Restart netfilter-persistent instead of iptables-persistent

iptables-persistent has merged into netfilter-persitent as a plugin and /etc/init.d/iptables-persitent is no longer offered on new debians. This calls the newer variant when it is found and falls back to the old when it is not. Change-Id: Ibfc4c0286636633c2b1823aae5885ee6325fec2d
2015-06-03 15:13:26 -07:00 · 2015-06-03 15:13:26 -07:00 · aa72fd46b5
commit aa72fd46b5
parent e8d184f2f0
2 changed files with 24 additions and 4 deletions
--- a/akanda/router/drivers/iptables.py
+++ b/akanda/router/drivers/iptables.py
@ -16,7 +16,7 @@

 import re
 import itertools
-
+import os

 from akanda.router.drivers import base
 from akanda.router.models import Network
@ -84,10 +84,19 @@ class IPTablesManager(base.Manager):

    def restart(self):
        '''
-        Reload firewall rules via iptables-persistent
+        Reload firewall rules via [netfilter/iptables]-persistent
+        Note that at some point iptables-persistent merged into
+        netfilter-persistent as a plugin, so use that instead if it is
+        available
        '''
+        _init = '/etc/init.d/%s-persistent'
+        if os.path.isfile(_init % 'netfilter'):
+            init = _init % 'netfilter'
+        else:
+            init = _init % 'iptables'
+
        utils.execute(
-            ['/etc/init.d/iptables-persistent', 'restart'],
+            [init, 'restart'],
            self.root_helper
        )

--- a/test/unit/drivers/test_iptables.py
+++ b/test/unit/drivers/test_iptables.py
@ -171,13 +171,24 @@ class TestIPTablesConfiguration(TestCase):
            )
        ]

-    def test_restart(self):
+    @mock.patch('os.path.isfile')
+    def test_restart_iptables_persistent(self, mock_isfile):
+        mock_isfile.return_value = False
        mgr = iptables.IPTablesManager()
        mgr.restart()
        assert self.execute.call_args_list == [
            mock.call(['/etc/init.d/iptables-persistent', 'restart'], 'sudo')
        ]

+    @mock.patch('os.path.isfile')
+    def test_restart_netfilter_persistent(self, mock_isfile):
+        mock_isfile.return_value = True
+        mgr = iptables.IPTablesManager()
+        mgr.restart()
+        assert self.execute.call_args_list == [
+            mock.call(['/etc/init.d/netfilter-persistent', 'restart'], 'sudo')
+        ]
+
    def test_mixed_floating_ip_versions(self):
        # Neutron has a bug whereby you can create a floating ip that has
        # mixed IP versions between the fixed and floating address.  If