From 8c9cf684baf9c8b8dcf04931e56f369b744171cb Mon Sep 17 00:00:00 2001 From: Alex Schultz Date: Mon, 15 Aug 2016 10:02:32 -0600 Subject: [PATCH] Update iptables calls with -w If iptables is currently being called outside of the ocf script, the iptables call will fail because it cannot get a lock. This change updates the iptables call to include the -w flag which will wait until the lock can be established and not just exit with an error. --- scripts/rabbitmq-server-ha.ocf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/rabbitmq-server-ha.ocf b/scripts/rabbitmq-server-ha.ocf index cd07d0c1b0d3..f6e3f5550792 100755 --- a/scripts/rabbitmq-server-ha.ocf +++ b/scripts/rabbitmq-server-ha.ocf @@ -691,7 +691,7 @@ block_client_access() # do not add temporary RMQ blocking rule, if it is already exist # otherwise, try to add a blocking rule with max of 5 retries local tries=5 - until $(iptables -nvL | grep -q 'temporary RMQ block') || [ $tries -eq 0 ]; do + until $(iptables -nvwL | grep -q 'temporary RMQ block') || [ $tries -eq 0 ]; do tries=$((tries-1)) iptables -I INPUT -p tcp -m tcp --dport ${OCF_RESKEY_node_port} -m state --state NEW,RELATED,ESTABLISHED \ -m comment --comment 'temporary RMQ block' -j REJECT --reject-with tcp-reset @@ -707,7 +707,7 @@ block_client_access() unblock_client_access() { # remove all temporary RMQ blocking rules, if there are more than one exist - for i in $(iptables -nvL --line-numbers | awk '/temporary RMQ block/ {print $1}'); do + for i in $(iptables -nvwL --line-numbers | awk '/temporary RMQ block/ {print $1}'); do iptables -D INPUT -p tcp -m tcp --dport ${OCF_RESKEY_node_port} -m state --state NEW,RELATED,ESTABLISHED \ -m comment --comment 'temporary RMQ block' -j REJECT --reject-with tcp-reset done