vcl-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From acob...@apache.org
Subject svn commit: r1503914 - /vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
Date Tue, 16 Jul 2013 21:51:02 GMT
Author: acoburn
Date: Tue Jul 16 21:51:01 2013
New Revision: 1503914

URL: http://svn.apache.org/r1503914
Log:
VCL-712

Added local version of firewall_compare_update to 2.3 bugfix line


Modified:
    vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm

Modified: vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL: http://svn.apache.org/viewvc/vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=1503914&r1=1503913&r2=1503914&view=diff
==============================================================================
--- vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm (original)
+++ vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm Tue Jul
16 21:51:01 2013
@@ -1220,6 +1220,99 @@ sub restart_network_interface {
    return 1;
 }
 
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 firewall_compare_update
+
+ Parameters  : @scope_strings
+ Returns     : 0 , 1
+ Description : Compare iptables for listed remote IP address in reservation
+
+=cut
+
+sub firewall_compare_update  {
+	my $self = shift;
+   if (ref($self) !~ /linux/i) {
+      notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called
as a class method");
+      return;
+   }
+	
+	# Check to see if this distro has iptables
+   # If not return 1 so it does not fail
+   if (!($self->service_exists("ufw"))) {
+      notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this OS");
+      return 1;
+   }
+	
+	my $computer_node_name = $self->data->get_computer_node_name();
+   my $imagerevision_id   = $self->data->get_imagerevision_id();
+	my $remote_ip 			  = $self->data->get_reservation_remote_ip();
+	
+	#collect connection_methods
+	#collect firewall_config
+	#For each port defined in connection_methods
+	#compare rule source address with remote_IP address
+	
+   # Retrieve the connect method info hash
+   my $connect_method_info = get_connect_method_info($imagerevision_id);
+   if (!$connect_method_info) {
+      notify($ERRORS{'WARNING'}, 0, "no connect methods are configured for image revision
$imagerevision_id");
+      return;
+   }
+
+	# Retrieve the firewall configuration
+   my $INPUT_CHAIN = "INPUT";
+   my $firewall_configuration = $self->get_firewall_configuration() || return;	
+		
+	for my $connect_method_id (sort keys %{$connect_method_info} ) {
+             
+        my $name            = $connect_method_info->{$connect_method_id}{name};
+        my $description     = $connect_method_info->{$connect_method_id}{description};
+        my $protocol        = $connect_method_info->{$connect_method_id}{protocol} ||
'TCP';
+        my $port            = $connect_method_info->{$connect_method_id}{port};
+		my $scope;
+	
+		$protocol = lc($protocol);
+		
+		for my $num (sort keys %{$firewall_configuration->{$INPUT_CHAIN}} ) {
+			my $existing_scope = $firewall_configuration->{$INPUT_CHAIN}{$num}{$protocol}{$port}{scope}
|| '';
+			if(!$existing_scope ) {
+
+			}
+			else {
+				my $parsed_existing_scope = $self->parse_firewall_scope($existing_scope);
+				if (!$parsed_existing_scope) {
+                    notify($ERRORS{'WARNING'}, 0, "failed to parse existing firewall scope:
'$existing_scope'");
+                    return;
+                }	
+				$scope = $self->parse_firewall_scope("$remote_ip,$existing_scope");
+                if (!$scope) {
+                    notify($ERRORS{'WARNING'}, 0, "failed to parse firewall scope argument
appended with existing scope: '$remote_ip,$existing_scope'");
+                    return;
+                }
+                
+                if ($scope eq $parsed_existing_scope) {
+                    notify($ERRORS{'DEBUG'}, 0, "firewall is already open on $computer_node_name,
existing scope matches scope argument:\n" .
+                   "name: '$name'\n" .
+                   "protocol: $protocol\n" .
+                   "port/type: $port\n" .
+                   "scope: $scope\n");
+                    return 1;
+                }
+                else {
+                    if ($self->enable_firewall_port($protocol, $port, "$remote_ip/24",
0)) {
+                       notify($ERRORS{'OK'}, 0, "opened firewall port $port on $computer_node_name
for $remote_ip $name connect method");
+                    }
+                }
+			}			
+		}
+	}
+
+	return 1;	
+
+}
+
 #/////////////////////////////////////////////////////////////////////////////
 
 =head2 activate_interfaces



Mime
View raw message