brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aleds...@apache.org
Subject [1/3] git commit: fix saveIptablesRules
Date Mon, 20 Oct 2014 16:12:13 GMT
Repository: incubator-brooklyn
Updated Branches:
  refs/heads/master 02bd0a866 -> 19da344e3


fix saveIptablesRules


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/6f2309bb
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/6f2309bb
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/6f2309bb

Branch: refs/heads/master
Commit: 6f2309bbb1edb7535f1d908bf2d83ccd061fca9d
Parents: 954b397
Author: Andrea Turli <andrea.turli@gmail.com>
Authored: Thu Jul 10 17:35:10 2014 +0200
Committer: Andrea Turli <andrea.turli@gmail.com>
Committed: Thu Sep 4 17:34:32 2014 +0200

----------------------------------------------------------------------
 .../brooklyn/util/ssh/IptablesCommands.java     | 23 ++++--
 .../brooklyn/util/ssh/IptablesCommandsTest.java | 83 +++++++++++---------
 2 files changed, 63 insertions(+), 43 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/6f2309bb/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java b/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
index b698486..af7878e 100644
--- a/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
+++ b/utils/common/src/main/java/brooklyn/util/ssh/IptablesCommands.java
@@ -18,6 +18,8 @@
  */
 package brooklyn.util.ssh;
 
+import static brooklyn.util.ssh.BashCommands.alternatives;
+import static brooklyn.util.ssh.BashCommands.installPackage;
 import static brooklyn.util.ssh.BashCommands.sudo;
 
 import com.google.common.annotations.Beta;
@@ -61,8 +63,8 @@ public class IptablesCommands {
 
     @Beta // implementation not portable across distros
     public static String iptablesService(String cmd) {
-        return sudo(BashCommands.alternatives(
-                BashCommands.ifExecutableElse1("service", "service iptables "+cmd),
+        return sudo(alternatives(
+                BashCommands.ifExecutableElse1("service", "service iptables " + cmd),
                 "/sbin/service iptables " + cmd));
     }
 
@@ -87,15 +89,20 @@ public class IptablesCommands {
     }
 
     /**
-     * Returns the command that saves on disk iptables rules, to make them resilient to reboot.
+     * Returns the command that saves iptables rules on file.
+     *
+     * @return Returns the command that saves iptables rules on file.
      *
-     * @return Returns the command that saves on disk iptables rules.
      */
     public static String saveIptablesRules() {
-        return BashCommands.alternatives(
-                BashCommands.ifExecutableElse1("iptables-save", sudo("iptables-save")),
-                iptablesService("save"));
-    }
+        return alternatives(sudo("service iptables save"), installPackage("iptables-persistent"));
+    }
+        /*
+        return BashCommands.chain(
+                BashCommands.ifExecutableElse1("apt-get", installPackage("iptables-persistent")),
+                // rhel derivatives already have iptables-save installed
+                BashCommands.ifExecutableElse1("iptables-save", String.format("iptables-save
> %s", filename)));
+        */
 
     /**
      * Returns the command that cleans up iptables rules.

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/6f2309bb/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java
----------------------------------------------------------------------
diff --git a/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java b/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java
index 0f15d27..b688973 100644
--- a/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java
+++ b/utils/common/src/test/java/brooklyn/util/ssh/IptablesCommandsTest.java
@@ -27,43 +27,56 @@ import brooklyn.util.ssh.IptablesCommands.Protocol;
 
 public class IptablesCommandsTest {
 
-   private static final String cleanUptptablesRules = "( if test \"$UID\" -eq 0; then ( /sbin/iptables
-F ); else sudo -E -n -S -- /sbin/iptables -F; fi )";
+    private static final String cleanUptptablesRules = "( if test \"$UID\" -eq 0; then (
/sbin/iptables -F ); else sudo -E -n -S -- /sbin/iptables -F; fi )";
 
-   public static final String insertIptablesRule = "( if test \"$UID\" -eq 0; then ( /sbin/iptables
-I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
-         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306 -j
ACCEPT; fi )";
-   public static final String appendIptablesRule = "( if test \"$UID\" -eq 0; then ( /sbin/iptables
-A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
-         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306 -j
ACCEPT; fi )";
-   public static final String insertIptablesRuleAll = "( if test \"$UID\" -eq 0; then ( /sbin/iptables
-I INPUT -p tcp --dport 3306 -j ACCEPT ); "
-         + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
-   public static final String appendIptablesRuleAll = "( if test \"$UID\" -eq 0; then ( /sbin/iptables
-A INPUT -p tcp --dport 3306 -j ACCEPT ); "
-         + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
-   
-   @Test
-   public void testCleanUpIptablesRules() {
-      Assert.assertEquals(IptablesCommands.cleanUpIptablesRules(), cleanUptptablesRules);
-   }
+    public static final String insertIptablesRule = "( if test \"$UID\" -eq 0; then ( /sbin/iptables
-I INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
+            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -i eth0 -p tcp --dport 3306
-j ACCEPT; fi )";
+    private static final String appendIptablesRule = "( if test \"$UID\" -eq 0; then ( /sbin/iptables
-A INPUT -i eth0 -p tcp --dport 3306 -j ACCEPT ); "
+            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -i eth0 -p tcp --dport 3306
-j ACCEPT; fi )";
+    private static final String insertIptablesRuleAll = "( if test \"$UID\" -eq 0; then (
/sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT ); "
+            + "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
+    private static final String appendIptablesRuleAll = "( if test \"$UID\" -eq 0; then (
/sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
+            + "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT;
fi )";
+    private static final String saveIptablesRules = "( ( if test \"$UID\" -eq 0; then ( service
iptables save ); else sudo -E -n -S -- service iptables save; fi ) || " +
+            "( { which zypper && { echo zypper exists, doing refresh && ((
if test \"$UID\" -eq 0; then ( zypper --non-interactive --no-gpg-checks refresh ); else sudo
-E -n -S -- zypper --non-interactive --no-gpg-checks refresh; fi ) || true) && " +
+            "( if test \"$UID\" -eq 0; then ( zypper --non-interactive --no-gpg-checks install
iptables-persistent ); else sudo -E -n -S -- zypper --non-interactive --no-gpg-checks install
iptables-persistent; fi ) ; } ; } || { which apt-get && { echo apt-get exists, doing
update && export DEBIAN_FRONTEND=noninteractive && " +
+            "(( if test \"$UID\" -eq 0; then ( apt-get update ); else sudo -E -n -S -- apt-get
update; fi ) || true) && " +
+            "( if test \"$UID\" -eq 0; then ( apt-get install -y --allow-unauthenticated
iptables-persistent ); else sudo -E -n -S -- apt-get install -y --allow-unauthenticated iptables-persistent;
fi ) ; } ; } || { which yum && { echo yum exists, doing update && " +
+            "(( if test \"$UID\" -eq 0; then ( yum check-update ); else sudo -E -n -S --
yum check-update; fi ) || true) && " +
+            "( if test \"$UID\" -eq 0; then ( yum -y --nogpgcheck install iptables-persistent
); else sudo -E -n -S -- yum -y --nogpgcheck install iptables-persistent; fi ) ; } ; } ||
{ which brew && brew install iptables-persistent ; } || { which port && (
if test \"$UID\" -eq 0; then ( port install iptables-persistent ); else sudo -E -n -S -- port
install iptables-persistent; fi ) ; } || " +
+            "(( echo \"WARNING: no known/successful package manager to install iptables-persistent,
may fail subsequently\" | tee /dev/stderr ) || true) ) )";
 
-   @Test
-   public void testInsertIptablesRules() {
-      Assert.assertEquals(IptablesCommands.insertIptablesRule(Chain.INPUT, "eth0", Protocol.TCP,
3306, Policy.ACCEPT),
-            insertIptablesRule);
-   }
+    @Test
+    public void testCleanUpIptablesRules() {
+        Assert.assertEquals(IptablesCommands.cleanUpIptablesRules(), cleanUptptablesRules);
+    }
 
-   @Test
-   public void testAppendIptablesRules() {
-      Assert.assertEquals(IptablesCommands.appendIptablesRule(Chain.INPUT, "eth0", Protocol.TCP,
3306, Policy.ACCEPT),
-            appendIptablesRule);
-   }
-   
-   @Test
-   public void testInsertIptablesRulesForAllInterfaces() {
-      Assert.assertEquals(IptablesCommands.insertIptablesRule(Chain.INPUT, Protocol.TCP,
3306, Policy.ACCEPT),
-            insertIptablesRuleAll);
-   }
+    @Test
+    public void testInsertIptablesRules() {
+        Assert.assertEquals(IptablesCommands.insertIptablesRule(Chain.INPUT, "eth0", Protocol.TCP,
3306, Policy.ACCEPT),
+                insertIptablesRule);
+    }
 
-   @Test
-   public void testAppendIptablesRulesForAllInterfaces() {
-      Assert.assertEquals(IptablesCommands.appendIptablesRule(Chain.INPUT, Protocol.TCP,
3306, Policy.ACCEPT),
-            appendIptablesRuleAll);
-   }
+    @Test
+    public void testAppendIptablesRules() {
+        Assert.assertEquals(IptablesCommands.appendIptablesRule(Chain.INPUT, "eth0", Protocol.TCP,
3306, Policy.ACCEPT),
+                appendIptablesRule);
+    }
+
+    @Test
+    public void testInsertIptablesRulesForAllInterfaces() {
+        Assert.assertEquals(IptablesCommands.insertIptablesRule(Chain.INPUT, Protocol.TCP,
3306, Policy.ACCEPT),
+                insertIptablesRuleAll);
+    }
+
+    @Test
+    public void testAppendIptablesRulesForAllInterfaces() {
+        Assert.assertEquals(IptablesCommands.appendIptablesRule(Chain.INPUT, Protocol.TCP,
3306, Policy.ACCEPT),
+                appendIptablesRuleAll);
+    }
+
+    @Test
+    public void testSaveIptablesRules() {
+        Assert.assertEquals(IptablesCommands.saveIptablesRules(), saveIptablesRules);
+    }
 }


Mime
View raw message