Masahiro Tanaka created AMBARI-17047:
----------------------------------------
Summary: Firewall check returns WARNING even if iptables and
firewalld are stopped on CentOS7
Key: AMBARI-17047
URL: https://issues.apache.org/jira/browse/AMBARI-17047
Project: Ambari
Issue Type: Bug
Components: ambari-agent, ambari-server
Affects Versions: trunk
Environment: CentOS7.2
Reporter: Masahiro Tanaka
In firewall.py, {{"systemctl is-active iptables || systemctl is-active
firewalld"}} is passed to {{run_in_shell}} function, which splits cmd string by
using {{shlex.split}}.
{{run_in_shell}} function finally calls {{subprocess.Popen}} with
{{shell=True}}, so the cmd string is evaluated like {{Popen(['/bin/sh', '-c',
'systemctl', 'is-active', 'iptables', '||', 'systemctl', 'is-active',
'firewalld'])}}. This doesn't returns values as expected, because after args[1]
(in this case, after the first {{is-active}}) are evaluated as sh arguements.
{{systemctl is-active}} can take multiple arugments, so we can use it.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
