... | ... |
@@ -82,11 +82,11 @@ nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP |
82 | 82 |
# Waiting for boot |
83 | 83 |
# ---------------- |
84 | 84 |
|
85 |
-# let's give it 10 seconds to launch |
|
86 |
-sleep 10 |
|
87 |
- |
|
88 |
-# check that the status is active |
|
89 |
-nova show $NAME | grep status | grep -q ACTIVE |
|
85 |
+# check that the status is active within 10 seconds |
|
86 |
+if ! timeout 10 sh -c "while ! nova show $NAME | grep status | grep -q ACTIVE; do sleep 1; done"; then |
|
87 |
+ echo "server didn't become active!" |
|
88 |
+ exit 1 |
|
89 |
+fi |
|
90 | 90 |
|
91 | 91 |
# get the IP of the server |
92 | 92 |
IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` |
... | ... |
@@ -94,14 +94,13 @@ IP=`nova show $NAME | grep "private network" | cut -d"|" -f3` |
94 | 94 |
# for single node deployments, we can ping private ips |
95 | 95 |
MULTI_HOST=${MULTI_HOST:-0} |
96 | 96 |
if [ "$MULTI_HOST" = "0" ]; then |
97 |
- # ping it once (timeout of a second) |
|
98 |
- ping -c1 -w1 $IP || true |
|
99 |
- |
|
100 | 97 |
# sometimes the first ping fails (10 seconds isn't enough time for the VM's |
101 |
- # network to respond?), so let's wait 5 seconds and really test ping |
|
102 |
- sleep 5 |
|
103 |
- |
|
104 |
- ping -c1 -w1 $IP |
|
98 |
+ # network to respond?), so let's ping for 15 seconds with a timeout |
|
99 |
+ # of a second. |
|
100 |
+ if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then |
|
101 |
+ echo "Couldn't ping server" |
|
102 |
+ exit 1 |
|
103 |
+ fi |
|
105 | 104 |
fi |
106 | 105 |
|
107 | 106 |
# Security Groups & Floating IPs |
... | ... |
@@ -122,11 +121,11 @@ FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed |
122 | 122 |
# add floating ip to our server |
123 | 123 |
nova add-floating-ip $NAME $FLOATING_IP |
124 | 124 |
|
125 |
-# sleep for a smidge |
|
126 |
-sleep 5 |
|
127 |
- |
|
128 |
-# ping our floating ip |
|
129 |
-ping -c1 -w1 $FLOATING_IP |
|
125 |
+# test we can ping our floating ip within 10 seconds |
|
126 |
+if ! timeout 10 sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then |
|
127 |
+ echo "Couldn't ping server with floating ip" |
|
128 |
+ exit 1 |
|
129 |
+fi |
|
130 | 130 |
|
131 | 131 |
# pause the VM and verify we can't ping it anymore |
132 | 132 |
nova pause $NAME |
... | ... |
@@ -148,12 +147,10 @@ ping -c1 -w1 $FLOATING_IP |
148 | 148 |
# dis-allow icmp traffic (ping) |
149 | 149 |
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 |
150 | 150 |
|
151 |
-# sleep for a smidge |
|
152 |
-sleep 5 |
|
153 |
- |
|
154 |
-# ping our floating ip |
|
155 |
-if ( ping -c1 -w1 $FLOATING_IP ); then |
|
151 |
+# test we can aren't able to ping our floating ip within 10 seconds |
|
152 |
+if ! timeout 10 sh -c "while ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then |
|
156 | 153 |
print "Security group failure - ping should not be allowed!" |
154 |
+ echo "Couldn't ping server with floating ip" |
|
157 | 155 |
exit 1 |
158 | 156 |
fi |
159 | 157 |
|
... | ... |
@@ -1 +1,47 @@ |
1 |
-socat |
|
1 |
+Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \ |
|
2 |
+ /bin/chown /var/lib/nova/tmp/*/root/.ssh, \ |
|
3 |
+ /bin/chown, \ |
|
4 |
+ /bin/chmod, \ |
|
5 |
+ /bin/dd, \ |
|
6 |
+ /sbin/ifconfig, \ |
|
7 |
+ /sbin/ip, \ |
|
8 |
+ /sbin/route, \ |
|
9 |
+ /sbin/iptables, \ |
|
10 |
+ /sbin/iptables-save, \ |
|
11 |
+ /sbin/iptables-restore, \ |
|
12 |
+ /sbin/ip6tables-save, \ |
|
13 |
+ /sbin/ip6tables-restore, \ |
|
14 |
+ /sbin/kpartx, \ |
|
15 |
+ /sbin/losetup, \ |
|
16 |
+ /sbin/lvcreate, \ |
|
17 |
+ /sbin/lvdisplay, \ |
|
18 |
+ /sbin/lvremove, \ |
|
19 |
+ /bin/mkdir, \ |
|
20 |
+ /bin/mount, \ |
|
21 |
+ /sbin/pvcreate, \ |
|
22 |
+ /usr/bin/tee, \ |
|
23 |
+ /sbin/tune2fs, \ |
|
24 |
+ /bin/umount, \ |
|
25 |
+ /sbin/vgcreate, \ |
|
26 |
+ /usr/bin/virsh, \ |
|
27 |
+ /usr/bin/qemu-nbd, \ |
|
28 |
+ /usr/sbin/brctl, \ |
|
29 |
+ /sbin/brctl, \ |
|
30 |
+ /usr/sbin/radvd, \ |
|
31 |
+ /usr/sbin/vblade-persist, \ |
|
32 |
+ /sbin/pvcreate, \ |
|
33 |
+ /sbin/aoe-discover, \ |
|
34 |
+ /sbin/vgcreate, \ |
|
35 |
+ /bin/aoe-stat, \ |
|
36 |
+ /bin/kill, \ |
|
37 |
+ /sbin/vconfig, \ |
|
38 |
+ /usr/sbin/ietadm, \ |
|
39 |
+ /sbin/vgs, \ |
|
40 |
+ /sbin/iscsiadm, \ |
|
41 |
+ /usr/bin/socat, \ |
|
42 |
+ /sbin/parted, \ |
|
43 |
+ /usr/sbin/dnsmasq, \ |
|
44 |
+ /usr/bin/arping |
|
45 |
+ |
|
46 |
+%USER% ALL = (root) NOPASSWD: SETENV: NOVACMDS |
|
47 |
+ |
... | ... |
@@ -116,6 +116,15 @@ if [[ $EUID -eq 0 ]]; then |
116 | 116 |
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack |
117 | 117 |
fi |
118 | 118 |
exit 1 |
119 |
+else |
|
120 |
+ # Our user needs passwordless priviledges for certain commands which nova |
|
121 |
+ # uses internally. |
|
122 |
+ # Natty uec images sudoers does not have a '#includedir'. add one. |
|
123 |
+ sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers || |
|
124 |
+ echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers |
|
125 |
+ sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova |
|
126 |
+ sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova |
|
127 |
+ sudo chmod 0440 /etc/sudoers.d/stack_sh_nova |
|
119 | 128 |
fi |
120 | 129 |
|
121 | 130 |
# Set the destination directories for openstack projects |
... | ... |
@@ -364,8 +373,6 @@ cd $DASH_DIR/openstack-dashboard; sudo python setup.py develop |
364 | 364 |
# it since we are going to run the services in screen for simple |
365 | 365 |
cp $FILES/screenrc ~/.screenrc |
366 | 366 |
|
367 |
-## TODO: update current user to allow sudo for all commands in files/sudo/* |
|
368 |
- |
|
369 | 367 |
# Rabbit |
370 | 368 |
# --------- |
371 | 369 |
|