summaryrefslogtreecommitdiffstats
path: root/patches/opnfv-fuel/0005-transplant-Generate-extra-interfaces-config-file.patch
AgeCommit message (Collapse)AuthorFilesLines
2016-07-12iptables: Move SSH rules to post-scripts.Alexandru Avadanii1-3/+1
Previous change [1] introduced the addition of an iptables rule that was supposed to allow SSH access on all ifaces (not only admin iface) when additional ifaces are configured. However, Fuel installer is flushing the rules after transplant adds our SSH config, overwriting it. Move iptables SSH config to post-install section, as standalone script. In order to keep the same behavior, test ifcfg-eth0 (admin interface is expected to be called eth0 by convention) for "DEFROUTE=no" and only whitelist SSH on all ifaces if it matches. [1] https://gerrit.opnfv.org/gerrit/#/c/16571/ Change-Id: I086b75461daa62671cad10494fe34acfd77757ae Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2016-07-07transplant.py: Allow SSH on all interfaces.Alexandru Avadanii1-5/+3
Previously (in Fuel 8.0), SSH used to listen only on 10.20.0.2 (admin interface), which required editing sshd_config and restarting SSH server for allowing SSH connections over the public IP on eth1 (just an example, which corresponds to Armband PODs use cases). In Fuel 9.0, SSH server on Fuel Master listens on all ifaces, but connections are filtered by iptables. This change piggy-backs on a previous Armband addition that allows transplant.py script to configure additional interfaces (e.g. public). In case additional interfaces have been configured by transplant, this change will instruct iptables to accept SSH connections on ANY interface, not only the admin one. Possible improvements: - limit SSH access to admin + interfaces added by transplant instead of ANY; Change-Id: I0923496e1b23f6dc826c8afbbe9805956c2d4b34 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2016-06-17opnv-fuel: updated deploy patch setJosep Puigdemont1-0/+112
Change-Id: I9442f217d2f840382b40f6eae77ddb9ae2ddbadc Signed-off-by: Josep Puigdemont <josep.puigdemont@enea.com>