documentation on exercise

This commit is contained in:
Jesse Andrews 2011-10-24 11:29:08 -07:00
parent 540b988371
commit 6fc71019c9

View File

@ -59,8 +59,8 @@ nova secgroup-list
# Create a secgroup # Create a secgroup
nova secgroup-create $SECGROUP "test_secgroup description" nova secgroup-create $SECGROUP "test_secgroup description"
# Flavors # determine flavor
# ------- # ----------------
# List of flavors: # List of flavors:
nova flavor-list nova flavor-list
@ -72,6 +72,16 @@ NAME="myserver"
nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP nova boot --flavor $FLAVOR --image $IMAGE $NAME --security_groups=$SECGROUP
# Testing
# =======
# First check if it spins up (becomes active and responds to ping on
# internal ip). If you run this script from a nova node, you should
# bypass security groups and have direct access to the server.
# Waiting for boot
# ----------------
# let's give it 10 seconds to launch # let's give it 10 seconds to launch
sleep 10 sleep 10
@ -89,7 +99,11 @@ ping -c1 -w1 $IP || true
sleep 5 sleep 5
ping -c1 -w1 $IP ping -c1 -w1 $IP
# allow icmp traffic
# Security Groups & Floating IPs
# ------------------------------
# allow icmp traffic (ping)
nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0 nova secgroup-add-rule $SECGROUP icmp -1 -1 0.0.0.0/0
# List rules for a secgroup # List rules for a secgroup
@ -99,31 +113,31 @@ nova secgroup-list-rules $SECGROUP
nova floating-ip-create nova floating-ip-create
# store floating address # store floating address
FIP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'` FLOATING_IP=`nova floating-ip-list | grep None | head -1 | cut -d '|' -f2 | sed 's/ //g'`
# add floating ip to our server # add floating ip to our server
nova add-floating-ip $NAME $FIP nova add-floating-ip $NAME $FLOATING_IP
# sleep for a smidge # sleep for a smidge
sleep 1 sleep 1
# ping our fip # ping our floating ip
ping -c1 -w1 $FIP ping -c1 -w1 $FLOATING_IP
# dis-allow icmp traffic # dis-allow icmp traffic (ping)
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0 nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
# sleep for a smidge # sleep for a smidge
sleep 1 sleep 1
# ping our fip # ping our floating ip
if ( ping -c1 -w1 $FIP); then if ( ping -c1 -w1 $FLOATING_IP ); then
print "Security group failure - ping should not be allowed!" print "Security group failure - ping should not be allowed!"
exit 1 exit 1
fi fi
# de-allocate the floating ip # de-allocate the floating ip
nova floating-ip-delete $FIP nova floating-ip-delete $FLOATING_IP
# shutdown the server # shutdown the server
nova delete $NAME nova delete $NAME