Allow gre through firewalld with one liner

Change-Id: I43c47dc1d91db5082f24ebc762590cbf2d3452ab Closes-Bug: 1641077
2017-09-14 16:50:09 +02:00 · 2017-09-14 16:50:09 +02:00 · 8854d867fd
parent 1921e2011a
commit 8854d867fd
2 changed files with 10 additions and 0 deletions
--- a/hooks/fabfile.py
+++ b/hooks/fabfile.py
@ -83,5 +83,10 @@ def fix_selinux_permission(path):
         '{}'.format(path))


+def allow_gre_firewalld():
+    sudo('firewall-cmd --permanent --direct \
+         --add-rule ipv4 filter INPUT 0 -p gre -j ACCEPT')
+
+
 def fix_local_ip(f):
    sudo('sed -i "s!LOCAL_IP!{}!g" {}'.format(env.host, f))
--- a/hooks/nova_compute_proxy.py
+++ b/hooks/nova_compute_proxy.py
@ -39,6 +39,7 @@ from fabfile import (
    enable_service,
    enable_shell,
    disable_shell,
+    allow_gre_firewalld,
    fix_path_ownership,
    fix_selinux_permission,
    fix_local_ip
@ -112,8 +113,12 @@ class REMOTEProxy():
    def install(self):
        self._setup_yum()
        self._install_packages()
+        self._allow_gre_firewalld()
        self._enable_services()

+    def _allow_gre_firewalld(self):
+        execute(allow_gre_firewalld)
+
    def _setup_yum(self):
        log('Setup yum')
        repo_id = 1