Skip to content

Commit

Permalink
Collect telemetry for firewall settings changed (#3110)
Browse files Browse the repository at this point in the history 
Co-authored-by: narrieta <narrieta>
  • Loading branch information
@narrieta
narrieta authored Apr 26, 2024
1 parent 6e85414 commit 468cf81
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 5 deletions.
1 change: 1 addition & 0 deletions azurelinuxagent/common/event.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,7 @@ class WALAEventOperation:
ReportEventUnicodeErrors = "ReportEventUnicodeErrors"
ReportStatus = "ReportStatus"
ReportStatusExtended = "ReportStatusExtended"
ResetFirewall = "ResetFirewall"
Restart = "Restart"
SequenceNumberMismatch = "SequenceNumberMismatch"
SetCGroupsLimits = "SetCGroupsLimits"
Expand Down
25 changes: 20 additions & 5 deletions azurelinuxagent/ga/env.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,6 +104,7 @@ def __init__(self, osutil, protocol):
self._osutil = osutil
self._protocol = protocol
self._try_remove_legacy_firewall_rule = False
self._is_first_setup = True

def _operation(self):
# If the rules ever change we must reset all rules and start over again.
Expand All @@ -117,13 +118,19 @@ def _operation(self):
self._osutil.remove_legacy_firewall_rule(dst_ip=self._protocol.get_endpoint())
self._try_remove_legacy_firewall_rule = True

success, is_firewall_rules_updated = self._osutil.enable_firewall(dst_ip=self._protocol.get_endpoint(),
uid=os.getuid())
firewall_state = self._get_firewall_state()

success, is_firewall_rules_updated = self._osutil.enable_firewall(dst_ip=self._protocol.get_endpoint(), uid=os.getuid())

if is_firewall_rules_updated:
msg = "Successfully added Azure fabric firewall rules. Current Firewall rules:\n{0}".format(self._osutil.get_firewall_list())
logger.info(msg)
add_event(AGENT_NAME, version=CURRENT_VERSION, op=WALAEventOperation.Firewall, message=msg, log_event=False)
if self._is_first_setup:
msg = "Created Azure fabric firewall rules:\n{0}".format(self._get_firewall_state())
logger.info(msg)
add_event(op=WALAEventOperation.Firewall, message=msg)
else:
msg = "Reset Azure fabric firewall rules.\nInitial state:\n{0}\nCurrent state:\n{1}".format(firewall_state, self._get_firewall_state())
logger.info(msg)
add_event(op=WALAEventOperation.ResetFirewall, message=msg)

add_periodic(
logger.EVERY_HOUR,
Expand All @@ -133,6 +140,14 @@ def _operation(self):
is_success=success,
log_event=False)

self._is_first_setup = False

def _get_firewall_state(self):
try:
return self._osutil.get_firewall_list()
except Exception as e:
return "Failed to get the firewall state: {0}".format(ustr(e))


class LogFirewallRules(PeriodicOperation):
"""
Expand Down

0 comments on commit 468cf81

Please sign in to comment.