Category: Linux

MicroStack installation fails on Ubuntu 20.04

I needed an instance of Openstack in my home lab for some tests and the first attempt was to deploy it with DevStack all-in-one. Is one of the most common methods out there. However it kept on failing (still need to find out why), so I turned to MicroStack.

MicroStack describe itself as the most straightforward way to install Openstack. I don’t say this is the way to go for Enterprise grade installation, but would do if you want something simple like one or two nodes for testing, learning purposes.

MicroStack uses two commands to have an Openstack instance up and running:

sudo snap install microstack --beta
$
sudo microstack init --auto --control

You can read a more detailed “how-to” on the Ubuntu or MicroStack page. One note, the entire topic is in Beta stage.

I’ve tried deploying multiple time on fresh Ubuntu 20.04 installation and everytime I’ve ended up with the error below. I’m adding the entire text, just in case you encounter an error at certain installation stage and want to check if is the same like mine:

sudo microstack init --auto --control
2022-11-02 20:21:19,950 - microstack_init - INFO - Configuring clustering ...
2022-11-02 20:21:20,454 - microstack_init - INFO - Setting up as a control node.
2022-11-02 20:21:24,066 - microstack_init - INFO - Generating TLS Certificate and Key
2022-11-02 20:21:26,187 - microstack_init - INFO - Configuring networking ...
2022-11-02 20:21:42,675 - microstack_init - INFO - Opening horizon dashboard up to *
2022-11-02 20:21:43,807 - microstack_init - INFO - Waiting for RabbitMQ to start ...
Waiting for 172.31.82.163:5672
2022-11-02 20:21:56,629 - microstack_init - INFO - RabbitMQ started!
2022-11-02 20:21:56,629 - microstack_init - INFO - Configuring RabbitMQ ...
2022-11-02 20:21:58,753 - microstack_init - INFO - RabbitMQ Configured!
2022-11-02 20:21:58,953 - microstack_init - INFO - Waiting for MySQL server to start ...
Waiting for 172.31.82.163:3306
2022-11-02 20:23:08,775 - microstack_init - INFO - Mysql server started! Creating databases ...
2022-11-02 20:23:14,509 - microstack_init - INFO - Configuring Keystone Fernet Keys ...
2022-11-02 20:26:07,658 - microstack_init - INFO - Bootstrapping Keystone ...
2022-11-02 20:26:21,999 - microstack_init - INFO - Creating service project ...
2022-11-02 20:26:27,938 - microstack_init - INFO - Keystone configured!
2022-11-02 20:26:28,257 - microstack_init - INFO - Configuring the Placement service...
2022-11-02 20:26:49,572 - microstack_init - INFO - Running Placement DB migrations...
2022-11-02 20:27:09,282 - microstack_init - INFO - Configuring nova control plane services ...
2022-11-02 20:27:22,369 - microstack_init - INFO - Running Nova API DB migrations (this may take a lot of time)...
2022-11-02 20:29:02,089 - microstack_init - INFO - Running Nova DB migrations (this may take a lot of time)...
Waiting for 172.31.82.163:8774
2022-11-02 20:39:31,994 - microstack_init - INFO - Creating default flavors...
2022-11-02 20:39:59,738 - microstack_init - INFO - Configuring nova compute hypervisor ...
2022-11-02 20:39:59,738 - microstack_init - INFO - Checking virtualization extensions presence on the host
2022-11-02 20:39:59,756 - microstack_init - WARNING - Unable to determine hardware virtualization support by CPU vendor id "GenuineIntel": assuming it is not supported.
2022-11-02 20:39:59,756 - microstack_init - WARNING - Hardware virtualization is not supported - software emulation will be used for Nova instances
2022-11-02 20:40:06,690 - microstack_init - INFO - Configuring the Spice HTML5 console service...
2022-11-02 20:40:08,564 - microstack_init - INFO - Configuring Neutron
Waiting for 172.31.82.163:9696
Traceback (most recent call last):
  File "/snap/microstack/245/bin/microstack", line 11, in <module>
    load_entry_point('microstack==0.0.1', 'console_scripts', 'microstack')()
  File "/snap/microstack/245/lib/python3.8/site-packages/microstack/main.py", line 44, in main
    cmd()
  File "/snap/microstack/245/lib/python3.8/site-packages/init/main.py", line 60, in wrapper
    return func(*args, **kwargs)
  File "/snap/microstack/245/lib/python3.8/site-packages/init/main.py", line 228, in init
    question.ask()
  File "/snap/microstack/245/lib/python3.8/site-packages/init/questions/question.py", line 210, in ask
    self.yes(awr)
  File "/snap/microstack/245/lib/python3.8/site-packages/init/questions/__init__.py", line 887, in yes
    check('openstack', 'network', 'create', 'test')
  File "/snap/microstack/245/lib/python3.8/site-packages/init/shell.py", line 69, in check
    raise subprocess.CalledProcessError(proc.returncode, " ".join(args))
subprocess.CalledProcessError: Command 'openstack network create test' returned non-zero exit status 1.

I’ve did some research and I found some hints about the need to manually install Python on a fresh Ubuntu 20.04 instance:

sudo apt install python python-dev

After installing Python all worked like a charm:

sudo microstack init --auto --control
# Skipped text #
2022-11-02 21:18:18,159 - microstack_init - INFO - Configuring the Spice HTML5 console service...
2022-11-02 21:18:19,503 - microstack_init - INFO - Configuring Neutron
Waiting for 172.31.82.163:9696
2022-11-02 21:19:21,615 - microstack_init - INFO - Configuring Glance ...
Waiting for 172.31.82.163:9292
2022-11-02 21:20:53,119 - microstack_init - INFO - Adding cirros image ...
2022-11-02 21:20:57,002 - microstack_init - INFO - Creating security group rules ...
2022-11-02 21:21:09,046 - microstack_init - INFO - Configuring the Cinder services...
2022-11-02 21:22:10,868 - microstack_init - INFO - Running Cinder DB migrations...
2022-11-02 21:23:31,155 - microstack_init - INFO - restarting libvirt and virtlogd ...
2022-11-02 21:23:42,260 - microstack_init - INFO - Complete. Marked microstack as initialized!

For some reason the MicroStack initialization process doesn’t detect Python installation or more like it the lack of.

If you have this error during installation, let me know if manual Python installation does the job.

Ubuntu 20.04 image for EVE-NG – Python for Network Engineers

This is an identical copy of my Ubuntu 20.04 PFNE Docker image, developed to be imported and used on EVE-NG (works also on the Community edition because it doesn’t need Docker support).

It contains all necessary tools for network engineers to test automation and learn Python. If you think a tool would be suitable to be added to this edition, please let me know in Comments below:

Openssl
Net-tools
IPutils
IProute
IPerf
TCPDump
NMAP
Python 2
Python 3
Paramiko
Netmiko
Ansible
Pyntc
NAPALM
Netcat
Socat

If you know how to install and use the image, please use the direct download link: Ubuntu 20.04 PFNE for EVE-NG.

For beginners of EVE-NG, here are all the steps to get you going:

  • Download the image
  • Using favorite SFTP Client (WinSCP, FileZilla for example) connect to your EVE-NG instance and upload the image to the following location:
    /opt/unetlab/addons/qemu/
  • Connect via SSH to your EVE-NG instance and go to location:
cd /opt/unetlab/addons/qemu/
  • Unzip the image file.
tar xzvf linux-ubuntu-server-20.04-pfne.tar.gz
  • Remove the archived image file (be sure to have a copy somewhere to avoid the need to download again):
rm -f linux-ubuntu-server-20.04-pfne.tar.gz
  • Fix permissions:
/opt/unetlab/wrappers/unl_wrapper -a fixpermissions

The image comes with the following predefined username and password:

User: root
Password: root

User: pfne
Password: pfne

Add it to your topology in EVE-NG and let me know how it works.

Ubuntu 20.04 Docker image – Python For Network Engineers

This is an updated Docker image of Python For Network Engineers (PFNE) based on Ubuntu 20.04 (minimal server distro).

It contains all necessary tools for network / devops engineers to test automation and learn Python:

Openssl
Net-tools
IPutils
IProute
IPerf
TCPDump
NMAP
Python 2
Python 3
Paramiko
Netmiko
Ansible
Pyntc
NAPALM
Netcat
Socat

If you notice a missing package which could be a value added for the scope of the Ubuntu PFNE image, please let me know in comments below.

Before testing the new Ubuntu 20.04 PFNE Docker image, please pull it from Docker Hub:

docker pull yotis/ubuntu2004-pfne

To start using it:

docker run -i -t yotis/ubuntu2004-pfne /bin/bash

For more details about how to install, operate and create your own Docker images, please check my older article on How to create your own Docker image.

Nginx reverse proxy and Webmin

Before going into “How” you may wonder “Why” I need a reverse proxy in front of Webmin.

First, and most important, is laziness. Yes, you read it right. I have in my home lab a one page html listing all http(s) resources I have in my IT lab. Instead of typing numerous URLs I just type one and click the needed link. You may argue that I can use browser bookmarks, true, but I use the one html landing page to access various resources.

Second is a bit more realistic (at least professional realistic).

I’m using Sophos XG (home version) to access my home lab and other in-house smart devices when on the road. This product has a very nice User Portal feature where you can add various “bookmarks” to resources accessible via various protocols (rdp, vnc, ssh, http(s)…)

Recently Sophos decided to retire the http(s) bookmark feature “in order to improve security and reduce the potential for cross-site scripting (XSS) exploits”

In my opinion you work on features to improve security and fix issues, you just don’t retire them. If this would be the way, then let’s shutdown electrical grid, stop cars or terminate Internet and we’re all be more secure. But that’s just my opinion…

Anyway, this action leaves a gap in my happiness accessing my home IT resources. Sophos recommend using WAF, which is a good advice from security perspective, but I don’t plan to have 50 redirections (as in DNAT) from my public facing IP address / router to LAN just to access the various URLs I have in my home lab.

I plan to use one port redirection from Internet to a LAN hosted webserver (protected with WAF) and, you guessed, hosting page lisingt my home lab resources (in form of Webpage Links)

For this to properly work I need one just one domain / subdomain with various URI resources (e.g. https://mydomain.com/resouce1 , https://mydomain.com/resource2, etc…), hence the use of a reverse proxy.

Nginx reverse proxy is not something new and it works great in a lot of situations, but it gave me some headache with Webmin. After quite some research, I said let me put together a quick and dirty how-to in case somebody else needed it.

My scenario involves one server with Nginx as reverse proxy (https://mypage.local.lan) and one Webmin server (https://webmin01.local.lan:10000) for this example.

Http protocol is secured with SSL certificates issues by a LAN CA. In case you don’t have secure http, just make sure to replace https with http in the example below.

My Nginx SSL config is very basic at this point:

server {
server_name mypage.local.lan;
listen 443;

root /var/www/html;

ssl on;
ssl_certificate /etc/ssl/private/mypage.local.lan.crt;
ssl_certificate_key /etc/ssl/private/mypage.local.lan.key;
access_log off;
error_log off;
}

Next part is to add the reverse proxy configuration for https://webmin01.local.lan:10000 so it can be access via https://mypage.local.lan/webmin01

  location /webmin01/ {
    proxy_pass      https://webmin01.local.lan:10000/;

    #Proxy Settings
    proxy_set_header   Host             $http_host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

  }

Add the part above just before the closing } in the first Nginx configuration part.

Very important, don’t forget the trailing / after webmin01 in the location /webmin01/ line

This should satisfy the majority of scenarios where a resource is accessed via reverse proxy. However Webmin needs a bit more fine tuning.

Restart your Nginx service after modifying the configuration files.

On my webmin01 server, I needed to modify the following files part of webmin installation (btw, this is on Ubuntu 20.04).

/etc/webmin/miniserv.conf

Add or modify the following parameters:

cookiepath=/webmin01
trust_real_ip=1
logouttimes=

/etc/webmin/config

Add or modify the following parameters:

referers=mypage.local.lan
webprefix=/webmin01
relative_redir=0

Referers needs to list the URL from where the request comes from. This is par of the Webmin security avoid malicious redirects from untrusted locations.

Webprefix is for proper redirection of the response from webmin pages. A word of advice, once you modify this part, you may not be able to access the webmin installation directly (e.g. https://webmin01.home.lan:10000) since the it will expect a /webmin01 part in the URL which of course is not there on the webmin server.

Restart your Webmin service after modifying the configuration files

After the above configuration, I added on my one html page located on https://mypage.local.lan and link called Webmin01 (pointing to https://mypage.local.lan/webmin01).

Once I access that URL resource, I’ll be redirected to the login page of Webmin01 instance.

In case you give it a try, let me know if it works for you

Last but not least, I’ve did quite some research on this topic, but the best information was from the Github user 1985a and the folks at https://github.com/webmin/webmin/issues/420. Thanks a lot!

How to create your own Docker image

I mentioned in my previous post that I’ll explain how to create your own Docker image and customize it however you’d like. While is great to just use an image from Docker Hub, it can be that you need some customized image to fit your needs. As said before, is not hard at all to create the image and worth knowing how to do it.

I’ll use for this tutorial a fresh Ubuntu 18.04 minimal installation. You can follow the same steps (or almost) using different Linux distro, Microsoft Windows or MacOS. The reason why I chose Ubuntu is simply because is the distro that I’m most familiar and enjoy working with.

For all steps below you need to be root or run the commands via sudo. So you’ll see either # at the begining of the command if you’re root or $ sudo if you pick to run it with elevated rights.

Install Docker

# apt install -y docker.io

A word of advice here. Be sure to have docker.io typed. If you miss the .io, the system will install a docker, but that’s a different package:

docker/bionic 1.5-1build1 amd64
  System tray for KDE3/GNOME2 docklet applications

You’ll end up with something that cannot be used for what we want to achieve, since the docker command isn’t even there.

You can test if the installation completed successfully by using the following command:

# service docker status

You should see something like this in the output:

Docker service successful status

Since this is a new installation, you’ll have no images, no containers, nothing.
You can check, just to be sure.

# docker image ls

The result should be:

Docker image ls return nothing

I’ll add at the end of the post some basic (and most important) Docker commands to get you started.

Pull Ubuntu 18.04 image – Optional step

This step is optional, but I’d advise to do it, just to test that everything is fine with your Docker installation In this case we’re going to use the official Ubuntu 18.04 minimal Docker image. If you want to read more about this image you can check the explanation on Ubuntu 18.04 minimal Docker image and check their repository on Docker Hub – Ubuntu.

# docker pull ubuntu:18.04

If everything goes well you should see a message ending with “Status: Downloaded newer image for ubuntu:18.04” :

Docker successful download of Ubuntu image

Time to run our first container:

# docker run -i -t ubuntu:18.04 /bin/bash

You should be now in container shell:

Docker container

Now that we tested you can type exit to leave the container.

Create Dockerfile

The Dockerfile is nothing more than a text document which contains all the commands a user could call on the command line to create an image.
A detailed explanation is beyond the scope of this post, but if you’d like to learn more, you can check the Docker Documentation – Dockerfile

Here is a sample that’s good to start with:

# My custom Ubuntu 18.04 with 
# various network tools installed
# Build image with:  docker build mycustomlinux01 .


FROM ubuntu:18.04
MAINTAINER Calin C., https://github.com/yotis1982
RUN apt-get update --fix-missing
RUN apt-get upgrade -y
RUN apt-get install -y software-properties-common
RUN apt-get install -y build-essential
RUN apt-get install -y net-tools mtr curl host
RUN apt-get install -y iputils-arping iputils-ping iputils-tracepath
RUN apt-get install -y iproute2
RUN apt-get install -y traceroute
RUN apt-get install -y tcpdump

A short explanation:

# – This is a comment, add here whatever you think is useful. I’ve picked the name “mycustomlinux01”, but you can add whatever you like.
FROM – is always your first instruction, because it names the base image you’re building your new image from.
MAINTAINER – is the creator of the Dockerfile.
RUN – instruction to run the specified command, in this case apt-get to install various packages

There are multiple instructions for setting environment variables like ADD, COPY, ENV, EXPOSE, LABEL, USER, WORKDIR, VOLUME, STOPSIGNAL, and ONBUILD. You can read all about them in the Docker Documentation – Dockerfile

Using RUN you can add whatever package you need in your custom image. The same like you would do on a regular Ubuntu installation.
Yes, all the packages above could have been added in one RUN line, but for the sake of better visibility I would suggest to have separate lines.

Create your custom Docker image

After you save the Dockerfile is time to create your image

# docker build -t mycustomlinux01 .

You’ll see a lot of output, the same like when you’re installing new packages in any Linux distro. When you see the following lines, you’ll know that the image was successful created:

Docker successful image creation

Let’s check if the image is listed using:

# docker image ls

You should see the mycustomlinux01 image listed:

List my Docker image

Since the image is created successful I’d suggest that you run a container using this image following the same steps like in the “Pull Ubuntu 18.04 image”

Basically that’s it, you just created your custom image.

As mentioned above, here is a list of commands that I find useful to have at hand when working with Docker containers.

List images:

# docker image ls

Start a container from an image:

# docker run -i -t ubuntu:12.04 /bin/bash

Using an ID (you get the ID from List image command):

# docker run -i -t 8dbd9e392a96 /bin/bash

List all containers:

# docker ps -a

List running containers:

# docker ps -l

Attach running container:

# docker attach “container ID”

Remove a container:

# docker rm “container ID”

Last but not least. If you liked my Ubuntu 18.04 Docker image customized for network engineers who wants to learn Python and you would like to install additional packages, here is the Dockerfile:

# Ubuntu 18.04 with Python, Paramiko, Netmiko, Ansible
# various other network tools installed and SSH activated
# Build image with:  docker build -t yotis/ubuntu1804-pfne .

FROM ubuntu:18.04
MAINTAINER Calin C., https://github.com/yotis1982
RUN apt-get update --fix-missing
RUN apt-get upgrade -y
RUN apt-get install -y software-properties-common
RUN apt-get install -y build-essential
RUN apt-get install -y openssl libssl-dev libffi-dev
RUN apt-get install -y net-tools mtr curl host socat
RUN apt-get install -y iputils-arping iputils-ping iputils-tracepath
RUN apt-get install -y iproute2
RUN apt-get install -y iptraf-ng traceroute
RUN apt-get install -y tcpdump nmap
RUN apt-get install -y iperf iperf3
RUN apt-get install -y python python-pip python-dev
RUN apt-get install -y python3 python3-pip python3-dev
RUN apt-get install -y openssh-client telnet
RUN apt-get install -y nano
RUN apt-get install -y netcat
RUN apt-get install -y socat
RUN pip install --upgrade pip
RUN pip install cryptography
RUN pip install paramiko
RUN pip install netmiko
RUN pip install pyntc
RUN pip install napalm
RUN apt-add-repository ppa:ansible/ansible
RUN apt-get update
RUN apt-get install -y ansible
RUN apt-get clean
VOLUME [ "/root" ]
WORKDIR [ "/root" ]
CMD [ "sh", "-c", "cd; exec bash -i" ]

Obviously there is more about Docker than is covered on this post. It wasn’t in my scope to make a detailed analyze of Docker, rather a cheatsheet on how to create your custom image. If you want to learn more there are plenty resources out there and a good starting point is the Docker website.

I hope you find this how-to useful. As always, if you need to add something or you have questions about, please use the Comments form to get in contact with me.