diff options
| author | Krishnaram Karthick Ramdoss <kramdoss@redhat.com> | 2018-07-25 00:28:59 +0000 |
|---|---|---|
| committer | Gerrit Code Review <gerrit2@gerrit.host.prod.eng.bos.redhat.com> | 2018-07-25 00:28:59 +0000 |
| commit | 6d9338fc1d00c2ea5c77febd0a8a71dc4c5a80b5 (patch) | |
| tree | 981ff5ae0d57da0e049e346ad54af1c1765edc65 | |
| parent | b7f6a80ceb1af26dec130facb64485ded0db18b2 (diff) | |
| parent | 007275cc27434057c03ce5bd56fd0b300324e34f (diff) | |
Merge "Speed up execution of the 'edit_iptables_cns' function"
| -rw-r--r-- | cns-libs/cnslibs/common/cns_libs.py | 41 |
1 files changed, 17 insertions, 24 deletions
diff --git a/cns-libs/cnslibs/common/cns_libs.py b/cns-libs/cnslibs/common/cns_libs.py index 5973c8b8..dbb78dcf 100644 --- a/cns-libs/cnslibs/common/cns_libs.py +++ b/cns-libs/cnslibs/common/cns_libs.py @@ -262,16 +262,12 @@ def edit_iptables_cns(hostname): try: conn = g.rpyc_get_connection(hostname, user="root") if conn is None: - g.log.error("Failed to get rpyc connection of node %s" - % hostname) + g.log.error("Failed to get rpyc connection of node %s" % hostname) return False - edit_flag = False - with conn.builtin.open("/etc/sysconfig/iptables", "r+") as f: - for line in f.readlines(): - if "--dport 3260" in line: - edit_flag = True - data = [ + filter_flag = False + file_data = "" + data_to_add = "\n".join([ "-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m %s" % line for line in ("tcp --dport 24007 -j ACCEPT", "tcp --dport 24008 -j ACCEPT", @@ -280,31 +276,28 @@ def edit_iptables_cns(hostname): "tcp --dport 24010 -j ACCEPT", "tcp --dport 3260 -j ACCEPT", "tcp --dport 111 -j ACCEPT") - ] - data_to_write = "\n".join(data) + "\n" - filter_flag = False - if not edit_flag: - for line in conn.modules.fileinput.input('/etc/sysconfig/iptables', - inplace=True): + ]) + "\n" + with conn.builtin.open("/etc/sysconfig/iptables", "r+") as f: + for line in f.readlines(): + if "--dport 3260" in line: + g.log.info("Iptables is already edited on %s" % hostname) + return True if "*filter" in line: filter_flag = True - if "COMMIT" in line and filter_flag is True: - conn.modules.sys.stdout.write(data_to_write) + elif "COMMIT" in line and filter_flag is True: + file_data += data_to_add filter_flag = False - conn.modules.sys.stdout.write(line) - else: - g.log.info("Iptables is already edited on %s" % hostname) - return True - + file_data += "%s" % line + with conn.builtin.open("/etc/sysconfig/iptables", "w") as f: + f.write(file_data) + g.log.info("successfully edited iptables on %s" % hostname) + return True except Exception as err: g.log.error("failed to edit iptables on %s err %s" % (hostname, err)) return False finally: g.rpyc_close_connection(hostname, user="root") - g.log.info("successfully edited iptables on %s" % hostname) - return True - def enable_kernel_module(hostname, module_name): ''' |