Joey Boggs
2009-Feb-17 21:46 UTC
[Ovirt-devel] [PATCH server] finally enabling iptables support
---
.../appliances/ovirt-appliance/ovirt-appliance.pp | 3 ++-
installer/bin/ovirt-installer | 4 +++-
installer/modules/ovirt/manifests/cobbler.pp | 5 ++---
installer/modules/ovirt/manifests/dhcp.pp | 4 ++++
installer/modules/ovirt/manifests/dns.pp | 4 ++++
installer/modules/ovirt/manifests/freeipa.pp | 8 ++++++--
installer/modules/ovirt/manifests/ovirt.pp | 7 ++++++-
7 files changed, 27 insertions(+), 8 deletions(-)
diff --git a/installer/appliances/ovirt-appliance/ovirt-appliance.pp
b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
index 88581ca..125edf9 100644
--- a/installer/appliances/ovirt-appliance/ovirt-appliance.pp
+++ b/installer/appliances/ovirt-appliance/ovirt-appliance.pp
@@ -2,7 +2,8 @@
import 'ovirt'
import 'firewall'
-firewall::setup{'setup': status => 'disabled'}
+firewall::setup{'setup': status => 'enabled'}
+firewall_rule{"ssh": destination_port => "22"}
# dns configuration
$mgmt_ipaddr = '192.168.50.2'
diff --git a/installer/bin/ovirt-installer b/installer/bin/ovirt-installer
index 222c57b..90e5018 100755
--- a/installer/bin/ovirt-installer
+++ b/installer/bin/ovirt-installer
@@ -222,9 +222,11 @@ template = <<END_OF_TEMPLATE
import 'ovirt'
import 'firewall'
firewall::setup{'setup':
- status => 'disabled'
+ status => 'enabled'
}
+firewall_rule{"ssh": destination_port => "22"}
+
#DNS Configuration
$mgmt_ipaddr = '<%= mgmt_ipaddr %>'
$prov_ipaddr = '<%= prov_ipaddr %>'
diff --git a/installer/modules/ovirt/manifests/cobbler.pp
b/installer/modules/ovirt/manifests/cobbler.pp
index c2f66ca..3ffe205 100644
--- a/installer/modules/ovirt/manifests/cobbler.pp
+++ b/installer/modules/ovirt/manifests/cobbler.pp
@@ -108,9 +108,8 @@ class cobbler::bundled {
require => Package["cobbler"]
}
-# firewall_rule{"69": destination_port => "69"}
-# firewall_rule{"25150": destination_port => "25150"}
-# firewall_rule{"25151": destination_port => "25151"}
+ firewall_rule{"25150": destination_port => "25150"}
+ firewall_rule{"25151": destination_port => "25151"}
file {"/usr/sbin/cobbler-import":
source => "puppet:///ovirt/cobbler-import",
diff --git a/installer/modules/ovirt/manifests/dhcp.pp
b/installer/modules/ovirt/manifests/dhcp.pp
index c5c8f9a..8127646 100644
--- a/installer/modules/ovirt/manifests/dhcp.pp
+++ b/installer/modules/ovirt/manifests/dhcp.pp
@@ -31,4 +31,8 @@ class dhcp::bundled {
command =>
"/usr/share/ace/modules/ovirt/files/dns_entries.sh $dhcp_start $dhcp_stop
$dhcp_network $dhcp_domain",
}
+ firewall_rule {"tftp": destination_port => '69',
protocol => 'udp'}
+ firewall_rule {"dhcpd": destination_port => '68',
protocol => 'udp'}
+ firewall_rule {"bootp": destination_port => '67',
protocol => 'udp'}
+
}
diff --git a/installer/modules/ovirt/manifests/dns.pp
b/installer/modules/ovirt/manifests/dns.pp
index 7498f77..98d9942 100644
--- a/installer/modules/ovirt/manifests/dns.pp
+++ b/installer/modules/ovirt/manifests/dns.pp
@@ -82,6 +82,10 @@ define dns::bundled($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="")
"set HOSTNAME $ipa_host"
]
}
+
+ firewall_rule {"named": destination_port => '53'}
+ firewall_rule {"named-udp": destination_port =>
'53', protocol => 'udp'}
+
}
define dns::remote($mgmt_ipaddr="",
$prov_ipaddr="",$mgmt_dev="",$prov_dev="") {
diff --git a/installer/modules/ovirt/manifests/freeipa.pp
b/installer/modules/ovirt/manifests/freeipa.pp
index f639d46..ea92ee5 100644
--- a/installer/modules/ovirt/manifests/freeipa.pp
+++ b/installer/modules/ovirt/manifests/freeipa.pp
@@ -89,8 +89,12 @@ class freeipa::bundled{
require => Single_exec[ipa_ovirtadmin_group]
}
-# firewall_rule{"krb5": destination_port => "88"}
-# firewall_rule {"ldap": destination_port => '389'}
+ firewall_rule{"krb5": destination_port => "88"}
+ firewall_rule {"ldap": destination_port => '389'}
+ firewall_rule {"freeip-636": destination_port =>
'636'}
+ firewall_rule {"freeipa-464": destination_port =>
'464'}
+ firewall_rule {"freeipa-88-udp": destination_port =>
'88', protocol => 'udp'}
+ firewall_rule {"freeipa-464-udp": destination_port =>
'464', protocol => 'udp'}
}
diff --git a/installer/modules/ovirt/manifests/ovirt.pp
b/installer/modules/ovirt/manifests/ovirt.pp
index c81b6f2..9bc1dce 100644
--- a/installer/modules/ovirt/manifests/ovirt.pp
+++ b/installer/modules/ovirt/manifests/ovirt.pp
@@ -175,6 +175,11 @@ class ovirt::setup {
enable => false
}
-# firewall_rule{"http": destination_port => "80"}
+ firewall_rule{"http": destination_port => "80"}
+ firewall_rule {"https": destination_port => '443'}
+ firewall_rule {"host-browser": destination_port =>
'12120'}
+ firewall_rule {"qpidd": destination_port =>
'5672'}
+ firewall_rule {"collectd": destination_port =>
'25826', protocol => 'udp'}
+ firewall_rule {"ntpd": destination_port => '123',
protocol => 'udp'}
}
--
1.6.0.6