Skip to content

Commit 375e1dc

Browse files
frogfathergrkvlt
authored andcommitted
review comments and add test
1 parent 37233b5 commit 375e1dc

2 files changed

Lines changed: 12 additions & 10 deletions

File tree

utils/common/src/main/java/org/apache/brooklyn/util/ssh/IptablesCommands.java

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020

2121
import static org.apache.brooklyn.util.ssh.BashCommands.alternatives;
2222
import static org.apache.brooklyn.util.ssh.BashCommands.chain;
23+
import static org.apache.brooklyn.util.ssh.BashCommands.ifExecutableElse1;
2324
import static org.apache.brooklyn.util.ssh.BashCommands.installPackage;
2425
import static org.apache.brooklyn.util.ssh.BashCommands.sudo;
2526

@@ -94,7 +95,7 @@ public static String iptablesServiceStatus() {
9495
@Beta // implementation not portable across distros
9596
public static String firewalldService(String cmd) {
9697
return sudo(alternatives(
97-
BashCommands.ifExecutableElse1("systemctl", "systemctl " + cmd + " firewalld"),
98+
ifExecutableElse1("systemctl", "systemctl " + cmd + " firewalld"),
9899
"/usr/bin/systemctl " + cmd + " firewalld"));
99100
}
100101

@@ -130,7 +131,8 @@ public static String firewalldServiceIsActive() {
130131
*
131132
*/
132133
public static String saveIptablesRules() {
133-
return alternatives("if [ ${UID} -eq 0 ] ; then iptables–save > /etc/sysconfig/iptables ; else sudo iptables-save | sudo tee /etc/sysconfig/iptables ; fi",
134+
return alternatives(
135+
ifExecutableElse1("iptables–save", "if [ ${UID} -eq 0 ] ; then iptables–save > /etc/sysconfig/iptables ; else sudo iptables-save | sudo tee /etc/sysconfig/iptables ; fi"),
134136
chain(installPackage("iptables-persistent"), sudo("/etc/init.d/iptables-persistent save")));
135137
}
136138

@@ -140,7 +142,7 @@ public static String saveIptablesRules() {
140142
* @return Returns the command that cleans up iptables rules.
141143
*/
142144
public static String cleanUpIptablesRules() {
143-
return sudo("/sbin/iptables -F");
145+
return sudo("/sbin/iptables -F");
144146
}
145147

146148
/**
@@ -149,7 +151,7 @@ public static String cleanUpIptablesRules() {
149151
* @return Returns the command that list all the iptables rules.
150152
*/
151153
public static String listIptablesRule() {
152-
return sudo("/sbin/iptables -L -v -n");
154+
return sudo("/sbin/iptables -L -v -n");
153155
}
154156

155157
/**
@@ -213,7 +215,7 @@ public static String addIptablesRule(String direction, Chain chain, Optional<Str
213215
public static String addFirewalldRule(Chain chain, org.apache.brooklyn.util.net.Protocol protocol, int port, Policy policy) {
214216
return addFirewalldRule(chain, Optional.<String>absent(), protocol, port, policy);
215217
}
216-
218+
217219
/**
218220
* Returns the command that adds firewalld direct rule.
219221
*
@@ -222,12 +224,12 @@ public static String addFirewalldRule(Chain chain, org.apache.brooklyn.util.net.
222224
public static String addFirewalldRule(Chain chain, Optional<String> networkInterface, org.apache.brooklyn.util.net.Protocol protocol, int port, Policy policy) {
223225
String command = new String("/usr/bin/firewall-cmd");
224226
String commandPermanent = new String("/usr/bin/firewall-cmd --permanent");
225-
227+
226228
String interfaceParameter = String.format("%s", networkInterface.isPresent() ? " -i " + networkInterface.get() : "");
227-
228-
String commandParameters = String.format(" --direct --add-rule ipv4 filter %s 0 %s -p %s --dport %d -j %s",
229+
230+
String commandParameters = String.format(" --direct --add-rule ipv4 filter %s 0 %s -p %s --dport %d -j %s",
229231
chain, interfaceParameter, protocol, port, policy);
230-
232+
231233
return sudo(chain(command + commandParameters, commandPermanent + commandParameters));
232234
}
233235
}

utils/common/src/test/java/org/apache/brooklyn/util/ssh/IptablesCommandsTest.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -37,7 +37,7 @@ public class IptablesCommandsTest {
3737
+ "else sudo -E -n -S -- /sbin/iptables -I INPUT -p tcp --dport 3306 -j ACCEPT; fi )";
3838
private static final String appendIptablesRuleAll = "( if test \"$UID\" -eq 0; then ( /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT ); "
3939
+ "else sudo -E -n -S -- /sbin/iptables -A INPUT -p tcp --dport 3306 -j ACCEPT; fi )";
40-
private static final String saveIptablesRules = "( ( if test \"$UID\" -eq 0; then ( service iptables save ); else sudo -E -n -S -- service iptables save; fi ) || " +
40+
private static final String saveIptablesRules = "( { which iptables–save && if [ ${UID} -eq 0 ] ; then iptables–save > /etc/sysconfig/iptables ; else sudo iptables-save | sudo tee /etc/sysconfig/iptables ; fi ; } || " +
4141
"( ( { which zypper && { echo zypper exists, doing refresh && (( if test \"$UID\" -eq 0; then ( zypper --non-interactive --no-gpg-checks refresh ); else sudo -E -n -S -- zypper --non-interactive --no-gpg-checks refresh; fi ) || true) "
4242
+ "&& ( if test \"$UID\" -eq 0; then ( zypper --non-interactive --no-gpg-checks install iptables-persistent ); else sudo -E -n -S -- zypper --non-interactive --no-gpg-checks install iptables-persistent; fi ) ; } ; } || " +
4343
"{ which apt-get && { echo apt-get exists, doing update && export DEBIAN_FRONTEND=noninteractive "

0 commit comments

Comments
 (0)