dust-deploy 0.12.2 → 0.13.0
Sign up to get free protection for your applications and to get access to all the features.
- data/bin/dust +192 -66
- data/changelog.md +37 -0
- data/lib/dust.rb +1 -0
- data/lib/dust/messaging.rb +140 -0
- data/lib/dust/recipe.rb +4 -1
- data/lib/dust/recipes/aliases.rb +5 -5
- data/lib/dust/recipes/apt.rb +4 -4
- data/lib/dust/recipes/cjdroute.rb +32 -35
- data/lib/dust/recipes/cups_client.rb +5 -5
- data/lib/dust/recipes/debsecan.rb +4 -4
- data/lib/dust/recipes/duplicity.rb +13 -15
- data/lib/dust/recipes/etc_hosts.rb +3 -3
- data/lib/dust/recipes/hash_check.rb +5 -6
- data/lib/dust/recipes/iptables.rb +12 -17
- data/lib/dust/recipes/limits.rb +19 -11
- data/lib/dust/recipes/locale.rb +14 -14
- data/lib/dust/recipes/logrotate.rb +3 -3
- data/lib/dust/recipes/make.rb +29 -0
- data/lib/dust/recipes/motd.rb +3 -3
- data/lib/dust/recipes/mysql.rb +5 -5
- data/lib/dust/recipes/newrelic.rb +6 -6
- data/lib/dust/recipes/nginx.rb +10 -10
- data/lib/dust/recipes/ntpd.rb +2 -6
- data/lib/dust/recipes/pacemaker.rb +3 -3
- data/lib/dust/recipes/postgres.rb +22 -22
- data/lib/dust/recipes/rc_local.rb +8 -8
- data/lib/dust/recipes/redis.rb +3 -25
- data/lib/dust/recipes/repositories.rb +28 -30
- data/lib/dust/recipes/resolv_conf.rb +16 -16
- data/lib/dust/recipes/ruby_rvm.rb +17 -18
- data/lib/dust/recipes/skel.rb +1 -2
- data/lib/dust/recipes/ssh_authorized_keys.rb +4 -5
- data/lib/dust/recipes/sshd.rb +1 -1
- data/lib/dust/recipes/sudoers.rb +2 -2
- data/lib/dust/recipes/sysctl.rb +12 -8
- data/lib/dust/recipes/zabbix_agent.rb +28 -28
- data/lib/dust/server.rb +114 -115
- data/lib/dust/version.rb +1 -1
- metadata +4 -2
data/lib/dust/recipe.rb
CHANGED
@@ -8,7 +8,7 @@ class Recipe < Thor
|
|
8
8
|
@node = node
|
9
9
|
@options = options
|
10
10
|
|
11
|
-
# if this recipe just was defined as true, yes or 'enabled',
|
11
|
+
# if this recipe just was defined as true, yes or 'enabled',
|
12
12
|
# continue with empty @config, so defaults get used
|
13
13
|
if config.is_a? TrueClass or config == 'enabled'
|
14
14
|
@config = {}
|
@@ -16,6 +16,9 @@ class Recipe < Thor
|
|
16
16
|
@config = config
|
17
17
|
end
|
18
18
|
|
19
|
+
# prepare messaging class for this recipe
|
20
|
+
@node.messages.start_recipe(recipe)
|
21
|
+
|
19
22
|
# run task
|
20
23
|
send context
|
21
24
|
end
|
data/lib/dust/recipes/aliases.rb
CHANGED
@@ -5,15 +5,15 @@ class Aliases < Recipe
|
|
5
5
|
|
6
6
|
@node.deploy_file "#{@template_path}/aliases", '/etc/aliases', :binding => binding
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
msg = @node.messages.add('running newaliases')
|
9
|
+
msg.parse_result(@node.exec('newaliases')[:exit_code])
|
10
10
|
end
|
11
11
|
|
12
12
|
desc 'aliases:status', 'shows current aliases'
|
13
13
|
def status
|
14
|
-
|
14
|
+
msg = @node.messages.add('getting /etc/aliases')
|
15
15
|
ret = @node.exec 'cat /etc/aliases'
|
16
|
-
|
17
|
-
|
16
|
+
msg.parse_result(ret[:exit_code])
|
17
|
+
msg.print_output(ret)
|
18
18
|
end
|
19
19
|
end
|
data/lib/dust/recipes/apt.rb
CHANGED
@@ -9,7 +9,7 @@ class Apt < Recipe
|
|
9
9
|
proxy @config.delete('proxy')
|
10
10
|
|
11
11
|
@config.each do |name, settings|
|
12
|
-
|
12
|
+
@node.messages.add("deploying apt settings #{name}\n")
|
13
13
|
conf = ''
|
14
14
|
settings.to_array.each do |setting|
|
15
15
|
conf << "#{setting}\n"
|
@@ -40,7 +40,7 @@ class Apt < Recipe
|
|
40
40
|
|
41
41
|
@node.install_package 'unattended-upgrades'
|
42
42
|
|
43
|
-
|
43
|
+
@node.messages.add("deploying unattended upgrades configuration\n")
|
44
44
|
periodic = ''
|
45
45
|
periodic << "APT::Periodic::Enable \"#{config['enable']}\";\n"
|
46
46
|
periodic << "APT::Periodic::Update-Package-Lists \"#{config['update-package-lists']}\";\n"
|
@@ -60,13 +60,13 @@ class Apt < Recipe
|
|
60
60
|
# skip 02proxy, because we're going to overwrite it anyways
|
61
61
|
next if file == '/etc/apt/apt.conf.d/02proxy'
|
62
62
|
|
63
|
-
|
63
|
+
@node.messages.add("found proxy configuration in file #{file}, commenting out").warning
|
64
64
|
@node.exec "sed -i 's/^\\(acquire::http::proxy.*\\)/#\\1/i' #{file}"
|
65
65
|
end
|
66
66
|
|
67
67
|
return if config.is_a? FalseClass or config == 'disabled'
|
68
68
|
|
69
|
-
|
69
|
+
@node.messages.add("deploying proxy configuration\n")
|
70
70
|
proxy = "Acquire::http::Proxy \"#{config}\";\n"
|
71
71
|
|
72
72
|
@node.write '/etc/apt/apt.conf.d/02proxy', proxy, :indent => 2
|
@@ -2,7 +2,7 @@ require 'json'
|
|
2
2
|
|
3
3
|
class Cjdroute< Recipe
|
4
4
|
desc 'cjdroute:deploy', 'installs / updates cjdns'
|
5
|
-
def deploy
|
5
|
+
def deploy
|
6
6
|
# apply default configuration
|
7
7
|
@config = default_config.merge @config
|
8
8
|
|
@@ -12,7 +12,6 @@ class Cjdroute< Recipe
|
|
12
12
|
# clean up building directory, if --restart is given
|
13
13
|
# using --restart, since there's no --cleanup
|
14
14
|
return unless make_clean if @options.restart?
|
15
|
-
return unless @node.mkdir "#{@config['build_dir']}/build"
|
16
15
|
|
17
16
|
# compiling action
|
18
17
|
return unless run_make
|
@@ -32,7 +31,7 @@ class Cjdroute< Recipe
|
|
32
31
|
|
33
32
|
private
|
34
33
|
def default_config
|
35
|
-
{
|
34
|
+
{
|
36
35
|
'git_repo' => 'git://github.com/cjdelisle/cjdns.git',
|
37
36
|
'git_branch' => 'master',
|
38
37
|
'build_dir' => '/tmp/cjdns-tmp',
|
@@ -45,14 +44,14 @@ class Cjdroute< Recipe
|
|
45
44
|
|
46
45
|
# installs cmake, git and other building tools needed
|
47
46
|
def install_dependencies
|
48
|
-
|
47
|
+
@node.messages.add("installing build dependencies\n")
|
49
48
|
|
50
49
|
return false unless @node.install_package 'cmake', :indent => 2
|
51
50
|
|
52
51
|
# check cmake version
|
53
52
|
ret = @node.exec 'cmake --version'
|
54
53
|
ver = ret[:stdout].match(/2.[0-9]/)[0].to_f
|
55
|
-
return
|
54
|
+
return @node.messages.add('cjdroute requires cmake 2.8 or higher').failed if ver < 2.8
|
56
55
|
|
57
56
|
|
58
57
|
if @node.uses_apt?
|
@@ -66,7 +65,6 @@ class Cjdroute< Recipe
|
|
66
65
|
return false unless @node.install_package 'make', :indent => 2
|
67
66
|
end
|
68
67
|
|
69
|
-
puts
|
70
68
|
true
|
71
69
|
end
|
72
70
|
|
@@ -76,64 +74,60 @@ class Cjdroute< Recipe
|
|
76
74
|
|
77
75
|
# check if build directory is maintained by git
|
78
76
|
unless @node.dir_exists? "#{@config['build_dir']}/.git", :quiet => true
|
79
|
-
return
|
77
|
+
return @node.messages.add("#{@config['build_dir']} doesn't appear to be a git repository").failed
|
80
78
|
end
|
81
79
|
|
82
80
|
# git pull latest changes
|
83
|
-
|
81
|
+
msg = @node.messages.add("checking out branch '#{@config['git_branch']}'")
|
84
82
|
ret = @node.exec("cd #{@config['build_dir']}; git checkout #{@config['git_branch']}")[:exit_code]
|
85
|
-
return unless
|
83
|
+
return unless msg.parse_result(ret)
|
86
84
|
|
87
|
-
|
88
|
-
ret = @node.exec
|
89
|
-
return
|
85
|
+
msg = @node.messages.add('pulling latest changes from repository')
|
86
|
+
ret = @node.exec("cd #{@config['build_dir']}; git pull", :live => true)[:exit_code]
|
87
|
+
return unless msg.parse_result(ret)
|
90
88
|
|
91
89
|
else
|
92
90
|
# create build directory
|
93
91
|
unless @node.mkdir @config['build_dir']
|
94
|
-
return
|
92
|
+
return @node.messages.add("couldn't create build directory #{@config['build_dir']}").failed
|
95
93
|
end
|
96
94
|
|
97
95
|
# git clone cjdns repository
|
98
|
-
|
99
|
-
ret = @node.exec
|
100
|
-
return
|
96
|
+
msg = @node.messages.add("cloning cjdns repository into #{@config['build_dir']}")
|
97
|
+
ret = @node.exec("git clone #{@config['git_repo']} -b #{@config['git_branch']} #{@config['build_dir']}", :live => true)
|
98
|
+
return unless msg.parse_result(ret[:exit_code])
|
101
99
|
end
|
102
100
|
|
103
101
|
# reset to the wanted commit if given
|
104
102
|
if @config['commit']
|
105
|
-
|
106
|
-
|
103
|
+
msg = @node.messages.add("resetting to commit: #{@config['commit']}")
|
104
|
+
msg.parse_result(@node.exec("cd #{@config['build_dir']}; git reset --hard #{@config['commit']}")[:exit_code])
|
107
105
|
end
|
108
106
|
|
109
|
-
puts
|
110
107
|
true
|
111
108
|
end
|
112
109
|
|
113
110
|
# remove and recreate building directory
|
114
111
|
def make_clean
|
115
|
-
|
116
|
-
|
117
|
-
true
|
112
|
+
msg = @node.messages.add('cleaning up')
|
113
|
+
msg.parse_result(@node.exec("rm -rf #{@config['build_dir']}/build")[:exit_code])
|
118
114
|
end
|
119
115
|
|
120
116
|
def run_make
|
121
|
-
|
122
|
-
|
123
|
-
return ::Dust.print_failed 'error compiling cjdroute' unless ret[:exit_code] == 0
|
124
|
-
true
|
117
|
+
msg = @node.messages.add('compiling cjdns')
|
118
|
+
msg.parse_result(@node.exec("export Log_LEVEL=#{@config['loglevel']}; cd #{@config['build_dir']}; ./do", :live => true)[:exit_code])
|
125
119
|
end
|
126
120
|
|
127
121
|
# generate cjdroute.conf
|
128
122
|
def generate_config
|
129
123
|
if @node.file_exists? "#{@config['etc_dir']}/cjdroute.conf", :quiet => true
|
130
|
-
|
124
|
+
@node.messages.add('found a cjdroute.conf, not overwriting').warning
|
131
125
|
return true
|
132
126
|
end
|
133
|
-
|
134
|
-
|
127
|
+
|
128
|
+
msg = @node.messages.add('generating config file')
|
135
129
|
ret = @node.exec("#{@config['bin_dir']}/cjdroute --genconf")
|
136
|
-
return false unless
|
130
|
+
return false unless msg.parse_result(ret[:exit_code])
|
137
131
|
|
138
132
|
# parse generated json
|
139
133
|
cjdroute_conf = JSON.parse ret[:stdout]
|
@@ -147,14 +141,17 @@ class Cjdroute< Recipe
|
|
147
141
|
|
148
142
|
# kill any cjdroute processes that might be running
|
149
143
|
def stop_cjdroute
|
150
|
-
|
151
|
-
|
144
|
+
msg = @node.messages.add('stopping cjdroute')
|
145
|
+
msg.parse_result(@node.exec('killall cjdroute')[:exit_code])
|
146
|
+
|
147
|
+
msg = @node.messages.add('waiting 2 seconds for cjdroute to finish')
|
148
|
+
sleep 2
|
149
|
+
msg.ok
|
152
150
|
end
|
153
151
|
|
154
152
|
# fire up cjdroute
|
155
153
|
def start_cjdroute
|
156
|
-
|
157
|
-
|
158
|
-
::Dust.print_result @node.exec("nohup #{@config['bin_dir']}/cjdroute < #{@config['etc_dir']}/cjdroute.conf &> /dev/null &")[:exit_code]
|
154
|
+
msg = @node.messages.add('fireing up cjdroute')
|
155
|
+
msg.parse_result(@node.exec("nohup #{@config['bin_dir']}/cjdroute < #{@config['etc_dir']}/cjdroute.conf &> /dev/null &")[:exit_code])
|
159
156
|
end
|
160
157
|
end
|
@@ -3,18 +3,18 @@ class CupsClient < Recipe
|
|
3
3
|
def deploy
|
4
4
|
return false unless install
|
5
5
|
|
6
|
-
return
|
6
|
+
return @node.messages.add('no printserver specified.').failed unless @config
|
7
7
|
|
8
|
-
|
8
|
+
@node.messages.add("setting servername to: #{@config}").ok
|
9
9
|
@node.write '/etc/cups/client.conf', "ServerName #{@config}\n"
|
10
10
|
end
|
11
11
|
|
12
12
|
desc 'cups_client:status', 'shows current /etc/cups/client.conf'
|
13
13
|
def status
|
14
|
-
|
14
|
+
msg = @node.messages.add('getting /etc/cups/client.conf')
|
15
15
|
ret = @node.exec 'cat /etc/cups/client.conf'
|
16
|
-
|
17
|
-
|
16
|
+
msg.parse_result(ret[:exit_code])
|
17
|
+
msg.print_output(ret)
|
18
18
|
end
|
19
19
|
|
20
20
|
private
|
@@ -6,7 +6,7 @@ class Debsecan < Recipe
|
|
6
6
|
if @node.is_os? ['ubuntu', 'debian']
|
7
7
|
@node.install_package 'debsecan'
|
8
8
|
|
9
|
-
|
9
|
+
msg = @node.messages.add('configuring debsecan')
|
10
10
|
|
11
11
|
# if config is simply set to "true", use defaults
|
12
12
|
config = {} unless config.is_a? Hash
|
@@ -21,7 +21,7 @@ class Debsecan < Recipe
|
|
21
21
|
# configures whether daily reports are sent
|
22
22
|
config_file << "# If true, enable daily reports, sent by email.\n" +
|
23
23
|
"REPORT=#{config['report'].to_s}\n\n"
|
24
|
-
|
24
|
+
|
25
25
|
# configures the suite
|
26
26
|
config_file << "# For better reporting, specify the correct suite here, using the code\n" +
|
27
27
|
"# name (that is, \"sid\" instead of \"unstable\").\n" +
|
@@ -37,9 +37,9 @@ class Debsecan < Recipe
|
|
37
37
|
"SOURCE=#{config['source']}\n\n"
|
38
38
|
|
39
39
|
@node.write '/etc/default/debsecan', config_file, :quiet => true
|
40
|
-
|
40
|
+
msg.ok
|
41
41
|
else
|
42
|
-
|
42
|
+
msg.failed('os not supported')
|
43
43
|
end
|
44
44
|
end
|
45
45
|
end
|
@@ -18,13 +18,13 @@ class Duplicity < Recipe
|
|
18
18
|
|
19
19
|
# check whether backend is specified, skip to next scenario if not
|
20
20
|
unless config['backend'] and config['passphrase']
|
21
|
-
|
21
|
+
@node.messages.add("scenario #{scenario}: backend or passphrase missing.").failed
|
22
22
|
next
|
23
23
|
end
|
24
24
|
|
25
25
|
# check if interval is correct
|
26
26
|
unless [ 'monthly', 'weekly', 'daily', 'hourly' ].include? config['interval']
|
27
|
-
return
|
27
|
+
return @node.messages.add("invalid interval: '#{config['interval']}'").failed
|
28
28
|
end
|
29
29
|
|
30
30
|
# check whether we need ncftp
|
@@ -35,8 +35,8 @@ class Duplicity < Recipe
|
|
35
35
|
|
36
36
|
# add hostkey to known_hosts
|
37
37
|
if config['hostkey']
|
38
|
-
|
39
|
-
unless
|
38
|
+
msg = @node.messages.add('checking if ssh key is in known_hosts')
|
39
|
+
unless msg.parse_result(@node.exec("grep -q '#{config['hostkey']}' /root/.ssh/known_hosts")[:exit_code] == 0)
|
40
40
|
@node.mkdir '/root/.ssh', :indent => 2
|
41
41
|
@node.append '/root/.ssh/known_hosts', "#{config['hostkey']}\n", :indent => 2
|
42
42
|
end
|
@@ -46,14 +46,13 @@ class Duplicity < Recipe
|
|
46
46
|
cronjob_path = "/etc/cron.#{config['interval']}/duplicity-#{scenario}"
|
47
47
|
|
48
48
|
# adjust and upload cronjob
|
49
|
-
|
50
|
-
config['options'].to_array.each { |option|
|
49
|
+
@node.messages.add("adjusting and deploying cronjob (scenario: #{scenario}, interval: #{config['interval']})\n")
|
50
|
+
config['options'].to_array.each { |option| @node.messages.add("adding option: #{option}", :indent => 2).ok }
|
51
51
|
|
52
52
|
@node.deploy_file "#{@template_path}/cronjob", cronjob_path, :binding => binding
|
53
53
|
|
54
54
|
# making cronjob executeable
|
55
55
|
@node.chmod '0700', cronjob_path
|
56
|
-
puts
|
57
56
|
end
|
58
57
|
end
|
59
58
|
|
@@ -70,9 +69,9 @@ class Duplicity < Recipe
|
|
70
69
|
config['directory'] ||= "#{@node['hostname']}-#{scenario}"
|
71
70
|
|
72
71
|
# check whether backend is specified, skip to next scenario if not
|
73
|
-
return
|
72
|
+
return @node.messages.add('no backend specified.').failed unless config['backend']
|
74
73
|
|
75
|
-
|
74
|
+
msg = @node.messages.add("running collection-status for scenario '#{scenario}'")
|
76
75
|
cmd = "nice -n #{config['nice']} duplicity collection-status " +
|
77
76
|
"--archive-dir #{config['archive']} " +
|
78
77
|
"#{File.join(config['backend'], config['directory'])}"
|
@@ -82,15 +81,14 @@ class Duplicity < Recipe
|
|
82
81
|
ret = @node.exec cmd
|
83
82
|
|
84
83
|
# check exit code and stdout shouldn't be empty
|
85
|
-
|
84
|
+
msg.parse_result( (ret[:exit_code] == 0 and ret[:stdout].length > 0) )
|
86
85
|
|
87
86
|
if options.long?
|
88
|
-
|
87
|
+
@node.messages.add(ret[:stdout], :indent => 0)
|
89
88
|
else
|
90
|
-
|
89
|
+
@node.messages.add("\t" + ret[:stdout].sub(/^\s+([a-zA-Z]+)\s+(\w+\s+\w+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)$/, 'Last backup: \1 (\3 sets) on \2'), :indent => 0)
|
91
90
|
end
|
92
91
|
|
93
|
-
puts
|
94
92
|
end
|
95
93
|
end
|
96
94
|
|
@@ -111,9 +109,9 @@ class Duplicity < Recipe
|
|
111
109
|
|
112
110
|
# removes all duplicity cronjobs
|
113
111
|
def remove_duplicity_cronjobs
|
114
|
-
|
112
|
+
msg = @node.messages.add('deleting old duplicity cronjobs')
|
115
113
|
@node.rm '/etc/cron.*/duplicity*', :quiet => true
|
116
|
-
|
114
|
+
msg.ok
|
117
115
|
end
|
118
116
|
|
119
117
|
end
|
@@ -12,9 +12,9 @@ class EtcHosts < Recipe
|
|
12
12
|
|
13
13
|
desc 'etc_hosts:status', 'shows current /etc/hosts'
|
14
14
|
def status
|
15
|
-
|
15
|
+
msg = @node.messages.add('getting /etc/hosts')
|
16
16
|
ret = @node.exec 'cat /etc/hosts'
|
17
|
-
|
18
|
-
|
17
|
+
msg.parse_result(ret[:exit_code])
|
18
|
+
msg.print_output(ret)
|
19
19
|
end
|
20
20
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
class HashCheck < Recipe
|
2
|
-
|
2
|
+
|
3
3
|
desc 'hash_check:deploy', 'checks /etc/shadow for weak hashes'
|
4
4
|
def deploy
|
5
5
|
# those keys indicate that no password is set, or login is disabled
|
@@ -8,7 +8,7 @@ class HashCheck < Recipe
|
|
8
8
|
weak_passwords = File.open "#{@template_path}/weak_passwords", 'r'
|
9
9
|
|
10
10
|
shadow = @node.exec('getent shadow')[:stdout]
|
11
|
-
|
11
|
+
@node.messages.add("checking for weak password hashes\n")
|
12
12
|
|
13
13
|
found_weak = false
|
14
14
|
shadow.each_line do |line|
|
@@ -25,17 +25,16 @@ class HashCheck < Recipe
|
|
25
25
|
ret = @node.exec("python -c \"import crypt; print(crypt.crypt('#{password}', '\\$#{method}\\$#{salt}\\$'));\"")
|
26
26
|
|
27
27
|
unless ret[:exit_code] == 0
|
28
|
-
|
29
|
-
return false
|
28
|
+
return msg.failed('error during hash creation (is python installed?)')
|
30
29
|
end
|
31
30
|
if hash == ret[:stdout].chomp
|
32
|
-
|
31
|
+
@node.messages.add("user #{user} has a weak password! (#{password})", :indent => 2).failed
|
33
32
|
found_weak = true
|
34
33
|
end
|
35
34
|
end
|
36
35
|
end
|
37
36
|
|
38
37
|
weak_passwords.close
|
39
|
-
|
38
|
+
@node.messages.add('none found.', :indent => 2).ok unless found_weak
|
40
39
|
end
|
41
40
|
end
|
@@ -24,7 +24,7 @@ class Iptables < Recipe
|
|
24
24
|
@script = ''
|
25
25
|
@ip_version = v
|
26
26
|
|
27
|
-
|
27
|
+
@node.messages.add("generating ipv#{@ip_version} rules\n")
|
28
28
|
|
29
29
|
clear_all
|
30
30
|
populate_rule_defaults
|
@@ -32,18 +32,15 @@ class Iptables < Recipe
|
|
32
32
|
|
33
33
|
deploy_script
|
34
34
|
apply_rules
|
35
|
-
|
36
|
-
puts
|
37
35
|
end
|
38
36
|
end
|
39
37
|
|
40
38
|
desc 'iptables:status', 'displays iptables rules'
|
41
39
|
def status
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
::Dust.print_msg @node.exec('ip6tables -L -v -n')[:stdout], :indent => 0
|
40
|
+
@node.messages.add('displaying iptables rules (ipv4)').ok
|
41
|
+
@node.messages.add(@node.exec('iptables -L -v -n')[:stdout], :indent => 0)
|
42
|
+
@node.messages.add('displaying iptables rules (ipv6)').ok
|
43
|
+
@node.messages.add(@node.exec('ip6tables -L -v -n')[:stdout], :indent => 0)
|
47
44
|
end
|
48
45
|
|
49
46
|
private
|
@@ -152,14 +149,13 @@ class Iptables < Recipe
|
|
152
149
|
rules = get_rules_for_table chain_rules, table
|
153
150
|
next if rules.empty?
|
154
151
|
|
155
|
-
#::Dust.print_msg "#{::Dust.pink}#{chain}#{::Dust.none} rules\n", :indent => 3
|
156
152
|
rules.sort.each do |name, rule|
|
157
153
|
next unless rule['table'].include? table
|
158
154
|
next unless check_ip_version rule
|
159
155
|
|
160
|
-
|
156
|
+
msg = @node.messages.add("adding rule: #{name}", :indent => 2)
|
161
157
|
generate_iptables_string chain, rule
|
162
|
-
|
158
|
+
msg.ok
|
163
159
|
end
|
164
160
|
end
|
165
161
|
@script << "COMMIT\n" if @node.uses_rpm?
|
@@ -187,7 +183,6 @@ class Iptables < Recipe
|
|
187
183
|
# generates the iptables string out of a rule
|
188
184
|
def generate_iptables_string chain, rule
|
189
185
|
parse_rule(rule).each do |r|
|
190
|
-
#::Dust.print_msg "#{::Dust.grey}#{r.join ' '}#{::Dust.none}\n", :indent => 5
|
191
186
|
@script << "--append #{chain.upcase} #{r.join ' '}\n"
|
192
187
|
end
|
193
188
|
end
|
@@ -290,22 +285,22 @@ class Iptables < Recipe
|
|
290
285
|
# apply newly pushed rules
|
291
286
|
def apply_rules
|
292
287
|
if @options.restart?
|
293
|
-
|
288
|
+
msg = @node.messages.add("applying ipv#{@ip_version} rules")
|
294
289
|
|
295
290
|
if @node.uses_rpm?
|
296
|
-
|
291
|
+
msg.parse_result(@node.exec("/etc/init.d/#{cmd} restart")[:exit_code])
|
297
292
|
|
298
293
|
else
|
299
294
|
ret = @node.exec get_target
|
300
|
-
|
295
|
+
msg.parse_result( (ret[:exit_code] == 0 and ret[:stdout].empty? and ret[:stderr].empty?) )
|
301
296
|
end
|
302
297
|
end
|
303
298
|
|
304
299
|
# on gentoo, rules have to be saved using the init script,
|
305
300
|
# otherwise they won't get re-applied on next startup
|
306
301
|
if @node.uses_emerge?
|
307
|
-
|
308
|
-
|
302
|
+
msg = @node.messages.add("saving ipv#{@ip_version} rules")
|
303
|
+
msg.parse_result(@node.exec("/etc/init.d/#{cmd} save")[:exit_code])
|
309
304
|
end
|
310
305
|
end
|
311
306
|
|