From 0b7dc57f991273378e7e6bedda87b3e5eee7f6ea Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 24 Feb 2021 18:17:57 +0100
Subject: [run-virt] set-firewall: Better error output

---
 .../opt/openslx/vmchooser/scripts/set-firewall     | 23 +++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

(limited to 'core/modules/run-virt/data/opt/openslx/vmchooser/scripts')

diff --git a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
index 96256515..51047a99 100644
--- a/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
+++ b/core/modules/run-virt/data/opt/openslx/vmchooser/scripts/set-firewall
@@ -4,10 +4,15 @@
 
 [ "$UID" = "0" ] || exit 1
 
-declare -rg RULES=$(mktemp)
+declare -rg RULES="$( mktemp )"
+declare -rg AUTORULES="$( mktemp )"
+declare -rg REMOTERULES="$( mktemp )"
+declare -rg LOGFILE="$( mktemp )"
 
 [ -n "$RULES" ] || exit 2
 
+trap 'rm -f -- "$RULES" "$AUTORULES" "$REMOTERULES" "$LOGFILE"' EXIT
+
 [ -n "$1" ] || exit 3
 
 [ "${#1}" -ge 10 ] || exit 4
@@ -35,7 +40,6 @@ for TOOL in iptables ip6tables; do
 	$TOOL -A runvirt-OUTPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
 done
 
-declare -rg AUTORULES=$(mktemp)
 
 parse_uri () {
 	local scheme
@@ -107,19 +111,28 @@ fi
 sort -u "${AUTORULES}" > "${RULES}"
 
 # determine the URL to download the netrules from
-. /opt/openslx/vmchooser/config/resource_urls.conf
+if [ -s /opt/openslx/vmchooser/config/resource_urls.conf ]; then
+	. /opt/openslx/vmchooser/config/resource_urls.conf
+fi
 NETRULES_URL=
 [ -n "$url_lecture_netrules" ] && NETRULES_URL="${url_lecture_netrules//%UUID%/${1}}"
 [ -z "$NETRULES_URL" ] && NETRULES_URL="${SLX_VMCHOOSER_BASE_URL}/lecture/$1/netrules"
-wget -T 6 -O - "${NETRULES_URL}" >> "${RULES}" 2> "${AUTORULES}"
+wget -T 8 -O - "${NETRULES_URL}" > "${REMOTERULES}" 2> "${LOGFILE}"
 RET=$?
 
 if [ "$RET" != "0" ]; then
 	echo "wget exit code: $RET :-("
-	grep -q "ERROR 404" "${AUTORULES}" && exit 0
+	grep -q "ERROR 404" "${LOGFILE}" && exit 0 # Old sat, doesn't support firewall rules
+	echo "WGET error output:"
+	cat "${LOGFILE}"
+	echo "------------ Downloaded content follows"
+	cat "${REMOTERULES}"
 	exit 6
 fi
 
+# Download OK, append to rules
+cat "${REMOTERULES}" >> "${RULES}"
+
 declare -rg V4='^[0-9]+(\.[0-9]+)*(/[0-9]+)?$'
 declare -rg V6='^([0-9a-fA-F]+|:)(:+[0-9a-fA-F]*)*(/[0-9]+)?$'
 
-- 
cgit v1.2.3-55-g7522