dust-deploy 0.13.12 → 0.13.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. data/changelog.md +7 -0
  2. data/lib/dust/recipes/iptables.rb +43 -31
  3. data/lib/dust/recipes/ssh_config.rb +48 -0
  4. data/lib/dust/version.rb +1 -1
  5. metadata +3 -2
data/changelog.md CHANGED
@@ -1,6 +1,13 @@
1
1
  Changelog
2
2
  =============
3
3
 
4
+ 0.13.13
5
+ ------------
6
+
7
+ - adds ssh_config recipe
8
+ - fixes iptables workaround issues for debian and openwrt, uses workaround for ipv6 only on debian
9
+
10
+
4
11
  0.13.12
5
12
  ------------
6
13
 
data/lib/dust/recipes/iptables.rb CHANGED
@@ -32,8 +32,14 @@ class Iptables < Recipe
32
32
  generate_all_rules
33
33
 
34
34
  deploy_script
35
+ workaround_setup
36
+
35
37
  apply_rules if @options.restart?
36
38
  end
39
+
40
+ # deploy workarounds
41
+ workaround_exec
42
+ @node.autostart_service('iptables-persistent') if @node.uses_apt?
37
43
  end
38
44
 
39
45
  desc 'iptables:status', 'displays iptables rules'
@@ -250,50 +256,56 @@ class Iptables < Recipe
250
256
  # create directory if not existend
251
257
  @node.mkdir(File.dirname(target)) unless @node.dir_exists?(File.dirname(target), :quiet => true)
252
258
 
253
- # overwrite openwrt firewall configuration
254
- # and only use our script
255
- if @node.uses_opkg?
256
- @node.write '/etc/config/firewall',
257
- "config include\n\toption path /etc/firewall.sh\n"
259
+ @node.write(target, @script, :quiet => true)
260
+ @node.chmod('0600', target)
261
+ end
258
262
 
259
- workaround_script = '/etc/firewall.sh'
263
+ def workaround_setup
264
+ # openwrt always needs the workaround
265
+ if @node.uses_opkg?
266
+ @workaround = { 'path' => '/etc/firewall.sh' }
260
267
 
261
268
  # iptables-persistent < version 0.5.1 doesn't support ipv6
262
269
  # so doing a workaround
263
- elsif @node.uses_apt?
264
- # check if iptables-persistent is new enough
270
+ elsif @node.uses_apt? and @ip_version == 6
265
271
  unless @node.package_min_version?('iptables-persistent', '0.5.1', :quiet => true)
266
- @node.messages.add('iptables-persistent too old (< 0.5.1), using workaround').warning
267
- workaround_script = '/etc/network/if-pre-up.d/iptables'
272
+ @node.messages.add('iptables-persistent too old (< 0.5.1), using workaround for ipv6').warning
273
+ @workaround = { 'path' => '/etc/network/if-pre-up.d/ip6tables' }
268
274
  end
269
275
  end
270
276
 
271
- if workaround_script
272
- msg = @node.messages.add("deploying workaround script to #{workaround_script}", :indent => 2)
273
- msg.parse_result(@node.write(workaround_script,
274
- "#!/bin/sh\n\n" +
275
- "iptables-restore < #{target}\n" +
276
- "ip6tables-restore < #{target}\n", :quiet => true))
277
+ return unless @workaround
277
278
 
278
- @node.chmod('0700', workaround_script, :indent => 2)
279
+ @workaround['script'] ||= "#!/bin/sh\n\n"
280
+ @workaround['script'] << "iptables-restore < #{get_target}\n"
281
+ end
279
282
 
280
- if @node.uses_apt?
281
- # deactivate iptables-persistent initscript
282
- msg = @node.messages.add('deactivating iptables-persistent initscript', :indent => 2)
283
- msg.parse_result(@node.exec('update-rc.d iptables-persistent remove')[:exit_code])
284
- end
285
- else
286
- @node.autostart_service('iptables-persistent') if @node.uses_apt?
287
- end
283
+ def workaround_exec
284
+ return unless @workaround
288
285
 
289
- # disable firewall hotplug scripts on openwrt
290
- if @node.uses_opkg?
291
- msg = @node.messages.add('disabling firewall hotplug scripts in /etc/hotplug.d/firewall')
286
+ @node.messages.add('deploying workarounds').warning
287
+ msg = @node.messages.add("deploying script to #{@workaround['path']}", :indent => 2)
288
+ msg.parse_result(@node.write(@workaround['path'], @workaround['script'], :quiet => true))
289
+ @node.chmod('0700', @workaround['path'], :indent => 2)
290
+
291
+ if @node.uses_apt?
292
+ # < 0.5.1 uses rules instead of rules.ipver
293
+ # remove old rules script and symlink it to ours
294
+ @node.messages.add('iptables-persistent < 0.5.1 uses rules instead of rules.v4, symlinking',
295
+ :indent => 2).warning
296
+ @node.rm('/etc/iptables/rules', :indent => 3)
297
+ @node.symlink('/etc/iptables/rules.v4', '/etc/iptables/rules', :indent => 3)
298
+
299
+ elsif @node.uses_opkg?
300
+ # overwrite openwrt firewall configuration
301
+ # and only use our script
302
+ @node.write('/etc/config/firewall',
303
+ "config include\n\toption path /etc/firewall.sh\n", :indent => 2)
304
+
305
+ # disable openwrt firewall hotplug scripts
306
+ msg = @node.messages.add('disabling firewall hotplug scripts in /etc/hotplug.d/firewall', :indent => 2)
292
307
  msg.parse_result(@node.exec('chmod -x /etc/hotplug.d/firewall/*')[:exit_code])
293
308
  end
294
-
295
- @node.write(target, @script, :quiet => true)
296
- @node.chmod('0600', target)
297
309
  end
298
310
 
299
311
  # apply newly pushed rules
data/lib/dust/recipes/ssh_config.rb ADDED
@@ -0,0 +1,48 @@
1
+ class Ssh_config < Recipe
2
+
3
+ desc 'ssh_config:deploy', 'deploys /etc/ssh/ssh_config'
4
+ def deploy
5
+ return unless install
6
+ @config = @config.deep_merge(default_config)
7
+ @node.write('/etc/ssh/ssh_config', generate_ssh_config)
8
+ end
9
+
10
+
11
+ private
12
+
13
+ def install
14
+ return @node.install_package('openssh-client') if @node.uses_apt?
15
+ return @node.install_package('openssh-clients') if @node.uses_rpm?
16
+ return @node.install_package('openssh') if @node.uses_pacman?
17
+ false
18
+ end
19
+
20
+ def default_config
21
+ { 'Host *' =>
22
+ {
23
+ 'ForwardX11Trusted' => 'yes',
24
+ 'SendEnv' => [ 'LANG LC_*', 'XMODIFIERS' ],
25
+ 'HashKnownHosts' => 'yes',
26
+ 'GSSAPIAuthentication' => 'yes',
27
+ 'GSSAPIDelegateCredentials' => 'no'
28
+ }
29
+ }
30
+ end
31
+
32
+ def generate_ssh_config
33
+ ssh_config = ''
34
+ @config.each do |key, value|
35
+
36
+ # hashes are blocks, indent them
37
+ if value.is_a? Hash
38
+ ssh_config << "#{key}\n"
39
+ value.each do |k, v|
40
+ v.to_array.each { |x| ssh_config << " #{k} #{x}\n" }
41
+ end
42
+ else
43
+ value.to_array.each { |x| ssh_config << "#{key} #{x}\n" }
44
+ end
45
+ end
46
+ ssh_config
47
+ end
48
+ end
data/lib/dust/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dust
2
- VERSION = "0.13.12"
2
+ VERSION = "0.13.13"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dust-deploy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.13.12
4
+ version: 0.13.13
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-06-29 00:00:00.000000000 Z
12
+ date: 2012-07-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json
@@ -200,6 +200,7 @@ files:
200
200
  - lib/dust/recipes/ruby_rvm.rb
201
201
  - lib/dust/recipes/skel.rb
202
202
  - lib/dust/recipes/ssh_authorized_keys.rb
203
+ - lib/dust/recipes/ssh_config.rb
203
204
  - lib/dust/recipes/sshd.rb
204
205
  - lib/dust/recipes/sudoers.rb
205
206
  - lib/dust/recipes/sysctl.rb