seasharp
/
anvil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Local modifications to ClusterLabs/Anvil by Alteeve
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
281 Commits
2 Branches
0 Tags
21 MiB
Tag: Branch: Tree: 0ca80d0599
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '0ca80d0599'
${ noResults }
anvil/tools/anvil-manage-firewall

106 lines
3.9 KiB
Raw Normal View History Unescape

* Starting work on adding "Install Target" function (will likely rename this, but basic same function as IT in m2). * Added 'sys::database::failed_connection_log_level' to allow silencing of log messages when a Striker peer database is not available. * Started updating the .spec for the new release to add supported packages needed for PXE/dhcp/tftpboot. * Added to repo tftpboot files as pulling them out of the packages and moving them into the right place relative to the modest size of adding them directly to our source wasn't justified. * Created the still very very early 'tools/anvil-manage-firewall' tool. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
#!/usr/bin/perl
#
* Started work on System->check_firewall() that will collect existing firewall information. * Updated System->get_ips() to read and parse the interface config file and ignore 'lo'. * Started working on striker-manage-install-target again. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
# This keeps an eye on the network configuration and ensures the firewall is configured appropriately. What
# exactly that means depends on why kind of machine the local host is.
* Starting work on adding "Install Target" function (will likely rename this, but basic same function as IT in m2). * Added 'sys::database::failed_connection_log_level' to allow silencing of log messages when a Striker peer database is not available. * Started updating the .spec for the new release to add supported packages needed for PXE/dhcp/tftpboot. * Added to repo tftpboot files as pulling them out of the packages and moving them into the right place relative to the modest size of adding them directly to our source wasn't justified. * Created the still very very early 'tools/anvil-manage-firewall' tool. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
#
#
# Exit codes;
# 0 = Normal exit.
#
#
use strict;
use warnings;
use Anvil::Tools;
* Started work on System->check_firewall() that will collect existing firewall information. * Updated System->get_ips() to read and parse the interface config file and ignore 'lo'. * Started working on striker-manage-install-target again. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
use Data::Dumper;
* Starting work on adding "Install Target" function (will likely rename this, but basic same function as IT in m2). * Added 'sys::database::failed_connection_log_level' to allow silencing of log messages when a Striker peer database is not available. * Started updating the .spec for the new release to add supported packages needed for PXE/dhcp/tftpboot. * Added to repo tftpboot files as pulling them out of the packages and moving them into the right place relative to the modest size of adding them directly to our source wasn't justified. * Created the still very very early 'tools/anvil-manage-firewall' tool. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
# Disable buffering
$| = 1;
my $THIS_FILE = ($0 =~ /^.*\/(.*)$/)[0];
my $running_directory = ($0 =~ /^(.*?)\/$THIS_FILE$/)[0];
if (($running_directory =~ /^\./) && ($ENV{PWD}))
{
$running_directory =~ s/^\./$ENV{PWD}/;
}
my $anvil = Anvil::Tools->new({log_level => 2, log_secure => 1});
$anvil->Storage->read_config({file => $anvil->data->{path}{configs}{'anvil.conf'}});
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, secure => 0, key => "log_0115", variables => { program => $THIS_FILE }});
# Read switches
$anvil->data->{switches}{'y'} = "";
$anvil->Get->switches;
* Started work on System->check_firewall() that will collect existing firewall information. * Updated System->get_ips() to read and parse the interface config file and ignore 'lo'. * Started working on striker-manage-install-target again. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
check_initial_setup($anvil);
* Starting work on adding "Install Target" function (will likely rename this, but basic same function as IT in m2). * Added 'sys::database::failed_connection_log_level' to allow silencing of log messages when a Striker peer database is not available. * Started updating the .spec for the new release to add supported packages needed for PXE/dhcp/tftpboot. * Added to repo tftpboot files as pulling them out of the packages and moving them into the right place relative to the modest size of adding them directly to our source wasn't justified. * Created the still very very early 'tools/anvil-manage-firewall' tool. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
# We're done
$anvil->nice_exit({exit_code => 0});
#############################################################################################################
# Private functions. #
#############################################################################################################
* Started work on System->check_firewall() that will collect existing firewall information. * Updated System->get_ips() to read and parse the interface config file and ignore 'lo'. * Started working on striker-manage-install-target again. Signed-off-by: Digimer <digimer@alteeve.ca>
6 years ago
sub check_initial_setup
{
my ($anvil) = @_;
# Get a list of networks.
$anvil->System->get_ips();
my $internet_zone = "";
foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{sys}{network}{interface}})
{
if ($interface =~ /^((bcn|ifn|sn)\d+)_/)
{
# We'll use the start as the zone, though it should always be overridden by the
# ZONE="" variable in each interface's config.
my $zone = $1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { zone => $zone }});
if ((exists $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}) && ($anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE}))
{
$zone = $anvil->data->{sys}{network}{interface}{$interface}{variable}{ZONE};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { zone => $zone }});
}
$anvil->data->{zones}{$zone}{interface}{$interface}{ip} = $anvil->data->{sys}{network}{interface}{$interface}{ip};
$anvil->data->{zones}{$zone}{interface}{$interface}{subnet} = $anvil->data->{sys}{network}{interface}{$interface}{subnet};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
"zones::${zone}::interface::${interface}::ip" => $anvil->data->{zones}{$zone}{interface}{$interface}{ip},
"zones::${zone}::interface::${interface}::subnet" => $anvil->data->{zones}{$zone}{interface}{$interface}{subnet},
}});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
"sys::network::interface::${interface}::default_gateway" => $anvil->data->{sys}{network}{interface}{$interface}{default_gateway},
}});
if ($anvil->data->{sys}{network}{interface}{$interface}{default_gateway})
{
$internet_zone = $zone;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { internet_zone => $internet_zone }});
}
}
}
# See what we've found...
foreach my $zone (sort {$a cmp $b} keys %{$anvil->data->{zones}})
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { zone => $zone }});
foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{zones}{$zone}{interface}})
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { interface => $interface }});
}
}
# Get the list of existing zones.
my $firewall = $anvil->System->check_firewall({debug => 2});
print Dumper $firewall;
# What am I?
my $type = $anvil->System->get_host_type();
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { type => $type }});
return(0);
}