Add firewall config, and autostart VM's
diff --git a/roles/juju-setup/files/daemon b/roles/juju-setup/files/daemon
new file mode 100644
index 0000000..8d9102b
--- /dev/null
+++ b/roles/juju-setup/files/daemon
@@ -0,0 +1,40 @@
+#!/bin/sh
+
+SHELL="/bin/bash"
+
+NIC=$( route|grep default|awk '{print $NF}' )
+
+NAME="${1}"
+OP="${2}"
+SUBOP="${3}"
+ARGS="${4}"
+
+add_port_fwd_rule() {
+ DPORT=$1
+ VM=$2
+ TOPORT=$3
+
+ VMIP=$( getent ahosts $VM|head -1|awk '{print $1}' )
+ iptables -t nat -C PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
+ if [ "$?" -ne 0 ]
+ then
+ iptables -t nat -A PREROUTING -p tcp -i $NIC --dport $DPORT -j DNAT --to-destination $VMIP:$TOPORT
+ fi
+}
+
+if [ "$OP" = "start" ] || [ "$OP" = "reload" ]
+then
+ iptables -t nat -F
+ add_port_fwd_rule 35357 keystone 35357
+ add_port_fwd_rule 4990 keystone 4990
+ add_port_fwd_rule 5000 keystone 5000
+ add_port_fwd_rule 8774 nova-cloud-controller 8774
+ add_port_fwd_rule 9696 neutron-api 9696
+ add_port_fwd_rule 9292 glance 9292
+ add_port_fwd_rule 8080 openstack-dashboard 80
+ add_port_fwd_rule 3128 nagios 80
+ add_port_fwd_rule 8777 ceilometer 8777
+
+ # Also flush the filter table before rules re-added
+ iptables -F
+fi
diff --git a/roles/juju-setup/files/qemu b/roles/juju-setup/files/qemu
new file mode 100644
index 0000000..1c947f9
--- /dev/null
+++ b/roles/juju-setup/files/qemu
@@ -0,0 +1,44 @@
+#!/bin/sh
+
+SHELL="/bin/bash"
+
+NIC=$( route|grep default|awk '{print $NF}' )
+PORTAL=$( dig +short portal.opencloud.us | tail -1 )
+
+NAME="${1}"
+OP="${2}"
+SUBOP="${3}"
+ARGS="${4}"
+
+add_rule() {
+ CHAIN=$1
+ ARGS=$2
+ iptables -C $CHAIN $ARGS
+ if [ "$?" -ne 0 ]
+ then
+ iptables -I $CHAIN 1 $ARGS
+ fi
+}
+
+add_local_access_rules() {
+ SUBNET=$( ip addr show $NIC|grep "inet "|awk '{print $2}' )
+ PRIVATENET=$( ip addr show virbr0|grep "inet "|awk '{print $2}' )
+ add_rule "FORWARD" "-s $SUBNET -j ACCEPT"
+ # Don't NAT traffic from service VMs destined to the local subnet
+ add_rule "POSTROUTING" "-t nat -s $PRIVATENET -d $SUBNET -j RETURN"
+}
+
+add_portal_access_rules() {
+ add_rule "FORWARD" "-s $PORTAL -j ACCEPT"
+}
+
+add_web_access_rules() {
+ add_rule "FORWARD" "-p tcp --dport 80 -j ACCEPT"
+}
+
+if [ "$OP" = "start" ]
+then
+ add_local_access_rules
+ add_portal_access_rules
+ add_web_access_rules
+fi