Beispiel #1
0
 def defer_apply(self):
     """Defer apply context."""
     self.defer_apply_on()
     try:
         yield
     finally:
         try:
             self.defer_apply_off()
         except l3_exc.IpTablesApplyException:
             # already in the format we want, just reraise
             raise
         except Exception:
             msg = _('Failure applying iptables rules')
             LOG.exception(msg)
             raise l3_exc.IpTablesApplyException(msg)
Beispiel #2
0
    def _apply(self):
        lock_name = 'iptables'
        if self.namespace:
            lock_name += '-' + self.namespace

        # NOTE(ihrachys) we may get rid of the lock once all supported
        # platforms get iptables with 999eaa241212d3952ddff39a99d0d55a74e3639e
        # ("iptables-restore: support acquiring the lock.")
        with lockutils.lock(lock_name, runtime.SYNCHRONIZED_PREFIX, True):
            first = self._apply_synchronized()
            if not cfg.CONF.AGENT.debug_iptables_rules:
                return first
            second = self._apply_synchronized()
            if second:
                msg = (_("IPTables Rules did not converge. Diff: %s") %
                       '\n'.join(second))
                LOG.error(msg)
                raise l3_exc.IpTablesApplyException(msg)
            return first