cp "$APROJECT_DIR/resources/downloads/${binary}" /usr/local/bin/
chmod 755 "/usr/local/bin/${binary}"
done
- mkdir ~/.kube
+ mkdir -p ~/.kube
}
setup_vnc_server() {
create_cert "nexus"
}
-update_firewall() {
-# TODO
-#firewall-cmd --permanent --add-port=53/udp
-#firewall-cmd --permanent --add-port=53/tcp
-#firewall-cmd --permanent --add-port=10001/tcp
-#firewall-cmd --permanent --add-port=80/tcp
-#firewall-cmd --permanent --add-port=443/tcp
-return 0
+# disable firewall (firewalld on rhel) and cleanup the iptables
+# args: [<distro>] [<ip>]
+# if no distro arg then run locally and only cleanup iptables
+# if no ip arg then run locally
+disable_firewall() {
+ _distro="$1"
+ _node_ip="$2"
+
+ case "$_distro" in
+ rhel)
+ message info "Disable firewalld"
+ message warning "Please, if you have some other firewall service - disable it or configure it for this installation to work !"
+ if [ -n "$_node_ip" ] ; then
+ ssh -T "$_node_ip"
+ else
+ sh
+ fi <<EOF
+if rpm -ql firewalld ; then
+ systemctl stop firewalld && systemctl disable firewalld
+ exit \$?
+else
+ exit 0
+fi 2>&1 >/dev/null
+EOF
+ ;;
+ *)
+ message warning "This system is not fully supported!"
+ message warning "The installation can stop working after the reboot - BE WARNED"
+ message warning "Please, if you have some firewall service - disable it or configure it for this installation to work !"
+ ;;
+ esac
+
+ message info "Cleanup iptables"
+ if [ -n "$_node_ip" ] ; then
+ ssh -T "$_node_ip"
+ else
+ sh
+ fi <<EOF
+iptables -P INPUT ACCEPT && \
+iptables -P OUTPUT ACCEPT && \
+iptables -P FORWARD ACCEPT && \
+iptables -F
+EOF
+
+ return 0
}
distribute_root_CA() {
nodeip=$1
os=$2
echo "Deploying node $nodeip"
+ disable_firewall $os $nodeip
distribute_root_CA $nodeip
install_remote_docker $nodeip $os
deploy_rancher_agent $nodeip
Code Review / oom / offline-installer.git / blobdiff