File tree 5 files changed +73
-19
lines changed
5 files changed +73
-19
lines changed Original file line number Diff line number Diff line change @@ -126,8 +126,15 @@ let refresh_localhost_info ~__context info =
126126 ) else
127127 Db.Host. remove_from_other_config ~__context ~self: host
128128 ~key: Xapi_globs. host_no_local_storage ;
129+ let options =
130+ match Helpers. get_management_iface_primary_address_type ~__context with
131+ | `IPv4 ->
132+ [" check" " 80"
133+ | `IPv6 ->
134+ [" -6" " check" " 80"
135+ in
129136 let script_output =
130- Helpers. call_script ! Xapi_globs. firewall_port_config_script [ " check " ; " 80 " ]
137+ Helpers. call_script ! Xapi_globs. firewall_port_config_script options
131138 in
132139 try
133140 let network_state = Scanf. sscanf script_output " Port 80 open: %B" Fun. id in
Original file line number Diff line number Diff line change @@ -150,6 +150,18 @@ let get_management_ip_addr ~__context =
150150 let dbg = Context. string_of_task __context in
151151 Option. map fst (Networking_info. get_management_ip_addr ~dbg )
152152
153+ let get_management_interface ~__context ~host =
154+ let pifs =
155+ Db.PIF. get_refs_where ~__context
156+ ~expr:
157+ (And
158+ ( Eq (Field " host" Literal (Ref. string_of host))
159+ , Eq (Field " management" Literal " true"
160+ )
161+ )
162+ in
163+ match pifs with [] -> raise Not_found | pif :: _ -> pif
164+
153165let get_localhost_uuid () =
154166 Xapi_inventory. lookup Xapi_inventory. _installation_uuid
155167
@@ -165,6 +177,11 @@ let get_localhost ~__context =
165177 | true ->
166178 get_localhost_uncached ~__context
167179
180+ let get_management_iface_primary_address_type ~__context =
181+ let host = get_localhost ~__context in
182+ let management_pif = get_management_interface ~__context ~host in
183+ Db.PIF. get_primary_address_type ~__context ~self: management_pif
184+
168185(* Determine the gateway and DNS PIFs:
169186 * If one of the PIFs with IP has other_config:defaultroute=true, then
170187 * pick this one as gateway PIF. If there are multiple, pick a random one of these.
Original file line number Diff line number Diff line change @@ -796,10 +796,20 @@ let bring_pif_up ~__context ?(management_interface = false) (pif : API.ref_PIF)
796796 | `vxlan ->
797797 debug
798798 " Opening VxLAN UDP port for tunnel with protocol 'vxlan'"
799+ let options =
800+ match
801+ Helpers. get_management_iface_primary_address_type
802+ ~__context
803+ with
804+ | `IPv4 ->
805+ [" open" " 4789" " udp"
806+ | `IPv6 ->
807+ [" -6" " open" " 4789" " udp"
808+ in
799809 ignore
800810 @@ Helpers. call_script
801811 ! Xapi_globs. firewall_port_config_script
802- [ " open " ; " 4789 " ; " udp " ]
812+ options
803813 | `gre ->
804814 ()
805815 )
@@ -857,6 +867,16 @@ let bring_pif_down ~__context ?(force = false) (pif : API.ref_PIF) =
857867 in
858868 if no_more_vxlan then (
859869 debug " Last VxLAN tunnel was closed, closing VxLAN UDP port"
870+ let options =
871+ match
872+ Helpers. get_management_iface_primary_address_type
873+ ~__context
874+ with
875+ | `IPv4 ->
876+ [" close" " 4789" " udp"
877+ | `IPv6 ->
878+ [" -6" " close" " 4789" " udp"
879+ in
860880 ignore
861881 @@ Helpers. call_script
862882 ! Xapi_globs. firewall_port_config_script
Original file line number Diff line number Diff line change @@ -274,9 +274,18 @@ module Daemon = struct
274274 raise Api_errors. (Server_error (not_implemented, [" Cluster.create"
275275 ) ;
276276 ( try
277+ let options =
278+ match
279+ Helpers. get_management_iface_primary_address_type ~__context
280+ with
281+ | `IPv4 ->
282+ [" open"
283+ | `IPv6 ->
284+ [" -6" " open"
285+ in
277286 maybe_call_script ~__context
278287 ! Xapi_globs. firewall_port_config_script
279- [ " open " ; port] ;
288+ options ;
280289 maybe_call_script ~__context ! Xapi_globs. systemctl [" enable"
281290 maybe_call_script ~__context ! Xapi_globs. systemctl [" start"
282291 with _ ->
@@ -295,9 +304,14 @@ module Daemon = struct
295304 Atomic. set enabled false ;
296305 maybe_call_script ~__context ! Xapi_globs. systemctl [" disable"
297306 maybe_call_script ~__context ! Xapi_globs. systemctl [" stop"
298- maybe_call_script ~__context
299- ! Xapi_globs. firewall_port_config_script
300- [" close"
307+ let options =
308+ match Helpers. get_management_iface_primary_address_type ~__context with
309+ | `IPv4 ->
310+ [" close"
311+ | `IPv6 ->
312+ [" -6" " close"
313+ in
314+ maybe_call_script ~__context ! Xapi_globs. firewall_port_config_script options ;
301315 debug " Cluster daemon: disabled & stopped"
302316
303317 let restart ~__context =
Original file line number Diff line number Diff line change @@ -1221,16 +1221,7 @@ let syslog_reconfigure ~__context ~host:_ =
12211221 ()
12221222
12231223let get_management_interface ~__context ~host =
1224- let pifs =
1225- Db.PIF. get_refs_where ~__context
1226- ~expr:
1227- (And
1228- ( Eq (Field " host" Literal (Ref. string_of host))
1229- , Eq (Field " management" Literal " true"
1230- )
1231- )
1232- in
1233- match pifs with [] -> raise Not_found | pif :: _ -> pif
1224+ Helpers. get_management_interface ~__context ~host
12341225
12351226let change_management_interface ~__context interface primary_address_type =
12361227 debug " Changing management interface"
@@ -3045,10 +3036,15 @@ let set_https_only ~__context ~self ~value =
30453036 let state = match value with true -> " close" | false -> " open" in
30463037 match cc_prep () with
30473038 | false ->
3039+ let options =
3040+ match Helpers. get_management_iface_primary_address_type ~__context with
3041+ | `IPv4 ->
3042+ [state; " 80"
3043+ | `IPv6 ->
3044+ [" -6" " 80"
3045+ in
30483046 ignore
3049- @@ Helpers. call_script
3050- ! Xapi_globs. firewall_port_config_script
3051- [state; " 80"
3047+ @@ Helpers. call_script ! Xapi_globs. firewall_port_config_script options ;
30523048 Db.Host. set_https_only ~__context ~self ~value
30533049 | true when value = Db.Host. get_https_only ~__context ~self ->
30543050 (* the new value is the same as the old value *)
You can’t perform that action at this time.
0 commit comments