From eb3a56478657f92478dcf5aab1905689bc29a2f6 Mon Sep 17 00:00:00 2001
From: Bilal Baqar <bbaqar@plumgrid.com>
Date: Wed, 9 Mar 2016 12:29:15 -0800
Subject: [PATCH 1/4] Fix for CFB-829

---
 hooks/pg_gw_context.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hooks/pg_gw_context.py b/hooks/pg_gw_context.py
index f3dada7..b2bc7b5 100644
--- a/hooks/pg_gw_context.py
+++ b/hooks/pg_gw_context.py
@@ -60,7 +60,7 @@ class PGGwContext(context.NeutronContext):
             return {}
 
         pg_dir_ips = ''
-        pg_dir_settings = _pg_dir_settings()
+        pg_dir_settings = sorted(_pg_dir_settings())
         single_ip = True
         for ip in pg_dir_settings:
             if single_ip:

From bf8557803512b4ffd2002e71b575fc470a01b596 Mon Sep 17 00:00:00 2001
From: Bilal Baqar <bbaqar@plumgrid.com>
Date: Thu, 10 Mar 2016 14:39:19 -0800
Subject: [PATCH 2/4] Loading Specific Iptables in install hook

---
 hooks/pg_gw_hooks.py           |  4 ++-
 hooks/pg_gw_utils.py           | 50 ++++++++++++++++++++++++++++++++--
 unit_tests/test_pg_gw_hooks.py |  1 +
 3 files changed, 52 insertions(+), 3 deletions(-)

diff --git a/hooks/pg_gw_hooks.py b/hooks/pg_gw_hooks.py
index d976b7e..a64030b 100755
--- a/hooks/pg_gw_hooks.py
+++ b/hooks/pg_gw_hooks.py
@@ -30,7 +30,8 @@ from pg_gw_utils import (
     remove_iovisor,
     ensure_mtu,
     add_lcm_key,
-    fabric_interface_changed
+    fabric_interface_changed,
+    load_iptables,
 )
 
 hooks = Hooks()
@@ -42,6 +43,7 @@ def install():
     '''
     Install hook is run when the charm is first deployed on a node.
     '''
+    load_iptables()
     configure_sources(update=True)
     pkgs = determine_packages()
     for pkg in pkgs:
diff --git a/hooks/pg_gw_utils.py b/hooks/pg_gw_utils.py
index e3586d0..47577de 100644
--- a/hooks/pg_gw_utils.py
+++ b/hooks/pg_gw_utils.py
@@ -22,7 +22,8 @@ from charmhelpers.core.host import (
     service_stop,
 )
 from charmhelpers.fetch import (
-    apt_cache
+    apt_cache,
+    apt_install
 )
 from charmhelpers.contrib.storage.linux.ceph import modprobe
 from charmhelpers.core.host import set_nic_mtu
@@ -143,7 +144,6 @@ def restart_pg():
     '''
     service_stop('plumgrid')
     time.sleep(30)
-    _exec_cmd(cmd=['iptables', '-F'])
     service_start('plumgrid')
     time.sleep(30)
 
@@ -327,3 +327,49 @@ def add_lcm_key():
     fa.write('\n')
     fa.close()
     return 1
+
+
+def load_iptables():
+    network = get_cidr_from_iface(get_mgmt_interface())
+    if network:
+        _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'tcp',
+                   '-j', 'ACCEPT', '-s', network, '-d',
+                   network, '-m', 'state', '--state', 'NEW'])
+        _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'udp', '-j',
+                   'ACCEPT', '-s', network, '-d', network,
+                   '-m', 'state', '--state', 'NEW'])
+        _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-s', network,
+                   '-d', '224.0.0.18/32', '-j', 'ACCEPT'])
+    _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-p', 'vrrp', '-j',
+               'ACCEPT'])
+    _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'tcp', '-j',
+               'ACCEPT', '-d', config('plumgrid-virtual-ip'), '-m',
+               'state', '--state', 'NEW'])
+    apt_install('iptables-persistent')
+
+
+def get_cidr_from_iface(interface):
+    if not interface:
+        return None
+    apt_install('ohai')
+    try:
+        os_info = subprocess.check_output(['ohai', '-l', 'fatal'])
+    except OSError:
+        log('Unable to get operating system information')
+        return None
+    try:
+        os_info_json = json.loads(os_info)
+    except ValueError:
+        log('Unable to determine network')
+        return None
+    device = os_info_json['network']['interfaces'].get(interface)
+    if device is not None:
+        if device.get('routes'):
+            routes = device['routes']
+            for net in routes:
+                if 'scope' in net:
+                    return net.get('destination')
+        else:
+            return None
+    else:
+        return None
diff --git a/unit_tests/test_pg_gw_hooks.py b/unit_tests/test_pg_gw_hooks.py
index 8e87dc8..a1b5779 100644
--- a/unit_tests/test_pg_gw_hooks.py
+++ b/unit_tests/test_pg_gw_hooks.py
@@ -30,6 +30,7 @@ TO_PATCH = [
     'ensure_mtu',
     'add_lcm_key',
     'determine_packages',
+    'load_iptables'
 ]
 NEUTRON_CONF_DIR = "/etc/neutron"
 

From 395eaafb5c00f0236f9c42696d528f13ec77d646 Mon Sep 17 00:00:00 2001
From: Bilal Baqar <bbaqar@plumgrid.com>
Date: Fri, 11 Mar 2016 02:27:46 -0800
Subject: [PATCH 3/4] Adding upgrade-charm hook

---
 hooks/pg_gw_hooks.py | 5 +++++
 hooks/pg_gw_utils.py | 9 +--------
 hooks/upgrade-charm  | 1 +
 3 files changed, 7 insertions(+), 8 deletions(-)
 create mode 120000 hooks/upgrade-charm

diff --git a/hooks/pg_gw_hooks.py b/hooks/pg_gw_hooks.py
index a64030b..5b37e89 100755
--- a/hooks/pg_gw_hooks.py
+++ b/hooks/pg_gw_hooks.py
@@ -100,6 +100,11 @@ def config_changed():
     restart_pg()
 
 
+@hooks.hook('upgrade-charm')
+def upgrade_charm():
+    load_iptables()
+
+
 @hooks.hook('stop')
 def stop():
     '''
diff --git a/hooks/pg_gw_utils.py b/hooks/pg_gw_utils.py
index 47577de..00c3402 100644
--- a/hooks/pg_gw_utils.py
+++ b/hooks/pg_gw_utils.py
@@ -338,14 +338,7 @@ def load_iptables():
         _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'udp', '-j',
                    'ACCEPT', '-s', network, '-d', network,
                    '-m', 'state', '--state', 'NEW'])
-        _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-s', network,
-                   '-d', '224.0.0.18/32', '-j', 'ACCEPT'])
-    _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-p', 'vrrp', '-j',
-               'ACCEPT'])
-    _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'tcp', '-j',
-               'ACCEPT', '-d', config('plumgrid-virtual-ip'), '-m',
-               'state', '--state', 'NEW'])
-    apt_install('iptables-persistent')
+        apt_install('iptables-persistent')
 
 
 def get_cidr_from_iface(interface):
diff --git a/hooks/upgrade-charm b/hooks/upgrade-charm
new file mode 120000
index 0000000..3aec9ba
--- /dev/null
+++ b/hooks/upgrade-charm
@@ -0,0 +1 @@
+pg_gw_hooks.py
\ No newline at end of file

From aeafa927221f63b935a9152d155fe075c7ec218e Mon Sep 17 00:00:00 2001
From: Bilal Baqar <bbaqar@plumgrid.com>
Date: Sun, 13 Mar 2016 21:18:03 -0700
Subject: [PATCH 4/4] Adding restart in upgrade hook

---
 hooks/pg_gw_hooks.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hooks/pg_gw_hooks.py b/hooks/pg_gw_hooks.py
index 5b37e89..97ea9c6 100755
--- a/hooks/pg_gw_hooks.py
+++ b/hooks/pg_gw_hooks.py
@@ -103,6 +103,10 @@ def config_changed():
 @hooks.hook('upgrade-charm')
 def upgrade_charm():
     load_iptables()
+    ensure_mtu()
+    ensure_files()
+    CONFIGS.write_all()
+    restart_pg()
 
 
 @hooks.hook('stop')