From d0ef143cc10a74ea2f8a311e1f97088c9b9edcfc Mon Sep 17 00:00:00 2001
From: vamahaja <vamahaja@redhat.com>
Date: Wed, 25 Sep 2019 19:19:47 +0530
Subject: Add library to add/remove iptables rule on host

Change-Id: I1055b232711c95fdbf89ba9fe8b9d61a561fbcd5
Signed-off-by: vamahaja <vamahaja@redhat.com>
---
 .../openshiftstoragelibs/node_ops.py               | 50 ++++++++++++++++++++++
 1 file changed, 50 insertions(+)

(limited to 'openshift-storage-libs/openshiftstoragelibs')

diff --git a/openshift-storage-libs/openshiftstoragelibs/node_ops.py b/openshift-storage-libs/openshiftstoragelibs/node_ops.py
index 8ca5674b..5811e157 100644
--- a/openshift-storage-libs/openshiftstoragelibs/node_ops.py
+++ b/openshift-storage-libs/openshiftstoragelibs/node_ops.py
@@ -4,6 +4,7 @@ from glustolibs.gluster.exceptions import ExecutionError
 from glusto.core import Glusto as g
 
 from openshiftstoragelibs.cloundproviders.vmware import VmWare
+from openshiftstoragelibs import command
 from openshiftstoragelibs import exceptions
 from openshiftstoragelibs import waiter
 
@@ -178,3 +179,52 @@ def power_on_vm_by_name(name, timeout=600, interval=10):
             g.log.info(e)
     if w.expired:
         raise exceptions.CloudProviderError(e)
+
+
+def node_add_iptables_rules(node, chain, rules, raise_on_error=True):
+    """Append iptables rules
+
+    Args:
+        node (str): Node on which iptables rules should be added.
+        chain (str): iptables chain in which rule(s) need to be appended.
+        rules (str|tuple|list): Rule(s) which need(s) to be added to a chain.
+    Reuturns:
+        None
+    Exception:
+        AssertionError: In case command fails to execute and
+                        raise_on_error set to True
+    """
+    rules = rules if hasattr(rules, '__iter__') else [rules]
+
+    add_iptables_rule_cmd = "iptables --append %s %s"
+    check_iptables_rule_cmd = "iptables --check %s %s"
+    for rule in rules:
+        try:
+            command.cmd_run(check_iptables_rule_cmd % (chain, rule), node)
+        except AssertionError:
+            command.cmd_run(
+                add_iptables_rule_cmd % (chain, rule), node,
+                raise_on_error=raise_on_error)
+
+
+def node_delete_iptables_rules(node, chain, rules, raise_on_error=True):
+    """Delete iptables rules
+
+    Args:
+        node (str): Node on which iptables rules should be deleted.
+        chain (str): iptables chain from which rule(s) need to be deleted.
+        rules (str|tuple|list): Rule(s) which need(s) to be deleted from
+                                a chain.
+    Reuturns:
+        None
+    Exception:
+        AssertionError: In case command fails to execute and
+                        raise_on_error set to True
+    """
+    rules = rules if hasattr(rules, '__iter__') else [rules]
+
+    delete_iptables_rule_cmd = "iptables --delete %s %s"
+    for rule in rules:
+        command.cmd_run(
+            delete_iptables_rule_cmd % (chain, rule), node,
+            raise_on_error=raise_on_error)
-- 
cgit