Replace SuSEFirewall2 by Firewalld

package/cluster.firewalld.xml

@@ -0,0 +1,11 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>SUSE YaST Cluster</short>
+  <description>This allows you to open various ports related to SUSE YaST Cluster module. Ports are opened for corosync, mgmtd, hawk, dlm and csync2.</description>
+  <port protocol="tcp" port="5403"/>
+  <port protocol="tcp" port="5560"/>
+  <port protocol="tcp" port="7630"/>
+  <port protocol="tcp" port="21064"/>
+  <port protocol="tcp" port="30865"/>
+</service>
+

package/yast2-cluster.changes

@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Tue Jan 23 09:04:02 UTC 2018 - knut.anderssen@suse.com
+
+- SuSEFirewall2 replaced by firewalld(fate#323460)
+- Version 4.0.4
+
 -------------------------------------------------------------------
 Thu Jan 11 16:12:15 UTC 2018 - bliu@suse.com
 

package/yast2-cluster.spec

@@ -17,23 +17,26 @@
 
 
 Name:           yast2-cluster
-%define _fwdefdir /etc/sysconfig/SuSEfirewall2.d/services
-Version:        4.0.3
+%define _fwdefdir %{_libexecdir}/firewalld/services
+Version:        4.0.4
 Release:        0
 
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Source0:        %{name}-%{version}.tar.bz2
-Source1:        cluster.fwd
+Source1:        cluster.firewalld.xml
 
 BuildRequires:  perl-XML-Writer
 BuildRequires:  update-desktop-files
-BuildRequires:  yast2
+# SuSEFirewall2 replaced by Firewalld (fate#323460)
+BuildRequires:  yast2 >= 4.0.37
 BuildRequires:  yast2-devtools >= 3.1.10
 BuildRequires:  yast2-testsuite
+BuildRequires:  firewall-macros
 
 BuildArch:      noarch
 
-Requires:       yast2
+# SuSEFirewall2 replaced by Firewalld (fate#323460)
+Requires:       yast2 >= 4.0.37
 Requires:       yast2-ruby-bindings >= 1.0.0
 
 Summary:        Configuration of cluster
@@ -52,12 +55,16 @@ Group:          System/YaST
 %install
 %yast_install
 
-mkdir -p $RPM_BUILD_ROOT/%{_fwdefdir}
-install -m 644 %{S:1} $RPM_BUILD_ROOT/%{_fwdefdir}/cluster
+install -D -m 0644 %{S:1} $RPM_BUILD_ROOT/%{_fwdefdir}/suse_cluster.xml
+
+%post
+%firewalld_reload
 
 %files
 %defattr(-,root,root)
 %dir %{yast_yncludedir}/cluster
+%dir %{_libexecdir}/firewalld
+%dir %{_fwdefdir}
 %{yast_yncludedir}/cluster/*
 %{yast_clientdir}/cluster.rb
 %{yast_clientdir}/cluster_*.rb
@@ -66,6 +73,6 @@ install -m 644 %{S:1} $RPM_BUILD_ROOT/%{_fwdefdir}/cluster
 %{yast_scrconfdir}/*.scr
 %{yast_agentdir}/ag_openais
 %doc %{yast_docdir}
-%config %{_fwdefdir}/cluster
+%{_fwdefdir}/suse_cluster.xml
 
 %changelog

src/include/cluster/common.rb

@@ -36,8 +36,6 @@ def initialize_cluster_common(include_target)
       Yast.import "Popup"
       Yast.import "CWM"
       Yast.import "CWMFirewallInterfaces"
-      Yast.import "SuSEFirewall"
-      Yast.import "SuSEFirewallServices"
 
       @DIALOG = ["communication", "corosyncqdevice", "security", "csync2", "conntrack", "service"]
 

src/include/cluster/dialogs.rb

@@ -26,6 +26,7 @@
 #
 # $Id: wizards.ycp 27914 2006-02-13 14:32:08Z locilka $
 require 'set'
+require "y2firewall/firewalld"
 
 module Yast
   module ClusterDialogsInclude
@@ -41,8 +42,6 @@ def initialize_cluster_dialogs(include_target)
       Yast.import "SystemdSocket"
       Yast.import "Report"
       Yast.import "CWMFirewallInterfaces"
-      Yast.import "SuSEFirewall"
-      Yast.import "SuSEFirewallServices"
 
       Yast.include include_target, "cluster/helps.rb"
       Yast.include include_target, "cluster/common.rb"
@@ -1036,9 +1035,9 @@ def ServiceDialog
 
       firewall_widget = CWMFirewallInterfaces.CreateOpenFirewallWidget(
         {
-          #servie:cluster is the  name of /etc/sysconfig/SuSEfirewall2.d/services/cluster
+          # cluster is the  name of /usr/lib/firewalld.d/services/cluster.xml
           "services"        => [
-            "service:cluster"
+            "cluster"
           ],
           "display_details" => true
         }
@@ -1242,8 +1241,13 @@ def csync2_status
         return 2
       end
       #check the firewall whether csync2 port was blocked.
-      tcp_ports = []
-      tcp_ports = SuSEFirewallServices.GetNeededTCPPorts("service:cluster")
+      begin
+        firewalld_cluster = firewalld.find_service("cluster")
+        tcp_ports = firewalld_cluster.tcp_ports
+      rescue Y2Firewall::Firewalld::ServiceNotFound
+        tcp_ports = []
+      end
+
       pos = nil
       pos = Builtins.find(tcp_ports) { |s| s == @csync2_port }
       return 2 if pos == nil
@@ -1264,17 +1268,24 @@ def csync2_turn_off
       csync2_socket.disable
       y2debug("Stop and disable csync2.socket.")
 
-      tcp_ports = []
-      tcp_ports = SuSEFirewallServices.GetNeededTCPPorts("service:cluster")
+      begin
+        fwd_cluster = firewalld.find_service("cluster")
+        tcp_ports = fwd_cluster.tcp_ports
+      rescue Y2Firewall::Firewalld::Service::NotFound
+        tcp_ports = []
+      end
+
       pos = nil
       pos = Builtins.find(tcp_ports) { |s| s == @csync2_port }
       if pos != nil
         tcp_ports = Builtins.remove(tcp_ports, Builtins.tointeger(pos))
       end
-      SuSEFirewallServices.SetNeededPortsAndProtocols(
-        "service:cluster",
-        { "tcp_ports" => tcp_ports }
-      )
+
+      begin
+        Y2Firewall::Firewalld::Service.modify_ports(name: "cluster", tcp_ports: tcp_ports)
+      rescue Y2Firewall::Firewalld::Service::NotFound
+        y2error("Firewalld 'cluster' service is not available.")
+      end
 
       nil
     end
@@ -1293,14 +1304,23 @@ def csync2_turn_on
       y2debug("Start and enable csync2.socket.")
 
       tcp_ports = []
-      tcp_ports = SuSEFirewallServices.GetNeededTCPPorts("service:cluster")
+
+      begin
+        fwd_cluster = firewalld.find_service("cluster")
+        tcp_ports = fwd_cluster.tcp_ports
+      rescue Y2Firewall::Firewalld::Service::NotFound
+        tcp_ports = []
+      end
+
       pos = nil
       pos = Builtins.find(tcp_ports) { |s| s == @csync2_port }
       tcp_ports = Builtins.add(tcp_ports, @csync2_port) if pos == nil
-      SuSEFirewallServices.SetNeededPortsAndProtocols(
-        "service:cluster",
-        { "tcp_ports" => tcp_ports }
-      )
+      begin
+        Y2Firewall::Firewalld::Service.modify_ports(name: "cluster", tcp_ports: tcp_ports)
+      rescue Y2Firewall::Firewalld::Service::NotFound
+        y2error("Firewalld 'cluster' service is not available.")
+      end
+
 
       nil
     end
@@ -1792,5 +1812,11 @@ def ConntrackDialog
       end
       deep_copy(ret)
     end
+
+  private
+
+    def firewalld
+      Y2Firewall::Firewalld.instance
+    end
   end
 end

src/modules/Cluster.rb

@@ -30,6 +30,7 @@
 # Input and output routines.
 #
 require "yast"
+require "y2firewall/firewalld"
 
 module Yast
   class ClusterClass < Module
@@ -41,8 +42,6 @@ def main
       Yast.import "Summary"
       Yast.import "Message"
       Yast.import "PackageSystem"
-      Yast.import "SuSEFirewall"
-      Yast.import "SuSEFirewallServices"
 
 
       @csync2_key_file = "/etc/csync2/key_hagroup"
@@ -325,7 +324,7 @@ def SaveClusterConfig
       if @expected_votes != ""
         SCR.Write(path(".openais.quorum.expected_votes"), @expected_votes)
       end
-  
+
       # BNC#871970, only write member address when interface0  
       if @transport == "udpu"
 
@@ -470,15 +469,15 @@ def Read
           # Progress stage 2/3
           _("Read the previous settings"),
           # Progress stage 3/3
-          _("Read SuSEFirewall Settings")
+          _("Read Firewall Settings")
         ],
         [
           # Progress step 1/3
           _("Reading the database..."),
           # Progress step 2/3
           _("Reading the previous settings..."),
           # Progress step 3/3
-          _("Reading SuSEFirewall settings..."),
+          _("Reading Firewall settings..."),
           # Progress finished
           _("Finished")
         ],
@@ -534,7 +533,7 @@ def Read
       Builtins.sleep(sl)
 
       # detect devices
-      SuSEFirewall.Read
+      firewalld.read
 
       return false if Abort()
       Progress.NextStage
@@ -574,13 +573,13 @@ def Write
           # Progress stage 1/2
           _("Write the settings"),
           # Progress stage 2/2
-          _("Save changes to SuSEFirewall")
+          _("Save firewall changes")
         ],
         [
           # Progress step 1/2
           _("Writing the settings..."),
           # Progress step 2/2
-          _("Saving changes to SuSEFirewall..."),
+          _("Saving firewall changes ..."),
           # Progress finished
           _("Finished")
         ],
@@ -595,7 +594,7 @@ def Write
       Report.Error(_("Cannot write settings.")) if false
       Builtins.sleep(sl)
 
-      # Work with SuSEFirewall
+      # Work with firewalld
       udp_ports = []
       udp_ports = Builtins.add(udp_ports, @mcastport1) if @mcastport1 != ""
       if @enable2 && @mcastport2 != ""
@@ -618,22 +617,22 @@ def Write
       #  :to   => "list <string>"
       #)
 
-      SuSEFirewallServices.SetNeededPortsAndProtocols(
-        "service:cluster",
-        { "tcp_ports" => tcp_ports, "udp_ports" => udp_ports }
-      )
+      begin
+        Y2Firewall::Firewalld::Service.modify_ports(name: "cluster", tcp_ports: tcp_ports, udp_ports: udp_ports)
+      rescue Y2Firewall::Firewalld::Service::NotFound
+        y2error("Firewalld 'cluster' service is not available.")
+      end
 
       save_csync2_conf
 
       # run SuSEconfig
-      SuSEFirewall.Write
+      firewalld.write
       return false if Abort()
       Progress.NextStage
       # Error message
       Report.Error(Message.SuSEConfigFailed) if false
       Builtins.sleep(sl)
 
-      SuSEFirewall.ActivateConfiguration
       return false if Abort()
       # Progress finished
       Progress.NextStage
@@ -853,6 +852,13 @@ def AutoPackages
     publish :function => :Summary, :type => "list ()"
     publish :function => :Overview, :type => "list ()"
     publish :function => :AutoPackages, :type => "map ()"
+
+  private
+
+    def firewalld
+      Y2Firewall::Firewalld.instance
+    end
+
   end
 
   Cluster = ClusterClass.new