diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2016-10-01 13:18:11 +0200 |
---|---|---|
committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2016-10-09 16:33:43 +0200 |
commit | 42f8585ebb8fffad19a89314659ab9129176c3e9 (patch) | |
tree | e2cf6a4797bcbd036e080541cc3925f8b209549b /patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch | |
parent | 6f3a054fc95622f0c002f72c0fac6074bb36c36f (diff) |
build: Rework patch mechanism for Fuel submodules
While refactoring the patching mechanism, take care of:
- Sync submodule handling with Fuel@OPFNV;
- build: Investigate/prepare for moving patches to Fuel@OPNFV;
- build: Investigate divergent fuel-mirror;
- ISO build: cacheid for Fuel comps should not depend on
Armband git commit;
CHANGE:
Rename/shuffle patches while grouping them in "features",
preparing for upstreaming them to Fuel@OPNFV and beyond.
CHANGE:
Allow linking patches for better representing the dependency
between one patch and different features.
e.g. 0001-Add-arch-to-nailgun-release-and-target-image.patch:
- part of `multiarch-fuel`, because it extends Fuel;
- part of `direct-kernel-boot`, as arch is required for that;
- part of `cross-bootstrap`, target image is arch-dependent;
NOTE: Patch links are not staged to Fuel@OPNFV, they only serve
as markers that a specific patch is part of a feature.
CHANGE:
Kill all Fuel component submodules, now handled in Fuel@OPNFV:
- fuel-agent
- fuel-astute
- fuel-library
- fuel-mirror
- fuel-nailgun-agent
- fuel-web
CHANGE:
Move armband-fuel-config.mk to armband git root.
FIXME: m1.micro-Increase-profile-RAM-size-to-128MB.patch is NOT
part of `cross-bootstrap` feature, but patch context says so ...
FIXME: 0001-Add-arm64-deb-repositories-setup.patch is broken at
`make patches-export` by removing spaces at EOL.
v2 -> v3:
* Phony patch support (links to show a patch belongs to a feature);
* Updated README.md
v3 -> v7:
* Re-export Fuel submodules & plugins patches (update patch context);
* Update Cavium mail addresses (s/caviumnetworks.com/cavium.com/);
* Ignore submodule changes;
* Add armband git repo info to gitinfo_fuel.txt at build time;
Implements: ARMBAND-136
Closes-bug: ARMBAND-95
Closes-bug: ARMBAND-93
Closes-bug: ARMBAND-92
Change-Id: I1a236d9f43b2e6dca22055911f696b43c22b5973
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch')
-rw-r--r-- | patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch b/patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch new file mode 100644 index 00000000..e098d47c --- /dev/null +++ b/patches/opnfv-fuel/0004-post-scripts-Allow-SSH-on-non-admin-ifaces.patch @@ -0,0 +1,47 @@ +From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +Date: Tue, 12 Jul 2016 16:12:25 +0200 +Subject: [PATCH] post-scripts: Allow SSH on non-admin ifaces. + +By default, Fuel 9.0 configures iptables to only accept SSH connections +on admin interface. + +If more than the admin interface is configured (e.g. by transplant script +or manually in fuel menu), whitelist SSH connections on all ifaces. + +Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> +--- + .../post-scripts/10_accept_ssh_all_ifaces.sh | 25 ++++++++++++++++++++++ + 1 file changed, 25 insertions(+) + create mode 100755 build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh + +diff --git a/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh b/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh +new file mode 100755 +index 0000000..b551516 +--- /dev/null ++++ b/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh +@@ -0,0 +1,25 @@ ++#/bin/sh ++############################################################################## ++# Copyright (c) 2016 Enea AB and others. ++# Alexandru.Avadanii@enea.com ++# All rights reserved. This program and the accompanying materials ++# are made available under the terms of the Apache License, Version 2.0 ++# which accompanies this distribution, and is available at ++# http://www.apache.org/licenses/LICENSE-2.0 ++############################################################################## ++ ++# Only mess with iptables if we have additional interfaces configured ++if grep -q "DEFROUTE=no" "/etc/sysconfig/network-scripts/ifcfg-eth0"; then ++ echo "iptables: Allow SSH connections on all interfaces" ++ # By default, Fuel 9.0 configures iptables to only accept SSH connections ++ # on admin interface. Whitelist SSH connections on all ifaces. ++ while [ $? -eq 0 ]; do ++ # First, try removing the rule we want to add to prevent duplicates ++ iptables -D INPUT -p tcp --dport ssh -j ACCEPT > /dev/null 2>&1; ++ done ++ iptables -A INPUT -p tcp --dport ssh -j ACCEPT ++ service iptables save ++ echo "iptables: Done configuring SSH" ++else ++ echo "iptables: Skipping configuring SSH for non-admin ifaces" ++fi |