From 1f27360089a6cb1a56efcf3fcc7b755d6b772d08 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Mon, 17 Oct 2011 13:20:40 -0700 Subject: [PATCH 1/4] redux of reclone --- stack.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/stack.sh b/stack.sh index a953c9e..f603ce1 100755 --- a/stack.sh +++ b/stack.sh @@ -290,6 +290,13 @@ sudo PIP_DOWNLOAD_CACHE=/var/cache/pip pip install `cat $FILES/pips/*` # be owned by the installation user, we create the directory and change the # ownership to the proper user. function git_clone { + # if there is an existing checkout, move it out of the way + if [[ "$RECLONE" == "yes" ]]; then + if [ -d $2 ]; then + mv $2 /tmp/stack.`date +%s` + fi + fi + if [ ! -d $2 ]; then sudo mkdir $2 sudo chown `whoami` $2 @@ -297,13 +304,6 @@ function git_clone { cd $2 # This checkout syntax works for both branches and tags git checkout $3 - elif [[ "$RESET_BRANCHES" == "yes" ]]; then - cd $2 - git remote set-url origin $1 - git fetch origin - git checkout origin/$3 - git branch -D $3 - git checkout -b $3 fi } From 028cad16442924a4457dcbb1a12ec9117934218d Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Mon, 17 Oct 2011 14:10:42 -0700 Subject: [PATCH 2/4] better pre-caching --- tools/build_lxc.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tools/build_lxc.sh b/tools/build_lxc.sh index 580581b..193c8f0 100755 --- a/tools/build_lxc.sh +++ b/tools/build_lxc.sh @@ -125,6 +125,7 @@ fi # Make sure that base requirements are installed chroot $CACHEDIR apt-get update chroot $CACHEDIR apt-get install -y --force-yes `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"` +chroot $CACHEDIR apt-get install -y --download-only rabbitmq-server libvirt-bin mysql-server chroot $CACHEDIR pip install `cat files/pips/*` # Clean out code repos if directed to do so @@ -141,6 +142,8 @@ git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH git_clone $DASH_REPO $CACHEDIR/$DEST/dash $DASH_BRANCH $DASH_TAG git_clone $NOVACLIENT_REPO $CACHEDIR/$DEST/python-novaclient $NOVACLIENT_BRANCH git_clone $OPENSTACKX_REPO $CACHEDIR/$DEST/openstackx $OPENSTACKX_BRANCH +git_clone $KEYSTONE_REPO $CACHEDIR/$DEST/keystone $KEYSTONE_BRANCH +git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH # Use this version of devstack? if [ "$USE_CURRENT_DEVSTACK" = "1" ]; then From 20a2caecfdce0969ab932511ef97cb8109d4e5c0 Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Mon, 17 Oct 2011 16:02:24 -0700 Subject: [PATCH 3/4] updates to exercise.sh to use some of the newer apis --- exercise.sh | 52 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 49 insertions(+), 3 deletions(-) diff --git a/exercise.sh b/exercise.sh index dc8163f..fb95fdf 100755 --- a/exercise.sh +++ b/exercise.sh @@ -82,6 +82,15 @@ glance -A $TOKEN index # Let's grab the id of the first AMI image to launch IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1` +# Security Groups +# --------------- +SECGROUP=test_secgroup + +# List of secgroups: +nova secgroup-list + +# Create a secgroup +nova secgroup-create $SECGROUP "test_secgroup description" # Flavors # ------- @@ -92,9 +101,9 @@ nova flavor-list # and grab the first flavor in the list to launch FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2` -NAME="firstpost" +NAME="myserver" -nova boot --flavor $FLAVOR --image $IMAGE $NAME +nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP # let's give it 10 seconds to launch sleep 10 @@ -113,10 +122,47 @@ ping -c1 -w1 $IP || true sleep 5 ping -c1 -w1 $IP +# allow icmp traffic +nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0 + +# List rules for a secgroup +nova secgroup-list-rules $SECGROUP + +# allocate a floating ip +nova floating-ip-create + +# store floating address +FIP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'` + +# add floating ip to our server +nova add-floating-ip $NAME $FIP + +# sleep for a smidge +sleep 1 + +# ping our fip +ping -c1 -w1 $FIP + +# dis-allow icmp traffic +nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 + +# sleep for a smidge +sleep 1 + +# ping our fip +if ( ping -c1 -w1 $FIP); then + print "Security group failure - ping should not be allowed!" + exit 1 +fi + +# de-allocate the floating ip +nova floating-ip-delete $FIP # shutdown the server nova delete $NAME +# Delete a secgroup +nova secgroup-delete $SECGROUP + # FIXME: validate shutdown within 5 seconds # (nova show $NAME returns 1 or status != ACTIVE)? - From 583bad0b14b47b8933bb417acd8893bdd4f10baa Mon Sep 17 00:00:00 2001 From: Anthony Young Date: Tue, 18 Oct 2011 08:22:30 -0700 Subject: [PATCH 4/4] minor tweaks - source stackrc/localrc for excercise.sh. Also, fix typo in build_lxc.sh --- exercise.sh | 5 ++++- tools/build_lxc.sh | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/exercise.sh b/exercise.sh index fb95fdf..f35adef 100755 --- a/exercise.sh +++ b/exercise.sh @@ -19,6 +19,9 @@ set -o xtrace # Settings # ======== +# Use stackrc and localrc for settings +source ./stackrc + HOST=${HOST:-localhost} # Nova original used project_id as the *account* that owned resources (servers, @@ -33,7 +36,7 @@ export NOVA_PROJECT_ID=${TENANT:-demo} export NOVA_USERNAME=${USERNAME:-demo} # With Keystone you pass the keystone password instead of an api key. -export NOVA_API_KEY=${PASSWORD:-secrete} +export NOVA_API_KEY=${ADMIN_PASSWORD:-secrete} # With the addition of Keystone, to use an openstack cloud you should # authenticate against keystone, which returns a **Token** and **Service diff --git a/tools/build_lxc.sh b/tools/build_lxc.sh index 193c8f0..df9e32e 100755 --- a/tools/build_lxc.sh +++ b/tools/build_lxc.sh @@ -138,7 +138,7 @@ mkdir -p $CACHEDIR/$DEST git_clone $NOVA_REPO $CACHEDIR/$DEST/nova $NOVA_BRANCH git_clone $GLANCE_REPO $CACHEDIR/$DEST/glance $GLANCE_BRANCH git_clone $KEYSTONE_REPO $CACHEDIR/$DESTkeystone $KEYSTONE_BRANCH -git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH +git_clone $NOVNC_REPO $CACHEDIR/$DEST/noVNC $NOVNC_BRANCH git_clone $DASH_REPO $CACHEDIR/$DEST/dash $DASH_BRANCH $DASH_TAG git_clone $NOVACLIENT_REPO $CACHEDIR/$DEST/python-novaclient $NOVACLIENT_BRANCH git_clone $OPENSTACKX_REPO $CACHEDIR/$DEST/openstackx $OPENSTACKX_BRANCH