From d97057f8d7263cce8efc0857e3fe4a10faee30c8 Mon Sep 17 00:00:00 2001 From: Adam King Date: Tue, 15 Mar 2022 14:33:52 -0400 Subject: [PATCH] cephadm: respect --skip-firewalld flag Fixes: https://tracker.ceph.com/issues/54137 Signed-off-by: Adam King --- src/cephadm/cephadm | 14 ++++++------ src/cephadm/tests/fixtures.py | 8 +++++++ src/cephadm/tests/test_cephadm.py | 36 ++++++++++++++++++++++++++++++- 3 files changed, 51 insertions(+), 7 deletions(-) diff --git a/src/cephadm/cephadm b/src/cephadm/cephadm index a1c6c9d093fef..51ec9c0e8c5db 100755 --- a/src/cephadm/cephadm +++ b/src/cephadm/cephadm @@ -3310,9 +3310,10 @@ class Firewalld(object): def update_firewalld(ctx, daemon_type): # type: (CephadmContext, str) -> None - firewall = Firewalld(ctx) - firewall.enable_service_for(daemon_type) - firewall.apply_rules() + if not ('skip_firewalld' in ctx and ctx.skip_firewalld): + firewall = Firewalld(ctx) + firewall.enable_service_for(daemon_type) + firewall.apply_rules() def install_sysctl(ctx: CephadmContext, fsid: str, daemon_type: str) -> None: @@ -4814,9 +4815,10 @@ def prepare_dashboard( port = int(out) # Open dashboard port - fw = Firewalld(ctx) - fw.open_ports([port]) - fw.apply_rules() + if not ('skip_firewalld' in ctx and ctx.skip_firewalld): + fw = Firewalld(ctx) + fw.open_ports([port]) + fw.apply_rules() logger.info('Ceph Dashboard is now available at:\n\n' '\t URL: https://%s:%s/\n' diff --git a/src/cephadm/tests/fixtures.py b/src/cephadm/tests/fixtures.py index f789ba80ee2bd..44f792f39cb3b 100644 --- a/src/cephadm/tests/fixtures.py +++ b/src/cephadm/tests/fixtures.py @@ -31,6 +31,14 @@ def _daemon_path(): return os.getcwd() +def mock_bad_firewalld(): + def raise_bad_firewalld(): + raise Exception('Called bad firewalld') + f = mock.Mock(cd.Firewalld) + f.enable_service_for = lambda _ : raise_bad_firewalld() + f.apply_rules = lambda : raise_bad_firewalld() + f.open_ports = lambda _ : raise_bad_firewalld() + def _mock_scrape_host(obj, interval): try: raise ValueError("wah") diff --git a/src/cephadm/tests/test_cephadm.py b/src/cephadm/tests/test_cephadm.py index f025fb9b2c999..15b8cbc004c04 100644 --- a/src/cephadm/tests/test_cephadm.py +++ b/src/cephadm/tests/test_cephadm.py @@ -20,6 +20,7 @@ from .fixtures import ( mock_docker, mock_podman, with_cephadm_ctx, + mock_bad_firewalld, ) with mock.patch('builtins.open', create=True): @@ -214,10 +215,43 @@ class TestCephAdm(object): for address, expected in tests: wrap_test(address, expected) + @mock.patch('cephadm.Firewalld', mock_bad_firewalld) + @mock.patch('cephadm.logger') + def test_skip_firewalld(self, logger, cephadm_fs): + """ + test --skip-firewalld actually skips changing firewall + """ + + ctx = cd.CephadmContext() + with pytest.raises(Exception): + cd.update_firewalld(ctx, 'mon') + + ctx.skip_firewalld = True + cd.update_firewalld(ctx, 'mon') + + ctx.skip_firewalld = False + with pytest.raises(Exception): + cd.update_firewalld(ctx, 'mon') + + ctx = cd.CephadmContext() + ctx.ssl_dashboard_port = 8888 + ctx.dashboard_key = None + ctx.dashboard_password_noupdate = True + ctx.initial_dashboard_password = 'password' + ctx.initial_dashboard_user = 'User' + with pytest.raises(Exception): + cd.prepare_dashboard(ctx, 0, 0, lambda _, extra_mounts=None, ___=None : '5', lambda : None) + + ctx.skip_firewalld = True + cd.prepare_dashboard(ctx, 0, 0, lambda _, extra_mounts=None, ___=None : '5', lambda : None) + + ctx.skip_firewalld = False + with pytest.raises(Exception): + cd.prepare_dashboard(ctx, 0, 0, lambda _, extra_mounts=None, ___=None : '5', lambda : None) + @mock.patch('cephadm.call_throws') @mock.patch('cephadm.get_parm') def test_registry_login(self, get_parm, call_throws): - # test normal valid login with url, username and password specified call_throws.return_value = '', '', 0 ctx: cd.CephadmContext = cd.cephadm_init_ctx( -- 2.39.5