From 58aae096b14b595d5db6e01fb4c0d82e58e260fb Mon Sep 17 00:00:00 2001
From: Bilal Baqar <bbaqar@plumgrid.com>
Date: Wed, 9 Mar 2016 11:55:36 -0800
Subject: [PATCH 1/2] Fix for CFB-829

---
 hooks/pg_dir_context.py           | 1 +
 unit_tests/test_pg_dir_context.py | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/hooks/pg_dir_context.py b/hooks/pg_dir_context.py
index 94b6834..83404d1 100644
--- a/hooks/pg_dir_context.py
+++ b/hooks/pg_dir_context.py
@@ -71,6 +71,7 @@ class PGDirContext(context.NeutronContext):
         pg_dir_ips = _pg_dir_ips()
         pg_dir_ips.append(str(get_address_in_network(network=None,
                           fallback=get_host_ip(unit_get('private-address')))))
+        pg_dir_ips = sorted(pg_dir_ips)
         pg_ctxt['director_ips'] = pg_dir_ips
         pg_dir_ips_string = ''
         single_ip = True
diff --git a/unit_tests/test_pg_dir_context.py b/unit_tests/test_pg_dir_context.py
index 33d081b..ed0fd38 100644
--- a/unit_tests/test_pg_dir_context.py
+++ b/unit_tests/test_pg_dir_context.py
@@ -92,9 +92,9 @@ class PGDirContextTest(CharmTestCase):
             'label': 'node0',
             'fabric_mode': 'host',
             'virtual_router_id': '250',
-            'director_ips': ['192.168.100.202', '192.168.100.203',
-                             '192.168.100.201'],
+            'director_ips': ['192.168.100.201', '192.168.100.202',
+                             '192.168.100.203'],
             'director_ips_string':
-            '192.168.100.202,192.168.100.203,192.168.100.201',
+            '192.168.100.201,192.168.100.202,192.168.100.203',
         }
         self.assertEquals(expect, napi_ctxt())

From 96d0f7a1b5e128f21e273279638a81b6bbf30c8f Mon Sep 17 00:00:00 2001
From: Bilal Baqar <bbaqar@plumgrid.com>
Date: Thu, 10 Mar 2016 11:38:25 -0800
Subject: [PATCH 2/2] Loading Specific Iptables in install hook

---
 hooks/pg_dir_hooks.py           |  4 ++-
 hooks/pg_dir_utils.py           | 50 +++++++++++++++++++++++++++++++--
 unit_tests/test_pg_dir_hooks.py |  3 +-
 3 files changed, 53 insertions(+), 4 deletions(-)

diff --git a/hooks/pg_dir_hooks.py b/hooks/pg_dir_hooks.py
index 6ba6cba..d6d14e8 100755
--- a/hooks/pg_dir_hooks.py
+++ b/hooks/pg_dir_hooks.py
@@ -30,7 +30,8 @@ from pg_dir_utils import (
     ensure_mtu,
     add_lcm_key,
     post_pg_license,
-    fabric_interface_changed
+    fabric_interface_changed,
+    load_iptables
 )
 
 hooks = Hooks()
@@ -42,6 +43,7 @@ def install():
     '''
     Install hook is run when the charm is first deployed on a node.
     '''
+    load_iptables()
     configure_sources(update=True)
     pkgs = determine_packages()
     for pkg in pkgs:
diff --git a/hooks/pg_dir_utils.py b/hooks/pg_dir_utils.py
index c437a6f..ab48966 100644
--- a/hooks/pg_dir_utils.py
+++ b/hooks/pg_dir_utils.py
@@ -18,7 +18,8 @@ from charmhelpers.contrib.network.ip import (
     get_iface_addr
 )
 from charmhelpers.fetch import (
-    apt_cache
+    apt_cache,
+    apt_install
 )
 from charmhelpers.contrib.openstack import templating
 from charmhelpers.core.host import set_nic_mtu
@@ -143,7 +144,6 @@ def restart_pg():
     '''
     service_stop('plumgrid')
     time.sleep(2)
-    _exec_cmd(cmd=['iptables', '-F'])
     service_start('plumgrid')
     time.sleep(5)
 
@@ -341,3 +341,49 @@ def post_pg_license():
         log('No change in PLUMgrid License')
         return 0
     return 1
+
+
+def load_iptables():
+    network = get_cidr_from_iface(get_mgmt_interface())
+    if network:
+        _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'tcp',
+                   '-j', 'ACCEPT', '-s', network, '-d',
+                   network, '-m', 'state', '--state', 'NEW'])
+        _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'udp', '-j',
+                   'ACCEPT', '-s', network, '-d', network,
+                   '-m', 'state', '--state', 'NEW'])
+        _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-s', network,
+                   '-d', '224.0.0.18/32', '-j', 'ACCEPT'])
+    _exec_cmd(['sudo', 'iptables', '-I', 'INPUT', '-p', 'vrrp', '-j',
+               'ACCEPT'])
+    _exec_cmd(['sudo', 'iptables', '-A', 'INPUT', '-p', 'tcp', '-j',
+               'ACCEPT', '-d', config('plumgrid-virtual-ip'), '-m',
+               'state', '--state', 'NEW'])
+    apt_install('iptables-persistent')
+
+
+def get_cidr_from_iface(interface):
+    if not interface:
+        return None
+    apt_install('ohai')
+    try:
+        os_info = subprocess.check_output(['ohai', '-l', 'fatal'])
+    except OSError:
+        log('Unable to get operating system information')
+        return None
+    try:
+        os_info_json = json.loads(os_info)
+    except ValueError:
+        log('Unable to determine network')
+        return None
+    device = os_info_json['network']['interfaces'].get(interface)
+    if device is not None:
+        if device.get('routes'):
+            routes = device['routes']
+            for net in routes:
+                if 'scope' in net:
+                    return net.get('destination')
+        else:
+            return None
+    else:
+        return None
diff --git a/unit_tests/test_pg_dir_hooks.py b/unit_tests/test_pg_dir_hooks.py
index dd0b850..04065bd 100644
--- a/unit_tests/test_pg_dir_hooks.py
+++ b/unit_tests/test_pg_dir_hooks.py
@@ -31,7 +31,8 @@ TO_PATCH = [
     'add_lcm_key',
     'determine_packages',
     'post_pg_license',
-    'config'
+    'config',
+    'load_iptables'
 ]
 NEUTRON_CONF_DIR = "/etc/neutron"