blog [AdminSysGNULinux]

blog

Table des matières

3 billet(s) pour janvier 2026

2026:
- janvier

2025:
- mars
- avril
- mai
- juin
- juillet
- août
- septembre
- octobre
- novembre
- décembre

3 billet(s) pour janvier 2026

Notes rsh rcp	2026/01/21 18:08	Jean-Baptiste
Git - Duplication d'un dépôt	2026/01/19 10:22	Jean-Baptiste
Exemple simple de conf Nagios	2026/01/14 10:07	Jean-Baptiste

Pb openstack cli timeout glance

Erreur

Error finding address for https://192.168.21.53:9292/v2/images/52fc9459-7dcb-48f9-a8e3-b5c8d0d76359/file: The read operation timed out
CommunicationError: Error finding address for https://192.168.21.53:9292/v2/images/caf82982-01d8-47d2-b360-e34ea76e152e/file: The read operation timed out

OK

wget http://download.cirros-cloud.net/0.5.0/cirros-0.5.0-x86_64-disk.img
openstack image create cirros --file cirros-0.5.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public

NOK après 18 minutes

time openstack image create test --file big-image.vmdk --disk-format vmdk --container-format bare --debug

{"container_format": "bare", "min_ram": 0, "updated_at": "2020-03-06T16:00:43Z", "file": "/v2/images/caf82982-01d8-47d2-b360-e34ea76e152e/file", "owner": "48ab5c57c7a246c58dc7ef86c7b36309", 
"id": "caf82982-01d8-47d2-b360-e34ea76e152e", "size": null, "self": "/v2/images/caf82982-01d8-47d2-b360-e34ea76e152e", "disk_format": "vmdk", "os_hash_algo": null, "schema": "/v2/schemas/im$
ge", "status": "queued", "tags": [], "visibility": "shared", "locations": [], "min_disk": 0, "virtual_size": null, "name": "test_jb", "checksum": null, "created_at": "2020-03-06T16:00:43Z", 
"os_hidden": false, "protected": false, "os_hash_value": null}                                                                                                                                
 
curl -g -i -X PUT -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: {SHA1}82af774b6a8ce8bdd6fd268a645b7a
b978fa588b' -H 'Content-Type: application/octet-stream'  --cacert /etc/ssl/certs  --cert None --key None https://192.168.21.53:9292/v2/images/caf82982-01d8-47d2-b360-e34ea76e152e/file
 
curl -g -i -X DELETE -H 'Accept-Encoding: gzip, deflate' -H 'Accept: */*' -H 'User-Agent: python-glanceclient' -H 'Connection: keep-alive' -H 'X-Auth-Token: {SHA1}82af774b6a8ce8bdd6fd268a645
b7ab978fa588b' -H 'Content-Type: application/octet-stream'  --cacert /etc/ssl/certs  --cert None --key None https://192.168.21.53:9292/v2/images/caf82982-01d8-47d2-b360-e34ea76e152e
Starting new HTTPS connection (2): 192.168.21.53:9292
https://192.168.21.53:9292 "DELETE /v2/images/caf82982-01d8-47d2-b360-e34ea76e152e HTTP/1.1" 204 0
DELETE call to image for https://192.168.21.53:9292/v2/images/caf82982-01d8-47d2-b360-e34ea76e152e used request id req-3dc34178-3eb1-4cff-aef2-b09f1e6ffedf

Solution

~/.curlrc

max-time = 0

Ou encore

sudo apt-get install python-glanceclient
#sudo apt-get install python3-glanceclient

openstack.rc

unset $(set |grep _ENDPOINT_ |cut -d= -f1)
unset $(set |grep ^OS_ |cut -d= -f1)
 
export LC_ALL=C
# LC_ALL=C.UTF-8
export OS_NO_CACHE='true'
export OS_CACERT=/etc/ssl/certs/
 
export OS_IDENTITY_API_VERSION='3'
export OS_AUTH_URL="https://192.168.21.53:5000/v3"
export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
 
export OS_PASSWORD="P@ssw0rd"

source clouds.rc
glance image-create --name image-name --file big-image.vmdk --disk-format vmdk --container-format bare --visibility private

Ou

Faire tourner un serveur web pour partager le fichier image (qcow2, VMDK, raw…)

python3 -m http.server 8081

Puis

glance task-create --type import --input '{"import_from_format": "vmdk", "import_from": "http://192.168.21.33:8081/plop.vmdk", "image_properties": {"name": "plop-imported", "disk_format": "vmdk", "container_format": "bare", "vmware_adaptertype": "ide", "vmware_disktype": "streamOptimized", "vmware_ostype": "otherGuest"}}'

2025/03/24 15:06

brouillon, openstack, cloud

Commande aws

Voir :

aws-shell
cloud-utils

Voir :

http://docs.aws.amazon.com/cli/latest/reference/ec2

Le système doit être à l'heure. Idéalement NTP doit être configuré.

Installation

pip install --user awscli

Générer ~/.aws/config et ~/.aws/credentials

aws configure --profile os1

~/.aws/config

[profile os1]
region = eu-west-2
output = text

~/.bash_aliases

alias aws='aws --endpoint-url https://fcu.eu-west-2.outscale.com --profile os1'

Test

aws s3 ls
aws ec2 describe-instances --output table

Auto completion

https://docs.aws.amazon.com/fr_fr/cli/latest/userguide/cli-command-completion.html

complete -C "$VIRTUAL_ENV/bin/aws_completer" aws

Exemple

Forcer l'arrêt

aws ec2 stop-instances --instance-ids i-39992709 --force

“Terminate” c'est-à-dire effacer la VM (Destruction de la machine !!!)

aws ec2 terminate-instances --instance-ids i-39992709

Rechercher par “tag”

aws ec2 describe-instances --filter Name=tag:Name,Values=plop

Plusieurs “Security Group” pour une seul VM

aws ec2 modify-instance-attribute --instance-id i-fae31a89 --groups sg-8569c41e sg-b25eb0d1

Get InstanceId from volume-id (attached)

aws ec2 describe-volumes --filters Name=volume-id,Values=vol-0a7d0ea2c73418623 --query 'Volumes[*].Attachments[0].InstanceId' --output text

describe-images

aws ec2 describe-images --owners self --output json | jq '.Images[] | select(.CreationDate<'$GET_AMI') | {ImageId}' | jq --raw-output '.ImageId'))
 
aws ec2 describe-images --owners 679593333241 --filters 'Name=name,Values=debian-stretch-hvm-x86_64-gp2-*' 'Name=state,Values=available'
 
aws ec2 describe-images --owners=self --filters 'Name=name,Values=packer*' --output text
aws ec2 deregister-image --image-id ami-00f406c198ce29c37
 
aws ec2 describe-instances --filters 'Name=tag-value,Values=*App*' --output table
aws ec2 describe-images --image-ids ami-01f3682deed220c2a
aws ec2 describe-images --owners amazon --filters 'Name=name,Values=amzn2-ami-hvm-2.0.20190612-x86_64-gp2' 'Name=state,Values=available' 'Name=architecture,Values=x86_64' --output text

Debug

aws ec2 describe-regions --debug

2025/03/24 15:06

Pb OpenStack cinder - volume status on error - Err Update driver status failed

Devstack

WARNING cinder.volume.manager Update driver status failed: (config name lvmdriver-1) is uninitialized."
WARNING cinder.volume.manager [None req-c2fc258b-ae9a-450b-b348-d7916542ff49 None None] Update driver status failed: (config name lvmdriver-1) is uninitialized.

[Error: Build of instance add5dc51-259c-42b4-93d6-9efa0aa90507 aborted: Volume e42027a0-a257-4fb0-8ce9-4a044dfc57ad did not finish being created even after we waited 0 seconds or 1 attempts. And its status is error.].

openstack volume list

“Status error”

Solution

/etc/cinder/cinder.conf

[lvmdriver-1]
#volume_group = stack-volumes-lvmdriver-1
volume_group = ubuntu-vg

systemctl restart "devstack@c-*"

Voir Cinder : https://vishmule.com/2016/03/07/basic-cinder-volume-service-functionality-in-openstack-part1/

2025/03/24 15:06

Pb OpenStack - pas d’accès a la console

Récupérer la console :

#nova get-vnc-console adf9c868-a595-4ae8-9ee8-fb775ab4c8de novnc
openstack console url show adf9c868-a595-4ae8-9ee8-fb775ab4c8de novnc

Solution

/etc/nova/nova-cpu.conf

[vnc]
#server_proxyclient_address = 127.0.0.1
server_proxyclient_address = 0.0.0.0
#server_listen = 127.0.0.1
server_listen = 0.0.0.0
 
#novncproxy_base_url = http://10.245.108.3:6080/vnc_auto.html
novncproxy_base_url = http://172.18.200.228:6080/vnc_auto.html
 
[spice]
#html5proxy_base_url = http://10.245.108.3:6082/spice_auto.html
html5proxy_base_url = http://172.18.200.228:6082/spice_auto.html

sudo systemctl restart "devstack@n-*"

2025/03/24 15:06

Pb OpenSSL LibreSSL Error Loading extension section v3_ca

Voir aussi :

https://knowledge.digicert.com/solution/what-extensions-and-details-are-included-in-a-ssl-certificate

$ openssl genrsa -des3 -out macle.key 2048
#Voir aussi "openssl ecparam -genkey" pour Elliptic Curve key
Generating RSA private key, 2048 bit long modulus
................................................+++
...................................................+++
e is 65537 (0x10001)
Enter pass phrase for macle.key:
Verifying - Enter pass phrase for macle.key:

$ openssl req -new -x509 -days 3650 -key macle.key -sha256 -extensions v3_ca -out macle.crt
Error Loading extension section v3_ca

Le problème venait de LibreSSL (pourquoi !?)

Solution 1 (rapide) :

Spécifier le chemin pour prendre l'openssl de la distribution GNU/Linux

/usr/bin/openssl req -new -x509 -days 3650 -key macle.key -sha256 -extensions v3_ca -out macle.crt

Solution 2 (la bonne) :

mv /usr/local/etc/ssl{,.old}
ln -s /etc/ssl /usr/local/etc/ssl

En effet, la conf n'est pas la même

# grep -ri v3_ca /etc/ssl
/etc/ssl/openssl.cnf:x509_extensions	= v3_ca	# The extentions to add to the self signed cert
/etc/ssl/openssl.cnf:[ v3_ca ]

openssl.cnf

[ v3_ca ]
 
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer
basicConstraints = CA:true
 
 
[ req ]
 
x509_extensions = v3_ca # The extentions to add to the self signed cert

# Autres

$  openssl x509 -ext basicConstraints,keyUsage -noout -in /usr/share/ca-certificates/mozilla/VeriSign_Universal_Root_Certification_Authority.crt
X509v3 Basic Constraints: critical
    CA:TRUE
X509v3 Key Usage: critical
    Certificate Sign, CRL Sign

2025/03/24 15:06

pb, brouillon, tls

<< Billets récents | Anciens billets >>

blog.txt · Dernière modification : 2025/03/24 15:06 de 127.0.0.1