[Engine-patches] Change in ovirt-engine[master]: engine: Gluster specific firewall configurations

sesubram Thu, 16 Aug 2012 01:34:12 -0700

Selvasundaram has uploaded a new change for review.

Change subject: engine: Gluster specific firewall configurations
......................................................................


engine: Gluster specific firewall configurations

     Added gluster specific firewall configurations to allow gluster operations.

Change-Id: I5a5958e870d3315316a59e1038101b2511bf8815
Signed-off-by: Selvasundaram <[email protected]>
---
A 
backend/manager/dbscripts/upgrade/03_01_1360_add_gluster_specific_firewall_config.sql
M 
backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsInstaller.java
M 
backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
3 files changed, 70 insertions(+), 6 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/44/7244/1

diff --git 
a/backend/manager/dbscripts/upgrade/03_01_1360_add_gluster_specific_firewall_config.sql
 
b/backend/manager/dbscripts/upgrade/03_01_1360_add_gluster_specific_firewall_config.sql
new file mode 100644
index 0000000..7493a1b
--- /dev/null
+++ 
b/backend/manager/dbscripts/upgrade/03_01_1360_add_gluster_specific_firewall_config.sql
@@ -0,0 +1,33 @@
+INSERT INTO vdc_options (option_name, option_value, version) VALUES 
('GlusterIPTablesConfig', 
+'
+# glusterd
+-A INPUT -p tcp -m tcp --dport 24007 -j ACCEPT
+
+# ctdbd
+-A INPUT -p tcp -m tcp --dport 4379  -j ACCEPT
+
+# smbd
+-A INPUT -p tcp -m tcp --dport 139   -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 445   -j ACCEPT
+
+# portmapper
+-A INPUT -p udp -m udp --dport 111   -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 38465 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 38466 -j ACCEPT
+
+# nfs 
+-A INPUT -p tcp -m tcp --dport 38467 -j ACCEPT
+
+# status
+-A INPUT -p tcp -m tcp --dport 39543 -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 55863 -j ACCEPT
+
+# nlockmgr
+-A INPUT -p tcp -m tcp --dport 38468 -j ACCEPT
+-A INPUT -p udp -m udp --dport 963   -j ACCEPT
+-A INPUT -p tcp -m tcp --dport 965   -j ACCEPT
+
+# Ports for gluster volume bricks (default 100 ports)
+-A INPUT -p tcp -m tcp --dport 24009:24108 -j ACCEPT
+', 
+'general');
diff --git 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsInstaller.java
 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsInstaller.java
index dbed995..03151d4 100644
--- 
a/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsInstaller.java
+++ 
b/backend/manager/modules/bll/src/main/java/org/ovirt/engine/core/bll/VdsInstaller.java
@@ -24,8 +24,8 @@
 import org.ovirt.engine.core.dao.VdsGroupDAO;
 import org.ovirt.engine.core.utils.FileUtil;
 import org.ovirt.engine.core.utils.VdcException;
-import org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper;
 import org.ovirt.engine.core.utils.hostinstall.IVdsInstallerCallback;
+import org.ovirt.engine.core.utils.hostinstall.OpenSslCAWrapper;
 import org.ovirt.engine.core.utils.hostinstall.VdsInstallerSSH;
 import org.ovirt.engine.core.utils.log.Log;
 import org.ovirt.engine.core.utils.log.LogFactory;
@@ -67,6 +67,9 @@
     private final String _remoteBootstrapRunningScriptPath;
     private final String remoteFwRulesFilePath;
     private boolean isAddOvirtFlow = false;
+    boolean supportVirt = false;
+    boolean supportGluster = false;
+
     protected static final java.util.HashMap<VdsInstallStages, String> 
_translatedMessages =
             new java.util.HashMap<VdsInstallStages, String>();
 
@@ -122,8 +125,8 @@
         Guid vdsGroupId = vds.getvds_group_id();
         VDSGroup vdsGroup = vdsGroupDao.get(vdsGroupId);
 
-        boolean supportVirt = vdsGroup.supportsVirtService();
-        boolean supportGluster = vdsGroup.supportsGlusterService();
+        supportVirt = vdsGroup.supportsVirtService();
+        supportGluster = vdsGroup.supportsGlusterService();
 
         // We don't allow having none services on the cluster. In such a case 
we
         // specify that the cluster supports virt for installation purposes
@@ -263,7 +266,7 @@
             _executionSucceded = _wrapper.sendFile(path, 
_remoteBootstrapRunningScriptPath);
             if (isOverrideFirewallAllowed() && _executionSucceded) {
                 _currentInstallStage = VdsInstallStages.UploadScript;
-                _executionSucceded = uploadFirewallRulesConfFile();
+                _executionSucceded = 
uploadFirewallRulesConfFile(getIpTableConfig());
             }
             break;
         }
@@ -327,9 +330,32 @@
         }
     }
 
-    private boolean uploadFirewallRulesConfFile() {
-        boolean isUploaded = false;
+    private String getIpTableConfig() {
         String ipTableConfig = Config.<String> 
GetValue(ConfigValues.IPTablesConfig);
+        if (supportGluster) {
+            int i = 0;
+            String glusterIpTableConfig = Config.<String> 
GetValue(ConfigValues.GlusterIPTablesConfig);
+            if (glusterIpTableConfig == null) {
+                glusterIpTableConfig = "";
+            }
+
+            String[] ipTables = ipTableConfig.split("\n");
+            while (i < ipTables.length) {
+                if (ipTables[i].toLowerCase().indexOf("reject") >= 0) {
+                    ipTableConfig =
+                            StringUtils.join(ipTables, "\n", 0, i) + "\n" + 
glusterIpTableConfig + "\n"
+                                    + StringUtils.join(ipTables, "\n", i, 
ipTables.length - 1);
+                    break;
+                }
+                i++;
+            }
+        }
+        return ipTableConfig;
+    }
+
+    private boolean uploadFirewallRulesConfFile(String ipTableConfig) {
+        boolean isUploaded = false;
+
         if (StringUtils.isNotEmpty(ipTableConfig)) {
             String fwRulesFileNamePath = null;
 
diff --git 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
index 6998a43..faec9f0 100644
--- 
a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
+++ 
b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java
@@ -1405,6 +1405,11 @@
     )
     BootstrapNodeIDCommand(372),
 
+    @Reloadable
+    @TypeConverterAttribute(String.class)
+    @DefaultValueAttribute("")
+    GlusterIPTablesConfig(373),
+
     Invalid(65535);
 
     private int intValue;


--
To view, visit http://gerrit.ovirt.org/7244
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I5a5958e870d3315316a59e1038101b2511bf8815
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Selvasundaram <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[master]: engine: Gluster specific firewall configurations

Reply via email to