apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-03 04:12:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-8947 - Configure the firewall when the load balancer is setup

Browse Source 
- Only restart HAproxy if it's not running yet
This commit is contained in:
Wilder Rodrigues 2015-10-13 15:54:59 +02:00
parent 4a177031b0
commit 59bd935f3e
1 changed files with 18 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py
View File

@ -19,6 +19,7 @@ import os.path
import re import re
import shutil import shutil
from cs.CsDatabag import CsDataBag from cs.CsDatabag import CsDataBag
from CsProcess import CsProcess
from CsFile import CsFile from CsFile import CsFile
import CsHelper import CsHelper
@ -27,7 +28,7 @@ HAPROXY_CONF_P = "/etc/haproxy/haproxy.cfg"
class CsLoadBalancer(CsDataBag): class CsLoadBalancer(CsDataBag):
""" Manage Load Balance entries """ """ Manage Load Balancer entries """
def process(self): def process(self):
if "config" not in self.dbag.keys(): if "config" not in self.dbag.keys():
@ -43,23 +44,33 @@ class CsLoadBalancer(CsDataBag):
if not file2.compare(file1): if not file2.compare(file1):
file1.commit() file1.commit()
shutil.copy2(HAPROXY_CONF_T, HAPROXY_CONF_P) shutil.copy2(HAPROXY_CONF_T, HAPROXY_CONF_P)
proc = CsProcess(['/var/run/haproxy.pid'])
if not proc.find():
logging.debug("CsLoadBalancer:: will restart HAproxy!")
CsHelper.service("haproxy", "restart") CsHelper.service("haproxy", "restart")
else:
logging.debug("CsLoadBalancer:: will reload HAproxy!")
CsHelper.service("haproxy", "reload")
add_rules = self.dbag['config'][0]['add_rules'] add_rules = self.dbag['config'][0]['add_rules']
remove_rules = self.dbag['config'][0]['remove_rules'] remove_rules = self.dbag['config'][0]['remove_rules']
self._configure_firewall(add_rules, remove_rules) self._configure_firewall(add_rules, remove_rules)
def _configure_firewall(self, add_rules, remove_rules): def _configure_firewall(self, add_rules, remove_rules):
firewall = self.fw firewall = self.config.get_fw()
logging.debug("CsLoadBalancer:: configuring firewall. Add rules ==> %s" % add_rules)
logging.debug("CsLoadBalancer:: configuring firewall. Remove rules ==> %s" % remove_rules)
for rules in add_rules: for rules in add_rules:
path = rules.split(':') path = rules.split(':')
ip = path[0] ip = path[0]
port = path[1] port = path[1]
fw.append(["filter", "", "-A INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)]) firewall.append(["filter", "", "-A INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)])
for rules in remove_rules: for rules in remove_rules:
path = rules.split(':') path = rules.split(':')
ip = path[0] ip = path[0]
port = path[1] port = path[1]
fw.append(["filter", "", "-D INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)]) firewall.append(["filter", "", "-D INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)])