def add_firewall(argv, service, instance): output = '' try: mac_address, lockfile = reserve_unique_mac_address(LOCK_DIRECTORY) except Exception as e: output = f'Unable to add mac address: {e}' else: argv = add_argument(argv, f'--mac-address={mac_address}') try: with firewall_flock(): prepare_new_container( DEFAULT_SOA_DIR, DEFAULT_SYNAPSE_SERVICE_DIR, service, instance, mac_address, ) except Exception as e: output = f'Unable to add firewall rules: {e}' if output: print(output, file=sys.stderr) return argv
def process_inotify_event(event, services_by_dependencies, soa_dir, synapse_service_dir): filename = event[3].decode() log.debug('process_inotify_event on {}'.format(filename)) service_instance, suffix = os.path.splitext(filename) if suffix != '.json': return services_to_update = services_by_dependencies.get(service_instance, ()) if not services_to_update: return # filter active_service_groups() down to just the names in services_to_update service_groups = { service_group: macs for service_group, macs in firewall.active_service_groups().items() if service_group in services_to_update } try: with firewall.firewall_flock(): firewall.ensure_service_chains(service_groups, soa_dir, synapse_service_dir) for service_to_update in services_to_update: log.debug('Updated {}'.format(service_to_update)) except TimeoutError as e: log.error( 'Unable to update firewalls for {} because time-out obtaining flock: {}' .format( service_groups.keys(), e, ), )
def run_cron(args): with firewall.firewall_flock(): firewall.general_update(args.soa_dir, args.synapse_service_dir)