2024

Creating a Ghost site with Openstack-Flex

Welcome! In this blog post we are going over using Openstack-Flex to deploy Ghost. If you havent used ghost before and would like more information about it please visit their website using the link here

Getting Started:

First you will need to set up your clouds.yaml file to be able to complete the next steps. More information about that can be found here.

Creating our Openstack-Flex Server

Fist we are going to create our Flex router.

openstack  --os-cloud {cloud_name} router create flex-router

Second we are we wil create our flex network

openstack  --os-cloud {cloud_name} network create flex-network

Next we are going to set our router's external gateway to PUBLICNET to grant access to the internet.

openstack  --os-cloud {cloud_name} router set --external-gateway PUBLICNET flex-router

Now we are going to set up our subnet, you can choose between ipv4 and ipv6. The ip range is also up to you. For the DNS name server you will need to ping cachens1.sjc3.rackspace.com and cachens2.sjc3.rackspace.com.

ping cachens1.sjc3.rackspace.com -c2
ping cachens2.sjc3.rackspace.com -c2

openstack  --os-cloud {cloud_name} subnet create --ip-version 4 --subnet-range 172.18.107.0/24 --dns-nameserver 216.109.154.188 --dns-nameserver 216.109.154.189 --network flex-network flex-subnet

Connect the subnet to our flex-router

openstack --os-cloud {cloud_name} router add subnet flex-router flex-subnet

Now we need to create our security group, this is the group which specify the network access rules. For our example now we are only going to allow SSH access.

openstack --os-cloud {cloud_name} security group create flex-sg

openstack --os-cloud {cloud_name} security group rule create --ingress --remote-ip 0.0.0.0/0 --dst-port 22 --protocol tcp flex-sg

Now we need to create our floating ip.

openstack --os-cloud {cloud_name} floating ip create --subnet PUBLICNET_SUBNET PUBLICNET

Now we are going to create our Public and Private ssh keys so we can securely connect to our server. I am naming my key wordpress-key

ssh-keygen

After that we will create our public key using the command below then we will assign it using the the openstack cli tools.

ssh-keygen -f ~/.ssh/flex-key -y > ~/.ssh/flex-key.pub 
openstack —os-cloud {cloud_name} keypair create --public-key ~/.ssh/flex-key.pub flex-key

Now we create our server! This should include the flavor you'd like to use, the image, memory, network, key-name, and security group for this example.

 openstack --os-cloud {cloud_name} server create --flavor m1.medium --image Ubuntu-22.04 --boot-from-volume 40 --network flex-network --key-name flex-key --security-group flex-sg flex-server

Assigning our floating ip. We can do this by adding it to our port for the server. If you get the fixed ip from our newly create server you can find the port ID by searching through the port list.

openstack --os-cloud {cloud_name} port list
openstack --os-cloud {cloud_name} floating ip set --port {port id} {floating-ip}

SSH into your new Server!

ssh -i ~/.ssh/flex-key ubuntu@{floating-ip}

Deploying our Ghost website on our Openstack-Flex server

Once we have created our Openstack-Flex Server we will want to make sure everything is up to date.

sudo apt-get update && sudo apt-get upgrade -y

Next we need to install nginx

sudo apt-get install nginx

sudo systemctl enable nginx

Start nginx

sudo systemctl start nginx

Next we install Mysql

sudo apt install mysql-server
sudo mysql_secure_installation

Next we need to use mysql and create our wordpress database with our username and password. Please create your own personal username and password.

sudo mysql

CREATE DATABASE ghost-db;
CREATE USER 'openstack-flex'@'localhost' IDENTIFIED BY 'pass';
GRANT ALL PRIVILEGES ON ghost-db.* TO 'openstack-flex'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Next step is to install Node.js

curl -fsSL https://deb.nodesource.com/setup_18.x | sudo bash -

sudo apt install nodejs

Our last step is to install Ghost

sudo npm install ghost-cli@latest -g

sudo mkdir -p /var/www/directory-name
sudo chown -R {username}:{username} /var/www/ghost/
sudo chmod -R 755 /var/www/ghost/
cd /var/www/ghost

ghost install

Answer the configuration question and when that is complete you can reach the setup page for your website. It should look like this.

Kustomize: Using environment variables for configuration

Kustomize is a widely used tool for Kuberenetes config management that provides a template free way to change your manifests during application deployment. It uses a kustomization.yaml file to define the actions taken during the build process. The file itself can be seen a collection of optional ordered processes: resources, generators, transformers, validators, configMapGenerator, patches and so on.

We wont dive too deep into these but look at a specific way of using the transformer property to use configuration values (as environment variables) from a file to drive your configuration.

Installing Github actions on a Openstack-Flex Instance

Introduction

Welcome! In this blog post we are going to go over connecting our Openstack-Flex instance to GitHub-actions through the use of self-hosted runners. We will be using an small Ubuntu image for our example, but if you would like a more in-depth look into setting up your environment please check out James’ blog post here.

Fortify Your Kubernetes Clusters: Encrypting Secrets with Sealed-Secrets

Introduction

In today's cloud-native world, Kubernetes has become the de facto standard for container orchestration. Kubernetes secrets are essential for storing sensitive data like passwords, API keys, and database credentials for workloads running on Kubernetes clusters.

However, many teams encounter a common issue while interacting with Kubernetes secrets:

• The inadvertent exposure of the sensitive secrets when stored in version control systems.
• Kubernetes secrets are base64 encoded. Base64 encoding can be easily decoded, leading to significant security vulnerabilities, including unauthorized access and potential data breaches.

To address this issue, various solutions exist, but in this blog, we will focus on one: sealed-secrets.

We will walk through a practical example of how to use sealed-secrets to secure your Kubernetes secrets, ensuring they are both version-controlled and protected.

Choosing Your Kubernetes Guardian: Ingress Controllers, Envoy GatewayAPI, or Istio?

Introduction

In the ever-evolving landscape of cloud-native applications, effectively managing traffic within a Kubernetes cluster is essential for optimizing performance, enhancing security, and achieving scalability. Several popular solutions have emerged to address these challenges, including Envoy, Envoy GatewayAPI, Ingress Controllers, and Istio. However, users often face confusion when deciding which solution best suits their specific use cases. In this blog post, we will explore the differences and similarities assisting you in selecting the optimal tool based on your requirements.

Getting Started With Rackspace OpenStack Flex

We're now mid-way through 2024, and the Rackspace Public Cloud team has been hard at work building and delivering the successor to the Rackspace OpenStack Public Cloud (OSPC) first launched in 2012. As Limited Availability (LA) access to our latest multi-tenant OpenStack-based public cloud approaches and content begins to build up here on the blog, I thought it prudent to provide guidance on how one might onboard themselves and build resources on the platform.

Dealing with SSH MAC Limitations in Modern Systems

Modern SSH configurations can sometimes lead to MAC (Message Authentication Code) limitations when connecting between systems with different client setups. I've recently run into this issue when operating from a Mac and connecting to newer operating systems, like NixOS. These limitations can be frustrating, but they are fixable with minimal effort. This post will show you how to change your SSH client to use an appropriate MAC, even if it's not explicitly allowed in your configuration.

Building NixOS from Another OS to Use as NixOS on OpenStack

A wordy title, but it was fun to write and hammers on "OS;" OpenStack / Operating System. With the release of OpenStack Flex, we have opened up some much needed ease of operation and functionality into our multi-tenant OpenStack platform. One of the many new features in our public cloud is the ability to simply create and manage custom images. In this blog post, we will guide you through creating a NixOS 24.05 QCOW2 image which is cloud ready. We'll use resources found in the nixos-openstack GitHub repository and we'll build all of this from Ubuntu within OpenStack Flex.

Creating a WordPress site using Openstack-Flex

Here I wanted to show our customers and hopefully future customers on how easy it is to host your own Wordpress site using Openstack Flex.

Below is a video that you can follow along with that will take you through a step by step setup.

What is Rackspace Public Cloud (Flex)?

In 2006, before 'The Cloud' became a ubiquitous term, Rackspace launched one of the first utility-based computing services known as Mosso (later Rackspace Cloud). Move ahead to 2010, and you'll find Rackspace partnering with NASA to deliver the first release of OpenStack - a fully open-source and open standard cloud computing platform. In 2012, Rackspace launched the Rackspace Public Cloud based on OpenStack, and shortly thereafter began delivering private (hosted) clouds based on OpenStack. To say OpenStack runs through our veins is an understatement.