Skip to content

Instantly share code, notes, and snippets.

View jjo's full-sized avatar
🏠
Working from home

JuanJo Ciarlante jjo

🏠
Working from home
154 followers · 0 following
View GitHub Profile
@jjo
jjo / lxc-default-with-netns
Last active March 31, 2016 14:56
apparmor profile to allow netns handling inside LXCs
# /etc/apparmor.d/lxc/lxc-default-with-netns
# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which
# will source all profiles under /etc/apparmor.d/lxc
profile lxc-container-default-with-netns flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/lxc/container-base>
#include <abstractions/lxc/start-container>
# - onetime mount, if /run/netns was not mounted yet:
@jjo
jjo / neutron-server-epoll_wait-busy-loop.txt
Last active November 17, 2015 13:53
root@HOST:~# pgrep -f python.*nova-compute | xargs ps -fp
UID PID PPID C STIME TTY TIME CMD
nova 476997 1 2 Nov10 ? 04:14:01 /usr/bin/python /usr/bin/nova-compute --config-file=/etc/nova/nova.conf --config-file=/etc/nova/nova-compute.conf
root@HOST:~# strace -r -p "$(pgrep -f nova-compute)"
Process 3275 attached
Process 476997 attached
[pid 3275] 0.000000 restart_syscall(<... resuming interrupted call ...> <unfinished ...>
[pid 476997] 0.000080 epoll_wait(16, {}, 1023, 22) = 0
[pid 476997] 0.022212 epoll_wait(16, {}, 1023, 0) = 0
@jjo
jjo / nova-compute-epoll_wait-busy-loop.log
Created November 17, 2015 14:08
# with default_log_levels=qpid=DEBUG,oslo.messaging=DEBUG,suds=DEBUG,requests.packages.urllib3.connectionpool
# at /etc/nova/nova.conf:
2015-11-17 14:05:40.980 704816 DEBUG oslo_concurrency.lockutils [-] Acquired semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:198
2015-11-17 14:05:40.980 704816 DEBUG oslo_concurrency.lockutils [-] Releasing semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:211
2015-11-17 14:05:40.981 704816 DEBUG oslo_concurrency.lockutils [req-a869c724-1d04-4e81-a55a-98e7148941d2 - - - - -] Acquired semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:198
2015-11-17 14:05:40.981 704816 DEBUG oslo_concurrency.lockutils [req-a869c724-1d04-4e81-a55a-98e7148941d2 - - - - -] Releasing semaphore "singleton_lock" lock /usr/lib/python2.7/dist-packages/oslo_concurrency/lockutils.py:211
2015-11-17 14:05:40.981 704816 INFO oslo_service.service [req-a869c724-1d04-4e81-
@jjo
jjo / nova-compute-lxd-inside-lxc.md
Last active December 29, 2023 07:01

nova-compute-lxd inside LXCs at nova-compute hosts

Goal: use an existing normal openstack deploy to create a nova-compute-lxd layer using same nova-compute hosts, by running its nova-compute LXD services inside a hosts' LXCs (you can't have several hypervisors run by the same nova-compute):

                       HOST 
.---------------------------------------------------.
|       jujud-m-32                                  |
@jjo
jjo / bridge-drop-incoming-local-macs.sh
Last active August 26, 2021 17:01
#!/bin/bash
# bridge-drop-incoming-local-macs.sh:
# Parse "ovs-ofctl dump-flows br-int" for local macs (dl_src=xx:xx:xx:xx:xx:xx),
# to manage (add, del, etc...) ebtables dropping at passed interface to avoid
# underlying linux bridge from flapping "fdb" forwarding port
#
# Author: JuanJo Ciarlante <[email protected]>
# License: GPLv3
#
# Usage:
@jjo
jjo / neutronapi_ops.py
Created May 8, 2017 12:36
#!/usr/bin/env python
from __future__ import print_function
import sys
from cliff import app
from cliff import command
from cliff import commandmanager
from keystoneauth1.identity import v3
from keystoneauth1 import session
@jjo
jjo / kubeless-clusterrole-min.yaml
Last active July 24, 2017 08:55
# https://gist.github.com/jjo/ceb4a66c4f6f3e270a667418f74d34a2
#
# kubeless-clusterrole-min.yaml
# Narrow RBAC perms to mininum needed (to avoid cluster-admin's equivalent),
#
# NOTE: to narrow the subject, kubeless controller is deployed with
# system:serviceaccount:kubeless:kubeless-ctl
# instead of
# system:serviceaccount:kubeless:default
#
@jjo
jjo / kubeless-0.0.16.yaml.diff
Created July 20, 2017 20:59
# https://gist.github.com/jjo/3777dda2e9933a3017094d3be1a84f6b
Deploy kubeless controller with system:serviceaccount:kubeless:kubeless-ctl
instead of system:serviceaccount:kubeless:default, to narrow the RBAC subject
for needed clusterrole perms
diff --git a/kubeless-0.0.16.yaml b/kubeless-0.0.16.yaml
index d9ce99f..c0af307 100644
--- a/kubeless-0.0.16.yaml
+++ b/kubeless-0.0.16.yaml
@jjo
jjo / kubeless-kubecfg-diff-before-more-precise-rbac.diff
Created July 25, 2017 18:47
$ /home/jjo/work/src/github.com/ksonnet/kubecfg/kubecfg diff --diff-strategy subset kubeless-rbac.jsonnet
---
- live ThirdPartyResource/function.k8s.io
+ config ThirdPartyResource/function.k8s.ioThirdPartyResource/function.k8s.io unchanged
---
- live ClusterRole/kubeless-controller-deployer
+ config ClusterRole/kubeless-controller-deployerClusterRole/kubeless-controller-deployer unchanged
---
- live ClusterRoleBinding/kubeless-controller-deployer
+ config ClusterRoleBinding/kubeless-controller-deployer {
@jjo
jjo / kubeless-kubecfg-diff-after-more-precise-rbac.diff
Created July 25, 2017 18:48
$ /home/jjo/work/src/github.com/ksonnet/kubecfg/kubecfg diff --diff-strategy subset kubeless-rbac.jsonnet
---
- live ThirdPartyResource/function.k8s.io
+ config ThirdPartyResource/function.k8s.ioThirdPartyResource/function.k8s.io unchanged
---
- live ClusterRole/kubeless-controller-deployer
+ config ClusterRole/kubeless-controller-deployerClusterRole/kubeless-controller-deployer unchanged
---
- live ClusterRoleBinding/kubeless-controller-deployer
+ config ClusterRoleBinding/kubeless-controller-deployerClusterRoleBinding/kubeless-controller-deployer unchanged