sec_groups.sh

sec_groups.sh

# DIVIDER #!/usr/bin/env bash # DIVIDER echo "*********************************************************************" echo "Begin DevStack Exercise: $0" echo "*********************************************************************" # DIVIDER set -o errexit # DIVIDER set -o xtrace # DIVIDER # DIVIDER EXERCISE_DIR=$(cd $(dirname "$0") && pwd) TOP_DIR=$(cd $EXERCISE_DIR/..; pwd) # DIVIDER source $TOP_DIR/functions # DIVIDER source $TOP_DIR/openrc # DIVIDER source $TOP_DIR/exerciserc # DIVIDER is_service_enabled n-api || exit 55 # DIVIDER # DIVIDER nova secgroup-list # DIVIDER SEC_GROUP_NAME="ex-secgroup-$(openssl rand -hex 4)" nova secgroup-create $SEC_GROUP_NAME 'a test security group' # DIVIDER RULES_TO_ADD=( 22 3389 5900 ) for RULE in "${RULES_TO_ADD[@]}"; do nova secgroup-add-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/0 done # DIVIDER SEC_GROUP_RULES=( $(nova secgroup-list-rules $SEC_GROUP_NAME | grep -v \- | grep -v 'Source Group' | cut -d '|' -f3 | tr -d ' ') ) die_if_not_set $LINENO SEC_GROUP_RULES "Failure retrieving SEC_GROUP_RULES for $SEC_GROUP_NAME" for i in "${RULES_TO_ADD[@]}"; do skip= for j in "${SEC_GROUP_RULES[@]}"; do [[ $i == $j ]] && { skip=1; break; } done [[ -n $skip ]] || exit 1 done # DIVIDER for RULE in "${RULES_TO_ADD[@]}"; do nova secgroup-delete-rule $SEC_GROUP_NAME tcp $RULE $RULE 0.0.0.0/0 done # DIVIDER nova secgroup-delete $SEC_GROUP_NAME || \ die $LINENO "Failure deleting security group $SEC_GROUP_NAME" set +o xtrace echo "*********************************************************************" echo "SUCCESS: End DevStack Exercise: $0" echo "*********************************************************************" # DIVIDER

Test security groups via the command line

This script exits on an error so that errors don't compound and you see only the first error that occurred.

Print the commands being run so that we can see the command that triggers an error. It is also useful for following allowing as the install occurs.

Settings

Keep track of the current directory

Import common functions

Import configuration

Import exercise configuration

If nova api is not enabled we exit with exitcode 55 so that the exercise is skipped

Testing Security Groups

List security groups

Create random name for new sec group and create secgroup of said name

Add some rules to the secgroup

Check to make sure rules were added

Delete rules and secgroup

Delete secgroup