#!/bin/sh

set -e
set -x

#######################
### SECURITY GROUPS ###
#######################
### Create the security groups

MANILA_SEC_GROUP_NAME=manila-security-group
# This is: ssh, nfs, netbios
MANILA_PORT_LIST="22 873 137 138 139 2049"

. /root/manila-openrc
MANILA_SEC_GROUP=$(openstack security group show ${MANILA_SEC_GROUP_NAME} -f value -c id 2>/dev/null || true)
if [ -z "${MANILA_SEC_GROUP}" ] ; then
	openstack security group create ${MANILA_SEC_GROUP_NAME}
	openstack security group rule create --protocol icmp ${MANILA_SEC_GROUP_NAME}
	openstack security group rule create --protocol icmpv6 --ethertype IPv6 --remote-ip ::/0 ${MANILA_SEC_GROUP_NAME}
	for PORT in ${MANILA_PORT_LIST} ; do
		openstack security group rule create --protocol tcp --dst-port ${PORT} ${MANILA_SEC_GROUP_NAME}
		openstack security group rule create --protocol tcp --dst-port ${PORT} --ethertype IPv6 --remote-ip ::/0 ${MANILA_SEC_GROUP_NAME}
	done
	MANILA_SEC_GROUP=$(openstack security group show ${MANILA_SEC_GROUP_NAME} -f value -c id 2>/dev/null)
fi
