[AMBARI-17047] Firewall check returns WARNING even if iptables and firewalld are stopped on CentOS7 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: trunk
Fix Version/s: 2.4.0
Component/s: ambari-agent, ambari-server
Labels:
- patch
Environment:

CentOS7.2

Flags:

Patch

Description

In firewall.py, "systemctl is-active iptables || systemctl is-active firewalld" is passed to run_in_shell function, which splits cmd string by using shlex.split.

run_in_shell function finally calls subprocess.Popen with shell=True, so the cmd string is evaluated like Popen(['/bin/sh', '-c', 'systemctl', 'is-active', 'iptables', '||', 'systemctl', 'is-active', 'firewalld']). This doesn't returns values as expected, because after args[1] (in this case, after the first is-active) are evaluated as sh arguements.

systemctl is-active can take multiple arugments, so we can use it.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

AMBARI-17047.patch
05/Jun/16 11:11
2 kB
Masahiro Tanaka
AMBARI-17047.1.patch
06/Jul/16 19:18
3 kB
Masahiro Tanaka

Issue Links

links to

Review Board

Activity

People

Assignee:: Masahiro Tanaka

Reporter:: Masahiro Tanaka

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 05/Jun/16 11:02

Updated:: 12/Jul/16 10:00

Resolved:: 12/Jul/16 08:01