From 59bd935f3eb43d06580c737c69d5e5e46d481868 Mon Sep 17 00:00:00 2001
From: Wilder Rodrigues <wrodrigues@schubergphilis.com>
Date: Tue, 13 Oct 2015 15:54:59 +0200
Subject: [PATCH] CLOUDSTACK-8947 - Configure the firewall when the load
 balancer is setup

   - Only restart HAproxy if it's not running yet
---
 .../config/opt/cloud/bin/cs/CsLoadBalancer.py | 25 +++++++++++++------
 1 file changed, 18 insertions(+), 7 deletions(-)

diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py
index 4dce95fc804..a288eac2c49 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py
@@ -19,6 +19,7 @@ import os.path
 import re
 import shutil
 from cs.CsDatabag import CsDataBag
+from CsProcess import CsProcess
 from CsFile import CsFile
 import CsHelper
 
@@ -27,7 +28,7 @@ HAPROXY_CONF_P = "/etc/haproxy/haproxy.cfg"
 
 
 class CsLoadBalancer(CsDataBag):
-    """ Manage Load Balance entries """
+    """ Manage Load Balancer entries """
 
     def process(self):
         if "config" not in self.dbag.keys():
@@ -43,23 +44,33 @@ class CsLoadBalancer(CsDataBag):
         if not file2.compare(file1):
             file1.commit()
             shutil.copy2(HAPROXY_CONF_T, HAPROXY_CONF_P)
-            CsHelper.service("haproxy", "restart")
-        
+
+            proc = CsProcess(['/var/run/haproxy.pid'])
+            if not proc.find():
+                logging.debug("CsLoadBalancer:: will restart HAproxy!")
+                CsHelper.service("haproxy", "restart")
+            else:
+                logging.debug("CsLoadBalancer:: will reload HAproxy!")
+                CsHelper.service("haproxy", "reload")
+
         add_rules = self.dbag['config'][0]['add_rules']
         remove_rules = self.dbag['config'][0]['remove_rules']
         self._configure_firewall(add_rules, remove_rules)
 
     def _configure_firewall(self, add_rules, remove_rules):
-        firewall = self.fw
-        
+        firewall = self.config.get_fw()
+
+        logging.debug("CsLoadBalancer:: configuring firewall. Add rules ==> %s" % add_rules)
+        logging.debug("CsLoadBalancer:: configuring firewall. Remove rules ==> %s" % remove_rules)
+
         for rules in add_rules:
             path = rules.split(':')
             ip = path[0]
             port = path[1]
-            fw.append(["filter", "", "-A INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)])
+            firewall.append(["filter", "", "-A INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)])
 
         for rules in remove_rules:
             path = rules.split(':')
             ip = path[0]
             port = path[1]
-            fw.append(["filter", "", "-D INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)])
+            firewall.append(["filter", "", "-D INPUT -p tcp -m tcp -d %s --dport %s -m state --state NEW -j ACCEPT" % (ip, port)])