[10/16] incubator-brooklyn git commit: BROOKLYN-137 stopIptables and openIptables don't work on CentOS7

[richard]

BROOKLYN-137 stopIptables and openIptables don't work on CentOS7

- Improved check for active firewalld
- Adding test for active firewalld

Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/4ec5965b
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/4ec5965b
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/4ec5965b

Branch: refs/heads/master
Commit: 4ec5965b4e3df259c013a89a8829d030a644a53b
Parents: 524fd80
Author: Yavor Yanchev <ya...@yanchev.com>
Authored: Mon Jun 22 16:39:14 2015 +0300
Committer: Yavor Yanchev <ya...@yanchev.com>
Committed: Mon Jun 22 16:39:14 2015 +0300

----------------------------------------------------------------------
 .../location/jclouds/JcloudsLocation.java       | 26 +++++++++++---------
 .../brooklyn/util/ssh/IptablesCommands.java     |  7 +++++-
 .../util/ssh/IptablesCommandsFirewalldTest.java | 10 ++++++++
 3 files changed, 30 insertions(+), 13 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/4ec5965b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
----------------------------------------------------------------------
diff --git 
a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
 
b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
index e839c3f..300aa51 100644
--- 
a/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
+++ 
b/locations/jclouds/src/main/java/brooklyn/location/jclouds/JcloudsLocation.java
@@ -364,13 +364,15 @@ public class JcloudsLocation extends 
AbstractCloudMachineProvisioningLocation im
                 ? (OsFamily.WINDOWS == os.getFamily()) 
                 : (OsFamily.WINDOWS == confFamily);
     }
-    
-    public boolean isNodeFirewalldEnabled(NodeMetadata node) {
-        String OS = node.getOperatingSystem().getFamily().toString();
-        String version = node.getOperatingSystem().getVersion();
-        return node.getOperatingSystem().getVersion().startsWith("7") &&
-             (node.getOperatingSystem().getFamily().equals(OsFamily.RHEL) ||
-              node.getOperatingSystem().getFamily().equals(OsFamily.CENTOS));
+
+    public boolean isLocationFirewalldEnabled(SshMachineLocation location) {
+        int result = location.execCommands("checking if firewalld is active", 
+                ImmutableList.of(IptablesCommands.firewalldServiceIsActive()));
+        if (result == 0) {
+            return true;
+        }
+        
+        return false;
     }
     
     protected Semaphore getMachineCreationSemaphore() {
@@ -876,10 +878,10 @@ public class JcloudsLocation extends 
AbstractCloudMachineProvisioningLocation im
                             LOG.info("No ports to open in iptables (no inbound 
ports) for {} at {}", machineLocation, this);
                         } else {
                             customisationForLogging.add("open iptables");
-                            
+
                             List<String> iptablesRules = Lists.newArrayList();
-                            
-                            if (isNodeFirewalldEnabled(node)) {
+
+                            if 
(isLocationFirewalldEnabled((SshMachineLocation)machineLocation)) {
                                 for (Integer port : inboundPorts) {
                                     
iptablesRules.add(IptablesCommands.addFirewalldRule(Chain.INPUT, Protocol.TCP, 
port, Policy.ACCEPT));
                                  }
@@ -910,9 +912,9 @@ public class JcloudsLocation extends 
AbstractCloudMachineProvisioningLocation im
                         LOG.warn("Ignoring flag OPEN_IPTABLES on Windows 
location {}", machineLocation);
                     } else {
                         customisationForLogging.add("stop iptables");
-                        
+
                         List<String> cmds = ImmutableList.<String>of();
-                        if (isNodeFirewalldEnabled(node)) {
+                        if 
(isLocationFirewalldEnabled((SshMachineLocation)machineLocation)) {
                             cmds = 
ImmutableList.of(IptablesCommands.firewalldServiceStop(), 
IptablesCommands.firewalldServiceStatus());
                         } else {
                             cmds = 
ImmutableList.of(IptablesCommands.iptablesServiceStop(), 
IptablesCommands.iptablesServiceStatus());

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/4ec5965b/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java 
b/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
index 7d7d8ce..c0e8213 100644
--- a/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
+++ b/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
@@ -115,7 +115,12 @@ public class IptablesCommands {
     public static String firewalldServiceStatus() {
         return firewalldService("status");
     }
-    
+
+    @Beta // implementation not portable across distros
+    public static String firewalldServiceIsActive() {
+        return firewalldService("is-active");
+    }
+
     /**
      * Returns the command that saves iptables rules on file.
      *

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/4ec5965b/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsFirewalldTest.java
----------------------------------------------------------------------
diff --git 
a/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsFirewalldTest.java
 
b/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsFirewalldTest.java
index 28c1c34..f0f6d5c 100644
--- 
a/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsFirewalldTest.java
+++ 
b/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsFirewalldTest.java
@@ -61,6 +61,11 @@ public class IptablesCommandsFirewalldTest {
             + "else echo \"( { which systemctl && systemctl stop firewalld ; } 
|| "
             + "/usr/bin/systemctl stop firewalld )\" | sudo -E -n -S -s -- 
bash ; fi )";
 
+    private static final String firewalldServiceIsActive = "( if test \"$UID\" 
-eq 0; then ( ( { "
+            + "which systemctl && systemctl is-active firewalld ; } || 
/usr/bin/systemctl is-active firewalld ) ); "
+            + "else echo \"( { which systemctl && systemctl is-active 
firewalld ; } || /usr/bin/systemctl is-active firewalld )\" | "
+            + "sudo -E -n -S -s -- bash ; fi )";
+
     @Test
     public void testAddFirewalldRule() {
         Assert.assertEquals(IptablesCommands.addFirewalldRule(Chain.INPUT,
@@ -91,4 +96,9 @@ public class IptablesCommandsFirewalldTest {
     public void testFirewalldServiceStop() {
         Assert.assertEquals(IptablesCommands.firewalldServiceStop(), 
firewalldServiceStop);
     }
+
+    @Test
+    public void testFirewalldServiceIsActive() {
+        Assert.assertEquals(IptablesCommands.firewalldServiceIsActive(), 
firewalldServiceIsActive);
+    }
 }