You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@vcl.apache.org by ar...@apache.org on 2015/06/26 19:26:33 UTC
svn commit: r1687820 -
/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm
Author: arkurth
Date: Fri Jun 26 17:26:33 2015
New Revision: 1687820
URL: http://svn.apache.org/r1687820
Log:
VCL-879
Added calls to obtain semaphore before all execute calls which modify the firewall in iptables.pm.
Modified:
vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm
Modified: vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm
URL: http://svn.apache.org/viewvc/vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm?rev=1687820&r1=1687819&r2=1687820&view=diff
==============================================================================
--- vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm (original)
+++ vcl/trunk/managementnode/lib/VCL/Module/OS/Linux/firewall/iptables.pm Fri Jun 26 17:26:33 2015
@@ -93,6 +93,31 @@ sub initialize {
#/////////////////////////////////////////////////////////////////////////////
+=head2 get_iptables_semaphore
+
+ Parameters : none
+ Returns : VCL::Semaphore object reference
+ Description : Obtains and returns a VCL::Semaphore object. This should be
+ called prior to executing iptables commands which must be run
+ individually. Otherwise, the following error is generated:
+ iptables: Resource temporarily unavailable.
+
+=cut
+
+sub get_iptables_semaphore {
+ my $self = shift;
+ if (ref($self) !~ /VCL::Module/i) {
+ notify($ERRORS{'CRITICAL'}, 0, "subroutine was called as a function, it must be called as a class method");
+ return 0;
+ }
+
+ my $computer_id = $self->data->get_computer_id();
+
+ return $self->get_semaphore("iptables-$computer_id", 120, 1);
+}
+
+#/////////////////////////////////////////////////////////////////////////////
+
=head2 insert_rule
Parameters : hash reference
@@ -225,6 +250,7 @@ sub insert_rule {
}
}
+ my $semaphore = $self->get_iptables_semaphore();
my ($exit_status, $output) = $self->os->execute($command, 0);
if (!defined($output)) {
notify($ERRORS{'WARNING'}, 0, "failed to execute command $computer_name: $command");
@@ -327,6 +353,7 @@ sub delete_rule {
$command .= " -D $chain_name -t $table_name $specification";
}
+ my $semaphore = $self->get_iptables_semaphore();
my ($exit_status, $output) = $self->os->execute($command, 0);
if (!defined($output)) {
notify($ERRORS{'WARNING'}, 0, "failed to execute command $computer_name: $command");
@@ -373,6 +400,8 @@ sub create_chain {
my $computer_name = $self->data->get_computer_hostname();
my $command = "/sbin/iptables --new-chain $chain_name --table $table_name";
+
+ my $semaphore = $self->get_iptables_semaphore();
my ($exit_status, $output) = $self->os->execute($command, 0);
if (!defined($output)) {
notify($ERRORS{'WARNING'}, 0, "failed to execute command $computer_name: $command");
@@ -442,6 +471,8 @@ sub delete_chain {
}
my $command = "/sbin/iptables --delete-chain $chain_name --table $table_name";
+
+ my $semaphore = $self->get_iptables_semaphore();
my ($exit_status, $output) = $self->os->execute($command, 0);
if (!defined($output)) {
notify($ERRORS{'WARNING'}, 0, "failed to execute command $computer_name: $command");
@@ -575,6 +606,7 @@ sub flush_chain {
}
$command .= " --table $table_name";
+ my $semaphore = $self->get_iptables_semaphore();
my ($exit_status, $output) = $self->os->execute($command, 0);
if (!defined($output)) {
notify($ERRORS{'WARNING'}, 0, "failed to execute command $computer_name: $command");