Commit 77dc9e83 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Change rules for wrapping up public profiles; if a xen node without

a routeable IP, then use "basic" instead of closed so that ssh is
allowed in (on the alternate port of course).
parent fdadd7c1
......@@ -326,6 +326,23 @@ sub CheckFirewall($$)
return undef;
foreach my $ref (GeniXML::FindNodes("n:node", $rspec)->get_nodelist()) {
my @routable_control_ip =
my $virtualization_type = GeniXML::GetVirtualizationSubtype($ref);
# If a XEN container but not a routable IP, then use the basic
# rules instead of closed, so that ssh is allowed in on the
# alternate port. That is the only real difference between basic
# and closed.
my $style = "closed";
if (defined($virtualization_type) &&
$virtualization_type eq "emulab-xen" && !@routable_control_ip) {
$style = "basic";
if ($condomize) {
# No settings is easy; wrap it tight.
......@@ -333,7 +350,7 @@ sub CheckFirewall($$)
if (!GeniXML::HasFirewallSettings($ref)) {
my $firewall = GeniXML::AddElement("firewall", $ref,
GeniXML::SetText("style", $firewall, "closed");
GeniXML::SetText("style", $firewall, $style);
......@@ -343,7 +360,7 @@ sub CheckFirewall($$)
my $style = GeniXML::GetText("style", $settings);
if (!defined($style) || $style ne "basic" || $style ne "closed") {
GeniXML::SetText("style", $settings, "closed");
GeniXML::SetText("style", $settings, $style);
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment