Creating and Deleting OpenStack Pacemaker IP Addresses

bild_go-clusters-34-nichtinsocialmediaverwenden

You can use the steps below if you need to change managed IP resources, for example, if you need to re-IP your RHEL OSP Overcloud endpoints.

In this example, we are changing a managed VIP from one IP to another.

First, we get a good look at the resource that we want to delete. Here we are going to delete the resource ip-99.239.203.25. This resource starts the VIP, 99.239.203.25.

# pcs resource show ip-99.239.203.25
Resource: ip-99.239.203.25 (class=ocf provider=heartbeat type=IPaddr2)
Attributes: ip=99.239.203.25 cidr_netmask=32
Operations: start interval=0s timeout=20s (ip-99.239.203.25-start-interval-0s)
stop interval=0s timeout=20s (ip-99.239.203.25-stop-interval-0s)
monitor interval=10s timeout=20s (ip-99.239.203.25-monitor-interval-10s)

Now let’s actually delete it.

# pcs resource delete ip-99.239.203.25
Attempting to stop: ip-99.239.203.25…Stopped

Now lets create the replacement VIP

# pcs resource create ip-99.239.203.10 ocf:heartbeat:IPaddr2 ip=99.239.203.10 cidr_netmask=32 op monitor interval=10s

Now, let’s take a good look at it.

# pcs resource show ip-99.239.203.10
Resource: ip-99.239.203.10 (class=ocf provider=heartbeat type=IPaddr2)
Attributes: ip=99.239.203.10 cidr_netmask=32
Operations: start interval=0s timeout=20s (ip-99.239.203.10-start-interval-0s)
stop interval=0s timeout=20s (ip-99.239.203.10-stop-interval-0s)
monitor interval=10s (ip-99.239.203.10-monitor-interval-10s)

Now we need to check to make sure that the VIP started on one of our OpenStack controllers.

# pcs status | grep 99.239.203.10
ip-99.239.203.10 (ocf::heartbeat:IPaddr2): Started ctrl01

For good measure, let’s make sure we can ping it.

# ping 99.239.203.10
PING 99.239.203.10 (99.239.203.10) 56(84) bytes of data.
64 bytes from 99.239.203.10: icmp_seq=1 ttl=64 time=0.781 ms
64 bytes from 99.239.203.10: icmp_seq=2 ttl=64 time=1.21 ms

 

 

Configuring ControlPlaneSubnetCidr in RHEL OSP 7.2

how-apple-cider-vinegar-is-helpful-for-weight-loss-21822999

Background

In previous versions of RHEL OSP 7 the Control Plane/Provisioning network interface was assigned via DHCP and not managed via Heat. Starting in 7.2, this interface is now managed via Heat.

Sample Heat Template

Below is an example from /home/stack/templates/nic-configs/compute.yaml or /home/stack/templates/nic-configs/controller.yaml. In this example we are hard coding the interface name, however this is not required (although I recommend it).

resources:
  OsNetConfigImpl:
    type: OS::Heat::StructuredConfig
    properties:
      group: os-apply-config
      config:
        os_net_config:
          network_config:
            -
              type: interface
              name: em3
              use_dhcp: false
              addresses:
                -
                  ip_netmask:
                    list_join:
                      - '/'
                      - - {get_param: ControlPlaneIp}
                        - {get_param: ControlPlaneSubnetCidr}
              routes:
                -
                  ip_netmask: 169.254.169.254/32
                  next_hop: {get_param: EC2MetadataIp}

Note that this new configuration requires an additional parameter to be added to your top-level template, usually named network-environment.yaml.

ControlPlaneSubnetCidr: "23"

Stick this next to the “ControlPlaneIP” under “parameter_defaults”

  ControlPlaneSubnetCidr: "23"
  ControlPlaneDefaultRoute: 172.99.99.1

Note that if you forget to add this param, the network CIDR for this network will default to “24” which may or may not be correct for your environment. So watch out.

RHEL 7 Two-Factor SSH Via Google Authenticator

650x300xgoogle-authenticator-header.png.pagespeed.gp+jp+jw+pj+js+rj+rp+rw+ri+cp+md.ic.194erIegOZ.jpg

In this post,  I am going to walk you through the process of installing and configuring two- factor SSH authentication via Google Authenticator. My base system is running a fresh install of RHEL 7.2

Installation Steps

The first step on my system was to install autoreconf, automake, and libtool. These packages are required by the bootstrap.sh script that we will need to in a couple more steps.

# yum -y install autoconf automake libtool

Now, we are going to install Git.

#yum -y install git

One more dependency to knock out. Install pam-devel as shown below.

# yum -y install pam-devel

Next, we clone the google-authenticator Git repo. In this example, I am cloning to /root

# git clone https://github.com/google/google-authenticator.git
Cloning into ‘google-authenticator’…
remote: Counting objects: 1435, done.
remote: Total 1435 (delta 0), reused 0 (delta 0), pack-reused 1435
Receiving objects: 100% (1435/1435), 2.32 MiB | 0 bytes/s, done.
Resolving deltas: 100% (758/758), done.

Now change directory as shown below and run bootstrap.sh.

# cd /root/google-authenticator/libpam

# ./bootstrap.sh

Now run the following commands to finalize the module installs.

# ./configure

#make

#make install

Assuming that you do not run into any errors, the following modules will be installed.

  • /usr/local/lib/security/pam_google_authenticator.so
  • /usr/local/lib/security/pam_google_authenticator.la

Continue reading

NUMA Node to PCI Slot Mapping in Red Hat Enterpise Linux

 

understanding-dpdk-31-638

Sandybridge I/O Controller to PCI-E Mapping 

 

Using a few simple commands you can easily map a PCI slot back to its directly connected NUMA node. This information comes in very handy when implementing NFV leveraged technologies such as CPU Pinning and SRIOV.

 

First, you will need to install hwloc and hwloc-gui, if it is not already installed on your system. hwloc-gui provides the lstopo command, so you will need to install the gui package even if you are going to run the command on a headless system.

# yum -y install hwloc.x86_64 hwloc-gui.x86_64

Now you can run lstopo. Below is the output from one of my dual socket, quad core Xeon systems.

# lstopo
Machine (40GB)
NUMANode L#0 (P#0 16GB) + Socket L#0 + L3 L#0 (8192KB)
L2 L#0 (256KB) + L1d L#0 (32KB) + L1i L#0 (32KB) + Core L#0
PU L#0 (P#0)
PU L#1 (P#8)
L2 L#1 (256KB) + L1d L#1 (32KB) + L1i L#1 (32KB) + Core L#1
PU L#2 (P#1)
PU L#3 (P#9)
L2 L#2 (256KB) + L1d L#2 (32KB) + L1i L#2 (32KB) + Core L#2
PU L#4 (P#2)
PU L#5 (P#10)
L2 L#3 (256KB) + L1d L#3 (32KB) + L1i L#3 (32KB) + Core L#3
PU L#6 (P#3)
PU L#7 (P#11)
NUMANode L#1 (P#1 24GB) + Socket L#1 + L3 L#1 (8192KB)
L2 L#4 (256KB) + L1d L#4 (32KB) + L1i L#4 (32KB) + Core L#4
PU L#8 (P#4)
PU L#9 (P#12)
L2 L#5 (256KB) + L1d L#5 (32KB) + L1i L#5 (32KB) + Core L#5
PU L#10 (P#5)
PU L#11 (P#13)
L2 L#6 (256KB) + L1d L#6 (32KB) + L1i L#6 (32KB) + Core L#6
PU L#12 (P#6)
PU L#13 (P#14)
L2 L#7 (256KB) + L1d L#7 (32KB) + L1i L#7 (32KB) + Core L#7
PU L#14 (P#7)
PU L#15 (P#15)
HostBridge L#0
PCIBridge
PCI 8086:10c9
Net L#0 “enp8s0f0”
PCI 8086:10c9
Net L#1 “enp8s0f1”
PCIBridge
PCIBridge
PCIBridge
PCI 8086:10e8
Net L#2 “enp5s0f0”
PCI 8086:10e8
Net L#3 “enp5s0f1”
PCIBridge
PCI 8086:10e8
Net L#4 “enp4s0f0”
PCI 8086:10e8
Net L#5 “enp4s0f1”
PCIBridge
PCI 102b:0532
GPU L#6 “card0”
GPU L#7 “controlD64”
PCI 8086:3a22
Block L#8 “sr0”
Block L#9 “sda”
Block L#10 “sdb”
Block L#11 “sdc”

The first 27 lines of output tell you which cores are in each socket.

Lines starting with “HostBridge L#0” list the PCI devices attached to socket 0. On more modern dual socket systems (think Sandybridge) you would have a “HostBridge L#8” section as well.

 

“The PCI host bridge provides an interconnect between the processor and peripheral components. Through the PCI host bridge, the processor can directly access main memory independent of other PCI bus masters. For example, while the CPU is fetching data from the cache controller in the host bridge, other PCI devices can also access the system memory through the host bridge. The advantage of this architecture lies in its separation of the I/O bus from the processor’s host bus.”

 

Unfortunately, my lab systems are Nehalem based machines which implement what is called QPI to share a host bridge between CPU sockets.  See image below.

 

019_QPI_1IOH

Nehalem QPI Architecture

 

Nonetheless, we are able to determine which CPU socket is associated with a specific PCI device. For this example, we will focus on the devices below since they are both directly attached to the PCI Host Bridge and not the PCI Bus.

 

HostBridge L#0
PCIBridge
PCI 8086:10c9
Net L#0 “enp8s0f0”
PCI 8086:10c9
Net L#1 “enp8s0f1”

Now using the lspci command I can find the exact devices per NUMA node.

lspci -nn | grep 8086:10c9
08:00.0 Ethernet controller [0200]: Intel Corporation 82576 Gigabit Network Connection [8086:10c9] (rev 01)
08:00.1 Ethernet controller [0200]: Intel Corporation 82576 Gigabit Network Connection [8086:10c9] (rev 01)

 

 

 

 

Red Hat OpenStack Technical Preview Features

redhat-logo

 

According to this page,  a Technology Preview is a feature that is  currently unsupported, may not have complete functionality, and are not suitable for deployment in production. However, Red Hat provides these features and makes them availbile to the customer as a courtesy with the primary goal of exposing the feature to a wider audience.

I am quite often asked by my clients, which features are in tech preview for each release.  Instead of spending time looking these things up each time I figured I would document them here.

 

Getting Started with Red Hat OpenStack director

OpenStack-logo

Previously,  I wrote a short blog post on OpenStack director, the new Red Hat installer for Openstack 7 (kilo). That post can be found here, and includes a short video introduction and demo of the new installer – RHEL OSP director.

OpenStack director introduces the concepts of an undercloud and an overcloud. These concepts derived from TripleO, AKA, OpenStack on OpenStack. It’s a bit tricky at first viewing, but once you have worked through an install or two, it makes much more sense.

That being said… In this post, I am going to provide a few helpful links that can be used to help you get started with installing OpenStack director and your OpenStack overcloud.

First, below is the link to the official installation documentation. I have been following along with this guide, in addition to my internal notes, and have found the official documentation to be very useful.

Red Hat OpenStack Director Installation Guide

In addition to the link above, I am including the link below which directs you to the download page of the images used to build your overcloud. You are going to need these to get started, as the above guide will tell you. I figured I would provide that link as well to help move the process along. Download all three tar files.

 

Overcloud Image Download

Enjoy !!

PS. Note that there are some users experiencing issues with the 7.2 images. See link below. 

https://bugzilla.redhat.com/show_bug.cgi?id=1296330

As of today 7.3 (2/18/2016) 7.3 images are available via the link download link above.

 

RHEL7 – How to Set Your Hostname in Redhat Enterprise Linux 7

name-badge

Setting a server’s hostname used to be as simple as running the ‘hostname’ command and adding a “HOSTNAME” entry in /etc/sysconfig/network. However things have changed quite a bit in RHEL7. Apparently, systemd now controls setting a server’s hostname. The ‘hostname‘ command no longer works to set your hostname, however the command is still available just to confuse you.

Now in RHEL 7 you use the command ‘hostnamectl‘. Below is an example of how it works.

Here I have logged into my a RHEL 7.1 VM. You can see that the system appears to have the hostname of node1.

[root@node1 ~]# hostname
node1

However upon further inspection, I find that this is not the case. Rather, the server has a static hostname of localhost.localdomain.

[root@node1 ~]# hostnamectl
Static hostname: localhost.localdomain
Transient hostname: node1
Icon name: computer-vm
Chassis: vm
Machine ID: 4c26a2a3101947bfa2ec7d9c16824ca4
Boot ID: f58707942bd1458da48680025b6f1a53
Virtualization: vmware
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.1:GA:server
Kernel: Linux 3.10.0-229.el7.x86_64
Architecture: x86_64

So lets set the hostname permanently using ‘hostnamectl’.

[root@node1 ~]# hostnamectl set-hostname node1.packy.lab.localdomain

As you can see the hostname shows correct in the output of the ‘hostname’ command

[root@node1 ~]# hostname
node1.packy.lab.localdomain

… and in the output from ‘hostnamectl’

[root@node1 ~]# hostnamectl
Static hostname: node1.packy.lab.localdomain
Icon name: computer-vm
Chassis: vm
Machine ID: 4c26a2a3101947bfa2ec7d9c16824ca4
Boot ID: f58707942bd1458da48680025b6f1a53
Virtualization: vmware
Operating System: Employee SKU
CPE OS Name: cpe:/o:redhat:enterprise_linux:7.1:GA:server
Kernel: Linux 3.10.0-229.el7.x86_64
Architecture: x86_64