diff --git a/exercise.sh b/exercise.sh index dc8163f..f35adef 100755 --- a/exercise.sh +++ b/exercise.sh @@ -19,6 +19,9 @@ set -o xtrace # Settings # ======== +# Use stackrc and localrc for settings +source ./stackrc + HOST=${HOST:-localhost} # Nova original used project_id as the *account* that owned resources (servers, @@ -33,7 +36,7 @@ export NOVA_PROJECT_ID=${TENANT:-demo} export NOVA_USERNAME=${USERNAME:-demo} # With Keystone you pass the keystone password instead of an api key. -export NOVA_API_KEY=${PASSWORD:-secrete} +export NOVA_API_KEY=${ADMIN_PASSWORD:-secrete} # With the addition of Keystone, to use an openstack cloud you should # authenticate against keystone, which returns a **Token** and **Service @@ -82,6 +85,15 @@ glance -A $TOKEN index # Let's grab the id of the first AMI image to launch IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1` +# Security Groups +# --------------- +SECGROUP=test_secgroup + +# List of secgroups: +nova secgroup-list + +# Create a secgroup +nova secgroup-create $SECGROUP "test_secgroup description" # Flavors # ------- @@ -92,9 +104,9 @@ nova flavor-list # and grab the first flavor in the list to launch FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2` -NAME="firstpost" +NAME="myserver" -nova boot --flavor $FLAVOR --image $IMAGE $NAME +nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP # let's give it 10 seconds to launch sleep 10 @@ -113,10 +125,47 @@ ping -c1 -w1 $IP || true sleep 5 ping -c1 -w1 $IP +# allow icmp traffic +nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0 + +# List rules for a secgroup +nova secgroup-list-rules $SECGROUP + +# allocate a floating ip +nova floating-ip-create + +# store floating address +FIP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'` + +# add floating ip to our server +nova add-floating-ip $NAME $FIP + +# sleep for a smidge +sleep 1 + +# ping our fip +ping -c1 -w1 $FIP + +# dis-allow icmp traffic +nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 + +# sleep for a smidge +sleep 1 + +# ping our fip +if ( ping -c1 -w1 $FIP); then + print "Security group failure - ping should not be allowed!" + exit 1 +fi + +# de-allocate the floating ip +nova floating-ip-delete $FIP # shutdown the server nova delete $NAME +# Delete a secgroup +nova secgroup-delete $SECGROUP + # FIXME: validate shutdown within 5 seconds # (nova show $NAME returns 1 or status != ACTIVE)? - diff --git a/stack.sh b/stack.sh index a953c9e..f603ce1 100755 --- a/stack.sh +++ b/stack.sh @@ -290,6 +290,13 @@ sudo PIP_DOWNLOAD_CACHE=/var/cache/pip pip install `cat $FILES/pips/*` # be owned by the installation user, we create the directory and change the # ownership to the proper user. function git_clone { + # if there is an existing checkout, move it out of the way + if [[ "$RECLONE" == "yes" ]]; then + if [ -d $2 ]; then + mv $2 /tmp/stack.`date +%s` + fi + fi + if [ ! -d $2 ]; then sudo mkdir $2 sudo chown `whoami` $2 @@ -297,13 +304,6 @@ function git_clone { cd $2 # This checkout syntax works for both branches and tags git checkout $3 - elif [[ "$RESET_BRANCHES" == "yes" ]]; then - cd $2 - git remote set-url origin $1 - git fetch origin - git checkout origin/$3 - git branch -D $3 - git checkout -b $3 fi } diff --git a/tools/build_lxc.sh b/tools/build_lxc.sh index 580581b..df9e32e 100755 --- a/tools/build_lxc.sh +++ b/tools/build_lxc.sh @@ -125,6 +125,7 @@ fi # Make sure that base requirements are installed chroot $CACHEDIR apt-get update chroot $CACHEDIR apt-get install -y --force-yes `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"` +chroot $CACHEDIR apt-get install -y --download-only rabbitmq-server libvirt-bin mysql-server chroot $CACHEDIR pip install `cat files/pips/*` # Clean out code repos if directed to do so @@ -137,10 +138,12 @@ mkdir -p $CACHEDIR/$DEST git_clone $NOVA_REPO $CACHEDIR/$DEST/nova $NOVA_BRANCH git_clone $GLANCE_REPO $CACHEDIR/$DEST/glance $GLANCE_BRANCH git_clone $KEYSTONE_REPO $CACHEDIR/$DESTkeystone $KEYSTONE_BRANCH -git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH +git_clone $NOVNC_REPO $CACHEDIR/$DEST/noVNC $NOVNC_BRANCH git_clone $DASH_REPO $CACHEDIR/$DEST/dash $DASH_BRANCH $DASH_TAG git_clone $NOVACLIENT_REPO $CACHEDIR/$DEST/python-novaclient $NOVACLIENT_BRANCH git_clone $OPENSTACKX_REPO $CACHEDIR/$DEST/openstackx $OPENSTACKX_BRANCH +git_clone $KEYSTONE_REPO $CACHEDIR/$DEST/keystone $KEYSTONE_BRANCH +git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH # Use this version of devstack? if [ "$USE_CURRENT_DEVSTACK" = "1" ]; then