fix 1208: add native charm support for rhel and fix centos support

The commit adds SO discovery support for rhel and adds a script to
add a DNAT rule to rhel and centos images.

There are some things that needs to be taken in acount.
- It uses firewalld, wich is the default firewall for centos and rhel,
  instead of iptables. This may break some thinghs if the image uses
  iptables.
- If firewalld is not actibe it assumes that the VM is not using it,
  so it creates a input rule to accept all incoming conections
  (by default rejects all). If the firewall was not enabled, with
  accept all it should have the same behavior.

Change-Id: I29c9781d354c4e8268e19f64dcc9568d725a0de3
Signed-off-by: endika <endika.aldecoa@ehu.eus>
(cherry picked from commit f97b231c021d082f5f56ac88804af3d73be2caa9)

diff --git a/n2vc/libjuju.py b/n2vc/libjuju.py
index e5a8c61..86a4b04 100644 (file)
--- a/n2vc/libjuju.py
+++ b/n2vc/libjuju.py
@@ -440,6 +440,7 @@ class Libjuju:
                     nonce=params.nonce,
                     machine_id=machine_id,
                     proxy=self.api_proxy,
+                    series=params.series,
                 )
             )
 

diff --git a/n2vc/provisioner.py b/n2vc/provisioner.py
index c4d8b5b..91d5c04 100644 (file)
--- a/n2vc/provisioner.py
+++ b/n2vc/provisioner.py
@@ -41,9 +41,9 @@ def normalize_arch(rawArch):
 DETECTION_SCRIPT = """#!/bin/bash
 set -e
 os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
-if [ "$os_id" = 'centos' ]; then
+if [ "$os_id" = 'centos' ] || [ "$os_id" = 'rhel' ] ; then
   os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
-  echo "centos$os_version"
+  echo "$os_id$os_version"
 else
   lsb_release -cs
 fi
@@ -74,6 +74,17 @@ iptables -t nat -A OUTPUT -p tcp -d {} -j DNAT --to-destination {}
 netfilter-persistent save
 """
 
+IPTABLES_SCRIPT_RHEL = """#!/bin/bash
+set -e
+[ -v `which firewalld` ] && yum install -q -y firewalld
+systemctl is-active --quiet firewalld || systemctl start firewalld \
+    && firewall-cmd --permanent --zone=public --set-target=ACCEPT
+systemctl is-enabled --quiet firewalld || systemctl enable firewalld
+firewall-cmd --direct --permanent --add-rule ipv4 nat OUTPUT 0 -d {} -p tcp \
+    -j DNAT --to-destination {}
+firewall-cmd --reload
+"""
+
 
 class AsyncSSHProvisioner:
     """Provision a manually created machine via SSH."""
@@ -250,12 +261,13 @@ class AsyncSSHProvisioner:
 
         return params
 
-    async def install_agent(self, connection, nonce, machine_id, proxy=None):
+    async def install_agent(self, connection, nonce, machine_id, proxy=None, series=None):
         """
         :param object connection: Connection to Juju API
         :param str nonce: The nonce machine specification
         :param str machine_id: The id assigned to the machine
         :param str proxy: IP of the API_PROXY
+        :param str series: OS name
 
         :return: bool: If the initialization was successful
         """
@@ -297,7 +309,10 @@ class AsyncSSHProvisioner:
             iptables rule, routing traffic to the appropriate LXD container.
             """
 
-            script = IPTABLES_SCRIPT.format(apiaddress, proxy)
+            if series and ("centos" in series or "rhel" in series):
+                script = IPTABLES_SCRIPT_RHEL.format(apiaddress, proxy)
+            else:
+                script = IPTABLES_SCRIPT.format(apiaddress, proxy)
 
             # Run this in a retry loop, because dpkg may be running and cause the
             # script to fail.
@@ -311,7 +326,8 @@ class AsyncSSHProvisioner:
                     stdout, stderr = await self._run_configure_script(script)
                     break
                 except Exception as e:
-                    self.log.debug("Waiting for dpkg, sleeping {} seconds".format(delay))
+                    self.log.debug("Waiting for DNAT rules to be applied and saved, "
+                                   "sleeping {} seconds".format(delay))
                     if attempts > retry:
                         raise e
                     else: