-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathopenstack-resources.sh
More file actions
executable file
·354 lines (301 loc) · 11.1 KB
/
openstack-resources.sh
File metadata and controls
executable file
·354 lines (301 loc) · 11.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
#!/bin/bash
# ==============================================
# Despliegue de parámetros para OpenStack
# Objetivo: Comprobar y crear recursos mínimos
# para poder lanzar una instancia
# ==============================================
# --------- CONFIGURACIÓN BÁSICA ---------------
# ===== Activar entorno virtual =====
echo "🔹 Activando primero el entorno virtual de OpenStack..."
step_start=$(date +%s)
if [[ -d "openstack-installer/openstack_venv" ]]; then
source openstack-installer/openstack_venv/bin/activate
echo "[✔] Entorno virtual 'openstack_venv' activado correctamente."
else
echo "[✖] No se encontró el entorno 'openstack_venv'. Ejecuta primero openstack-installer.sh"
exit 1
fi
step_end=$(date +%s)
echo "-------------------------------------------"
sleep 1
# ===== Cargar variables de entorno OpenStack =====
if [[ -f "admin-openrc.sh" ]]; then
echo "[+] Cargando variables del entorno OpenStack (admin-openrc.sh)..."
source admin-openrc.sh
echo "[✔] Variables cargadas correctamente."
echo "-------------------------------------------"
sleep 1
else
echo "[✖] No se encontró 'admin-openrc.sh'."
exit 1
fi
# ===== Carpeta IMG para descargas =====
IMG_DIR="img"
echo "🔹 Verificando carpeta para imágenes..."
if [[ ! -d "$IMG_DIR" ]]; then
mkdir -p "$IMG_DIR"
echo "[✔] Carpeta creada: $IMG_DIR"
else
echo "[✔] Carpeta ya existente: $IMG_DIR"
fi
echo "-------------------------------------------"
sleep 1
# Flavors y sus recursos
declare -A FLAVORS_DEF=(
[XT_1CPU_1GB]="--ram 1024 --vcpus 1 --disk 10"
[T_1CPU_2GB]="--ram 2048 --vcpus 1 --disk 20"
[S_2CPU_4GB]="--ram 4096 --vcpus 2 --disk 40"
[M_4CPU_8GB]="--ram 8192 --vcpus 4 --disk 80"
[L_6CPU_12GB]="--ram 12288 --vcpus 6 --disk 120"
)
# Imágenes (ubicadas en img/)
UBUNTU_IMG="${IMG_DIR}/ubuntu-22.04.5-jammy.qcow2"
DEBIAN_IMG="${IMG_DIR}/debian-12-generic.qcow2"
KALI_IMG_RAW="${IMG_DIR}/disk.raw"
KALI_IMG_QCOW2="${IMG_DIR}/kali-linux-2025.2.qcow2"
KALI_TAR="${IMG_DIR}/kali-linux-2025.2-cloud-genericcloud-amd64.tar.xz"
# Redes
NETWORK_EXT_NAME="net_external_01"
SUBNET_EXT_NAME="subnet_net_external_01"
EXT_SUBNET_RANGE="10.0.2.0/24"
EXT_GATEWAY_IP="10.0.2.1"
NETWORK_PRIV="net_private_01"
SUBNET_PRIV="subnet_net_private_01"
PRIV_SUBNET_RANGE="192.168.100.0/24"
PRIV_GATEWAY_IP="192.168.100.1"
ROUTER_PRIV="router_private_01"
USE_EXTERNAL_NET=1
# Seguridad
SEC_GROUP="sg_basic"
RULES_TCP=(21 22 25 53 80 443 1514 1515 2222 5601 7443 8022 8834 8888 17443)
RULES_UDP=(1514 1515)
# Claves
SSH_KEY_NAME="my_key"
SSH_KEY_FILE="$HOME/.ssh/my_key"
# Compatibilidad con el resto del script
KEYPAIR="$SSH_KEY_NAME"
KEYPAIR_PRIV_FILE="$SSH_KEY_FILE"
KEYPAIR_PUB_FILE="${SSH_KEY_FILE}.pub"
PASS_FILE="set-password.yml"
# --------- FUNCIONES AUXILIARES -------------
die() {
echo "[✖] $*" >&2
exit 1
}
run_or_die() {
"$@" || die "Error ejecutando: $*"
}
find_existing_external_net() {
openstack network list --external -f value -c Name || return 1
}
echo "🔹 Iniciando comprobación de recursos en OpenStack..."
# ==============================================
# FLAVORS
# ==============================================
echo "🔹 Comprobando flavors..."
for flavor in "${!FLAVORS_DEF[@]}"; do
if openstack flavor show "$flavor" &>/dev/null; then
echo "[✔] Flavor existente: $flavor"
else
echo "[+] Creando flavor: $flavor (${FLAVORS_DEF[$flavor]})"
run_or_die openstack flavor create "$flavor" ${FLAVORS_DEF[$flavor]}
fi
done
# ==============================================
# IMÁGENES
# ==============================================
echo "🔹 Comprobando y creando imágenes (Ubuntu + Debian + Kali)..."
IMG_LIST=("ubuntu-22.04" "debian-12" "kali-linux")
for img_name in "${IMG_LIST[@]}"; do
if openstack image show "$img_name" &>/dev/null; then
echo "[✔] Imagen existente en OpenStack: $img_name"
continue
fi
case "$img_name" in
"ubuntu-22.04")
if [ ! -f "$UBUNTU_IMG" ]; then
echo "[+] Descargando Ubuntu 22.04.5..."
run_or_die wget -c \
https://cloud-images.ubuntu.com/jammy/current/jammy-server-cloudimg-amd64.img \
-O "$UBUNTU_IMG"
fi
IMG_FILE="$UBUNTU_IMG"
;;
"debian-12")
if [ ! -f "$DEBIAN_IMG" ]; then
echo "[+] Descargando Debian 12..."
run_or_die wget -c \
https://cloud.debian.org/images/cloud/bookworm/latest/debian-12-genericcloud-amd64.qcow2 \
-O "$DEBIAN_IMG"
fi
IMG_FILE="$DEBIAN_IMG"
;;
"kali-linux")
if [ ! -f "$KALI_IMG_QCOW2" ]; then
echo "[+] Descargando Kali Linux 2025.2..."
run_or_die wget -c \
https://kali.download/cloud-images/kali-2025.2/kali-linux-2025.2-cloud-genericcloud-amd64.tar.xz \
-O "$KALI_TAR"
echo "[+] Extrayendo disk.raw..."
run_or_die tar -xvf "$KALI_TAR" -C "$IMG_DIR"
if ! command -v qemu-img &>/dev/null; then
echo "[!] 'qemu-img' no está instalado. Instalando..."
sudo apt update && sudo apt install -y qemu-utils
fi
echo "[+] Convirtiendo disk.raw a QCOW2..."
run_or_die qemu-img convert -f raw -O qcow2 "$KALI_IMG_RAW" "$KALI_IMG_QCOW2"
fi
IMG_FILE="$KALI_IMG_QCOW2"
;;
esac
echo "[+] Creando imagen en OpenStack: $img_name"
run_or_die openstack image create "$img_name" \
--file "$IMG_FILE" \
--disk-format qcow2 \
--container-format bare
done
# ==============================================
# RED EXTERNA
# ==============================================
echo "🔹 Comprobando red externa..."
NETWORK_EXT_ID=""
if openstack network show "$NETWORK_EXT_NAME" &>/dev/null; then
echo "[✔] Red externa existente: $NETWORK_EXT_NAME"
NETWORK_EXT_ID=$(openstack network show "$NETWORK_EXT_NAME" -f value -c id)
else
echo "[+] Intentando crear red externa $NETWORK_EXT_NAME..."
if openstack network create "$NETWORK_EXT_NAME" \
--external \
--provider-physical-network physnet1 \
--provider-network-type flat >/tmp/net_create.log 2>&1; then
NETWORK_EXT_ID=$(openstack network show "$NETWORK_EXT_NAME" -f value -c id)
echo "[✔] Red externa creada: $NETWORK_EXT_NAME"
else
echo "[!] No se pudo crear la red externa (409 o physnet ocupado)."
EXISTING_EXT_NETS=$(find_existing_external_net)
if [ -z "$EXISTING_EXT_NETS" ]; then
USE_EXTERNAL_NET=0
NETWORK_EXT_ID=""
echo "[!] No hay redes externas disponibles. Continuando sin red externa."
else
NETWORK_EXT_NAME=$(echo "$EXISTING_EXT_NETS" | head -n1)
NETWORK_EXT_ID=$(openstack network show "$NETWORK_EXT_NAME" -f value -c id)
echo "[✔] Usando red externa existente: $NETWORK_EXT_NAME"
fi
fi
fi
if [ "$USE_EXTERNAL_NET" -eq 1 ]; then
if openstack subnet show "$SUBNET_EXT_NAME" &>/dev/null; then
echo "[✔] Subred externa existente: $SUBNET_EXT_NAME"
else
echo "[+] Creando subred externa $SUBNET_EXT_NAME..."
run_or_die openstack subnet create "$SUBNET_EXT_NAME" \
--network "$NETWORK_EXT_ID" \
--subnet-range "$EXT_SUBNET_RANGE" \
--gateway "$EXT_GATEWAY_IP" \
--dns-nameserver 8.8.8.8
fi
else
echo "[!] Saltando creación de subred externa."
fi
# ==============================================
# RED PRIVADA + ROUTER
# ==============================================
echo "🔹 Comprobando red privada..."
if openstack network show "$NETWORK_PRIV" &>/dev/null; then
echo "[✔] Red privada existente: $NETWORK_PRIV"
else
echo "[+] Creando red privada $NETWORK_PRIV..."
run_or_die openstack network create "$NETWORK_PRIV"
fi
if openstack subnet show "$SUBNET_PRIV" &>/dev/null; then
echo "[✔] Subred privada existente: $SUBNET_PRIV"
else
echo "[+] Creando subred privada $SUBNET_PRIV..."
run_or_die openstack subnet create "$SUBNET_PRIV" \
--network "$NETWORK_PRIV" \
--subnet-range "$PRIV_SUBNET_RANGE" \
--gateway "$PRIV_GATEWAY_IP" \
--dns-nameserver 8.8.8.8
fi
if openstack router show "$ROUTER_PRIV" &>/dev/null; then
echo "[✔] Router existente: $ROUTER_PRIV"
else
echo "[+] Creando router $ROUTER_PRIV..."
run_or_die openstack router create "$ROUTER_PRIV"
fi
echo "[+] Configurando gateway e interfaz del router..."
if [ "$USE_EXTERNAL_NET" -eq 1 ]; then
run_or_die openstack router set "$ROUTER_PRIV" --external-gateway "$NETWORK_EXT_ID"
fi
openstack router add subnet "$ROUTER_PRIV" "$SUBNET_PRIV" 2>/dev/null || \
echo "[!] La interfaz ya estaba añadida."
# ==============================================
# SECURITY GROUP
# ==============================================
echo "🔹 Comprobando grupo de seguridad..."
if openstack security group show "$SEC_GROUP" &>/dev/null; then
echo "[✔] Grupo existente: $SEC_GROUP"
else
echo "[+] Creando security group $SEC_GROUP..."
run_or_die openstack security group create "$SEC_GROUP"
fi
echo "[+] Configurando reglas de seguridad..."
for port in "${RULES_TCP[@]}"; do
if ! openstack security group rule list "$SEC_GROUP" -f value \
-c "Port Range" -c "IP Protocol" | grep -q "^$port:$port tcp$"; then
echo "[+] Añadiendo regla TCP para puerto $port..."
openstack security group rule create --proto tcp --dst-port "$port" "$SEC_GROUP" &>/dev/null
fi
done
for port in "${RULES_UDP[@]}"; do
if ! openstack security group rule list "$SEC_GROUP" -f value \
-c "Port Range" -c "IP Protocol" | grep -q "^$port:$port udp$"; then
echo "[+] Añadiendo regla UDP para puerto $port..."
openstack security group rule create --proto udp --dst-port "$port" "$SEC_GROUP" &>/dev/null
fi
done
if ! openstack security group rule list "$SEC_GROUP" -f value \
-c "IP Protocol" | grep -q "^icmp$"; then
echo "[+] Añadiendo regla ICMP..."
openstack security group rule create --proto icmp "$SEC_GROUP" &>/dev/null
fi
# ==============================================
# KEYPAIR
# ==============================================
echo "🔹 Gestionando keypair (.pem)..."
if openstack keypair show "$KEYPAIR" &>/dev/null; then
echo "[!] Keypair '$KEYPAIR' ya existe. Eliminando..."
openstack keypair delete "$KEYPAIR"
fi
if [[ -f "$KEYPAIR_PRIV_FILE" ]]; then rm -f "$KEYPAIR_PRIV_FILE"; fi
if [[ -f "$KEYPAIR_PUB_FILE" ]]; then rm -f "$KEYPAIR_PUB_FILE"; fi
echo "[+] Generando nuevo par de claves..."
ssh-keygen -t rsa -b 4096 -m PEM \
-f "$KEYPAIR_PRIV_FILE" -N "" -C "key for OpenStack"
chmod 400 "$KEYPAIR_PRIV_FILE"
chmod 644 "$KEYPAIR_PUB_FILE"
openstack keypair create --public-key "$KEYPAIR_PUB_FILE" "$KEYPAIR"
# ==============================================
# CLOUD-INIT
# ==============================================
if [ ! -f "$PASS_FILE" ]; then
echo "[+] Creando fichero cloud-init por defecto..."
cat > "$PASS_FILE" << EOF
#cloud-config
password: nics2025!
chpasswd: { expire: False }
ssh_pwauth: True
EOF
fi
echo
echo "[✔] Comprobación y creación de recursos completada."
echo "Ejemplo para lanzar una instancia:"
echo "[➜] openstack server create \\"
echo " --flavor T_1CPU_2GB \\"
echo " --image ubuntu-22.04 \\"
echo " --network $NETWORK_PRIV \\"
echo " --security-group $SEC_GROUP \\"
echo " --key-name $KEYPAIR \\"
echo " --user-data $PASS_FILE \\"
echo " mi_instancia_01"