Skip to content

Commit d5405a7

Browse files
ilmanzoilmanzo
committed
Enable port 2222 on SELINUX for sshd on S390x
1 parent 90338b2 commit d5405a7

File tree

1 file changed

+17
-12
lines changed

1 file changed

+17
-12
lines changed

lib/services/389ds_server.pm

Lines changed: 17 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@ use opensslca;
1717
use network_utils 'iface';
1818
use Utils::Architectures 'is_s390x';
1919
use Utils::Systemd qw(disable_and_stop_service systemctl);
20+
use version_utils 'has_selinux';
2021

2122
my $local_name = '389ds';
2223
my $remote_name = 'sssdclient';
@@ -27,21 +28,25 @@ sub install_service {
2728
zypper_call("in 389-ds openssl");
2829
}
2930

30-
# The function below covers all required steps for 389ds server's configuration
31-
sub config_service {
31+
# move ssh server to another port on s390x architecture
32+
sub workaround_CC_s390x {
3233
my $server_ip = get_var('SERVER_IP', '10.0.2.101');
3334
my $client_ip = get_var('CLIENT_IP', '10.0.2.102');
34-
if (is_s390x) {
35-
my $ssh_port = '2222';
36-
assert_script_run("ip addr add $server_ip/24 dev " . iface);
37-
assert_script_run("echo \"$server_ip server master\" >> /etc/hosts");
38-
assert_script_run("echo 'ListenAddress 0.0.0.0' >> /etc/ssh/sshd_config");
39-
assert_script_run("echo \"Port $ssh_port\" >> /etc/ssh/sshd_config");
40-
systemctl('restart sshd');
41-
disable_and_stop_service('firewalld', ignore_failure => 1);
42-
disable_and_stop_service('apparmor', ignore_failure => 1);
43-
}
35+
my $ssh_port = '2222';
36+
assert_script_run "ip addr add $server_ip/24 dev " . iface;
37+
assert_script_run "echo \"$server_ip server master\" >> /etc/hosts";
38+
assert_script_run "echo 'ListenAddress 0.0.0.0' >> /etc/ssh/sshd_config";
39+
assert_script_run "echo \"Port $ssh_port\" >> /etc/ssh/sshd_config";
40+
# on SELINUX enabled system, need to add new port type to avoid sshd start failure
41+
assert_script_run "semanage port -a -t ssh_port_t -p tcp $ssh_port" if has_selinux;
42+
systemctl('restart sshd');
43+
disable_and_stop_service('firewalld', ignore_failure => 1);
44+
disable_and_stop_service('apparmor', ignore_failure => 1);
45+
}
4446

47+
# The function below covers all required steps for 389ds server's configuration
48+
sub config_service {
49+
workaround_CC_s390x if is_s390x;
4550
# Start a local instance with basic configuration file
4651
assert_script_run("wget --quiet " . data_url("389ds/instance.inf") . " -O /tmp/instance.inf");
4752
assert_script_run("sed -i 's/\{\{PASSWORD\}\}/$testapi::password/g' /tmp/instance.inf");

0 commit comments

Comments
 (0)