Skip to content

Instantly share code, notes, and snippets.

View markus-hentsch's full-sized avatar

Markus Hentsch markus-hentsch

  • Cloud&Heat Technologies GmbH
View GitHub Profile
@markus-hentsch
markus-hentsch / upstream_references.txt
Created October 20, 2023 15:34
OpenStack RBAC policy role standards
Keystone roles: admin, reader, member, service
https://docs.openstack.org/keystone/latest/admin/service-api-protection.html
Barbican roles: admin, creator, observer, audit
https://docs.openstack.org/barbican/train/admin/access_control.html
@markus-hentsch
markus-hentsch / openstack_devstack_vm.md
Created March 15, 2024 15:50
Minimal DevStack in a VirtualBox VM for Keystone

Minimal DevStack VirtualBox setup

This is a very concise quickstart guide to setup an OpenStack DevStack limited to Keystone in a VirtualBox VM using Ubuntu Server LTS as the guest operating system. By limiting the DevStack to primarily deploy Keystone only, installation is quick and the machine does not take up much resources.

As the time of writing it uses up about 11 GB of disk space and 1 GB of RAM running Keystone.

This is meant for testing authentication and IDM-related things with OpenStack Keystone while disregarding other components. It can easily be extended by further components by adjusting the local.conf accordingly.

@markus-hentsch
markus-hentsch / openstack_devstack_aio_vm.md
Last active August 27, 2024 15:18
DevStack within an OpenStack VM (all-in-one)

DevStack within an OpenStack VM (all-in-one)

Host VM on OpenStack

source $OPENRC_FILE

openstack volume create --size 200 --image "Ubuntu 22.04 LTS x64" devstack-boot-volume

openstack security group create devstack-sg
@markus-hentsch
markus-hentsch / generate-all.sh
Created May 13, 2024 15:44
OpenStack oslo.policy batch default policy generator
#!/usr/bin/env bash
# Generates default API policy files for a list of OpenStack services.
SERVICES=(
cinder
glance
keystone
neutron
nova
@markus-hentsch
markus-hentsch / openstack_devstack_standardized_image_encryption_testing.md
Created August 15, 2024 13:03
OpenStack Standardized Image Encryption - Manual DevStack Testing

OpenStack Standardized Image Encryption - Manual DevStack Testing

The below instructions are manual steps to validate the implementation of the Standardized Image Encryption on a DevStack as per upstream patchsets uploaded at https://review.opendev.org/q/topic:%22LUKS-image-encryption%22

For further information see the corresponding Glance Spec and Cinder Spec.

Note: the instructions were created during the implementation phase of the patchsets and details about the process of using image encryption might change in the future and may not reflect the behavior of stable OpenStack releases.

Preparation