[Engine-patches] Change in ovirt-engine[engine_3.2]: packaging: reimplemented engine_firewalld

sbonazzo Thu, 04 Apr 2013 06:16:02 -0700

Sandro Bonazzola has uploaded a new change for review.

Change subject: packaging: reimplemented engine_firewalld
......................................................................


packaging: reimplemented engine_firewalld

Reimplemented using the firewall-cmd command
instead of the python API, avoiding issues with dbus.
The firewall-cmd command will be used also in otopi based
rewrite of the engine-setup command.
(cherry picked from commit a5d9a59c043709f9515b287f45cae0cdd3996183)

Change-Id: Ie0d819c9607d4c99b3093e364ca504ae96acca36
Bug-Url: https://bugzilla.redhat.com/924071
Signed-off-by: Sandro Bonazzola <[email protected]>
---
M packaging/fedora/setup/basedefs.py
M packaging/fedora/setup/engine_firewalld.py
2 files changed, 42 insertions(+), 13 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/09/13609/1

diff --git a/packaging/fedora/setup/basedefs.py 
b/packaging/fedora/setup/basedefs.py
index a87eb8f..8193f35 100644
--- a/packaging/fedora/setup/basedefs.py
+++ b/packaging/fedora/setup/basedefs.py
@@ -156,6 +156,7 @@
 EXEC_SETSEBOOL="/usr/sbin/setsebool"
 EXEC_SEMANAGE="/usr/sbin/semanage"
 EXEC_KEYTOOL="/usr/bin/keytool"
+EXEC_FIREWALL_CMD = '/usr/bin/firewall-cmd'
 
 CONST_BASE_MAC_ADDR="00:1A:4A"
 CONST_DEFAULT_MAC_RANGE="00:1a:4a:16:84:02-00:1a:4a:16:84:fd"
diff --git a/packaging/fedora/setup/engine_firewalld.py 
b/packaging/fedora/setup/engine_firewalld.py
index 4fbcc03..4f5e57d 100644
--- a/packaging/fedora/setup/engine_firewalld.py
+++ b/packaging/fedora/setup/engine_firewalld.py
@@ -1,18 +1,46 @@
-from gi.repository import GObject
-import sys
-from firewall.client import FirewallClient
-from firewall.errors import *
+import common_utils as utils
+import basedefs
+
+ALREADY_ENABLED = 11
+
 
 def getActiveZones():
-    fw = FirewallClient()
-    zones = fw.getActiveZones()
+    cmd = [
+        basedefs.EXEC_FIREWALL_CMD,
+        '--get-active-zones',
+    ]
+    out, rc = utils.execCmd(
+        cmdList=cmd,
+        failOnError=True,
+        msg='Error running firewall-cmd'
+    )
+    zones = {}
+    for line in out.splitlines():
+        zone_name, devices = line.split(':')
+        zones[zone_name] = devices.split()
     return zones
 
+
 def addServiceToZone(service, zone):
-    fw = FirewallClient()
-    fw_zone = fw.config().getZoneByName(zone)
-    fw_settings = fw_zone.getSettings()
-    fw_settings.addService(service)
-    fw_zone.update(fw_settings)
-
-
+    cmdList = [
+        [
+            basedefs.EXEC_FIREWALL_CMD,
+            '--permanent',
+            '--zone',
+            zone,
+            '--add-service',
+            service,
+        ],
+        [
+            basedefs.EXEC_FIREWALL_CMD,
+            '--reload',
+        ],
+    ]
+    for cmd in cmdList:
+        out, rc = utils.execCmd(
+            cmdList=cmd,
+            failOnError=False,
+            msg='Error running firewall-cmd'
+        )
+        if rc not in (0, ALREADY_ENABLED):
+            raise Exception(out)


--
To view, visit http://gerrit.ovirt.org/13609
To unsubscribe, visit http://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie0d819c9607d4c99b3093e364ca504ae96acca36
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: engine_3.2
Gerrit-Owner: Sandro Bonazzola <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches

[Engine-patches] Change in ovirt-engine[engine_3.2]: packaging: reimplemented engine_firewalld

Reply via email to