#!/bin/sh

### BEGIN INIT INFO
# Provides:          openstack-nova-network
# Required-Start:    $remote_fs $syslog
# Required-Stop:     $remote_fs $syslog
# Should-Start:      mysql postgresql rabbitmq-server
# Should-Stop:       mysql postgresql rabbitmq-server
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: OpenStack Compute (Nova) - network
# Description:       OpenStack Compute (Nova) - network 
### END INIT INFO

DAEMON="network"
USER="nova"
CONFFILE="/etc/nova/nova.conf"
RUNDIR="/var/run/nova"

# $RUNDIR can be tmpfs, thus we have to create/own it here:
mkdir -m 0700 -p $RUNDIR && chown $USER. $RUNDIR

. /etc/rc.status

iptables_setup()
{
    mode=$1
    if [ -n "$ADMINNETWORK" ] && grep -qx 'enabled_apis=metadata' /etc/nova/nova.conf ; then # this must not run outside of compute nodes
        interface=$(perl -ne 'm/flat_network_bridge=([0-9a-z.-]+)/ && print $1' /etc/nova/nova.conf)
        if [ -z "$interface" ] ; then
            echo "error: no flat_network_bridge interface found in nova.conf"
            echo "can not set iptables rules"
        else
            PATH="/sbin:/usr/sbin:/usr/bin:/bin"
            c="nova-filter-FORWARD-sitelocl"
            iptables -N $c 2>/dev/null
            iptables -$mode $c -d $STORAGENETWORK/$STORAGENETMASK -j REJECT
            iptables -$mode INPUT -d $STORAGENETWORK/$STORAGENETMASK -i $interface -j REJECT
            iptables -$mode $c -d $ADMINNETWORK/$ADMINNETMASK -j REJECT
            iptables -$mode INPUT -d $ADMINNETWORK/$ADMINNETMASK -i $interface -j REJECT
            iptables -$mode INPUT -p tcp --dport 8775 -i $interface -j ACCEPT # metadata api
        fi
    fi
}

case "$1" in
    start)
        if [ "$DAEMON" == "api" ]; then
            echo -n "Checking for Nova API DB Migrations"
            su $USER -s /bin/sh -c "/usr/bin/nova-manage db sync"
            rc_status -v
        fi
        
        echo -n "Starting nova-$DAEMON"
        iptables_setup I
        /sbin/startproc -q -s -u $USER /usr/bin/nova-$DAEMON --config-file=$CONFFILE
        rc_status -v
        ;;
    stop)
        echo -n "Shutting down nova-$DAEMON"
        /sbin/killproc /usr/bin/nova-$DAEMON
        rc_status -v
        iptables_setup D
        ;;
    restart)
        $0 stop
        $0 start
        rc_status
        ;;
    force-reload)
        $0 try-restart
        rc_status
        ;;
    reload)
        echo -n "Reload service nova-$DAEMON"
        rc_failed 3
        rc_status -v
        ;;
    status)
        echo -n "Checking for service nova-$DAEMON"
        /sbin/checkproc /usr/bin/nova-$DAEMON
        rc_status -v
        ;;
    try-restart|condrestart)
        if test "$1" = "condrestart"; then
            echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
        fi
        $0 status
        if test $? = 0; then
            $0 restart
        else
            rc_reset # Not running is not a failure.
        fi
        rc_status # Remember status and be quiet
        ;;
    *)
        echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload}"
        exit 1
        ;;
esac
rc_exit
