From 9b8922b530e1fe40b69b5e6f0bdeba89933bfd5a Mon Sep 17 00:00:00 2001 From: Digimer Date: Tue, 8 Aug 2017 00:19:57 -0400 Subject: [PATCH] * Created System->is_local that takes a hostname or IP address and returns '1' if that matches the local host or one of the local IPs. * Got System->manage_firewall to the point where it can get a list of open TCP and UDP ports for the active zone. Signed-off-by: Digimer --- AN/Tools/Database.pm | 61 ++++++--- AN/Tools/System.pm | 315 ++++++++++++++++++++++++++++++++++++++----- 2 files changed, 329 insertions(+), 47 deletions(-) diff --git a/AN/Tools/Database.pm b/AN/Tools/Database.pm index 051e4505..2f327b5c 100755 --- a/AN/Tools/Database.pm +++ b/AN/Tools/Database.pm @@ -98,7 +98,12 @@ sub archive_databases my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->archive_databases()" }}); + + + + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0126", variables => { method => "Database->archive_databases()" }}); return(0); } @@ -112,6 +117,7 @@ sub check_lock_age my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->check_lock_age()" }}); # Make sure we've got the 'sys::database::local_lock_active' and 'reap_age' variables set. if ((not defined $an->data->{sys}{database}{local_lock_active}) or ($an->data->{sys}{database}{local_lock_active} =~ /\D/)) @@ -179,6 +185,7 @@ sub configure_pgsql my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->configure_pgsql()" }}); my $id = defined $parameter->{id} ? $parameter->{id} : ""; $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { id => $id }}); @@ -506,11 +513,15 @@ sub configure_pgsql } } - # Finally, make sure firewalld is listening on the local port. - # my $zone = firewall-cmd --get-default-zone - # firewall-cmd --zone=$zone --list-all - # check for 'services: ... postgresql ...' (for 5432) or 'ports: ... X ...' otherwise - # Check 'firewall-cmd --info-service=postgresql' to nonfirm 'ports: 5432/tcp' + # Make sure the psql TCP port is open. + $an->data->{database}{$id}{port} = 5432 if not $an->data->{database}{$id}{port}; + my $port_status = $an->System->manage_firewall({ + task => "open", + port_number => $an->data->{database}{$id}{port}, + }); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { port_status => $port_status }}); + + die $THIS_FILE." ".__LINE__."; testing...\n"; return(0); } @@ -594,6 +605,7 @@ sub connect my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->connect()" }}); my $source = defined $parameter->{source} ? $parameter->{source} : "core"; my $sql_file = defined $parameter->{sql_file} ? $parameter->{sql_file} : $an->data->{path}{sql}{'Tools.sql'}; @@ -612,7 +624,7 @@ sub connect if (not $an->data->{sys}{host_uuid}) { $an->data->{sys}{host_uuid} = $an->Get->host_uuid; - $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { "sys::host_uuid" => $an->data->{sys}{host_uuid} }}); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "sys::host_uuid" => $an->data->{sys}{host_uuid} }}); } # This will be used in a few cases where the local DB ID is needed (or the lack of it being set @@ -704,18 +716,22 @@ sub connect } # Before we try to connect, see if this is a local database and, if so, make sure it's setup. - if (($host eq $an->_hostname) or - ($host eq $an->_short_hostname) or - ($host eq "localhost") or - ($host eq "127.0.0.1") or - (not $an->data->{sys}{read_db_id})) + my $is_local = $an->System->is_local({host => $host}); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { is_local => $is_local }}); + if ($is_local) { $an->data->{sys}{read_db_id} = $id; - $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "sys::read_db_id" => $an->data->{sys}{read_db_id} }}); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { "sys::read_db_id" => $an->data->{sys}{read_db_id} }}); # Set it up (or update it) if needed. This method just returns if nothing is needed. $an->Database->configure_pgsql({id => $id}); } + elsif (not $an->data->{sys}{read_db_id}) + { + $an->data->{sys}{read_db_id} = $id; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "sys::read_db_id" => $an->data->{sys}{read_db_id} }}); + } + next; # Connect! my $dbh = ""; @@ -867,6 +883,7 @@ sub connect }}); } } + die; # Do I have any connections? Don't die, if not, just return. $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { connections => $connections }}); @@ -1036,6 +1053,7 @@ sub disconnect my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->disconnect()" }}); my $marked_inactive = 0; foreach my $id (sort {$a cmp $b} keys %{$an->data->{database}}) @@ -1083,6 +1101,7 @@ sub get_hosts my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->get_hosts()" }}); my $query = " SELECT @@ -1144,6 +1163,7 @@ sub get_local_id my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->get_local_id()" }}); my $local_id = ""; my $network_details = $an->Get->network_details; @@ -1185,6 +1205,7 @@ sub initialize my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->initialize()" }}); my $id = $parameter->{id} ? $parameter->{id} : $an->data->{sys}{read_db_id}; my $sql_file = $parameter->{sql_file} ? $parameter->{sql_file} : $an->data->{path}{sql}{'Tools.sql'}; @@ -1333,9 +1354,7 @@ FROM WHERE host_uuid = ".$an->data->{sys}{use_db_fh}->quote($host_uuid)." ;"; - $an->Log->entry({log_level => 2, message_key => "an_variables_0001", message_variables => { - name1 => "query", value1 => $query - }, file => $THIS_FILE, line => __LINE__}); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { query => $query }}); my $results = $an->Database->query({query => $query, id => $id, source => $THIS_FILE, line => __LINE__}); my $count = @{$results}; @@ -1427,6 +1446,7 @@ sub insert_or_update_states my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->insert_or_update_states()" }}); my $state_uuid = $parameter->{state_uuid} ? $parameter->{state_uuid} : ""; my $state_name = $parameter->{state_name} ? $parameter->{state_name} : ""; @@ -1643,6 +1663,7 @@ sub insert_or_update_variables my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->insert_or_update_variables()" }}); my $variable_uuid = defined $parameter->{variable_uuid} ? $parameter->{variable_uuid} : ""; my $variable_name = defined $parameter->{variable_name} ? $parameter->{variable_name} : ""; @@ -1907,6 +1928,7 @@ sub lock_file my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->lock_file()" }}); my $do = $parameter->{'do'} ? $parameter->{'do'} : "get"; $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'do' => $do }}); @@ -1966,6 +1988,7 @@ sub locking my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->locking()" }}); my $request = defined $parameter->{request} ? $parameter->{request} : 0; my $release = defined $parameter->{release} ? $parameter->{release} : 0; @@ -2187,6 +2210,7 @@ sub mark_active my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->mark_active()" }}); my $set = defined $parameter->{set} ? $parameter->{set} : 1; $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { set => $set }}); @@ -2284,6 +2308,7 @@ sub query my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->query()" }}); my $id = $parameter->{id} ? $parameter->{id} : $an->data->{sys}{read_db_id}; my $line = $parameter->{line} ? $parameter->{line} : __LINE__; @@ -2378,6 +2403,7 @@ sub read_variable my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->read_variable()" }}); my $variable_uuid = $parameter->{variable_uuid} ? $parameter->{variable_uuid} : ""; my $variable_name = $parameter->{variable_name} ? $parameter->{variable_name} : ""; @@ -2470,6 +2496,7 @@ sub resync_databases my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->resync_databases()" }}); # Get a list if tables. Note that we'll only sync a given table with peers that have the same table. my $table_array = ref($parameter->{tables}) eq "ARRAY" ? $parameter->{tables} : []; @@ -2495,6 +2522,7 @@ sub write my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->write()" }}); my $id = $parameter->{id} ? $parameter->{id} : $an->data->{sys}{read_db_id}; my $line = $parameter->{line} ? $parameter->{line} : __LINE__; @@ -2709,6 +2737,7 @@ sub _find_behind_databases my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->_find_behind_databases()" }}); my $source = $parameter->{source} ? $parameter->{source} : ""; my $tables = $parameter->{tables} ? $parameter->{tables} : ""; @@ -2905,6 +2934,7 @@ sub _mark_database_as_behind my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->_mark_database_as_behind()" }}); my $id = $parameter->{id} ? $parameter->{id} : ""; $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { id => $id }}); @@ -2950,6 +2980,7 @@ sub _test_access my $self = shift; my $parameter = shift; my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 2, key => "log_0125", variables => { method => "Database->_test_access()" }}); my $id = $parameter->{id} ? $parameter->{id} : ""; $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { id => $id }}); diff --git a/AN/Tools/System.pm b/AN/Tools/System.pm index a68090aa..4affa232 100755 --- a/AN/Tools/System.pm +++ b/AN/Tools/System.pm @@ -17,6 +17,7 @@ my $THIS_FILE = "System.pm"; # check_memory # determine_host_type # enable_daemon +# is_local # manage_firewall # ping # read_ssh_config @@ -315,21 +316,74 @@ sub enable_daemon return($return); } +=head2 is_local + +This method takes a host name or IP address and looks to see if it matches the local system. If it does, it returns C<< 1 >>. Otherwise it returns C<< 0 >>. + +Parameters; + +=head3 host (required) + +This is the host name (or IP address) to check against the local system. + +=cut +sub is_local +{ + my $self = shift; + my $parameter = shift; + my $an = $self->parent; + $an->Log->entry({source => $THIS_FILE, line => __LINE__, level => 3, key => "log_0125", variables => { method => "System->_is_local()" }}); + + my $host = $parameter->{host} ? $parameter->{host} : ""; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { host => $host }}); + + my $is_local = 0; + if (($host eq $an->_hostname) or + ($host eq $an->_short_hostname) or + ($host eq "localhost") or + ($host eq "127.0.0.1")) + { + # It's local + $is_local = 1; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { is_local => $is_local }}); + } + else + { + # Get the list of current IPs and see if they match. + my $network = $an->Get->network_details; + foreach my $interface (keys %{$network->{interface}}) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "network->interface::${interface}::ip" => $network->{interface}{$interface}{ip} }}); + if ($host eq $network->{interface}{$interface}{ip}) + { + $is_local = 1; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { is_local => $is_local }}); + last; + } + } + } + + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { is_local => $is_local }}); + return($is_local); +} + =head2 manage_firewall This method manages a firewalld firewall. +B: This is pretty basic at this time. Capabilities will be added over time so please expect changes to this method. + Parameters; =head3 task (optional) -If set to C<< open >>, it will open the corresponding C<< port >> or C<< service >>. If set to C<< close >>, it will close the corresponding C<< port >> or C<< service >>. If set to c<< check >>, the state of the given C<< port >> or C<< service >> is returned. +If set to C<< open >>, it will open the corresponding C<< port >>. If set to C<< close >>, it will close the corresponding C<< port >>. If set to c<< check >>, the state of the given C<< port >> is returned. The default is C<< check >>. -=head3 port (optional) +=head3 port_number (required) -If set, this is the port number to work on. +This is the port number to work on. If not specified, C<< service >> is required. @@ -337,12 +391,6 @@ If not specified, C<< service >> is required. This can be c<< tcp >> or C<< upd >> and is used to specify what protocol to use with the C<< port >>, when specified. The default is C<< tcp >>. -=head3 service (optional) - -This is the name of the service to work on. - -If not specified, C<< port >> is required. - =cut sub manage_firewall { @@ -350,52 +398,255 @@ sub manage_firewall my $parameter = shift; my $an = $self->parent; - my $task = defined $parameter->{task} ? $parameter->{task} : "check"; - my $port = defined $parameter->{port} ? $parameter->{port} : ""; - my $port_type = defined $parameter->{port_type} ? $parameter->{port_type} : ""; - my $service = defined $parameter->{service} ? $parameter->{service} : ""; + my $task = defined $parameter->{task} ? $parameter->{task} : "check"; + my $port_number = defined $parameter->{port_number} ? $parameter->{port_number} : ""; + my $port_type = defined $parameter->{port_type} ? $parameter->{port_type} : "tcp"; $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - task => $task, - port => $port, - port_type => $port_type, - service => $service, + task => $task, + port_number => $port_number, + port_type => $port_type, }}); # Make sure we have a port or service. - if ((not $port) && (not $service)) + if (not $port_number) { # ... return("!!error!!"); } # Before we do anything, what zone is active? - my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --get-active-zones"; - my $output = $an->System->call({shell_call => $shell_call}) my $active_zone = ""; + if (not $active_zone) + { + my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --get-active-zones"; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); + + my $output = $an->System->call({shell_call => $shell_call}); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }}); + foreach my $line (split/\n/, $output) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); + if ($line !~ /\s/) + { + $active_zone = $line; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { active_zone => $active_zone }}); + } + last; + } + } + + # What is the default zone? + my $default_zone = ""; + if (not $default_zone) + { + my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --get-default-zone"; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); + + my $output = $an->System->call({shell_call => $shell_call}); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }}); + foreach my $line (split/\n/, $output) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); + if ($line !~ /\s/) + { + $default_zone = $line; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { default_zone => $default_zone }}); + } + last; + } + } $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { - shell_call => $shell_call, - output => $output, + active_zone => $active_zone, + default_zone => $default_zone, }}); - foreach my $line (split/\n/, $output) + + # If we have an active zone, see if the requested port is open. + my $open_tcp_ports = []; + my $open_udp_ports = []; + my $open_services = []; + if ($active_zone) { - $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); - if ($line =~ /^\S$/) + my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --zone=".$active_zone." --list-all"; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); + + my $output = $an->System->call({shell_call => $shell_call}); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }}); + foreach my $line (split/\n/, $output) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); + if ($line =~ /services: (.*)$/) + { + my $services = $an->Words->clean_spaces({ string => $1 }); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { services => $services }}); + foreach my $service (split/\s/, $services) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { service => $service }}); + push @{$open_services}, $service; + } + } + if ($line =~ /ports: (.*)$/) + { + my $open_ports = $an->Words->clean_spaces({ string => $1 }); + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { open_ports => $open_ports }}); + foreach my $port (split/\s/, $open_ports) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { port => $port }}); + if ($port =~ /^(\d+)\/tcp/) + { + my $tcp_port = $1; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { tcp_port => $tcp_port }}); + push @{$open_tcp_ports}, $tcp_port; + } + elsif ($port =~ /^(\d+)\/udp/) + { + my $udp_port = $1; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { udp_port => $udp_port }}); + push @{$open_udp_ports}, $udp_port; + } + else + { + # Bad port. + return("!!error!!"); + } + } + } + } + + # Convert services to ports. + foreach my $service (sort @{$open_services}) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { service => $service }}); + + my $shell_call = $an->data->{path}{exe}{'firewall-cmd'}." --info-service ".$service; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }}); + + my $output = $an->System->call({shell_call => $shell_call}); + my $port = ""; + my $protocol = ""; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { output => $output }}); + foreach my $line (split/\n/, $output) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }}); + if ($line =~ /ports: (\d+)\/(.*)$/) + { + $port = $1; + $protocol = $2; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { + port => $port, + protocol => $protocol, + }}); + if ($protocol eq "tcp") + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { port => $port }}); + push @{$open_tcp_ports}, $port; + } + elsif ($protocol eq "udp") + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { port => $port }}); + push @{$open_udp_ports}, $port; + } + else + { + # What? + return("!!error!!"); + } + } + } + if ((not $port) or (not $protocol)) + { + # What? + return("!!error!!"); + } + } + } + + # Debugging + foreach my $open_tcp_port (sort {$a cmp $b} @{$open_tcp_ports}) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { open_tcp_port => $open_tcp_port }}); + } + foreach my $open_udp_port (sort {$a cmp $b} @{$open_udp_ports}) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { open_udp_port => $open_udp_port }}); + } + + # See if the requested port is open. + my $open = 0; + if ($port_type eq "tcp") + { + foreach my $port (sort {$a cmp $b} @{$open_tcp_ports}) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { port => $port }}); + if ($port eq $port_number) + { + $open = 1; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open }}); + last; + } + } + } + elsif ($port_type eq "udp") + { + foreach my $port (sort {$a cmp $b} @{$open_udp_ports}) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { port => $port }}); + if ($port eq $port_number) + { + $open = 1; + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open }}); + last; + } + } + } + else + { + # Bad port type + return("!!error!!"); + } + + # We're done if we were just checking. + if ($task eq "check") + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { 'open' => $open }}); + return($open); + } + + # If we're opening or closing, work on the active and default zones (or just the one when they're the + # same zone) + my $zones = $default_zone; + if (($default_zone) && ($active_zone)) + { + if ($default_zone ne $active_zone) { - $active_zone = $1; - $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { active_zone => $active_zone }}); + $zones = $active_zone.",".$default_zone; } - last; } - if ($service) + elsif ($default_zone) + { + $zones = $default_zone; + } + elsif ($active_zone) { - # + $zones = $active_zone; } else { - + # No zones found... + return("!!error!!"); + } + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { zones => $zones }}); + foreach my $zone (split/,/, $zones) + { + $an->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { zone => $zone }}); } - return(0); + + # my $zone = firewall-cmd --get-default-zone + # firewall-cmd --zone=$zone --list-all + # check for 'services: ... postgresql ...' (for 5432) or 'ports: ... X ...' otherwise + # Check 'firewall-cmd --info-service=postgresql' to nonfirm 'ports: 5432/tcp' + + return($open); } =head2 ping