Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

setup iptables if gerrit port is lower than 1024

vcap isn't allowed to use port lower than 1024. In that case,
this commit will put it to 8080 and set up iptables to route
all the requests from the target port to 8080.

Change-Id: I6b874ad0a4013d248ed3343ea92811629eb07acb
  • Loading branch information...
commit 24e98cb47bf1ff1e7fcd16a1dfe7c7f17cbf4df5 1 parent 550c0ed
@leoli leoli authored
View
4 jobs/gerrit/monit
@@ -2,7 +2,11 @@ check process gerrit
with pidfile /var/vcap/sys/run/gerrit/gerrit.pid
start program "/var/vcap/jobs/gerrit/bin/gerrit_ctl start"
stop program "/var/vcap/jobs/gerrit/bin/gerrit_ctl stop"
+<% if !properties.gerrit.http_port || (properties.gerrit.http_port < 1024) %>
+ if failed host <%= properties.gerrit.address %> port 8080 protocol http with timeout <%= properties.gerrit.http_timeout || 5 %> seconds for <%= properties.gerrit.http_cycles || 10 %> cycles then restart
+<% else %>
if failed host <%= properties.gerrit.address %> port <%= properties.gerrit.http_port %> protocol http with timeout <%= properties.gerrit.http_timeout || 5 %> seconds for <%= properties.gerrit.http_cycles || 10 %> cycles then restart
+ <% end %>
group vcap
<% if properties.gerrit.enable_zabbix_agent==1 %>
View
6 jobs/gerrit/templates/gerrit_config.erb
@@ -42,7 +42,11 @@
listenAddress = *:<%= properties.gerrit.ssh_port || 29418 %>
[httpd]
- listenUrl = proxy-http://<%= properties.gerrit.address %>:<%= properties.gerrit.http_port || 8080 %>/
+<% if !properties.gerrit.http_port || (properties.gerrit.http_port < 1024) %>
+ listenUrl = proxy-http://<%= properties.gerrit.address %>:8080/
+<% else %>
+ listenUrl = proxy-http://<%= properties.gerrit.address %>:<%= properties.gerrit.http_port %>/
+<% end %>
[cache]
directory = cache
View
8 jobs/gerrit/templates/gerrit_init.ctl.erb
@@ -55,6 +55,14 @@ chmod -R 600 $JOB_DIR/config/
# General Configurations
cp -pf $JOB_DIR/config/gerrit.config $CONFIG_DIR/
cp -pf $JOB_DIR/config/secure.config $CONFIG_DIR/
+<% if properties.gerrit.http_port && properties.gerrit.http_port < 1024 %>
+# set up iptables if the gerrit port is designated as below 1024
+is_rule_set=`/sbin/iptables -t nat -L | grep DNAT | grep -c -v "grep"`
+if [ $is_rule_set -lt 1 ]; then
+ /sbin/iptables -t nat -A PREROUTING -p tcp -d <%= properties.gerrit.external_domain %> --dport <%= properties.gerrit.http_port %> -j DNAT --to <%= properties.gerrit.address %>:8080
+ /sbin/iptables -t nat -A OUTPUT -p tcp -d <%= properties.gerrit.external_domain %> --dport <%= properties.gerrit.http_port %> -j DNAT --to <%= properties.gerrit.address %>:8080
+fi
+<% end %>
# Replication setup
cp -pf $JOB_DIR/config/replication.config $CONFIG_DIR/
Please sign in to comment.
Something went wrong with that request. Please try again.