python/systemctl error

[real time]

Hi All/Anilsir,

Below code is working fine when the firewall is active/running before executing the code.

but it is failing when firewall is dead/stopped before executing the code.

when firewall is already dead/stopped and if we execute below code it is showing the error

"Unable to execute /usr/bin/systemctl status firewalld"

Please let me know how can i handle it ?

def is_firewall_service_running ():

        error_found = 0
        output = ""
        cmd_list = ['/usr/bin/systemctl', 'status', 'firewalld']

        try:
            output = subprocess.check_output(cmd_list)  # nosec
        except subprocess.CalledProcessError:
            error_found = 1
            print(" processor error in run ")
        except OSError:
            error_found = 1
            print(" OS error in run")

        if error_found or not output:
            print("Unable to execute: " + ' '.join(cmd_list))
            print(" failed to check running ")
            return False

        for item in output.splitlines():
            item = item.decode()
            if re.search('Active', item) and re.search(r'running', item):
                return True

                return False

[Anil Kumar Pugalia]

Try the command on shell and see what difference are you getting.

Regards
Anil

Passion: http://sysplay.in (Playing with Systems)

real time wrote on 05/05/21 11:15 am:

--
You received this message because you are subscribed to the Google Groups "SysPlay's Inside Linux" group.
To unsubscribe from this group and stop receiving emails from it, send an email to inside_linux...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/CAFO2MTf5%2B_k3XrK4UyjZBFT8_S%2Bi5UL2NktwjdJ90bGEUQhRJw%40mail.gmail.com.

[real time]

NameError: name 'subprocess' is not defined

>>> import subprocess

>>> subprocess.check_output(['/usr/bin/systemctl' ,'start' , 'firewalld'])

b''

>>> subprocess.check_output(['/usr/bin/systemctl' ,'stop' , 'firewalld'])

b''

>>> subprocess.check_output(['/usr/bin/systemctl' ,'start' , 'firewalld'])

b''

>>> subprocess.check_output(['/usr/bin/systemctl' ,'status' , 'firewalld'])

b"\xe2\x97\x8f firewalld.service - firewalld - dynamic firewall daemon\n   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)\n   Active: active (running) since Wed 2021-05-05 09:32:50 UTC; 7s ago\n     Docs: man:firewalld(1)\n Main PID: 69632 (firewalld)\n    Tasks: 2 (limit: 822506)\n   Memory: 31.0M\n   CGroup: /system.slice/firewalld.service\n           \xe2\x94\x94\xe2\x94\x8069632 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid\n\nMay 05 09:32:49 U6-i13 systemd[1]: Starting firewalld - dynamic firewall daemon...\nMay 05 09:32:50 U6-i13 systemd[1]: Started firewalld - dynamic firewall daemon.\nMay 05 09:32:50 U6-i13 firewalld[69632]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.\nMay 05 09:32:50 U6-i13 firewalld[69632]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a matching rule exist in that chain?).\n"

>>> subprocess.check_output(['/usr/bin/systemctl' ,'stop' , 'firewalld'])

b''

>>> subprocess.check_output(['/usr/bin/systemctl' ,'status' , 'firewalld'])

Traceback (most recent call last):

  File "<stdin>", line 1, in <module>

  File "/usr/lib64/python3.6/subprocess.py", line 356, in check_output

    **kwargs).stdout

  File "/usr/lib64/python3.6/subprocess.py", line 438, in run

    output=stdout, stderr=stderr)

subprocess.CalledProcessError: Command '['/usr/bin/systemctl', 'status', 'firewalld']' returned non-zero exit status 3.

>>>

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/8a0796fc-3d6c-2989-a456-3f3ca8b422f2%40sarika-pugs.com.

[Anil Kumar Pugalia]

I mean the systemctl command directly and see what you get.

Regards
Anil

Passion: http://sysplay.in (Playing with Systems)

real time wrote on 05/05/21 3:04 pm:

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/CAFO2MTe45Tz8Spr6r_m%3DTktjtVbKbhbL6VaO6Rbz5rtpK4cMDQ%40mail.gmail.com.

[real time]

it is normal , if we start , it is showing active , if we stop , it shows dead

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)

   Active: inactive (dead) since Wed 2021-05-05 13:39:56 UTC; 1s ago

     Docs: man:firewalld(1)

  Process: 71031 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)

 Main PID: 71031 (code=exited, status=0/SUCCESS)

May 05 13:12:11 U6-i13 systemd[1]: Starting firewalld - dynamic firewall daemon...

May 05 13:12:11 U6-i13 systemd[1]: Started firewalld - dynamic firewall daemon.

May 05 13:12:11 U6-i13 firewalld[71031]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release>

May 05 13:12:12 U6-i13 firewalld[71031]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -D FORWARD -i docker0 -o docker0 -j DROP' failed: iptables: Bad rule (does a mat>

May 05 13:39:55 U6-i13 systemd[1]: Stopping firewalld - dynamic firewall daemon...

May 05 13:39:56 U6-i13 systemd[1]: Stopped firewalld - dynamic firewall daemon.

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/e76aa35f-a9ad-42e2-4de6-8caf266e1b37%40sarika-pugs.com.

[Anil Kumar Pugalia]

What is the return status in each case? Check using "echo $?" immediately after the command.

Regards
Anil

Passion: http://sysplay.in (Playing with Systems)

real time wrote on 05/05/21 7:10 pm:

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/CAFO2MTd8vNJrxmiyM1iKiUb%3DvQFL6U%3DTmz-HSXDhrRXAT_bE4Q%40mail.gmail.com.

[real time]

yes it is same both the case "3" , I think that is the way systemctl code written for systemd ...

so , I think we have to take care from our python code how we handle that rahter then thinking much on systemctl side..so , i changed the code 

as below and it is working fine...

#!/usr/bin/env python3
import re
import subprocess

def is_firewalld_running ():
# Define command as string and then split() into list format
cmd = '/usr/bin/systemctl status firewalld'

# Use shell to execute the command, store the stdout and stderr in sp variable
sp = subprocess.Popen(cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)

out,err=sp.communicate()
if err:
print("stderr: {}".format(stderr))
sys.exit(0)

for item in out.splitlines():

item = item.decode()
if re.search('Active', item) and re.search(r'running', item):
return True

return False

if __name__ == '__main__' :
if is_firewalld_running ():
print("running")
else:
print("not running")

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/65435fbb-fc36-c826-ec82-bf482c79cf23%40sarika-pugs.com.

[real time]

correct me if I'm wrong ...

[real time]

Because in the working code i implemented , it opens the new shell and execute the command , without that it is executing the command in the existing shell , so that is the difference...

To view this discussion on the web visit https://groups.google.com/d/msgid/inside_linux/65435fbb-fc36-c826-ec82-bf482c79cf23%40sarika-pugs.com.