Merge "Add firewall support for opensuse"

This commit is contained in:
Jenkins 2017-04-26 17:46:43 +00:00 committed by Gerrit Code Review
commit f515d7b9a9
3 changed files with 19 additions and 1 deletions

View File

@ -36,7 +36,7 @@
"puppet": "ruby2.1-rubygem-puppet",
"python-dev": "python-devel",
"python3-dev": "python3-devel",
"iptables": "iptables",
"iptables": "iptables SuSEfirewall2",
"uuid-runtime": "uuidd"
}
},

View File

@ -28,6 +28,10 @@ elif [[ "$DISTRO_NAME" =~ (centos|fedora) ]] ; then
rules_dir=/etc/sysconfig
ipv4_rules=${rules_dir}/iptables
ipv6_rules=${rules_dir}/ip6tables
elif [[ "$DISTRO_NAME" =~ 'opensuse' ]] ; then
rules_dir=/etc/sysconfig
ipv4_rules=${rules_dir}/iptables
ipv6_rules=${rules_dir}/ip6tables
else
echo "Unsupported operating system $DISTRO_NAME"
exit 1
@ -81,3 +85,15 @@ cat > $ipv6_rules << EOF
-A openstack-INPUT -j REJECT --reject-with icmp6-adm-prohibited
COMMIT
EOF
if [[ "$DISTRO_NAME" =~ 'opensuse' ]] ; then
sed -i -e 's,^FW_CUSTOMRULES=.*$,FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom",' /etc/sysconfig/SuSEfirewall2
cat > /etc/sysconfig/scripts/SuSEfirewall2-custom <<EOF
fw_custom_after_finished() {
/usr/sbin/iptables-restore $ipv4_rules
/usr/sbin/ip6tables-restore $ipv6_rules
}
EOF
fi

View File

@ -28,6 +28,8 @@ if [[ "$DISTRO_NAME" =~ (debian|ubuntu) ]] ; then
fi
elif [[ "$DISTRO_NAME" =~ (centos|fedora) ]] ; then
service_name=iptables
elif [[ "$DISTRO_NAME" == 'opensuse' ]] ; then
service_name=SuSEfirewall2
else
echo "Unsupported operating system $DISTRO_NAME"
exit 1