X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FN2VC.git;a=blobdiff_plain;f=n2vc%2Fprovisioner.py;h=91d5c0443ca0a79a513755993f775d3c8096edff;hp=c4d8b5b1df1db724b8aaabe5c946723d6f3da1f1;hb=6cabdfb2969697b0852e812dad662ac865eec448;hpb=e8102d9e28e5c502fc66ca842d14e1ad29efbfda

diff --git a/n2vc/provisioner.py b/n2vc/provisioner.py
index c4d8b5b..91d5c04 100644
--- a/n2vc/provisioner.py
+++ b/n2vc/provisioner.py
@@ -41,9 +41,9 @@ def normalize_arch(rawArch):
 DETECTION_SCRIPT = """#!/bin/bash
 set -e
 os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
-if [ "$os_id" = 'centos' ]; then
+if [ "$os_id" = 'centos' ] || [ "$os_id" = 'rhel' ] ; then
   os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2)
-  echo "centos$os_version"
+  echo "$os_id$os_version"
 else
   lsb_release -cs
 fi
@@ -74,6 +74,17 @@ iptables -t nat -A OUTPUT -p tcp -d {} -j DNAT --to-destination {}
 netfilter-persistent save
 """
 
+IPTABLES_SCRIPT_RHEL = """#!/bin/bash
+set -e
+[ -v `which firewalld` ] && yum install -q -y firewalld
+systemctl is-active --quiet firewalld || systemctl start firewalld \
+    && firewall-cmd --permanent --zone=public --set-target=ACCEPT
+systemctl is-enabled --quiet firewalld || systemctl enable firewalld
+firewall-cmd --direct --permanent --add-rule ipv4 nat OUTPUT 0 -d {} -p tcp \
+    -j DNAT --to-destination {}
+firewall-cmd --reload
+"""
+
 
 class AsyncSSHProvisioner:
     """Provision a manually created machine via SSH."""
@@ -250,12 +261,13 @@ class AsyncSSHProvisioner:
 
         return params
 
-    async def install_agent(self, connection, nonce, machine_id, proxy=None):
+    async def install_agent(self, connection, nonce, machine_id, proxy=None, series=None):
         """
         :param object connection: Connection to Juju API
         :param str nonce: The nonce machine specification
         :param str machine_id: The id assigned to the machine
         :param str proxy: IP of the API_PROXY
+        :param str series: OS name
 
         :return: bool: If the initialization was successful
         """
@@ -297,7 +309,10 @@ class AsyncSSHProvisioner:
             iptables rule, routing traffic to the appropriate LXD container.
             """
 
-            script = IPTABLES_SCRIPT.format(apiaddress, proxy)
+            if series and ("centos" in series or "rhel" in series):
+                script = IPTABLES_SCRIPT_RHEL.format(apiaddress, proxy)
+            else:
+                script = IPTABLES_SCRIPT.format(apiaddress, proxy)
 
             # Run this in a retry loop, because dpkg may be running and cause the
             # script to fail.
@@ -311,7 +326,8 @@ class AsyncSSHProvisioner:
                     stdout, stderr = await self._run_configure_script(script)
                     break
                 except Exception as e:
-                    self.log.debug("Waiting for dpkg, sleeping {} seconds".format(delay))
+                    self.log.debug("Waiting for DNAT rules to be applied and saved, "
+                                   "sleeping {} seconds".format(delay))
                     if attempts > retry:
                         raise e
                     else: