ctdb-scripts: Call iptables/ip6tables directly from iptables_wrapper

Drops the iptables() and ip6tables() functions and, hence, the
hardcoding of paths /sbin/iptables and /sbin/ip6tables.  The latter
avoids problems on openSUSE where (for example) /usr/sbin/iptables is
used instead.

This means that locking around ip*tables commands is only done when
iptables_wrapper is called directly.  This is fine because the only
conflict is when "releaseip" or "takeip"/"updateip" events are run in
parallel.  The other uses in 11.natgw and 70.iscsi are in events where
there will be no collisions.

Making 11.natgw support IPv6 is unnecessary.  Just put a static IPv6
address on each interface - they're plentiful.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Jan 28 08:29:55 CET 2015 on sn-devel-104

ctdb/config/functions

@@ -1393,23 +1393,17 @@ ctdb_standard_event_handler ()
     esac
 }
 
-# iptables doesn't like being re-entered, so flock-wrap it.
-iptables ()
-{
-	flock -w 30 $CTDB_VARDIR/iptables-ctdb.flock /sbin/iptables "$@"
-}
-ip6tables ()
-{
-	flock -w 30 $CTDB_VARDIR/iptables-ctdb.flock /sbin/ip6tables "$@"
-}
 iptables_wrapper ()
 {
     _family="$1" ; shift
     if [ "$_family" = "inet6" ] ; then
-	ip6tables "$@"
+	_iptables_cmd="ip6tables"
     else
-	iptables "$@"
+	_iptables_cmd="iptables"
     fi
+
+    # iptables doesn't like being re-entered, so flock-wrap it.
+    flock -w 30 "${CTDB_VARDIR}/iptables-ctdb.flock" "$_iptables_cmd" "$@"
 }
 
 # AIX (and perhaps others?) doesn't have mktemp

ctdb/tests/eventscripts/etc-ctdb/rc.local

@@ -51,8 +51,10 @@ get_proc ()
     esac
 }
 
-# Always succeeds
+# Always succeed
 iptables () { : ; }
+ip6tables () { : ; }
+iptables_wrapper () { : ; }
 
 # Do not actually background - we want to see the output
 background_with_logging ()