iptables-web 0.3.4 → 0.3.5.pre
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c88d608bca3ca5b66af10b416635051baf9c0cb6
|
|
4
|
+
data.tar.gz: f56fe75a5012aec57a0a83a381e27f3cd5671337
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 85e0aa40dcbbb129c2f1366eef8f10ea849fd71e0e15c3f3cea5ca36147327156ca45c2b398c871af8c2440185b469fe26d860d23f8defa227e63733b59847d6
|
|
7
|
+
data.tar.gz: 887dfd58ba7554dd67e5225e1c11b9c7a41fe80bf4619ae6ad17a38b2804515d4a0706d42e9f29f182202c914c76d8cacc0e10b40dbcf3f55421e5cbb7ec534b
|
data/lib/iptables_web/cli.rb
CHANGED
|
@@ -22,6 +22,10 @@ module IptablesWeb
|
|
|
22
22
|
IptablesWeb.log_path = log_path
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
global_option('--log_level LEVEL', 'Log level') do |log_level|
|
|
26
|
+
IptablesWeb.log_level = log_level
|
|
27
|
+
end
|
|
28
|
+
|
|
25
29
|
global_option('--host URL', 'Server base url') do |server_base_url|
|
|
26
30
|
IptablesWeb.api_base_url = server_base_url
|
|
27
31
|
end
|
|
@@ -10,25 +10,34 @@ module IptablesWeb
|
|
|
10
10
|
c.option '--config STRING', String, 'Path to config file'
|
|
11
11
|
c.option '--print', 'Show rules without restoring'
|
|
12
12
|
c.option '--force', 'Set rules omit checksum check'
|
|
13
|
+
c.option '--dry-run', 'Skip handshake'
|
|
13
14
|
c.action do |_, options|
|
|
14
15
|
begin
|
|
15
16
|
IptablesWeb.configuration.load(options.config) if options.config
|
|
16
17
|
logged_say "Use iptables server #{IptablesWeb.api_base_url}"
|
|
17
18
|
IptablesWeb.pid_file do
|
|
18
|
-
IptablesWeb::Model::Node.handshake do
|
|
19
|
+
IptablesWeb::Model::Node.handshake(options.dry_run || options.print) do
|
|
19
20
|
rules = IptablesWeb::Model::AccessRule.all
|
|
20
21
|
iptables = IptablesWeb::Iptables.new
|
|
21
|
-
|
|
22
|
+
request_etag = rules.response.headers[:etag].first
|
|
22
23
|
if options.print
|
|
23
|
-
logged_say '
|
|
24
|
+
logged_say 'Run client in print mode'
|
|
25
|
+
logged_say 'Nothing changed.' if IptablesWeb.checksum?(request_etag)
|
|
26
|
+
logged_say "Previous checksum #{IptablesWeb.checksum}"
|
|
27
|
+
logged_say "Current checksum #{IptablesWeb.make_checksum(request_etag)}"
|
|
24
28
|
say iptables.render(rules)
|
|
25
29
|
else
|
|
26
|
-
|
|
30
|
+
logged_say 'Run client in DRY-RUN mode' if options.dry_run
|
|
31
|
+
logged_say("Etag value: #{request_etag.inspect}", ::Logger::DEBUG)
|
|
32
|
+
if IptablesWeb.checksum?(request_etag) && !options.force
|
|
27
33
|
logged_say 'Skip iptables update. Nothing changed.'
|
|
28
34
|
else
|
|
29
35
|
logged_say '*** Iptables updated! ***'
|
|
30
|
-
iptables.
|
|
31
|
-
|
|
36
|
+
logger_log(iptables.render(rules), ::Logger::DEBUG)
|
|
37
|
+
unless options.dry_run
|
|
38
|
+
iptables.restore(rules)
|
|
39
|
+
IptablesWeb.checksum = request_etag
|
|
40
|
+
end
|
|
32
41
|
end
|
|
33
42
|
end
|
|
34
43
|
end
|
|
@@ -1,11 +1,25 @@
|
|
|
1
1
|
module IptablesWeb
|
|
2
2
|
class Cli
|
|
3
3
|
class LoggedOutput < ::HighLine
|
|
4
|
+
|
|
5
|
+
LOG_LEVEL_MAP = {
|
|
6
|
+
'debug' => ::Logger::DEBUG,
|
|
7
|
+
'info' => ::Logger::INFO,
|
|
8
|
+
'warn' => ::Logger::WARN,
|
|
9
|
+
'error' => ::Logger::ERROR,
|
|
10
|
+
'fatal' => ::Logger::FATAL,
|
|
11
|
+
'unknown' => ::Logger::UNKNOWN,
|
|
12
|
+
}
|
|
13
|
+
|
|
4
14
|
def logger
|
|
5
15
|
@logger ||= begin
|
|
6
16
|
logfile = IptablesWeb::log_path
|
|
17
|
+
log_level = IptablesWeb::log_level
|
|
18
|
+
log_level = LOG_LEVEL_MAP[log_level] if LOG_LEVEL_MAP[log_level]
|
|
19
|
+
log_level = log_level.to_i
|
|
7
20
|
say("Open log file #{logfile}")
|
|
8
21
|
logger =::Logger.new(logfile)
|
|
22
|
+
logger.level = log_level.to_i
|
|
9
23
|
logger.formatter = ::Logger::Formatter.new
|
|
10
24
|
logger
|
|
11
25
|
end
|
|
@@ -15,8 +29,12 @@ module IptablesWeb
|
|
|
15
29
|
@logger = nil
|
|
16
30
|
end
|
|
17
31
|
|
|
18
|
-
def
|
|
32
|
+
def logger_log(message, log_level = Logger::INFO)
|
|
19
33
|
logger.log(log_level, message) if logger
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def logged_say(message, log_level = Logger::INFO)
|
|
37
|
+
logger_log(message, log_level)
|
|
20
38
|
say(message)
|
|
21
39
|
end
|
|
22
40
|
end
|
|
@@ -97,21 +97,34 @@ module IptablesWeb
|
|
|
97
97
|
$terminal.reset if $terminal.present? && $terminal.is_a?(Cli::LoggedOutput)
|
|
98
98
|
end
|
|
99
99
|
|
|
100
|
-
|
|
100
|
+
def log_level=(level)
|
|
101
|
+
@log_level = level
|
|
102
|
+
$terminal.reset if $terminal.present? && $terminal.is_a?(Cli::LoggedOutput)
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
def log_level
|
|
106
|
+
@log_level || ::Logger::INFO
|
|
107
|
+
end
|
|
108
|
+
|
|
101
109
|
def checksum_path
|
|
102
110
|
path(@checksum_path || 'checksum')
|
|
103
111
|
end
|
|
104
112
|
|
|
113
|
+
def checksum
|
|
114
|
+
File.read(checksum_path) if File.exists?(checksum_path)
|
|
115
|
+
end
|
|
116
|
+
|
|
105
117
|
def checksum_path=(pid_path)
|
|
106
118
|
@checksum_path = pid_path
|
|
107
119
|
end
|
|
108
120
|
|
|
109
|
-
|
|
110
|
-
|
|
121
|
+
|
|
122
|
+
def checksum?(etag)
|
|
123
|
+
checksum == make_checksum(etag)
|
|
111
124
|
end
|
|
112
125
|
|
|
113
|
-
def checksum=(
|
|
114
|
-
File.write(checksum_path, make_checksum(
|
|
126
|
+
def checksum=(etag)
|
|
127
|
+
File.write(checksum_path, make_checksum(etag))
|
|
115
128
|
end
|
|
116
129
|
|
|
117
130
|
def make_checksum(check_sum)
|
|
@@ -4,7 +4,7 @@ module IptablesWeb
|
|
|
4
4
|
self.element_name = 'node'
|
|
5
5
|
self.include_root_in_json = true
|
|
6
6
|
|
|
7
|
-
def self.handshake(&block)
|
|
7
|
+
def self.handshake(dry_run = false, &block)
|
|
8
8
|
node = find('current')
|
|
9
9
|
if node
|
|
10
10
|
begin
|
|
@@ -16,15 +16,17 @@ module IptablesWeb
|
|
|
16
16
|
node.report << 'Backtrace: ' + e.backtrace.join("\n")
|
|
17
17
|
raise e
|
|
18
18
|
ensure
|
|
19
|
+
return if dry_run
|
|
20
|
+
puts ''
|
|
19
21
|
# save node after updating
|
|
20
22
|
node.ips = []
|
|
21
23
|
::System.get_ifaddrs.each do |interface, config|
|
|
22
24
|
next if interface.to_s.include?('lo')
|
|
23
25
|
node.ips.push({
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
interface: interface,
|
|
27
|
+
ip: config[:inet_addr],
|
|
28
|
+
netmask: config[:netmask]
|
|
29
|
+
})
|
|
28
30
|
end
|
|
29
31
|
node.ips.uniq! { |ip| ip[:ip] }
|
|
30
32
|
node.hostname = `hostname -f`
|
data/lib/iptables_web/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iptables-web
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.5.pre
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- NikolayMurga
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-01-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: system-getifaddrs
|
|
@@ -173,9 +173,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
173
173
|
version: '0'
|
|
174
174
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
175
175
|
requirements:
|
|
176
|
-
- - "
|
|
176
|
+
- - ">"
|
|
177
177
|
- !ruby/object:Gem::Version
|
|
178
|
-
version:
|
|
178
|
+
version: 1.3.1
|
|
179
179
|
requirements: []
|
|
180
180
|
rubyforge_project:
|
|
181
181
|
rubygems_version: 2.4.7
|