Adjust juju bootstrap

1. use openstack default security group 2. change security group rules to allow all ports access of both tcp and udp 3. bootstrap juju controller using floating ip and default security group Change-Id: I81c943105187fd8ffbde3f3d4e6d96ae24c07e53 Signed-off-by: Harry Huang <huangxiangyu5@huawei.com>
author: Harry Huang <huangxiangyu5@huawei.com> 2017-02-25 15:56:38 +0800
committer: Harry Huang <huangxiangyu5@huawei.com> 2017-02-25 15:56:57 +0800
commit: da008451297c461788d098f58da9419ed6fcb52c (patch)
tree: 214caf86a7bbccd7faf3c6d5f3f5f1255bc4d3b1 /juju/juju_setup.sh
parent: 420fbebbec6185e662818711bee7b23aec458100 (diff)
1 files changed, 20 insertions, 14 deletions
diff --git a/juju/juju_setup.sh b/juju/juju_setup.sh
index dc8e99b..30df1b2 100755
--- a/juju/juju_setup.sh
+++ b/juju/juju_setup.sh
@@ -58,29 +58,35 @@ function juju_prepare()
         neutron router-gateway-set juju-router ext-net
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep "juju-default") ]]; then
-        neutron security-group-create juju-default --description "juju default security group"
-    fi
+    local default_secgroup_id=$(nova secgroup-list | grep "Default security group" | awk '{print $2}')
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "icmp") ]]; then
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "icmp") ]]; then
         neutron security-group-rule-create --direction ingress --protocol icmp \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "22/tcp") ]]; then
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then
         neutron security-group-rule-create --direction ingress --protocol tcp \
-                                           --port_range_min 22 --port_range_max 22 \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "80/tcp") ]]; then
-        neutron security-group-rule-create --direction ingress --protocol tcp \
-                                           --port_range_min 80 --port_range_max 80 \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then
+        neutron security-group-rule-create --direction egress --protocol tcp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
+    fi
+
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then
+        neutron security-group-rule-create --direction ingress --protocol udp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
+    fi
+
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then
+        neutron security-group-rule-create --direction egress --protocol udp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [ ! -f ~/.ssh/id_rsa.pub ]; then
-        ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""
+    if [ ! -f /root/.ssh/id_rsa.pub ]; then
+        ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N ""
     fi
 
     openstack keypair list | grep jump-key || openstack keypair create --public-key ~/.ssh/id_rsa.pub jump-key
author	Harry Huang <huangxiangyu5@huawei.com>	2017-02-25 15:56:38 +0800
committer	Harry Huang <huangxiangyu5@huawei.com>	2017-02-25 15:56:57 +0800
commit	da008451297c461788d098f58da9419ed6fcb52c (patch)
tree	214caf86a7bbccd7faf3c6d5f3f5f1255bc4d3b1 /juju/juju_setup.sh
parent	420fbebbec6185e662818711bee7b23aec458100 (diff)