iptables-web 0.3.4 → 0.3.5.pre
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: c88d608bca3ca5b66af10b416635051baf9c0cb6
|
|
4
|
+
data.tar.gz: f56fe75a5012aec57a0a83a381e27f3cd5671337
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 85e0aa40dcbbb129c2f1366eef8f10ea849fd71e0e15c3f3cea5ca36147327156ca45c2b398c871af8c2440185b469fe26d860d23f8defa227e63733b59847d6
|
|
7
|
+
data.tar.gz: 887dfd58ba7554dd67e5225e1c11b9c7a41fe80bf4619ae6ad17a38b2804515d4a0706d42e9f29f182202c914c76d8cacc0e10b40dbcf3f55421e5cbb7ec534b
|
data/lib/iptables_web/cli.rb
CHANGED
|
@@ -22,6 +22,10 @@ module IptablesWeb
|
|
|
22
22
|
IptablesWeb.log_path = log_path
|
|
23
23
|
end
|
|
24
24
|
|
|
25
|
+
global_option('--log_level LEVEL', 'Log level') do |log_level|
|
|
26
|
+
IptablesWeb.log_level = log_level
|
|
27
|
+
end
|
|
28
|
+
|
|
25
29
|
global_option('--host URL', 'Server base url') do |server_base_url|
|
|
26
30
|
IptablesWeb.api_base_url = server_base_url
|
|
27
31
|
end
|
|
@@ -10,25 +10,34 @@ module IptablesWeb
|
|
|
10
10
|
c.option '--config STRING', String, 'Path to config file'
|
|
11
11
|
c.option '--print', 'Show rules without restoring'
|
|
12
12
|
c.option '--force', 'Set rules omit checksum check'
|
|
13
|
+
c.option '--dry-run', 'Skip handshake'
|
|
13
14
|
c.action do |_, options|
|
|
14
15
|
begin
|
|
15
16
|
IptablesWeb.configuration.load(options.config) if options.config
|
|
16
17
|
logged_say "Use iptables server #{IptablesWeb.api_base_url}"
|
|
17
18
|
IptablesWeb.pid_file do
|
|
18
|
-
IptablesWeb::Model::Node.handshake do
|
|
19
|
+
IptablesWeb::Model::Node.handshake(options.dry_run || options.print) do
|
|
19
20
|
rules = IptablesWeb::Model::AccessRule.all
|
|
20
21
|
iptables = IptablesWeb::Iptables.new
|
|
21
|
-
|
|
22
|
+
request_etag = rules.response.headers[:etag].first
|
|
22
23
|
if options.print
|
|
23
|
-
logged_say '
|
|
24
|
+
logged_say 'Run client in print mode'
|
|
25
|
+
logged_say 'Nothing changed.' if IptablesWeb.checksum?(request_etag)
|
|
26
|
+
logged_say "Previous checksum #{IptablesWeb.checksum}"
|
|
27
|
+
logged_say "Current checksum #{IptablesWeb.make_checksum(request_etag)}"
|
|
24
28
|
say iptables.render(rules)
|
|
25
29
|
else
|
|
26
|
-
|
|
30
|
+
logged_say 'Run client in DRY-RUN mode' if options.dry_run
|
|
31
|
+
logged_say("Etag value: #{request_etag.inspect}", ::Logger::DEBUG)
|
|
32
|
+
if IptablesWeb.checksum?(request_etag) && !options.force
|
|
27
33
|
logged_say 'Skip iptables update. Nothing changed.'
|
|
28
34
|
else
|
|
29
35
|
logged_say '*** Iptables updated! ***'
|
|
30
|
-
iptables.
|
|
31
|
-
|
|
36
|
+
logger_log(iptables.render(rules), ::Logger::DEBUG)
|
|
37
|
+
unless options.dry_run
|
|
38
|
+
iptables.restore(rules)
|
|
39
|
+
IptablesWeb.checksum = request_etag
|
|
40
|
+
end
|
|
32
41
|
end
|
|
33
42
|
end
|
|
34
43
|
end
|
|
@@ -1,11 +1,25 @@
|
|
|
1
1
|
module IptablesWeb
|
|
2
2
|
class Cli
|
|
3
3
|
class LoggedOutput < ::HighLine
|
|
4
|
+
|
|
5
|
+
LOG_LEVEL_MAP = {
|
|
6
|
+
'debug' => ::Logger::DEBUG,
|
|
7
|
+
'info' => ::Logger::INFO,
|
|
8
|
+
'warn' => ::Logger::WARN,
|
|
9
|
+
'error' => ::Logger::ERROR,
|
|
10
|
+
'fatal' => ::Logger::FATAL,
|
|
11
|
+
'unknown' => ::Logger::UNKNOWN,
|
|
12
|
+
}
|
|
13
|
+
|
|
4
14
|
def logger
|
|
5
15
|
@logger ||= begin
|
|
6
16
|
logfile = IptablesWeb::log_path
|
|
17
|
+
log_level = IptablesWeb::log_level
|
|
18
|
+
log_level = LOG_LEVEL_MAP[log_level] if LOG_LEVEL_MAP[log_level]
|
|
19
|
+
log_level = log_level.to_i
|
|
7
20
|
say("Open log file #{logfile}")
|
|
8
21
|
logger =::Logger.new(logfile)
|
|
22
|
+
logger.level = log_level.to_i
|
|
9
23
|
logger.formatter = ::Logger::Formatter.new
|
|
10
24
|
logger
|
|
11
25
|
end
|
|
@@ -15,8 +29,12 @@ module IptablesWeb
|
|
|
15
29
|
@logger = nil
|
|
16
30
|
end
|
|
17
31
|
|
|
18
|
-
def
|
|
32
|
+
def logger_log(message, log_level = Logger::INFO)
|
|
19
33
|
logger.log(log_level, message) if logger
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
def logged_say(message, log_level = Logger::INFO)
|
|
37
|
+
logger_log(message, log_level)
|
|
20
38
|
say(message)
|
|
21
39
|
end
|
|
22
40
|
end
|
|
@@ -97,21 +97,34 @@ module IptablesWeb
|
|
|
97
97
|
$terminal.reset if $terminal.present? && $terminal.is_a?(Cli::LoggedOutput)
|
|
98
98
|
end
|
|
99
99
|
|
|
100
|
-
|
|
100
|
+
def log_level=(level)
|
|
101
|
+
@log_level = level
|
|
102
|
+
$terminal.reset if $terminal.present? && $terminal.is_a?(Cli::LoggedOutput)
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
def log_level
|
|
106
|
+
@log_level || ::Logger::INFO
|
|
107
|
+
end
|
|
108
|
+
|
|
101
109
|
def checksum_path
|
|
102
110
|
path(@checksum_path || 'checksum')
|
|
103
111
|
end
|
|
104
112
|
|
|
113
|
+
def checksum
|
|
114
|
+
File.read(checksum_path) if File.exists?(checksum_path)
|
|
115
|
+
end
|
|
116
|
+
|
|
105
117
|
def checksum_path=(pid_path)
|
|
106
118
|
@checksum_path = pid_path
|
|
107
119
|
end
|
|
108
120
|
|
|
109
|
-
|
|
110
|
-
|
|
121
|
+
|
|
122
|
+
def checksum?(etag)
|
|
123
|
+
checksum == make_checksum(etag)
|
|
111
124
|
end
|
|
112
125
|
|
|
113
|
-
def checksum=(
|
|
114
|
-
File.write(checksum_path, make_checksum(
|
|
126
|
+
def checksum=(etag)
|
|
127
|
+
File.write(checksum_path, make_checksum(etag))
|
|
115
128
|
end
|
|
116
129
|
|
|
117
130
|
def make_checksum(check_sum)
|
|
@@ -4,7 +4,7 @@ module IptablesWeb
|
|
|
4
4
|
self.element_name = 'node'
|
|
5
5
|
self.include_root_in_json = true
|
|
6
6
|
|
|
7
|
-
def self.handshake(&block)
|
|
7
|
+
def self.handshake(dry_run = false, &block)
|
|
8
8
|
node = find('current')
|
|
9
9
|
if node
|
|
10
10
|
begin
|
|
@@ -16,15 +16,17 @@ module IptablesWeb
|
|
|
16
16
|
node.report << 'Backtrace: ' + e.backtrace.join("\n")
|
|
17
17
|
raise e
|
|
18
18
|
ensure
|
|
19
|
+
return if dry_run
|
|
20
|
+
puts ''
|
|
19
21
|
# save node after updating
|
|
20
22
|
node.ips = []
|
|
21
23
|
::System.get_ifaddrs.each do |interface, config|
|
|
22
24
|
next if interface.to_s.include?('lo')
|
|
23
25
|
node.ips.push({
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
26
|
+
interface: interface,
|
|
27
|
+
ip: config[:inet_addr],
|
|
28
|
+
netmask: config[:netmask]
|
|
29
|
+
})
|
|
28
30
|
end
|
|
29
31
|
node.ips.uniq! { |ip| ip[:ip] }
|
|
30
32
|
node.hostname = `hostname -f`
|
data/lib/iptables_web/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: iptables-web
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.3.
|
|
4
|
+
version: 0.3.5.pre
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- NikolayMurga
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2016-01-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: system-getifaddrs
|
|
@@ -173,9 +173,9 @@ required_ruby_version: !ruby/object:Gem::Requirement
|
|
|
173
173
|
version: '0'
|
|
174
174
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
|
175
175
|
requirements:
|
|
176
|
-
- - "
|
|
176
|
+
- - ">"
|
|
177
177
|
- !ruby/object:Gem::Version
|
|
178
|
-
version:
|
|
178
|
+
version: 1.3.1
|
|
179
179
|
requirements: []
|
|
180
180
|
rubyforge_project:
|
|
181
181
|
rubygems_version: 2.4.7
|