Browse code
added sec_groups exercise
Change-Id: Ib969efab4ef4c408fa59a44eff25d2c4ac56d024
Ben Andrews authored on 2012/04/05 03:43:32Showing 1 changed files
| 1 | 1 |
new file mode 100755 |
| ... | ... |
@@ -0,0 +1,74 @@ |
| 0 |
+#!/usr/bin/env bash |
|
| 1 |
+ |
|
| 2 |
+# **sec_groups.sh** |
|
| 3 |
+ |
|
| 4 |
+# Test security groups via the command line tools that ship with it. |
|
| 5 |
+ |
|
| 6 |
+echo "*********************************************************************" |
|
| 7 |
+echo "Begin DevStack Exercise: $0" |
|
| 8 |
+echo "*********************************************************************" |
|
| 9 |
+ |
|
| 10 |
+# This script exits on an error so that errors don't compound and you see |
|
| 11 |
+# only the first error that occured. |
|
| 12 |
+set -o errexit |
|
| 13 |
+ |
|
| 14 |
+# Print the commands being run so that we can see the command that triggers |
|
| 15 |
+# an error. It is also useful for following allowing as the install occurs. |
|
| 16 |
+set -o xtrace |
|
| 17 |
+ |
|
| 18 |
+ |
|
| 19 |
+# Settings |
|
| 20 |
+# ======== |
|
| 21 |
+ |
|
| 22 |
+# Keep track of the current directory |
|
| 23 |
+EXERCISE_DIR=$(cd $(dirname "$0") && pwd) |
|
| 24 |
+TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) |
|
| 25 |
+ |
|
| 26 |
+# Import common functions |
|
| 27 |
+source $TOP_DIR/functions |
|
| 28 |
+ |
|
| 29 |
+# Import configuration |
|
| 30 |
+source $TOP_DIR/openrc |
|
| 31 |
+ |
|
| 32 |
+# Import exercise configuration |
|
| 33 |
+source $TOP_DIR/exerciserc |
|
| 34 |
+ |
|
| 35 |
+ |
|
| 36 |
+# Testing Security Groups |
|
| 37 |
+# ============= |
|
| 38 |
+ |
|
| 39 |
+# List security groups |
|
| 40 |
+nova secgroup-list |
|
| 41 |
+ |
|
| 42 |
+# Create random name for new sec group and create secgroup of said name |
|
| 43 |
+SEC_GROUP_NAME="sec-group-$(openssl rand -hex 4)" |
|
| 44 |
+nova secgroup-create $SEC_GROUP_NAME 'a test security group' |
|
| 45 |
+ |
|
| 46 |
+# Add some rules to the secgroup |
|
| 47 |
+RULES_TO_ADD=( 22 3389 5900 ) |
|
| 48 |
+ |
|
| 49 |
+for RULE in "${RULES_TO_ADD[@]}"; do
|
|
| 50 |
+ nova secgroup-add-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/00 |
|
| 51 |
+done |
|
| 52 |
+ |
|
| 53 |
+# Check to make sure rules were added |
|
| 54 |
+SEC_GROUP_RULES=( $(nova secgroup-list-rules $SEC_GROUP_NAME | grep -v \- | grep -v 'Source Group' | cut -d '|' -f3 | tr -d ' ') ) |
|
| 55 |
+for i in "${RULES_TO_ADD[@]}"; do
|
|
| 56 |
+ skip= |
|
| 57 |
+ for j in "${SEC_GROUP_RULES[@]}"; do
|
|
| 58 |
+ [[ $i == $j ]] && { skip=1; break; }
|
|
| 59 |
+ done |
|
| 60 |
+ [[ -n $skip ]] || exit 1 |
|
| 61 |
+done |
|
| 62 |
+ |
|
| 63 |
+# Delete rules and secgroup |
|
| 64 |
+for RULE in "${RULES_TO_ADD[@]}"; do
|
|
| 65 |
+ nova secgroup-delete-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/00 |
|
| 66 |
+done |
|
| 67 |
+nova secgroup-delete $SEC_GROUP_NAME |
|
| 68 |
+ |
|
| 69 |
+ |
|
| 70 |
+set +o xtrace |
|
| 71 |
+echo "*********************************************************************" |
|
| 72 |
+echo "SUCCESS: End DevStack Exercise: $0" |
|
| 73 |
+echo "*********************************************************************" |