... | ... |
@@ -59,8 +59,8 @@ nova secgroup-list |
59 | 59 |
# Create a secgroup |
60 | 60 |
nova secgroup-create $SECGROUP "test_secgroup description" |
61 | 61 |
|
62 |
-# Flavors |
|
63 |
-# ------- |
|
62 |
+# determine flavor |
|
63 |
+# ---------------- |
|
64 | 64 |
|
65 | 65 |
# List of flavors: |
66 | 66 |
nova flavor-list |
... | ... |
@@ -72,6 +72,16 @@ NAME="myserver" |
72 | 72 |
|
73 | 73 |
nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP |
74 | 74 |
|
75 |
+# Testing |
|
76 |
+# ======= |
|
77 |
+ |
|
78 |
+# First check if it spins up (becomes active and responds to ping on |
|
79 |
+# internal ip). If you run this script from a nova node, you should |
|
80 |
+# bypass security groups and have direct access to the server. |
|
81 |
+ |
|
82 |
+# Waiting for boot |
|
83 |
+# ---------------- |
|
84 |
+ |
|
75 | 85 |
# let's give it 10 seconds to launch |
76 | 86 |
sleep 10 |
77 | 87 |
|
... | ... |
@@ -89,7 +99,11 @@ ping -c1 -w1 $IP || true |
89 | 89 |
sleep 5 |
90 | 90 |
|
91 | 91 |
ping -c1 -w1 $IP |
92 |
-# allow icmp traffic |
|
92 |
+ |
|
93 |
+# Security Groups & Floating IPs |
|
94 |
+# ------------------------------ |
|
95 |
+ |
|
96 |
+# allow icmp traffic (ping) |
|
93 | 97 |
nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0 |
94 | 98 |
|
95 | 99 |
# List rules for a secgroup |
... | ... |
@@ -99,31 +113,31 @@ nova secgroup-list-rules $SECGROUP |
99 | 99 |
nova floating-ip-create |
100 | 100 |
|
101 | 101 |
# store floating address |
102 |
-FIP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'` |
|
102 |
+FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'` |
|
103 | 103 |
|
104 | 104 |
# add floating ip to our server |
105 |
-nova add-floating-ip $NAME $FIP |
|
105 |
+nova add-floating-ip $NAME $FLOATING_IP |
|
106 | 106 |
|
107 | 107 |
# sleep for a smidge |
108 | 108 |
sleep 1 |
109 | 109 |
|
110 |
-# ping our fip |
|
111 |
-ping -c1 -w1 $FIP |
|
110 |
+# ping our floating ip |
|
111 |
+ping -c1 -w1 $FLOATING_IP |
|
112 | 112 |
|
113 |
-# dis-allow icmp traffic |
|
113 |
+# dis-allow icmp traffic (ping) |
|
114 | 114 |
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 |
115 | 115 |
|
116 | 116 |
# sleep for a smidge |
117 | 117 |
sleep 1 |
118 | 118 |
|
119 |
-# ping our fip |
|
120 |
-if ( ping -c1 -w1 $FIP); then |
|
119 |
+# ping our floating ip |
|
120 |
+if ( ping -c1 -w1 $FLOATING_IP ); then |
|
121 | 121 |
print "Security group failure - ping should not be allowed!" |
122 | 122 |
exit 1 |
123 | 123 |
fi |
124 | 124 |
|
125 | 125 |
# de-allocate the floating ip |
126 |
-nova floating-ip-delete $FIP |
|
126 |
+nova floating-ip-delete $FLOATING_IP |
|
127 | 127 |
|
128 | 128 |
# shutdown the server |
129 | 129 |
nova delete $NAME |