From 007275cc27434057c03ce5bd56fd0b300324e34f Mon Sep 17 00:00:00 2001 From: Valerii Ponomarov Date: Wed, 30 May 2018 16:01:08 +0530 Subject: Speed up execution of the 'edit_iptables_cns' function One single run of this func, depending on the size of iptables config file on remote machine, could take minute or more for execution. It is completely unacceptable just for updating one single file. So, replace inline change of remote file with simple single operation of write to it with whole set of needed inner data. Having cluster of 2 nodes and trying to run tests which have this func in its 'setUpClass' method, we could wait up to the 5 minutes just to reach execution of first test. With growth of amount of cluster nodes this waiting time would only lineary increase. Change-Id: Ief0b4d3b879ddc9f65557df54beddbb51bc28ba5 --- cns-libs/cnslibs/common/cns_libs.py | 41 +++++++++++++++---------------------- 1 file changed, 17 insertions(+), 24 deletions(-) (limited to 'cns-libs/cnslibs') diff --git a/cns-libs/cnslibs/common/cns_libs.py b/cns-libs/cnslibs/common/cns_libs.py index 5973c8b8..dbb78dcf 100644 --- a/cns-libs/cnslibs/common/cns_libs.py +++ b/cns-libs/cnslibs/common/cns_libs.py @@ -262,16 +262,12 @@ def edit_iptables_cns(hostname): try: conn = g.rpyc_get_connection(hostname, user="root") if conn is None: - g.log.error("Failed to get rpyc connection of node %s" - % hostname) + g.log.error("Failed to get rpyc connection of node %s" % hostname) return False - edit_flag = False - with conn.builtin.open("/etc/sysconfig/iptables", "r+") as f: - for line in f.readlines(): - if "--dport 3260" in line: - edit_flag = True - data = [ + filter_flag = False + file_data = "" + data_to_add = "\n".join([ "-A OS_FIREWALL_ALLOW -p tcp -m state --state NEW -m %s" % line for line in ("tcp --dport 24007 -j ACCEPT", "tcp --dport 24008 -j ACCEPT", @@ -280,31 +276,28 @@ def edit_iptables_cns(hostname): "tcp --dport 24010 -j ACCEPT", "tcp --dport 3260 -j ACCEPT", "tcp --dport 111 -j ACCEPT") - ] - data_to_write = "\n".join(data) + "\n" - filter_flag = False - if not edit_flag: - for line in conn.modules.fileinput.input('/etc/sysconfig/iptables', - inplace=True): + ]) + "\n" + with conn.builtin.open("/etc/sysconfig/iptables", "r+") as f: + for line in f.readlines(): + if "--dport 3260" in line: + g.log.info("Iptables is already edited on %s" % hostname) + return True if "*filter" in line: filter_flag = True - if "COMMIT" in line and filter_flag is True: - conn.modules.sys.stdout.write(data_to_write) + elif "COMMIT" in line and filter_flag is True: + file_data += data_to_add filter_flag = False - conn.modules.sys.stdout.write(line) - else: - g.log.info("Iptables is already edited on %s" % hostname) - return True - + file_data += "%s" % line + with conn.builtin.open("/etc/sysconfig/iptables", "w") as f: + f.write(file_data) + g.log.info("successfully edited iptables on %s" % hostname) + return True except Exception as err: g.log.error("failed to edit iptables on %s err %s" % (hostname, err)) return False finally: g.rpyc_close_connection(hostname, user="root") - g.log.info("successfully edited iptables on %s" % hostname) - return True - def enable_kernel_module(hostname, module_name): ''' -- cgit