Author: acoburn
Date: Tue Jul 16 21:51:01 2013
New Revision: 1503914
URL: http://svn.apache.org/r1503914
Log:
VCL-712
Added local version of firewall_compare_update to 2.3 bugfix line
Modified:
vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
Modified:
vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
URL:
http://svn.apache.org/viewvc/vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm?rev=1503914&r1=1503913&r2=1503914&view=diff
==============================================================================
---
vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
(original)
+++
vcl/branches/vcl-2.3-bugfixes/managementnode/lib/VCL/Module/OS/Linux/Ubuntu.pm
Tue Jul 16 21:51:01 2013
@@ -1220,6 +1220,99 @@ sub restart_network_interface {
return 1;
}
+
+#/////////////////////////////////////////////////////////////////////////////
+
+=head2 firewall_compare_update
+
+ Parameters : @scope_strings
+ Returns : 0 , 1
+ Description : Compare iptables for listed remote IP address in reservation
+
+=cut
+
+sub firewall_compare_update {
+ my $self = shift;
+ if (ref($self) !~ /linux/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it
must be called as a class method");
+ return;
+ }
+
+ # Check to see if this distro has iptables
+ # If not return 1 so it does not fail
+ if (!($self->service_exists("ufw"))) {
+ notify($ERRORS{'WARNING'}, 0, "iptables does not exist on this OS");
+ return 1;
+ }
+
+ my $computer_node_name = $self->data->get_computer_node_name();
+ my $imagerevision_id = $self->data->get_imagerevision_id();
+ my $remote_ip =
$self->data->get_reservation_remote_ip();
+
+ #collect connection_methods
+ #collect firewall_config
+ #For each port defined in connection_methods
+ #compare rule source address with remote_IP address
+
+ # Retrieve the connect method info hash
+ my $connect_method_info = get_connect_method_info($imagerevision_id);
+ if (!$connect_method_info) {
+ notify($ERRORS{'WARNING'}, 0, "no connect methods are configured for
image revision $imagerevision_id");
+ return;
+ }
+
+ # Retrieve the firewall configuration
+ my $INPUT_CHAIN = "INPUT";
+ my $firewall_configuration = $self->get_firewall_configuration() || return;
+
+ for my $connect_method_id (sort keys %{$connect_method_info} ) {
+
+ my $name = $connect_method_info->{$connect_method_id}{name};
+ my $description =
$connect_method_info->{$connect_method_id}{description};
+ my $protocol =
$connect_method_info->{$connect_method_id}{protocol} || 'TCP';
+ my $port = $connect_method_info->{$connect_method_id}{port};
+ my $scope;
+
+ $protocol = lc($protocol);
+
+ for my $num (sort keys
%{$firewall_configuration->{$INPUT_CHAIN}} ) {
+ my $existing_scope =
$firewall_configuration->{$INPUT_CHAIN}{$num}{$protocol}{$port}{scope} || '';
+ if(!$existing_scope ) {
+
+ }
+ else {
+ my $parsed_existing_scope =
$self->parse_firewall_scope($existing_scope);
+ if (!$parsed_existing_scope) {
+ notify($ERRORS{'WARNING'}, 0, "failed to parse existing
firewall scope: '$existing_scope'");
+ return;
+ }
+ $scope =
$self->parse_firewall_scope("$remote_ip,$existing_scope");
+ if (!$scope) {
+ notify($ERRORS{'WARNING'}, 0, "failed to parse firewall
scope argument appended with existing scope: '$remote_ip,$existing_scope'");
+ return;
+ }
+
+ if ($scope eq $parsed_existing_scope) {
+ notify($ERRORS{'DEBUG'}, 0, "firewall is already open on
$computer_node_name, existing scope matches scope argument:\n" .
+ "name: '$name'\n" .
+ "protocol: $protocol\n" .
+ "port/type: $port\n" .
+ "scope: $scope\n");
+ return 1;
+ }
+ else {
+ if ($self->enable_firewall_port($protocol, $port,
"$remote_ip/24", 0)) {
+ notify($ERRORS{'OK'}, 0, "opened firewall port $port on
$computer_node_name for $remote_ip $name connect method");
+ }
+ }
+ }
+ }
+ }
+
+ return 1;
+
+}
+
#/////////////////////////////////////////////////////////////////////////////
=head2 activate_interfaces
