Review Request 48309: AMBARI-17047: Firewall check returns WARNING even if iptables and firewalld are stopped on CentOS7

Masahiro Tanaka Mon, 06 Jun 2016 20:18:07 -0700

-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/48309/
-----------------------------------------------------------


Review request for Ambari, Andrew Onischuk, Dmytro Sen, and Florian Barca.


Bugs: AMBARI-17047
    https://issues.apache.org/jira/browse/AMBARI-17047


Repository: ambari


Description
-------

In firewall.py, `systemctl is-active iptables || systemctl is-active firewalld` 
is passed to `run_in_shell` function, which splits cmd string by using 
`shlex.split`.

run_in_shell function finally calls `subprocess.Popen` with `shell=True`, so 
the cmd string is evaluated like `Popen(['/bin/sh', '-c', 'systemctl', 
'is-active', 'iptables', '||', 'systemctl', 'is-active', 'firewalld'])`. This 
doesn't returns values as expected, because after args[1] (in this case, after 
the first `is-active`) are evaluated as sh arguements.

`systemctl is-active` can take multiple arugments, so we can use it.


Diffs
-----

  ambari-common/src/main/python/ambari_commons/firewall.py 72e6d26 

Diff: https://reviews.apache.org/r/48309/diff/


Testing
-------

mvn clean test & manual test


Thanks,

Masahiro Tanaka

Review Request 48309: AMBARI-17047: Firewall check returns WARNING even if iptables and firewalld are stopped on CentOS7

Reply via email to