Sandro Bonazzola has uploaded a new change for review. Change subject: packaging: reimplemented engine_firewalld ......................................................................
packaging: reimplemented engine_firewalld Reimplemented using the firewall-cmd command instead of the python API, avoiding issues with dbus. The firewall-cmd command will be used also in otopi based rewrite of the engine-setup command. Change-Id: Ie0d819c9607d4c99b3093e364ca504ae96acca36 Bug-Url: https://bugzilla.redhat.com/924071 Signed-off-by: Sandro Bonazzola <[email protected]> --- M packaging/fedora/setup/basedefs.py M packaging/fedora/setup/engine_firewalld.py 2 files changed, 42 insertions(+), 10 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/89/13589/1 diff --git a/packaging/fedora/setup/basedefs.py b/packaging/fedora/setup/basedefs.py index cf45f99..2ee1c86 100644 --- a/packaging/fedora/setup/basedefs.py +++ b/packaging/fedora/setup/basedefs.py @@ -191,6 +191,7 @@ EXEC_KEYTOOL="/usr/bin/keytool" EXEC_TASK_CLEANER = "%s/ovirt-engine/scripts/dbutils/taskcleaner.sh" % DIR_USR_SHARE EXEC_FKVALIDATOR = "%s/ovirt-engine/scripts/dbutils/fkvalidator.sh" % DIR_USR_SHARE +EXEC_FIREWALL_CMD = '/usr/bin/firewall-cmd' CONST_BASE_MAC_ADDR="00:1A:4A" CONST_DEFAULT_MAC_RANGE="00:1a:4a:16:84:02-00:1a:4a:16:84:fd" diff --git a/packaging/fedora/setup/engine_firewalld.py b/packaging/fedora/setup/engine_firewalld.py index 00e5a6e..4f5e57d 100644 --- a/packaging/fedora/setup/engine_firewalld.py +++ b/packaging/fedora/setup/engine_firewalld.py @@ -1,15 +1,46 @@ -from firewall.client import FirewallClient +import common_utils as utils +import basedefs + +ALREADY_ENABLED = 11 + def getActiveZones(): - fw = FirewallClient() - zones = fw.getActiveZones() + cmd = [ + basedefs.EXEC_FIREWALL_CMD, + '--get-active-zones', + ] + out, rc = utils.execCmd( + cmdList=cmd, + failOnError=True, + msg='Error running firewall-cmd' + ) + zones = {} + for line in out.splitlines(): + zone_name, devices = line.split(':') + zones[zone_name] = devices.split() return zones + def addServiceToZone(service, zone): - fw = FirewallClient() - fw_zone = fw.config().getZoneByName(zone) - fw_settings = fw_zone.getSettings() - fw_settings.addService(service) - fw_zone.update(fw_settings) - - + cmdList = [ + [ + basedefs.EXEC_FIREWALL_CMD, + '--permanent', + '--zone', + zone, + '--add-service', + service, + ], + [ + basedefs.EXEC_FIREWALL_CMD, + '--reload', + ], + ] + for cmd in cmdList: + out, rc = utils.execCmd( + cmdList=cmd, + failOnError=False, + msg='Error running firewall-cmd' + ) + if rc not in (0, ALREADY_ENABLED): + raise Exception(out) -- To view, visit http://gerrit.ovirt.org/13589 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Ie0d819c9607d4c99b3093e364ca504ae96acca36 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Sandro Bonazzola <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
