Merge branch 'master' into pause
This commit is contained in:
commit
093f3f5586
3 changed files with 75 additions and 25 deletions
41
exercise.sh
41
exercise.sh
|
@ -82,11 +82,11 @@ nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP
|
||||||
# Waiting for boot
|
# Waiting for boot
|
||||||
# ----------------
|
# ----------------
|
||||||
|
|
||||||
# let's give it 10 seconds to launch
|
# check that the status is active within 10 seconds
|
||||||
sleep 10
|
if ! timeout 10 sh -c "while ! nova show $NAME | grep status | grep -q ACTIVE; do sleep 1; done"; then
|
||||||
|
echo "server didn't become active!"
|
||||||
# check that the status is active
|
exit 1
|
||||||
nova show $NAME | grep status | grep -q ACTIVE
|
fi
|
||||||
|
|
||||||
# get the IP of the server
|
# get the IP of the server
|
||||||
IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
|
IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
|
||||||
|
@ -94,14 +94,13 @@ IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
|
||||||
# for single node deployments, we can ping private ips
|
# for single node deployments, we can ping private ips
|
||||||
MULTI_HOST=${MULTI_HOST:-0}
|
MULTI_HOST=${MULTI_HOST:-0}
|
||||||
if [ "$MULTI_HOST" = "0" ]; then
|
if [ "$MULTI_HOST" = "0" ]; then
|
||||||
# ping it once (timeout of a second)
|
|
||||||
ping -c1 -w1 $IP || true
|
|
||||||
|
|
||||||
# sometimes the first ping fails (10 seconds isn't enough time for the VM's
|
# sometimes the first ping fails (10 seconds isn't enough time for the VM's
|
||||||
# network to respond?), so let's wait 5 seconds and really test ping
|
# network to respond?), so let's ping for 15 seconds with a timeout
|
||||||
sleep 5
|
# of a second.
|
||||||
|
if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then
|
||||||
ping -c1 -w1 $IP
|
echo "Couldn't ping server"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Security Groups & Floating IPs
|
# Security Groups & Floating IPs
|
||||||
|
@ -122,11 +121,11 @@ FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed
|
||||||
# add floating ip to our server
|
# add floating ip to our server
|
||||||
nova add-floating-ip $NAME $FLOATING_IP
|
nova add-floating-ip $NAME $FLOATING_IP
|
||||||
|
|
||||||
# sleep for a smidge
|
# test we can ping our floating ip within 10 seconds
|
||||||
sleep 5
|
if ! timeout 10 sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
|
||||||
|
echo "Couldn't ping server with floating ip"
|
||||||
# ping our floating ip
|
exit 1
|
||||||
ping -c1 -w1 $FLOATING_IP
|
fi
|
||||||
|
|
||||||
# pause the VM and verify we can't ping it anymore
|
# pause the VM and verify we can't ping it anymore
|
||||||
nova pause $NAME
|
nova pause $NAME
|
||||||
|
@ -148,12 +147,10 @@ ping -c1 -w1 $FLOATING_IP
|
||||||
# dis-allow icmp traffic (ping)
|
# dis-allow icmp traffic (ping)
|
||||||
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
|
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
|
||||||
|
|
||||||
# sleep for a smidge
|
# test we can aren't able to ping our floating ip within 10 seconds
|
||||||
sleep 5
|
if ! timeout 10 sh -c "while ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
|
||||||
|
|
||||||
# ping our floating ip
|
|
||||||
if ( ping -c1 -w1 $FLOATING_IP ); then
|
|
||||||
print "Security group failure - ping should not be allowed!"
|
print "Security group failure - ping should not be allowed!"
|
||||||
|
echo "Couldn't ping server with floating ip"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
@ -1 +1,47 @@
|
||||||
socat
|
Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \
|
||||||
|
/bin/chown /var/lib/nova/tmp/*/root/.ssh, \
|
||||||
|
/bin/chown, \
|
||||||
|
/bin/chmod, \
|
||||||
|
/bin/dd, \
|
||||||
|
/sbin/ifconfig, \
|
||||||
|
/sbin/ip, \
|
||||||
|
/sbin/route, \
|
||||||
|
/sbin/iptables, \
|
||||||
|
/sbin/iptables-save, \
|
||||||
|
/sbin/iptables-restore, \
|
||||||
|
/sbin/ip6tables-save, \
|
||||||
|
/sbin/ip6tables-restore, \
|
||||||
|
/sbin/kpartx, \
|
||||||
|
/sbin/losetup, \
|
||||||
|
/sbin/lvcreate, \
|
||||||
|
/sbin/lvdisplay, \
|
||||||
|
/sbin/lvremove, \
|
||||||
|
/bin/mkdir, \
|
||||||
|
/bin/mount, \
|
||||||
|
/sbin/pvcreate, \
|
||||||
|
/usr/bin/tee, \
|
||||||
|
/sbin/tune2fs, \
|
||||||
|
/bin/umount, \
|
||||||
|
/sbin/vgcreate, \
|
||||||
|
/usr/bin/virsh, \
|
||||||
|
/usr/bin/qemu-nbd, \
|
||||||
|
/usr/sbin/brctl, \
|
||||||
|
/sbin/brctl, \
|
||||||
|
/usr/sbin/radvd, \
|
||||||
|
/usr/sbin/vblade-persist, \
|
||||||
|
/sbin/pvcreate, \
|
||||||
|
/sbin/aoe-discover, \
|
||||||
|
/sbin/vgcreate, \
|
||||||
|
/bin/aoe-stat, \
|
||||||
|
/bin/kill, \
|
||||||
|
/sbin/vconfig, \
|
||||||
|
/usr/sbin/ietadm, \
|
||||||
|
/sbin/vgs, \
|
||||||
|
/sbin/iscsiadm, \
|
||||||
|
/usr/bin/socat, \
|
||||||
|
/sbin/parted, \
|
||||||
|
/usr/sbin/dnsmasq, \
|
||||||
|
/usr/bin/arping
|
||||||
|
|
||||||
|
%USER% ALL = (root) NOPASSWD: SETENV: NOVACMDS
|
||||||
|
|
||||||
|
|
11
stack.sh
11
stack.sh
|
@ -116,6 +116,15 @@ if [[ $EUID -eq 0 ]]; then
|
||||||
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
|
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
|
||||||
fi
|
fi
|
||||||
exit 1
|
exit 1
|
||||||
|
else
|
||||||
|
# Our user needs passwordless priviledges for certain commands which nova
|
||||||
|
# uses internally.
|
||||||
|
# Natty uec images sudoers does not have a '#includedir'. add one.
|
||||||
|
sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
|
||||||
|
echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
|
||||||
|
sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova
|
||||||
|
sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova
|
||||||
|
sudo chmod 0440 /etc/sudoers.d/stack_sh_nova
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set the destination directories for openstack projects
|
# Set the destination directories for openstack projects
|
||||||
|
@ -364,8 +373,6 @@ cd $DASH_DIR/openstack-dashboard; sudo python setup.py develop
|
||||||
# it since we are going to run the services in screen for simple
|
# it since we are going to run the services in screen for simple
|
||||||
cp $FILES/screenrc ~/.screenrc
|
cp $FILES/screenrc ~/.screenrc
|
||||||
|
|
||||||
## TODO: update current user to allow sudo for all commands in files/sudo/*
|
|
||||||
|
|
||||||
# Rabbit
|
# Rabbit
|
||||||
# ---------
|
# ---------
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue