da85cdadd9
* Make common steps consistent * Make comments consistent aggregates.sh boot_from_volume.sh client-args.sh client-env.sh euca.sh floating_ips.sh sec_groups.sh swift.sh volumes.sh Change-Id: Ib93dcdfdead93c259e3cd184fbc5ccc0a4a87c9a
77 lines
2.1 KiB
Bash
Executable File
77 lines
2.1 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# **sec_groups.sh**
|
|
|
|
# Test security groups via the command line
|
|
|
|
echo "*********************************************************************"
|
|
echo "Begin DevStack Exercise: $0"
|
|
echo "*********************************************************************"
|
|
|
|
# This script exits on an error so that errors don't compound and you see
|
|
# only the first error that occured.
|
|
set -o errexit
|
|
|
|
# Print the commands being run so that we can see the command that triggers
|
|
# an error. It is also useful for following allowing as the install occurs.
|
|
set -o xtrace
|
|
|
|
|
|
# Settings
|
|
# ========
|
|
|
|
# Keep track of the current directory
|
|
EXERCISE_DIR=$(cd $(dirname "$0") && pwd)
|
|
TOP_DIR=$(cd $EXERCISE_DIR/..; pwd)
|
|
|
|
# Import common functions
|
|
source $TOP_DIR/functions
|
|
|
|
# Import configuration
|
|
source $TOP_DIR/openrc
|
|
|
|
# Import exercise configuration
|
|
source $TOP_DIR/exerciserc
|
|
|
|
|
|
# Testing Security Groups
|
|
# =======================
|
|
|
|
# List security groups
|
|
nova secgroup-list
|
|
|
|
# Create random name for new sec group and create secgroup of said name
|
|
SEC_GROUP_NAME="ex-secgroup-$(openssl rand -hex 4)"
|
|
nova secgroup-create $SEC_GROUP_NAME 'a test security group'
|
|
|
|
# Add some rules to the secgroup
|
|
RULES_TO_ADD=( 22 3389 5900 )
|
|
|
|
for RULE in "${RULES_TO_ADD[@]}"; do
|
|
nova secgroup-add-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/0
|
|
done
|
|
|
|
# Check to make sure rules were added
|
|
SEC_GROUP_RULES=( $(nova secgroup-list-rules $SEC_GROUP_NAME | grep -v \- | grep -v 'Source Group' | cut -d '|' -f3 | tr -d ' ') )
|
|
for i in "${RULES_TO_ADD[@]}"; do
|
|
skip=
|
|
for j in "${SEC_GROUP_RULES[@]}"; do
|
|
[[ $i == $j ]] && { skip=1; break; }
|
|
done
|
|
[[ -n $skip ]] || exit 1
|
|
done
|
|
|
|
# Delete rules and secgroup
|
|
for RULE in "${RULES_TO_ADD[@]}"; do
|
|
nova secgroup-delete-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/0
|
|
done
|
|
|
|
# Delete secgroup
|
|
nova secgroup-delete $SEC_GROUP_NAME || \
|
|
die "Failure deleting security group $SEC_GROUP_NAME"
|
|
|
|
set +o xtrace
|
|
echo "*********************************************************************"
|
|
echo "SUCCESS: End DevStack Exercise: $0"
|
|
echo "*********************************************************************"
|