Friday, April 4, 2014

A working OpenStack configuration for a single network card

 After some longer trouble to get OpenStack running on a system which just has one network card I found a proper solution. 

Here it is:

  • Install a fresh Ubuntu 12.04 LTS
  • Install bridge-utils and configure a br100 bridge on your single network card eth0
    • Here the config part for br100 in /etc/network/interfaces
# Internal Network
auto br100
iface br100 inet static
bridge_ports eth0
bridge_fd 0
bridge_hello 2
bridge_maxage 12
bridge_stp off
  •  Create a VLAN network interface on eth0 using VLAN ID 0
    • Run:
modprobe 8021q
vconfig add eth0 0
ifconfig eth0.0:1 netmask up
echo 1 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/conf/eth0/proxy_arp
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    •  This creates a eth0.0 device with the ip
  • Check that the new eth0.0 device got created with "ifconfig -a"
  • Now follow the regular Devstack instructions
    • Add a stack user with sudo permissions
    • Check out OpenStack with git
    • Create a /home/stack/devstack/localrc as following
  • Now run
su - stack
cd devstack

Shortly after that OpenStack will be up + running and you can connect to the OpenStack Horizion Dashboard at

With this network configuration this setup allows to successfully launch OpenStack instances which are then reachable from the controller.

Devstack, a documented shell script to build complete OpenStack development environments. More about Devstack at:

Sunday, February 23, 2014

Ultra secure remote access to home network with a raspberry pi

This post is about setting up an ultra secure remote access to home- (or a cooperated) network with a raspberry pi.

We have all heard of the security holes in many DSL routers. Because of that it is important to keep the firmware up2date. Anyway I personally do not really trust the "remote-access" capabilites and the eventual built-in VPN functionalities of those DSL boxes.
Still, eventually I would like to get remote access to e.g. my home network. The idea is to use a raspberry pi as secure bridge into the remote network.

Sure, we can setup VPN on the raspberry pi, anyway most raspberry related VPN howtos require a "logmein" account for an easy VPN setup. I personally prefer to use standard utilities without the need to create an account on a commercial site with all my traffic routed to that site. Also, for me pure "ssh" access is completely sufficiant. This enables the capability for remote-port-forwarding through ssh which is enough for me.

But for any "port-forwarding" on the DSL router at least one open TCP port would be required, how bad!
... but wait, here the "better" idea:

We can use an "active port forwarder" (such as "afp-server/afp-client) to forward the ssh port of the raspberry pi to a remote server (accessible in the internet) through the outgoing connection/communication. 

Here how this basically looks like : 
Please see also

The raspberry pi creates a outgoing connection (allowed through the firewall) to the remote server using "afclient". On the remote server "afserver" picks up this connection and uses it to actively foward the ssh port of the raspberry pi to a port on the remote server.

-> This setup does not even require a single open port on the DSL router!

Howto configure the raspberry pi for "Ultra secure remote access":

  1. Setup a raspberry pi with the standard raspian OS image.
  2. install "apf-client"
  3. make the apf-client (afclient is the binary name) automatically at startup.
Add the following line to /etc/rc.local

                         afclient --ignorepkeys -m 50001 --pass [secure-password] -n [remote-public-server] -p 22 --ar-start --ar-quit

I am using the port 50001 for the af-communication in this example. 
This will connect to a "afserver" on [remote-public-server] via port 50001 using a SSL encryted comminication secured by [secure-password]

Please notice:
The "--ar-start --ar-quit" parameters allowing the afclient to start even when the afserver on the remote server is not accessible or not started yet. In case the network the raspberry pi is located in does not allow direct internet access the afclient/afserver also supports tunneling the af-connection to standard http/https proxy server. For more options please check

Now the setup on the remote (public accessible) server:

  1. Install "apf-server" (afserver is the binary name)
  2. Start "afserver" to allow and pick up the connection from the client

                         afserver -m 50001 --pass [secure-password] -l 40001


This picks up the afclient on port 50001 and forwards the ssh port from the raspberry pi to port 40001 on the remote (public accessible) server using the same password as given for the afclient.

-> you can now ssh to port 40001 on the remote (public accessible) server which will login to the raspberry pi!

From there you can e.g. use "wakeuponlan" to power on systems in the remote network.

More security for this setup:

  • install "failtoban" on the raspberry pi to harden the ssh login -
  • disable "root" ssh-access to the raspberry pi and only permit to use ssh-keys (not passwords)
  • use "iptables" to secure the remote forwarded ssh port on the remote (public accessible) server.
e.g. when you start the "afserver" on the remote server run the following lines to only allow your current IP address to connect to the forwared ssh port

/sbin/iptables -A INPUT -p tcp -m tcp -s [the-IP-address-from-where-you-come-from] --dport 40001 -j ACCEPT
/sbin/iptables -A INPUT -p tcp -m tcp -s --dport 40001 -j DROP

  • only start the "afserver" when you need it. When it is not start the forwarded ssh port of the raspberry pi won't be picked up so it won't be accessible.
Links: apf-server homepage and download -

Hope its useful for you! Security IS important!

Wednesday, January 22, 2014

What a MP3 player and Cloud Computing have in common

When thinking of IaaS Cloud Computing most of the time it is like a MP3 player. You can easily let users create and start, stop and destroy their own VMs and ... not really much more.

If this is not enough for you


If you like Cloud but still would like to deploy your systems (VMs and "bare-metal") in a regular (non-AMI) way


If you are looking for 100% IT service automation including automatic highavailability, automatic monitoring, automatic backup+restore, automatic IT-documentation, automatic DNS/Network/DNS/DHCP/VLAN management, automatic out-of-band management (including Green IT), automatic application deployment and configuration etc.

... then you should take a look at the openQRM Enterprise datacenter infrastructure and IaaS Cloud Computing solution!

Compared to the MP3 player you can think of openQRM as a full featured Music-Studio application. It can play all kinds of music files (not just MP3s), it lets you record, cut, paste and re-arrange different tracks and song parts, it gives you full control and lets you adjust every bit and pinch of the songs you play and provides you with "super hero power" for your complete music collection.

openQRM Enterprise Datacenter Infrastructure is the "magic potion" for system administrators. It provides a generic Server deployment work-flow which integrates and combines common and custom system administration tools and solutions into a powerful single management console for your complete IT-service Infrastructure; from "A" as in Ansible to "Z" as in Zabbix.

On top of that openQRM Enterprise IaaS Cloud Automation turn your existing openQRM Enterprise Datacenter Infrastructure into a flexible and 100% automated private, public and hybrid Cloud Computing environment including an user-friendly "VM and Bare-Metal Server" Self-Service - no matter which virtualization, storage or network technologies you use.

More infos at

Monday, January 20, 2014

Was ein MP3-Player und Cloud Computing gemeinsam haben

Oftmals ist IaaS Cloud Computing wie ein MP3-Player. Man kann einfach Benutzern ermöglichen ihre eigenen VMs zu erstellen, zu starten/stoppen und zu entfernen ... und nicht wirklich viel mehr.

Wenn das für Sie nicht genug ist 


Wenn Sie nach einer Cloud Lösung suchen, die Ihre Systeme (VMs und "bare-metal") in einer herkömmlichen Weise (nicht AMI Image basiert) bereitstellt.


Wenn Sie es auf eine 100% automatisierte IT-Service Umgebung abgesehen haben die automatische Hochverfügbarkeit, automatische System- und Service Überwachung, automatisches Backup/Wiederherstellung , automatische IT-Dokumentation, automatisches DNS / Netzwerk / DNS / DHCP / VLAN-Management , automatisches Out-of-Band Mangement (einschließlich Green IT) und automatische Anwendungsbereitstellung und Konfiguration bietet

... dann sollten Sie einen Blick auf die openQRM Enterprise Datacenter-Infrastruktur und IaaS Cloud Computing Lösung werfen!

Im Vergleich zum MP3-Player kann man sich openQRM als voll ausgestattete Ton-Studio Musik Anwendung vorstellen, die alle Arten von Musikdateien abspielen kann und mit der man aufnehmen, zuschneiden und neu mixen kann. Es gibt Ihnen die volle Kontrolle über jedes Bit, jeden Takt und jede Note Ihrer Songs und macht Sie zum "Super Helden" Ihrer komplette Musiksammlung.

openQRM Enterprise Datacenter-Infrastruktur ist der "Zaubertrank" für Systemadministratoren. Es bietet einen generischen Server-Bereitstellungs Work-Flow der unabhängig von der Virtualisation Technologie auch physikalische Systeme ("bare-metal") voll unterstützt. Zudem beinhaltet openQRM Enterprise Datacenter-Infrastruktur eine Integration mit Standard Systemadministrations-Werkzeugen die zusammen mit eigenen Tools in einer leistungsfähigen Management-Konsole für Ihre komplette IT-Service Infrastruktur zusammengefasst werden, von "A" wie in Ansible bis "Z" wie in Zabbix.

Als Aufsatz für openQRM Enterprise Datacenter-Infrastruktur verwandelt openQRM Enterprise IaaS Cloud Datacenter Automation Ihre IT Umgebung in ein flexibles, zu 100% automatisiertes Selbstbedienungs-Portal für VM- und "bare-metal" Systeme, unabhängig welche Virtualisierungs- oder Storage-Technologie Sie verwenden.

Mehr Infos unter

(cliparts von

Wednesday, November 13, 2013

In love with my new beauty

This is my new beauty! A self-made fretless Cigar Box Guitar (CBG) built on my own from spare parts the last weeks.

And here how it sounds. Enjoy the sloppy blues impro.

Some more pictures of the my beauty

... 3 Strings are just enough!

You want to hear some really funky Cigar Box Guitar Blues sound proving that 3 strings are just enough ??

please check Justin Johnson's "Rooster Blues"

Pleae find more Informations about Cigar Box Guitars at


Sunday, July 29, 2012

Just because it IS possible ...

 ... I just booted one of our physical server here directly from the German Telekom Cloud Storage Service aka "Mediacenter". 

Wednesday, July 18, 2012

Steve Mann got physical assault by McDonald's for wearing Digital Eye Glass

Steve Mann, the father and inventor of "wearable computers" got physical assault by McDonald's for wearing Digital Eye Glass.

Mhmmm ... I used to got to MC like this
Should I worry ?

Please find a full description of my wearable computer at