diff options
| author |   Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2016-10-01 13:18:11 +0200 |
|---|---|---|
| committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2016-10-09 16:33:43 +0200 |
| commit | 42f8585ebb8fffad19a89314659ab9129176c3e9 (patch) | |
| tree | e2cf6a4797bcbd036e080541cc3925f8b209549b /patches/opnfv-fuel/0010-post-scripts-Allow-SSH-on-non-admin-ifaces.patch | |
| parent | 6f3a054fc95622f0c002f72c0fac6074bb36c36f (diff) | |
build: Rework patch mechanism for Fuel submodules
While refactoring the patching mechanism, take care of:
- Sync submodule handling with Fuel@OPFNV;
- build: Investigate/prepare for moving patches to Fuel@OPNFV;
- build: Investigate divergent fuel-mirror;
- ISO build: cacheid for Fuel comps should not depend on
Armband git commit;
CHANGE:
Rename/shuffle patches while grouping them in "features",
preparing for upstreaming them to Fuel@OPNFV and beyond.
CHANGE:
Allow linking patches for better representing the dependency
between one patch and different features.
e.g. 0001-Add-arch-to-nailgun-release-and-target-image.patch:
- part of `multiarch-fuel`, because it extends Fuel;
- part of `direct-kernel-boot`, as arch is required for that;
- part of `cross-bootstrap`, target image is arch-dependent;
NOTE: Patch links are not staged to Fuel@OPNFV, they only serve
as markers that a specific patch is part of a feature.
CHANGE:
Kill all Fuel component submodules, now handled in Fuel@OPNFV:
- fuel-agent
- fuel-astute
- fuel-library
- fuel-mirror
- fuel-nailgun-agent
- fuel-web
CHANGE:
Move armband-fuel-config.mk to armband git root.
FIXME: m1.micro-Increase-profile-RAM-size-to-128MB.patch is NOT
part of `cross-bootstrap` feature, but patch context says so ...
FIXME: 0001-Add-arm64-deb-repositories-setup.patch is broken at
`make patches-export` by removing spaces at EOL.
v2 -> v3:
* Phony patch support (links to show a patch belongs to a feature);
* Updated README.md
v3 -> v7:
* Re-export Fuel submodules & plugins patches (update patch context);
* Update Cavium mail addresses (s/caviumnetworks.com/cavium.com/);
* Ignore submodule changes;
* Add armband git repo info to gitinfo_fuel.txt at build time;
Implements: ARMBAND-136
Closes-bug: ARMBAND-95
Closes-bug: ARMBAND-93
Closes-bug: ARMBAND-92
Change-Id: I1a236d9f43b2e6dca22055911f696b43c22b5973
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'patches/opnfv-fuel/0010-post-scripts-Allow-SSH-on-non-admin-ifaces.patch')
| -rw-r--r-- | patches/opnfv-fuel/0010-post-scripts-Allow-SSH-on-non-admin-ifaces.patch | 47 |
1 files changed, 0 insertions, 47 deletions
diff --git a/patches/opnfv-fuel/0010-post-scripts-Allow-SSH-on-non-admin-ifaces.patch b/patches/opnfv-fuel/0010-post-scripts-Allow-SSH-on-non-admin-ifaces.patch deleted file mode 100644 index e098d47c..00000000 --- a/patches/opnfv-fuel/0010-post-scripts-Allow-SSH-on-non-admin-ifaces.patch +++ /dev/null @@ -1,47 +0,0 @@ -From: Alexandru Avadanii <Alexandru.Avadanii@enea.com> -Date: Tue, 12 Jul 2016 16:12:25 +0200 -Subject: [PATCH] post-scripts: Allow SSH on non-admin ifaces. - -By default, Fuel 9.0 configures iptables to only accept SSH connections -on admin interface. - -If more than the admin interface is configured (e.g. by transplant script -or manually in fuel menu), whitelist SSH connections on all ifaces. - -Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> ---- - .../post-scripts/10_accept_ssh_all_ifaces.sh | 25 ++++++++++++++++++++++ - 1 file changed, 25 insertions(+) - create mode 100755 build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh - -diff --git a/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh b/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh -new file mode 100755 -index 0000000..b551516 ---- /dev/null -+++ b/build/f_isoroot/f_bootstrap/post-scripts/10_accept_ssh_all_ifaces.sh -@@ -0,0 +1,25 @@ -+#/bin/sh -+############################################################################## -+# Copyright (c) 2016 Enea AB and others. -+# Alexandru.Avadanii@enea.com -+# All rights reserved. This program and the accompanying materials -+# are made available under the terms of the Apache License, Version 2.0 -+# which accompanies this distribution, and is available at -+# http://www.apache.org/licenses/LICENSE-2.0 -+############################################################################## -+ -+# Only mess with iptables if we have additional interfaces configured -+if grep -q "DEFROUTE=no" "/etc/sysconfig/network-scripts/ifcfg-eth0"; then -+ echo "iptables: Allow SSH connections on all interfaces" -+ # By default, Fuel 9.0 configures iptables to only accept SSH connections -+ # on admin interface. Whitelist SSH connections on all ifaces. -+ while [ $? -eq 0 ]; do -+ # First, try removing the rule we want to add to prevent duplicates -+ iptables -D INPUT -p tcp --dport ssh -j ACCEPT > /dev/null 2>&1; -+ done -+ iptables -A INPUT -p tcp --dport ssh -j ACCEPT -+ service iptables save -+ echo "iptables: Done configuring SSH" -+else -+ echo "iptables: Skipping configuring SSH for non-admin ifaces" -+fi |