Fixes IPSet updating and adds Ubuntu support#3
Open
asasfu wants to merge 6 commits into
Open
Conversation
…tra create line; trivial spec
Possibly supports Ubuntu 15.04 upstart as well but untested. Added the use of systemctl daemon-reload instead of file link for better systemd target handling, same effect at the moment but if someone changes the target this is more flexible.
Needed to add path options in exec so that Ubuntu works as well. Moved systemd service file location to /etc/systemd/system as /usr/lib/systemd/system and Ubuntu, /lib/systemd/system are meant for packages themselves (apt, rpm) to deploy their service files, /etc/systemd/system will be the winning file though. Plus /etc/systemd/system is identical between RHEL and Debian base systems.
Previously ipset updates to ipsets that already existed tried to destroy and then create the list. You cannot destroy a list actively in use by IPTables. In this case we checked the diff between the active ipset and the proposed ipset, if it found a difference it now creates a new temporary in-memory ipset and then swaps them in-place and then proceeds to remove that temporary in-memory ipset.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
IPSets previously could not be updated if they were in use by iptables. This fixes that by using swap instead of destroy and create. Makes this much more usable in an automated environment.
Added Ubuntu support with the option to tell it you use another init system like upstart if you didn't choose systemd as your init system.
Included Ray's PR as it is useful. Added systemctl daemon-reload instead of symlink creation to allow more flexibility and moved the service file to /etc/systemd/system instead of /usr/lib... as it's more correct and OS agnostic.