Skip to content

Commit

Permalink
fix(monitor_setup): disable firewall on monitor node for RHEL distro
Browse files Browse the repository at this point in the history 
Firewall should be disabled for RHEL-like distributions. Otherwise, it
blocks incoming requests to 3000 monitoring node (1).

The same operation has been already implemented for db nodes setup and
only refactored here.

refs:
#1: scylladb#9630
  • Loading branch information
@mikliapko @fruch
mikliapko authored and fruch committed Jan 2, 2025
1 parent 6fbb00f commit 4cc0b7f
Showing 1 changed file with 12 additions and 4 deletions.
16 changes: 12 additions & 4 deletions sdcm/cluster.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3157,6 +3157,12 @@ def wait_node_fully_start(self, verbose=True, timeout=3600):
self.log.info('Waiting for native_transport to be ready')
self.wait_native_transport()

def disable_firewall(self) -> None:
self.remoter.sudo('systemctl stop iptables', ignore_status=True)
self.remoter.sudo('systemctl disable iptables', ignore_status=True)
self.remoter.sudo('systemctl stop firewalld', ignore_status=True)
self.remoter.sudo('systemctl disable firewalld', ignore_status=True)


class FlakyRetryPolicy(RetryPolicy):

Expand Down Expand Up @@ -4645,11 +4651,9 @@ def scylla_configure_non_root_installation(self, node, devname):

def node_setup(self, node: BaseNode, verbose: bool = False, timeout: int = 3600): # pylint: disable=too-many-branches,too-many-statements,too-many-locals # noqa: PLR0912, PLR0914
node.wait_ssh_up(verbose=verbose, timeout=timeout)

if node.distro.is_rhel_like:
node.remoter.sudo('systemctl stop iptables', ignore_status=True)
node.remoter.sudo('systemctl disable iptables', ignore_status=True)
node.remoter.sudo('systemctl stop firewalld', ignore_status=True)
node.remoter.sudo('systemctl disable firewalld', ignore_status=True)
node.disable_firewall()

if self.params.get('logs_transport') == 'ssh':
node.install_package('python3')
Expand Down Expand Up @@ -5486,6 +5490,10 @@ def sct_dashboard_json_file_content_update(update_params: dict, json_file: str):
def node_setup(self, node, **kwargs): # pylint: disable=unused-argument
self.log.info('TestConfig in BaseMonitorSet')
node.wait_ssh_up()

if node.distro.is_rhel_like:
node.disable_firewall()

node.disable_daily_triggered_services()
# update repo cache and system after system is up
node.update_repo_cache()
Expand Down

0 comments on commit 4cc0b7f

Please sign in to comment.