You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ambari.apache.org by "Masahiro Tanaka (JIRA)" <ji...@apache.org> on 2016/06/05 11:02:59 UTC

[jira] [Created] (AMBARI-17047) Firewall check returns WARNING even if iptables and firewalld are stopped on CentOS7

Masahiro Tanaka created AMBARI-17047:
----------------------------------------

             Summary: Firewall check returns WARNING even if iptables and firewalld are stopped on CentOS7
                 Key: AMBARI-17047
                 URL: https://issues.apache.org/jira/browse/AMBARI-17047
             Project: Ambari
          Issue Type: Bug
          Components: ambari-agent, ambari-server
    Affects Versions: trunk
         Environment: CentOS7.2
            Reporter: Masahiro Tanaka


In firewall.py, {{"systemctl is-active iptables || systemctl is-active firewalld"}} is passed to {{run_in_shell}} function, which splits cmd string by using {{shlex.split}}.

{{run_in_shell}} function finally calls {{subprocess.Popen}} with {{shell=True}}, so the cmd string is evaluated like {{Popen(['/bin/sh', '-c', 'systemctl', 'is-active', 'iptables', '||', 'systemctl', 'is-active', 'firewalld'])}}. This doesn't returns values as expected, because after args[1] (in this case, after the first {{is-active}}) are evaluated as sh arguements.

{{systemctl is-active}} can take multiple arugments, so we can use it.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)