fix 1208: add native charm support for rhel and fix centos support
The commit adds SO discovery support for rhel and adds a script to
add a DNAT rule to rhel and centos images.
There are some things that needs to be taken in acount.
- It uses firewalld, wich is the default firewall for centos and rhel,
instead of iptables. This may break some thinghs if the image uses
iptables.
- If firewalld is not actibe it assumes that the VM is not using it,
so it creates a input rule to accept all incoming conections
(by default rejects all). If the firewall was not enabled, with
accept all it should have the same behavior.
Change-Id: I29c9781d354c4e8268e19f64dcc9568d725a0de3
Signed-off-by: endika <endika.aldecoa@ehu.eus>
(cherry picked from commit f97b231c021d082f5f56ac88804af3d73be2caa9)
diff --git a/n2vc/libjuju.py b/n2vc/libjuju.py
index e5a8c61..86a4b04 100644
--- a/n2vc/libjuju.py
+++ b/n2vc/libjuju.py
@@ -440,6 +440,7 @@
nonce=params.nonce,
machine_id=machine_id,
proxy=self.api_proxy,
+ series=params.series,
)
)
diff --git a/n2vc/provisioner.py b/n2vc/provisioner.py
index c4d8b5b..91d5c04 100644
--- a/n2vc/provisioner.py
+++ b/n2vc/provisioner.py
@@ -41,9 +41,9 @@
DETECTION_SCRIPT = """#!/bin/bash
set -e
os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
-if [ "$os_id" = 'centos' ]; then
+if [ "$os_id" = 'centos' ] || [ "$os_id" = 'rhel' ] ; then
os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
- echo "centos$os_version"
+ echo "$os_id$os_version"
else
lsb_release -cs
fi
@@ -74,6 +74,17 @@
netfilter-persistent save
"""
+IPTABLES_SCRIPT_RHEL = """#!/bin/bash
+set -e
+[ -v `which firewalld` ] && yum install -q -y firewalld
+systemctl is-active --quiet firewalld || systemctl start firewalld \
+ && firewall-cmd --permanent --zone=public --set-target=ACCEPT
+systemctl is-enabled --quiet firewalld || systemctl enable firewalld
+firewall-cmd --direct --permanent --add-rule ipv4 nat OUTPUT 0 -d {} -p tcp \
+ -j DNAT --to-destination {}
+firewall-cmd --reload
+"""
+
class AsyncSSHProvisioner:
"""Provision a manually created machine via SSH."""
@@ -250,12 +261,13 @@
return params
- async def install_agent(self, connection, nonce, machine_id, proxy=None):
+ async def install_agent(self, connection, nonce, machine_id, proxy=None, series=None):
"""
:param object connection: Connection to Juju API
:param str nonce: The nonce machine specification
:param str machine_id: The id assigned to the machine
:param str proxy: IP of the API_PROXY
+ :param str series: OS name
:return: bool: If the initialization was successful
"""
@@ -297,7 +309,10 @@
iptables rule, routing traffic to the appropriate LXD container.
"""
- script = IPTABLES_SCRIPT.format(apiaddress, proxy)
+ if series and ("centos" in series or "rhel" in series):
+ script = IPTABLES_SCRIPT_RHEL.format(apiaddress, proxy)
+ else:
+ script = IPTABLES_SCRIPT.format(apiaddress, proxy)
# Run this in a retry loop, because dpkg may be running and cause the
# script to fail.
@@ -311,7 +326,8 @@
stdout, stderr = await self._run_configure_script(script)
break
except Exception as e:
- self.log.debug("Waiting for dpkg, sleeping {} seconds".format(delay))
+ self.log.debug("Waiting for DNAT rules to be applied and saved, "
+ "sleeping {} seconds".format(delay))
if attempts > retry:
raise e
else: