displayed when created. It is needed when deploying the instance.
openstack server group create --policy anti-affinity testgroup

https://docs.openstack.org/python-openstackclient/yoga/cli/command-objects/server-group.html
(Optional) Read out the affinity policies.
openstack server group list | grep -Ei "Policies|affinity"
Add the instance to the group when deploying.
openstack server create --image ubuntu-20.04-server-latest --flavor v1-small-1 --hint group=<server_group_uuid> test-instance

API access

Mon, 01 Jan 0001 00:00:00 +0000

Introduction

OpenStack provides REST APIs for programmatic interaction with the various services (compute, object storage, etc.). These APIs are used by automation tools such as HashiCorp Terraform and the OpenStack CLI utility.

For advanced programmatic usage, there exist freely available SDKs and software libraries for several languages which are maintained by the OpenStack project or community members.

This guides describes the initial steps required for manual usage of the OpenStack REST APIs.

Authentication

Usage of an application credential for API authentication is recommend due to their security and operational benefits.

Barbican

Mon, 01 Jan 0001 00:00:00 +0000

Overview

OpenStack Barbican is a key management service for storing highly sensitive data like private keys for certificates and passwords which needs to be available for applications during runtime.

ELASTX Barbican service is backed by physical HSM appliances to ensure that all data is securely stored.

REST API reference can be found here
OpenStack Barbican client can be found here

Secrets in Barbican have a special design with regards to ID, they are always referenced by a “secret href” instead of a UUID! (This will change in a later release!)

Billing

Mon, 01 Jan 0001 00:00:00 +0000

Overview

We use OpenStack CloudKitty for billing purposes and with it’s open API it is possible to get detailed information about the cost of resources.

NOTE: The billing data engine is ALWAYS 4 hours behind so it is only possible to retrieve rating data up until 4 hours ago! This is to ensure that all billing data is in place before calculating costs.

Prerequisites

To fetch data from cloudkitty using the OpenStack CLI it is neccessary to install the openstack python client and the openstack cloudkitty python client.

Detach & Attach interface on a Ubuntu instance

Mon, 01 Jan 0001 00:00:00 +0000

Overview

If you need to change interface on a Ubuntu instance, then this is the procedure to use.

Run the following command in the instance.
```
 sudo cloud-init clean
```
Shut down the instance
Detach / Attach the network interface
Start the instance
Reassociate Floating IP with the instance

EC2 Credentials

Mon, 01 Jan 0001 00:00:00 +0000

Overview

For using the OpenStack S3 API:s you need to generate an additional set of credentials. These can then be used to store data in the Swift Object store for applications that don’t have native Swift support but do support the S3 interfaces.

NOTE: If the application does support Swift natively, using Swift will provide superior performance and generally a better experience.

Create and fetch credentials using openstack cli

Make sure you have installed the openstack python client.

Octavia

Mon, 01 Jan 0001 00:00:00 +0000

This is an example of a minimal setup that includes a basic HTTP loadbalancer. Here is a short explanation of a minimal (configuration) setup from GUI (Horizon).

Network -> Loadbalancer -> Create loadbalancer
Load Balancer Details: Subnet: Where your webservers live
Listener Details: Select HTTP, port 80.
Pool Details: This is your “pool of webservers”. Select Algoritm of preference.
Pool members: Select your webservers.
Finally, proceed to “Create Loadbalancer”.

Note, the loadbalancer will not show up in the Network Topology graph. This is expected.

Terraform Backend

Mon, 01 Jan 0001 00:00:00 +0000

Overview

Swift is accessable with the s3 backend. To get the access and secret key follow this guide. EC2 credentials

Example configuration

This is what you need to get the s3 backend to work with swift.

backend "s3" {
  bucket = "<The bucket you want to use>"
  key    = "<Path and name to tf state file>"
  endpoint   = "https://swift.elastx.cloud"
  sts_endpoint = "https://swift.elastx.cloud"
  access_key = "<Puth your access key here>"
  secret_key = "<Put your secret key here>"
  region = "us-east-1"
  force_path_style = "true"
  skip_credentials_validation = "true"
}

key variable example: “path/to/tf-state-file”.

User Management

Mon, 01 Jan 0001 00:00:00 +0000

Overview

User management is no longer available in Horizon, OpenStacks UI. To add or manage users in your project, you can now use the Elastx cloud console instead. See here for more information on how to get started.

User management

There are a couple of roles that can be assigned to users inside of a project:

Role	Description
load-balancer_member	Allow access to manage load balancers (Octavia).
swiftoperator	Allow access to manage objects in object store (Swift).
heat_stack_owner	Allow access to manage orchestration templates (Heat).
_member_	Allow access to core services such as compute (Nova), network (Neutron) and volume (Cinder).
creator	Allow access to manage objects inside of secret store (Barbican).