def defer_apply(self): """Defer apply context.""" self.defer_apply_on() try: yield finally: try: self.defer_apply_off() except Exception: raise n_exc.IpTablesApplyException('Failure applying ip ' 'tables rules')
def defer_apply(self): """Defer apply context.""" self.defer_apply_on() try: yield finally: try: self.defer_apply_off() except n_exc.IpTablesApplyException: # already in the format we want, just reraise raise except Exception: msg = _('Failure applying iptables rules') LOG.exception(msg) raise n_exc.IpTablesApplyException(msg)
def _apply(self): lock_name = 'iptables' if self.namespace: lock_name += '-' + self.namespace with lockutils.lock(lock_name, utils.SYNCHRONIZED_PREFIX, True): first = self._apply_synchronized() if not cfg.CONF.AGENT.debug_iptables_rules: return first second = self._apply_synchronized() if second: msg = (_("IPTables Rules did not converge. Diff: %s") % '\n'.join(second)) LOG.error(msg) raise n_exc.IpTablesApplyException(msg) return first
def _apply(self): lock_name = 'iptables' if self.namespace: lock_name += '-' + self.namespace # NOTE(ihrachys) we may get rid of the lock once all supported # platforms get iptables with 999eaa241212d3952ddff39a99d0d55a74e3639e # ("iptables-restore: support acquiring the lock.") with lockutils.lock(lock_name, runtime.SYNCHRONIZED_PREFIX, True): first = self._apply_synchronized() if not cfg.CONF.AGENT.debug_iptables_rules: return first second = self._apply_synchronized() if second: msg = (_("IPTables Rules did not converge. Diff: %s") % '\n'.join(second)) LOG.error(msg) raise n_exc.IpTablesApplyException(msg) return first