Merge branch 'master' into pause

This commit is contained in:
Jesse Andrews 2011-10-27 12:15:24 -07:00
commit 093f3f5586
3 changed files with 75 additions and 25 deletions

View file

@ -82,11 +82,11 @@ nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP
# Waiting for boot # Waiting for boot
# ---------------- # ----------------
# let's give it 10 seconds to launch # check that the status is active within 10 seconds
sleep 10 if ! timeout 10 sh -c "while ! nova show $NAME | grep status | grep -q ACTIVE; do sleep 1; done"; then
echo "server didn't become active!"
# check that the status is active exit 1
nova show $NAME | grep status | grep -q ACTIVE fi
# get the IP of the server # get the IP of the server
IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
@ -94,14 +94,13 @@ IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
# for single node deployments, we can ping private ips # for single node deployments, we can ping private ips
MULTI_HOST=${MULTI_HOST:-0} MULTI_HOST=${MULTI_HOST:-0}
if [ "$MULTI_HOST" = "0" ]; then if [ "$MULTI_HOST" = "0" ]; then
# ping it once (timeout of a second)
ping -c1 -w1 $IP || true
# sometimes the first ping fails (10 seconds isn't enough time for the VM's # sometimes the first ping fails (10 seconds isn't enough time for the VM's
# network to respond?), so let's wait 5 seconds and really test ping # network to respond?), so let's ping for 15 seconds with a timeout
sleep 5 # of a second.
if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then
ping -c1 -w1 $IP echo "Couldn't ping server"
exit 1
fi
fi fi
# Security Groups & Floating IPs # Security Groups & Floating IPs
@ -122,11 +121,11 @@ FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed
# add floating ip to our server # add floating ip to our server
nova add-floating-ip $NAME $FLOATING_IP nova add-floating-ip $NAME $FLOATING_IP
# sleep for a smidge # test we can ping our floating ip within 10 seconds
sleep 5 if ! timeout 10 sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
echo "Couldn't ping server with floating ip"
# ping our floating ip exit 1
ping -c1 -w1 $FLOATING_IP fi
# pause the VM and verify we can't ping it anymore # pause the VM and verify we can't ping it anymore
nova pause $NAME nova pause $NAME
@ -148,12 +147,10 @@ ping -c1 -w1 $FLOATING_IP
# dis-allow icmp traffic (ping) # dis-allow icmp traffic (ping)
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
# sleep for a smidge # test we can aren't able to ping our floating ip within 10 seconds
sleep 5 if ! timeout 10 sh -c "while ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
# ping our floating ip
if ( ping -c1 -w1 $FLOATING_IP ); then
print "Security group failure - ping should not be allowed!" print "Security group failure - ping should not be allowed!"
echo "Couldn't ping server with floating ip"
exit 1 exit 1
fi fi

View file

@ -1 +1,47 @@
socat Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \
/bin/chown /var/lib/nova/tmp/*/root/.ssh, \
/bin/chown, \
/bin/chmod, \
/bin/dd, \
/sbin/ifconfig, \
/sbin/ip, \
/sbin/route, \
/sbin/iptables, \
/sbin/iptables-save, \
/sbin/iptables-restore, \
/sbin/ip6tables-save, \
/sbin/ip6tables-restore, \
/sbin/kpartx, \
/sbin/losetup, \
/sbin/lvcreate, \
/sbin/lvdisplay, \
/sbin/lvremove, \
/bin/mkdir, \
/bin/mount, \
/sbin/pvcreate, \
/usr/bin/tee, \
/sbin/tune2fs, \
/bin/umount, \
/sbin/vgcreate, \
/usr/bin/virsh, \
/usr/bin/qemu-nbd, \
/usr/sbin/brctl, \
/sbin/brctl, \
/usr/sbin/radvd, \
/usr/sbin/vblade-persist, \
/sbin/pvcreate, \
/sbin/aoe-discover, \
/sbin/vgcreate, \
/bin/aoe-stat, \
/bin/kill, \
/sbin/vconfig, \
/usr/sbin/ietadm, \
/sbin/vgs, \
/sbin/iscsiadm, \
/usr/bin/socat, \
/sbin/parted, \
/usr/sbin/dnsmasq, \
/usr/bin/arping
%USER% ALL = (root) NOPASSWD: SETENV: NOVACMDS

View file

@ -116,6 +116,15 @@ if [[ $EUID -eq 0 ]]; then
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
fi fi
exit 1 exit 1
else
# Our user needs passwordless priviledges for certain commands which nova
# uses internally.
# Natty uec images sudoers does not have a '#includedir'. add one.
sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova
sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova
sudo chmod 0440 /etc/sudoers.d/stack_sh_nova
fi fi
# Set the destination directories for openstack projects # Set the destination directories for openstack projects
@ -364,8 +373,6 @@ cd $DASH_DIR/openstack-dashboard; sudo python setup.py develop
# it since we are going to run the services in screen for simple # it since we are going to run the services in screen for simple
cp $FILES/screenrc ~/.screenrc cp $FILES/screenrc ~/.screenrc
## TODO: update current user to allow sudo for all commands in files/sudo/*
# Rabbit # Rabbit
# --------- # ---------