stackforge-attic/murano-conductor
Code Issues Proposed changes
murano-conductor/data/templates/agent/scripts/Alter-FirewallRulesForSQL.ps1
Alexander Tivelkov 3127bbdf9a Security Group and FW settings for SQLServer (MRN-972) 
Deploying of MsSQLServer will create a new Security Group in OpenStack, with
the proper set of ports opened and forwarded to the instance(s).
SqlServer instances of the environment will be assigned to this security group.
Other services will be assigned to default Security Group.

Same set of ports will be opened in Windows Firewall on the VM(s)

The security group will be created one per environment. If the environment has
2 or more SQLServer services, they will share the same security group.

The security group will be deleted if the environment is deleted.
Also, security group will be deleted if the last service of type SQLServer is
deleted from the environment.

Change-Id: I518fac828af4bd58e7c0b3991c4918714dd0dc94
2013-09-10 16:23:19 +04:00

62 lines
1.3 KiB
PowerShell
Raw Blame History

trap {
&$TrapHandler
}
$FW_Rules = @{
"SQL Server Data Connection" = "1433";
"SQL Admin Connection" = "1434";
"SQL Service Broker" = "4022";
"SQL Debugger/RPC"="135";
}
$FW_Proto = "TCP"
function Add-NetshFirewallRule {
param (
[HashTable] $hshRules,
[String] $proto
)
foreach ($h in $hshRules.GetEnumerator()) {
try {
$command="advfirewall firewall add rule name=`"$($h.Name)`" dir=in action=allow protocol=$proto localport=$($h.Value)"
Start-Process -FilePath netsh -ArgumentList $command -Wait
}
catch {
$except= $_ | Out-String
Write-LogError "Add rule $($h.Name) FAILS with $except"
}
}
}
function Remove-NetShFirewallRule {
param (
[HashTable] $hshRules
)
foreach ($h in $hshRules.GetEnumerator()) {
try {
$command="advfirewall firewall delete rule name=`"$($h.Name)`""
Start-Process -FilePath netsh -ArgumentList $command -Wait
}
catch {
$except= $_ | Out-String
Write-LogError "Delete rule $($h.Name) FAILS with $except"
}
}
}
function Enable-SQLExternalAccess {
Add-NetshFirewallRule $FW_Rules $FW_Proto
}
function Disable-SQLExternalAccess {
Remove-NetshFirewallRule $FW_Rules $FW_Proto
}
View Git Blame Copy Permalink