Updated Branches: refs/heads/trunk 9fcc05aef -> 6f7e5c582
AMBARI-3181. Do not disable iptables on ambari server setup or start or agent start. (Maksim via mahadev) Project: http://git-wip-us.apache.org/repos/asf/incubator-ambari/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-ambari/commit/6f7e5c58 Tree: http://git-wip-us.apache.org/repos/asf/incubator-ambari/tree/6f7e5c58 Diff: http://git-wip-us.apache.org/repos/asf/incubator-ambari/diff/6f7e5c58 Branch: refs/heads/trunk Commit: 6f7e5c582ddd4d433772b52c82112d334181572f Parents: 9fcc05a Author: Mahadev Konar <[email protected]> Authored: Fri Sep 13 08:57:12 2013 -0700 Committer: Mahadev Konar <[email protected]> Committed: Fri Sep 13 08:57:12 2013 -0700 ---------------------------------------------------------------------- .../main/puppet/modules/hdp/manifests/init.pp | 16 --------- .../modules/hdp/manifests/testing_env_patch.pp | 6 +--- .../src/main/python/ambari_agent/HostInfo.py | 17 ++++++++++ ambari-agent/src/test/python/TestHostInfo.py | 27 ++++++++++++++- .../apache/ambari/server/agent/AgentEnv.java | 10 ++++++ ambari-server/src/main/python/ambari-server.py | 35 +++++--------------- .../ambari/server/agent/AgentResourceTest.java | 4 ++- .../src/test/python/TestAmbariServer.py | 32 +++++++----------- 8 files changed, 77 insertions(+), 70 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp index 58949d2..66ff295 100644 --- a/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp +++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/init.pp @@ -138,13 +138,6 @@ class hdp( Hdp::Package<|title == 'hadoop 32'|> -> Hdp::Package<|title == 'hbase'|> Hdp::Package<|title == 'hadoop 64'|> -> Hdp::Package<|title == 'hbase'|> - #TODO: just for testing - class{ 'hdp::iptables': - ensure => stopped, - } - - - hdp::package{ 'glibc': ensure => 'present', size => $size, @@ -524,12 +517,3 @@ define hdp::set_uid( } } -##### temp - -class hdp::iptables($ensure) -{ - #TODO: just temp so not considering things like saving firewall rules - service { 'iptables': - ensure => $ensure - } -} http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-agent/src/main/puppet/modules/hdp/manifests/testing_env_patch.pp ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/puppet/modules/hdp/manifests/testing_env_patch.pp b/ambari-agent/src/main/puppet/modules/hdp/manifests/testing_env_patch.pp index d227382..70bf722 100644 --- a/ambari-agent/src/main/puppet/modules/hdp/manifests/testing_env_patch.pp +++ b/ambari-agent/src/main/puppet/modules/hdp/manifests/testing_env_patch.pp @@ -24,12 +24,8 @@ class hdp::testing_env_patch() $repo_target = "/etc/yum.repos.d/${hdp::params::hdp_yum_repo}" anchor { 'hdp::testing_env_patch::begin' :} - class{ 'hdp::iptables': - ensure => stopped, - require => Anchor['hdp::testing_env_patch::begin'] - } exec { '/bin/echo 0 > /selinux/enforce': - require => Class['hdp::iptables'] + require => Anchor['hdp::testing_env_patch::begin'] } hdp::testing_env_patch::packages { 'common' : require => Exec['/bin/echo 0 > /selinux/enforce'] http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-agent/src/main/python/ambari_agent/HostInfo.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/main/python/ambari_agent/HostInfo.py b/ambari-agent/src/main/python/ambari_agent/HostInfo.py index 56cbae1..e7e675f 100644 --- a/ambari-agent/src/main/python/ambari_agent/HostInfo.py +++ b/ambari-agent/src/main/python/ambari_agent/HostInfo.py @@ -101,6 +101,9 @@ class HostInfo: # default timeout for async invoked processes TIMEOUT_SECONDS = 60 RESULT_UNAVAILABLE = "unable_to_determine" + + IP_TBLS_IS_NOT_RUNNING = "iptables: Firewall is not running." + event = threading.Event() current_umask = -1 @@ -271,6 +274,18 @@ class HostInfo: ) return os_info[0].lower() + def checkIptables(self): + iptablesIsRunning = False + try: + iptables = subprocess.Popen(["/sbin/service", "iptables", "status"], stdout=subprocess.PIPE) + iptablesOut = iptables.communicate()[0] + if iptablesOut and len(iptablesOut) > 0 and not iptablesOut.strip() == self.IP_TBLS_IS_NOT_RUNNING: + iptablesIsRunning = True + except: + pass + return iptablesIsRunning + + """ Return various details about the host componentsMapped: indicates if any components are mapped to this host @@ -294,6 +309,8 @@ class HostInfo: # detailed host check is not available for Suse isSuse = 'suse' == self.get_os_type() + dict['iptablesIsRunning'] = self.checkIptables() + # If commands are in progress or components are already mapped to this host # Then do not perform certain expensive host checks if componentsMapped or commandsInProgress or isSuse: http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-agent/src/test/python/TestHostInfo.py ---------------------------------------------------------------------- diff --git a/ambari-agent/src/test/python/TestHostInfo.py b/ambari-agent/src/test/python/TestHostInfo.py index dc18f42..7d66b68 100644 --- a/ambari-agent/src/test/python/TestHostInfo.py +++ b/ambari-agent/src/test/python/TestHostInfo.py @@ -291,10 +291,12 @@ class TestHostInfo(TestCase): @patch.object(HostInfo, 'etcAlternativesConf') @patch.object(HostInfo, 'hadoopVarRunCount') @patch.object(HostInfo, 'hadoopVarLogCount') - def test_hostinfo_register(self, hvlc_mock, hvrc_mock, eac_mock, cf_mock, jp_mock, + @patch.object(HostInfo, 'checkIptables') + def test_hostinfo_register(self, cit_mock, hvlc_mock, hvrc_mock, eac_mock, cf_mock, jp_mock, cls_mock, cu_mock, gir_mock, gipbr_mock, gipbn_mock, gpd_mock, aip_mock, aap_mock, whcf_mock, odas_mock, os_umask_mock, get_os_type_mock): + cit_mock.return_value = True hvlc_mock.return_value = 1 hvrc_mock.return_value = 1 gipbr_mock.return_value = ["pkg1"] @@ -322,6 +324,7 @@ class TestHostInfo(TestCase): self.assertTrue(gpd_mock.called) self.assertTrue(aip_mock.called) self.assertTrue(odas_mock.called) + self.assertTrue(cit_mock.called) for existingPkg in ["pkg1", "pkg2"]: self.assertTrue(existingPkg in dict['installedPackages']) @@ -337,6 +340,7 @@ class TestHostInfo(TestCase): self.assertEqual(dict['existingRepos'][0], hostInfo.RESULT_UNAVAILABLE) self.assertEqual(dict['installedPackages'], []) self.assertEqual(1, len(dict['hostHealth']['diskStatus'])) + self.assertTrue(dict['iptablesIsRunning']) @patch("os.path.exists") @patch("os.path.islink") @@ -508,5 +512,26 @@ class TestHostInfo(TestCase): self.assertEquals(result[0]['target'], 'real_path_to_conf') + @patch("subprocess.Popen") + def test_checkIptables(self, subproc_popen_mock): + hostInfo = HostInfo() + p = MagicMock() + p.communicate.return_value = ['Table: filter'] + subproc_popen_mock.return_value = p + result = hostInfo.checkIptables() + + self.assertTrue(result) + + p.communicate.return_value = [''] + result = hostInfo.checkIptables() + + self.assertFalse(result) + + p.communicate.return_value = ['iptables: Firewall is not running.'] + result = hostInfo.checkIptables() + + self.assertFalse(result) + + if __name__ == "__main__": unittest.main() http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-server/src/main/java/org/apache/ambari/server/agent/AgentEnv.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/java/org/apache/ambari/server/agent/AgentEnv.java b/ambari-server/src/main/java/org/apache/ambari/server/agent/AgentEnv.java index 6c62783..d6368a5 100644 --- a/ambari-server/src/main/java/org/apache/ambari/server/agent/AgentEnv.java +++ b/ambari-server/src/main/java/org/apache/ambari/server/agent/AgentEnv.java @@ -58,6 +58,8 @@ public class AgentEnv { private Integer umask; + private Boolean iptablesIsRunning; + public Integer getUmask() { return umask; } @@ -114,6 +116,14 @@ public class AgentEnv { return hostHealth; } + public Boolean getIptablesIsRunning() { + return iptablesIsRunning; + } + + public void setIptablesIsRunning(Boolean iptablesIsRunning) { + this.iptablesIsRunning = iptablesIsRunning; + } + public static class HostHealth { /** * Java processes running on the system. Default empty array. http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-server/src/main/python/ambari-server.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/main/python/ambari-server.py b/ambari-server/src/main/python/ambari-server.py index 7efa4f3..c6a1306 100755 --- a/ambari-server/src/main/python/ambari-server.py +++ b/ambari-server/src/main/python/ambari-server.py @@ -73,11 +73,8 @@ SE_MODE_ENFORCING = "enforcing" SE_MODE_PERMISSIVE = "permissive" # iptables commands -IP_TBLS_ST_CMD = "/sbin/service iptables status" -IP_TBLS_STOP_CMD = "/sbin/service iptables stop" -IP_TBLS_ENABLED = "Firewall is running" -IP_TBLS_DISABLED = "Firewall is stopped.\n" -IP_TBLS_SRVC_NT_FND = "iptables: unrecognized service" +IP_TBLS_STATUS_CMD = "/sbin/service iptables status" +IP_TBLS_IS_NOT_RUNNING = "iptables: Firewall is not running." # server commands ambari_provider_module_option = "" @@ -751,23 +748,13 @@ def check_ambari_user(): # Checks iptables # def check_iptables(): - # not used - # retcode, out, err = run_os_command(IP_TBLS_ST_CMD) - ''' This check doesn't work on CentOS 6.2 if firewall AND - iptables service are running if out == IP_TBLS_ENABLED: - print 'iptables is enabled now' - print 'Stopping iptables service' - ''' - retcode, out, err = run_os_command(IP_TBLS_STOP_CMD) - print 'iptables is disabled now. please reenable later.' + retcode, out, err = run_os_command(IP_TBLS_STATUS_CMD) - if not retcode == 0 and err and len(err) > 0: + if err and len(err) > 0: print err - if err.strip() == IP_TBLS_SRVC_NT_FND: - return 0 - else: - return retcode, out + if out and len(out) > 0 and not out.strip() == IP_TBLS_IS_NOT_RUNNING: + print_warning_msg('Iptables is running.') @@ -1962,10 +1949,7 @@ def setup(args): raise FatalException(retcode, err) print 'Checking iptables...' - retcode, out = check_iptables() - if not retcode == 0 and out == IP_TBLS_ENABLED: - err = 'Failed to stop iptables. Exiting.' - raise FatalException(retcode, err) + check_iptables() print 'Checking JDK...' try: @@ -2181,10 +2165,7 @@ def start(args): raise FatalException(retcode, err) print 'Checking iptables...' - retcode, out = check_iptables() - if not retcode == 0 and out == IP_TBLS_ENABLED: - err = "Failed to stop iptables. Exiting" - raise FatalException(retcode, err) + check_iptables() else: # Skipping actions that require root permissions print "Unable to check iptables status when starting "\ "without root privileges." http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java b/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java index 4a14389..dbc59a4 100644 --- a/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java +++ b/ambari-server/src/test/java/org/apache/ambari/server/agent/AgentResourceTest.java @@ -173,7 +173,8 @@ public class AgentResourceTest extends JerseyTest { String AgentEnvJSON = "{\"alternatives\": " + AlternativeJSON + ", \"existingUsers\": "+ ExistingUserJSON + ", \"umask\": \"18\", \"installedPackages\": "+ - PackageDetailJSON +", \"stackFoldersAndFiles\": "+ DirectoryJSON +"}"; + PackageDetailJSON +", \"stackFoldersAndFiles\": "+ DirectoryJSON + + ", \"iptablesIsRunning\": \"true\" }"; AgentEnv.Directory[] dirs = getJsonFormString( DirectoryJSON, AgentEnv.Directory[].class); Assert.assertEquals("/var/lib", dirs[0].getName()); @@ -208,6 +209,7 @@ public class AgentResourceTest extends JerseyTest { AgentEnv agentEnv = getJsonFormString( AgentEnvJSON, AgentEnv.class); Assert.assertTrue(18 == agentEnv.getUmask()); + Assert.assertTrue(Boolean.TRUE == agentEnv.getIptablesIsRunning()); Assert.assertEquals("/etc/alternatives/hdfs-conf", agentEnv.getAlternatives()[0].getName()); Assert.assertEquals("/etc/hadoop/conf.dist", agentEnv.getAlternatives()[0].getTarget()); Assert.assertEquals("abc", agentEnv.getAlternatives()[1].getName()); http://git-wip-us.apache.org/repos/asf/incubator-ambari/blob/6f7e5c58/ambari-server/src/test/python/TestAmbariServer.py ---------------------------------------------------------------------- diff --git a/ambari-server/src/test/python/TestAmbariServer.py b/ambari-server/src/test/python/TestAmbariServer.py index fcf332c..3023e90 100644 --- a/ambari-server/src/test/python/TestAmbariServer.py +++ b/ambari-server/src/test/python/TestAmbariServer.py @@ -942,17 +942,20 @@ class TestAmbariServer(TestCase): @patch.object(ambari_server, "run_os_command") - def test_check_iptables(self, run_os_command_mock): - run_os_command_mock.return_value = (1, "test", "") - rcode, info = ambari_server.check_iptables() - self.assertEqual(1, rcode) - self.assertEqual("test", info) + @patch.object(ambari_server, "print_warning_msg") + def test_check_iptables_is_running(self, print_warning_msg, run_os_command_mock): + run_os_command_mock.return_value = (0, "Table: filter", "") + ambari_server.check_iptables() - run_os_command_mock.return_value = (2, "", - ambari_server.IP_TBLS_SRVC_NT_FND) - rcode = ambari_server.check_iptables() - self.assertEqual(0, rcode) + self.assertEqual(print_warning_msg.call_args_list[0][0][0], "Iptables is running.") + @patch.object(ambari_server, "run_os_command") + @patch.object(ambari_server, "print_warning_msg") + def test_check_iptables_is_not_running(self, print_warning_msg, run_os_command_mock): + run_os_command_mock.return_value = (3, "iptables: Firewall is not running.", "") + ambari_server.check_iptables() + + self.assertFalse(print_warning_msg.called) def test_dlprogress(self): @@ -2214,19 +2217,8 @@ MIIFHjCCAwYCCQDpHKOBI+Lt0zANBgkqhkiG9w0BAQUFADBRMQswCQYDVQQGEwJV parse_properties_file_mock.reset_mock() - # case: iptables failed to stop check_postgre_up_mock.return_value = 0 - check_iptables_mock.return_value = (1, ambari_server.IP_TBLS_ENABLED) - try: - ambari_server.start(args) - self.fail("Should fail with 'Failed to stop iptables'") - except FatalException as e: - # Expected - self.assertTrue('Failed to stop iptables' in e.reason) - parse_properties_file_mock.reset_mock() - - check_iptables_mock.return_value = (0, None) # Case: custom user is "root" read_ambari_user_mock.return_value = "root" ambari_server.start(args)
