cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From anthon...@apache.org
Subject git commit: CS-16254: passwd_server listen on every interface, but only guest interface is enabled for that port
Date Sat, 08 Sep 2012 00:10:47 GMT
Updated Branches:
  refs/heads/master 33fdcf104 -> 4a0e645e2


  CS-16254:
         passwd_server listen on every interface, but only guest interface is enabled for
that port


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/4a0e645e
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/4a0e645e
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/4a0e645e

Branch: refs/heads/master
Commit: 4a0e645e28d3a0c1fb563ce9c0070225cd9be4c9
Parents: 33fdcf1
Author: Anthony Xu <anthony@cloud.com>
Authored: Fri Sep 7 17:10:54 2012 -0700
Committer: Anthony Xu <anthony@cloud.com>
Committed: Fri Sep 7 17:10:54 2012 -0700

----------------------------------------------------------------------
 .../debian/config/opt/cloud/bin/passwd_server      |    3 +--
 .../debian/config/opt/cloud/bin/vpc_guestnw.sh     |    6 ++++++
 2 files changed, 7 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/4a0e645e/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
index 596715e..7e93b67 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
+++ b/patches/systemvm/debian/config/opt/cloud/bin/passwd_server
@@ -1,11 +1,10 @@
 #!/bin/bash
 
 . /etc/default/cloud-passwd-srvr
-guestIp=$(ifconfig eth0 | grep 'inet addr:' | cut -d: -f2 | awk '{ print $1}')
 
 while [ "$ENABLED" == "1" ]
 do
-	socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=$guestIp SYSTEM:"/opt/cloud/bin/serve_password.sh
\"\$SOCAT_PEERADDR\""
+	socat -lf /var/log/cloud.log TCP4-LISTEN:8080,reuseaddr,crnl,bind=0.0.0.0 SYSTEM:"/opt/cloud/bin/serve_password.sh
\"\$SOCAT_PEERADDR\""
 
 	rc=$?
 	if [ $rc -ne 0 ]

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/4a0e645e/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
----------------------------------------------------------------------
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
index cb98fd4..ee9960c 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/vpc_guestnw.sh
@@ -124,6 +124,10 @@ create_guest_network() {
   sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
   sudo iptables -A INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
   sudo iptables -A INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
+  sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
+  sudo iptables -A INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
   # restore mark from  connection mark
   local tableName="Table_$dev"
   sudo ip route add $subnet/$mask dev $dev table $tableName proto static
@@ -141,6 +145,8 @@ destroy_guest_network() {
   sudo ip addr del dev $dev $ip/$mask
   sudo iptables -D INPUT -i $dev -p udp -m udp --dport 67 -j ACCEPT
   sudo iptables -D INPUT -i $dev -p udp -m udp --dport 53 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 8080 -j ACCEPT
+  sudo iptables -D INPUT -i $dev -p tcp -m state --state NEW --dport 80 -j ACCEPT
   sudo iptables -t mangle -D PREROUTING -i $dev -m state --state ESTABLISHED,RELATED -j CONNMARK
--restore-mark
   sudo iptables -t nat -A POSTROUTING -s $subnet/$mask -o $dev -j SNAT --to-source $ip
   destroy_acl_chain


Mime
View raw message