[LON-CAPA-cvs] cvs: doc /install/linux install.pl
raeburn
raeburn at source.lon-capa.org
Sun May 26 18:19:36 EDT 2019
raeburn Sun May 26 22:19:36 2019 EDT
Modified files:
/doc/install/linux install.pl
Log:
- When checking firewall status for distros which use firewalld, get default
zone when firewalld is in use.
Index: doc/install/linux/install.pl
diff -u doc/install/linux/install.pl:1.52 doc/install/linux/install.pl:1.53
--- doc/install/linux/install.pl:1.52 Tue Feb 19 19:22:36 2019
+++ doc/install/linux/install.pl Sun May 26 22:19:35 2019
@@ -77,7 +77,7 @@
&mt('Stopping execution.')."\n";
exit;
} else {
- print LOG '$Id: install.pl,v 1.52 2019/02/19 19:22:36 raeburn Exp $'."\n";
+ print LOG '$Id: install.pl,v 1.53 2019/05/26 22:19:35 raeburn Exp $'."\n";
}
#
@@ -833,7 +833,7 @@
sub uses_firewalld {
my ($distro) = @_;
- my ($inuse, $checkfirewalld);
+ my ($inuse,$checkfirewalld,$zone);
if ($distro =~ /^(suse|sles)([\d\.]+)$/) {
if (($1 eq 'sles') && ($2 >= 15)) {
$checkfirewalld = 1;
@@ -863,9 +863,18 @@
}
if (($loaded eq 'loaded') || ($active eq 'active')) {
$inuse = 1;
+ my $cmd = 'firewall-cmd --get-default-zone';
+ if (open(PIPE,"$cmd |")) {
+ my $result = <PIPE>;
+ chomp($result);
+ close(PIPE);
+ if ($result =~ /^\w+$/) {
+ $zone = $result;
+ }
+ }
}
}
- return $inuse;
+ return ($inuse,$zone);
}
sub chkfirewall {
@@ -876,19 +885,20 @@
https => 443,
);
my %activefw;
- if (&firewall_is_active()) {
- if (&uses_firewalld($distro)) {
- my %current;
- if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
- my $svc = <PIPE>;
- close(PIPE);
- chomp($svc);
- map { $current{$_} = 1; } (split(/\s+/,$svc));
- }
- if ($current{'http'} && $current{'https'}) {
- $configfirewall = 0;
- }
- } else {
+ my ($firewalld,$zone) = &uses_firewalld($distro);
+ if ($firewalld) {
+ my %current;
+ if (open(PIPE,'firewall-cmd --permanent --zone='.$zone.' --list-services |')) {
+ my $svc = <PIPE>;
+ close(PIPE);
+ chomp($svc);
+ map { $current{$_} = 1; } (split(/\s+/,$svc));
+ }
+ if ($current{'http'} && $current{'https'}) {
+ $configfirewall = 0;
+ }
+ } else {
+ if (&firewall_is_active()) {
my $iptables = &get_pathto_iptables();
if ($iptables eq '') {
print &mt('Firewall not checked as path to iptables not determined.')."\n";
@@ -910,9 +920,9 @@
print &mt('Firewall not checked as iptables Chains not identified.')."\n";
}
}
+ } else {
+ print &mt('Firewall not enabled.')."\n";
}
- } else {
- print &mt('Firewall not enabled.')."\n";
}
return ($configfirewall,\%activefw);
}
@@ -2023,9 +2033,10 @@
}
if ($callsub{'firewall'}) {
- if (&uses_firewalld($distro)) {
+ my ($firewalld,$zone) = &uses_firewalld($distro);
+ if ($firewalld) {
my (%current,%added);
- if (open(PIPE,'firewall-cmd --permanent --zone=public --list-services |')) {
+ if (open(PIPE,"firewall-cmd --permanent --zone=$zone --list-services |")) {
my $svc = <PIPE>;
close(PIPE);
chomp($svc);
@@ -2033,7 +2044,7 @@
}
foreach my $service ('http','https') {
unless ($current{$service}) {
- if (open(PIPE,"firewall-cmd --permanent --zone=public --add-service=$service |")) {
+ if (open(PIPE,"firewall-cmd --permanent --zone=$zone --add-service=$service |")) {
my $result = <PIPE>;
if ($result =~ /^success/) {
$added{$service} = 1;
@@ -2051,7 +2062,7 @@
}
unless ($current{'ssh'}) {
print &mt('If you would the like to allow access to ssh from outside, use the command[_1].',
- 'firewall-cmd --permanent --zone=public --add-service=ssh')."\n";
+ "firewall-cmd --permanent --zone=$zone --add-service=ssh")."\n";
}
} elsif ($distro =~ /^(suse|sles)/) {
print &mt('Use [_1] to configure the firewall to allow access for [_2].',
@@ -2078,9 +2089,19 @@
'system-config-firewall-tui -- Customize',
'ssh, http')."\n";
} else {
- print &mt('Use [_1] to configure the firewall to allow access for [_2].',
- 'setup -- Firewall configuration -> Customize',
- 'ssh, http, https')."\n";
+ my $version;
+ if ($distro =~ /^(redhat|centos)(\d+)$/) {
+ $version = $1;
+ }
+ if ($version > 5) {
+ print &mt('Use [_1] to configure the firewall to allow access for [_2].',
+ 'system-config-firewall-tui -- Customize',
+ 'ssh, http')."\n";
+ } else {
+ print &mt('Use [_1] to configure the firewall to allow access for [_2].',
+ 'setup -- Firewall configuration -> Customize',
+ 'ssh, http, https')."\n";
+ }
}
} else {
&print_and_log(&mt('Skipping Firewall configuration.')."\n");
More information about the LON-CAPA-cvs
mailing list