diff options
| author |   Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-06-28 20:48:38 +0200 |
|---|---|---|
| committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-06-28 20:51:14 +0200 |
| commit | a0805a01542505301918cacb5db6216814c40023 (patch) | |
| tree | dcc125fa94cbacdac6f30bea2d6ebc59ad335598 /patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch | |
| parent | be00c803bcefb56ad9f690ae1509d3dcae7e9d9b (diff) | |
MCP: Remove all Fuel patches and plugins
Chances are none of the old patches / plugins can be reused as-is,
so remove all of them and prepare for the switch to MCP.
Change-Id: I999927a43b438d9bda9ff118731e2af4b1fa8caa
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch')
| -rw-r--r-- | patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch | 55 |
1 files changed, 0 insertions, 55 deletions
diff --git a/patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch b/patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch deleted file mode 100644 index 157299de..00000000 --- a/patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch +++ /dev/null @@ -1,55 +0,0 @@ -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -: Copyright (c) 2017 Enea AB and others. -: -: All rights reserved. This program and the accompanying materials -: are made available under the terms of the Apache License, Version 2.0 -: which accompanies this distribution, and is available at -: http://www.apache.org/licenses/LICENSE-2.0 -:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> -Date: Tue, 12 Jul 2016 16:12:25 +0200 -Subject: [PATCH] post-scripts: Allow SSH on non-admin ifaces. - -By default, Fuel 9.0 configures iptables to only accept SSH connections -on admin interface. - -If more than the admin interface is configured (e.g. by transplant script -or manually in fuel menu), whitelist SSH connections on all ifaces. - -Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> ---- - .../post-scripts/10_accept_ssh_all_ifaces.sh | 25 ++++++++++++++++++++++ - 1 file changed, 25 insertions(+) - create mode 100755 build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh - -diff --git a/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh b/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh -new file mode 100755 -index 0000000..b551516 ---- /dev/null -+++ b/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh -@@ -0,0 +1,25 @@ -+#/bin/sh -+############################################################################## -+# Copyright (c) 2016 Enea AB and others. -+# Alexandru.Avadanii@enea.com -+# All rights reserved. This program and the accompanying materials -+# are made available under the terms of the Apache License, Version 2.0 -+# which accompanies this distribution, and is available at -+# http://www.apache.org/licenses/LICENSE-2.0 -+############################################################################## -+ -+# Only mess with iptables if we have additional interfaces configured -+if grep -q "DEFROUTE=no" "/etc/sysconfig/network-scripts/ifcfg-eth0"; then -+ echo "iptables: Allow SSH connections on all interfaces" -+ # By default, Fuel 9.0 configures iptables to only accept SSH connections -+ # on admin interface. Whitelist SSH connections on all ifaces. -+ while [ $? -eq 0 ]; do -+ # First, try removing the rule we want to add to prevent duplicates -+ iptables -D INPUT -p tcp --dport ssh -j ACCEPT > /dev/null 2>&1; -+ done -+ iptables -A INPUT -p tcp --dport ssh -j ACCEPT -+ service iptables save -+ echo "iptables: Done configuring SSH" -+else -+ echo "iptables: Skipping configuring SSH for non-admin ifaces" -+fi |