dust-deploy 0.13.12 → 0.13.13

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/changelog.md +7 -0
  2. data/lib/dust/recipes/iptables.rb +43 -31
  3. data/lib/dust/recipes/ssh_config.rb +48 -0
  4. data/lib/dust/version.rb +1 -1
  5. metadata +3 -2
data/changelog.md CHANGED
@@ -1,6 +1,13 @@
1
1
  Changelog
2
2
  =============
3
3
 
4
+ 0.13.13
5
+ ------------
6
+
7
+ - adds ssh_config recipe
8
+ - fixes iptables workaround issues for debian and openwrt, uses workaround for ipv6 only on debian
9
+
10
+
4
11
  0.13.12
5
12
  ------------
6
13
 
data/lib/dust/recipes/iptables.rb CHANGED
@@ -32,8 +32,14 @@ class Iptables < Recipe
32
32
  generate_all_rules
33
33
 
34
34
  deploy_script
35
+ workaround_setup
36
+
35
37
  apply_rules if @options.restart?
36
38
  end
39
+
40
+ # deploy workarounds
41
+ workaround_exec
42
+ @node.autostart_service('iptables-persistent') if @node.uses_apt?
37
43
  end
38
44
 
39
45
  desc 'iptables:status', 'displays iptables rules'
@@ -250,50 +256,56 @@ class Iptables < Recipe
250
256
  # create directory if not existend
251
257
  @node.mkdir(File.dirname(target)) unless @node.dir_exists?(File.dirname(target), :quiet => true)
252
258
 
253
- # overwrite openwrt firewall configuration
254
- # and only use our script
255
- if @node.uses_opkg?
256
- @node.write '/etc/config/firewall',
257
- "config include\n\toption path /etc/firewall.sh\n"
259
+ @node.write(target, @script, :quiet => true)
260
+ @node.chmod('0600', target)
261
+ end
258
262
 
259
- workaround_script = '/etc/firewall.sh'
263
+ def workaround_setup
264
+ # openwrt always needs the workaround
265
+ if @node.uses_opkg?
266
+ @workaround = { 'path' => '/etc/firewall.sh' }
260
267
 
261
268
  # iptables-persistent < version 0.5.1 doesn't support ipv6
262
269
  # so doing a workaround
263
- elsif @node.uses_apt?
264
- # check if iptables-persistent is new enough
270
+ elsif @node.uses_apt? and @ip_version == 6
265
271
  unless @node.package_min_version?('iptables-persistent', '0.5.1', :quiet => true)
266
- @node.messages.add('iptables-persistent too old (< 0.5.1), using workaround').warning
267
- workaround_script = '/etc/network/if-pre-up.d/iptables'
272
+ @node.messages.add('iptables-persistent too old (< 0.5.1), using workaround for ipv6').warning
273
+ @workaround = { 'path' => '/etc/network/if-pre-up.d/ip6tables' }
268
274
  end
269
275
  end
270
276
 
271
- if workaround_script
272
- msg = @node.messages.add("deploying workaround script to #{workaround_script}", :indent => 2)
273
- msg.parse_result(@node.write(workaround_script,
274
- "#!/bin/sh\n\n" +
275
- "iptables-restore < #{target}\n" +
276
- "ip6tables-restore < #{target}\n", :quiet => true))
277
+ return unless @workaround
277
278
 
278
- @node.chmod('0700', workaround_script, :indent => 2)
279
+ @workaround['script'] ||= "#!/bin/sh\n\n"
280
+ @workaround['script'] << "iptables-restore < #{get_target}\n"
281
+ end
279
282
 
280
- if @node.uses_apt?
281
- # deactivate iptables-persistent initscript
282
- msg = @node.messages.add('deactivating iptables-persistent initscript', :indent => 2)
283
- msg.parse_result(@node.exec('update-rc.d iptables-persistent remove')[:exit_code])
284
- end
285
- else
286
- @node.autostart_service('iptables-persistent') if @node.uses_apt?
287
- end
283
+ def workaround_exec
284
+ return unless @workaround
288
285
 
289
- # disable firewall hotplug scripts on openwrt
290
- if @node.uses_opkg?
291
- msg = @node.messages.add('disabling firewall hotplug scripts in /etc/hotplug.d/firewall')
286
+ @node.messages.add('deploying workarounds').warning
287
+ msg = @node.messages.add("deploying script to #{@workaround['path']}", :indent => 2)
288
+ msg.parse_result(@node.write(@workaround['path'], @workaround['script'], :quiet => true))
289
+ @node.chmod('0700', @workaround['path'], :indent => 2)
290
+
291
+ if @node.uses_apt?
292
+ # < 0.5.1 uses rules instead of rules.ipver
293
+ # remove old rules script and symlink it to ours
294
+ @node.messages.add('iptables-persistent < 0.5.1 uses rules instead of rules.v4, symlinking',
295
+ :indent => 2).warning
296
+ @node.rm('/etc/iptables/rules', :indent => 3)
297
+ @node.symlink('/etc/iptables/rules.v4', '/etc/iptables/rules', :indent => 3)
298
+
299
+ elsif @node.uses_opkg?
300
+ # overwrite openwrt firewall configuration
301
+ # and only use our script
302
+ @node.write('/etc/config/firewall',
303
+ "config include\n\toption path /etc/firewall.sh\n", :indent => 2)
304
+
305
+ # disable openwrt firewall hotplug scripts
306
+ msg = @node.messages.add('disabling firewall hotplug scripts in /etc/hotplug.d/firewall', :indent => 2)
292
307
  msg.parse_result(@node.exec('chmod -x /etc/hotplug.d/firewall/*')[:exit_code])
293
308
  end
294
-
295
- @node.write(target, @script, :quiet => true)
296
- @node.chmod('0600', target)
297
309
  end
298
310
 
299
311
  # apply newly pushed rules
data/lib/dust/recipes/ssh_config.rb ADDED
@@ -0,0 +1,48 @@
1
+ class Ssh_config < Recipe
2
+
3
+ desc 'ssh_config:deploy', 'deploys /etc/ssh/ssh_config'
4
+ def deploy
5
+ return unless install
6
+ @config = @config.deep_merge(default_config)
7
+ @node.write('/etc/ssh/ssh_config', generate_ssh_config)
8
+ end
9
+
10
+
11
+ private
12
+
13
+ def install
14
+ return @node.install_package('openssh-client') if @node.uses_apt?
15
+ return @node.install_package('openssh-clients') if @node.uses_rpm?
16
+ return @node.install_package('openssh') if @node.uses_pacman?
17
+ false
18
+ end
19
+
20
+ def default_config
21
+ { 'Host *' =>
22
+ {
23
+ 'ForwardX11Trusted' => 'yes',
24
+ 'SendEnv' => [ 'LANG LC_*', 'XMODIFIERS' ],
25
+ 'HashKnownHosts' => 'yes',
26
+ 'GSSAPIAuthentication' => 'yes',
27
+ 'GSSAPIDelegateCredentials' => 'no'
28
+ }
29
+ }
30
+ end
31
+
32
+ def generate_ssh_config
33
+ ssh_config = ''
34
+ @config.each do |key, value|
35
+
36
+ # hashes are blocks, indent them
37
+ if value.is_a? Hash
38
+ ssh_config << "#{key}\n"
39
+ value.each do |k, v|
40
+ v.to_array.each { |x| ssh_config << " #{k} #{x}\n" }
41
+ end
42
+ else
43
+ value.to_array.each { |x| ssh_config << "#{key} #{x}\n" }
44
+ end
45
+ end
46
+ ssh_config
47
+ end
48
+ end
data/lib/dust/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dust
2
- VERSION = "0.13.12"
2
+ VERSION = "0.13.13"
3
3
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dust-deploy
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.13.12
4
+ version: 0.13.13
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -9,7 +9,7 @@ authors:
9
9
  autorequire:
10
10
  bindir: bin
11
11
  cert_chain: []
12
- date: 2012-06-29 00:00:00.000000000 Z
12
+ date: 2012-07-02 00:00:00.000000000 Z
13
13
  dependencies:
14
14
  - !ruby/object:Gem::Dependency
15
15
  name: json
@@ -200,6 +200,7 @@ files:
200
200
  - lib/dust/recipes/ruby_rvm.rb
201
201
  - lib/dust/recipes/skel.rb
202
202
  - lib/dust/recipes/ssh_authorized_keys.rb
203
+ - lib/dust/recipes/ssh_config.rb
203
204
  - lib/dust/recipes/sshd.rb
204
205
  - lib/dust/recipes/sudoers.rb
205
206
  - lib/dust/recipes/sysctl.rb