From 9f555ff72d306b9b2a0a303e55d82f718c0838af Mon Sep 17 00:00:00 2001
From: Phillip Shea <phillip.shea@hp.com>
Date: Thu, 23 Apr 2015 16:02:14 -0700
Subject: [PATCH] Utility function to isolate and rejoin a controller in a
 cluster.

Change-Id: I8b5af8077b9ba433ed30f9383845bed45eed162f
Signed-off-by: Phillip Shea <phillip.shea@hp.com>
---
 test/csit/libraries/UtilLibrary.py | 92 +++++++++++++++++++++++++++++-
 1 file changed, 91 insertions(+), 1 deletion(-)

diff --git a/test/csit/libraries/UtilLibrary.py b/test/csit/libraries/UtilLibrary.py
index 7c08d81b4e..92284d67b4 100644
--- a/test/csit/libraries/UtilLibrary.py
+++ b/test/csit/libraries/UtilLibrary.py
@@ -9,6 +9,7 @@ from SSHLibrary import SSHLibrary
 
 import robot
 import time
+import re
 
 global _cache
 
@@ -98,9 +99,10 @@ def execute_ssh_command(ip, username, password, command):
     lib.open_connection(ip)
     lib.login(username=username, password=password)
     print "login done"
-    lib.execute_command(command)
+    cmd_response = lib.execute_command(command)
     print "command executed : " + command
     lib.close_connection()
+    return cmd_response
 
 
 def wait_for_controller_up(ip, port="8181"):
@@ -196,6 +198,94 @@ def kill_controller(ip, username, password, karafHome):
                         "ps axf | grep karaf | grep -v grep | awk '{print \"kill -9 \" $1}' | sh")
 
 
+def isolate_controller(controllers, username, password, isolated):
+    """ Isolate one controller from the others in the cluster
+
+    :param controllers: A list of ip addresses or host names as strings.
+    :param username: Username for the controller to be isolated.
+    :param password: Password for the controller to be isolated.
+    :param isolated: Number (starting at one) of the controller to be isolated.
+    :return: If successful, returns "pass", otherwise returns the last failed IPTables text.
+    """
+    isolated_controller = controllers[isolated-1]
+    del controllers[isolated-1]
+    for controller in controllers:
+        base_str = 'sudo iptables -I OUTPUT -p all --source '
+        cmd_str = base_str + isolated_controller + ' --destination ' + controller + ' -j DROP'
+        execute_ssh_command(isolated_controller, username, password, cmd_str)
+        cmd_str = base_str + controller + ' --destination ' + isolated_controller + ' -j DROP'
+        execute_ssh_command(isolated_controller, username, password, cmd_str)
+    ip_tables = execute_ssh_command(isolated_controller, username, password, 'sudo iptables -L')
+    print ip_tables
+    iso_result = 'pass'
+    for controller in controllers:
+        controller_regex_string = "[\s\S]*" + isolated_controller + " *" + controller + "[\s\S]*"
+        controller_regex = re.compile(controller_regex_string)
+        if not controller_regex.match(ip_tables):
+            iso_result = ip_tables
+        controller_regex_string = "[\s\S]*" + controller + " *" + isolated_controller + "[\s\S]*"
+        controller_regex = re.compile(controller_regex_string)
+        if not controller_regex.match(ip_tables):
+            iso_result = ip_tables
+    return iso_result
+
+
+def rejoin_controller(controllers, username, password, isolated):
+    """ Return an isolated controller to the cluster.
+
+    :param controllers: A list of ip addresses or host names as strings.
+    :param username: Username for the isolated controller.
+    :param password: Password for the isolated controller.
+    :param isolated: Number (starting at one) of the isolated controller isolated.
+    :return: If successful, returns "pass", otherwise returns the last failed IPTables text.
+    """
+    isolated_controller = controllers[isolated-1]
+    del controllers[isolated-1]
+    for controller in controllers:
+        base_str = 'sudo iptables -D OUTPUT -p all --source '
+        cmd_str = base_str + isolated_controller + ' --destination ' + controller + ' -j DROP'
+        execute_ssh_command(isolated_controller, username, password, cmd_str)
+        cmd_str = base_str + controller + ' --destination ' + isolated_controller + ' -j DROP'
+        execute_ssh_command(isolated_controller, username, password, cmd_str)
+    ip_tables = execute_ssh_command(isolated_controller, username, password, 'sudo iptables -L')
+    print ip_tables
+    iso_result = 'pass'
+    for controller in controllers:
+        controller_regex_string = "[\s\S]*" + isolated_controller + " *" + controller + "[\s\S]*"
+        controller_regex = re.compile(controller_regex_string)
+        if controller_regex.match(ip_tables):
+            iso_result = ip_tables
+        controller_regex_string = "[\s\S]*" + controller + " *" + isolated_controller + "[\s\S]*"
+        controller_regex = re.compile(controller_regex_string)
+        if controller_regex.match(ip_tables):
+            iso_result = ip_tables
+    return iso_result
+
+
+def flush_iptables(controllers, username, password):
+    """Removes all entries from IPTables on all controllers.
+
+    :param controllers: A list of ip address or host names as strings.
+    :param username: Username for all controllers.
+    :param password: Password for all controllers.
+    :return: If successful, returns "pass", otherwise returns "fail".
+    """
+    flush_result = 'pass'
+    for controller in controllers:
+        cmd_str = 'sudo iptables -v -F'
+        cmd_result = execute_ssh_command(controller, username, password, cmd_str)
+        print cmd_result
+        success_string = "Flushing chain `INPUT'" + "\n"
+        success_string += "Flushing chain `FORWARD'" + "\n"
+        success_string += "Flushing chain `OUTPUT'"
+        if not cmd_result == success_string:
+            flush_result = "Failed to flush IPTables. Check Log."
+        print "."
+        print "."
+        print "."
+    return flush_result
+
+
 #
 # main invoked
 if __name__ != "__main__":
-- 
2.36.6