From 86d10d306967922be894ddd19fcf49382a522b75 Mon Sep 17 00:00:00 2001
From: Andrew Butcher <abutcher@redhat.com>
Date: Mon, 23 Jan 2017 14:24:56 -0500
Subject: [os_firewall] Add -w flag to wait for iptables xtables lock.

---
 roles/os_firewall/library/os_firewall_manage_iptables.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'roles/os_firewall')

diff --git a/roles/os_firewall/library/os_firewall_manage_iptables.py b/roles/os_firewall/library/os_firewall_manage_iptables.py
index 8ba650994..4ba38b721 100755
--- a/roles/os_firewall/library/os_firewall_manage_iptables.py
+++ b/roles/os_firewall/library/os_firewall_manage_iptables.py
@@ -223,7 +223,9 @@ class IpTablesManager(object):  # pylint: disable=too-many-instance-attributes
 
     def gen_cmd(self):
         cmd = 'iptables' if self.ip_version == 'ipv4' else 'ip6tables'
-        return ["/usr/sbin/%s" % cmd]
+        # Include -w (wait for xtables lock) in default arguments.
+        default_args = '-w'
+        return ["/usr/sbin/%s %s" % (cmd, default_args)]
 
     def gen_save_cmd(self):  # pylint: disable=no-self-use
         return ['/usr/libexec/iptables/iptables.init', 'save']
-- 
cgit v1.2.3