dust-deploy 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -1,6 +1,13 @@
1
1
  Changelog
2
2
  =============
3
3
 
4
+ 0.3.1
5
+ ------------
6
+
7
+ - hacked in nat table support for rpm-like systems, no support for other tables yet though (like mangle)
8
+ - small adjustment in repositories recipe
9
+
10
+
4
11
  0.3.0
5
12
  ------------
6
13
 
@@ -32,24 +32,33 @@ class Iptables < Thor
32
32
  ::Dust.print_msg "configuring and deploying ipv4 rules\n" if ipv4
33
33
  ::Dust.print_msg "configuring and deploying ipv6 rules\n" if ipv6
34
34
 
35
- iptables_script = ''
35
+ iptables_filter = ''
36
+ iptables_nat = '' if node.uses_rpm?
36
37
 
37
38
  # default policy for chains
38
39
  if node.uses_apt? or node.uses_emerge?
39
- iptables_script += rules['input'] ? "-P INPUT DROP\n" : "-P INPUT ACCEPT\n"
40
- iptables_script += rules['output'] ? "-P OUTPUT DROP\n" : "-P OUTPUT ACCEPT\n"
41
- iptables_script += rules['forward'] ? "-P FORWARD DROP\n" : "-P FORWARD ACCEPT\n"
40
+ iptables_filter += rules['input'] ? "-P INPUT DROP\n" : "-P INPUT ACCEPT\n"
41
+ iptables_filter += rules['output'] ? "-P OUTPUT DROP\n" : "-P OUTPUT ACCEPT\n"
42
+ iptables_filter += rules['forward'] ? "-P FORWARD DROP\n" : "-P FORWARD ACCEPT\n"
42
43
 
43
- iptables_script += "-F\n"
44
- iptables_script += "-F -t nat\n" if ipv4
45
- iptables_script += "-X\n"
44
+ iptables_filter += "-F\n"
45
+ iptables_filter += "-F -t nat\n" if ipv4
46
+ iptables_filter += "-X\n"
46
47
 
47
48
  elsif node.uses_rpm?
48
- iptables_script += "*filter\n"
49
-
50
- iptables_script += rules['input'] ? ":INPUT DROP [0:0]\n" : ":INPUT ACCEPT [0:0]\n"
51
- iptables_script += rules['output'] ? ":OUTPUT DROP [0:0]\n" : ":OUTPUT ACCEPT [0:0]\n"
52
- iptables_script += rules['forward'] ? ":FORWARD DROP [0:0]\n" : ":FORWARD ACCEPT [0:0]\n"
49
+ iptables_filter += "*filter\n"
50
+
51
+ iptables_filter += rules['input'] ? ":INPUT DROP [0:0]\n" : ":INPUT ACCEPT [0:0]\n"
52
+ iptables_filter += rules['output'] ? ":OUTPUT DROP [0:0]\n" : ":OUTPUT ACCEPT [0:0]\n"
53
+ iptables_filter += rules['forward'] ? ":FORWARD DROP [0:0]\n" : ":FORWARD ACCEPT [0:0]\n"
54
+
55
+ # also create a *nat element, centos-like systems need that.
56
+ if ipv4
57
+ iptables_nat += "*nat\n"
58
+ iptables_nat += ":PREROUTING ACCEPT [0:0]\n"
59
+ iptables_nat += ":POSTROUTING ACCEPT [0:0]\n"
60
+ iptables_nat += ":OUTPUT ACCEPT [0:0]\n"
61
+ end
53
62
  end
54
63
 
55
64
  # map rules to iptables strings
@@ -67,20 +76,37 @@ class Iptables < Thor
67
76
 
68
77
  next unless check_ipversion rule, ipv
69
78
 
79
+ # on centos-like machines, nat tables are handled differently
80
+ # remove --table argument and
81
+ is_nat = false
82
+ if node.uses_rpm? and rule['table']
83
+ rule.delete 'table'
84
+ is_nat = true
85
+ end
86
+
70
87
  parse_rule(rule).each do |r|
71
88
  # TODO: parse nicer output
72
89
  ::Dust.print_msg "#{name}:#{::Dust.grey 0} '#{r.join ' ' }'#{::Dust.none}\n", :indent => 3
73
- iptables_script += "-A #{chain.upcase} #{r.join ' '}\n"
90
+
91
+ if is_nat
92
+ # handle centos special case
93
+ iptables_nat += "-A #{chain.upcase} #{r.join ' '}\n"
94
+ else
95
+ iptables_filter += "-A #{chain.upcase} #{r.join ' '}\n"
96
+ end
74
97
  end
75
98
  end
76
99
  end
77
100
 
78
101
  # put commit statement for rpm machines
79
- iptables_script += "COMMIT\n" if node.uses_rpm?
102
+ if node.uses_rpm?
103
+ iptables_filter += "COMMIT\n"
104
+ iptables_nat += "COMMIT\n" if ipv4
105
+ end
80
106
 
81
107
  # prepend iptables command on non-centos-like machines
82
108
  if node.uses_apt? or node.uses_emerge?
83
- iptables_script = iptables_script.map { |s| "#{iptables} #{s}" }.to_s
109
+ iptables_filter = iptables_filter.map { |s| "#{iptables} #{s}" }.to_s
84
110
  end
85
111
 
86
112
  # set header
@@ -89,14 +115,17 @@ class Iptables < Thor
89
115
  header = "#!/bin/sh\n"
90
116
  end
91
117
  header += "# automatically generated by dust\n\n"
92
- iptables_script = header + iptables_script
118
+ iptables_filter = header + iptables_filter
119
+
120
+ # append nat table to filter
121
+ iptables_filter = iptables_filter + iptables_nat if node.uses_rpm? and ipv4
93
122
 
94
123
  # set the target file depending on distribution
95
124
  target = "/etc/network/if-pre-up.d/#{iptables}" if node.uses_apt?
96
125
  target = "/etc/#{iptables}" if node.uses_emerge?
97
126
  target = "/etc/sysconfig/#{iptables}" if node.uses_rpm?
98
127
 
99
- node.write target, iptables_script, :quiet => true
128
+ node.write target, iptables_filter, :quiet => true
100
129
 
101
130
  if node.uses_apt? or node.uses_emerge?
102
131
  node.chmod '700', target
@@ -1,6 +1,7 @@
1
1
  class Repositories < Thor
2
2
  desc 'repositories:deploy', 'configures package management repositories (aptitude, yum)'
3
3
  def deploy node, repos, options
4
+ node.collect_facts
4
5
 
5
6
  if node.uses_apt? :quiet=>false
6
7
  :: Dust.print_msg 'deleting old repositories'
@@ -1,3 +1,3 @@
1
1
  module Dust
2
- VERSION = "0.3.0"
2
+ VERSION = "0.3.1"
3
3
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 3
8
- - 0
9
- version: 0.3.0
8
+ - 1
9
+ version: 0.3.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2012-01-10 00:00:00 +01:00
17
+ date: 2012-01-12 00:00:00 +01:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency