From b7ab706f90208e6c7f3f482785690b786732b47e Mon Sep 17 00:00:00 2001
From: Attila Fazekas <afazekas@redhat.com>
Date: Fri, 11 Jul 2014 17:24:43 +0200
Subject: [PATCH] iptables on fedora

The systemd version of iptables requires the 'iptables-services' package
for having the `regular` iptables rule restore on service startup.

The service also needs to be enabled explicitly.

Another iptables related issue with multinode_setup.sh,
tries to executes the iptables command without login shell.

The non-login shell does not contains /usr/sbin in PATH,
so multinode_setup.sh changed to use login shell defaults.

Warning: This change enables the iptables service on all
distribution.

Change-Id: I3174e43b3b19e28073a4364dd0f66fc39b0fa815
---
 modules/iptables/manifests/init.pp            |  1 +
 modules/iptables/manifests/params.pp          | 26 +++++++++++++++++--
 .../files/nodepool/scripts/multinode_setup.sh |  2 ++
 3 files changed, 27 insertions(+), 2 deletions(-)
 mode change 100644 => 100755 modules/openstack_project/files/nodepool/scripts/multinode_setup.sh

diff --git a/modules/iptables/manifests/init.pp b/modules/iptables/manifests/init.pp
index 576ce16ed0..b6448a6ca4 100644
--- a/modules/iptables/manifests/init.pp
+++ b/modules/iptables/manifests/init.pp
@@ -36,6 +36,7 @@ class iptables(
       hasstatus  => $::iptables::params::service_has_status,
       status     => $::iptables::params::service_status_cmd,
       hasrestart => $::iptables::params::service_has_restart,
+      enable     => true,
     }
     $notify_iptables = Service['iptables']
   }
diff --git a/modules/iptables/manifests/params.pp b/modules/iptables/manifests/params.pp
index b825177e19..6c9f308bc4 100644
--- a/modules/iptables/manifests/params.pp
+++ b/modules/iptables/manifests/params.pp
@@ -5,14 +5,36 @@
 class iptables::params {
   case $::osfamily {
     'RedHat': {
-      $package_name = 'iptables'
+      case $::operatingsystem {
+        'Fedora': {
+          $package_name = 'iptables-services'
+          $service_has_restart = true
+        }
+        'RedHat','CentOS','Scientific': {
+            case $::operatingsystemrelease {
+              /^7/: {
+                $package_name = 'iptables-services'
+                $service_has_restart = true
+              }
+              /^6/: {
+                $package_name = 'iptables'
+                $service_has_restart = false
+              }
+              default: {
+                fail("Unsupported operatingsystemrelease: ${::operatingsystemrelease} The 'iptables' module recognize only 6, 7 as RedHat major versions.")
+              }
+          }
+        }
+        default: {
+          fail("Unsupported operatingsystem: ${::operatingsystem} The 'iptables' module with RedHat osfamily.")
+        }
+      }
       $service_name = 'iptables'
       $rules_dir = '/etc/sysconfig'
       $ipv4_rules = '/etc/sysconfig/iptables'
       $ipv6_rules = '/etc/sysconfig/ip6tables'
       $service_has_status = true
       $service_status_cmd = undef
-      $service_has_restart = false
     }
     'Debian': {
       $package_name = 'iptables-persistent'
diff --git a/modules/openstack_project/files/nodepool/scripts/multinode_setup.sh b/modules/openstack_project/files/nodepool/scripts/multinode_setup.sh
old mode 100644
new mode 100755
index 0d629d6eb1..ed01e6d071
--- a/modules/openstack_project/files/nodepool/scripts/multinode_setup.sh
+++ b/modules/openstack_project/files/nodepool/scripts/multinode_setup.sh
@@ -16,6 +16,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
+export PATH=$PATH:/usr/local/sbin:/usr/sbin
+
 for ip in `cat /etc/nodepool/primary_node /etc/nodepool/sub_nodes`; do
     sudo iptables -I openstack-INPUT 1 -s $ip -j ACCEPT
 done