From cda2abd87d09bf974c377eddb298b1b04d99cb3e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miguel=20=C3=81lvarez?= <128592227+malvads@users.noreply.github.com> Date: Wed, 7 Aug 2024 13:00:10 +0100 Subject: [PATCH] Release 2.5.1 (#160) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Open port 123 * Add script to call GLPI Api and enrich objects * Delete file with wrong name * Change position of parameters * Revert "Add script to connect with GLPI and enrich objects" (#157) * upload and verify roles, databags and cookbooks to chef * Bump to 2.5.0 * Update rb_init_conf.rb * add port for mognodb (#153) Co-authored-by: Miguel Negrón <45871721+manegron@users.noreply.github.com> --------- Co-authored-by: JuanSheba Co-authored-by: Rafa Gómez Co-authored-by: David Vanhoucke Co-authored-by: nilsver <139124949+nilsver@users.noreply.github.com> Co-authored-by: Miguel Negrón <45871721+manegron@users.noreply.github.com> Co-authored-by: david vhk <34706472+davidredborder@users.noreply.github.com> --- VERSION | 2 +- resources/bin/rb_configure_leader.sh | 14 +- resources/bin/rb_upload_chef_data.sh | 407 +++++++++++++++++---------- resources/bin/rb_upload_cookbooks.sh | 76 +++++ resources/scripts/rb_init_conf.rb | 63 +++-- 5 files changed, 373 insertions(+), 189 deletions(-) create mode 100755 resources/bin/rb_upload_cookbooks.sh diff --git a/VERSION b/VERSION index 197c4d5c..4fd0fe3c 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.4.0 +2.5.1 \ No newline at end of file diff --git a/resources/bin/rb_configure_leader.sh b/resources/bin/rb_configure_leader.sh index 9be54910..45a48198 100755 --- a/resources/bin/rb_configure_leader.sh +++ b/resources/bin/rb_configure_leader.sh @@ -374,19 +374,7 @@ function configure_leader(){ e_title "Uploading cookbooks" mkdir -p /var/chef/cache/cookbooks/ - listCookbooks="rb-common rb-selinux cron zookeeper kafka druid http2k memcached chef-server consul - hadoop samza nginx geoip webui snmp mongodb rbmonitor rbscanner - f2k logstash pmacct minio postgresql rbdswatcher rbevents-counter - rsyslog freeradius rbnmsp n2klocd rbale rbcep k2http rblogstatter rb-arubacentral rbcgroup rb-exporter rb-clamav rb-postfix - keepalived snort barnyard2 rbaioutliers - mem2incident - rb-proxy rb-ips rb-manager" # The order matters! (please keep proxy ips and manager at the end) - - for n in $listCookbooks; do # cookbooks - # rsync -a /var/chef/cookbooks/${n}/ /var/chef/cache/cookbooks/$n - # Uploadind cookbooks - knife cookbook upload $n - done + $RBBIN/rb_upload_cookbooks.sh e_title "Registering chef-client ..." chef-client diff --git a/resources/bin/rb_upload_chef_data.sh b/resources/bin/rb_upload_chef_data.sh index 5a5bde7a..f78d2bf0 100755 --- a/resources/bin/rb_upload_chef_data.sh +++ b/resources/bin/rb_upload_chef_data.sh @@ -23,131 +23,248 @@ ANSWERYES=0 source $RBLIB/rb_manager_functions.sh function upload_data_bag(){ - X="data bag" - key="$1" + X="data bag" + key="$1" local files=$2 - if [ "x$key" == "x" ]; then - DIRDB="data_bag" - else - DIRDB="data_bag_encrypted" - fi + if [ "x$key" == "x" ]; then + DIRDB="data_bag" + else + DIRDB="data_bag_encrypted" + fi - if [ -d $DATADIR/$DIRDB ]; then - echo -en "* Uploading \"$X" - [ "x$key" != "x" ] && echo -n " encrypted" - echo "\":" + if [ -d $DATADIR/$DIRDB ]; then + echo -en "* Uploading \"$X" + [ "x$key" != "x" ] && echo -n " encrypted" + echo "\":" if [ "x$files" != "x" ]; then - for n2 in `ls $files 2>/dev/null`; do + for n2 in `ls $files 2>/dev/null`; do n1=$(dirname $n2|sed 's|.*/||') - VAR="y" - if [ $ANSWERYES -eq 0 ]; then - echo -n " Would you like to upload $n1/`basename $n2` $X? (y/N) " - read VAR - if [ "x$VAR" == "y" -o "x$VAR" == "Y" -o "x$VAR" == "s" -o "x$VAR" == "S" ]; then - VAR="y" - fi - fi - if [ "x$VAR" == "xy" ]; then - echo -n " - $(echo $n2 | sed "s|/var/chef/data/||")" - if [ "x$key" != "x" ]; then - knife data bag -c /root/.chef/knife.rb from file $n1 $n2 --secret-file $key &>/dev/null - RET=$? - [ $RET -eq 0 ] && rm -f $n2 + VAR="y" + if [ $ANSWERYES -eq 0 ]; then + echo -n " Would you like to upload $n1/`basename $n2` $X? (y/N) " + read VAR + if [ "x$VAR" == "y" -o "x$VAR" == "Y" -o "x$VAR" == "s" -o "x$VAR" == "S" ]; then + VAR="y" + fi + fi + if [ "x$VAR" == "xy" ]; then + if [ "x$key" != "x" ]; then + max_retries=3 + retry_delay=5 + for ((retry = 1; retry <= max_retries; retry++)); do + echo -n " - $(echo $n2 | sed "s|/var/chef/data/||") attempt ($retry/$max_retries)" + knife data bag -c /root/.chef/knife.rb from file $n1 $n2 --secret-file $key &>/dev/null + RET=$? + if [ $RET -eq 0 ]; then + rm -f $n2 + print_result $RET + break + else + print_result $RET + echo "Error uploading databag '$n2'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + # If all retries fail, exit + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify databag '$n2' after $max_retries attempts." + fi + done + else + max_retries=3 + retry_delay=5 + for ((retry = 1; retry <= max_retries; retry++)); do + echo -n " - $(echo $n2 | sed "s|/var/chef/data/||") attempt ($retry/$max_retries)" + knife data bag -c /root/.chef/knife.rb from file $n1 $n2 &>/dev/null + RET=$? + if [ $RET -eq 0 ]; then + print_result $RET + break + else + print_result $RET + echo "Error uploading databag '$n2'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify databag '$n2' after $max_retries attempts." + fi + done + fi + fi + done + else + [ "x$(ls $DATADIR/$DIRDB 2>/dev/null)" == "x" ] && echo -n " - no databags to upload" && print_result 0 + + for n1 in `ls $DATADIR/$DIRDB 2>/dev/null`; do + if [ -d $DATADIR/$DIRDB/$n1 ]; then + #knife data bag -c $RBDIR/root/.chef/knife.rb create $n1 &>/dev/null + if [ "x$key" != "x" ]; then + max_retries=3 + retry_delay=5 + for ((retry = 1; retry <= max_retries; retry++)); do + echo -n " > Uploading \"$n1\" data bag: attempt ($retry/$max_retries)" + [ "x$key" != "x" ] && echo -n " encrypted" + knife data bag -c /root/.chef/knife.rb create $n1 --secret-file $key &>/dev/null + RET=$? + if [ $RET -eq 0 ]; then + print_result $RET + break + else + print_result $RET + echo "Error uploading databag '$n1'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + # If all retries fail, exit + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify databag '$n1' after $max_retries attempts." + fi + done else - knife data bag -c /root/.chef/knife.rb from file $n1 $n2 &>/dev/null - RET=$? + max_retries=3 + retry_delay=5 + for ((retry = 1; retry <= max_retries; retry++)); do + echo -n " > Uploading \"$n1\" data bag: attempt ($retry/$max_retries)" + [ "x$key" != "x" ] && echo -n " encrypted" + knife data bag -c /root/.chef/knife.rb create $n1 &>/dev/null + RET=$? + if [ $RET -eq 0 ]; then + print_result $RET + break + else + print_result $RET + echo "Error uploading databag '$n1'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + # If all retries fail, exit + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify databag '$n1' after $max_retries attempts." + fi + done fi - print_result $? - fi - done - else - [ "x$(ls $DATADIR/$DIRDB 2>/dev/null)" == "x" ] && echo -n " - no databags to upload" && print_result 0 - - for n1 in `ls $DATADIR/$DIRDB 2>/dev/null`; do - if [ -d $DATADIR/$DIRDB/$n1 ]; then - echo -n " > Uploading \"$n1\" data bag:" - [ "x$key" != "x" ] && echo -n " encrypted" - - #knife data bag -c $RBDIR/root/.chef/knife.rb create $n1 &>/dev/null - if [ "x$key" != "x" ]; then - knife data bag -c /root/.chef/knife.rb create $n1 --secret-file $key &>/dev/null - RET=$? - else - knife data bag -c /root/.chef/knife.rb create $n1 &>/dev/null - RET=$? - fi - print_result $? - - for n2 in `ls $DATADIR/$DIRDB/$n1/*.json 2>/dev/null`; do - VAR="y" - if [ $ANSWERYES -eq 0 ]; then - echo -n " Would you like to upload `basename $n1`/`basename $n2` $X? (y/N) " - read VAR - if [ "x$VAR" == "y" -o "x$VAR" == "Y" -o "x$VAR" == "s" -o "x$VAR" == "S" ]; then - VAR="y" - fi - fi - if [ "x$VAR" == "xy" ]; then - echo -n " - $(echo $n2 | sed "s|${RBDIR}/var/chef/data/||")" - if [ "x$key" != "x" ]; then - knife data bag -c /root/.chef/knife.rb from file $n1 $n2 --secret-file $key &>/dev/null - RET=$? - [ $RET -eq 0 ] && rm -f $n2 - else - knife data bag -c /root/.chef/knife.rb from file $n1 $n2 &>/dev/null - RET=$? - fi - print_result $? - fi - done - fi - done - fi - fi + + for n2 in `ls $DATADIR/$DIRDB/$n1/*.json 2>/dev/null`; do + VAR="y" + if [ $ANSWERYES -eq 0 ]; then + echo -n " Would you like to upload `basename $n1`/`basename $n2` $X? (y/N) " + read VAR + if [ "x$VAR" == "y" -o "x$VAR" == "Y" -o "x$VAR" == "s" -o "x$VAR" == "S" ]; then + VAR="y" + fi + fi + if [ "x$VAR" == "xy" ]; then + if [ "x$key" != "x" ]; then + max_retries=3 + retry_delay=5 + for ((retry = 1; retry <= max_retries; retry++)); do + echo -n " - $(echo $n2 | sed "s|${RBDIR}/var/chef/data/||") ($retry/$max_retries)" + knife data bag -c /root/.chef/knife.rb from file $n1 $n2 --secret-file $key &>/dev/null + RET=$? + if [ $RET -eq 0 ]; then + rm -f $n2 + print_result $RET + break + else + print_result $RET + echo "Error uploading databag '$n2'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + # If all retries fail, exit + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify databag '$n2' after $max_retries attempts." + fi + done + else + max_retries=3 + retry_delay=5 + for ((retry = 1; retry <= max_retries; retry++)); do + echo -n " - $(echo $n2 | sed "s|${RBDIR}/var/chef/data/||") ($retry/$max_retries)" + knife data bag -c /root/.chef/knife.rb from file $n1 $n2 &>/dev/null + RET=$? + if [ $RET -eq 0 ]; then + print_result $RET + break + else + print_result $RET + echo "Error uploading databag '$n1'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + # If all retries fail, exit + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify databag '$n1' after $max_retries attempts." + fi + done + fi + fi + done + fi + done + fi + fi } function upload_x(){ - X=$1 + X=$1 local files=$2 [ "x$files" == "x" ] && files="$DATADIR/$X/*.json" - if [ "x$X" != "x" ]; then - echo -e "* Uploading \"$X\":" - [ "x$(ls $DATADIR/$X 2>/dev/null)" == "x" ] && echo -n " - nothing to upload" && print_result 0 - if [ -d $DATADIR/$X ]; then - for n in `ls $files 2>/dev/null`; do - if [ "x$X" == "xenvironment" -a "x`basename $n`" == "x_default.json" ]; then - echo " - INFO: Enviroment _default cannot be uploaded"; - continue - fi - VAR="y" - if [ $ANSWERYES -eq 0 ]; then - echo -n " Would you like to upload `basename $n` $X? (y/N) " - read VAR - if [ "x$VAR" == "y" -o "x$VAR" == "Y" -o "x$VAR" == "s" -o "x$VAR" == "S" ]; then - VAR="y" - fi - fi - if [ "x$VAR" == "xy" ]; then - echo -n " - $(echo $n | sed "s|/var/chef/data/||")" - knife $X -c /root/.chef/knife.rb from file $n &>/dev/null - print_result $? - fi - done - fi - fi + if [ "x$X" != "x" ]; then + echo -e "* Uploading \"$X\":" + [ "x$(ls $DATADIR/$X 2>/dev/null)" == "x" ] && echo -n " - nothing to upload" && print_result 0 + if [ -d $DATADIR/$X ]; then + for n in `ls $files 2>/dev/null`; do + if [ "x$X" == "xenvironment" -a "x`basename $n`" == "x_default.json" ]; then + echo " - INFO: Enviroment _default cannot be uploaded"; + continue + fi + VAR="y" + if [ $ANSWERYES -eq 0 ]; then + echo -n " Would you like to upload `basename $n` $X? (y/N) " + read VAR + if [ "x$VAR" == "y" -o "x$VAR" == "Y" -o "x$VAR" == "s" -o "x$VAR" == "S" ]; then + VAR="y" + fi + fi + if [ "x$VAR" == "xy" ]; then + max_retries=3 + retry_delay=5 + for ((retry = 1; retry <= max_retries; retry++)); do + echo -n " - $(echo $n | sed "s|/var/chef/data/||") attempt ($retry/$max_retries)" + knife $X -c /root/.chef/knife.rb from file $n &>/dev/null + if [ $? -eq 0 ]; then + print_result $? + break + else + print_result $? + echo "Error uploading $X '$n'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + # If all retries fail, exit + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify $X '$n' after $max_retries attempts." + fi + done + fi + done + fi + fi } function usage(){ - echo "$0 [-d][-y]" - echo " -d: directory where the json data is stored" - echo " -y: answer yes by default" - echo " -f: use this file to upload" - echo " -h: print this help" - exit 1 + echo "$0 [-d][-y]" + echo " -d: directory where the json data is stored" + echo " -y: answer yes by default" + echo " -f: use this file to upload" + echo " -h: print this help" + exit 1 } @@ -156,53 +273,53 @@ do case $name in d) DATADIR=$OPTARG;; y) ANSWERYES=1;; - f) FILE=$OPTARG;; - h) usage;; + f) FILE=$OPTARG;; + h) usage;; esac done if [ "x$DIRCANDIDATE" != "x" ]; then - if [ -d $DIRCANDIDATE ]; then - if [ -d $DIRCANDIDATE/role -o -d $DIRCANDIDATE/client -o -d $DIRCANDIDATE/environment -o -d $DIRCANDIDATE/node ]; then - DATADIR=$DIRCANDIDATE - else - echo "ERROR: $DIRCANDIDATE contains no valid data!!" - exit 1 - fi - else - echo "ERROR: $DIRCANDIDATE not found!!" - exit 1 - fi + if [ -d $DIRCANDIDATE ]; then + if [ -d $DIRCANDIDATE/role -o -d $DIRCANDIDATE/client -o -d $DIRCANDIDATE/environment -o -d $DIRCANDIDATE/node ]; then + DATADIR=$DIRCANDIDATE + else + echo "ERROR: $DIRCANDIDATE contains no valid data!!" + exit 1 + fi + else + echo "ERROR: $DIRCANDIDATE not found!!" + exit 1 + fi fi [ ! -f /root/.chef/knife.rb -a -f /root/.chef/knife.rb.default ] && cp /root/.chef/knife.rb.default /root/.chef/knife.rb if [ "x$FILE" != "x" ]; then - cheftype=$(dirname $FILE|sed 's|.*/||') - if [ "x$cheftype" == "xenvironment" ]; then - upload_x "environment" $FILE - elif [ "x$cheftype" == "xnode" ]; then - upload_x "node" $FILE - elif [ "x$cheftype" == "xrole" ]; then - upload_x "role" $FILE + cheftype=$(dirname $FILE|sed 's|.*/||') + if [ "x$cheftype" == "xenvironment" ]; then + upload_x "environment" $FILE + elif [ "x$cheftype" == "xnode" ]; then + upload_x "node" $FILE + elif [ "x$cheftype" == "xrole" ]; then + upload_x "role" $FILE else #DataBags - chefdatabag=$(basename $(dirname $(dirname $FILE))) - if [ "x$chefdatabag" == "xdata_bag" ]; then - upload_data_bag "" $FILE - elif [ "x$chefdatabag" == "xdata_bag_encrypted" -a -f /etc/chef/encrypted_data_bag_secret ]; then - upload_data_bag /etc/chef/encrypted_data_bag_secret $FILE - fi - fi + chefdatabag=$(basename $(dirname $(dirname $FILE))) + if [ "x$chefdatabag" == "xdata_bag" ]; then + upload_data_bag "" $FILE + elif [ "x$chefdatabag" == "xdata_bag_encrypted" -a -f /etc/chef/encrypted_data_bag_secret ]; then + upload_data_bag /etc/chef/encrypted_data_bag_secret $FILE + fi + fi else - echo "Uploading chef information from $DATADIR: " - #upload_x "client" - echo - upload_x "environment" - echo - upload_x "node" - echo - upload_x "role" - echo - upload_data_bag - [ -f /etc/chef/encrypted_data_bag_secret ] && echo && upload_data_bag /etc/chef/encrypted_data_bag_secret + echo "Uploading chef information from $DATADIR: " + #upload_x "client" + echo + upload_x "environment" + echo + upload_x "node" + echo + upload_x "role" + echo + upload_data_bag + [ -f /etc/chef/encrypted_data_bag_secret ] && echo && upload_data_bag /etc/chef/encrypted_data_bag_secret fi diff --git a/resources/bin/rb_upload_cookbooks.sh b/resources/bin/rb_upload_cookbooks.sh new file mode 100755 index 00000000..f6e4c73a --- /dev/null +++ b/resources/bin/rb_upload_cookbooks.sh @@ -0,0 +1,76 @@ +#!/bin/bash + +####################################################################### +# Copyright (c) 2024 ENEO Tecnologia S.L. +# This file is part of redBorder. +# redBorder is free software: you can redistribute it and/or modify +# it under the terms of the GNU Affero General Public License License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# redBorder is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU Affero General Public License License for more details. +# You should have received a copy of the GNU Affero General Public License License +# along with redBorder. If not, see . +####################################################################### + +function upload_cookbook() { + local cookbook="$1" + + knife cookbook upload "$cookbook" &>/dev/null + if [[ $? -ne 0 ]]; then + echo "Error: Cookbook '$cookbook' could not be uploaded." + echo "checking cookbook dependencies" + + declare -a dependencies + if [ -d /var/chef/cookbooks/$cookbook ] && [ -f /var/chef/cookbooks/$cookbook/metadata.rb ]; then + + while IFS= read -r line; do + if [[ $line =~ ^depends[[:space:]]+\'([a-zA-Z0-9_-]+)\'([[:space:]]|\n)* ]]; then + dependencies+=(${BASH_REMATCH[1]}) + fi + done < /var/chef/cookbooks/$cookbook/metadata.rb + + for dependency in ${dependencies[@]}; do + upload_cookbook "$dependency" + if [ $? -ne 0 ]; then + echo "Error dependency: $dependency" + echo "Trying to upload dependency cookbook..." + else + echo "dependency cookbook '$dependency' uploaded and verified successfully." + fi + done + fi + return 1 + fi +} + + +listCookbooks="rb-common rb-selinux cron zookeeper kafka druid http2k memcached chef-server consul + hadoop samza nginx geoip webui snmp mongodb rbmonitor rbscanner + f2k logstash pmacct minio postgresql rbdswatcher rbevents-counter + rsyslog freeradius rbnmsp n2klocd rbale rbcep k2http rblogstatter rb-arubacentral rbcgroup rb-exporter rb-clamav rb-postfix + keepalived snort barnyard2 rbaioutliers mem2incident + rb-proxy rb-ips rb-manager" # The order matters! (please keep proxy ips and manager at the end) + +max_retries=3 +retry_delay=5 + +for n in $listCookbooks; do + for ((retry = 1; retry <= max_retries; retry++)); do + echo "Uploading cookbook: $n (attempt $retry/$max_retries)" + if upload_cookbook "$n"; then + echo "Cookbook '$n' uploaded and verified successfully." + break + else + echo "Error verifying cookbook '$n'. Retrying in $retry_delay seconds..." + sleep $retry_delay + fi + + # If all retries fail, exit + if ((retry == max_retries)); then + echo "Error: Failed to upload and verify cookbook '$n' after $max_retries attempts." + fi + done +done diff --git a/resources/scripts/rb_init_conf.rb b/resources/scripts/rb_init_conf.rb index 6b7f1da2..4da6dd10 100755 --- a/resources/scripts/rb_init_conf.rb +++ b/resources/scripts/rb_init_conf.rb @@ -122,7 +122,7 @@ else f.puts "DEFROUTE=no" end - end + end end } @@ -244,43 +244,43 @@ system("firewall-cmd --zone=home --add-protocol=igmp &>/dev/null") #nginx - system("firewall-cmd --permanent --zone=home --add-port=443/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=443/tcp &>/dev/null") # mDNS / serf - system("firewall-cmd --permanent --zone=home --add-source-port=5353/udp &>/dev/null") - system("firewall-cmd --permanent --zone=public --add-source-port=5353/udp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=5353/udp &>/dev/null") - system("firewall-cmd --permanent --zone=public --add-port=5353/udp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=7946/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=7946/udp &>/dev/null") - + system("firewall-cmd --permanent --zone=home --add-source-port=5353/udp &>/dev/null") + system("firewall-cmd --permanent --zone=public --add-source-port=5353/udp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=5353/udp &>/dev/null") + system("firewall-cmd --permanent --zone=public --add-port=5353/udp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=7946/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=7946/udp &>/dev/null") + #Consul ports - system("firewall-cmd --permanent --zone=home --add-port=8300/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=8301/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=8301/udp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=8302/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=8302/udp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=8400/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=8500/tcp &>/dev/null") - + system("firewall-cmd --permanent --zone=home --add-port=8300/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=8301/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=8301/udp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=8302/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=8302/udp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=8400/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=8500/tcp &>/dev/null") + #DNS - system("firewall-cmd --permanent --zone=home --add-port=53/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=53/udp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=53/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=53/udp &>/dev/null") #Chef server - system("firewall-cmd --permanent --zone=home --add-port=4443/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=5432/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=4443/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=5432/tcp &>/dev/null") #zookeeper - system("firewall-cmd --permanent --zone=home --add-port=2888/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=3888/tcp &>/dev/null") - system("firewall-cmd --permanent --zone=home --add-port=2181/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=2888/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=3888/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=2181/tcp &>/dev/null") #kafka - system("firewall-cmd --permanent --zone=home --add-port=9092/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=9092/tcp &>/dev/null") #http2k - system("firewall-cmd --permanent --zone=home --add-port=7980/tcp &>/dev/null") + system("firewall-cmd --permanent --zone=home --add-port=7980/tcp &>/dev/null") #f2k system("firewall-cmd --permanent --zone=home --add-port=2055/udp &>/dev/null") @@ -290,12 +290,12 @@ system("firewall-cmd --permanent --zone=home --add-port=6343/udp &>/dev/null") system("firewall-cmd --permanent --zone=public --add-port=6343/udp &>/dev/null") - #rsyslogd + #rsyslogd system("firewall-cmd --permanent --zone=home --add-port=514/tcp &>/dev/null") system("firewall-cmd --permanent --zone=home --add-port=514/udp &>/dev/null") system("firewall-cmd --permanent --zone=public --add-port=514/tcp &>/dev/null") system("firewall-cmd --permanent --zone=public --add-port=514/udp &>/dev/null") - + #freeradius system("firewall-cmd --permanent --zone=home --add-port=1812/udp &>/dev/null") system("firewall-cmd --permanent --zone=public --add-port=1812/udp &>/dev/null") @@ -312,7 +312,7 @@ system("firewall-cmd --permanent --zone=public --add-port=2057/tcp &>/dev/null") system("firewall-cmd --permanent --zone=home --add-port=2058/tcp &>/dev/null") system("firewall-cmd --permanent --zone=public --add-port=2058/tcp &>/dev/null") - + #druid system("firewall-cmd --permanent --zone=home --add-port=8080/tcp &>/dev/null") system("firewall-cmd --permanent --zone=home --add-port=8081/tcp &>/dev/null") @@ -332,7 +332,7 @@ #keepalived system("firewall-cmd --add-protocol=112 --permanent") system("firewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=\"224.0.0.18\" accept' --permanent") - + #webui system("firewall-cmd --permanent --zone=home --add-port=8001/tcp &>/dev/null") @@ -340,6 +340,9 @@ system("firewall-cmd --permanent --zone=home --add-port=11211/tcp &>/dev/null") system("firewall-cmd --permanent --zone=home --add-port=11211/udp &>/dev/null") + #mongo + system("firewall-cmd --permanent --zone=home --add-port=27017/tcp &>/dev/null") + # Reload firewalld configuration system("firewall-cmd --reload &>/dev/null")