Permalink
Browse files

Merge "setup iptables if gerrit port is lower than 1024"

  • Loading branch information...
2 parents 129f1dc + 24e98cb commit a6a12e38b20eaf90db69c07fded23c17c0ff1d31 @leoli leoli committed with Gerrit Code Review Nov 2, 2012
Showing with 17 additions and 1 deletion.
  1. +4 −0 jobs/gerrit/monit
  2. +5 −1 jobs/gerrit/templates/gerrit_config.erb
  3. +8 −0 jobs/gerrit/templates/gerrit_init.ctl.erb
View
@@ -2,7 +2,11 @@ check process gerrit
with pidfile /var/vcap/sys/run/gerrit/gerrit.pid
start program "/var/vcap/jobs/gerrit/bin/gerrit_ctl start"
stop program "/var/vcap/jobs/gerrit/bin/gerrit_ctl stop"
+<% if !properties.gerrit.http_port || (properties.gerrit.http_port < 1024) %>
+ if failed host <%= properties.gerrit.address %> port 8080 protocol http with timeout <%= properties.gerrit.http_timeout || 5 %> seconds for <%= properties.gerrit.http_cycles || 10 %> cycles then restart
+<% else %>
if failed host <%= properties.gerrit.address %> port <%= properties.gerrit.http_port %> protocol http with timeout <%= properties.gerrit.http_timeout || 5 %> seconds for <%= properties.gerrit.http_cycles || 10 %> cycles then restart
+ <% end %>
group vcap
<% if properties.gerrit.enable_zabbix_agent==1 %>
@@ -42,7 +42,11 @@
listenAddress = *:<%= properties.gerrit.ssh_port || 29418 %>
[httpd]
- listenUrl = proxy-http://<%= properties.gerrit.address %>:<%= properties.gerrit.http_port || 8080 %>/
+<% if !properties.gerrit.http_port || (properties.gerrit.http_port < 1024) %>
+ listenUrl = proxy-http://<%= properties.gerrit.address %>:8080/
+<% else %>
+ listenUrl = proxy-http://<%= properties.gerrit.address %>:<%= properties.gerrit.http_port %>/
+<% end %>
[cache]
directory = cache
@@ -55,6 +55,14 @@ chmod -R 600 $JOB_DIR/config/
# General Configurations
cp -pf $JOB_DIR/config/gerrit.config $CONFIG_DIR/
cp -pf $JOB_DIR/config/secure.config $CONFIG_DIR/
+<% if properties.gerrit.http_port && properties.gerrit.http_port < 1024 %>
+# set up iptables if the gerrit port is designated as below 1024
+is_rule_set=`/sbin/iptables -t nat -L | grep DNAT | grep -c -v "grep"`
+if [ $is_rule_set -lt 1 ]; then
+ /sbin/iptables -t nat -A PREROUTING -p tcp -d <%= properties.gerrit.external_domain %> --dport <%= properties.gerrit.http_port %> -j DNAT --to <%= properties.gerrit.address %>:8080
+ /sbin/iptables -t nat -A OUTPUT -p tcp -d <%= properties.gerrit.external_domain %> --dport <%= properties.gerrit.http_port %> -j DNAT --to <%= properties.gerrit.address %>:8080
+fi
+<% end %>
# Replication setup
cp -pf $JOB_DIR/config/replication.config $CONFIG_DIR/

0 comments on commit a6a12e3

Please sign in to comment.