config: wrap iptables in flock to avoid concurrancy.

When doing a releaseip event, we do them in parallel for all the separate
IPs.  This creates a problem for iptables, which isn't reentrant, giving
the strange message:
	iptables encountered unknown error "18446744073709551615" while initializing table "filter"

The worst possible symptom of this is that releaseip won't remove the rule
which prevents us listening to clients during releaseip, and the node will be
healthy but non-responsive.

The simple workaround is to flock-wrap iptables.  Better would be to rework
the code so we didn't need to use iptables in these paths.

CQ:S1018353
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

diff --git a/config/functions b/config/functions
index 73ae0c0fdf8751a8d74cd48f3825df9d0690799d..69c5ce1cfb1085f519c3580d9129555875ba2508 100755 (executable)
--- a/config/functions
+++ b/config/functions
@@ -761,6 +761,12 @@ ipv4_is_valid_addr()
        return 0;
 }
 
+# iptables doesn't like being re-entered, so flock-wrap it.
+iptables()
+{
+       flock -w 30 /var/ctdb/iptables-ctdb.flock /sbin/iptables "$@"
+}
+
 ########################################################
 # load a site local config file
 ########################################################