Skip to main content

Changing the IP address of an OpenStack instance

Sometimes you can accidentally broke an instance and when you launch a new one to replace the old one, you want the new instance with the IP address that you had in the old instance.

The steps are very simple, first you have to remove the port that is associated with the instance. You can identify it by its current IP address:

$ sudo neutron port-list --fixed-ips ip_address=172.16.2.128
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| id                                   | name | mac_address       | fixed_ips                                                                           |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+
| aa2e65ec-bf1c-44c7-b38b-0b27fcc41d8f |      | fa:16:3e:05:f2:fe | {"subnet_id": "6be599d7-702f-4e54-b18d-3dfca1441617", "ip_address": "172.16.2.128"} |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------------+

With the instance stopped remove the port:

$sudo neutron port-delete aa2e65ec-bf1c-44c7-b38b-0b27fcc41d8f 
Deleted port: aa2e65ec-bf1c-44c7-b38b-0b27fcc41d8f

And now attach a new one with the desired IP address to your instance (c842228b-71e3-49d6-a5b5-33e6416e2669):

$ sudo nova interface-attach --fixed-ip 172.16.2.106 --net-id 26f6d6f9-0ff6-4825-99e8-35c3821f855f  c842228b-71e3-49d6-a5b5-33e6416e2669

That’s all, now you can start your instance with the new Ip address.

Debian-ubuntu vs Redhat-CentOS commands

If you are used to work with Debian based distributions as well as RedHat based distributions this post is useful to see what is the counterpart command in both systems:

[table width=”600″ border=1 colwidth=”200|200|200″ colalign=”left|center|center”] Command Description,Debian,RedHat
Search package,apt-cache search package,yum search package
Look available packages in the repository,apt-cache show package,yum –showduplicates list package | expand
Install specific package version,apt-get install package=x.y.z,yum install package-x.y.z
List files installed by a package, dpkg -L package, rpm -ql package
Which package has installed the file, dpkg -S /path/to/file, rpm -qf /path/to/file or yum provides /path/to/file
Look if the package is installed, dpkg -l | grep package, rpm -qa | grep package
[/table]

Updating your server BIOS using FreeDOS and GRUB

In this post I am explaining the steps you can follow to boot from a DOS image using your grub to update the server’s BIOS version without the need of using a USB drive attached to your server.

To check your BIOS version in your server run this command:

$ sudo dmidecode --type bios
# dmidecode 2.12
SMBIOS 2.6 present.

Handle 0x0000, DMI type 0, 24 bytes
BIOS Information
	Vendor: Dell Inc.
	Version: 1.12.0
	Release Date: 07/30/2013
	Address: 0xF0000
	Runtime Size: 64 kB
	ROM Size: 4096 kB
	Characteristics:
		ISA is supported
		PCI is supported
		PNP is supported
		BIOS is upgradeable
		BIOS shadowing is allowed
		Boot from CD is supported
		Selectable boot is supported
		EDD is supported
		Japanese floppy for Toshiba 1.2 MB is supported (int 13h)
		5.25"/360 kB floppy services are supported (int 13h)
		5.25"/1.2 MB floppy services are supported (int 13h)
		3.5"/720 kB floppy services are supported (int 13h)
		8042 keyboard services are supported (int 9h)
		Serial services are supported (int 14h)
		CGA/mono video services are supported (int 10h)
		ACPI is supported
		USB legacy is supported
		BIOS boot specification is supported
		Function key-initiated network boot is supported
		Targeted content distribution is supported
	BIOS Revision: 1.12

Handle 0x0D00, DMI type 13, 22 bytes
BIOS Language Information
	Language Description Format: Long
	Installable Languages: 1
		en|US|iso8859-1
	Currently Installed Language: en|US|iso8859-1

Now we are going to make a small bootable DOS system that we will use to boot in the server. I did the following steps in my own PC, but you can do them anywhere.

Install qemu if not installed yet to be able to install FreeDOS:

# apt-get update
# apt-get install syslinux qemu-system-x86

You can download FreeDOS here http://www.freedos.org/download/

or just:

$ wget http://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdbasecd.iso

Creaty an empty image of 250MB size:

dd if=/dev/zero of=fdos-250m-hdd.img bs=1M count=250

Launch qemu and install FreeDOS into the empty image:

qemu-system-x86_64 -hda fdos-250m-hdd.img -cdrom fdbasecd.iso -boot d

After installing FreeDOS you have to copy the BIOS updater tool to the image. To do that follow this steps:

~# fdisk -ul fdos-250m-hdd.img
GNU Fdisk 1.2.5
Copyright (C) 1998 - 2006 Free Software Foundation, Inc.
This program is free software, covered by the GNU General Public License.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.


Disk /home/user/fdos-250m-hdd.img: 261 MB, 261660672 bytes
16 heads, 63 sectors/track, 507 cylinders, total 511056 sectors
Units = sectors of 1 * 512 = 512 bytes

                          Device Boot      Start         End      Blocks   Id  System 
/home/user/fdos-250m-hdd.img1   *          63      511055      255496    e  FAT16 LBA

The partition starts at 63, so to get the offset, we have to multiply 63 by 512, 32256. To mount the partition you have to run this command:

~# mount -o loop,offset=32256 fdos-250m-hdd.img /mnt/

And copy the required tool:

~# mkdir /mnt/DELL
~# cp PER410-011200.exe /mnt/DELL/
~# umount /mnt

Once you have your FreeDOS image ready, copy the image to your server to /boot/images. Create the directory /boot/images if it does not exist.

Prepare grub2 to use memdisk

$ sudo cp -a /usr/lib/syslinux/memdisk to /boot

Create the following file with your preferred editor:

~# cat /etc/grub.d/50_memdisk 
#!/bin/sh

set -e

IMAGES=/boot/images
. /usr/lib/grub/grub-mkconfig_lib
if test -e /boot/memdisk ; then
  MEMDISKPATH=$( make_system_path_relative_to_its_root "/boot/memdisk" )
  echo "Found memdisk: $MEMDISKPATH" >&2
  find $IMAGES -name "*.img" | sort | 
  while read image ; do
      IMAGEPATH=$( make_system_path_relative_to_its_root "$image" )
      echo "Found floppy image: $IMAGEPATH" >&2
      cat << EOF
menuentry "Bootable floppy: $(basename $IMAGEPATH | sed s/.img//)" {
EOF
      prepare_grub_to_access_device ${GRUB_DEVICE_BOOT} | sed -e "s/^/\t/"
      cat << EOF
        linux16 $MEMDISKPATH bigraw
        initrd16 $IMAGEPATH
}
EOF
  done
fi

And finally update grub with your new image:

$ sudo update-grub
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-3.13.0-68-generic
Found initrd image: /boot/initrd.img-3.13.0-68-generic
Found memtest86+ image: /memtest86+.elf
Found memtest86+ image: /memtest86+.bin
Found memdisk: /memdisk
Found floppy image: /images/fdos-250m-hdd.img
done

Reboot and boot from your new image.

Log traffic by user with iptables

This is a little post explaining how to log the uid and guid of the user who is making a connection in a server:

iptables -N log_traffic
iptables -I OUTPUT 1 -p tcp -m multiport --dports 80,443 -m state --state NEW -j log_traffic
iptables -A log_traffic -j LOG --log-uid --log-prefix  "iptables: "

Explanation:

  1.  Create a new iptables chain log_traffic
  2.  Redirect all traffic from OUTPUT to log_traffic chain if the connection destination port is http or https.
  3.  Log all traffic in log_traffic chain including the user uid/gid.

with rsyslog identify the iptables traffic and put it in a separate log file. Edit /etc/rsyslog.conf and add the following line:

:msg, contains, "iptables: "  -/var/log/iptables.log

You will see traces like this with the uid and gid of the user making the connection:

Oct 22 14:44:54 host4sx56 kernel: [6828668.226415] iptables: IN= OUT=eth355 SRC=192.168.1.2 DST=172.17.16.52 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=11754 DF PROTO=TCP SPT=35734 DPT=80 WINDOW=14600 RES=0x00 SYN URGP=0 UID=3106 GID=3106