@@ -19,6 +19,9 @@ set -o xtrace

 # Settings

 # ========

+# Use stackrc and localrc for settings

+source ./stackrc

+

 HOST=${HOST:-localhost}

 # Nova original used project_id as the *account* that owned resources (servers,

@@ -33,7 +36,7 @@ export NOVA_PROJECT_ID=${TENANT:-demo}

 export NOVA_USERNAME=${USERNAME:-demo}

 # With Keystone you pass the keystone password instead of an api key.

-export NOVA_API_KEY=${PASSWORD:-secrete}

+export NOVA_API_KEY=${ADMIN_PASSWORD:-secrete}

 # With the addition of Keystone, to use an openstack cloud you should 

 # authenticate against keystone, which returns a **Token** and **Service 

@@ -82,6 +85,15 @@ glance -A $TOKEN index

 # Let's grab the id of the first AMI image to launch

 IMAGE=`glance -A $TOKEN index | egrep ami | cut -d" " -f1`

+# Security Groups

+# ---------------

+SECGROUP=test_secgroup

+

+# List of secgroups:

+nova secgroup-list

+

+# Create a secgroup

+nova secgroup-create $SECGROUP "test_secgroup description"

 # Flavors

 # -------

@@ -92,9 +104,9 @@ nova flavor-list

 # and grab the first flavor in the list to launch

 FLAVOR=`nova flavor-list | head -n 4 | tail -n 1 | cut -d"|" -f2`

-NAME="firstpost"

+NAME="myserver"

-nova boot --flavor $FLAVOR --image $IMAGE $NAME

+nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP

 # let's give it 10 seconds to launch

 sleep 10

@@ -113,10 +125,47 @@ ping -c1 -w1 $IP || true

 sleep 5

 ping -c1 -w1 $IP 

+# allow icmp traffic

+nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0

+

+# List rules for a secgroup

+nova secgroup-list-rules $SECGROUP

+

+# allocate a floating ip

+nova floating-ip-create

+

+# store  floating address

+FIP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'`

+

+# add floating ip to our server

+nova add-floating-ip $NAME $FIP

+

+# sleep for a smidge

+sleep 1

+

+# ping our fip

+ping -c1 -w1 $FIP

+

+# dis-allow icmp traffic

+nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0

+

+# sleep for a smidge

+sleep 1

+

+# ping our fip

+if ( ping -c1 -w1 $FIP); then

+    print "Security group failure - ping should not be allowed!"

+    exit 1

+fi

+

+# de-allocate the floating ip

+nova floating-ip-delete $FIP

 # shutdown the server

 nova delete $NAME

+# Delete a secgroup

+nova secgroup-delete $SECGROUP

+

 # FIXME: validate shutdown within 5 seconds 

 # (nova show $NAME returns 1 or status != ACTIVE)?

-

@@ -290,6 +290,13 @@ sudo PIP_DOWNLOAD_CACHE=/var/cache/pip pip install `cat $FILES/pips/*`

 # be owned by the installation user, we create the directory and change the

 # ownership to the proper user.

 function git_clone {

+    # if there is an existing checkout, move it out of the way

+    if [[ "$RECLONE" == "yes" ]]; then

+        if [ -d $2 ]; then

+            mv $2 /tmp/stack.`date +%s`

+        fi

+    fi

+

     if [ ! -d $2 ]; then

         sudo mkdir $2

         sudo chown `whoami` $2

@@ -297,13 +304,6 @@ function git_clone {

         cd $2

         # This checkout syntax works for both branches and tags

         git checkout $3

-    elif [[ "$RESET_BRANCHES" == "yes" ]]; then

-        cd $2

-        git remote set-url origin $1

-        git fetch origin

-        git checkout origin/$3

-        git branch -D $3

-        git checkout -b $3

     fi

 }

@@ -125,6 +125,7 @@ fi

 # Make sure that base requirements are installed

 chroot $CACHEDIR apt-get update

 chroot $CACHEDIR apt-get install -y --force-yes `cat files/apts/* | cut -d\# -f1 | egrep -v "(rabbitmq|libvirt-bin|mysql-server)"`

+chroot $CACHEDIR apt-get install -y --download-only rabbitmq-server libvirt-bin mysql-server

 chroot $CACHEDIR pip install `cat files/pips/*`

 # Clean out code repos if directed to do so

@@ -137,10 +138,12 @@ mkdir -p $CACHEDIR/$DEST

 git_clone $NOVA_REPO $CACHEDIR/$DEST/nova $NOVA_BRANCH

 git_clone $GLANCE_REPO $CACHEDIR/$DEST/glance $GLANCE_BRANCH

 git_clone $KEYSTONE_REPO $CACHEDIR/$DESTkeystone $KEYSTONE_BRANCH

-git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH

+git_clone $NOVNC_REPO $CACHEDIR/$DEST/noVNC $NOVNC_BRANCH

 git_clone $DASH_REPO $CACHEDIR/$DEST/dash $DASH_BRANCH $DASH_TAG

 git_clone $NOVACLIENT_REPO $CACHEDIR/$DEST/python-novaclient $NOVACLIENT_BRANCH

 git_clone $OPENSTACKX_REPO $CACHEDIR/$DEST/openstackx $OPENSTACKX_BRANCH

+git_clone $KEYSTONE_REPO $CACHEDIR/$DEST/keystone $KEYSTONE_BRANCH

+git_clone $NOVNC_REPO $CACHEDIR/$DEST/novnc $NOVNC_BRANCH

 # Use this version of devstack?

 if [ "$USE_CURRENT_DEVSTACK" = "1" ]; then