pmap/firewalld: Reconcile ports on firewalld reload

Signed-off-by: Prashanth Pai <ppai@redhat.com>

glusterd2/main.go

@@ -12,6 +12,7 @@ import (
 	"github.com/gluster/glusterd2/glusterd2/events"
 	"github.com/gluster/glusterd2/glusterd2/gdctx"
 	"github.com/gluster/glusterd2/glusterd2/peer"
+	"github.com/gluster/glusterd2/glusterd2/pmap"
 	"github.com/gluster/glusterd2/glusterd2/servers"
 	"github.com/gluster/glusterd2/glusterd2/store"
 	gdutils "github.com/gluster/glusterd2/glusterd2/utils"
@@ -136,6 +137,8 @@ func main() {
 		log.WithError(err).Warn("firewalld.Init() failed")
 	}
 
+	pmap.Init()
+
 	// Restart previously running daemons
 	daemon.StartAllDaemons()
 

glusterd2/pmap/registry.go

@@ -10,6 +10,7 @@ import (
 	"github.com/gluster/glusterd2/glusterd2/gdctx"
 	"github.com/gluster/glusterd2/pkg/firewalld"
 
+	"github.com/godbus/dbus"
 	log "github.com/sirupsen/logrus"
 )
 
@@ -37,7 +38,8 @@ type pmapRegistry struct {
 	// used to process disconnections
 	Ports map[int]brickSet `json:"ports,omitempty"`
 
-	notifyFirewalld bool
+	notifyFirewalld   bool
+	firewalldReloadCh chan *dbus.Signal
 }
 
 func (r *pmapRegistry) String() string {
@@ -161,19 +163,45 @@ func (r *pmapRegistry) Remove(port int, brickpath string, conn net.Conn) error {
 	return nil
 }
 
+func (r *pmapRegistry) reconcileFirewalld() {
+	// From dbus.Conn.Signal:
+	// The caller has to make sure that channel is sufficiently buffered;
+	// if a message arrives when a write to channel is not possible, it is
+	// discarded.
+	sigCh := make(chan *dbus.Signal, 10)
+	firewalld.NotifyOnReload(sigCh)
+	for range sigCh {
+		log.Debug("firewalld reloaded, reconciling ports")
+		r.Lock()
+		for port := range r.Ports {
+			if err := firewalld.AddPort("", port, firewalld.ProtoTCP); err != nil {
+				log.WithError(err).WithField("port",
+					port).Warn("firewalld.AddPort() failed")
+			}
+		}
+		r.Unlock()
+	}
+}
+
 var registry *pmapRegistry
 
-func init() {
+// Init initializes the pmap registry
+func Init() {
 
 	if registry != nil {
 		panic("registry is not nil: this shouldn't happen")
 	}
 
 	registry = &pmapRegistry{
-		Ports:           make(map[int]brickSet),
-		bricks:          make(map[string]int),
-		conns:           make(map[net.Conn]int),
-		notifyFirewalld: true,
+		Ports:             make(map[int]brickSet),
+		bricks:            make(map[string]int),
+		conns:             make(map[net.Conn]int),
+		notifyFirewalld:   true,
+		firewalldReloadCh: make(chan *dbus.Signal, 10),
+	}
+
+	if registry.notifyFirewalld {
+		go registry.reconcileFirewalld()
 	}
 
 	expvar.Publish("pmap", registry)

pkg/firewalld/firewalld.go

@@ -23,6 +23,7 @@ const (
 
 var (
 	dbusObj   dbus.BusObject
+	dbusConn  *dbus.Conn
 	isRunning bool
 )
 
@@ -60,6 +61,16 @@ func RemovePort(zone string, port int, protocol Protocol) error {
 	return dbusObj.Call(fInterface+".zone.removePort", 0, zone, portStr, string(protocol)).Store(&zone)
 }
 
+// NotifyOnReload will notify on the provided channel whenever firewalld
+// reloads.
+func NotifyOnReload(notify chan<- *dbus.Signal) {
+	if dbusConn == nil {
+		return
+	}
+	dbusConn.BusObject().(*dbus.Object).AddMatchSignal(fInterface, "Reloaded")
+	dbusConn.Signal(notify)
+}
+
 // Init initializes dbus connection and checks if firewalld is running.
 func Init() error {
 
@@ -67,6 +78,7 @@ func Init() error {
 	if err != nil {
 		return err
 	}
+	dbusConn = conn
 
 	// this can never fail
 	dbusObj = conn.Object(fInterface, dbus.ObjectPath(fObjPath))
@@ -76,7 +88,6 @@ func Init() error {
 		conn.Close()
 		return err
 	}
-
 	_ = zone
 	isRunning = true