From: endika Date: Wed, 16 Sep 2020 13:41:18 +0000 (+0200) Subject: fix 1208: add native charm support for rhel and fix centos support X-Git-Tag: branch-bug1511-start^0 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=refs%2Fchanges%2F39%2F10439%2F3;p=osm%2FN2VC.git fix 1208: add native charm support for rhel and fix centos support The commit adds SO discovery support for rhel and adds a script to add a DNAT rule to rhel and centos images. There are some things that needs to be taken in acount. - It uses firewalld, wich is the default firewall for centos and rhel, instead of iptables. This may break some thinghs if the image uses iptables. - If firewalld is not actibe it assumes that the VM is not using it, so it creates a input rule to accept all incoming conections (by default rejects all). If the firewall was not enabled, with accept all it should have the same behavior. Change-Id: I29c9781d354c4e8268e19f64dcc9568d725a0de3 Signed-off-by: endika (cherry picked from commit f97b231c021d082f5f56ac88804af3d73be2caa9) --- diff --git a/n2vc/libjuju.py b/n2vc/libjuju.py index e5a8c61..86a4b04 100644 --- a/n2vc/libjuju.py +++ b/n2vc/libjuju.py @@ -440,6 +440,7 @@ class Libjuju: nonce=params.nonce, machine_id=machine_id, proxy=self.api_proxy, + series=params.series, ) ) diff --git a/n2vc/provisioner.py b/n2vc/provisioner.py index c4d8b5b..91d5c04 100644 --- a/n2vc/provisioner.py +++ b/n2vc/provisioner.py @@ -41,9 +41,9 @@ def normalize_arch(rawArch): DETECTION_SCRIPT = """#!/bin/bash set -e os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2) -if [ "$os_id" = 'centos' ]; then +if [ "$os_id" = 'centos' ] || [ "$os_id" = 'rhel' ] ; then os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2) - echo "centos$os_version" + echo "$os_id$os_version" else lsb_release -cs fi @@ -74,6 +74,17 @@ iptables -t nat -A OUTPUT -p tcp -d {} -j DNAT --to-destination {} netfilter-persistent save """ +IPTABLES_SCRIPT_RHEL = """#!/bin/bash +set -e +[ -v `which firewalld` ] && yum install -q -y firewalld +systemctl is-active --quiet firewalld || systemctl start firewalld \ + && firewall-cmd --permanent --zone=public --set-target=ACCEPT +systemctl is-enabled --quiet firewalld || systemctl enable firewalld +firewall-cmd --direct --permanent --add-rule ipv4 nat OUTPUT 0 -d {} -p tcp \ + -j DNAT --to-destination {} +firewall-cmd --reload +""" + class AsyncSSHProvisioner: """Provision a manually created machine via SSH.""" @@ -250,12 +261,13 @@ class AsyncSSHProvisioner: return params - async def install_agent(self, connection, nonce, machine_id, proxy=None): + async def install_agent(self, connection, nonce, machine_id, proxy=None, series=None): """ :param object connection: Connection to Juju API :param str nonce: The nonce machine specification :param str machine_id: The id assigned to the machine :param str proxy: IP of the API_PROXY + :param str series: OS name :return: bool: If the initialization was successful """ @@ -297,7 +309,10 @@ class AsyncSSHProvisioner: iptables rule, routing traffic to the appropriate LXD container. """ - script = IPTABLES_SCRIPT.format(apiaddress, proxy) + if series and ("centos" in series or "rhel" in series): + script = IPTABLES_SCRIPT_RHEL.format(apiaddress, proxy) + else: + script = IPTABLES_SCRIPT.format(apiaddress, proxy) # Run this in a retry loop, because dpkg may be running and cause the # script to fail. @@ -311,7 +326,8 @@ class AsyncSSHProvisioner: stdout, stderr = await self._run_configure_script(script) break except Exception as e: - self.log.debug("Waiting for dpkg, sleeping {} seconds".format(delay)) + self.log.debug("Waiting for DNAT rules to be applied and saved, " + "sleeping {} seconds".format(delay)) if attempts > retry: raise e else: