From cdd3cd18803606f3119da1f75e262a86fedd260f Mon Sep 17 00:00:00 2001
From: Guillem Jover <gjover@sipwise.com>
Date: Mon, 16 Oct 2023 23:55:40 +0200
Subject: [PATCH] MT#58452 Add listening checks for stock services

Add checks for stock services that were previously omitted. This makes
sure we can spot any possible regression in the set of listening
addresses.

This includes dnsmasq and nginx ports.

Change-Id: I9a9041cf97df511f4801941e932e97baa797a348
---
 templates/821_network-ports-ngcp.yaml.tt2     | 16 ++++++++++++
 templates/822_network-ports-ngcp-pro.yaml.tt2 | 25 +++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/templates/821_network-ports-ngcp.yaml.tt2 b/templates/821_network-ports-ngcp.yaml.tt2
index 628b3e1..754cddf 100644
--- a/templates/821_network-ports-ngcp.yaml.tt2
+++ b/templates/821_network-ports-ngcp.yaml.tt2
@@ -79,11 +79,27 @@ port:
     listening: true
     ip: ["[% web_ext_ips.0 %]"]
 
+  # Nginx HTTPS (NGCP Panel API)
+  tcp:1442:
+    listening: true
+    ip: ["127.0.0.1"]
+  tcp6:1442:
+    listening: true
+    ip: ["::1"]
+
   # Nginx HTTPS (NGCP Panel Admin)
   tcp:1443:
     listening: true
     ip: ["[% web_int_ips.0 %]"]
 
+  # Nginx status port
+  tcp:[% nginx.status_port %]:
+    listening: true
+    ip: ["127.0.0.1"]
+  tcp6:[% nginx.status_port %]:
+    listening: true
+    ip: ["::1"]
+
 [% END -%]
 [% IF is_mgmt && pbx.enable == 'yes' -%]
   # HTTPS PBX autoprovisioning
diff --git a/templates/822_network-ports-ngcp-pro.yaml.tt2 b/templates/822_network-ports-ngcp-pro.yaml.tt2
index d3d7364..558b723 100644
--- a/templates/822_network-ports-ngcp-pro.yaml.tt2
+++ b/templates/822_network-ports-ngcp-pro.yaml.tt2
@@ -8,6 +8,31 @@
   host_ha_iface = out;
 -%]
 port:
+  # dnsmasq (DNS)
+  tcp:53:
+    listening: {{.Vars.NODE_ACTIVE}}
+    ip: ["0.0.0.0"]
+  tcp6:53:
+    listening: {{.Vars.NODE_ACTIVE}}
+    ip: ["::"]
+  udp:53:
+    listening: {{.Vars.NODE_ACTIVE}}
+    ip: ["0.0.0.0"]
+  udp6:53:
+    listening: {{.Vars.NODE_ACTIVE}}
+    ip: ["::"]
+  # dnsmasq (DHCPv4)
+  udp:67:
+    listening: {{.Vars.NODE_ACTIVE}}
+    ip: ["0.0.0.0"]
+  # dnsmasq (TFTP)
+  udp:69:
+    listening: {{.Vars.NODE_ACTIVE}}
+    ip: ["0.0.0.0"]
+  udp6:69:
+    listening: {{.Vars.NODE_ACTIVE}}
+    ip: ["::"]
+
   # snmpd
   udp:161:
     listening: true