2011-09-15 02:37:10 +00:00
|
|
|
#!/usr/bin/env bash
|
|
|
|
|
|
|
|
# **exercise.sh** - using the cloud can be fun
|
|
|
|
|
|
|
|
# we will use the ``nova`` cli tool provided by the ``python-novaclient``
|
|
|
|
# package
|
2011-09-15 05:03:04 +00:00
|
|
|
#
|
2011-09-15 02:37:10 +00:00
|
|
|
|
2011-09-15 05:03:04 +00:00
|
|
|
|
2011-10-20 17:07:10 +00:00
|
|
|
# This script exits on an error so that errors don't compound and you see
|
2011-09-15 05:03:04 +00:00
|
|
|
# only the first error that occured.
|
|
|
|
set -o errexit
|
|
|
|
|
2011-10-20 17:07:10 +00:00
|
|
|
# Print the commands being run so that we can see the command that triggers
|
2011-09-15 05:03:04 +00:00
|
|
|
# an error. It is also useful for following allowing as the install occurs.
|
|
|
|
set -o xtrace
|
|
|
|
|
|
|
|
|
|
|
|
# Settings
|
|
|
|
# ========
|
2011-09-15 02:37:10 +00:00
|
|
|
|
2011-10-20 17:24:50 +00:00
|
|
|
# Use openrc + stackrc + localrc for settings
|
|
|
|
source ./openrc
|
2011-09-15 02:37:10 +00:00
|
|
|
|
2011-10-11 18:07:48 +00:00
|
|
|
# Get a token for clients that don't support service catalog
|
|
|
|
# ==========================================================
|
2011-10-16 01:37:25 +00:00
|
|
|
|
2011-10-20 17:07:10 +00:00
|
|
|
# manually create a token by querying keystone (sending JSON data). Keystone
|
2011-10-16 01:37:25 +00:00
|
|
|
# returns a token and catalog of endpoints. We use python to parse the token
|
|
|
|
# and save it.
|
|
|
|
|
2011-10-24 20:43:04 +00:00
|
|
|
TOKEN=`curl -s -d "{\"auth\":{\"passwordCredentials\": {\"username\": \"$NOVA_USERNAME\", \"password\": \"$NOVA_API_KEY\"}}}" -H "Content-type: application/json" http://$HOST_IP:5000/v2.0/tokens | python -c "import sys; import json; tok = json.loads(sys.stdin.read()); print tok['access']['token']['id'];"`
|
2011-10-11 18:07:48 +00:00
|
|
|
|
2011-09-15 05:44:50 +00:00
|
|
|
# Launching a server
|
|
|
|
# ==================
|
2011-09-15 05:03:04 +00:00
|
|
|
|
2011-09-15 05:44:50 +00:00
|
|
|
# List servers for tenant:
|
2011-09-15 02:37:10 +00:00
|
|
|
nova list
|
2011-09-15 05:44:50 +00:00
|
|
|
|
|
|
|
# Images
|
|
|
|
# ------
|
|
|
|
|
|
|
|
# Nova has a **deprecated** way of listing images.
|
|
|
|
nova image-list
|
|
|
|
|
|
|
|
# But we recommend using glance directly
|
2011-10-16 02:29:55 +00:00
|
|
|
glance -A $TOKEN index
|
2011-09-15 05:44:50 +00:00
|
|
|
|
2011-10-16 03:01:12 +00:00
|
|
|
# Let's grab the id of the first AMI image to launch
|
|
|
|
IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1`
|
|
|
|
|
2011-10-17 23:02:24 +00:00
|
|
|
# Security Groups
|
|
|
|
# ---------------
|
|
|
|
SECGROUP=test_secgroup
|
|
|
|
|
|
|
|
# List of secgroups:
|
|
|
|
nova secgroup-list
|
|
|
|
|
|
|
|
# Create a secgroup
|
|
|
|
nova secgroup-create $SECGROUP "test_secgroup description"
|
2011-10-16 03:01:12 +00:00
|
|
|
|
2011-10-24 18:29:08 +00:00
|
|
|
# determine flavor
|
|
|
|
# ----------------
|
2011-10-16 03:01:12 +00:00
|
|
|
|
|
|
|
# List of flavors:
|
|
|
|
nova flavor-list
|
|
|
|
|
|
|
|
# and grab the first flavor in the list to launch
|
|
|
|
FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2`
|
|
|
|
|
2011-10-17 23:02:24 +00:00
|
|
|
NAME="myserver"
|
2011-10-16 03:01:12 +00:00
|
|
|
|
2011-10-17 23:02:24 +00:00
|
|
|
nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP
|
2011-10-16 03:01:12 +00:00
|
|
|
|
2011-10-24 18:29:08 +00:00
|
|
|
# Testing
|
|
|
|
# =======
|
|
|
|
|
|
|
|
# First check if it spins up (becomes active and responds to ping on
|
|
|
|
# internal ip). If you run this script from a nova node, you should
|
|
|
|
# bypass security groups and have direct access to the server.
|
|
|
|
|
|
|
|
# Waiting for boot
|
|
|
|
# ----------------
|
|
|
|
|
2011-10-27 04:23:20 +00:00
|
|
|
# let's give it 5 seconds to launch
|
|
|
|
sleep 5
|
2011-10-16 03:01:12 +00:00
|
|
|
|
|
|
|
# check that the status is active
|
|
|
|
nova show $NAME | grep status | grep -q ACTIVE
|
|
|
|
|
|
|
|
# get the IP of the server
|
|
|
|
IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
|
|
|
|
|
2011-10-25 05:58:14 +00:00
|
|
|
# for single node deployments, we can ping private ips
|
|
|
|
MULTI_HOST=${MULTI_HOST:-0}
|
2011-10-26 15:45:02 +00:00
|
|
|
if [ "$MULTI_HOST" = "0" ]; then
|
2011-10-25 05:58:14 +00:00
|
|
|
# sometimes the first ping fails (10 seconds isn't enough time for the VM's
|
2011-10-27 04:23:20 +00:00
|
|
|
# network to respond?), so let's for 15 seconds pinging with a timeout
|
|
|
|
# of a second.
|
|
|
|
if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then
|
|
|
|
echo "Couldn't ping server"
|
|
|
|
exit 1
|
|
|
|
fi
|
2011-10-25 05:58:14 +00:00
|
|
|
fi
|
2011-10-24 18:29:08 +00:00
|
|
|
|
|
|
|
# Security Groups & Floating IPs
|
|
|
|
# ------------------------------
|
|
|
|
|
|
|
|
# allow icmp traffic (ping)
|
2011-10-17 23:02:24 +00:00
|
|
|
nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0
|
|
|
|
|
|
|
|
# List rules for a secgroup
|
|
|
|
nova secgroup-list-rules $SECGROUP
|
|
|
|
|
|
|
|
# allocate a floating ip
|
|
|
|
nova floating-ip-create
|
|
|
|
|
|
|
|
# store floating address
|
2011-10-24 18:29:08 +00:00
|
|
|
FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'`
|
2011-10-17 23:02:24 +00:00
|
|
|
|
|
|
|
# add floating ip to our server
|
2011-10-24 18:29:08 +00:00
|
|
|
nova add-floating-ip $NAME $FLOATING_IP
|
2011-10-17 23:02:24 +00:00
|
|
|
|
|
|
|
# sleep for a smidge
|
2011-10-25 07:34:35 +00:00
|
|
|
sleep 5
|
2011-10-17 23:02:24 +00:00
|
|
|
|
2011-10-24 18:29:08 +00:00
|
|
|
# ping our floating ip
|
|
|
|
ping -c1 -w1 $FLOATING_IP
|
2011-10-17 23:02:24 +00:00
|
|
|
|
2011-10-24 18:29:08 +00:00
|
|
|
# dis-allow icmp traffic (ping)
|
2011-10-17 23:02:24 +00:00
|
|
|
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
|
|
|
|
|
|
|
|
# sleep for a smidge
|
2011-10-25 07:34:35 +00:00
|
|
|
sleep 5
|
2011-10-17 23:02:24 +00:00
|
|
|
|
2011-10-24 18:29:08 +00:00
|
|
|
# ping our floating ip
|
|
|
|
if ( ping -c1 -w1 $FLOATING_IP ); then
|
2011-10-17 23:02:24 +00:00
|
|
|
print "Security group failure - ping should not be allowed!"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
|
|
|
|
# de-allocate the floating ip
|
2011-10-24 18:29:08 +00:00
|
|
|
nova floating-ip-delete $FLOATING_IP
|
2011-10-16 03:01:12 +00:00
|
|
|
|
|
|
|
# shutdown the server
|
|
|
|
nova delete $NAME
|
|
|
|
|
2011-10-17 23:02:24 +00:00
|
|
|
# Delete a secgroup
|
|
|
|
nova secgroup-delete $SECGROUP
|
|
|
|
|
2011-10-20 17:07:10 +00:00
|
|
|
# FIXME: validate shutdown within 5 seconds
|
2011-10-16 03:01:12 +00:00
|
|
|
# (nova show $NAME returns 1 or status != ACTIVE)?
|
2011-10-24 23:05:57 +00:00
|
|
|
|
|
|
|
# Testing Euca2ools
|
|
|
|
# ==================
|
|
|
|
|
|
|
|
# make sure that we can describe instances
|
|
|
|
euca-describe-instances
|