[LON-CAPA-cvs] cvs: doc /install/linux install.pl

raeburn raeburn at source.lon-capa.org
Sun May 26 18:19:36 EDT 2019


raeburn		Sun May 26 22:19:36 2019 EDT

  Modified files:              
    /doc/install/linux	install.pl 
  Log:
  - When checking firewall status for distros which use firewalld, get default
    zone when firewalld is in use.
  
  
Index: doc/install/linux/install.pl
diff -u doc/install/linux/install.pl:1.52 doc/install/linux/install.pl:1.53
--- doc/install/linux/install.pl:1.52	Tue Feb 19 19:22:36 2019
+++ doc/install/linux/install.pl	Sun May 26 22:19:35 2019
@@ -77,7 +77,7 @@
           &mt('Stopping execution.')."\n";
     exit;
 } else {
-    print LOG '$Id: install.pl,v 1.52 2019/02/19 19:22:36 raeburn Exp $'."\n";
+    print LOG '$Id: install.pl,v 1.53 2019/05/26 22:19:35 raeburn Exp $'."\n";
 }
 
 #
@@ -833,7 +833,7 @@
 
 sub uses_firewalld {
     my ($distro) = @_;
-    my ($inuse, $checkfirewalld);
+    my ($inuse,$checkfirewalld,$zone);
     if ($distro =~ /^(suse|sles)([\d\.]+)$/) {
         if (($1 eq 'sles') && ($2 >= 15)) {
             $checkfirewalld = 1;
@@ -863,9 +863,18 @@
         }
         if (($loaded eq 'loaded') || ($active eq 'active')) {
             $inuse = 1;
+            my $cmd = 'firewall-cmd --get-default-zone';
+            if (open(PIPE,"$cmd |")) {
+                my $result = <PIPE>;
+                chomp($result);
+                close(PIPE);
+                if ($result =~ /^\w+$/) {
+                    $zone = $result;
+                }
+            }
         }
     }
-    return $inuse;
+    return ($inuse,$zone);
 }
 
 sub chkfirewall {
@@ -876,19 +885,20 @@
                     https => 443,
                 );
     my %activefw;
-    if (&firewall_is_active()) {
-        if (&uses_firewalld($distro)) {
-            my %current;
-            if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
-                my $svc = <PIPE>;
-                close(PIPE);
-                chomp($svc);
-                map { $current{$_} = 1; } (split(/\s+/,$svc));
-            }
-            if ($current{'http'} && $current{'https'}) {
-                $configfirewall = 0;
-            }
-        } else {
+    my ($firewalld,$zone) = &uses_firewalld($distro);
+    if ($firewalld) {
+        my %current;
+        if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) {
+            my $svc = <PIPE>;
+            close(PIPE);
+            chomp($svc);
+            map { $current{$_} = 1; } (split(/\s+/,$svc));
+        }
+        if ($current{'http'} && $current{'https'}) {
+            $configfirewall = 0;
+        }
+    } else {
+        if (&firewall_is_active()) {
             my $iptables = &get_pathto_iptables();
             if ($iptables eq '') {
                 print &mt('Firewall not checked as path to iptables not determined.')."\n";
@@ -910,9 +920,9 @@
                     print &mt('Firewall not checked as iptables Chains not identified.')."\n";
                 }
             }
+        } else {
+            print &mt('Firewall not enabled.')."\n";
         }
-    } else {
-        print &mt('Firewall not enabled.')."\n";
     }
     return ($configfirewall,\%activefw);
 }
@@ -2023,9 +2033,10 @@
 }
 
 if ($callsub{'firewall'}) {
-    if (&uses_firewalld($distro)) {
+    my ($firewalld,$zone) = &uses_firewalld($distro);
+    if ($firewalld) {
         my (%current,%added);
-        if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+        if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) {
             my $svc = <PIPE>;
             close(PIPE);
             chomp($svc);
@@ -2033,7 +2044,7 @@
         }
         foreach my $service ('http','https') {
             unless ($current{$service}) {
-                if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) {
+                if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) {
                     my $result = <PIPE>;
                     if ($result =~ /^success/) {
                         $added{$service} = 1;
@@ -2051,7 +2062,7 @@
         }
         unless ($current{'ssh'}) {
             print &mt('If you would the like to allow access to ssh from outside, use the command[_1].',
-                  'firewall-cmd --permanent --zone=public --add-service=ssh')."\n";
+                  "firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n";
         }
     } elsif ($distro =~ /^(suse|sles)/) {
         print &mt('Use [_1] to configure the firewall to allow access for [_2].',
@@ -2078,9 +2089,19 @@
                   'system-config-firewall-tui -- Customize',
                   'ssh, http')."\n";
     } else {
-        print &mt('Use [_1] to configure the firewall to allow access for [_2].',
-                  'setup -- Firewall configuration -> Customize',
-                  'ssh, http, https')."\n";
+        my $version;
+        if ($distro =~ /^(redhat|centos)(\d+)$/) {
+            $version = $1;
+        }
+        if ($version > 5) {
+            print &mt('Use [_1] to configure the firewall to allow access for [_2].',
+                  'system-config-firewall-tui -- Customize',
+                  'ssh, http')."\n";
+        } else {
+            print &mt('Use [_1] to configure the firewall to allow access for [_2].',
+                      'setup -- Firewall configuration -> Customize',
+                      'ssh, http, https')."\n";
+        }
     }
 } else {
     &print_and_log(&mt('Skipping Firewall configuration.')."\n");




More information about the LON-CAPA-cvs mailing list