On 11/08/2012 02:48 PM, Cleber Rosa wrote:
That have deprecated /etc/sysconfig/iptables file.
Ok, that was a great, quick turnaround of the issue. It has been applied to next, thanks Cleber!
Signed-off-by: Cleber Rosa <[email protected]> --- contrib/firewalld_add_service | 124 +++++++++++++++++++++++++++++++++++++ contrib/install-autotest-server.sh | 22 ++++++- 2 files changed, 144 insertions(+), 2 deletions(-) create mode 100755 contrib/firewalld_add_service diff --git a/contrib/firewalld_add_service b/contrib/firewalld_add_service new file mode 100755 index 0000000..4be42f6 --- /dev/null +++ b/contrib/firewalld_add_service @@ -0,0 +1,124 @@ +#!/usr/bin/env python + +""" +This tool adds a service to firewalld's permanent configuration + +We don't expect this tool be run, and thus firewalld to be present on a system +that does not have quite recent software, such as Python 2.7 +""" + +import os +import sys +import logging +import argparse +import commands +import xml.etree.ElementTree + + +DEFAULT_ZONE_SRC_BASE_PATH = '/usr/lib/firewalld/zones' +DEFAULT_ZONE_DST_BASE_PATH = '/etc/firewalld/zones' + + +class ArgumentParser(argparse.ArgumentParser): + def __init__(self): + super(ArgumentParser, self).__init__( + description=("This tool adds a service to firewalld's permanent " + "configuration")) + + self.add_argument('-z', '--zone', default=self._get_default_zone(), + help='Zone name, using default path') + + self.add_argument('-s', '--service', default='http', + help='Service name, default is "http"') + + + def _get_default_zone(self): + try: + s, o = commands.getstatusoutput('firewall-cmd --get-default-zone') + if s != 0: + return '' + else: + return o + except: + return '' + + +class App(object): + def __init__(self): + self.argument_parser = ArgumentParser() + self.parsed_arguments = None + + + def get_src_file_from_zone(self, zone): + zone_filename = "%s.xml" % zone + return os.path.join(DEFAULT_ZONE_SRC_BASE_PATH, + zone_filename) + + + def get_dst_file_from_zone(self, zone): + zone_filename = "%s.xml" % zone + return os.path.join(DEFAULT_ZONE_DST_BASE_PATH, + zone_filename) + + + def is_service_enabled(self, path, service): + if not os.path.exists(path): + return False + + tree = xml.etree.ElementTree.parse(path) + root = tree.getroot() + + for child in root: + if child.tag == 'service': + if child.attrib['name'] == service: + return True + + return False + + + def add_service(self, zone, service): + src_file_path = self.get_src_file_from_zone(zone) + if not os.path.exists(src_file_path): + logging.error('Could not find default zone file: %s', + src_file_path) + raise SystemExit + + src_tree = xml.etree.ElementTree.parse(src_file_path) + src_root = src_tree.getroot() + dst_file_path = self.get_dst_file_from_zone(zone) + + if self.is_service_enabled(dst_file_path, service): + return True + + attrib = {'name': service} + new_service = xml.etree.ElementTree.SubElement(src_root, + 'service', + attrib) + src_tree.write(dst_file_path) + + # Now, double check the write was successfull + return self.is_service_enabled(dst_file_path, service) + + + def run(self): + self.parsed_arguments = self.argument_parser.parse_args() + + if not self.parsed_arguments.zone: + logging.error("A zone name is a required argument") + raise SystemExit + + if not self.parsed_arguments.service: + logging.error("A service name is a required argument") + raise SystemExit + + result = self.add_service(self.parsed_arguments.zone, + self.parsed_arguments.service) + if result: + raise SystemExit(0) + else: + raise SystemExit(-1) + + +if __name__ == '__main__': + app = App() + app.run() diff --git a/contrib/install-autotest-server.sh b/contrib/install-autotest-server.sh index 34fa313..0e64511 100755 --- a/contrib/install-autotest-server.sh +++ b/contrib/install-autotest-server.sh @@ -476,8 +476,15 @@ else fi } -setup_firewall() { -[ -f /etc/sysconfig/iptables ] || return; +setup_firewall_firewalld() { + echo "Opening firewall for http traffic" >> $LOG + echo "Opening firewall for http traffic" + + $ATHOME/contrib/firewalld_add_service -s http + firewall-cmd --reload +} + +setup_firewall_iptables() { if [ "$(grep -- '--dport 80 -j ACCEPT' /etc/sysconfig/iptables)" = "" ] then echo "Opening firewall for http traffic" >> $LOG @@ -500,6 +507,17 @@ then fi } +setup_firewall() { +if [ -f /etc/sysconfig/iptables ] +then + setup_firewall_iptables +elif [ -x /usr/bin/firewall-cmd ] +then + setup_firewall_firewalld +fi +} + + print_install_status() { if [ -x /etc/init.d/autotest ] then
_______________________________________________ Autotest-kernel mailing list [email protected] https://www.redhat.com/mailman/listinfo/autotest-kernel
