#!/bin/bash # setup-openstack-secgroup.sh — Create an OpenStack security group for opencode-devbox # # Prerequisites: # - OpenStack CLI installed (pip install python-openstackclient) # - Authenticated (source your openrc.sh or clouds.yaml configured) # # Usage: # ./setup-openstack-secgroup.sh [group-name] # # Default group name: opencode-devbox set -euo pipefail GROUP_NAME="${1:-opencode-devbox}" BOLD="\033[1m"; GREEN="\033[32m"; YELLOW="\033[33m"; RESET="\033[0m" info() { echo -e "${BOLD}==>${RESET} $*"; } ok() { echo -e "${GREEN}${BOLD}✓${RESET} $*"; } warn() { echo -e "${YELLOW}${BOLD}!${RESET} $*"; } if ! command -v openstack &>/dev/null; then echo "Error: openstack CLI not found. Install with: pip install python-openstackclient" exit 1 fi # Check if group already exists if openstack security group show "$GROUP_NAME" &>/dev/null; then warn "Security group '$GROUP_NAME' already exists — updating rules" else info "Creating security group '$GROUP_NAME'..." openstack security group create "$GROUP_NAME" \ --description "opencode-devbox: SSH, mosh, HTTPS" ok "Security group created" fi # Add rules (idempotent — OpenStack ignores duplicates) info "Adding rules..." # SSH (TCP 22) openstack security group rule create "$GROUP_NAME" \ --protocol tcp --dst-port 22 --remote-ip 0.0.0.0/0 \ --description "SSH" 2>/dev/null && ok "SSH (TCP 22)" || warn "SSH rule already exists" # Mosh (UDP 60000-61000) openstack security group rule create "$GROUP_NAME" \ --protocol udp --dst-port 60000:61000 --remote-ip 0.0.0.0/0 \ --description "mosh" 2>/dev/null && ok "mosh (UDP 60000-61000)" || warn "mosh rule already exists" # ICMP (ping — useful for diagnostics) openstack security group rule create "$GROUP_NAME" \ --protocol icmp --remote-ip 0.0.0.0/0 \ --description "ICMP ping" 2>/dev/null && ok "ICMP ping" || warn "ICMP rule already exists" echo "" ok "Security group '$GROUP_NAME' ready" echo "" echo -e "${BOLD}Apply to a new instance:${RESET}" echo " openstack server create --security-group $GROUP_NAME ..." echo "" echo -e "${BOLD}Apply to an existing instance:${RESET}" echo " openstack server add security group $GROUP_NAME" echo ""