summaryrefslogtreecommitdiff
path: root/azurelinuxagent
diff options
context:
space:
mode:
Diffstat (limited to 'azurelinuxagent')
-rw-r--r--azurelinuxagent/common/osutil/default.py76
-rw-r--r--azurelinuxagent/common/version.py2
-rw-r--r--azurelinuxagent/ga/env.py25
3 files changed, 69 insertions, 34 deletions
diff --git a/azurelinuxagent/common/osutil/default.py b/azurelinuxagent/common/osutil/default.py
index dc1c11a..f0b1050 100644
--- a/azurelinuxagent/common/osutil/default.py
+++ b/azurelinuxagent/common/osutil/default.py
@@ -16,20 +16,21 @@
# Requires Python 2.4+ and Openssl 1.0+
#
+import array
+import base64
+import datetime
+import fcntl
+import glob
import multiprocessing
import os
import platform
+import pwd
import re
import shutil
import socket
-import array
import struct
+import sys
import time
-import pwd
-import fcntl
-import base64
-import glob
-import datetime
import azurelinuxagent.common.logger as logger
import azurelinuxagent.common.conf as conf
@@ -58,6 +59,7 @@ IPTABLES_LOCKING_VERSION = FlexibleVersion('1.4.21')
FIREWALL_ACCEPT = "iptables {0} -t security -{1} OUTPUT -d {2} -p tcp -m owner --uid-owner {3} -j ACCEPT"
FIREWALL_DROP = "iptables {0} -t security -{1} OUTPUT -d {2} -p tcp -j DROP"
FIREWALL_LIST = "iptables {0} -t security -L"
+FIREWALL_FLUSH = "iptables {0} -t security --flush"
_enable_firewall = True
@@ -74,6 +76,47 @@ class DefaultOSUtil(object):
self.selinux = None
self.disable_route_warning = False
+ def get_firewall_will_wait(self):
+ # Determine if iptables will serialize access
+ rc, output = shellutil.run_get_output(IPTABLES_VERSION)
+ if rc != 0:
+ msg = "Unable to determine version of iptables"
+ logger.warn(msg)
+ raise Exception(msg)
+
+ m = IPTABLES_VERSION_PATTERN.match(output)
+ if m is None:
+ msg = "iptables did not return version information"
+ logger.warn(msg)
+ raise Exception(msg)
+
+ wait = "-w" \
+ if FlexibleVersion(m.group(1)) >= IPTABLES_LOCKING_VERSION \
+ else ""
+ return wait
+
+ def remove_firewall(self):
+ # If a previous attempt threw an exception, do not retry
+ global _enable_firewall
+ if not _enable_firewall:
+ return False
+
+ try:
+ wait = self.get_firewall_will_wait()
+
+ flush_rule = FIREWALL_FLUSH.format(wait)
+ if shellutil.run(flush_rule, chk_err=False) != 0:
+ logger.warn("Failed to flush firewall")
+
+ return True
+
+ except Exception as e:
+ _enable_firewall = False
+ logger.info("Unable to flush firewall -- "
+ "no further attempts will be made: "
+ "{0}".format(ustr(e)))
+ return False
+
def enable_firewall(self, dst_ip=None, uid=None):
# If a previous attempt threw an exception, do not retry
@@ -87,22 +130,7 @@ class DefaultOSUtil(object):
logger.warn(msg)
raise Exception(msg)
- # Determine if iptables will serialize access
- rc, output = shellutil.run_get_output(IPTABLES_VERSION)
- if rc != 0:
- msg = "Unable to determine version of iptables"
- logger.warn(msg)
- raise Exception(msg)
-
- m = IPTABLES_VERSION_PATTERN.match(output)
- if m is None:
- msg = "iptables did not return version information"
- logger.warn(msg)
- raise Exception(msg)
-
- wait = "-w" \
- if FlexibleVersion(m.group(1)) >= IPTABLES_LOCKING_VERSION \
- else ""
+ wait = self.get_firewall_will_wait()
# If the DROP rule exists, make no changes
drop_rule = FIREWALL_DROP.format(wait, "C", dst_ip)
@@ -964,3 +992,7 @@ class DefaultOSUtil(object):
def check_pid_alive(self, pid):
return pid is not None and os.path.isdir(os.path.join('/proc', pid))
+
+ @property
+ def is_64bit(self):
+ return sys.maxsize > 2**32
diff --git a/azurelinuxagent/common/version.py b/azurelinuxagent/common/version.py
index f27db38..e1bb828 100644
--- a/azurelinuxagent/common/version.py
+++ b/azurelinuxagent/common/version.py
@@ -113,7 +113,7 @@ def get_distro():
AGENT_NAME = "WALinuxAgent"
AGENT_LONG_NAME = "Azure Linux Agent"
-AGENT_VERSION = '2.2.16'
+AGENT_VERSION = '2.2.17'
AGENT_LONG_VERSION = "{0}-{1}".format(AGENT_NAME, AGENT_VERSION)
AGENT_DESCRIPTION = """
The Azure Linux Agent supports the provisioning and running of Linux
diff --git a/azurelinuxagent/ga/env.py b/azurelinuxagent/ga/env.py
index 0456cb0..45b10bb 100644
--- a/azurelinuxagent/ga/env.py
+++ b/azurelinuxagent/ga/env.py
@@ -76,17 +76,20 @@ class EnvHandler(object):
while not self.stopped:
self.osutil.remove_rules_files()
- if conf.enable_firewall():
- success = self.osutil.enable_firewall(
- dst_ip=protocol.endpoint,
- uid=os.getuid())
- add_periodic(
- logger.EVERY_HOUR,
- AGENT_NAME,
- version=CURRENT_VERSION,
- op=WALAEventOperation.Firewall,
- is_success=success,
- log_event=True)
+ # Disable setting firewall for now, regardless of configuration switch
+ # if conf.enable_firewall():
+ # success = self.osutil.enable_firewall(
+ # dst_ip=protocol.endpoint,
+ # uid=os.getuid())
+ # add_periodic(
+ # logger.EVERY_HOUR,
+ # AGENT_NAME,
+ # version=CURRENT_VERSION,
+ # op=WALAEventOperation.Firewall,
+ # is_success=success,
+ # log_event=True)
+
+ self.osutil.remove_firewall()
timeout = conf.get_root_device_scsi_timeout()
if timeout is not None: