Why does the Neutron documentation recommend three interfaces?

Mon 28 October 2013 by Lars Kellogg-Stedman Tags openstack neutron networking

The documentation for configuring Neutron recommends that a network controller has three physical interfaces:

Before you start, set up a machine to be a dedicated network node. Dedicated network nodes should have the following NICs: the management NIC (called MGMT_INTERFACE), the data NIC (called DATA_INTERFACE), and the external NIC (called EXTERNAL_INTERFACE).

People occasionally ask, "why three interfaces? What if I only have two?", so I wanted to provide an extended answer that might help people understand what the interfaces are for and what trade-offs are involved in using fewer interfaces.

read more

Automatic hostname entries for libvirt domains

Fri 04 October 2013 by Lars Kellogg-Stedman Tags libvirt virtualization

Have you ever wished that you could use libvirt domain names as hostnames? So that you could do something like this:

$ virt-install -n anewhost ...
$ ssh clouduser@anewhost

Since this is something that would certainly make my life convenient, I put together a small script called virt-hosts that makes this possible ...

read more

Interrupts on the PiFace

Mon 05 August 2013 by Lars Kellogg-Stedman Tags raspberrypi python piface

I recently acquired both a Raspberry Pi and a PiFace IO board. I had a rough time finding examples of how to read the input ports via interrupts (rather than periodically polling for values), especially for the newer versions of the PiFace python libraries.

After a little research, here's some ...

read more

Generating a memberOf attribute for posixGroups

Mon 22 July 2013 by Lars Kellogg-Stedman Tags ldap

This showed up on #openstack earlier today:

2013-07-22T13:56:10  <m0zes> hello, all. I am looking to
setup keystone with an ldap backend. I need to filter
users based on group membership, in this case a
non-rfc2307 posixGroup. This means that memberOf doesn't
show up, and that the memberUid in the group is not a
dn. any thoughts on how to accomplish this?

It turns out that this is a not uncommon question, so I spent some time today working out a solution using the dynlist overlay for OpenLDAP.

read more

Split concatenated certificates with awk

Tue 16 July 2013 by Lars Kellogg-Stedman Tags awk

This is a short script that takes a list of concatenated certificates as input (such as a collection of CA certificates) and produces a collection of numbered files, each containing a single certificate.

#!/bin/awk -f

# This script expects a list of concatenated certificates on input and
# produces a collection ...
read more