Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update IPTables save method #1006

Closed
wants to merge 2 commits into from
Closed

Update IPTables save method #1006

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
37233b5
Update IPTables save method
frogfather Oct 1, 2018
172514f
review comments and add test
frogfather Oct 2, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 12 additions & 10 deletions utils/common/src/main/java/org/apache/brooklyn/util/ssh/IptablesCommands.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@

import static org.apache.brooklyn.util.ssh.BashCommands.alternatives;
import static org.apache.brooklyn.util.ssh.BashCommands.chain;
import static org.apache.brooklyn.util.ssh.BashCommands.ifExecutableElse1;
import static org.apache.brooklyn.util.ssh.BashCommands.installPackage;
import static org.apache.brooklyn.util.ssh.BashCommands.sudo;

Expand Down Expand Up @@ -94,7 +95,7 @@ public static String iptablesServiceStatus() {
@Beta // implementation not portable across distros
public static String firewalldService(String cmd) {
return sudo(alternatives(
BashCommands.ifExecutableElse1("systemctl", "systemctl " + cmd + " firewalld"),
ifExecutableElse1("systemctl", "systemctl " + cmd + " firewalld"),
"/usr/bin/systemctl " + cmd + " firewalld"));
}

Expand Down Expand Up @@ -130,8 +131,9 @@ public static String firewalldServiceIsActive() {
*
*/
public static String saveIptablesRules() {
return alternatives(sudo("service iptables save"),
chain(installPackage("iptables-persistent"), sudo("/etc/init.d/iptables-persistent save")));
return alternatives(
ifExecutableElse1("iptables–save", "if [ ${UID} -eq 0 ] ; then iptables–save > /etc/sysconfig/iptables ; else sudo iptables-save | sudo tee /etc/sysconfig/iptables ; fi"),
chain(installPackage("iptables-persistent"), sudo("/etc/init.d/iptables-persistent save")));
}

/**
Expand All @@ -140,7 +142,7 @@ public static String saveIptablesRules() {
* @return Returns the command that cleans up iptables rules.
*/
public static String cleanUpIptablesRules() {
return sudo("/sbin/iptables -F");
return sudo("/sbin/iptables -F");
}

/**
Expand All @@ -149,7 +151,7 @@ public static String cleanUpIptablesRules() {
* @return Returns the command that list all the iptables rules.
*/
public static String listIptablesRule() {
return sudo("/sbin/iptables -L -v -n");
return sudo("/sbin/iptables -L -v -n");
}

/**
Expand Down Expand Up @@ -213,7 +215,7 @@ public static String addIptablesRule(String direction, Chain chain, Optional<Str
public static String addFirewalldRule(Chain chain, org.apache.brooklyn.util.net.Protocol protocol, int port, Policy policy) {
return addFirewalldRule(chain, Optional.<String>absent(), protocol, port, policy);
}

/**
* Returns the command that adds firewalld direct rule.
*
Expand All @@ -222,12 +224,12 @@ public static String addFirewalldRule(Chain chain, org.apache.brooklyn.util.net.
public static String addFirewalldRule(Chain chain, Optional<String> networkInterface, org.apache.brooklyn.util.net.Protocol protocol, int port, Policy policy) {
String command = new String("/usr/bin/firewall-cmd");
String commandPermanent = new String("/usr/bin/firewall-cmd --permanent");

String interfaceParameter = String.format("%s", networkInterface.isPresent() ? " -i " + networkInterface.get() : "");
String commandParameters = String.format(" --direct --add-rule ipv4 filter %s 0 %s -p %s --dport %d -j %s",

String commandParameters = String.format(" --direct --add-rule ipv4 filter %s 0 %s -p %s --dport %d -j %s",
chain, interfaceParameter, protocol, port, policy);

return sudo(chain(command + commandParameters, commandPermanent + commandParameters));
}
}
2 changes: 1 addition & 1 deletion utils/common/src/test/java/org/apache/brooklyn/util/ssh/IptablesCommandsTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ public class IptablesCommandsTest {
+ "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT; fi )";
private static final String appendIptablesRuleAll = "( if test \"$UID\" -eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
+ "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT; fi )";
private static final String saveIptablesRules = "( ( if test \"$UID\" -eq 0; then ( service iptables save ); else sudo -E -n -S -- service iptables save; fi ) || " +
private static final String saveIptablesRules = "( { which iptables–save && if [ ${UID} -eq 0 ] ; then iptables–save > /etc/sysconfig/iptables ; else sudo iptables-save | sudo tee /etc/sysconfig/iptables ; fi ; } || " +
"( ( { which zypper && { echo zypper exists, doing refresh && (( if test \"$UID\" -eq 0; then ( zypper --non-interactive --no-gpg-checks refresh ); else sudo -E -n -S -- zypper --non-interactive --no-gpg-checks refresh; fi ) || true) "
+ "&& ( if test \"$UID\" -eq 0; then ( zypper --non-interactive --no-gpg-checks install iptables-persistent ); else sudo -E -n -S -- zypper --non-interactive --no-gpg-checks install iptables-persistent; fi ) ; } ; } || " +
"{ which apt-get && { echo apt-get exists, doing update && export DEBIAN_FRONTEND=noninteractive "
Expand Down