marcaurele

Graceful shutdown of Management Server for Cloudstack

Idea

The goal is to provide a safe shutdown of a management server when running in cluster mode, so that the server stops processing new commands and waits for ongoing commands before being "ready to stop". Then the MS should be in a clean state for a shutdown. A little requirement is that the proxy in front of the management servers should have its route to the server going down turned off to avoid routing reconnection to the stopping server.

marcaurele

Keybase proof

I hereby claim:

• I am marcaurele on github.
• I am marcaurele (https://keybase.io/marcaurele) on keybase.
• I have a public key ASArUJBLlTwIvzEndNg6lPo_-puVvn1F2amCdhpwn_7smgo

To claim this, I am signing this object:

marcaurele

#!/usr/bin/env python3

# Author: Marc-Aurèle Brothier, Exoscale
# June 2016
# Requirements: cs, click

import random
import time

from datetime import datetime, timedelta

marcaurele

IPXE netboot

To boot a different OS from a Debian base image

To have a full disk encryption on a cloud VM (choose a size with enough RAM (2GB) and downscale after if needed):

1. Use the QEMU console to log on as root
2. apt-get install grub2 ipxe
3. reboot
4. Quickly select "Network boot" in GRUB menu

marcaurele

Private Network Exoscale CloudStack guide

User guide

Requirements check

Your account should have been granted access to privnet. Check that you have at least one network with this command:

cs listNetworks type=isolated

marcaurele

Cloud-Init configurations for Exoscale

Automatic EIP

Having an EIP 159.100.241.235 it allows to automatically configure it and use it for SSH access after deployment, for CentOS.

#cloud-config
write_files:
-   content: |

marcaurele

#!/usr/bin/env bash
set -e

# Debian installer to be executed after a fresh installation
# curl -H 'Cache-Control: no-cache' -L http://bit.ly/liskam-installer | bash
# curl -H 'Cache-Control: no-cache' -L https://gist.githubusercontent.com/marcaurele/598f4b810c3c1a9debcd8e23169a264a/raw/debian-installer | /bin/bash

echo "Debian Installer 🤖"

export DEBIAN_FRONTEND=noninteractive

marcaurele

#!/bin/bash

# To be used in certbot command as --manual-auth-hook parameter
#APIKEY="<your API key>"

# Strip only the top domain
ROOT_DOMAIN=$(python -c "import sys;u=sys.argv[1].split('.');print(u[-2]+'.'+u[-1])" "$CERTBOT_DOMAIN")
HOST_DOMAIN=$(python -c "import sys;print('.'.join(('_acme-challenge.'+sys.argv[1]).split('.')[:-2]))" "$CERTBOT_DOMAIN")

# Get Gandi zone UUID

marcaurele

#!/bin/bash

# To be used in certbot command as --manual-cleanup-hook parameter
#APIKEY=""

if [ -f /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF ]; then
        ZONE_RECORD_HREF=$(cat /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF)
        rm -f /tmp/CERTBOT_$CERTBOT_DOMAIN/ZONE_RECORD_HREF
fi

marcaurele

import asyncio
import hashlib
import io
import os
import time

import asyncssh

import pytest