Skip to content

Commit b4cbdd4

Browse files
jameshensmancitrixjameshensmancitrix
committed
CP-40754 The firewall-port script returns true if port 80 is blocked and false if it is closed, this is captured in set_https_only to update the DB based on the tate of the network not the requested setting should there be a failure
Signed-off-by: jameshensmancitrix <james.hensman@citrix.com>
1 parent 0ac90b0 commit b4cbdd4

File tree

2 files changed

+31
-3
lines changed

2 files changed

+31
-3
lines changed

ocaml/xapi/dbsync_slave.ml

Lines changed: 21 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -81,6 +81,8 @@ let get_start_time () =
8181

8282
(* not sufficient just to fill in this data on create time [Xen caps may change if VT enabled in BIOS etc.] *)
8383

84+
(* may raise Scan_failure *)
85+
8486
(** Update the information in the Host structure *)
8587
let refresh_localhost_info ~__context info =
8688
let host = !Xapi_globs.localhost_ref in
@@ -122,8 +124,25 @@ let refresh_localhost_info ~__context info =
122124
~key:Xapi_globs.host_no_local_storage ~value:"true"
123125
) else
124126
Db.Host.remove_from_other_config ~__context ~self:host
125-
~key:Xapi_globs.host_no_local_storage
126-
127+
~key:Xapi_globs.host_no_local_storage ;
128+
let script_output =
129+
Helpers.call_script !Xapi_globs.firewall_port_config_script ["check"; "80"]
130+
in
131+
try
132+
let network_state = Scanf.sscanf script_output "Port 80 open: %B" Fun.id in
133+
Db.Host.set_https_only ~__context ~self:host ~value:network_state
134+
with _ ->
135+
raise
136+
Api_errors.(
137+
Server_error
138+
( internal_error
139+
, [
140+
Printf.sprintf
141+
"unexpected output from /etc/xapi.d/plugins/firewall-port: %s"
142+
script_output
143+
]
144+
)
145+
)
127146
(*************** update database tools ******************)
128147

129148
(** Record host memory properties in database *)

scripts/plugins/firewall-port

Lines changed: 10 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,10 +47,19 @@ case "${OP}" in
4747
service iptables save
4848
fi
4949
;;
50+
check)
51+
if [[ -z `iptables -S $CHAIN | grep " $PORT "` ]]
52+
then
53+
echo "Port $PORT open: true"
54+
else
55+
echo "Port $PORT open: false"
56+
fi
57+
;;
5058
*)
51-
echo $"Usage: $0 {open|close} {port} {protocol}" 1>&2
59+
echo $"Usage: $0 {open|close|check} {port} {protocol}" 1>&2
5260
exit 1
5361
;;
5462
esac
63+
5564
exit 0
5665

0 commit comments

Comments
 (0)