Merge branch 'master' into feature/#18850_add_internal_virtual_ips

redBorder · Dec 9, 2024 · c5bd32f · c5bd32f
2 parents 564e6fc + 840b139
commit c5bd32f
Show file tree

Hide file tree

Showing 6 changed files with 19 additions and 67 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,11 @@
 cookbook-rb-manager CHANGELOG
 ===============
 
+## 4.6.3
+
+  - Nils
+    - Add cookbook for firewall
+
 ## 4.6.2
 
   - Juan Soto

diff --git a/resources/attributes/default.rb b/resources/attributes/default.rb
@@ -160,6 +160,7 @@
 default['redborder']['services']['snmp']                      = true
 default['redborder']['services']['webui']                     = false
 default['redborder']['services']['zookeeper']                 = false
+default['redborder']['services']['firewall']                  = true
 
 default['redborder']['systemdservices']['chef-client']              = ['chef-client']
 default['redborder']['systemdservices']['chef-server']              = ['opscode-erchef']
@@ -202,6 +203,7 @@
 default['redborder']['systemdservices']['snmp']                     = ['snmpd']
 default['redborder']['systemdservices']['webui']                    = ['webui']
 default['redborder']['systemdservices']['zookeeper']                = ['zookeeper']
+default['redborder']['systemdservices']['firewall']                 = ['firewalld']
 
 default['redborder']['manager']['balanced'] = [ { port: 443, protocol: 'tcp', name: 'redborder webui', service: 'webui', redirected_service: 'nginx', persistence_timeout: 9600 }, { port: 2055, protocol: 'udp', name: 'netflow,ipfix/sflow daemon', service: 'f2k', redirected_service: 'f2k', persistence_timeout: 30 }, { port: 6343, protocol: 'udp', name: 'sflow daemon', service: 'sfacctd', redirected_service: 'sfacctd', persistence_timeout: 30 }, { port: 9092, protocol: 'tcp', name: 'kafka', service: 'kafka', redirected_service: 'kafka', persistence_timeout: 30 } ]
 

diff --git a/resources/libraries/open_kafka_port.rb b/resources/libraries/open_kafka_port.rb
diff --git a/resources/metadata.rb b/resources/metadata.rb
@@ -5,7 +5,7 @@
 maintainer_email '[email protected]'
 license          'AGPL-3.0'
 description      'Installs/Configures redborder manager'
-version          '4.6.2'
+version          '4.6.3'
 
 depends 'rb-common'
 depends 'chef-server'
@@ -47,3 +47,4 @@
 depends 'keepalived'
 depends 'mem2incident'
 depends 'rb-ai'
+depends 'rb-firewall'
diff --git a/resources/recipes/configure.rb b/resources/recipes/configure.rb
@@ -43,6 +43,16 @@
   retries 2
 end
 
+rb_firewall_config 'Configure Firewall' do
+  sync_ip node['ipaddress_sync']
+  ip_addr node['ipaddress']
+  if manager_services['firewall']
+    action :add
+  else
+    action :remove
+  end
+end
+
 consul_config 'Configure Consul Server' do
   cdomain node['redborder']['cdomain']
   dns_local_ip node['consul']['dns_local_ip']

diff --git a/resources/recipes/prepare_system.rb b/resources/recipes/prepare_system.rb
@@ -28,10 +28,6 @@
 
 node.default[:ipaddress_sync] = ipaddress_sync
 
-# Opens the kafka port for the IP of the IPS if in manager/ssh mode.
-# If the manager has 2 or more interfaces.
-open_ports_for_ips if ipaddress_sync != node['ip_address']
-
 # get mac
 mac_sync = `ip a | grep -w -B2 #{ipaddress_sync} | awk '{print toupper($2)}' | head -n 1 | tr -d '\n'`
 node.default['mac_sync'] = mac_sync