openstack/kolla-ansible
Code Issues Proposed changes

Fix security group creation

Browse Source 
When using init-runonce script multiple default
security groups are present and raise error:
More than one security_group exists with the name 'default'.

Add a check to create rules to admin's default sec group.

Change-Id: Iaf93467d70ae41fdbcd2b37d6c5639a32d939394
This commit is contained in:
Eduardo Gonzalez 2017-01-24 15:07:26 +00:00
parent 17cc31ec73
commit 8c1893777c
1 changed files with 9 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
tools/init-runonce
View File

@ -62,16 +62,21 @@ openstack router create demo-router
openstack router add subnet demo-router demo-subnet
openstack router set --external-gateway public1 demo-router
# Get admin user and tenant IDs
ADMIN_USER_ID=$(openstack user list | awk '/ admin / {print $2}')
ADMIN_PROJECT_ID=$(openstack project list | awk '/ admin / {print $2}')
ADMIN_SEC_GROUP=$(openstack security group list --project ${ADMIN_PROJECT_ID} | awk '/ default / {print $2}')
# Sec Group Config
openstack security group rule create --ingress --ethertype IPv4 \
--protocol icmp default
--protocol icmp ${ADMIN_SEC_GROUP}
openstack security group rule create --ingress --ethertype IPv4 \
--protocol tcp --dst-port 22 default
--protocol tcp --dst-port 22 ${ADMIN_SEC_GROUP}
# Open heat-cfn so it can run on a different host
openstack security group rule create --ingress --ethertype IPv4 \
--protocol tcp --dst-port 8000 default
--protocol tcp --dst-port 8000 ${ADMIN_SEC_GROUP}
openstack security group rule create --ingress --ethertype IPv4 \
--protocol tcp --dst-port 8080 default
--protocol tcp --dst-port 8080 ${ADMIN_SEC_GROUP}
if [ ! -f ~/.ssh/id_rsa.pub ]; then
echo Generating ssh key.
@ -84,10 +89,6 @@ fi
# Increase the quota to allow 40 m1.small instances to be created
# Get admin user and tenant IDs
ADMIN_USER_ID=$(openstack user list | awk '/ admin / {print $2}')
ADMIN_PROJECT_ID=$(openstack project list | awk '/ admin / {print $2}')
# 40 instances
openstack quota set --instances 40 $ADMIN_PROJECT_ID