diff options
| -rwxr-xr-x | bash/tools/common-functions.sh | 54 | ||||
| -rwxr-xr-x | bash/tools/deploy_nexus.sh | 5 |
2 files changed, 49 insertions, 10 deletions
diff --git a/bash/tools/common-functions.sh b/bash/tools/common-functions.sh index 6ffb42a7..5563b047 100755 --- a/bash/tools/common-functions.sh +++ b/bash/tools/common-functions.sh @@ -345,14 +345,51 @@ create_all_certs() { create_cert "nexus" } -update_firewall() { -# TODO -#firewall-cmd --permanent --add-port=53/udp -#firewall-cmd --permanent --add-port=53/tcp -#firewall-cmd --permanent --add-port=10001/tcp -#firewall-cmd --permanent --add-port=80/tcp -#firewall-cmd --permanent --add-port=443/tcp -return 0 +# disable firewall (firewalld on rhel) and cleanup the iptables +# args: [<distro>] [<ip>] +# if no distro arg then run locally and only cleanup iptables +# if no ip arg then run locally +disable_firewall() { + _distro="$1" + _node_ip="$2" + + case "$_distro" in + rhel) + message info "Disable firewalld" + message warning "Please, if you have some other firewall service - disable it or configure it for this installation to work !" + if [ -n "$_node_ip" ] ; then + ssh -T "$_node_ip" + else + sh + fi <<EOF +if rpm -ql firewalld ; then + systemctl stop firewalld && systemctl disable firewalld + exit \$? +else + exit 0 +fi 2>&1 >/dev/null +EOF + ;; + *) + message warning "This system is not fully supported!" + message warning "The installation can stop working after the reboot - BE WARNED" + message warning "Please, if you have some firewall service - disable it or configure it for this installation to work !" + ;; + esac + + message info "Cleanup iptables" + if [ -n "$_node_ip" ] ; then + ssh -T "$_node_ip" + else + sh + fi <<EOF +iptables -P INPUT ACCEPT && \ +iptables -P OUTPUT ACCEPT && \ +iptables -P FORWARD ACCEPT && \ +iptables -F +EOF + + return 0 } distribute_root_CA() { @@ -556,6 +593,7 @@ deploy_node() { nodeip=$1 os=$2 echo "Deploying node $nodeip" + disable_firewall $os $nodeip distribute_root_CA $nodeip install_remote_docker $nodeip $os deploy_rancher_agent $nodeip diff --git a/bash/tools/deploy_nexus.sh b/bash/tools/deploy_nexus.sh index 1532c614..21a51cae 100755 --- a/bash/tools/deploy_nexus.sh +++ b/bash/tools/deploy_nexus.sh @@ -156,6 +156,9 @@ update_hosts # TODO #check_dependencies +# TODO: add rules to the firewall +disable_firewall "$OS_ID" + echo "Restarting dnsmasq" # TODO dnsmasq config? systemctl enable dnsmasq @@ -182,8 +185,6 @@ echo "Restarting docker" systemctl enable docker systemctl restart docker -update_firewall - set +e echo "** Loading images **" |