AMBARI-3595. Filrewall issues on host checks after disabling iptables (Vitaly Brodetskyi via dlysnichenko)

ambari-agent/src/main/python/ambari_agent/HostInfo.py

@@ -107,12 +107,10 @@ class HostInfo:
   # service cmd
   SERVICE_CMD = "/sbin/service"
   FIREWALL_SERVICE_NAME = "iptables"
-  FIREWALL_IS_NOT_RUNNING_MSG = "iptables: Firewall is not running."
   # on ubuntu iptables service is called ufw
   if OS_NAME == OS_UBUNTU:
     SERVICE_CMD = "/usr/sbin/service"
     FIREWALL_SERVICE_NAME = "ufw"
-    FIREWALL_IS_NOT_RUNNING_MSG = "ufw stop/waiting"
 
   FIREWALL_STATUS_CMD = "%s %s status" % (SERVICE_CMD, FIREWALL_SERVICE_NAME)
   event = threading.Event()
@@ -288,8 +286,8 @@ class HostInfo:
     iptablesIsRunning = False
     try:
       iptables = subprocess.Popen(self.FIREWALL_STATUS_CMD.split(), stdout=subprocess.PIPE)
-      iptablesOut = iptables.communicate()[0]
-      if iptablesOut and len(iptablesOut) > 0 and not iptablesOut.strip() == self.FIREWALL_IS_NOT_RUNNING_MSG:
+      iptables.communicate()
+      if iptables.returncode == 0:
         iptablesIsRunning = True
     except:
       pass

ambari-agent/src/test/python/TestHostInfo.py

@@ -516,18 +516,13 @@ class TestHostInfo(TestCase):
   def test_checkIptables(self, subproc_popen_mock):
     hostInfo = HostInfo()
     p = MagicMock()
-    p.communicate.return_value = ['Table: filter']
+    p.returncode = 0
     subproc_popen_mock.return_value = p
     result = hostInfo.checkIptables()
 
     self.assertTrue(result)
 
-    p.communicate.return_value = ['']
-    result = hostInfo.checkIptables()
-
-    self.assertFalse(result)
-
-    p.communicate.return_value = ['iptables: Firewall is not running.']
+    p.returncode = 1
     result = hostInfo.checkIptables()
 
     self.assertFalse(result)

ambari-server/src/main/python/ambari-server.py

@@ -233,11 +233,9 @@ PG_SERVICE_NAME = "postgresql"
 PG_HBA_DIR = "/var/lib/pgsql/data"
 # iptables commands
 FIREWALL_SERVICE_NAME = "iptables"
-IP_TBLS_IS_NOT_RUNNING = "iptables: Firewall is not running."
 # on ubuntu iptables service is called ufw and other changes
 if OS == OS_UBUNTU:
   FIREWALL_SERVICE_NAME = "ufw"
-  IP_TBLS_IS_NOT_RUNNING = "ufw stop/waiting"
   PG_HBA_DIR = '/etc/postgresql/8.4/main'
   SERVICE_CMD = "/usr/sbin/service"
 
@@ -784,7 +782,7 @@ def check_iptables():
   if err and len(err) > 0:
     print err
 
-  if out and len(out) > 0 and not out.strip() == IP_TBLS_IS_NOT_RUNNING:
+  if retcode == 0:
     print_warning_msg("%s is running. Confirm the necessary Ambari ports are accessible. " % FIREWALL_SERVICE_NAME +
       "Refer to the Ambari documentation for more details on ports.")
     ok = get_YN_input("OK to continue [y/n] (y)? ", True)

ambari-server/src/test/python/TestAmbariServer.py

@@ -1005,7 +1005,7 @@ class TestAmbariServer(TestCase):
   @patch.object(ambari_server, "print_warning_msg")
   @patch.object(ambari_server, "get_YN_input")
   def test_check_iptables_is_running(self, get_YN_input_mock, print_warning_msg, run_os_command_mock):
-    run_os_command_mock.return_value = (0, "Table: filter", "")
+    run_os_command_mock.return_value = (0, "", "")
     get_YN_input_mock.side_effect = [True]
     ambari_server.check_iptables()
     self.assertEqual(print_warning_msg.call_args_list[0][0][0],
@@ -1016,7 +1016,7 @@ class TestAmbariServer(TestCase):
   @patch.object(ambari_server, "run_os_command")
   @patch.object(ambari_server, "print_warning_msg")
   def test_check_iptables_is_not_running(self, print_warning_msg, run_os_command_mock):
-    run_os_command_mock.return_value = (3, ambari_server.IP_TBLS_IS_NOT_RUNNING, "")
+    run_os_command_mock.return_value = (3, "", "")
     ambari_server.check_iptables()
 
     self.assertFalse(print_warning_msg.called)