Merge pull request #37498 from dgoodwin/firewalld-check

Automatic merge from submit-queue (batch tested with PRs 37945, 37498, 37391, 37209, 37169) Warn if firewalld service is enabled. Fixes https://github.com/kubernetes/kubeadm/issues/21 Output will be: ``` (root@centos1 ~) $ kubeadm init Running pre-flight checks WARNING: firewalld is active, please ensure ports [6443 9898 10250] are open ``` I went with the port list from @errordeveloper 's ansible playbook here but it's possible there should be others listed.
2016-12-02 20:32:44 -08:00 · 2016-12-02 20:32:44 -08:00 · c868b870e6
parent 91e02fe2ec 16e01c65c4
commit c868b870e6
1 changed files with 27 additions and 0 deletions
--- a/cmd/kubeadm/app/preflight/checks.go
+++ b/cmd/kubeadm/app/preflight/checks.go
@ -82,6 +82,32 @@ func (sc ServiceCheck) Check() (warnings, errors []error) {
 	return warnings, errors
 }

+// FirewalldCheck checks if firewalld is enabled or active, and if so outputs a warning.
+type FirewalldCheck struct {
+	ports []int
+}
+
+func (fc FirewalldCheck) Check() (warnings, errors []error) {
+	initSystem, err := initsystem.GetInitSystem()
+	if err != nil {
+		return []error{err}, nil
+	}
+
+	warnings = []error{}
+
+	if !initSystem.ServiceExists("firewalld") {
+		return nil, nil
+	}
+
+	if initSystem.ServiceIsActive("firewalld") {
+		warnings = append(warnings,
+			fmt.Errorf("firewalld is active, please ensure ports %v are open or your cluster may not function correctly",
+				fc.ports))
+	}
+
+	return warnings, errors
+}
+
 // PortOpenCheck ensures the given port is available for use.
 type PortOpenCheck struct {
 	port int
@ -239,6 +265,7 @@ func RunInitMasterChecks(cfg *kubeadmapi.MasterConfiguration) error {
 		HostnameCheck{},
 		ServiceCheck{Service: "kubelet"},
 		ServiceCheck{Service: "docker"},
+		FirewalldCheck{ports: []int{int(cfg.API.BindPort), int(cfg.Discovery.BindPort), 10250}},
 		PortOpenCheck{port: int(cfg.API.BindPort)},
 		PortOpenCheck{port: 8080},
 		PortOpenCheck{port: int(cfg.Discovery.BindPort)},