X-Git-Url: https://osm.etsi.org/gitweb/?p=osm%2FN2VC.git;a=blobdiff_plain;f=n2vc%2Fprovisioner.py;h=e2b51b96599fb20417a52bf3957dbd433d5dac5a;hp=c4d8b5b1df1db724b8aaabe5c946723d6f3da1f1;hb=979c54e4633964caf15a0f7e157be75a08cb0723;hpb=ba6e532cda6464759381585452b18f9fd1a19dd3 diff --git a/n2vc/provisioner.py b/n2vc/provisioner.py index c4d8b5b..e2b51b9 100644 --- a/n2vc/provisioner.py +++ b/n2vc/provisioner.py @@ -41,9 +41,9 @@ def normalize_arch(rawArch): DETECTION_SCRIPT = """#!/bin/bash set -e os_id=$(grep '^ID=' /etc/os-release | tr -d '"' | cut -d= -f2) -if [ "$os_id" = 'centos' ]; then +if [ "$os_id" = 'centos' ] || [ "$os_id" = 'rhel' ] ; then os_version=$(grep '^VERSION_ID=' /etc/os-release | tr -d '"' | cut -d= -f2) - echo "centos$os_version" + echo "$os_id$os_version" else lsb_release -cs fi @@ -74,6 +74,17 @@ iptables -t nat -A OUTPUT -p tcp -d {} -j DNAT --to-destination {} netfilter-persistent save """ +IPTABLES_SCRIPT_RHEL = """#!/bin/bash +set -e +[ -v `which firewalld` ] && yum install -q -y firewalld +systemctl is-active --quiet firewalld || systemctl start firewalld \ + && firewall-cmd --permanent --zone=public --set-target=ACCEPT +systemctl is-enabled --quiet firewalld || systemctl enable firewalld +firewall-cmd --direct --permanent --add-rule ipv4 nat OUTPUT 0 -d {} -p tcp \ + -j DNAT --to-destination {} +firewall-cmd --reload +""" + class AsyncSSHProvisioner: """Provision a manually created machine via SSH.""" @@ -239,7 +250,8 @@ class AsyncSSHProvisioner: params.series = hw["series"] params.instance_id = "manual:{}".format(self.host) params.nonce = "manual:{}:{}".format( - self.host, str(uuid.uuid4()), + self.host, + str(uuid.uuid4()), ) # a nop for Juju w/manual machines params.hardware_characteristics = { "arch": hw["arch"], @@ -250,12 +262,15 @@ class AsyncSSHProvisioner: return params - async def install_agent(self, connection, nonce, machine_id, proxy=None): + async def install_agent( + self, connection, nonce, machine_id, proxy=None, series=None + ): """ :param object connection: Connection to Juju API :param str nonce: The nonce machine specification :param str machine_id: The id assigned to the machine :param str proxy: IP of the API_PROXY + :param str series: OS name :return: bool: If the initialization was successful """ @@ -285,7 +300,9 @@ class AsyncSSHProvisioner: - '[::1]:17070' """ if proxy: - m = re.search(r"apiaddresses:\n- (\d+\.\d+\.\d+\.\d+):17070", results.script) + m = re.search( + r"apiaddresses:\n- (\d+\.\d+\.\d+\.\d+):17070", results.script + ) apiaddress = m.group(1) """Add IP Table rule @@ -297,7 +314,10 @@ class AsyncSSHProvisioner: iptables rule, routing traffic to the appropriate LXD container. """ - script = IPTABLES_SCRIPT.format(apiaddress, proxy) + if series and ("centos" in series or "rhel" in series): + script = IPTABLES_SCRIPT_RHEL.format(apiaddress, proxy) + else: + script = IPTABLES_SCRIPT.format(apiaddress, proxy) # Run this in a retry loop, because dpkg may be running and cause the # script to fail. @@ -311,7 +331,10 @@ class AsyncSSHProvisioner: stdout, stderr = await self._run_configure_script(script) break except Exception as e: - self.log.debug("Waiting for dpkg, sleeping {} seconds".format(delay)) + self.log.debug( + "Waiting for DNAT rules to be applied and saved, " + "sleeping {} seconds".format(delay) + ) if attempts > retry: raise e else: