dust-deploy 0.13.12 → 0.13.13
Sign up to get free protection for your applications and to get access to all the features.
- data/changelog.md +7 -0
- data/lib/dust/recipes/iptables.rb +43 -31
- data/lib/dust/recipes/ssh_config.rb +48 -0
- data/lib/dust/version.rb +1 -1
- metadata +3 -2
data/changelog.md
CHANGED
@@ -32,8 +32,14 @@ class Iptables < Recipe
|
|
32
32
|
generate_all_rules
|
33
33
|
|
34
34
|
deploy_script
|
35
|
+
workaround_setup
|
36
|
+
|
35
37
|
apply_rules if @options.restart?
|
36
38
|
end
|
39
|
+
|
40
|
+
# deploy workarounds
|
41
|
+
workaround_exec
|
42
|
+
@node.autostart_service('iptables-persistent') if @node.uses_apt?
|
37
43
|
end
|
38
44
|
|
39
45
|
desc 'iptables:status', 'displays iptables rules'
|
@@ -250,50 +256,56 @@ class Iptables < Recipe
|
|
250
256
|
# create directory if not existend
|
251
257
|
@node.mkdir(File.dirname(target)) unless @node.dir_exists?(File.dirname(target), :quiet => true)
|
252
258
|
|
253
|
-
|
254
|
-
|
255
|
-
|
256
|
-
@node.write '/etc/config/firewall',
|
257
|
-
"config include\n\toption path /etc/firewall.sh\n"
|
259
|
+
@node.write(target, @script, :quiet => true)
|
260
|
+
@node.chmod('0600', target)
|
261
|
+
end
|
258
262
|
|
259
|
-
|
263
|
+
def workaround_setup
|
264
|
+
# openwrt always needs the workaround
|
265
|
+
if @node.uses_opkg?
|
266
|
+
@workaround = { 'path' => '/etc/firewall.sh' }
|
260
267
|
|
261
268
|
# iptables-persistent < version 0.5.1 doesn't support ipv6
|
262
269
|
# so doing a workaround
|
263
|
-
elsif @node.uses_apt?
|
264
|
-
# check if iptables-persistent is new enough
|
270
|
+
elsif @node.uses_apt? and @ip_version == 6
|
265
271
|
unless @node.package_min_version?('iptables-persistent', '0.5.1', :quiet => true)
|
266
|
-
@node.messages.add('iptables-persistent too old (< 0.5.1), using workaround').warning
|
267
|
-
|
272
|
+
@node.messages.add('iptables-persistent too old (< 0.5.1), using workaround for ipv6').warning
|
273
|
+
@workaround = { 'path' => '/etc/network/if-pre-up.d/ip6tables' }
|
268
274
|
end
|
269
275
|
end
|
270
276
|
|
271
|
-
|
272
|
-
msg = @node.messages.add("deploying workaround script to #{workaround_script}", :indent => 2)
|
273
|
-
msg.parse_result(@node.write(workaround_script,
|
274
|
-
"#!/bin/sh\n\n" +
|
275
|
-
"iptables-restore < #{target}\n" +
|
276
|
-
"ip6tables-restore < #{target}\n", :quiet => true))
|
277
|
+
return unless @workaround
|
277
278
|
|
278
|
-
|
279
|
+
@workaround['script'] ||= "#!/bin/sh\n\n"
|
280
|
+
@workaround['script'] << "iptables-restore < #{get_target}\n"
|
281
|
+
end
|
279
282
|
|
280
|
-
|
281
|
-
|
282
|
-
msg = @node.messages.add('deactivating iptables-persistent initscript', :indent => 2)
|
283
|
-
msg.parse_result(@node.exec('update-rc.d iptables-persistent remove')[:exit_code])
|
284
|
-
end
|
285
|
-
else
|
286
|
-
@node.autostart_service('iptables-persistent') if @node.uses_apt?
|
287
|
-
end
|
283
|
+
def workaround_exec
|
284
|
+
return unless @workaround
|
288
285
|
|
289
|
-
|
290
|
-
|
291
|
-
|
286
|
+
@node.messages.add('deploying workarounds').warning
|
287
|
+
msg = @node.messages.add("deploying script to #{@workaround['path']}", :indent => 2)
|
288
|
+
msg.parse_result(@node.write(@workaround['path'], @workaround['script'], :quiet => true))
|
289
|
+
@node.chmod('0700', @workaround['path'], :indent => 2)
|
290
|
+
|
291
|
+
if @node.uses_apt?
|
292
|
+
# < 0.5.1 uses rules instead of rules.ipver
|
293
|
+
# remove old rules script and symlink it to ours
|
294
|
+
@node.messages.add('iptables-persistent < 0.5.1 uses rules instead of rules.v4, symlinking',
|
295
|
+
:indent => 2).warning
|
296
|
+
@node.rm('/etc/iptables/rules', :indent => 3)
|
297
|
+
@node.symlink('/etc/iptables/rules.v4', '/etc/iptables/rules', :indent => 3)
|
298
|
+
|
299
|
+
elsif @node.uses_opkg?
|
300
|
+
# overwrite openwrt firewall configuration
|
301
|
+
# and only use our script
|
302
|
+
@node.write('/etc/config/firewall',
|
303
|
+
"config include\n\toption path /etc/firewall.sh\n", :indent => 2)
|
304
|
+
|
305
|
+
# disable openwrt firewall hotplug scripts
|
306
|
+
msg = @node.messages.add('disabling firewall hotplug scripts in /etc/hotplug.d/firewall', :indent => 2)
|
292
307
|
msg.parse_result(@node.exec('chmod -x /etc/hotplug.d/firewall/*')[:exit_code])
|
293
308
|
end
|
294
|
-
|
295
|
-
@node.write(target, @script, :quiet => true)
|
296
|
-
@node.chmod('0600', target)
|
297
309
|
end
|
298
310
|
|
299
311
|
# apply newly pushed rules
|
@@ -0,0 +1,48 @@
|
|
1
|
+
class Ssh_config < Recipe
|
2
|
+
|
3
|
+
desc 'ssh_config:deploy', 'deploys /etc/ssh/ssh_config'
|
4
|
+
def deploy
|
5
|
+
return unless install
|
6
|
+
@config = @config.deep_merge(default_config)
|
7
|
+
@node.write('/etc/ssh/ssh_config', generate_ssh_config)
|
8
|
+
end
|
9
|
+
|
10
|
+
|
11
|
+
private
|
12
|
+
|
13
|
+
def install
|
14
|
+
return @node.install_package('openssh-client') if @node.uses_apt?
|
15
|
+
return @node.install_package('openssh-clients') if @node.uses_rpm?
|
16
|
+
return @node.install_package('openssh') if @node.uses_pacman?
|
17
|
+
false
|
18
|
+
end
|
19
|
+
|
20
|
+
def default_config
|
21
|
+
{ 'Host *' =>
|
22
|
+
{
|
23
|
+
'ForwardX11Trusted' => 'yes',
|
24
|
+
'SendEnv' => [ 'LANG LC_*', 'XMODIFIERS' ],
|
25
|
+
'HashKnownHosts' => 'yes',
|
26
|
+
'GSSAPIAuthentication' => 'yes',
|
27
|
+
'GSSAPIDelegateCredentials' => 'no'
|
28
|
+
}
|
29
|
+
}
|
30
|
+
end
|
31
|
+
|
32
|
+
def generate_ssh_config
|
33
|
+
ssh_config = ''
|
34
|
+
@config.each do |key, value|
|
35
|
+
|
36
|
+
# hashes are blocks, indent them
|
37
|
+
if value.is_a? Hash
|
38
|
+
ssh_config << "#{key}\n"
|
39
|
+
value.each do |k, v|
|
40
|
+
v.to_array.each { |x| ssh_config << " #{k} #{x}\n" }
|
41
|
+
end
|
42
|
+
else
|
43
|
+
value.to_array.each { |x| ssh_config << "#{key} #{x}\n" }
|
44
|
+
end
|
45
|
+
end
|
46
|
+
ssh_config
|
47
|
+
end
|
48
|
+
end
|
data/lib/dust/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dust-deploy
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.13.
|
4
|
+
version: 0.13.13
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-07-02 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: json
|
@@ -200,6 +200,7 @@ files:
|
|
200
200
|
- lib/dust/recipes/ruby_rvm.rb
|
201
201
|
- lib/dust/recipes/skel.rb
|
202
202
|
- lib/dust/recipes/ssh_authorized_keys.rb
|
203
|
+
- lib/dust/recipes/ssh_config.rb
|
203
204
|
- lib/dust/recipes/sshd.rb
|
204
205
|
- lib/dust/recipes/sudoers.rb
|
205
206
|
- lib/dust/recipes/sysctl.rb
|