Author: arkurth
Date: Mon May 1 16:48:54 2017
New Revision: 1793372
URL: http://svn.apache.org/viewvc?rev=1793372&view=rev
Log:
VCL-1035
Updated iptables.pm::initialize to make sure 'iptables -L' can be executed
without permission denied errors.
Added UnixLab.pm::firewall subroutine which simply returns a generic
VCL::Module::OS::Linux::firewall object. This prevents attempts to needlessly
initialize other types of firewall modules.
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/UnixLab.pm
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/UnixLab.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/UnixLab.pm?rev=1793372&r1=1793371&r2=1793372&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/UnixLab.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/UnixLab.pm Mon May 1
16:48:54 2017
@@ -293,6 +293,31 @@ sub delete_reservation_info_json_file {
#//////////////////////////////////////////////////////////////////////////////
+=head2 firewall
+
+ Parameters : none
+ Returns : VCL::Module::OS::Linux::firewall object
+ Description : Creates and returns a generic VCL::Module::OS::Linux::firewall
+ object.
+
+=cut
+
+sub firewall {
+ my $self = shift;
+ if (ref($self) !~ /VCL::Module/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a
function, it must be called as a class method");
+ return;
+ }
+
+ return $self->{firewall} if $self->{firewall};
+
+ notify($ERRORS{'DEBUG'}, 0, "creating generic
VCL::Module::OS::Linux::firewall object");
+ $self->{firewall} = bless {}, 'VCL::Module::OS::Linux::firewall';
+ return $self->{firewall};
+}
+
+#//////////////////////////////////////////////////////////////////////////////
+
=head2 firewall_compare_update
=cut
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm
URL:
http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm?rev=1793372&r1=1793371&r2=1793372&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm
(original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm Mon
May 1 16:48:54 2017
@@ -89,6 +89,22 @@ sub initialize {
return 0;
}
+ # Make sure 'iptables -L' works, it won't if the management node does
not have root access
+ # This is likely for computers provisioned by Lab.pm
+ # The iptables command may exist but generates this error:
+ # iptables v1.4.7: can't initialize iptables table `filter':
Permission denied (you must be root)
+ # Perhaps iptables or your kernel needs to be upgraded.
+ my $command = "iptables -L";
+ my ($exit_status, $output) = $self->os->execute($command);
+ if (!defined($output)) {
+ notify($ERRORS{'WARNING'}, 0, ref($self) . " object not
initialized to control $computer_name, failed to execute command to test if
management node has access to configure iptables on the computer");
+ return;
+ }
+ elsif (grep(/(can't initialize|Permission denied|you must be root)/i,
@$output)) {
+ notify($ERRORS{'DEBUG'}, 0, ref($self) . " object not
initialized to control $computer_name, iptables command exists but cannot be
controlled by the management node user:\n" . join("\n", @$output));
+ return 0;
+ }
+
notify($ERRORS{'DEBUG'}, 0, ref($self) . " object initialized to
control $computer_name");
return 1;
}
