CP-308800: Dynamic control http firewall service

Signed-off-by: Bengang Yuan <[email protected]>

Author: BengangY

ocaml/xapi/dbsync_slave.ml

@@ -134,16 +134,13 @@ let refresh_localhost_info ~__context info =
   ) else
     Db.Host.remove_from_other_config ~__context ~self:host
       ~key:Xapi_globs.host_no_local_storage ;
-  let script_output =
-    Helpers.call_script !Xapi_globs.firewall_port_config_script ["check"; "80"]
+  let module F =
+    ( val Firewall.firewall_provider !Xapi_globs.firewall_backend
+        : Firewall.FIREWALL
+      )
   in
-  try
-    let network_state = Scanf.sscanf script_output "Port 80 open: %B" Fun.id in
-    Db.Host.set_https_only ~__context ~self:host ~value:network_state
-  with _ ->
-    Helpers.internal_error
-      "unexpected output from /etc/xapi.d/plugins/firewall-port: %s"
-      script_output
+  let enabled = F.is_firewall_service_enabled ~service:Firewall.Http in
+  Db.Host.set_https_only ~__context ~self:host ~value:(not enabled)
 (*************** update database tools ******************)
 
 (** Record host memory properties in database *)

ocaml/xapi/xapi_host.ml

@@ -3116,13 +3116,17 @@ let cc_prep () =
       true
 
 let set_https_only ~__context ~self ~value =
-  let state = match value with true -> "close" | false -> "open" in
   match cc_prep () with
   | false ->
-      ignore
-      @@ Helpers.call_script
-           !Xapi_globs.firewall_port_config_script
-           [state; "80"] ;
+      let status =
+        match value with true -> Firewall.Disabled | false -> Firewall.Enabled
+      in
+      let module F =
+        ( val Firewall.firewall_provider !Xapi_globs.firewall_backend
+            : Firewall.FIREWALL
+          )
+      in
+      F.update_firewall_status ~service:Firewall.Http ~status ;
       Db.Host.set_https_only ~__context ~self ~value
   | true when value = Db.Host.get_https_only ~__context ~self ->
       (* the new value is the same as the old value *)