Hello community, here is the log from the commit of package yast2-cluster for openSUSE:Factory checked in at 2018-01-29 14:59:07 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/yast2-cluster (Old) and /work/SRC/openSUSE:Factory/.yast2-cluster.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "yast2-cluster" Mon Jan 29 14:59:07 2018 rev:23 rq:570453 version:4.0.4 Changes: -------- --- /work/SRC/openSUSE:Factory/yast2-cluster/yast2-cluster.changes 2018-01-13 21:47:31.166433000 +0100 +++ /work/SRC/openSUSE:Factory/.yast2-cluster.new/yast2-cluster.changes 2018-01-29 15:00:46.953201366 +0100 @@ -1,0 +2,6 @@ +Tue Jan 23 09:04:02 UTC 2018 - knut.anderssen@suse.com + +- SuSEFirewall2 replaced by firewalld(fate#323460) +- Version 4.0.4 + +------------------------------------------------------------------- Old: ---- cluster.fwd yast2-cluster-4.0.3.tar.bz2 New: ---- cluster.firewalld.xml yast2-cluster-4.0.4.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ yast2-cluster.spec ++++++ --- /var/tmp/diff_new_pack.yBsmka/_old 2018-01-29 15:00:47.485176511 +0100 +++ /var/tmp/diff_new_pack.yBsmka/_new 2018-01-29 15:00:47.489176324 +0100 @@ -17,23 +17,26 @@ Name: yast2-cluster -%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services -Version: 4.0.3 +%define _fwdefdir %{_libexecdir}/firewalld/services +Version: 4.0.4 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: %{name}-%{version}.tar.bz2 -Source1: cluster.fwd +Source1: cluster.firewalld.xml BuildRequires: perl-XML-Writer BuildRequires: update-desktop-files -BuildRequires: yast2 +# SuSEFirewall2 replaced by Firewalld (fate#323460) +BuildRequires: firewall-macros +BuildRequires: yast2 >= 4.0.39 BuildRequires: yast2-devtools >= 3.1.10 BuildRequires: yast2-testsuite BuildArch: noarch -Requires: yast2 +# SuSEFirewall2 replaced by Firewalld (fate#323460) +Requires: yast2 >= 4.0.39 Requires: yast2-ruby-bindings >= 1.0.0 Summary: Configuration of cluster @@ -52,12 +55,16 @@ %install %yast_install -mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir} -install -m 644 %{S:1} $RPM_BUILD_ROOT/%{_fwdefdir}/cluster +install -D -m 0644 %{S:1} $RPM_BUILD_ROOT/%{_fwdefdir}/cluster.xml + +%post +%firewalld_reload %files %defattr(-,root,root) %dir %{yast_yncludedir}/cluster +%dir %{_libexecdir}/firewalld +%dir %{_fwdefdir} %{yast_yncludedir}/cluster/* %{yast_clientdir}/cluster.rb %{yast_clientdir}/cluster_*.rb @@ -66,6 +73,6 @@ %{yast_scrconfdir}/*.scr %{yast_agentdir}/ag_openais %doc %{yast_docdir} -%config %{_fwdefdir}/cluster +%{_fwdefdir}/cluster.xml %changelog ++++++ cluster.firewalld.xml ++++++ <?xml version="1.0" encoding="utf-8"?> <service> <short>SUSE YaST Cluster</short> <description>This allows you to open various ports related to SUSE YaST Cluster module. Ports are opened for mgmtd, hawk, dlm and csync2.</description> <port protocol="tcp" port="5560"/> <port protocol="tcp" port="7630"/> <port protocol="tcp" port="21064"/> <port protocol="tcp" port="30865"/> </service> ++++++ yast2-cluster-4.0.3.tar.bz2 -> yast2-cluster-4.0.4.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-cluster-4.0.3/package/cluster.firewalld.xml new/yast2-cluster-4.0.4/package/cluster.firewalld.xml --- old/yast2-cluster-4.0.3/package/cluster.firewalld.xml 1970-01-01 01:00:00.000000000 +0100 +++ new/yast2-cluster-4.0.4/package/cluster.firewalld.xml 2018-01-29 09:19:20.000000000 +0100 @@ -0,0 +1,10 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>SUSE YaST Cluster</short> + <description>This allows you to open various ports related to SUSE YaST Cluster module. Ports are opened for mgmtd, hawk, dlm and csync2.</description> + <port protocol="tcp" port="5560"/> + <port protocol="tcp" port="7630"/> + <port protocol="tcp" port="21064"/> + <port protocol="tcp" port="30865"/> +</service> + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-cluster-4.0.3/package/cluster.fwd new/yast2-cluster-4.0.4/package/cluster.fwd --- old/yast2-cluster-4.0.3/package/cluster.fwd 2018-01-11 09:58:06.000000000 +0100 +++ new/yast2-cluster-4.0.4/package/cluster.fwd 1970-01-01 01:00:00.000000000 +0100 @@ -1,22 +0,0 @@ -## Name: Cluster -## Description: Opens ports for Varies Cluster related services - -# space separated list of allowed TCP ports -# 30865 for csync2 -# 5560 for mgmtd -# 7630 for hawk or hawk2 -# 21064 for dlm -# 5403 for corosync qdevice(default) -TCP="30865 5560 7630 21064" - -# space separated list of allowed UDP ports -UDP="" - -# space separated list of allowed RPC services -RPC="" - -# space separated list of allowed IP protocols -IP="igmp" - -# space separated list of allowed UDP broadcast ports -BROADCAST="" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-cluster-4.0.3/package/yast2-cluster.changes new/yast2-cluster-4.0.4/package/yast2-cluster.changes --- old/yast2-cluster-4.0.3/package/yast2-cluster.changes 2018-01-11 09:58:06.000000000 +0100 +++ new/yast2-cluster-4.0.4/package/yast2-cluster.changes 2018-01-29 09:19:20.000000000 +0100 @@ -1,4 +1,10 @@ ------------------------------------------------------------------- +Tue Jan 23 09:04:02 UTC 2018 - knut.anderssen@suse.com + +- SuSEFirewall2 replaced by firewalld(fate#323460) +- Version 4.0.4 + +------------------------------------------------------------------- Thu Jan 11 16:12:15 UTC 2018 - bliu@suse.com - bsc#1075507 two_node can not be enable when using qdevice diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-cluster-4.0.3/package/yast2-cluster.spec new/yast2-cluster-4.0.4/package/yast2-cluster.spec --- old/yast2-cluster-4.0.3/package/yast2-cluster.spec 2018-01-11 09:58:06.000000000 +0100 +++ new/yast2-cluster-4.0.4/package/yast2-cluster.spec 2018-01-29 09:19:20.000000000 +0100 @@ -17,23 +17,26 @@ Name: yast2-cluster -%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services -Version: 4.0.3 +%define _fwdefdir %{_libexecdir}/firewalld/services +Version: 4.0.4 Release: 0 BuildRoot: %{_tmppath}/%{name}-%{version}-build Source0: %{name}-%{version}.tar.bz2 -Source1: cluster.fwd +Source1: cluster.firewalld.xml BuildRequires: perl-XML-Writer BuildRequires: update-desktop-files -BuildRequires: yast2 +# SuSEFirewall2 replaced by Firewalld (fate#323460) +BuildRequires: yast2 >= 4.0.39 BuildRequires: yast2-devtools >= 3.1.10 BuildRequires: yast2-testsuite +BuildRequires: firewall-macros BuildArch: noarch -Requires: yast2 +# SuSEFirewall2 replaced by Firewalld (fate#323460) +Requires: yast2 >= 4.0.39 Requires: yast2-ruby-bindings >= 1.0.0 Summary: Configuration of cluster @@ -52,12 +55,16 @@ %install %yast_install -mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir} -install -m 644 %{S:1} $RPM_BUILD_ROOT/%{_fwdefdir}/cluster +install -D -m 0644 %{S:1} $RPM_BUILD_ROOT/%{_fwdefdir}/cluster.xml + +%post +%firewalld_reload %files %defattr(-,root,root) %dir %{yast_yncludedir}/cluster +%dir %{_libexecdir}/firewalld +%dir %{_fwdefdir} %{yast_yncludedir}/cluster/* %{yast_clientdir}/cluster.rb %{yast_clientdir}/cluster_*.rb @@ -66,6 +73,6 @@ %{yast_scrconfdir}/*.scr %{yast_agentdir}/ag_openais %doc %{yast_docdir} -%config %{_fwdefdir}/cluster +%{_fwdefdir}/cluster.xml %changelog diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-cluster-4.0.3/src/include/cluster/common.rb new/yast2-cluster-4.0.4/src/include/cluster/common.rb --- old/yast2-cluster-4.0.3/src/include/cluster/common.rb 2018-01-11 09:58:06.000000000 +0100 +++ new/yast2-cluster-4.0.4/src/include/cluster/common.rb 2018-01-29 09:19:20.000000000 +0100 @@ -36,8 +36,6 @@ Yast.import "Popup" Yast.import "CWM" Yast.import "CWMFirewallInterfaces" - Yast.import "SuSEFirewall" - Yast.import "SuSEFirewallServices" @DIALOG = ["communication", "corosyncqdevice", "security", "csync2", "conntrack", "service"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-cluster-4.0.3/src/include/cluster/dialogs.rb new/yast2-cluster-4.0.4/src/include/cluster/dialogs.rb --- old/yast2-cluster-4.0.3/src/include/cluster/dialogs.rb 2018-01-11 09:58:06.000000000 +0100 +++ new/yast2-cluster-4.0.4/src/include/cluster/dialogs.rb 2018-01-29 09:19:20.000000000 +0100 @@ -26,6 +26,7 @@ # # $Id: wizards.ycp 27914 2006-02-13 14:32:08Z locilka $ require 'set' +require "y2firewall/firewalld" module Yast module ClusterDialogsInclude @@ -41,8 +42,6 @@ Yast.import "SystemdSocket" Yast.import "Report" Yast.import "CWMFirewallInterfaces" - Yast.import "SuSEFirewall" - Yast.import "SuSEFirewallServices" Yast.include include_target, "cluster/helps.rb" Yast.include include_target, "cluster/common.rb" @@ -1036,9 +1035,9 @@ firewall_widget = CWMFirewallInterfaces.CreateOpenFirewallWidget( { - #servie:cluster is the name of /etc/sysconfig/SuSEfirewall2.d/services/cluster + # cluster is the name of /usr/lib/firewalld.d/services/cluster.xml "services" => [ - "service:cluster" + "cluster" ], "display_details" => true } @@ -1229,7 +1228,6 @@ # return 2 if csync2 is OFF or csync2 is blocked by firewall # return 3 if csync2 is ON def csync2_status - csync2_socket = nil csync2_socket = SystemdSocket.find(@csync2_package) if !csync2_socket @@ -1241,14 +1239,16 @@ y2debug("csync2.socket is disabled.") return 2 end + #check the firewall whether csync2 port was blocked. - tcp_ports = [] - tcp_ports = SuSEFirewallServices.GetNeededTCPPorts("service:cluster") - pos = nil - pos = Builtins.find(tcp_ports) { |s| s == @csync2_port } - return 2 if pos == nil + begin + firewalld_cluster = firewalld.find_service("cluster") + tcp_ports = firewalld_cluster.tcp_ports + rescue Y2Firewall::Firewalld::Service::NotFound + tcp_ports = [] + end - 3 + tcp_ports.include?(@csync2_port) ? 2 : 3 end def csync2_turn_off @@ -1264,17 +1264,20 @@ csync2_socket.disable y2debug("Stop and disable csync2.socket.") - tcp_ports = [] - tcp_ports = SuSEFirewallServices.GetNeededTCPPorts("service:cluster") - pos = nil - pos = Builtins.find(tcp_ports) { |s| s == @csync2_port } - if pos != nil - tcp_ports = Builtins.remove(tcp_ports, Builtins.tointeger(pos)) - end - SuSEFirewallServices.SetNeededPortsAndProtocols( - "service:cluster", - { "tcp_ports" => tcp_ports } - ) + begin + fwd_cluster = firewalld.find_service("cluster") + tcp_ports = fwd_cluster.tcp_ports + rescue Y2Firewall::Firewalld::Service::NotFound + tcp_ports = [] + end + + tcp_ports.delete(@csync2_port) if tcp_ports.include?(@csync2_port) + + begin + Y2Firewall::Firewalld::Service.modify_ports(name: "cluster", tcp_ports: tcp_ports) + rescue Y2Firewall::Firewalld::Service::NotFound + y2error("Firewalld 'cluster' service is not available.") + end nil end @@ -1292,15 +1295,20 @@ csync2_socket.enable y2debug("Start and enable csync2.socket.") - tcp_ports = [] - tcp_ports = SuSEFirewallServices.GetNeededTCPPorts("service:cluster") - pos = nil - pos = Builtins.find(tcp_ports) { |s| s == @csync2_port } - tcp_ports = Builtins.add(tcp_ports, @csync2_port) if pos == nil - SuSEFirewallServices.SetNeededPortsAndProtocols( - "service:cluster", - { "tcp_ports" => tcp_ports } - ) + begin + fwd_cluster = firewalld.find_service("cluster") + tcp_ports = fwd_cluster.tcp_ports + rescue Y2Firewall::Firewalld::Service::NotFound + tcp_ports = [] + end + + tcp_ports << @csync2_port unless tcp_ports.include?(@csync2_port) + + begin + Y2Firewall::Firewalld::Service.modify_ports(name: "cluster", tcp_ports: tcp_ports) + rescue Y2Firewall::Firewalld::Service::NotFound + y2error("Firewalld 'cluster' service is not available.") + end nil end @@ -1792,5 +1800,14 @@ end deep_copy(ret) end + + private + + # Convenience for returning a Y2Firewall::Firewalld singleton instance. + # + # @return [Y2Firewall::Firewalld] singleton instance + def firewalld + Y2Firewall::Firewalld.instance + end end end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/yast2-cluster-4.0.3/src/modules/Cluster.rb new/yast2-cluster-4.0.4/src/modules/Cluster.rb --- old/yast2-cluster-4.0.3/src/modules/Cluster.rb 2018-01-11 09:58:06.000000000 +0100 +++ new/yast2-cluster-4.0.4/src/modules/Cluster.rb 2018-01-29 09:19:20.000000000 +0100 @@ -30,6 +30,7 @@ # Input and output routines. # require "yast" +require "y2firewall/firewalld" module Yast class ClusterClass < Module @@ -41,9 +42,6 @@ Yast.import "Summary" Yast.import "Message" Yast.import "PackageSystem" - Yast.import "SuSEFirewall" - Yast.import "SuSEFirewallServices" - @csync2_key_file = "/etc/csync2/key_hagroup" @@ -325,7 +323,7 @@ if @expected_votes != "" SCR.Write(path(".openais.quorum.expected_votes"), @expected_votes) end - + # BNC#871970, only write member address when interface0 if @transport == "udpu" @@ -470,7 +468,7 @@ # Progress stage 2/3 _("Read the previous settings"), # Progress stage 3/3 - _("Read SuSEFirewall Settings") + _("Read Firewall Settings") ], [ # Progress step 1/3 @@ -478,7 +476,7 @@ # Progress step 2/3 _("Reading the previous settings..."), # Progress step 3/3 - _("Reading SuSEFirewall settings..."), + _("Reading Firewall settings..."), # Progress finished _("Finished") ], @@ -534,7 +532,7 @@ Builtins.sleep(sl) # detect devices - SuSEFirewall.Read + firewalld.read return false if Abort() Progress.NextStage @@ -574,13 +572,13 @@ # Progress stage 1/2 _("Write the settings"), # Progress stage 2/2 - _("Save changes to SuSEFirewall") + _("Save firewall changes") ], [ # Progress step 1/2 _("Writing the settings..."), # Progress step 2/2 - _("Saving changes to SuSEFirewall..."), + _("Saving firewall changes ..."), # Progress finished _("Finished") ], @@ -595,12 +593,10 @@ Report.Error(_("Cannot write settings.")) if false Builtins.sleep(sl) - # Work with SuSEFirewall + # Work with firewalld udp_ports = [] - udp_ports = Builtins.add(udp_ports, @mcastport1) if @mcastport1 != "" - if @enable2 && @mcastport2 != "" - udp_ports = Builtins.add(udp_ports, @mcastport2) - end + udp_ports << @mcastport1 if @mcastport1 != "" + udp_ports << @mcastport2 if @enable2 && @mcastport2 != "" # 30865 for csync2 # 5560 for mgmtd @@ -608,32 +604,24 @@ # 21064 for dlm # 5403 for corosync qdevice(default) tcp_ports = ["30865", "5560", "21064", "7630"] - if @corosync_qdevice - tcp_ports.push(@qdevice_port) + tcp_ports << @qdevice_port if @corosync_qdevice + + begin + Y2Firewall::Firewalld::Service.modify_ports(name: "cluster", tcp_ports: tcp_ports, udp_ports: udp_ports) + rescue Y2Firewall::Firewalld::Service::NotFound + y2error("Firewalld 'cluster' service is not available.") end - #tcp_ports = SuSEFirewallServices.GetNeededTCPPorts("service:cluster") - #tcp_ports = Convert.convert( - # Builtins.union(tcp_ports, temp_tcp_ports), - # :from => "list", - # :to => "list <string>" - #) - - SuSEFirewallServices.SetNeededPortsAndProtocols( - "service:cluster", - { "tcp_ports" => tcp_ports, "udp_ports" => udp_ports } - ) save_csync2_conf # run SuSEconfig - SuSEFirewall.Write + firewalld.write return false if Abort() Progress.NextStage # Error message Report.Error(Message.SuSEConfigFailed) if false Builtins.sleep(sl) - SuSEFirewall.ActivateConfiguration return false if Abort() # Progress finished Progress.NextStage @@ -853,6 +841,13 @@ publish :function => :Summary, :type => "list ()" publish :function => :Overview, :type => "list ()" publish :function => :AutoPackages, :type => "map ()" + + private + + def firewalld + Y2Firewall::Firewalld.instance + end + end Cluster = ClusterClass.new