Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Beta fixes #820

Merged
merged 26 commits into from
Feb 8, 2025
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
26 commits
Select commit Hold shift + click to select a range
0db0f0c
Moved System->check_firewall() to Network.
digimer-bot Jan 27, 2025
891bffd
Removing the --machine check when clearing jobs.
digimer-bot Jan 27, 2025
fd01c5e
Fixed XML generation.
digimer-bot Jan 27, 2025
188f256
Changed a job update to print to log also.
digimer-bot Jan 29, 2025
14611d4
Improved handling of servers that can't be stopped.
digimer-bot Jan 29, 2025
66865ee
Started work on System->check_ntp().
digimer-bot Jan 29, 2025
1531250
Finished adding custom NTP server support.
digimer-bot Jan 30, 2025
d3e076c
Updated anvil-manage-server-storage to take --ci-test
digimer-bot Jan 30, 2025
d5b7985
Updated Server->locate() to not try to connect to hosts that are not
digimer-bot Jan 31, 2025
c030ba9
Updated Database->get_lvm_data() to not load deleted LVM data.
digimer-bot Jan 31, 2025
13c752b
Updated System->check_ntp() to use pool instead of Server
digimer-bot Feb 3, 2025
0acae19
Added checks to avoid 'unitialized value' messages for not-yet-created
digimer-bot Feb 3, 2025
75469ec
Fixed a bug where a request to display information was trying to assign
digimer-bot Feb 3, 2025
79578c1
Made all job update prints conditional on if --machine is used.
digimer-bot Feb 3, 2025
b3b54ca
Fixed a bad regex
digimer-bot Feb 3, 2025
1decde4
Fixed server count issue raised in issue #824
digimer-bot Feb 4, 2025
838f35a
Fixed bad strings (missing context and wrong keys).
digimer-bot Feb 4, 2025
6a5f2a3
Updated anvil-join-anvil to use System->check_ntp().
digimer-bot Feb 5, 2025
b90b612
Updated Network->manage_firewall({task => 'check'}) to update the
digimer-bot Feb 6, 2025
76a98e1
Updated Network->manage_firewall to honour sys::firewall::default-zone
digimer-bot Feb 6, 2025
80df15a
Updated Network->manage_firewall to use firewall-cmd instead of editing
digimer-bot Feb 6, 2025
9337c5c
Updated Network->manage_firewall() to assign all interfaces to the
digimer-bot Feb 6, 2025
6936470
Fixes issue #822; Don't try to scan deleted UPSes.
digimer-bot Feb 6, 2025
8665577
Added NTP config support for all hosts.
digimer-bot Feb 6, 2025
0798550
Bumped provision timeout to 120 second.
digimer-bot Feb 7, 2025
7fb5294
Updated Server->shutdown_virsh() to treat empty status as shut off.
digimer-bot Feb 7, 2025
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions Anvil/Tools.pm
Original file line number Diff line number Diff line change
Expand Up @@ -925,6 +925,9 @@ sub _set_defaults
timestamp => "",
use_handle => "",
},
firewall => {
'default-zone' => "IFN1",
},
host_type => "",
host_uuid => "",
language => "en_CA",
Expand Down Expand Up @@ -1076,6 +1079,18 @@ sub _set_defaults
},
},
};
$anvil->data->{network} = {
ntp => {
servers => "",
manage => 1,
},
wait_for_network => {
timeout => 300,
},
wait_on_network => {
timeout => 180,
},
};

return(0);
}
Expand All @@ -1097,6 +1112,7 @@ sub _set_paths
'anvil.debug' => "/etc/anvil/anvil.debug",
'anvil.version' => "/etc/anvil/anvil.version",
'autoindex.conf' => "/etc/httpd/conf.d/autoindex.conf",
'chrony.conf' => "/etc/chrony.conf",
'cib.xml' => "/var/lib/pacemaker/cib/cib.xml",
'corosync.conf' => "/etc/corosync/corosync.conf",
'corosync-authkey' => "/etc/corosync/authkey",
Expand Down
12 changes: 9 additions & 3 deletions Anvil/Tools/Database.pm
Original file line number Diff line number Diff line change
Expand Up @@ -5256,6 +5256,8 @@ SELECT
scan_lvm_pv_sector_size
FROM
scan_lvm_pvs
WHERE
scan_lvm_pv_name != 'DELETED'
;";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { query => $query }});

Expand Down Expand Up @@ -5340,7 +5342,9 @@ SELECT
scan_lvm_vg_size,
scan_lvm_vg_free
FROM
scan_lvm_vgs
scan_lvm_vgs
WHERE
scan_lvm_vg_name != 'DELETED'
;";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { query => $query }});

Expand Down Expand Up @@ -5426,7 +5430,9 @@ SELECT
scan_lvm_lv_path,
scan_lvm_lv_on_pvs
FROM
scan_lvm_lvs
scan_lvm_lvs
WHERE
scan_lvm_lv_name != 'DELETED'
;";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { query => $query }});

Expand Down Expand Up @@ -5728,7 +5734,7 @@ And, to allow for lookup by name;

If the hash was already populated, it is cleared before repopulating to ensure no stale data remains.

B<<Note>>: Deleted devices (ones where C<< manifest_note >> is set to C<< DELETED >>) are ignored. See the C<< include_deleted >> parameter to include them.
B<<Note>>: Deleted manifests (ones where C<< manifest_note >> is set to C<< DELETED >>) are ignored. See the C<< include_deleted >> parameter to include them.

Parameters;

Expand Down
167 changes: 163 additions & 4 deletions Anvil/Tools/Network.pm
Original file line number Diff line number Diff line change
Expand Up @@ -3870,7 +3870,7 @@ sub manage_firewall
# Set defaults that the user can override in anvil.conf
if (not exists $anvil->data->{sys}{firewall}{'default-zone'})
{
$anvil->data->{sys}{firewall}{'default-zone'} = "";
$anvil->data->{sys}{firewall}{'default-zone'} = "IFN1";
}

# What we do next depends on what we're doing.
Expand Down Expand Up @@ -3898,6 +3898,32 @@ sub manage_firewall
# Get a list of zones and the interfaces already in them.
$anvil->Network->_get_existing_zone_interfaces({debug => $debug});

# Change the default zone, if needed.
my $wanted_default_zone = $anvil->data->{sys}{firewall}{'default-zone'};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
wanted_default_zone => $wanted_default_zone,
"firewalld::default_zone" => $anvil->data->{firewalld}{default_zone},
"exists firewall::zone::${wanted_default_zone}" => exists $anvil->data->{firewall}{zone}{$wanted_default_zone} ? 1 : 0,
}});
if (($anvil->data->{firewalld}{default_zone} eq "public") &&
(exists $anvil->data->{firewall}{zone}{$wanted_default_zone}))
{
# Change the default zone.
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "warning_0021"});

my $shell_call = $anvil->data->{path}{exe}{'firewall-cmd'}." --set-default-zone=".$wanted_default_zone;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { shell_call => $shell_call }});
my ($output, $return_code) = $anvil->System->call({debug => $debug, shell_call => $shell_call});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
output => $output,
return_code => $return_code,
}});

# Mark that we need to reload
$reload = 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { reload => $reload }});
}

# What zones do we need, and what zones do we have?
foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{network}{$host_name}{interface}})
{
Expand Down Expand Up @@ -4044,7 +4070,6 @@ sub manage_firewall
# Do any interfaces need to be added to this zone?
foreach my $interface (sort {$a cmp $b} keys %{$anvil->data->{network}{$host_name}{interface}})
{
next if not $anvil->data->{network}{$host_name}{interface}{$interface}{ip};
my $interface_zone = uc(($interface =~ /^(.*?)_/)[0]);
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
interface => $interface,
Expand Down Expand Up @@ -4183,6 +4208,10 @@ sub manage_firewall
}
}

# Check the default zone. If it's 'default', change it either to 'IFN1' or whatever zone the user specified in
$anvil->data->{sys}{firewall}{'current-default-zone'} = "" if not exists $anvil->data->{sys}{firewall}{'current-default-zone'};


$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { reload => $reload }});
if ($reload)
{
Expand Down Expand Up @@ -5259,7 +5288,7 @@ sub _check_firewalld_conf
file => $anvil->data->{path}{configs}{'firewalld.conf'},
force_read => 1,
});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { old_firewalld_conf => $old_firewalld_conf }});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { old_firewalld_conf => $old_firewalld_conf }});

### NOTE: This is ignored in EL9+
# For now, the only thing we want to change is to disable 'AllowZoneDrifting'
Expand All @@ -5268,7 +5297,7 @@ sub _check_firewalld_conf
my $allowzonedrifting_seen = 0;
foreach my $line (split/\n/, $old_firewalld_conf)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { line => $line }});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { line => $line }});
if ($line =~ /^AllowZoneDrifting=(.*)$/)
{
my $old_value = $1;
Expand All @@ -5286,6 +5315,14 @@ sub _check_firewalld_conf
next;
}
}
if ($line =~ /^DefaultZone=(.*)$/)
{
$anvil->data->{firewalld}{default_zone} = $1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"firewalld::default_zone" => $anvil->data->{firewalld}{default_zone},
}});
}

$new_firewalld_conf .= $line."\n";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { new_firewalld_conf => $new_firewalld_conf }});
}
Expand Down Expand Up @@ -6189,4 +6226,126 @@ sub _manage_striker_firewall
return($changes);
}

# Read in the current firewall config
sub _parse_firewall_config
{
my $self = shift;
my $parameter = shift;
my $anvil = $self->parent;
my $debug = defined $parameter->{debug} ? $parameter->{debug} : 3;
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => $debug, key => "log_0125", variables => { method => "Network->_parse_firewall_config()" }});

# Show live or permanent rules? Permanent is default
my $permanent = defined $parameter->{permanent} ? $parameter->{permanent} : 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
permanent => $permanent,
}});

my $say_permanent = $permanent ? " --permanent" : "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { say_permanent => $say_permanent }});


# What's the default zone?
my $shell_call = $anvil->data->{path}{exe}{'firewall-cmd'}.$say_permanent." --get-default-zone";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { shell_call => $shell_call }});

($anvil->data->{sys}{firewall}{'current-default-zone'}, my $return_code) = $anvil->System->call({debug => $debug, shell_call => $shell_call});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
"sys::firewall::current-default-zone" => $anvil->data->{sys}{firewall}{'current-default-zone'},
return_code => $return_code,
}});

# Now load the zone data.
$shell_call = $anvil->data->{path}{exe}{'firewall-cmd'}.$say_permanent." --list-all-zones";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { shell_call => $shell_call }});

my $zone = "";
my $active_state = "";
my ($firewall_data, undef) = $anvil->System->call({debug => $debug, shell_call => $shell_call});
foreach my $line (split/\n/, $firewall_data)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
's1:zone' => $zone,
's2:line' => $line,
}});

if ($line =~ /^(\w.*)$/)
{
$zone = $1;
$active_state = "inactive";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { zone => $zone }});
if ($line =~ /^(\w+) \((.*?)\)/)
{
$zone = $1;
$active_state = $2;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
zone => $zone,
active_state => $active_state,
}});
}

$anvil->data->{firewall}{zone}{$zone}{active} = $active_state;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
"firewall::zone::${zone}::active" => $anvil->data->{firewall}{zone}{$zone}{active},
}});
}
elsif ($zone)
{
if ((not $line) or ($line =~ /^\s+$/))
{
# Done reading this zone, record.
my $interfaces = defined $anvil->data->{firewall}{zone}{$zone}{variable}{interfaces} ? $anvil->data->{firewall}{zone}{$zone}{variable}{interfaces} : "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
zone => $zone,
interfaces => $interfaces,
}});
foreach my $interface (split/ /, $interfaces)
{
$anvil->data->{firewall}{interface}{$interface}{zone} = $zone;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
"firewall::interface::${interface}::zone" => $anvil->data->{firewall}{interface}{$interface}{zone},
}});
}

$zone = "";
$active_state = "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
zone => $zone,
active_state => $active_state,
}});
}
elsif (($active_state) && ($line =~ /(\S.*?):(.*)$/))
{
my $variable = $1;
my $value = $2;
$variable =~ s/^\s+//;
$variable =~ s/\s+$//;
$value =~ s/^\s+//;
$value =~ s/\s+$//;
$anvil->data->{firewall}{zone}{$zone}{variable}{$variable} = $value;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
"s1:line" => $line,
"s2:firewall::zone::${zone}::variable::${variable}" => $anvil->data->{firewall}{zone}{$zone}{variable}{$variable},
}});
}
}
}

foreach my $zone (sort {$a cmp $b} keys %{$anvil->data->{firewall}{zone}})
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
's1:zone' => $zone,
's2:active' => $anvil->data->{firewall}{zone}{$zone}{active},
}});
foreach my $variable (sort {$a cmp $b} keys %{$anvil->data->{firewall}{zone}{$zone}{variable}})
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
$variable => $anvil->data->{firewall}{zone}{$zone}{variable}{$variable},
}});
}
}

return(0);
}

1;
13 changes: 12 additions & 1 deletion Anvil/Tools/Server.pm
Original file line number Diff line number Diff line change
Expand Up @@ -1554,14 +1554,25 @@ sub locate
my $host_uuid = $anvil->data->{sys}{hosts}{by_name}{$host_name};
my $host_type = $anvil->data->{hosts}{host_uuid}{$host_uuid}{host_type};
my $short_host_name = $anvil->data->{hosts}{host_uuid}{$host_uuid}{short_host_name};
my $host_status = $anvil->data->{hosts}{host_uuid}{$host_uuid}{host_status};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
's1:host_name' => $host_name,
's2:host_uuid' => $host_uuid,
's3:host_type' => $host_type,
's4:short_host_name' => $short_host_name,
's5:host_status' => $host_status,
}});
next if $host_type eq "striker";

if (($host_status eq "powered off") or
($host_status eq "rebooting") or
($host_status eq "stopping") or
($host_status eq "booting"))
{
# Connections would likely timeout, so skip.
next;
}

if ($anvil_uuid)
{
# Skip if this isn't a host we're searching.
Expand Down Expand Up @@ -2869,7 +2880,7 @@ sub shutdown_virsh
{
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, key => "log_0425", variables => { server => $server }});
}
if ($status eq "shut off")
if (($status eq "shut off") or ($status eq ""))
{
# Already off.
$success = 1;
Expand Down
Loading