Skip to content

USHIFT-1250: Add an option to build.sh to customize open firewall ports #1804

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
openshift-merge-robot merged 1 commit into from
May 24, 2023
Merged

USHIFT-1250: Add an option to build.sh to customize open firewall ports #1804

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions docs/rhel4edge_iso.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,9 @@ Optional arguments:
-authorized_keys_file path_to_file
Path to an SSH authorized_keys file to allow SSH access
into the default 'redhat' account
-open_firewall_ports port1[:protocol1],...,portN[:protocolN]
One or more comma-separated ports (optionally with protocol)
to be allowed by firewall (default: none)
-prometheus
Add Prometheus process exporter to the image. See
https://github.com/ncabatoff/process-exporter for more information
Expand Down
22 changes: 21 additions & 1 deletion scripts/image-builder/build.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,14 +55,17 @@ usage() {
echo " -authorized_keys_file path_to_file"
echo " Path to an SSH authorized_keys file to allow SSH access"
echo " into the default 'redhat' account"
echo " -open_firewall_ports port1[:protocol1],...,portN[:protocolN]"
echo " One or more comma-separated ports (optionally with protocol)"
echo " to be allowed by firewall (default: none)"
echo " -prometheus"
echo " Add Prometheus process exporter to the image. See"
echo " https://github.com/ncabatoff/process-exporter for more information"
exit 1
}

title() {
echo -e "\E[34m\n# $1\E[00m";
echo -e "\E[34m\n# $1\E[00m"
}

waitfor_image() {
Expand Down Expand Up @@ -214,6 +217,12 @@ while [ $# -gt 0 ] ; do
[ -z "${AUTHORIZED_KEYS_FILE}" ] && usage "Authorized keys file not specified"
shift
;;
-open_firewall_ports)
shift
OPEN_FIREWALL_PORTS="$1"
[ -z "${OPEN_FIREWALL_PORTS}" ] && usage "Firewall ports not specified"
shift
;;
-prometheus)
PROMETHEUS=true
shift
Expand Down Expand Up @@ -336,6 +345,17 @@ if ${EMBED_CONTAINERS} ; then
>> blueprint_v0.0.1.toml
fi

# Add open firewall ports
if [ -n "${OPEN_FIREWALL_PORTS}" ] ; then
for port in ${OPEN_FIREWALL_PORTS//,/ } ; do
cat >> blueprint_v0.0.1.toml <<EOF

[customizations.firewall]
ports = ["${port}"]
EOF
done
fi

# Add the firewall customization required by Prometheus
if ${PROMETHEUS} ; then
cat >> blueprint_v0.0.1.toml <<EOF
Expand Down