Alon Bar-Lev has uploaded a new change for review. Change subject: packaging: open up firewall rules for console and migration in aio mode ......................................................................
packaging: open up firewall rules for console and migration in aio mode These ports are required for proper application use. Change-Id: Id2fb5346eaf8c800952df28657df701911586faa Signed-off-by: Alon Bar-Lev <alo...@redhat.com> Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=857496 --- M packaging/fedora/setup/engine-setup.py M packaging/fedora/setup/plugins/all_in_one_100.py 2 files changed, 26 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/74/8374/1 diff --git a/packaging/fedora/setup/engine-setup.py b/packaging/fedora/setup/engine-setup.py index b423d5b..f677598 100755 --- a/packaging/fedora/setup/engine-setup.py +++ b/packaging/fedora/setup/engine-setup.py @@ -923,6 +923,9 @@ ) ) + if 'EXTRA_IPTABLES_RULES' in controller.CONF: + lines += controller.CONF['EXTRA_IPTABLES_RULES'] + outputText = fileContent.replace('@CUSTOM_RULES@', "\n".join(lines)) logging.debug(outputText) diff --git a/packaging/fedora/setup/plugins/all_in_one_100.py b/packaging/fedora/setup/plugins/all_in_one_100.py index 9bd4934..8814c5e 100644 --- a/packaging/fedora/setup/plugins/all_in_one_100.py +++ b/packaging/fedora/setup/plugins/all_in_one_100.py @@ -146,6 +146,16 @@ [controller.CONF["CONFIG_ALLINONE"]], ["yes"], cpuSteps) + controller.insertSequenceBeforeSequence( + "Initial Steps", + "Add firewall rules", + [controller.CONF["CONFIG_ALLINONE"]], + ["yes"], + [{ + 'title' : "%s: Adding firewall rules" % PLUGIN_NAME_COLORED, + 'functions' : [addFirewallRules] + }] + ) # Main AIO sequences @@ -183,6 +193,19 @@ raise Exception(ERROR_LIBVIRT_START) +def addFirewallRules(): + global controller + + if 'EXTRA_IPTABLES_RULES' not in controller.CONF: + controller.CONF['EXTRA_IPTABLES_RULES'] = [] + + controller.CONF['EXTRA_IPTABLES_RULES'] += [ + '# guest consoles', + '-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m multiport --dports 5634:6166 -j ACCEPT', + '# migration', + '-A RH-Firewall-1-INPUT -m state --state NEW -p tcp -m multiport --dports 49152:49216 -j ACCEPT' + ] + def returnYes(controller): return "yes" -- To view, visit http://gerrit.ovirt.org/8374 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id2fb5346eaf8c800952df28657df701911586faa Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
