dust-deploy 0.3.0 → 0.3.1

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/changelog.md +7 -0
  2. data/lib/dust/recipes/iptables.rb +46 -17
  3. data/lib/dust/recipes/repositories.rb +1 -0
  4. data/lib/dust/version.rb +1 -1
  5. metadata +3 -3
data/changelog.md CHANGED
@@ -1,6 +1,13 @@
1
1
  Changelog
2
2
  =============
3
3
 
4
+ 0.3.1
5
+ ------------
6
+
7
+ - hacked in nat table support for rpm-like systems, no support for other tables yet though (like mangle)
8
+ - small adjustment in repositories recipe
9
+
10
+
4
11
  0.3.0
5
12
  ------------
6
13
 
data/lib/dust/recipes/iptables.rb CHANGED
@@ -32,24 +32,33 @@ class Iptables < Thor
32
32
  ::Dust.print_msg "configuring and deploying ipv4 rules\n" if ipv4
33
33
  ::Dust.print_msg "configuring and deploying ipv6 rules\n" if ipv6
34
34
 
35
- iptables_script = ''
35
+ iptables_filter = ''
36
+ iptables_nat = '' if node.uses_rpm?
36
37
 
37
38
  # default policy for chains
38
39
  if node.uses_apt? or node.uses_emerge?
39
- iptables_script += rules['input'] ? "-P INPUT DROP\n" : "-P INPUT ACCEPT\n"
40
- iptables_script += rules['output'] ? "-P OUTPUT DROP\n" : "-P OUTPUT ACCEPT\n"
41
- iptables_script += rules['forward'] ? "-P FORWARD DROP\n" : "-P FORWARD ACCEPT\n"
40
+ iptables_filter += rules['input'] ? "-P INPUT DROP\n" : "-P INPUT ACCEPT\n"
41
+ iptables_filter += rules['output'] ? "-P OUTPUT DROP\n" : "-P OUTPUT ACCEPT\n"
42
+ iptables_filter += rules['forward'] ? "-P FORWARD DROP\n" : "-P FORWARD ACCEPT\n"
42
43
 
43
- iptables_script += "-F\n"
44
- iptables_script += "-F -t nat\n" if ipv4
45
- iptables_script += "-X\n"
44
+ iptables_filter += "-F\n"
45
+ iptables_filter += "-F -t nat\n" if ipv4
46
+ iptables_filter += "-X\n"
46
47
 
47
48
  elsif node.uses_rpm?
48
- iptables_script += "*filter\n"
49
-
50
- iptables_script += rules['input'] ? ":INPUT DROP [0:0]\n" : ":INPUT ACCEPT [0:0]\n"
51
- iptables_script += rules['output'] ? ":OUTPUT DROP [0:0]\n" : ":OUTPUT ACCEPT [0:0]\n"
52
- iptables_script += rules['forward'] ? ":FORWARD DROP [0:0]\n" : ":FORWARD ACCEPT [0:0]\n"
49
+ iptables_filter += "*filter\n"
50
+
51
+ iptables_filter += rules['input'] ? ":INPUT DROP [0:0]\n" : ":INPUT ACCEPT [0:0]\n"
52
+ iptables_filter += rules['output'] ? ":OUTPUT DROP [0:0]\n" : ":OUTPUT ACCEPT [0:0]\n"
53
+ iptables_filter += rules['forward'] ? ":FORWARD DROP [0:0]\n" : ":FORWARD ACCEPT [0:0]\n"
54
+
55
+ # also create a *nat element, centos-like systems need that.
56
+ if ipv4
57
+ iptables_nat += "*nat\n"
58
+ iptables_nat += ":PREROUTING ACCEPT [0:0]\n"
59
+ iptables_nat += ":POSTROUTING ACCEPT [0:0]\n"
60
+ iptables_nat += ":OUTPUT ACCEPT [0:0]\n"
61
+ end
53
62
  end
54
63
 
55
64
  # map rules to iptables strings
@@ -67,20 +76,37 @@ class Iptables < Thor
67
76
 
68
77
  next unless check_ipversion rule, ipv
69
78
 
79
+ # on centos-like machines, nat tables are handled differently
80
+ # remove --table argument and
81
+ is_nat = false
82
+ if node.uses_rpm? and rule['table']
83
+ rule.delete 'table'
84
+ is_nat = true
85
+ end
86
+
70
87
  parse_rule(rule).each do |r|
71
88
  # TODO: parse nicer output
72
89
  ::Dust.print_msg "#{name}:#{::Dust.grey 0} '#{r.join ' ' }'#{::Dust.none}\n", :indent => 3
73
- iptables_script += "-A #{chain.upcase} #{r.join ' '}\n"
90
+
91
+ if is_nat
92
+ # handle centos special case
93
+ iptables_nat += "-A #{chain.upcase} #{r.join ' '}\n"
94
+ else
95
+ iptables_filter += "-A #{chain.upcase} #{r.join ' '}\n"
96
+ end
74
97
  end
75
98
  end
76
99
  end
77
100
 
78
101
  # put commit statement for rpm machines
79
- iptables_script += "COMMIT\n" if node.uses_rpm?
102
+ if node.uses_rpm?
103
+ iptables_filter += "COMMIT\n"
104
+ iptables_nat += "COMMIT\n" if ipv4
105
+ end
80
106
 
81
107
  # prepend iptables command on non-centos-like machines
82
108
  if node.uses_apt? or node.uses_emerge?
83
- iptables_script = iptables_script.map { |s| "#{iptables} #{s}" }.to_s
109
+ iptables_filter = iptables_filter.map { |s| "#{iptables} #{s}" }.to_s
84
110
  end
85
111
 
86
112
  # set header
@@ -89,14 +115,17 @@ class Iptables < Thor
89
115
  header = "#!/bin/sh\n"
90
116
  end
91
117
  header += "# automatically generated by dust\n\n"
92
- iptables_script = header + iptables_script
118
+ iptables_filter = header + iptables_filter
119
+
120
+ # append nat table to filter
121
+ iptables_filter = iptables_filter + iptables_nat if node.uses_rpm? and ipv4
93
122
 
94
123
  # set the target file depending on distribution
95
124
  target = "/etc/network/if-pre-up.d/#{iptables}" if node.uses_apt?
96
125
  target = "/etc/#{iptables}" if node.uses_emerge?
97
126
  target = "/etc/sysconfig/#{iptables}" if node.uses_rpm?
98
127
 
99
- node.write target, iptables_script, :quiet => true
128
+ node.write target, iptables_filter, :quiet => true
100
129
 
101
130
  if node.uses_apt? or node.uses_emerge?
102
131
  node.chmod '700', target
data/lib/dust/recipes/repositories.rb CHANGED
@@ -1,6 +1,7 @@
1
1
  class Repositories < Thor
2
2
  desc 'repositories:deploy', 'configures package management repositories (aptitude, yum)'
3
3
  def deploy node, repos, options
4
+ node.collect_facts
4
5
 
5
6
  if node.uses_apt? :quiet=>false
6
7
  :: Dust.print_msg 'deleting old repositories'
data/lib/dust/version.rb CHANGED
@@ -1,3 +1,3 @@
1
1
  module Dust
2
- VERSION = "0.3.0"
2
+ VERSION = "0.3.1"
3
3
  end
metadata CHANGED
@@ -5,8 +5,8 @@ version: !ruby/object:Gem::Version
5
5
  segments:
6
6
  - 0
7
7
  - 3
8
- - 0
9
- version: 0.3.0
8
+ - 1
9
+ version: 0.3.1
10
10
  platform: ruby
11
11
  authors:
12
12
  - kris kechagia
@@ -14,7 +14,7 @@ autorequire:
14
14
  bindir: bin
15
15
  cert_chain: []
16
16
 
17
- date: 2012-01-10 00:00:00 +01:00
17
+ date: 2012-01-12 00:00:00 +01:00
18
18
  default_executable:
19
19
  dependencies:
20
20
  - !ruby/object:Gem::Dependency