dust-deploy 0.12.2 → 0.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/dust +192 -66
- data/changelog.md +37 -0
- data/lib/dust.rb +1 -0
- data/lib/dust/messaging.rb +140 -0
- data/lib/dust/recipe.rb +4 -1
- data/lib/dust/recipes/aliases.rb +5 -5
- data/lib/dust/recipes/apt.rb +4 -4
- data/lib/dust/recipes/cjdroute.rb +32 -35
- data/lib/dust/recipes/cups_client.rb +5 -5
- data/lib/dust/recipes/debsecan.rb +4 -4
- data/lib/dust/recipes/duplicity.rb +13 -15
- data/lib/dust/recipes/etc_hosts.rb +3 -3
- data/lib/dust/recipes/hash_check.rb +5 -6
- data/lib/dust/recipes/iptables.rb +12 -17
- data/lib/dust/recipes/limits.rb +19 -11
- data/lib/dust/recipes/locale.rb +14 -14
- data/lib/dust/recipes/logrotate.rb +3 -3
- data/lib/dust/recipes/make.rb +29 -0
- data/lib/dust/recipes/motd.rb +3 -3
- data/lib/dust/recipes/mysql.rb +5 -5
- data/lib/dust/recipes/newrelic.rb +6 -6
- data/lib/dust/recipes/nginx.rb +10 -10
- data/lib/dust/recipes/ntpd.rb +2 -6
- data/lib/dust/recipes/pacemaker.rb +3 -3
- data/lib/dust/recipes/postgres.rb +22 -22
- data/lib/dust/recipes/rc_local.rb +8 -8
- data/lib/dust/recipes/redis.rb +3 -25
- data/lib/dust/recipes/repositories.rb +28 -30
- data/lib/dust/recipes/resolv_conf.rb +16 -16
- data/lib/dust/recipes/ruby_rvm.rb +17 -18
- data/lib/dust/recipes/skel.rb +1 -2
- data/lib/dust/recipes/ssh_authorized_keys.rb +4 -5
- data/lib/dust/recipes/sshd.rb +1 -1
- data/lib/dust/recipes/sudoers.rb +2 -2
- data/lib/dust/recipes/sysctl.rb +12 -8
- data/lib/dust/recipes/zabbix_agent.rb +28 -28
- data/lib/dust/server.rb +114 -115
- data/lib/dust/version.rb +1 -1
- metadata +4 -2
data/lib/dust/recipe.rb
CHANGED
@@ -8,7 +8,7 @@ class Recipe < Thor
|
|
8
8
|
@node = node
|
9
9
|
@options = options
|
10
10
|
|
11
|
-
# if this recipe just was defined as true, yes or 'enabled',
|
11
|
+
# if this recipe just was defined as true, yes or 'enabled',
|
12
12
|
# continue with empty @config, so defaults get used
|
13
13
|
if config.is_a? TrueClass or config == 'enabled'
|
14
14
|
@config = {}
|
@@ -16,6 +16,9 @@ class Recipe < Thor
|
|
16
16
|
@config = config
|
17
17
|
end
|
18
18
|
|
19
|
+
# prepare messaging class for this recipe
|
20
|
+
@node.messages.start_recipe(recipe)
|
21
|
+
|
19
22
|
# run task
|
20
23
|
send context
|
21
24
|
end
|
data/lib/dust/recipes/aliases.rb
CHANGED
@@ -5,15 +5,15 @@ class Aliases < Recipe
|
|
5
5
|
|
6
6
|
@node.deploy_file "#{@template_path}/aliases", '/etc/aliases', :binding => binding
|
7
7
|
|
8
|
-
|
9
|
-
|
8
|
+
msg = @node.messages.add('running newaliases')
|
9
|
+
msg.parse_result(@node.exec('newaliases')[:exit_code])
|
10
10
|
end
|
11
11
|
|
12
12
|
desc 'aliases:status', 'shows current aliases'
|
13
13
|
def status
|
14
|
-
|
14
|
+
msg = @node.messages.add('getting /etc/aliases')
|
15
15
|
ret = @node.exec 'cat /etc/aliases'
|
16
|
-
|
17
|
-
|
16
|
+
msg.parse_result(ret[:exit_code])
|
17
|
+
msg.print_output(ret)
|
18
18
|
end
|
19
19
|
end
|
data/lib/dust/recipes/apt.rb
CHANGED
@@ -9,7 +9,7 @@ class Apt < Recipe
|
|
9
9
|
proxy @config.delete('proxy')
|
10
10
|
|
11
11
|
@config.each do |name, settings|
|
12
|
-
|
12
|
+
@node.messages.add("deploying apt settings #{name}\n")
|
13
13
|
conf = ''
|
14
14
|
settings.to_array.each do |setting|
|
15
15
|
conf << "#{setting}\n"
|
@@ -40,7 +40,7 @@ class Apt < Recipe
|
|
40
40
|
|
41
41
|
@node.install_package 'unattended-upgrades'
|
42
42
|
|
43
|
-
|
43
|
+
@node.messages.add("deploying unattended upgrades configuration\n")
|
44
44
|
periodic = ''
|
45
45
|
periodic << "APT::Periodic::Enable \"#{config['enable']}\";\n"
|
46
46
|
periodic << "APT::Periodic::Update-Package-Lists \"#{config['update-package-lists']}\";\n"
|
@@ -60,13 +60,13 @@ class Apt < Recipe
|
|
60
60
|
# skip 02proxy, because we're going to overwrite it anyways
|
61
61
|
next if file == '/etc/apt/apt.conf.d/02proxy'
|
62
62
|
|
63
|
-
|
63
|
+
@node.messages.add("found proxy configuration in file #{file}, commenting out").warning
|
64
64
|
@node.exec "sed -i 's/^\\(acquire::http::proxy.*\\)/#\\1/i' #{file}"
|
65
65
|
end
|
66
66
|
|
67
67
|
return if config.is_a? FalseClass or config == 'disabled'
|
68
68
|
|
69
|
-
|
69
|
+
@node.messages.add("deploying proxy configuration\n")
|
70
70
|
proxy = "Acquire::http::Proxy \"#{config}\";\n"
|
71
71
|
|
72
72
|
@node.write '/etc/apt/apt.conf.d/02proxy', proxy, :indent => 2
|
@@ -2,7 +2,7 @@ require 'json'
|
|
2
2
|
|
3
3
|
class Cjdroute< Recipe
|
4
4
|
desc 'cjdroute:deploy', 'installs / updates cjdns'
|
5
|
-
def deploy
|
5
|
+
def deploy
|
6
6
|
# apply default configuration
|
7
7
|
@config = default_config.merge @config
|
8
8
|
|
@@ -12,7 +12,6 @@ class Cjdroute< Recipe
|
|
12
12
|
# clean up building directory, if --restart is given
|
13
13
|
# using --restart, since there's no --cleanup
|
14
14
|
return unless make_clean if @options.restart?
|
15
|
-
return unless @node.mkdir "#{@config['build_dir']}/build"
|
16
15
|
|
17
16
|
# compiling action
|
18
17
|
return unless run_make
|
@@ -32,7 +31,7 @@ class Cjdroute< Recipe
|
|
32
31
|
|
33
32
|
private
|
34
33
|
def default_config
|
35
|
-
{
|
34
|
+
{
|
36
35
|
'git_repo' => 'git://github.com/cjdelisle/cjdns.git',
|
37
36
|
'git_branch' => 'master',
|
38
37
|
'build_dir' => '/tmp/cjdns-tmp',
|
@@ -45,14 +44,14 @@ class Cjdroute< Recipe
|
|
45
44
|
|
46
45
|
# installs cmake, git and other building tools needed
|
47
46
|
def install_dependencies
|
48
|
-
|
47
|
+
@node.messages.add("installing build dependencies\n")
|
49
48
|
|
50
49
|
return false unless @node.install_package 'cmake', :indent => 2
|
51
50
|
|
52
51
|
# check cmake version
|
53
52
|
ret = @node.exec 'cmake --version'
|
54
53
|
ver = ret[:stdout].match(/2.[0-9]/)[0].to_f
|
55
|
-
return
|
54
|
+
return @node.messages.add('cjdroute requires cmake 2.8 or higher').failed if ver < 2.8
|
56
55
|
|
57
56
|
|
58
57
|
if @node.uses_apt?
|
@@ -66,7 +65,6 @@ class Cjdroute< Recipe
|
|
66
65
|
return false unless @node.install_package 'make', :indent => 2
|
67
66
|
end
|
68
67
|
|
69
|
-
puts
|
70
68
|
true
|
71
69
|
end
|
72
70
|
|
@@ -76,64 +74,60 @@ class Cjdroute< Recipe
|
|
76
74
|
|
77
75
|
# check if build directory is maintained by git
|
78
76
|
unless @node.dir_exists? "#{@config['build_dir']}/.git", :quiet => true
|
79
|
-
return
|
77
|
+
return @node.messages.add("#{@config['build_dir']} doesn't appear to be a git repository").failed
|
80
78
|
end
|
81
79
|
|
82
80
|
# git pull latest changes
|
83
|
-
|
81
|
+
msg = @node.messages.add("checking out branch '#{@config['git_branch']}'")
|
84
82
|
ret = @node.exec("cd #{@config['build_dir']}; git checkout #{@config['git_branch']}")[:exit_code]
|
85
|
-
return unless
|
83
|
+
return unless msg.parse_result(ret)
|
86
84
|
|
87
|
-
|
88
|
-
ret = @node.exec
|
89
|
-
return
|
85
|
+
msg = @node.messages.add('pulling latest changes from repository')
|
86
|
+
ret = @node.exec("cd #{@config['build_dir']}; git pull", :live => true)[:exit_code]
|
87
|
+
return unless msg.parse_result(ret)
|
90
88
|
|
91
89
|
else
|
92
90
|
# create build directory
|
93
91
|
unless @node.mkdir @config['build_dir']
|
94
|
-
return
|
92
|
+
return @node.messages.add("couldn't create build directory #{@config['build_dir']}").failed
|
95
93
|
end
|
96
94
|
|
97
95
|
# git clone cjdns repository
|
98
|
-
|
99
|
-
ret = @node.exec
|
100
|
-
return
|
96
|
+
msg = @node.messages.add("cloning cjdns repository into #{@config['build_dir']}")
|
97
|
+
ret = @node.exec("git clone #{@config['git_repo']} -b #{@config['git_branch']} #{@config['build_dir']}", :live => true)
|
98
|
+
return unless msg.parse_result(ret[:exit_code])
|
101
99
|
end
|
102
100
|
|
103
101
|
# reset to the wanted commit if given
|
104
102
|
if @config['commit']
|
105
|
-
|
106
|
-
|
103
|
+
msg = @node.messages.add("resetting to commit: #{@config['commit']}")
|
104
|
+
msg.parse_result(@node.exec("cd #{@config['build_dir']}; git reset --hard #{@config['commit']}")[:exit_code])
|
107
105
|
end
|
108
106
|
|
109
|
-
puts
|
110
107
|
true
|
111
108
|
end
|
112
109
|
|
113
110
|
# remove and recreate building directory
|
114
111
|
def make_clean
|
115
|
-
|
116
|
-
|
117
|
-
true
|
112
|
+
msg = @node.messages.add('cleaning up')
|
113
|
+
msg.parse_result(@node.exec("rm -rf #{@config['build_dir']}/build")[:exit_code])
|
118
114
|
end
|
119
115
|
|
120
116
|
def run_make
|
121
|
-
|
122
|
-
|
123
|
-
return ::Dust.print_failed 'error compiling cjdroute' unless ret[:exit_code] == 0
|
124
|
-
true
|
117
|
+
msg = @node.messages.add('compiling cjdns')
|
118
|
+
msg.parse_result(@node.exec("export Log_LEVEL=#{@config['loglevel']}; cd #{@config['build_dir']}; ./do", :live => true)[:exit_code])
|
125
119
|
end
|
126
120
|
|
127
121
|
# generate cjdroute.conf
|
128
122
|
def generate_config
|
129
123
|
if @node.file_exists? "#{@config['etc_dir']}/cjdroute.conf", :quiet => true
|
130
|
-
|
124
|
+
@node.messages.add('found a cjdroute.conf, not overwriting').warning
|
131
125
|
return true
|
132
126
|
end
|
133
|
-
|
134
|
-
|
127
|
+
|
128
|
+
msg = @node.messages.add('generating config file')
|
135
129
|
ret = @node.exec("#{@config['bin_dir']}/cjdroute --genconf")
|
136
|
-
return false unless
|
130
|
+
return false unless msg.parse_result(ret[:exit_code])
|
137
131
|
|
138
132
|
# parse generated json
|
139
133
|
cjdroute_conf = JSON.parse ret[:stdout]
|
@@ -147,14 +141,17 @@ class Cjdroute< Recipe
|
|
147
141
|
|
148
142
|
# kill any cjdroute processes that might be running
|
149
143
|
def stop_cjdroute
|
150
|
-
|
151
|
-
|
144
|
+
msg = @node.messages.add('stopping cjdroute')
|
145
|
+
msg.parse_result(@node.exec('killall cjdroute')[:exit_code])
|
146
|
+
|
147
|
+
msg = @node.messages.add('waiting 2 seconds for cjdroute to finish')
|
148
|
+
sleep 2
|
149
|
+
msg.ok
|
152
150
|
end
|
153
151
|
|
154
152
|
# fire up cjdroute
|
155
153
|
def start_cjdroute
|
156
|
-
|
157
|
-
|
158
|
-
::Dust.print_result @node.exec("nohup #{@config['bin_dir']}/cjdroute < #{@config['etc_dir']}/cjdroute.conf &> /dev/null &")[:exit_code]
|
154
|
+
msg = @node.messages.add('fireing up cjdroute')
|
155
|
+
msg.parse_result(@node.exec("nohup #{@config['bin_dir']}/cjdroute < #{@config['etc_dir']}/cjdroute.conf &> /dev/null &")[:exit_code])
|
159
156
|
end
|
160
157
|
end
|
@@ -3,18 +3,18 @@ class CupsClient < Recipe
|
|
3
3
|
def deploy
|
4
4
|
return false unless install
|
5
5
|
|
6
|
-
return
|
6
|
+
return @node.messages.add('no printserver specified.').failed unless @config
|
7
7
|
|
8
|
-
|
8
|
+
@node.messages.add("setting servername to: #{@config}").ok
|
9
9
|
@node.write '/etc/cups/client.conf', "ServerName #{@config}\n"
|
10
10
|
end
|
11
11
|
|
12
12
|
desc 'cups_client:status', 'shows current /etc/cups/client.conf'
|
13
13
|
def status
|
14
|
-
|
14
|
+
msg = @node.messages.add('getting /etc/cups/client.conf')
|
15
15
|
ret = @node.exec 'cat /etc/cups/client.conf'
|
16
|
-
|
17
|
-
|
16
|
+
msg.parse_result(ret[:exit_code])
|
17
|
+
msg.print_output(ret)
|
18
18
|
end
|
19
19
|
|
20
20
|
private
|
@@ -6,7 +6,7 @@ class Debsecan < Recipe
|
|
6
6
|
if @node.is_os? ['ubuntu', 'debian']
|
7
7
|
@node.install_package 'debsecan'
|
8
8
|
|
9
|
-
|
9
|
+
msg = @node.messages.add('configuring debsecan')
|
10
10
|
|
11
11
|
# if config is simply set to "true", use defaults
|
12
12
|
config = {} unless config.is_a? Hash
|
@@ -21,7 +21,7 @@ class Debsecan < Recipe
|
|
21
21
|
# configures whether daily reports are sent
|
22
22
|
config_file << "# If true, enable daily reports, sent by email.\n" +
|
23
23
|
"REPORT=#{config['report'].to_s}\n\n"
|
24
|
-
|
24
|
+
|
25
25
|
# configures the suite
|
26
26
|
config_file << "# For better reporting, specify the correct suite here, using the code\n" +
|
27
27
|
"# name (that is, \"sid\" instead of \"unstable\").\n" +
|
@@ -37,9 +37,9 @@ class Debsecan < Recipe
|
|
37
37
|
"SOURCE=#{config['source']}\n\n"
|
38
38
|
|
39
39
|
@node.write '/etc/default/debsecan', config_file, :quiet => true
|
40
|
-
|
40
|
+
msg.ok
|
41
41
|
else
|
42
|
-
|
42
|
+
msg.failed('os not supported')
|
43
43
|
end
|
44
44
|
end
|
45
45
|
end
|
@@ -18,13 +18,13 @@ class Duplicity < Recipe
|
|
18
18
|
|
19
19
|
# check whether backend is specified, skip to next scenario if not
|
20
20
|
unless config['backend'] and config['passphrase']
|
21
|
-
|
21
|
+
@node.messages.add("scenario #{scenario}: backend or passphrase missing.").failed
|
22
22
|
next
|
23
23
|
end
|
24
24
|
|
25
25
|
# check if interval is correct
|
26
26
|
unless [ 'monthly', 'weekly', 'daily', 'hourly' ].include? config['interval']
|
27
|
-
return
|
27
|
+
return @node.messages.add("invalid interval: '#{config['interval']}'").failed
|
28
28
|
end
|
29
29
|
|
30
30
|
# check whether we need ncftp
|
@@ -35,8 +35,8 @@ class Duplicity < Recipe
|
|
35
35
|
|
36
36
|
# add hostkey to known_hosts
|
37
37
|
if config['hostkey']
|
38
|
-
|
39
|
-
unless
|
38
|
+
msg = @node.messages.add('checking if ssh key is in known_hosts')
|
39
|
+
unless msg.parse_result(@node.exec("grep -q '#{config['hostkey']}' /root/.ssh/known_hosts")[:exit_code] == 0)
|
40
40
|
@node.mkdir '/root/.ssh', :indent => 2
|
41
41
|
@node.append '/root/.ssh/known_hosts', "#{config['hostkey']}\n", :indent => 2
|
42
42
|
end
|
@@ -46,14 +46,13 @@ class Duplicity < Recipe
|
|
46
46
|
cronjob_path = "/etc/cron.#{config['interval']}/duplicity-#{scenario}"
|
47
47
|
|
48
48
|
# adjust and upload cronjob
|
49
|
-
|
50
|
-
config['options'].to_array.each { |option|
|
49
|
+
@node.messages.add("adjusting and deploying cronjob (scenario: #{scenario}, interval: #{config['interval']})\n")
|
50
|
+
config['options'].to_array.each { |option| @node.messages.add("adding option: #{option}", :indent => 2).ok }
|
51
51
|
|
52
52
|
@node.deploy_file "#{@template_path}/cronjob", cronjob_path, :binding => binding
|
53
53
|
|
54
54
|
# making cronjob executeable
|
55
55
|
@node.chmod '0700', cronjob_path
|
56
|
-
puts
|
57
56
|
end
|
58
57
|
end
|
59
58
|
|
@@ -70,9 +69,9 @@ class Duplicity < Recipe
|
|
70
69
|
config['directory'] ||= "#{@node['hostname']}-#{scenario}"
|
71
70
|
|
72
71
|
# check whether backend is specified, skip to next scenario if not
|
73
|
-
return
|
72
|
+
return @node.messages.add('no backend specified.').failed unless config['backend']
|
74
73
|
|
75
|
-
|
74
|
+
msg = @node.messages.add("running collection-status for scenario '#{scenario}'")
|
76
75
|
cmd = "nice -n #{config['nice']} duplicity collection-status " +
|
77
76
|
"--archive-dir #{config['archive']} " +
|
78
77
|
"#{File.join(config['backend'], config['directory'])}"
|
@@ -82,15 +81,14 @@ class Duplicity < Recipe
|
|
82
81
|
ret = @node.exec cmd
|
83
82
|
|
84
83
|
# check exit code and stdout shouldn't be empty
|
85
|
-
|
84
|
+
msg.parse_result( (ret[:exit_code] == 0 and ret[:stdout].length > 0) )
|
86
85
|
|
87
86
|
if options.long?
|
88
|
-
|
87
|
+
@node.messages.add(ret[:stdout], :indent => 0)
|
89
88
|
else
|
90
|
-
|
89
|
+
@node.messages.add("\t" + ret[:stdout].sub(/^\s+([a-zA-Z]+)\s+(\w+\s+\w+\s+\d+\s+\d+:\d+:\d+\s+\d+)\s+(\d+)$/, 'Last backup: \1 (\3 sets) on \2'), :indent => 0)
|
91
90
|
end
|
92
91
|
|
93
|
-
puts
|
94
92
|
end
|
95
93
|
end
|
96
94
|
|
@@ -111,9 +109,9 @@ class Duplicity < Recipe
|
|
111
109
|
|
112
110
|
# removes all duplicity cronjobs
|
113
111
|
def remove_duplicity_cronjobs
|
114
|
-
|
112
|
+
msg = @node.messages.add('deleting old duplicity cronjobs')
|
115
113
|
@node.rm '/etc/cron.*/duplicity*', :quiet => true
|
116
|
-
|
114
|
+
msg.ok
|
117
115
|
end
|
118
116
|
|
119
117
|
end
|
@@ -12,9 +12,9 @@ class EtcHosts < Recipe
|
|
12
12
|
|
13
13
|
desc 'etc_hosts:status', 'shows current /etc/hosts'
|
14
14
|
def status
|
15
|
-
|
15
|
+
msg = @node.messages.add('getting /etc/hosts')
|
16
16
|
ret = @node.exec 'cat /etc/hosts'
|
17
|
-
|
18
|
-
|
17
|
+
msg.parse_result(ret[:exit_code])
|
18
|
+
msg.print_output(ret)
|
19
19
|
end
|
20
20
|
end
|
@@ -1,5 +1,5 @@
|
|
1
1
|
class HashCheck < Recipe
|
2
|
-
|
2
|
+
|
3
3
|
desc 'hash_check:deploy', 'checks /etc/shadow for weak hashes'
|
4
4
|
def deploy
|
5
5
|
# those keys indicate that no password is set, or login is disabled
|
@@ -8,7 +8,7 @@ class HashCheck < Recipe
|
|
8
8
|
weak_passwords = File.open "#{@template_path}/weak_passwords", 'r'
|
9
9
|
|
10
10
|
shadow = @node.exec('getent shadow')[:stdout]
|
11
|
-
|
11
|
+
@node.messages.add("checking for weak password hashes\n")
|
12
12
|
|
13
13
|
found_weak = false
|
14
14
|
shadow.each_line do |line|
|
@@ -25,17 +25,16 @@ class HashCheck < Recipe
|
|
25
25
|
ret = @node.exec("python -c \"import crypt; print(crypt.crypt('#{password}', '\\$#{method}\\$#{salt}\\$'));\"")
|
26
26
|
|
27
27
|
unless ret[:exit_code] == 0
|
28
|
-
|
29
|
-
return false
|
28
|
+
return msg.failed('error during hash creation (is python installed?)')
|
30
29
|
end
|
31
30
|
if hash == ret[:stdout].chomp
|
32
|
-
|
31
|
+
@node.messages.add("user #{user} has a weak password! (#{password})", :indent => 2).failed
|
33
32
|
found_weak = true
|
34
33
|
end
|
35
34
|
end
|
36
35
|
end
|
37
36
|
|
38
37
|
weak_passwords.close
|
39
|
-
|
38
|
+
@node.messages.add('none found.', :indent => 2).ok unless found_weak
|
40
39
|
end
|
41
40
|
end
|
@@ -24,7 +24,7 @@ class Iptables < Recipe
|
|
24
24
|
@script = ''
|
25
25
|
@ip_version = v
|
26
26
|
|
27
|
-
|
27
|
+
@node.messages.add("generating ipv#{@ip_version} rules\n")
|
28
28
|
|
29
29
|
clear_all
|
30
30
|
populate_rule_defaults
|
@@ -32,18 +32,15 @@ class Iptables < Recipe
|
|
32
32
|
|
33
33
|
deploy_script
|
34
34
|
apply_rules
|
35
|
-
|
36
|
-
puts
|
37
35
|
end
|
38
36
|
end
|
39
37
|
|
40
38
|
desc 'iptables:status', 'displays iptables rules'
|
41
39
|
def status
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
::Dust.print_msg @node.exec('ip6tables -L -v -n')[:stdout], :indent => 0
|
40
|
+
@node.messages.add('displaying iptables rules (ipv4)').ok
|
41
|
+
@node.messages.add(@node.exec('iptables -L -v -n')[:stdout], :indent => 0)
|
42
|
+
@node.messages.add('displaying iptables rules (ipv6)').ok
|
43
|
+
@node.messages.add(@node.exec('ip6tables -L -v -n')[:stdout], :indent => 0)
|
47
44
|
end
|
48
45
|
|
49
46
|
private
|
@@ -152,14 +149,13 @@ class Iptables < Recipe
|
|
152
149
|
rules = get_rules_for_table chain_rules, table
|
153
150
|
next if rules.empty?
|
154
151
|
|
155
|
-
#::Dust.print_msg "#{::Dust.pink}#{chain}#{::Dust.none} rules\n", :indent => 3
|
156
152
|
rules.sort.each do |name, rule|
|
157
153
|
next unless rule['table'].include? table
|
158
154
|
next unless check_ip_version rule
|
159
155
|
|
160
|
-
|
156
|
+
msg = @node.messages.add("adding rule: #{name}", :indent => 2)
|
161
157
|
generate_iptables_string chain, rule
|
162
|
-
|
158
|
+
msg.ok
|
163
159
|
end
|
164
160
|
end
|
165
161
|
@script << "COMMIT\n" if @node.uses_rpm?
|
@@ -187,7 +183,6 @@ class Iptables < Recipe
|
|
187
183
|
# generates the iptables string out of a rule
|
188
184
|
def generate_iptables_string chain, rule
|
189
185
|
parse_rule(rule).each do |r|
|
190
|
-
#::Dust.print_msg "#{::Dust.grey}#{r.join ' '}#{::Dust.none}\n", :indent => 5
|
191
186
|
@script << "--append #{chain.upcase} #{r.join ' '}\n"
|
192
187
|
end
|
193
188
|
end
|
@@ -290,22 +285,22 @@ class Iptables < Recipe
|
|
290
285
|
# apply newly pushed rules
|
291
286
|
def apply_rules
|
292
287
|
if @options.restart?
|
293
|
-
|
288
|
+
msg = @node.messages.add("applying ipv#{@ip_version} rules")
|
294
289
|
|
295
290
|
if @node.uses_rpm?
|
296
|
-
|
291
|
+
msg.parse_result(@node.exec("/etc/init.d/#{cmd} restart")[:exit_code])
|
297
292
|
|
298
293
|
else
|
299
294
|
ret = @node.exec get_target
|
300
|
-
|
295
|
+
msg.parse_result( (ret[:exit_code] == 0 and ret[:stdout].empty? and ret[:stderr].empty?) )
|
301
296
|
end
|
302
297
|
end
|
303
298
|
|
304
299
|
# on gentoo, rules have to be saved using the init script,
|
305
300
|
# otherwise they won't get re-applied on next startup
|
306
301
|
if @node.uses_emerge?
|
307
|
-
|
308
|
-
|
302
|
+
msg = @node.messages.add("saving ipv#{@ip_version} rules")
|
303
|
+
msg.parse_result(@node.exec("/etc/init.d/#{cmd} save")[:exit_code])
|
309
304
|
end
|
310
305
|
end
|
311
306
|
|