Adjust juju bootstrap

1. use openstack default security group
2. change security group rules to allow all ports
   access of both tcp and udp
3. bootstrap juju controller using floating ip and
   default security group

Change-Id: I81c943105187fd8ffbde3f3d4e6d96ae24c07e53
Signed-off-by: Harry Huang <huangxiangyu5@huawei.com>

6 files changed, 122 insertions, 66 deletions

diff --git a/command.sh b/command.sh
new file mode 100755
index 0000000..2f6b76c
--- /dev/null
+++ b/command.sh
@@ -0,0 +1,65 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2016-2017 HUAWEI TECHNOLOGIES CO.,LTD and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+
+function exec_cmd_on_openo()
+{
+    local rsa_file=${OPENO_VM_DIR}/boot.rsa
+    local ssh_args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $rsa_file"
+
+    if [ ! -f $rsa_file ]; then
+        log_error "open-o vm boot.rsa not found"
+        exit 1
+    fi
+
+    if [ ! $OPENO_VM_IP ]; then
+        log_error "open-o vm ip not found"
+        exit 1
+    fi
+    ssh $ssh_args root@$OPENO_VM_IP "$@"
+}
+
+function scp_to_openo()
+{
+    local rsa_file=${OPENO_VM_DIR}/boot.rsa
+    local ssh_args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $rsa_file"
+
+    if [ ! -f $rsa_file ]; then
+        log_error "open-o vm boot.rsa not found"
+        exit 1
+    fi
+
+    if [ ! $OPENO_VM_IP ]; then
+        log_error "open-o vm ip not found"
+        exit 1
+    fi
+    scp $ssh_args $1 root@$OPENO_VM_IP:$2
+}
+
+function exec_cmd_on_client()
+{
+    local ssh_args="-o StrictHostKeyChecking=no"
+
+    if [ ! $floating_ip_client ]; then
+        log_error "juju-client ip not found"
+        exit 1
+    fi
+    ssh $ssh_options ubuntu@$floating_ip_client "$@"
+}
+
+function exec_cmd_on_metadata()
+{
+    local ssh_args="-o StrictHostKeyChecking=no"
+
+    if [ ! $floating_ip_metadata ]; then
+        log_error "juju-metadata ip not found"
+        exit 1
+    fi
+    ssh $ssh_options ubuntu@$floating_ip_metadata "$@"
+}
diff --git a/juju/adapter.sh b/juju/adapter.sh
index 2f1d8f7..2bf9e2b 100755
--- a/juju/adapter.sh
+++ b/juju/adapter.sh
@@ -20,7 +20,7 @@ function generate_compass_openrc()
 
     echo -e "export OS_PASSWORD=console \n\
 export OS_PROJECT_NAME=admin \n\
-export OS_AUTH_URL=http://$PUBLIC_VIP:35357/v2.0 \n\
+export OS_AUTH_URL=http://$PUBLIC_VIP:5000/v2.0 \n\
 export OS_USERNAME=admin \n\
 export OS_VOLUME_API_VERSION=2 \n\
 export OS_REGION_NAME=RegionOne " > $WORK_DIR/admin-openrc.sh
diff --git a/juju/juju_launch.sh b/juju/juju_launch.sh
index b87c360..558fa5d 100755
--- a/juju/juju_launch.sh
+++ b/juju/juju_launch.sh
@@ -8,15 +8,13 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 
-ssh_options="-o StrictHostKeyChecking=no"
-
 function launch_juju_vm()
 {
-    NET_ID=$(neutron net-list | grep juju-net | awk '{print $2}')
+    local NET_ID=$(neutron net-list | grep juju-net | awk '{print $2}')
 
     if [[ ! $(nova list | grep juju-client-vm) ]]; then
-        nova boot --flavor m1.small --image Xenial_x86_64 --nic net-id=$NET_ID \
-                  --key-name jump-key --security-group juju-default juju-client-vm
+        nova boot --flavor m1.small --image xenial_x86_64 --nic net-id=$NET_ID \
+                  --key-name jump-key --security-group default juju-client-vm
         if [ $? -ne 0 ]; then
             log_error "boot juju-client-vm fail"
             exit 1
@@ -24,19 +22,19 @@ function launch_juju_vm()
     fi
 
     if [[ ! $(nova list | grep juju-metadata-vm) ]]; then
-        nova boot --flavor m1.small --image Xenial_x86_64 --nic net-id=$NET_ID \
-                  --key-name jump-key --security-group juju-default juju-metadata-vm
+        nova boot --flavor m1.small --image xenial_x86_64 --nic net-id=$NET_ID \
+                  --key-name jump-key --security-group default juju-metadata-vm
         if [ $? -ne 0 ]; then
             log_error "boot juju-metadata-vm fail"
             exit 1
         fi
     fi
 
-    count=300
+    local count=300
     set +x
     while
-        state1=$(nova list | grep juju-client-vm | awk '{print $6}')
-        state2=$(nova list | grep juju-metadata-vm | awk '{print $6}')
+        local state1=$(nova list | grep juju-client-vm | awk '{print $6}')
+        local state2=$(nova list | grep juju-metadata-vm | awk '{print $6}')
         if [[ $state1 == "ERROR" || $state2 == "ERROR" || $count == 0 ]]; then
             log_error "launch juju vm error"
             exit 1
@@ -67,23 +65,13 @@ function launch_juju_vm()
     export floating_ip_metadata=$floating_ip_metadata
 }
 
-function exec_cmd_on_client()
-{
-    ssh $ssh_options ubuntu@$floating_ip_client "$@"
-}
-
-function exec_cmd_on_metadata()
-{
-    ssh $ssh_options ubuntu@$floating_ip_metadata "$@"
-}
-
 function juju_metadata_prepare()
 {
-    cmd="sudo apt update -y; \
+    local cmd="sudo apt update -y; \
          sudo apt-get install nginx -y"
     exec_cmd_on_metadata $cmd
 
-    if [ ! $(exec_cmd_on_metadata sudo ps -aux | grep nginx) ]; then
+    if [[ ! $(exec_cmd_on_metadata sudo ps -aux | grep nginx) ]]; then
         log_error "juju-metadata nginx error"
         exit 1
     fi
@@ -91,7 +79,7 @@ function juju_metadata_prepare()
 
 function juju_client_prepare()
 {
-    cmd1="sudo add-apt-repository ppa:juju/stable; \
+    local cmd1="sudo add-apt-repository ppa:juju/stable; \
          sudo apt update -y; \
          sudo apt install juju zfsutils-linux -y"
     exec_cmd_on_client $cmd1
@@ -104,7 +92,7 @@ function juju_client_prepare()
             $OS_REGION_NAME:
                 endpoint: $OS_AUTH_URL' > clouds.yaml"
 
-    cmd2="juju add-cloud openstack clouds.yaml --replace"
+    local cmd2="juju add-cloud openstack clouds.yaml --replace"
     exec_cmd_on_client $cmd2
 
     if [[ ! $(exec_cmd_on_client "juju list-clouds | grep openstack") ]]; then
@@ -112,11 +100,11 @@ function juju_client_prepare()
         exit 1
     fi
 
-    cmd3='ssh-keygen -q -t rsa -f /home/ubuntu/.ssh/id_rsa -N ""'
+    local cmd3='ssh-keygen -q -t rsa -f /home/ubuntu/.ssh/id_rsa -N ""'
     exec_cmd_on_client $cmd3
 
-    client_key=`exec_cmd_on_client sudo cat /home/ubuntu/.ssh/id_rsa.pub`
-    cmd4="echo $client_key >> /home/ubuntu/.ssh/authorized_keys"
+    local client_key=`exec_cmd_on_client sudo cat /home/ubuntu/.ssh/id_rsa.pub`
+    local cmd4="echo $client_key >> /home/ubuntu/.ssh/authorized_keys"
     exec_cmd_on_metadata $cmd4
 
     exec_cmd_on_client "echo 'credentials:
@@ -127,9 +115,8 @@ function juju_client_prepare()
             tenant-name: $OS_PROJECT_NAME
             username: $OS_USERNAME' > os-creds.yaml"
 
-    # credential uses keystone url V3
-    cmd3="juju add-credential openstack -f os-creds.yaml --replace"
-    exec_cmd_on_client $cmd3
+    local cmd5="juju add-credential openstack -f os-creds.yaml --replace"
+    exec_cmd_on_client $cmd5
 }
 
 function juju_generate_metadata()
@@ -144,13 +131,13 @@ function juju_generate_metadata()
         exec_cmd_on_client $cmd
     done
 
-    cmd1="juju metadata generate-tools -d mt"
+    local cmd1="juju metadata generate-tools -d mt"
     exec_cmd_on_client $cmd1
 
-    cmd2="rsync -e 'ssh $ssh_options' -av mt ubuntu@$floating_ip_metadata:~/"
+    local cmd2="rsync -e 'ssh -o StrictHostKeyChecking=no' -av mt ubuntu@$floating_ip_metadata:~/"
     exec_cmd_on_client $cmd2
 
-    cmd3="sudo cp -a mt/tools/ /var/www/html; \
+    local cmd3="sudo cp -a mt/tools/ /var/www/html; \
           sudo cp -a mt/images/ /var/www/html; \
           sudo chmod a+rx /var/www/html/ -R"
     exec_cmd_on_metadata $cmd3
@@ -164,11 +151,14 @@ function juju_generate_metadata()
 
 function bootstrap_juju_controller()
 {
-    cmd="juju bootstrap openstack openstack \
+    local cmd="juju bootstrap openstack openstack \
         --config image-metadata-url=http://$floating_ip_metadata/images \
-        --config network=juju-net \
+        --config network=juju-net --config use-floating-ip=True \
+        --config use-default-secgroup=True \
+        --constraints 'mem=4G root-disk=40G' \
         --verbose --debug"
     exec_cmd_on_client $cmd
+
 }
 
 function launch_juju()
diff --git a/juju/juju_setup.sh b/juju/juju_setup.sh
index dc8e99b..30df1b2 100755
--- a/juju/juju_setup.sh
+++ b/juju/juju_setup.sh
@@ -58,29 +58,35 @@ function juju_prepare()
         neutron router-gateway-set juju-router ext-net
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep "juju-default") ]]; then
-        neutron security-group-create juju-default --description "juju default security group"
-    fi
+    local default_secgroup_id=$(nova secgroup-list | grep "Default security group" | awk '{print $2}')
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "icmp") ]]; then
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "icmp") ]]; then
         neutron security-group-rule-create --direction ingress --protocol icmp \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "22/tcp") ]]; then
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then
         neutron security-group-rule-create --direction ingress --protocol tcp \
-                                           --port_range_min 22 --port_range_max 22 \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "80/tcp") ]]; then
-        neutron security-group-rule-create --direction ingress --protocol tcp \
-                                           --port_range_min 80 --port_range_max 80 \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then
+        neutron security-group-rule-create --direction egress --protocol tcp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
+    fi
+
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then
+        neutron security-group-rule-create --direction ingress --protocol udp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
+    fi
+
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then
+        neutron security-group-rule-create --direction egress --protocol udp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [ ! -f ~/.ssh/id_rsa.pub ]; then
-        ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""
+    if [ ! -f /root/.ssh/id_rsa.pub ]; then
+        ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N ""
     fi
 
     openstack keypair list | grep jump-key || openstack keypair create --public-key ~/.ssh/id_rsa.pub jump-key
diff --git a/open-o/openo_vm.sh b/open-o/openo_vm.sh
index dc227e2..fdce33a 100755
--- a/open-o/openo_vm.sh
+++ b/open-o/openo_vm.sh
@@ -8,10 +8,8 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 set -ex
-OPENO_VM_DIR=${WORK_DIR}/openo_vm
 OPENO_VM_ISO=${OPENO_VM_ISO_URL##*/}
-rsa_file=${OPENO_VM_DIR}/boot.rsa
-ssh_args="-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i $rsa_file"
+OPENO_VM_DIR=${WORK_DIR}/openo_vm
 
 function openo_download_iso()
 {
@@ -70,18 +68,13 @@ function openo_docker_prepare()
            -e "s/GSO_GUI_PORTAL_IP/$GSO_GUI_PORTAL_IP/g" \
            ${OPENO_VM_DIR}/openo_docker.sh
 
-    scp $ssh_args ${OPENO_VM_DIR}/openo_docker.sh root@${OPENO_VM_IP}:/home
-}
-
-function exec_cmd_on_openo()
-{
-    ssh $ssh_args root@$OPENO_VM_IP "$@"
+    scp_to_openo ${OPENO_VM_DIR}/openo_docker.sh /home
 }
 
 function launch_openo_docker()
 {
     openo_docker_prepare
-    cmd="/home/openo_docker.sh"
+    local cmd="/home/openo_docker.sh"
     exec_cmd_on_openo $cmd
 }
 
@@ -103,18 +96,18 @@ function wait_openo_ok()
     set +x
     log_info "wait_openo_ok enter"
     ssh-keygen -f "/root/.ssh/known_hosts" -R $OPENO_VM_IP >/dev/null 2>&1
-    retry=0
-    until timeout 1s ssh $ssh_args root@$OPENO_VM_IP "exit" >/dev/null 2>&1
+    local retry=0
+    until timeout 1s exec_cmd_on_openo "exit" >/dev/null 2>&1
     do
         log_progress "os install time used: $((retry*100/$1))%"
         sleep 1
         let retry+=1
         if [[ $retry -ge $1 ]];then
             # first try
-            ssh $ssh_args root@$OPENO_VM_IP "exit"
+            exec_cmd_on_openo "exit"
             # second try
-            ssh $ssh_args root@$OPENO_VM_IP "exit"
-            exit_status=$?
+            exec_cmd_on_openo "exit"
+            local exit_status=$?
             if [[ $exit_status == 0 ]]; then
                 log_warn "final ssh login open-o success !!!"
                 break
@@ -136,6 +129,7 @@ function launch_openo_vm() {
     local new_mnt=${OPENO_VM_DIR}/new
     local old_iso=${WORK_DIR}/iso/${OPENO_VM_ISO}
     local new_iso=${OPENO_VM_DIR}/centos.iso
+    local rsa_file=${OPENO_VM_DIR}/boot.rsa
 
     sudo virsh net-destroy external
     sudo virsh net-undefine external
@@ -189,7 +183,7 @@ function launch_openo_vm() {
     sudo virsh define ${OPENO_VM_DIR}/open-o.xml
     sudo virsh start open-o
 
-    exit_status=$?
+    local exit_status=$?
     if [ $exit_status != 0 ];then
         log_error "virsh start open-o failed"
         exit 1
diff --git a/opera_launch.sh b/opera_launch.sh
index ae86dee..001d7d1 100755
--- a/opera_launch.sh
+++ b/opera_launch.sh
@@ -24,6 +24,7 @@ source ${WORK_DIR}/scripts/network.conf
 
 source ${UTIL_DIR}/log.sh
 source ${OPENO_DIR}/openo_vm.sh
+source ${OPERA_DIR}/command.sh
 source ${JUJU_DIR}/adapter.sh
 source ${JUJU_DIR}/juju_setup.sh
 source ${JUJU_DIR}/juju_launch.sh