You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by ar...@apache.org on 2016/10/12 20:07:38 UTC
svn commit: r1764534 - /vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
Author: arkurth
Date: Wed Oct 12 20:07:38 2016
New Revision: 1764534
URL: http://svn.apache.org/viewvc?rev=1764534&view=rev
Log:
VCL-996
Updated Linux.pm::enable_firewall_port and disable_firewall_port to sort iptables rule IDs numerically.
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm?rev=1764534&r1=1764533&r2=1764534&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux.pm Wed Oct 12 20:07:38 2016
@@ -4292,7 +4292,7 @@ sub enable_firewall_port {
# They must be deleted in order from highest rule number to lowest
# Otherwise, unintended rules will be deleted unless the rule numbers are adjusted
my $firewall_configuration = $self->get_firewall_configuration() || return;
- RULE: for my $rule_number (reverse sort keys %{$firewall_configuration->{$chain}}) {
+ RULE: for my $rule_number (reverse sort {$a <=> $b} keys %{$firewall_configuration->{$chain}}) {
my $rule = $firewall_configuration->{$chain}{$rule_number};
# Check if the rule matches the protocol and port arguments
@@ -4303,7 +4303,7 @@ sub enable_firewall_port {
# Ignore rule is existing scope isn't defined
my $existing_scope = $rule->{$protocol}{$port}{scope};
if (!defined($existing_scope)) {
- notify($ERRORS{'DEBUG'}, 0, "ignoring rule $rule_number, existing scope is NOT specified:\n" . format_data($rule->{$protocol}{$port}));
+ notify($ERRORS{'DEBUG'}, 0, "ignoring existing $protocol/$port rule $rule_number, existing scope is NOT specified");
next RULE;
}
$existing_scope_string .= "$existing_scope,";
@@ -4312,7 +4312,7 @@ sub enable_firewall_port {
# This helps reduce duplicate rules and the number of individual rules
push @commands, "iptables -D $chain $rule_number";
- notify($ERRORS{'DEBUG'}, 0, "existing $chain chain rule $rule_number matches:\n" . format_data($firewall_configuration->{$chain}{$rule_number}));
+ notify($ERRORS{'DEBUG'}, 0, "existing $protocol/$port $chain chain rule $rule_number matches, existing scope: $existing_scope");
}
# Combine all of the existing scopes matching the protocol/port
@@ -4381,7 +4381,7 @@ sub enable_firewall_port {
for my $scope_string (@new_scope_list) {
# Add the new rule to the array of iptables commands
my $new_rule_command;
- $new_rule_command .= "/sbin/iptables -v -I INPUT 1";
+ $new_rule_command .= "iptables -v -I INPUT 1";
$new_rule_command .= " -p $protocol";
$new_rule_command .= " -j ACCEPT";
$new_rule_command .= " -s $scope_string";
@@ -4411,17 +4411,17 @@ sub enable_firewall_port {
notify($ERRORS{'WARNING'}, 0, "failed to back up original iptables file to: '$iptables_backup_file_path'");
}
- #notify($ERRORS{'DEBUG'}, 0, "attempting to execute iptables commands on $computer_node_name:\n" . join("\n", @commands));
+ notify($ERRORS{'DEBUG'}, 0, "attempting to execute iptables commands on $computer_node_name:\n" . join("\n&& ", @commands));
my ($exit_status, $output) = $self->execute($command, 0);
- if (!defined $exit_status) {
- notify($ERRORS{'WARNING'}, 0, "failed to execute iptables commands to enable firewall port on $computer_node_name, protocol: $protocol, port: $port, scope: $new_scope");
+ if (!defined($output)) {
+ notify($ERRORS{'WARNING'}, 0, "failed to execute iptables commands to enable firewall port on $computer_node_name, protocol: $protocol, port: $port, scope: $scope_argument, command:\n$command");
return;
}
elsif ($exit_status == 0) {
- notify($ERRORS{'DEBUG'}, 0, "enabled firewall port on $computer_node_name, protocol: $protocol, port: $port, scope: $new_scope, command:\n$command");
+ notify($ERRORS{'DEBUG'}, 0, "enabled firewall port on $computer_node_name, protocol: $protocol, port: $port, scope: $scope_argument");
}
else {
- notify($ERRORS{'WARNING'}, 0, "failed to enable firewall port on $computer_node_name, protocol: $protocol, port: $port, scope: $new_scope, exit status: $exit_status, command:\n$command\noutput:\n" . join("\n", @$output));
+ notify($ERRORS{'WARNING'}, 0, "failed to enable firewall port on $computer_node_name, protocol: $protocol, port: $port, scope: $scope_argument, exit status: $exit_status, command:\n$command\noutput:\n" . join("\n", @$output));
return;
}
@@ -4505,7 +4505,7 @@ sub disable_firewall_port {
my $existing_scope_string;
my $firewall_configuration = $self->get_firewall_configuration() || return;
- RULE: for my $rule_number (reverse sort keys %{$firewall_configuration->{$chain}}) {
+ RULE: for my $rule_number (reverse sort {$a <=> $b} keys %{$firewall_configuration->{$chain}}) {
my $rule = $firewall_configuration->{$chain}{$rule_number};
# Check if the rule matches the protocol and port arguments
@@ -4546,7 +4546,7 @@ sub disable_firewall_port {
#notify($ERRORS{'DEBUG'}, 0, "attempting to execute iptables commands on $computer_node_name:\n" . join("\n", @commands));
my ($exit_status, $output) = $self->execute($command);
if (!defined $exit_status) {
- notify($ERRORS{'WARNING'}, 0, "failed to execute iptables commands to disable firewall port $protocol/$port on $computer_node_name");
+ notify($ERRORS{'WARNING'}, 0, "failed to execute iptables commands to disable firewall port $protocol/$port on $computer_node_name, command:\n$command\nprevious firewall configuration:\n" . format_data($firewall_configuration));
return;
}
elsif ($exit_status == 0) {
@@ -4851,7 +4851,7 @@ sub get_firewall_configuration {
return;
}
- #notify($ERRORS{'DEBUG'}, 0, "iptables output:\n" . join("\n", @$output));
+ notify($ERRORS{'DEBUG'}, 0, "iptables output:\n" . join("\n", @$output));
# Execute the iptables -L --line-number -n command to retrieve firewall port openings
# Expected output:
@@ -5102,7 +5102,7 @@ sub clean_iptables {
my $chain = "INPUT";
my @commands;
my $firewall_configuration = $self->get_firewall_configuration() || return;
- RULE: for my $rule_number (reverse sort {$a<=>$b} keys %{$firewall_configuration->{$chain}}) {
+ RULE: for my $rule_number (reverse sort {$a <=> $b} keys %{$firewall_configuration->{$chain}}) {
my $rule = $firewall_configuration->{$chain}{$rule_number};
for my $protocol (keys %$rule) {
@@ -5658,7 +5658,7 @@ sub configure_ext_sshd {
notify($ERRORS{'WARNING'}, 0, "unable to configure ext_sshd, failed to restart sshd on $computer_node_name after reconfiguring sshd_config to only listen on private network");
return;
}
-
+
# Create and configure the ext_sshd service
if (!$self->configure_ext_sshd_config_file()) {
notify($ERRORS{'WARNING'}, 0, "unable to configure ext_sshd, failed to configure external_sshd_config file on $computer_node_name");
@@ -7287,6 +7287,53 @@ sub update_resolv_conf {
}
}
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 get_product_name
+
+ Parameters : none
+ Returns : string
+ Description : Retrieves the name of the Linux distribution from
+ /etc/redhat-release. If this file does not exist, null is
+ returned.
+
+=cut
+
+sub get_product_name {
+ my $self = shift;
+ if (ref($self) !~ /linux/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
+ return;
+ }
+
+ return $self->{product_name} if defined($self->{product_name});
+
+ my $computer_name = $self->data->get_computer_short_name();
+
+ my $release_file_path = '/etc/redhat-release';
+ if (!$self->file_exists($release_file_path)) {
+ notify($ERRORS{'WARNING'}, 0, "unable to determine Linux distribution name installed on $computer_name, file does not exist: $release_file_path");
+ return;
+ }
+
+ my @release_file_lines = $self->get_file_contents($release_file_path);
+ if (!@release_file_lines) {
+ notify($ERRORS{'WARNING'}, 0, "unable to determine Linux distribution name installed on $computer_name, failed to retrieve contents of: $release_file_path");
+ return;
+ }
+
+ # In case there are multiple lines, get the first one with a word character
+ my ($product_name) = grep(/\w/, @release_file_lines);
+ if (!$product_name) {
+ notify($ERRORS{'WARNING'}, 0, "unable to determine Linux distribution name installed on $computer_name, $release_file_path does not contain a line with a word character, contents:\n" . join("\n", @release_file_lines));
+ return;
+ }
+
+ $self->{product_name} = $product_name;
+ notify($ERRORS{'OK'}, 0, "determined Linux distribution name installed on $computer_name: '$self->{product_name}'");
+ return $self->{product_name};
+}
+
##/////////////////////////////////////////////////////////////////////////////
1;
__END__