diff options
author | Harry Huang <huangxiangyu5@huawei.com> | 2017-02-25 15:56:38 +0800 |
---|---|---|
committer | Harry Huang <huangxiangyu5@huawei.com> | 2017-02-25 15:56:57 +0800 |
commit | da008451297c461788d098f58da9419ed6fcb52c (patch) | |
tree | 214caf86a7bbccd7faf3c6d5f3f5f1255bc4d3b1 /juju/juju_setup.sh | |
parent | 420fbebbec6185e662818711bee7b23aec458100 (diff) |
Adjust juju bootstrap
1. use openstack default security group
2. change security group rules to allow all ports
access of both tcp and udp
3. bootstrap juju controller using floating ip and
default security group
Change-Id: I81c943105187fd8ffbde3f3d4e6d96ae24c07e53
Signed-off-by: Harry Huang <huangxiangyu5@huawei.com>
Diffstat (limited to 'juju/juju_setup.sh')
-rwxr-xr-x | juju/juju_setup.sh | 34 |
1 files changed, 20 insertions, 14 deletions
diff --git a/juju/juju_setup.sh b/juju/juju_setup.sh index dc8e99b..30df1b2 100755 --- a/juju/juju_setup.sh +++ b/juju/juju_setup.sh @@ -58,29 +58,35 @@ function juju_prepare() neutron router-gateway-set juju-router ext-net fi - if [[ ! $(neutron security-group-rule-list | grep "juju-default") ]]; then - neutron security-group-create juju-default --description "juju default security group" - fi + local default_secgroup_id=$(nova secgroup-list | grep "Default security group" | awk '{print $2}') - if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "icmp") ]]; then + if [[ ! $(neutron security-group-rule-list | grep default | grep "icmp") ]]; then neutron security-group-rule-create --direction ingress --protocol icmp \ - --remote-ip-prefix 0.0.0.0/0 juju-default + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id fi - if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "22/tcp") ]]; then + if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then neutron security-group-rule-create --direction ingress --protocol tcp \ - --port_range_min 22 --port_range_max 22 \ - --remote-ip-prefix 0.0.0.0/0 juju-default + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id fi - if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "80/tcp") ]]; then - neutron security-group-rule-create --direction ingress --protocol tcp \ - --port_range_min 80 --port_range_max 80 \ - --remote-ip-prefix 0.0.0.0/0 juju-default + if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then + neutron security-group-rule-create --direction egress --protocol tcp \ + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id + fi + + if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then + neutron security-group-rule-create --direction ingress --protocol udp \ + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id + fi + + if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then + neutron security-group-rule-create --direction egress --protocol udp \ + --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id fi - if [ ! -f ~/.ssh/id_rsa.pub ]; then - ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N "" + if [ ! -f /root/.ssh/id_rsa.pub ]; then + ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N "" fi openstack keypair list | grep jump-key || openstack keypair create --public-key ~/.ssh/id_rsa.pub jump-key |