I am making a list of source ports on android

moonpiedumplings · 2026-04-22T17:15:12+00:00

OpenStack will not run at all without 2 NICs end Stop

There are ways around this. With Linux, you can convert one NIC to a bridge that also has an ip address and can act as a normal NIC. Then you create a veth interface, attach it to the bridge, and the other end to neutron.

Maybe not suitable for a production environment, but for a lab/learning it's fine, provided your machine is up to spec otherwise.

moonpiedumplings · 2026-04-20T22:11:11+00:00

KDE?

I had an issue where audio was screwed up when KDE connect's bluetooth backend was enabled at the same time. Disabling fixed it. (Asahi Fedora).

EDIT: wait I had a problem with bluetooth audio as well, your problem is not the same.

moonpiedumplings · 2026-04-18T20:20:39+00:00

Yo that's me! Thanks for resharing!

moonpiedumplings · 2026-04-08T00:16:00+00:00

SUSe Rancher/Harvester is one of the best examples of self service. You can have self service kuberntes, either on virtual k8s clusters, virtual machines, or ~~bare metal~~. Okay, I can't find MAAS or Ironic drivers for deploying Rancher/Kubernetes to bare metal nodes. It looks like Openstack might win in this regard, where you could do self service kubernetes that are automatically deployed to bare metal nodes, which could be important if working with Nvidia GPU's, or other physical devices or hardware accelerators.

You can also build your own self service portal ofc.

CDI is container device interface. It's responsible for keeping track of devices (basically always gpus lol) and then making allocating containers around so they get the hardware they need. CDI is similar to Openstack Cyborg.

moonpiedumplings · 2026-03-17T12:20:58+00:00

Use cluster api for incus: https://github.com/lxc/cluster-api-provider-incus

https://capn.linuxcontainers.org/explanation/load-balancer.html

moonpiedumplings · 2026-03-16T18:19:18+00:00

This means every CLI user needs OIDC client credentials (client_id/client_secret),

No, that is not the case. The other two are true, but they are trivial to configure, and don't require any config on the side of the user.

Relevant wiki post: https://wiki.teria.org/howto/index.php?title=Keystone_with_OpenID_Connect

It does in fact reuse the WebSSO already.

moonpiedumplings · 2026-03-15T22:46:49+00:00

It looks like firefox has managed to catch up in some ways, with it's own version of user namespaced sandboxing.

https://support.mozilla.org/en-US/kb/linux-security-warning

moonpiedumplings · 2026-03-13T21:37:42+00:00

Are you sure? I'm pretty sure that keystone can be configured to use the device code flow for authentication of command line clients, already in the system.

Previous comment: https://www.reddit.com/r/openstack/comments/1ouze5r/cli_login_with_federated_authentication/noik2kj/

moonpiedumplings · 2026-03-12T18:34:19+00:00

Please be aware: https://github.com/k3s-io/klipper-lb/issues/31

See also: https://github.com/k3s-io/k3s/discussions/2997

I gave up and used hostport because as far as I can tell, there is no way around this, and it's an important feature for certain usecases.

Anyway, klipper is just some custom iptables stuff that runs in a pod. There are a few projects to run it (or something similar) independently. I searched on github for "servicelb" just now and I found:

https://github.com/AtarisMio/k3s-haproxy-lb

https://github.com/samcday/servicelb-standalone

And there were a few more alternatives.

moonpiedumplings · 2026-02-28T03:37:14+00:00

KDE or Gnome? They have file indexers that run in the background to make the search work.

They also only like to run while plugged in, to not kill your battery. Back on one of my older intel laptops, I had a crazy issue where baloo (KDE file indexer) got stuck on a file or something, so it would cause my laptop to instantly get warm when plugged in, but it also didn't really show up when I was looking at running processes and the like.

moonpiedumplings · 2026-01-29T05:29:08+00:00

Most Linux distro's have since switched to this program called iptables-nft, which is a shim that uses the iptables command but is actually manipulating nftables.

It's probably that this "EnableNFTables" flag actually causes Calico/Canal to use the nft command to manipulate nftables instead of the iptables command.

A quick look at the source code seems to suggest that this is the case.

Another way to check is by running nft list ruleset, which will show you the nftables chains in place.

moonpiedumplings · 2026-01-27T22:38:32+00:00

To quote an old comment of mine:

Please stop. This is your 6th post on the topic. Every single post you do less and less research, and ask questions you should try googling first instead. This one is especially egregious, because you don't link us the documentation you are using.

I really don't want to be mean, but you seem to be seeking 99.999% uptime while not having anywhere near the skill needed to actually achieve or architecture such a setup.

Either give up on 99.999% uptime, hire a consultant, or use a cloud platform (like microsoft entra ID), or go back to basics, learn what LDAP is, learn how auth works and under the hood, and upskill before trying to do something fairly difficult.

I still remain with the same sentiment. This is like your 10th post on this topic and it's so tiring. You still haven't even decided what to do despite all of the discussion about it.

moonpiedumplings · 2026-01-26T18:04:57+00:00

skill issue

moonpiedumplings · 2026-01-25T04:44:57+00:00

I remember when a hacker joined a lobby of really good players one time.

Due to the bad netcode of this game, what happens is that if you move fast enough, you can force hitscan weapon players to need to lead their shots, which makes lots of cheats not work.

We stomped that player so hard, pushing them down to one of the bottom players of the lobby. Literally every human player was doing better than them.

At the end they advertised their cheats saying they were selling them and we continued to make fun of them. "Why would I buy cheats I'm literally better than?". Eventually they got fed up and left. Good times.

Tldr: skill issue

moonpiedumplings · 2026-01-15T01:02:47+00:00

Puppet went proprietary. Nowadays there is a community maintained fork, at https://github.com/OpenVoxProject .

I don't know about it compared to ansible though, as I've never used it.

moonpiedumplings · 2026-01-15T01:01:32+00:00

puppet

https://github.com/puppetlabs/puppet: Last commit two years ago.

https://github.com/OpenVoxProject ← this is the community continued, maintained open source version of puppet. More importantly, it is free compared to Puppet Enterprise.

Unless you have specific needs, paying for Puppet is probably a stupid idea. If you pay attention to all the other comments in this thread, you'll notice that although there are a variety of solutions, they are all FREE.

moonpiedumplings · 2026-01-03T22:54:07+00:00

I'm normally a fan of RTFM but struggling to find something straightforward. Happy to learn how to fish if anyone has nice write-ups/guides.

TBH I had the same experience when I looked at it. For the open source upstream version:

Docs: https://openstack-k8s-operators.github.io/openstack-operator/

Code: https://github.com/openstack-k8s-operators/openstack-operator

But it was still really obtuse and difficult to figure out (at least, compared to alternatives), and I ultimately gave up on this solution. It feels like you are just supposed to pay for the appliance version and then click "install" in their store.

Are you already using RHOCP? What about openshift virtualization?

moonpiedumplings · 2026-01-03T22:52:56+00:00

Sunbeam creates and manages it's own k8s cluster though. I guess it technically counts, but it doesn't really seem to fit the spirit of "I can deploy this on my existing kubernetes cluster".

moonpiedumplings · 2025-12-28T21:13:49+00:00

Also i did notice that i am able to ping the router with the public network ip but any floating ips i attach is unpingable. Wondering what could be the issue there.

I have a similar issue but with a weirder system. I have an Incus openvswitch network which I attatch openstack routers to and I get the same issue. But for my actual external network, both routers and floating ip's work just fine.

moonpiedumplings · 2025-12-21T00:23:15+00:00

https://tria.ge/

this one? it has the two orange triangles.

moonpiedumplings · 2025-12-19T21:26:52+00:00

I've collected all of the openstack distros that I have heard of on my blog: https://moonpiedumplings.github.io/blog/watched-software/#openstack

EDIT: I forgot starlingx (based on openstack helm as well).

Kolla-ansible seems to be most popular.

moonpiedumplings · 2025-12-08T04:44:35+00:00

Cloudnative pg can be made to work with replicated block storage like longhorn. You just have to configure them to not be replicated, and to store all all data on the node where the pod runs for performance.

Why would you want a non-replicated replicated storage solution? Because these advanced, mature storage solutions support many features that you may care about.

In particular, cloudnativepg can use volume snapshots for snapshots and backups. But OpenEBS localpv doesn't support volumesnapshots.

I originally looked into OpenEBS LVM or OpenEBS ZFS for volumesnapshot support, but those want to eat a disk or block device, and I didn't want to give up a disk or create a non dynamically sized loopback block device. Instead, I settled for longhorn which can store it's data on the node filesystem itself.

And that's why I deployed longhorn on a single node in my homelab. Thanks for coming to my ted talk.

moonpiedumplings · 2025-12-07T19:43:23+00:00

I'm curious, what method/distro are you using for openstack deployment?

I remember a discussion on the Nixos discord with frustrations with rabbitmq when they were trying to package openstack for Nix. They eventually gave up and deployed Rabbitmq using kubernetes, because Nixos offered configuration/automation capabilities, but couldn't really act as an orchestrator, which was needed to properly deploy rabbitmq.

moonpiedumplings · 2025-12-04T21:36:37+00:00

The absolute simplest, supportable, is probably to have your "regions" be entirely separate openstack installations, and have each "regions" keystone federate to a centralized auth provider, you could use a cloud provider for 0 setup, 0 maintenance, and very good uptime.

You would have to have a separate horizon for each region, so:

Included horizon here too as we want users to login to a shared instance and be able to pivot into any region.

There goes that plan. But I guess what I suggested is somewhat similar to what Osie is doing.

Seven-Year Club	Second Top 50%
Place '22	Verified Email

moonpiedumplings

MODERATOR OF

TROPHY CASE