Merge branch 'master' into pause
diff --git a/exercise.sh b/exercise.sh
index f24693e..9e7c5ae 100755
--- a/exercise.sh
+++ b/exercise.sh
@@ -82,11 +82,11 @@
# Waiting for boot
# ----------------
-# let's give it 10 seconds to launch
-sleep 10
-
-# check that the status is active
-nova show $NAME | grep status | grep -q ACTIVE
+# check that the status is active within 10 seconds
+if ! timeout 10 sh -c "while ! nova show $NAME | grep status | grep -q ACTIVE; do sleep 1; done"; then
+ echo "server didn't become active!"
+ exit 1
+fi
# get the IP of the server
IP=`nova show $NAME | grep "private network" | cut -d"|" -f3`
@@ -94,14 +94,13 @@
# for single node deployments, we can ping private ips
MULTI_HOST=${MULTI_HOST:-0}
if [ "$MULTI_HOST" = "0" ]; then
- # ping it once (timeout of a second)
- ping -c1 -w1 $IP || true
-
# sometimes the first ping fails (10 seconds isn't enough time for the VM's
- # network to respond?), so let's wait 5 seconds and really test ping
- sleep 5
-
- ping -c1 -w1 $IP
+ # network to respond?), so let's ping for 15 seconds with a timeout
+ # of a second.
+ if ! timeout 15 sh -c "while ! ping -c1 -w1 $IP; do sleep 1; done"; then
+ echo "Couldn't ping server"
+ exit 1
+ fi
fi
# Security Groups & Floating IPs
@@ -122,11 +121,11 @@
# add floating ip to our server
nova add-floating-ip $NAME $FLOATING_IP
-# sleep for a smidge
-sleep 5
-
-# ping our floating ip
-ping -c1 -w1 $FLOATING_IP
+# test we can ping our floating ip within 10 seconds
+if ! timeout 10 sh -c "while ! ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
+ echo "Couldn't ping server with floating ip"
+ exit 1
+fi
# pause the VM and verify we can't ping it anymore
nova pause $NAME
@@ -148,12 +147,10 @@
# dis-allow icmp traffic (ping)
nova secgroup-delete-rule $SECGROUP icmp -1 -1 0.0.0.0/0
-# sleep for a smidge
-sleep 5
-
-# ping our floating ip
-if ( ping -c1 -w1 $FLOATING_IP ); then
+# test we can aren't able to ping our floating ip within 10 seconds
+if ! timeout 10 sh -c "while ping -c1 -w1 $FLOATING_IP; do sleep 1; done"; then
print "Security group failure - ping should not be allowed!"
+ echo "Couldn't ping server with floating ip"
exit 1
fi
diff --git a/files/sudo/nova b/files/sudo/nova
index 3843416..2ce1aac 100644
--- a/files/sudo/nova
+++ b/files/sudo/nova
@@ -1 +1,47 @@
-socat
+Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \
+ /bin/chown /var/lib/nova/tmp/*/root/.ssh, \
+ /bin/chown, \
+ /bin/chmod, \
+ /bin/dd, \
+ /sbin/ifconfig, \
+ /sbin/ip, \
+ /sbin/route, \
+ /sbin/iptables, \
+ /sbin/iptables-save, \
+ /sbin/iptables-restore, \
+ /sbin/ip6tables-save, \
+ /sbin/ip6tables-restore, \
+ /sbin/kpartx, \
+ /sbin/losetup, \
+ /sbin/lvcreate, \
+ /sbin/lvdisplay, \
+ /sbin/lvremove, \
+ /bin/mkdir, \
+ /bin/mount, \
+ /sbin/pvcreate, \
+ /usr/bin/tee, \
+ /sbin/tune2fs, \
+ /bin/umount, \
+ /sbin/vgcreate, \
+ /usr/bin/virsh, \
+ /usr/bin/qemu-nbd, \
+ /usr/sbin/brctl, \
+ /sbin/brctl, \
+ /usr/sbin/radvd, \
+ /usr/sbin/vblade-persist, \
+ /sbin/pvcreate, \
+ /sbin/aoe-discover, \
+ /sbin/vgcreate, \
+ /bin/aoe-stat, \
+ /bin/kill, \
+ /sbin/vconfig, \
+ /usr/sbin/ietadm, \
+ /sbin/vgs, \
+ /sbin/iscsiadm, \
+ /usr/bin/socat, \
+ /sbin/parted, \
+ /usr/sbin/dnsmasq, \
+ /usr/bin/arping
+
+%USER% ALL = (root) NOPASSWD: SETENV: NOVACMDS
+
diff --git a/stack.sh b/stack.sh
index 14bcfb2..82cc157 100755
--- a/stack.sh
+++ b/stack.sh
@@ -116,6 +116,15 @@
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
fi
exit 1
+else
+ # Our user needs passwordless priviledges for certain commands which nova
+ # uses internally.
+ # Natty uec images sudoers does not have a '#includedir'. add one.
+ sudo grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
+ echo "#includedir /etc/sudoers.d" | sudo tee -a /etc/sudoers
+ sudo cp $FILES/sudo/nova /etc/sudoers.d/stack_sh_nova
+ sudo sed -e "s,%USER%,$USER,g" -i /etc/sudoers.d/stack_sh_nova
+ sudo chmod 0440 /etc/sudoers.d/stack_sh_nova
fi
# Set the destination directories for openstack projects
@@ -364,8 +373,6 @@
# it since we are going to run the services in screen for simple
cp $FILES/screenrc ~/.screenrc
-## TODO: update current user to allow sudo for all commands in files/sudo/*
-
# Rabbit
# ---------