From cab088287ec32c955049a5e184b589786d8858a4 Mon Sep 17 00:00:00 2001
From: Tom Wieczorek <twieczorek@mirantis.com>
Date: Fri, 14 Jun 2024 10:13:28 +0200
Subject: [PATCH] Install packages before airgapping

Installing ip6tables after disrupting IPv4 traffic will fail utterly if
the machine uses IPv4 for package installations. Install both packages
in lockstep before actually disrupting any traffic.

Fixes: e6bb827fc ("Whitelist local IPv6 CIDRs when airgapping nodes")
Signed-off-by: Tom Wieczorek <twieczorek@mirantis.com>
---
 inttest/common/airgap.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/inttest/common/airgap.go b/inttest/common/airgap.go
index 0373fc78d6e4..30d4db8fc72d 100644
--- a/inttest/common/airgap.go
+++ b/inttest/common/airgap.go
@@ -155,10 +155,10 @@ localAddrs:
 
 func (a *Airgap) airgapMachine(ctx context.Context, name, v4CIDRs, v6CIDRs string) error {
 	const airgapScript = `
+		apk add --no-cache %s
 		v4Cidrs='%s'
 		v6Cidrs='%s'
 		if [ -n "$v4Cidrs" ]; then
-			apk add --no-cache iptables
 			for cidr in $v4Cidrs; do
 				iptables -A INPUT -s $cidr -j ACCEPT
 				iptables -A OUTPUT -d $cidr -j ACCEPT
@@ -168,7 +168,6 @@ func (a *Airgap) airgapMachine(ctx context.Context, name, v4CIDRs, v6CIDRs strin
 		fi
 
 		if [ -n "$v6Cidrs" ]; then
-			apk add --no-cache ip6tables
 			for cidr in $v6Cidrs; do
 				ip6tables -A INPUT -s $cidr -j ACCEPT
 				ip6tables -A OUTPUT -d $cidr -j ACCEPT
@@ -183,6 +182,18 @@ func (a *Airgap) airgapMachine(ctx context.Context, name, v4CIDRs, v6CIDRs strin
 		fi
 	`
 
+	var packages []string
+	if v4CIDRs != "" {
+		packages = append(packages, "iptables")
+	}
+	if v6CIDRs != "" {
+		packages = append(packages, "ip6tables")
+	}
+
+	if len(packages) < 1 {
+		return nil
+	}
+
 	a.Logf("Airgapping %s", name)
 
 	ssh, err := a.SSH(ctx, name)
@@ -192,6 +203,6 @@ func (a *Airgap) airgapMachine(ctx context.Context, name, v4CIDRs, v6CIDRs strin
 	defer ssh.Disconnect()
 
 	return ssh.Exec(ctx, "sh -e -", SSHStreams{
-		In: strings.NewReader(fmt.Sprintf(airgapScript, v4CIDRs, v6CIDRs)),
+		In: strings.NewReader(fmt.Sprintf(airgapScript, strings.Join(packages, " "), v4CIDRs, v6CIDRs)),
 	})
 }