[node-patches] Change in ovirt-node[master]: firewall: Use correct logic if firewalld is used

fabiand at redhat.com fabiand at redhat.com
Wed Oct 8 15:27:36 UTC 2014 

Fabian Deutsch has uploaded a new change for review.

Change subject: firewall: Use correct logic if firewalld is used
......................................................................

firewall: Use correct logic if firewalld is used

Previously the decision if firewealld should be used or not was lax, it
was only based on the fact that firewalld was used.
Now the decision is made on the install state and service state of
firewalld.

Now firewalld will only be configured if it's installed and the service
running, otherwise iptables will be used.

Change-Id: Ica13f63ac67d0ba1dd29f5b1566e96036e78eefc
Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=1150328
Signed-off-by: Fabian Deutsch <fabiand at fedoraproject.org>
---
M src/ovirt/node/utils/firewall.py
1 file changed, 18 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-node refs/changes/38/33938/1

diff --git a/src/ovirt/node/utils/firewall.py b/src/ovirt/node/utils/firewall.py
index f551938..262c9b9 100644
--- a/src/ovirt/node/utils/firewall.py
+++ b/src/ovirt/node/utils/firewall.py
@@ -21,7 +21,7 @@
 
 from glob import glob
 import os
-from ovirt.node.utils import process, fs
+from ovirt.node.utils import process, fs, system
 import logging
 
 LOGGER = logging.getLogger(__name__)
@@ -42,16 +42,26 @@
 """
 
 
-def is_firewalld():
-    if os.path.exists("/etc/firewalld"):
+def is_firewalld_available():
+    """Check if firewalld is installed
+    """
+    return os.path.exists("/etc/firewalld")
+
+
+def is_firewalld_started():
+    """Check if firewalld is started
+    """
+    try:
+        system.service("firewalld", "status")
         return True
-    else:
-        return False
+    except Exception as e:
+        LOGGER.debug("Firewalld service status: %s" % e)
+    return False
 
 
 def open_port(port, proto):
-    if is_firewalld():
-        setup_firewalld(port, proto)
+    if is_firewalld_available() and is_firewalld_started():
+        _setup_firewalld(port, proto)
     else:
         setup_iptables(port, proto)
 
@@ -89,7 +99,7 @@
         save_rules()
 
 
-def setup_firewalld(port, proto):
+def _setup_firewalld(port, proto):
     port_conf = ""
     rule_dict = {"port": port,
                  "proto": proto


-- 
To view, visit http://gerrit.ovirt.org/33938
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ica13f63ac67d0ba1dd29f5b1566e96036e78eefc
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-node
Gerrit-Branch: master
Gerrit-Owner: Fabian Deutsch <fabiand at redhat.com>

More information about the node-patches mailing list