CP-40754 The firewall-port script returns true if port 80 is blocked and false if it is closed, this is captured in set_https_only to update the DB based on the tate of the network not the requested setting should there be a failure

Signed-off-by: jameshensmancitrix <james.hensman@citrix.com>

Author: jameshensmancitrix

ocaml/xapi/dbsync_slave.ml

@@ -122,8 +122,20 @@ let refresh_localhost_info ~__context info =
       ~key:Xapi_globs.host_no_local_storage ~value:"true"
   ) else
     Db.Host.remove_from_other_config ~__context ~self:host
-      ~key:Xapi_globs.host_no_local_storage
-
+      ~key:Xapi_globs.host_no_local_storage ;
+  let script_output =
+    Helpers.call_script !Xapi_globs.firewall_port_config_script ["check"; "80"]
+  in
+  try
+    let network_state = Scanf.sscanf script_output "Port 80 open: %B" Fun.id in
+    Db.Host.set_https_only ~__context ~self:host ~value:network_state
+  with _ ->
+    let message =
+      Printf.sprintf
+        "unexpected output from /etc/xapi.d/plugins/firewall-port: %s"
+        script_output
+    in
+    raise Api_errors.(Server_error (internal_error, [message]))
 (*************** update database tools ******************)
 
 (** Record host memory properties in database *)

scripts/plugins/firewall-port

@@ -47,10 +47,19 @@ case "${OP}" in
             service iptables save
         fi
         ;;
+    check) 
+        if [[ -z `iptables -S $CHAIN | grep " $PORT "` ]]
+        then
+            echo "Port $PORT open: true"
+        else
+            echo "Port $PORT open: false"
+        fi
+        ;;
     *)
-        echo $"Usage: $0 {open|close} {port} {protocol}" 1>&2
+        echo $"Usage: $0 {open|close|check} {port} {protocol}" 1>&2
         exit 1
         ;;
 esac
+
 exit 0