v7.2.1.0

Add opening VRRP for Keepalived

api/api_funct.py

@@ -796,7 +796,7 @@ def upload_ssh_key():
 	passphrase = json_loads['passphrase']
 	token = request.headers.get('token')
 	login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
-	groups = sql.select_groups(id=group_id)
+	groups = group_sql.select_groups(id=group_id)
 	for group in groups:
 		user_group = group.name
 	try:

app/modules/db/history.py

@@ -27,7 +27,6 @@ def alerts_history(service, user_group, **kwargs):
 	except Exception as e:
 		out_error(e)
 	else:
-		conn.close()
 		return cursor.fetchall()
 
 

app/scripts/ansible/roles/keepalived/tasks/main.yml

@@ -87,7 +87,6 @@
     - sestatus.stdout is defined
     - '"Enforcing" in sestatus.stdout'
 
-
 - name: Enable and start service keepalived
   service:
     name: keepalived
@@ -96,7 +95,6 @@
     enabled: yes
   ignore_errors: yes
 
-
 - name: Enable net.ipv4.ip_forward
   sysctl:
     name: net.ipv4.ip_forward
@@ -105,6 +103,32 @@
     state: present
     reload: yes
 
+- name: permit vrrp traffic
+  ansible.posix.firewalld:
+    protocol: vrrp
+    permanent: true
+    state: enabled
+  ignore_errors: yes
+  no_log: True
+  debugger: never
+  when:
+    - '"firewalld" in ansible_facts.packages'
+    - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
+    - ansible_facts.services["firewalld.service"]['state'] == "running"
+
+- name: Open input vrrp port for iptables
+  iptables:
+    chain: INPUT
+    jump: ACCEPT
+    protocol: vrrp
+  ignore_errors: yes
+
+- name: Open output vrrp port for iptables
+  iptables:
+    chain: OUTPUT
+    jump: ACCEPT
+    protocol: vrrp
+  ignore_errors: yes
 
 - name: Add syn_flood tasks
   include_tasks: ../../haproxy/tasks/syn_flood.yml