That have deprecated /etc/sysconfig/iptables file.
Signed-off-by: Cleber Rosa <[email protected]>
---
contrib/firewalld_add_service | 124 +++++++++++++++++++++++++++++++++++++
contrib/install-autotest-server.sh | 22 ++++++-
2 files changed, 144 insertions(+), 2 deletions(-)
create mode 100755 contrib/firewalld_add_service
diff --git a/contrib/firewalld_add_service b/contrib/firewalld_add_service
new file mode 100755
index 0000000..4be42f6
--- /dev/null
+++ b/contrib/firewalld_add_service
@@ -0,0 +1,124 @@
+#!/usr/bin/env python
+
+"""
+This tool adds a service to firewalld's permanent configuration
+
+We don't expect this tool be run, and thus firewalld to be present on a system
+that does not have quite recent software, such as Python 2.7
+"""
+
+import os
+import sys
+import logging
+import argparse
+import commands
+import xml.etree.ElementTree
+
+
+DEFAULT_ZONE_SRC_BASE_PATH = '/usr/lib/firewalld/zones'
+DEFAULT_ZONE_DST_BASE_PATH = '/etc/firewalld/zones'
+
+
+class ArgumentParser(argparse.ArgumentParser):
+ def __init__(self):
+ super(ArgumentParser, self).__init__(
+ description=("This tool adds a service to firewalld's permanent "
+ "configuration"))
+
+ self.add_argument('-z', '--zone', default=self._get_default_zone(),
+ help='Zone name, using default path')
+
+ self.add_argument('-s', '--service', default='http',
+ help='Service name, default is "http"')
+
+
+ def _get_default_zone(self):
+ try:
+ s, o = commands.getstatusoutput('firewall-cmd --get-default-zone')
+ if s != 0:
+ return ''
+ else:
+ return o
+ except:
+ return ''
+
+
+class App(object):
+ def __init__(self):
+ self.argument_parser = ArgumentParser()
+ self.parsed_arguments = None
+
+
+ def get_src_file_from_zone(self, zone):
+ zone_filename = "%s.xml" % zone
+ return os.path.join(DEFAULT_ZONE_SRC_BASE_PATH,
+ zone_filename)
+
+
+ def get_dst_file_from_zone(self, zone):
+ zone_filename = "%s.xml" % zone
+ return os.path.join(DEFAULT_ZONE_DST_BASE_PATH,
+ zone_filename)
+
+
+ def is_service_enabled(self, path, service):
+ if not os.path.exists(path):
+ return False
+
+ tree = xml.etree.ElementTree.parse(path)
+ root = tree.getroot()
+
+ for child in root:
+ if child.tag == 'service':
+ if child.attrib['name'] == service:
+ return True
+
+ return False
+
+
+ def add_service(self, zone, service):
+ src_file_path = self.get_src_file_from_zone(zone)
+ if not os.path.exists(src_file_path):
+ logging.error('Could not find default zone file: %s',
+ src_file_path)
+ raise SystemExit
+
+ src_tree = xml.etree.ElementTree.parse(src_file_path)
+ src_root = src_tree.getroot()
+ dst_file_path = self.get_dst_file_from_zone(zone)
+
+ if self.is_service_enabled(dst_file_path, service):
+ return True
+
+ attrib = {'name': service}
+ new_service = xml.etree.ElementTree.SubElement(src_root,
+ 'service',
+ attrib)
+ src_tree.write(dst_file_path)
+
+ # Now, double check the write was successfull
+ return self.is_service_enabled(dst_file_path, service)
+
+
+ def run(self):
+ self.parsed_arguments = self.argument_parser.parse_args()
+
+ if not self.parsed_arguments.zone:
+ logging.error("A zone name is a required argument")
+ raise SystemExit
+
+ if not self.parsed_arguments.service:
+ logging.error("A service name is a required argument")
+ raise SystemExit
+
+ result = self.add_service(self.parsed_arguments.zone,
+ self.parsed_arguments.service)
+ if result:
+ raise SystemExit(0)
+ else:
+ raise SystemExit(-1)
+
+
+if __name__ == '__main__':
+ app = App()
+ app.run()
diff --git a/contrib/install-autotest-server.sh
b/contrib/install-autotest-server.sh
index 34fa313..0e64511 100755
--- a/contrib/install-autotest-server.sh
+++ b/contrib/install-autotest-server.sh
@@ -476,8 +476,15 @@ else
fi
}
-setup_firewall() {
-[ -f /etc/sysconfig/iptables ] || return;
+setup_firewall_firewalld() {
+ echo "Opening firewall for http traffic" >> $LOG
+ echo "Opening firewall for http traffic"
+
+ $ATHOME/contrib/firewalld_add_service -s http
+ firewall-cmd --reload
+}
+
+setup_firewall_iptables() {
if [ "$(grep -- '--dport 80 -j ACCEPT' /etc/sysconfig/iptables)" = "" ]
then
echo "Opening firewall for http traffic" >> $LOG
@@ -500,6 +507,17 @@ then
fi
}
+setup_firewall() {
+if [ -f /etc/sysconfig/iptables ]
+then
+ setup_firewall_iptables
+elif [ -x /usr/bin/firewall-cmd ]
+then
+ setup_firewall_firewalld
+fi
+}
+
+
print_install_status() {
if [ -x /etc/init.d/autotest ]
then
--
1.7.11.7
_______________________________________________
Autotest-kernel mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/autotest-kernel
