#!/bin/sh

set -e

#######################
### SECURITY GROUPS ###
#######################
### Create the security groups
if ! [ -r /root/octavia-openrc ] ; then
	echo "Cannot read /root/octavia-openrc: exiting."
	exit 1
fi

. /root/octavia-openrc

LB_MGMT_SEC_GRP=$(openstack security group list --format csv | q -H -d, "SELECT ID FROM - WHERE Name='lb-mgmt-sec-grp'")
if [ -z "${LB_MGMT_SEC_GRP}" ] ; then
	openstack security group create lb-mgmt-sec-grp
	openstack security group rule create --protocol icmp lb-mgmt-sec-grp
	openstack security group rule create --protocol tcp --dst-port 22 lb-mgmt-sec-grp
	openstack security group rule create --protocol tcp --dst-port 9443 lb-mgmt-sec-grp
	openstack security group rule create --protocol icmpv6 --ethertype IPv6 --remote-ip ::/0 lb-mgmt-sec-grp
	openstack security group rule create --protocol tcp --dst-port 22 --ethertype IPv6 --remote-ip ::/0 lb-mgmt-sec-grp
	openstack security group rule create --protocol tcp --dst-port 9443 --ethertype IPv6 --remote-ip ::/0 lb-mgmt-sec-grp
	LB_MGMT_SEC_GRP=$(openstack security group show lb-mgmt-sec-grp -f value -c id 2>/dev/null)
fi

LB_HEALTH_MGR_SEC_GRP=$(openstack security group list --format csv | q -H -d, "SELECT ID FROM - WHERE Name='lb-health-mgr-sec-grp'")
if [ -z "${LB_HEALTH_MGR_SEC_GRP}" ] ; then
	openstack security group create lb-health-mgr-sec-grp
	openstack security group rule create --protocol udp --dst-port 5555 lb-health-mgr-sec-grp
	openstack security group rule create --protocol udp --dst-port 5555 --ethertype IPv6 --remote-ip ::/0 lb-health-mgr-sec-grp
	LB_HEALTH_MGR_SEC_GRP=$(openstack security group show lb-health-mgr-sec-grp -f value -c id 2>/dev/null)
fi
