Disabling managing firewall - cloudstack-setup-management (#4239)

davidjumani · web-flow · commit ead9a34b3df0 · 2020-09-22T17:46:21.000+05:30
* Adding message to ensure ports are open

* Removing configuring iptables

* Fixing merge conflict
diff --git a/client/bindir/cloud-setup-management.in b/client/bindir/cloud-setup-management.in
@@ -45,13 +45,14 @@ if __name__ == '__main__':
     try:
         syscfg = sysConfigFactory.getSysConfigFactory(glbEnv)
     except UnknownSystemException:
-        print(("Error: CloudStack failed to detect your "
-                "operating system. Exiting."), file=sys.stderr)
+        print("Error: CloudStack failed to detect your "
+                "operating system. Exiting.", file=sys.stderr)
         sys.exit(1)
     try:
         syscfg.registerService(cloudManagementConfig)
         syscfg.config()
         print("CloudStack Management Server setup is Done!")
+        print("Please ensure the following ports are open for the management server to function properly : 8080 8250 8443 9090")
     except (CloudRuntimeException, CloudInternalException) as e:
         print(e)
         print("Try to restore your system:")
diff --git a/python/lib/cloudutils/serviceConfig.py b/python/lib/cloudutils/serviceConfig.py
@@ -5,9 +5,9 @@
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
-# 
+#
 #   http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -775,32 +775,3 @@ def config(self):
 
     def restore(self):
         return True
-
-class firewallConfigServer(firewallConfigBase):
-    def __init__(self, syscfg):
-        super(firewallConfigServer, self).__init__(syscfg)
-        #9090 is used for cluster management server
-        if self.syscfg.env.svrMode == "myCloud":
-            self.ports = "443 8080 8250 8443 9090".split()
-        else:
-            self.ports = "8080 8250 9090".split()
-
-class ubuntuFirewallConfigServer(firewallConfigServer):
-    def allowPort(self, port):
-        status = False
-        try:
-            status = bash("iptables-save|grep INPUT|grep -w %s"%port).isSuccess()
-        except:
-            pass
-
-        if not status:
-            bash("ufw allow %s/tcp"%port)
-
-    def config(self):
-        try:
-            for port in self.ports:
-                self.allowPort(port)
-
-            return True
-        except:
-            raise
diff --git a/python/lib/cloudutils/syscfg.py b/python/lib/cloudutils/syscfg.py
@@ -5,9 +5,9 @@
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
-# 
+#
 #   http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -29,7 +29,7 @@ def getSysConfigFactory(glbEnv):
             return sysConfigDbFactory.getDb(glbEnv)
         else:
             raise CloudInternalException("Need to specify which mode are u running: Agent/Server/Db")
-        
+
 class sysConfigAgentFactory:
     @staticmethod
     def getAgent(glbEnv):
@@ -61,7 +61,7 @@ def getServer(glbEnv):
         else:
             print("Can't find the distribution version")
             return sysConfig()
-    
+
 class sysConfigDbFactory:
     @staticmethod
     def getDb(glbEnv):
@@ -71,39 +71,39 @@ class sysConfig(object):
     def __init__(self, env):
         self.env = env
         self.services = []
-    
+
     def registerService(self, service):
         self.services.append(service(self))
-        
+
     def config(self):
         if not self.check():
             return False
 
         for service in self.services:
             if not service.configration():
                 raise CloudInternalException("Configuration failed for service %s" % service.serviceName)
-    
+
     def restore(self):
         for service in self.services:
             service.backup()
-    
+
     def check(self):
         return True
-    
+
 class sysConfigAgent(sysConfig):
     def __init__(self, env):
         super(sysConfigAgent, self).__init__(env)
 
     def check(self):
         if self.env.debug:
             return True
- 
+
         if self.env.agentMode == "myCloud":
             if self.env.distribution.getVersion() != "Ubuntu":
                 raise CloudInternalException("Need to run myCloud agent on an Ubuntu machine\n")
             elif self.env.distribution.getArch() != "x86_64":
                 raise CloudInternalException("Need to run myCloud agent on an 64bit machine\n")
-            #check free disk space on the local disk 
+            #check free disk space on the local disk
             if os.path.exists("/var/lib/libvirt/images"):
                 size = -1
                 try:
@@ -127,18 +127,18 @@ def check(self):
 
         if os.geteuid() != 0:
             raise CloudInternalException("Need to execute with root permission\n")
-        
+
         hostname = bash("hostname -f")
         if not hostname.isSuccess():
             raise CloudInternalException("Checking hostname ... [Failed]\nPlease edit /etc/hosts, add a Fully Qualified Domain Name as your hostname\n")
 
         kvmEnabled = self.svo.isKVMEnabled()
         if not kvmEnabled:
             raise CloudInternalException("Checking KVM...[Failed]\nPlease enable KVM on this machine\n")
-        
+
         return True
 
-    
+
 class sysConfigAgentRedhatBase(sysConfigAgent):
     def __init__(self, env):
         self.svo = serviceOpsRedhat()
@@ -188,7 +188,7 @@ def __init__(self, glbEnv):
                          libvirtConfigRedhat(self),
                          firewallConfigAgent(self),
                          cloudAgentConfig(self)]
-        
+
 #it covers RHEL7
 class sysConfigRedhat7(sysConfigAgentRedhat7Base):
     def __init__(self, glbEnv):
@@ -219,15 +219,15 @@ def check(self):
         if not hostname.isSuccess():
             raise CloudInternalException("Checking hostname ... [Failed]\nPlease edit /etc/hosts, add a Fully Qualified Domain Name as your hostname\n")
         return True
-        
+
 class sysConfigServerRedhat(sysConfigServer):
     def __init__(self, glbEnv):
         super(sysConfigServerRedhat, self).__init__(glbEnv)
         self.svo = serviceOpsRedhat()
-        self.services = [firewallConfigServer(self)]
-    
+        self.services = []
+
 class sysConfigServerUbuntu(sysConfigServer):
     def __init__(self, glbEnv):
         super(sysConfigServerUbuntu, self).__init__(glbEnv)
         self.svo = serviceOpsUbuntu()
-        self.services = [ubuntuFirewallConfigServer(self)]
+        self.services = []
