X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;ds=sidebyside;f=ci%2Futil.sh;h=34821a7b07eb8367032e8e3b46192f0305360133;hb=refs%2Fchanges%2F49%2F30749%2F1;hp=6681ff5623a9862d99b0f85134ae8a2c754b3296;hpb=97207a12fcc28b13c49674c098a7aba7532e9b87;p=apex.git

diff --git a/ci/util.sh b/ci/util.sh
index 6681ff56..34821a7b 100755
--- a/ci/util.sh
+++ b/ci/util.sh
@@ -2,9 +2,22 @@
 # Utility script used to interact with a deployment
 # @author Tim Rozet (trozet@redhat.com)
 
-CONFIG=${CONFIG:-'/var/opt/opnfv'}
-RESOURCES=${RESOURCES:-"$CONFIG/images"}
-LIB=${LIB:-"$CONFIG/lib"}
+# Backwards compat for old ENV Vars
+# Remove in E Release
+if [ -n "$CONFIG" ]; then
+    echo -e "${red}WARNING: ENV var CONFIG is Deprecated, please unset CONFIG and export BASE in its place${reset}"
+    echo -e "${red}WARNING: CONFIG will be removed in E${reset}"
+    BASE=$CONFIG
+fi
+if [ -n "$RESOURCES" ]; then
+    echo -e "${red}WARNING: ENV var RESOURCES is Deprecated, please unset RESOURCES and export IMAGES in its place${reset}"
+    echo -e "${red}WARNING: RESOURCES will be removed in E${reset}"
+    IMAGES=$RESOURCES
+fi
+
+BASE=${BASE:-'/var/opt/opnfv'}
+IMAGES=${IMAGES:-"$BASE/images"}
+LIB=${LIB:-"$BASE/lib"}
 VALID_CMDS="undercloud overcloud opendaylight debug-stack mock-detached -h --help"
 
 source $LIB/utility-functions.sh
@@ -23,19 +36,19 @@ resolve_cmd() {
 display_usage() {
   echo -e "Usage:\n$0 subcommand [ arguments ]\n"
   echo -e "Arguments:\n"
-  echo -e "   undercloud [ user [ command ] ]   Connect to Undercloud VM as user and optionally execute a command\n"
-  echo -e "                                     user    Optional: Defaults to 'stack'\n"
-  echo -e "                                     command Optional: Defaults to none\n"
+  echo -e "   undercloud [ user [ command ] ]   Connect to Undercloud VM as user and optionally execute a command"
+  echo -e "                                     user    Optional: Defaults to 'stack'"
+  echo -e "                                     command Optional: Defaults to none"
   echo -e ""
-  echo -e "   opendaylight                      Connect to OpenDaylight Karaf console\n"
+  echo -e "   opendaylight                      Connect to OpenDaylight Karaf console"
   echo -e ""
-  echo -e "   overcloud  [ node [ command ] ]   Connect to an Overcloud node and optionally execute a command\n"
-  echo -e "                                     node    Required: in format controller|compute<number>.  Example: controller0\n"
-  echo -e "                                     command Optional: Defaults to none\n"
+  echo -e "   overcloud  [ node [ command ] ]   Connect to an Overcloud node and optionally execute a command"
+  echo -e "                                     node    Required: in format controller|compute<number>.  Example: controller0"
+  echo -e "                                     command Optional: Defaults to none"
   echo -e ""
-  echo -e "   debug-stack                       Print parsed deployment failures to stdout \n"
+  echo -e "   debug-stack                       Print parsed deployment failures to stdout"
   echo -e ""
-  echo -e "   mock-detached on | off            Add firewall rules to the jump host to mock a detached deployment \n"
+  echo -e "   mock-detached on | off            Add firewall rules to the jump host to mock a detached deployment\n"
 }
 
 ##translates the command line argument
@@ -91,13 +104,28 @@ parse_cmdline() {
             ;;
         mock-detached)
                 if [ "$2" == "on" ]; then
-                    echo "Blocking output http and https traffic"
+                    echo "Ensuring we can talk to gerrit.opnfv.org"
+                    iptables -A OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
+                    echo "Blocking output http (80) traffic"
                     iptables -A OUTPUT -p tcp --dport 80 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 80 -j REJECT
+                    echo "Blocking output https (443) traffic"
                     iptables -A OUTPUT -p tcp --dport 443 -j REJECT
+                    iptables -A FORWARD -p tcp --dport 443 -j REJECT
+                    echo "Blocking output dns (53) traffic"
+                    iptables -A FORWARD -p tcp --dport 53 -j REJECT
                 elif [ "$2" == "off" ]; then
-                    echo "Allowing output http and https traffic"
+                    echo "Cleaning gerrit.opnfv.org specific rule"
+                    iptables -D OUTPUT -p tcp -d gerrit.opnfv.org --dport 443 -j ACCEPT
+                    echo "Allowing output http (80) traffic"
                     iptables -D OUTPUT -p tcp --dport 80 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 80 -j REJECT
+                    echo "Allowing output https (443) traffic"
                     iptables -D OUTPUT -p tcp --dport 443 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 443 -j REJECT
+                    echo "Allowing output dns (53) traffic"
+                    iptables -D OUTPUT -p tcp --dport 53 -j REJECT
+                    iptables -D FORWARD -p tcp --dport 53 -j REJECT
                 else
                     display_usage
                 fi