From 534916b1c8e626d98199ecec193250288d9b1df2 Mon Sep 17 00:00:00 2001
From: Aidaho <aidaho@roxy-wi.org>
Date: Wed, 6 Mar 2024 09:32:34 +0300
Subject: [PATCH] v7.2.1.0

Add opening VRRP for Keepalived
---
 api/api_funct.py                              |  2 +-
 app/modules/db/history.py                     |  1 -
 .../ansible/roles/keepalived/tasks/main.yml   | 28 +++++++++++++++++--
 3 files changed, 27 insertions(+), 4 deletions(-)

diff --git a/api/api_funct.py b/api/api_funct.py
index fa386870..d881dea4 100644
--- a/api/api_funct.py
+++ b/api/api_funct.py
@@ -796,7 +796,7 @@ def upload_ssh_key():
 	passphrase = json_loads['passphrase']
 	token = request.headers.get('token')
 	login, group_id, role_id = user_sql.get_username_group_id_from_api_token(token)
-	groups = sql.select_groups(id=group_id)
+	groups = group_sql.select_groups(id=group_id)
 	for group in groups:
 		user_group = group.name
 	try:
diff --git a/app/modules/db/history.py b/app/modules/db/history.py
index ed31fe14..0653c4fa 100644
--- a/app/modules/db/history.py
+++ b/app/modules/db/history.py
@@ -27,7 +27,6 @@ def alerts_history(service, user_group, **kwargs):
 	except Exception as e:
 		out_error(e)
 	else:
-		conn.close()
 		return cursor.fetchall()
 
 
diff --git a/app/scripts/ansible/roles/keepalived/tasks/main.yml b/app/scripts/ansible/roles/keepalived/tasks/main.yml
index 9fd13a06..a421e13c 100644
--- a/app/scripts/ansible/roles/keepalived/tasks/main.yml
+++ b/app/scripts/ansible/roles/keepalived/tasks/main.yml
@@ -87,7 +87,6 @@
     - sestatus.stdout is defined
     - '"Enforcing" in sestatus.stdout'
 
-
 - name: Enable and start service keepalived
   service:
     name: keepalived
@@ -96,7 +95,6 @@
     enabled: yes
   ignore_errors: yes
 
-
 - name: Enable net.ipv4.ip_forward
   sysctl:
     name: net.ipv4.ip_forward
@@ -105,6 +103,32 @@
     state: present
     reload: yes
 
+- name: permit vrrp traffic
+  ansible.posix.firewalld:
+    protocol: vrrp
+    permanent: true
+    state: enabled
+  ignore_errors: yes
+  no_log: True
+  debugger: never
+  when:
+    - '"firewalld" in ansible_facts.packages'
+    - ansible_facts['os_family'] == "RedHat" or ansible_facts['os_family'] == 'CentOS'
+    - ansible_facts.services["firewalld.service"]['state'] == "running"
+
+- name: Open input vrrp port for iptables
+  iptables:
+    chain: INPUT
+    jump: ACCEPT
+    protocol: vrrp
+  ignore_errors: yes
+
+- name: Open output vrrp port for iptables
+  iptables:
+    chain: OUTPUT
+    jump: ACCEPT
+    protocol: vrrp
+  ignore_errors: yes
 
 - name: Add syn_flood tasks
   include_tasks: ../../haproxy/tasks/syn_flood.yml