[LON-CAPA-cvs] cvs: loncom / lciptables loncron
raeburn
raeburn@source.lon-capa.org
Thu, 11 Jun 2009 00:15:27 -0000
raeburn Thu Jun 11 00:15:27 2009 EDT
Added files:
/loncom lciptables
Modified files:
/loncom loncron
Log:
loncron updates firewall access to lond port (5663) when connections are updated.
- uses lciptables (setuid script which calls routines in LONCAPA::Firewall.pm).
- list of IPs of hosts in cluster stored in temporary file, so
lciptables does not need to load lonnet.pm
(contains inadmissable commands in setuid context).
Index: loncom/loncron
diff -u loncom/loncron:1.80 loncom/loncron:1.81
--- loncom/loncron:1.80 Wed Apr 22 09:41:21 2009
+++ loncom/loncron Thu Jun 11 00:15:27 2009
@@ -2,7 +2,7 @@
# Housekeeping program, started by cron, loncontrol and loncron.pl
#
-# $Id: loncron,v 1.80 2009/04/22 09:41:21 www Exp $
+# $Id: loncron,v 1.81 2009/06/11 00:15:27 raeburn Exp $
#
# Copyright Michigan State University Board of Trustees
#
@@ -674,6 +674,24 @@
&Apache::lonnet::load_domain_tab(1);
&Apache::lonnet::get_iphost(1);
+# ----------------------------------------- Force firewall update for lond port
+
+ if ((!$justcheckdaemons) && (!$justreload)) {
+ my $now = time;
+ my $tmpfile = $perlvar{'lonDaemons'}.'/tmp/lciptables_iphost_'.
+ $now.$$.int(rand(10000));
+ if (open(my $fh,">$tmpfile")) {
+ my %iphosts = &Apache::lonnet::get_iphost();
+ foreach my $key (keys(%iphosts)) {
+ print $fh "$key\n";
+ }
+ close($fh);
+ my $execpath = $perlvar{'lonDaemons'}.'/lciptables';
+ system("$execpath $tmpfile");
+ unlink($fh);
+ }
+ }
+
# ---------------------------------------------------------------- Start report
$errors=0;