Adjust juju bootstrap

1. use openstack default security group 2. change security group rules to allow all ports access of both tcp and udp 3. bootstrap juju controller using floating ip and default security group Change-Id: I81c943105187fd8ffbde3f3d4e6d96ae24c07e53 Signed-off-by: Harry Huang <huangxiangyu5@huawei.com>
author: Harry Huang <huangxiangyu5@huawei.com> 2017-02-25 15:56:38 +0800
committer: Harry Huang <huangxiangyu5@huawei.com> 2017-02-25 15:56:57 +0800
commit: da008451297c461788d098f58da9419ed6fcb52c (patch)
tree: 214caf86a7bbccd7faf3c6d5f3f5f1255bc4d3b1 /juju
parent: 420fbebbec6185e662818711bee7b23aec458100 (diff)
3 files changed, 46 insertions, 50 deletions
diff --git a/juju/adapter.sh b/juju/adapter.sh
index 2f1d8f7..2bf9e2b 100755
--- a/juju/adapter.sh
+++ b/juju/adapter.sh
@@ -20,7 +20,7 @@ function generate_compass_openrc()
 
     echo -e "export OS_PASSWORD=console \n\
 export OS_PROJECT_NAME=admin \n\
-export OS_AUTH_URL=http://$PUBLIC_VIP:35357/v2.0 \n\
+export OS_AUTH_URL=http://$PUBLIC_VIP:5000/v2.0 \n\
 export OS_USERNAME=admin \n\
 export OS_VOLUME_API_VERSION=2 \n\
 export OS_REGION_NAME=RegionOne " > $WORK_DIR/admin-openrc.sh
diff --git a/juju/juju_launch.sh b/juju/juju_launch.sh
index b87c360..558fa5d 100755
--- a/juju/juju_launch.sh
+++ b/juju/juju_launch.sh
@@ -8,15 +8,13 @@
 # http://www.apache.org/licenses/LICENSE-2.0
 ##############################################################################
 
-ssh_options="-o StrictHostKeyChecking=no"
-
 function launch_juju_vm()
 {
-    NET_ID=$(neutron net-list | grep juju-net | awk '{print $2}')
+    local NET_ID=$(neutron net-list | grep juju-net | awk '{print $2}')
 
     if [[ ! $(nova list | grep juju-client-vm) ]]; then
-        nova boot --flavor m1.small --image Xenial_x86_64 --nic net-id=$NET_ID \
-                  --key-name jump-key --security-group juju-default juju-client-vm
+        nova boot --flavor m1.small --image xenial_x86_64 --nic net-id=$NET_ID \
+                  --key-name jump-key --security-group default juju-client-vm
         if [ $? -ne 0 ]; then
             log_error "boot juju-client-vm fail"
             exit 1
@@ -24,19 +22,19 @@ function launch_juju_vm()
     fi
 
     if [[ ! $(nova list | grep juju-metadata-vm) ]]; then
-        nova boot --flavor m1.small --image Xenial_x86_64 --nic net-id=$NET_ID \
-                  --key-name jump-key --security-group juju-default juju-metadata-vm
+        nova boot --flavor m1.small --image xenial_x86_64 --nic net-id=$NET_ID \
+                  --key-name jump-key --security-group default juju-metadata-vm
         if [ $? -ne 0 ]; then
             log_error "boot juju-metadata-vm fail"
             exit 1
         fi
     fi
 
-    count=300
+    local count=300
     set +x
     while
-        state1=$(nova list | grep juju-client-vm | awk '{print $6}')
-        state2=$(nova list | grep juju-metadata-vm | awk '{print $6}')
+        local state1=$(nova list | grep juju-client-vm | awk '{print $6}')
+        local state2=$(nova list | grep juju-metadata-vm | awk '{print $6}')
         if [[ $state1 == "ERROR" || $state2 == "ERROR" || $count == 0 ]]; then
             log_error "launch juju vm error"
             exit 1
@@ -67,23 +65,13 @@ function launch_juju_vm()
     export floating_ip_metadata=$floating_ip_metadata
 }
 
-function exec_cmd_on_client()
-{
-    ssh $ssh_options ubuntu@$floating_ip_client "$@"
-}
-
-function exec_cmd_on_metadata()
-{
-    ssh $ssh_options ubuntu@$floating_ip_metadata "$@"
-}
-
 function juju_metadata_prepare()
 {
-    cmd="sudo apt update -y; \
+    local cmd="sudo apt update -y; \
          sudo apt-get install nginx -y"
     exec_cmd_on_metadata $cmd
 
-    if [ ! $(exec_cmd_on_metadata sudo ps -aux | grep nginx) ]; then
+    if [[ ! $(exec_cmd_on_metadata sudo ps -aux | grep nginx) ]]; then
         log_error "juju-metadata nginx error"
         exit 1
     fi
@@ -91,7 +79,7 @@ function juju_metadata_prepare()
 
 function juju_client_prepare()
 {
-    cmd1="sudo add-apt-repository ppa:juju/stable; \
+    local cmd1="sudo add-apt-repository ppa:juju/stable; \
          sudo apt update -y; \
          sudo apt install juju zfsutils-linux -y"
     exec_cmd_on_client $cmd1
@@ -104,7 +92,7 @@ function juju_client_prepare()
             $OS_REGION_NAME:
                 endpoint: $OS_AUTH_URL' > clouds.yaml"
 
-    cmd2="juju add-cloud openstack clouds.yaml --replace"
+    local cmd2="juju add-cloud openstack clouds.yaml --replace"
     exec_cmd_on_client $cmd2
 
     if [[ ! $(exec_cmd_on_client "juju list-clouds | grep openstack") ]]; then
@@ -112,11 +100,11 @@ function juju_client_prepare()
         exit 1
     fi
 
-    cmd3='ssh-keygen -q -t rsa -f /home/ubuntu/.ssh/id_rsa -N ""'
+    local cmd3='ssh-keygen -q -t rsa -f /home/ubuntu/.ssh/id_rsa -N ""'
     exec_cmd_on_client $cmd3
 
-    client_key=`exec_cmd_on_client sudo cat /home/ubuntu/.ssh/id_rsa.pub`
-    cmd4="echo $client_key >> /home/ubuntu/.ssh/authorized_keys"
+    local client_key=`exec_cmd_on_client sudo cat /home/ubuntu/.ssh/id_rsa.pub`
+    local cmd4="echo $client_key >> /home/ubuntu/.ssh/authorized_keys"
     exec_cmd_on_metadata $cmd4
 
     exec_cmd_on_client "echo 'credentials:
@@ -127,9 +115,8 @@ function juju_client_prepare()
             tenant-name: $OS_PROJECT_NAME
             username: $OS_USERNAME' > os-creds.yaml"
 
-    # credential uses keystone url V3
-    cmd3="juju add-credential openstack -f os-creds.yaml --replace"
-    exec_cmd_on_client $cmd3
+    local cmd5="juju add-credential openstack -f os-creds.yaml --replace"
+    exec_cmd_on_client $cmd5
 }
 
 function juju_generate_metadata()
@@ -144,13 +131,13 @@ function juju_generate_metadata()
         exec_cmd_on_client $cmd
     done
 
-    cmd1="juju metadata generate-tools -d mt"
+    local cmd1="juju metadata generate-tools -d mt"
     exec_cmd_on_client $cmd1
 
-    cmd2="rsync -e 'ssh $ssh_options' -av mt ubuntu@$floating_ip_metadata:~/"
+    local cmd2="rsync -e 'ssh -o StrictHostKeyChecking=no' -av mt ubuntu@$floating_ip_metadata:~/"
     exec_cmd_on_client $cmd2
 
-    cmd3="sudo cp -a mt/tools/ /var/www/html; \
+    local cmd3="sudo cp -a mt/tools/ /var/www/html; \
           sudo cp -a mt/images/ /var/www/html; \
           sudo chmod a+rx /var/www/html/ -R"
     exec_cmd_on_metadata $cmd3
@@ -164,11 +151,14 @@ function juju_generate_metadata()
 
 function bootstrap_juju_controller()
 {
-    cmd="juju bootstrap openstack openstack \
+    local cmd="juju bootstrap openstack openstack \
         --config image-metadata-url=http://$floating_ip_metadata/images \
-        --config network=juju-net \
+        --config network=juju-net --config use-floating-ip=True \
+        --config use-default-secgroup=True \
+        --constraints 'mem=4G root-disk=40G' \
         --verbose --debug"
     exec_cmd_on_client $cmd
+
 }
 
 function launch_juju()
diff --git a/juju/juju_setup.sh b/juju/juju_setup.sh
index dc8e99b..30df1b2 100755
--- a/juju/juju_setup.sh
+++ b/juju/juju_setup.sh
@@ -58,29 +58,35 @@ function juju_prepare()
         neutron router-gateway-set juju-router ext-net
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep "juju-default") ]]; then
-        neutron security-group-create juju-default --description "juju default security group"
-    fi
+    local default_secgroup_id=$(nova secgroup-list | grep "Default security group" | awk '{print $2}')
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "icmp") ]]; then
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "icmp") ]]; then
         neutron security-group-rule-create --direction ingress --protocol icmp \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "22/tcp") ]]; then
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then
         neutron security-group-rule-create --direction ingress --protocol tcp \
-                                           --port_range_min 22 --port_range_max 22 \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [[ ! $(neutron security-group-rule-list | grep juju-default | grep "80/tcp") ]]; then
-        neutron security-group-rule-create --direction ingress --protocol tcp \
-                                           --port_range_min 80 --port_range_max 80 \
-                                           --remote-ip-prefix 0.0.0.0/0 juju-default
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "tcp") ]]; then
+        neutron security-group-rule-create --direction egress --protocol tcp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
+    fi
+
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then
+        neutron security-group-rule-create --direction ingress --protocol udp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
+    fi
+
+    if [[ ! $(neutron security-group-rule-list | grep default | grep "udp") ]]; then
+        neutron security-group-rule-create --direction egress --protocol udp \
+                                           --remote-ip-prefix 0.0.0.0/0 $default_secgroup_id
     fi
 
-    if [ ! -f ~/.ssh/id_rsa.pub ]; then
-        ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N ""
+    if [ ! -f /root/.ssh/id_rsa.pub ]; then
+        ssh-keygen -q -t rsa -f /root/.ssh/id_rsa -N ""
     fi
 
     openstack keypair list | grep jump-key || openstack keypair create --public-key ~/.ssh/id_rsa.pub jump-key
author	Harry Huang <huangxiangyu5@huawei.com>	2017-02-25 15:56:38 +0800
committer	Harry Huang <huangxiangyu5@huawei.com>	2017-02-25 15:56:57 +0800
commit	da008451297c461788d098f58da9419ed6fcb52c (patch)
tree	214caf86a7bbccd7faf3c6d5f3f5f1255bc4d3b1 /juju
parent	420fbebbec6185e662818711bee7b23aec458100 (diff)