The commit adds SO discovery support for rhel and adds a script to
add a DNAT rule to rhel and centos images.
There are some things that needs to be taken in acount.
- It uses firewalld, wich is the default firewall for centos and rhel,
instead of iptables. This may break some thinghs if the image uses
iptables.
- If firewalld is not actibe it assumes that the VM is not using it,
so it creates a input rule to accept all incoming conections
(by default rejects all). If the firewall was not enabled, with
accept all it should have the same behavior.
Change-Id: I29c9781d354c4e8268e19f64dcc9568d725a0de3
Signed-off-by: endika <endika.aldecoa@ehu.eus>
(cherry picked from commit
f97b231c021d082f5f56ac88804af3d73be2caa9)
nonce=params.nonce,
machine_id=machine_id,
proxy=self.api_proxy,
nonce=params.nonce,
machine_id=machine_id,
proxy=self.api_proxy,
DETECTION_SCRIPT = """#!/bin/bash
set -e
os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
DETECTION_SCRIPT = """#!/bin/bash
set -e
os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
-if [ "$os_id" = 'centos' ]; then
+if [ "$os_id" = 'centos' ] || [ "$os_id" = 'rhel' ] ; then
os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
- echo "centos$os_version"
+ echo "$os_id$os_version"
netfilter-persistent save
"""
netfilter-persistent save
"""
+IPTABLES_SCRIPT_RHEL = """#!/bin/bash
+set -e
+[ -v `which firewalld` ] && yum install -q -y firewalld
+systemctl is-active --quiet firewalld || systemctl start firewalld \
+ && firewall-cmd --permanent --zone=public --set-target=ACCEPT
+systemctl is-enabled --quiet firewalld || systemctl enable firewalld
+firewall-cmd --direct --permanent --add-rule ipv4 nat OUTPUT 0 -d {} -p tcp \
+ -j DNAT --to-destination {}
+firewall-cmd --reload
+"""
+
class AsyncSSHProvisioner:
"""Provision a manually created machine via SSH."""
class AsyncSSHProvisioner:
"""Provision a manually created machine via SSH."""
- async def install_agent(self, connection, nonce, machine_id, proxy=None):
+ async def install_agent(self, connection, nonce, machine_id, proxy=None, series=None):
"""
:param object connection: Connection to Juju API
:param str nonce: The nonce machine specification
:param str machine_id: The id assigned to the machine
:param str proxy: IP of the API_PROXY
"""
:param object connection: Connection to Juju API
:param str nonce: The nonce machine specification
:param str machine_id: The id assigned to the machine
:param str proxy: IP of the API_PROXY
+ :param str series: OS name
:return: bool: If the initialization was successful
"""
:return: bool: If the initialization was successful
"""
iptables rule, routing traffic to the appropriate LXD container.
"""
iptables rule, routing traffic to the appropriate LXD container.
"""
- script = IPTABLES_SCRIPT.format(apiaddress, proxy)
+ if series and ("centos" in series or "rhel" in series):
+ script = IPTABLES_SCRIPT_RHEL.format(apiaddress, proxy)
+ else:
+ script = IPTABLES_SCRIPT.format(apiaddress, proxy)
# Run this in a retry loop, because dpkg may be running and cause the
# script to fail.
# Run this in a retry loop, because dpkg may be running and cause the
# script to fail.
stdout, stderr = await self._run_configure_script(script)
break
except Exception as e:
stdout, stderr = await self._run_configure_script(script)
break
except Exception as e:
- self.log.debug("Waiting for dpkg, sleeping {} seconds".format(delay))
+ self.log.debug("Waiting for DNAT rules to be applied and saved, "
+ "sleeping {} seconds".format(delay))
if attempts > retry:
raise e
else:
if attempts > retry:
raise e
else: