Loading Specific Iptables in install hook
This commit is contained in:
		| @@ -30,7 +30,8 @@ from pg_dir_utils import ( | ||||
|     ensure_mtu, | ||||
|     add_lcm_key, | ||||
|     post_pg_license, | ||||
|     fabric_interface_changed | ||||
|     fabric_interface_changed, | ||||
|     load_iptables | ||||
| ) | ||||
|  | ||||
| hooks = Hooks() | ||||
| @@ -42,6 +43,7 @@ def install(): | ||||
|     ''' | ||||
|     Install hook is run when the charm is first deployed on a node. | ||||
|     ''' | ||||
|     load_iptables() | ||||
|     configure_sources(update=True) | ||||
|     pkgs = determine_packages() | ||||
|     for pkg in pkgs: | ||||
|   | ||||
| @@ -18,7 +18,8 @@ from charmhelpers.contrib.network.ip import ( | ||||
|     get_iface_addr | ||||
| ) | ||||
| from charmhelpers.fetch import ( | ||||
|     apt_cache | ||||
|     apt_cache, | ||||
|     apt_install | ||||
| ) | ||||
| from charmhelpers.contrib.openstack import templating | ||||
| from charmhelpers.core.host import set_nic_mtu | ||||
| @@ -143,7 +144,6 @@ def restart_pg(): | ||||
|     ''' | ||||
|     service_stop('plumgrid') | ||||
|     time.sleep(2) | ||||
|     _exec_cmd(cmd=['iptables', '-F']) | ||||
|     service_start('plumgrid') | ||||
|     time.sleep(5) | ||||
|  | ||||
| @@ -341,3 +341,49 @@ def post_pg_license(): | ||||
|         log('No change in PLUMgrid License') | ||||
|         return 0 | ||||
|     return 1 | ||||
|  | ||||
|  | ||||
| def load_iptables(): | ||||
|     network = get_cidr_from_iface(get_mgmt_interface()) | ||||
|     if network: | ||||
|         _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'tcp', | ||||
|                    '-j', 'ACCEPT', '-s', network, '-d', | ||||
|                    network, '-m', 'state', '--state', 'NEW']) | ||||
|         _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'udp', '-j', | ||||
|                    'ACCEPT', '-s', network, '-d', network, | ||||
|                    '-m', 'state', '--state', 'NEW']) | ||||
|         _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-s', network, | ||||
|                    '-d', '224.0.0.18/32', '-j', 'ACCEPT']) | ||||
|     _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-p', 'vrrp', '-j', | ||||
|                'ACCEPT']) | ||||
|     _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'tcp', '-j', | ||||
|                'ACCEPT', '-d', config('plumgrid-virtual-ip'), '-m', | ||||
|                'state', '--state', 'NEW']) | ||||
|     apt_install('iptables-persistent') | ||||
|  | ||||
|  | ||||
| def get_cidr_from_iface(interface): | ||||
|     if not interface: | ||||
|         return None | ||||
|     apt_install('ohai') | ||||
|     try: | ||||
|         os_info = subprocess.check_output(['ohai', '-l', 'fatal']) | ||||
|     except OSError: | ||||
|         log('Unable to get operating system information') | ||||
|         return None | ||||
|     try: | ||||
|         os_info_json = json.loads(os_info) | ||||
|     except ValueError: | ||||
|         log('Unable to determine network') | ||||
|         return None | ||||
|     device = os_info_json['network']['interfaces'].get(interface) | ||||
|     if device is not None: | ||||
|         if device.get('routes'): | ||||
|             routes = device['routes'] | ||||
|             for net in routes: | ||||
|                 if 'scope' in net: | ||||
|                     return net.get('destination') | ||||
|         else: | ||||
|             return None | ||||
|     else: | ||||
|         return None | ||||
|   | ||||
| @@ -31,7 +31,8 @@ TO_PATCH = [ | ||||
|     'add_lcm_key', | ||||
|     'determine_packages', | ||||
|     'post_pg_license', | ||||
|     'config' | ||||
|     'config', | ||||
|     'load_iptables' | ||||
| ] | ||||
| NEUTRON_CONF_DIR = "/etc/neutron" | ||||
|  | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Bilal Baqar
					Bilal Baqar