From 623c45ce127f462988aa45b91201d4f5c7880943 Mon Sep 17 00:00:00 2001
From: Liping Cheng <lcheng@redhat.com>
Date: Dec 19 2019 05:21:53 +0000
Subject: Add nfs service to firewalld


Change-Id: I22b6cd69401616cd17a9d23523c7a84925628676
Signed-off-by: Liping Cheng <lcheng@redhat.com>
Reviewed-on: https://code.engineering.redhat.com/gerrit/183409
Tested-by: Libvirt Jenkins <libvirt-jenkins@redhat.com>
Signed-off-by: Liping Cheng <lcheng@redhat.com>

---

diff --git a/repos/domain/nfs_env.py b/repos/domain/nfs_env.py
index 66aa794..1d367d9 100644
--- a/repos/domain/nfs_env.py
+++ b/repos/domain/nfs_env.py
@@ -11,6 +11,22 @@ optional_params = {'target_machine': None,
                    'password': 'redhat'}
 
 
+def stop_firewalld(target_machine, logger):
+    """ Stop firewalld service (not recommended, """
+    """ this will affect virtual network of libvirtd.) """
+    cmd = "systemctl stop firewalld"
+    ret = process.run(cmd, shell=True, ignore_status=True)
+    if ret.exit_status:
+        logger.error("Stop firewalld service failed: %s." % ret.stdout)
+        return 1
+    if target_machine is not None:
+        cmd = "systemctl stop firewalld"
+        ret, out = utils.remote_exec_pexpect(target_machine, username, password, cmd, 120)
+        if ret:
+            logger.error("Stop remote firewalld failed: %s" % out)
+            return 1
+
+
 def nfs_env(params):
     """ migrate a guest back and forth between two machines"""
     logger = params['logger']
@@ -21,16 +37,19 @@ def nfs_env(params):
     mount_path = params['mount_path']
 
     server_ip = utils.get_local_ip()
-    cmd = "systemctl stop firewalld"
+    cmd = ("firewall-cmd --add-port=49152-49215/tcp;"
+           "firewall-cmd --permanent --add-service=nfs;"
+           "firewall-cmd --permanent --add-service=mountd;"
+           "firewall-cmd --permanent --add-service=rpc-bind;"
+           "firewall-cmd --reload")
     ret = process.run(cmd, shell=True, ignore_status=True)
     if ret.exit_status:
-        logger.error("Stop firewalld service failed: %s." % ret.stdout)
+        logger.error("Failed to add nfs service to firewalld: %s." % ret.stdout)
         return 1
     if target_machine is not None:
-        cmd = "systemctl stop firewalld"
         ret, out = utils.remote_exec_pexpect(target_machine, username, password, cmd, 120)
         if ret:
-            logger.error("Stop remote firewalld failed: %s" % out)
+            logger.error("Failed to add nfs service to remote firewalld: %s" % out)
             return 1
     if not nfs.nfs_setup(server_ip, target_machine, username, password,
                          nfs_path, mount_path, logger):