You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by an...@apache.org on 2012/09/27 02:42:43 UTC
[4/7] git commit: open port 3922 on correct eth device
open port 3922 on correct eth device
Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/946295b1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/946295b1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/946295b1
Branch: refs/heads/master
Commit: 946295b1140d4d2dc0063b4c6c7ab763e9254fbd
Parents: 915babd
Author: Anthony Xu <an...@cloud.com>
Authored: Wed Sep 26 12:42:17 2012 -0700
Committer: Anthony Xu <an...@cloud.com>
Committed: Wed Sep 26 17:42:42 2012 -0700
----------------------------------------------------------------------
.../debian/config/etc/init.d/cloud-early-config | 36 ++++++---------
.../config/etc/iptables/iptables-consoleproxy | 1 -
.../debian/config/etc/iptables/iptables-secstorage | 2 -
3 files changed, 14 insertions(+), 25 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/946295b1/patches/systemvm/debian/config/etc/init.d/cloud-early-config
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index c579d68..d2c07b5 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -408,7 +408,9 @@ setup_dnsmasq() {
setup_sshd(){
local ip=$1
+ local eth=$2
[ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
+ sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
}
@@ -575,7 +577,6 @@ setup_router() {
sed -i /gateway/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
- setup_sshd $ETH1_IP
enable_svc dnsmasq 1
enable_svc haproxy 1
@@ -585,6 +586,7 @@ setup_router() {
enable_fwding 1
chkconfig nfs-common off
cp /etc/iptables/iptables-router /etc/iptables/rules
+ setup_sshd $ETH1_IP "eth1"
}
@@ -644,10 +646,6 @@ EOF
sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
- sed -i /gateway/d /etc/hosts
-
- echo "$ETH0_IP $NAME" >> /etc/hosts
- setup_sshd $ETH0_IP
setup_vpc_apache2
enable_svc dnsmasq 1
@@ -658,6 +656,7 @@ EOF
enable_fwding 1
chkconfig nfs-common off
cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
+ setup_sshd $ETH0_IP "eth0"
cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
echo "" > /etc/dnsmasq.d/dhcphosts.txt
@@ -696,24 +695,18 @@ setup_dhcpsrvr() {
sed -i /gateway/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
- if [ "$SSHONGUEST" == "true" ]
- then
- setup_sshd $ETH0_IP
- else
- setup_sshd $ETH1_IP
- fi
-
enable_svc dnsmasq 1
enable_svc haproxy 0
enable_svc cloud-passwd-srvr 1
enable_svc cloud 0
enable_fwding 0
chkconfig nfs-common off
+ cp /etc/iptables/iptables-router /etc/iptables/rules
if [ "$SSHONGUEST" == "true" ]
then
- sed '/3922/i -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT' /etc/iptables/iptables-router > /etc/iptables/rules
+ setup_sshd $ETH0_IP "eth0"
else
- cp /etc/iptables/iptables-router /etc/iptables/rules
+ setup_sshd $ETH1_IP "eth1"
fi
}
@@ -745,9 +738,9 @@ setup_secstorage() {
cp /etc/iptables/iptables-secstorage /etc/iptables/rules
if [ "$hyp" == "vmware" ]; then
- setup_sshd $ETH1_IP
+ setup_sshd $ETH1_IP "eth1"
else
- setup_sshd $ETH0_IP
+ setup_sshd $ETH0_IP "eth0"
fi
setup_apache2 $ETH2_IP
@@ -769,9 +762,9 @@ setup_console_proxy() {
echo "$public_ip $NAME" >> /etc/hosts
cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
if [ "$hyp" == "vmware" ]; then
- setup_sshd $ETH1_IP
+ setup_sshd $ETH1_IP "eth1"
else
- setup_sshd $ETH0_IP
+ setup_sshd $ETH0_IP "eth0"
fi
disable_rpfilter
@@ -792,13 +785,12 @@ setup_elbvm() {
[ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
echo "$public_ip $NAME" >> /etc/hosts
+ cp /etc/iptables/iptables-elbvm /etc/iptables/rules
if [ "$SSHONGUEST" == "true" ]
then
- sed '/3922/s/eth1/eth0/'
- setup_sshd $ETH0_IP
+ setup_sshd $ETH0_IP "eth0"
else
- cp /etc/iptables/iptables-elbvm /etc/iptables/rules
- setup_sshd $ETH1_IP
+ setup_sshd $ETH1_IP "eth1"
fi
enable_fwding 0
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/946295b1/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy b/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy
index 6e23038..ae5d14d 100644
--- a/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy
+++ b/patches/systemvm/debian/config/etc/iptables/iptables-consoleproxy
@@ -30,7 +30,6 @@ COMMIT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -j ACCEPT
--A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/946295b1/patches/systemvm/debian/config/etc/iptables/iptables-secstorage
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-secstorage b/patches/systemvm/debian/config/etc/iptables/iptables-secstorage
index 5218fa7..3139924 100755
--- a/patches/systemvm/debian/config/etc/iptables/iptables-secstorage
+++ b/patches/systemvm/debian/config/etc/iptables/iptables-secstorage
@@ -33,6 +33,4 @@ COMMIT
-A INPUT -p icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
--A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
--A INPUT -i eth3 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
COMMIT