def add_firewall(argv, service, instance):
output = ''
try:
mac_address, lockfile = reserve_unique_mac_address(LOCK_DIRECTORY)
except Exception as e:
output = f'Unable to add mac address: {e}'
else:
argv = add_argument(argv, f'--mac-address={mac_address}')
try:
with firewall_flock():
prepare_new_container(
DEFAULT_SOA_DIR,
DEFAULT_SYNAPSE_SERVICE_DIR,
service,
instance,
mac_address,
)
except Exception as e:
output = f'Unable to add firewall rules: {e}'
if output:
print(output, file=sys.stderr)
return argv
def process_inotify_event(event, services_by_dependencies, soa_dir,
synapse_service_dir):
filename = event[3].decode()
log.debug('process_inotify_event on {}'.format(filename))
service_instance, suffix = os.path.splitext(filename)
if suffix != '.json':
return
services_to_update = services_by_dependencies.get(service_instance, ())
if not services_to_update:
return
# filter active_service_groups() down to just the names in services_to_update
service_groups = {
service_group: macs
for service_group, macs in firewall.active_service_groups().items()
if service_group in services_to_update
}
try:
with firewall.firewall_flock():
firewall.ensure_service_chains(service_groups, soa_dir,
synapse_service_dir)
for service_to_update in services_to_update:
log.debug('Updated {}'.format(service_to_update))
except TimeoutError as e:
log.error(
'Unable to update firewalls for {} because time-out obtaining flock: {}'
.format(
service_groups.keys(),
e,
), )
def run_cron(args):
with firewall.firewall_flock():
firewall.general_update(args.soa_dir, args.synapse_service_dir)
