reyes 1.2.2 → 1.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/bin/reyes CHANGED
@@ -18,7 +18,7 @@ def command_fetch(region, instance_id, options)
18
18
  fake = Reyes::FakeAws.new(JSON.load(cleartext_rules),
19
19
  options.fetch(:fake_aws_options))
20
20
  g = Reyes::GroupManager.new(fake, region, instance_id)
21
- r = Reyes::RunManager.new(g)
21
+ r = Reyes::RunManager.new(g, options[:config])
22
22
 
23
23
  data = r.generate_data!(options.fetch(:gen_options))
24
24
  r.apply_data!(data, options.fetch(:apply_options))
@@ -43,7 +43,7 @@ def command_install(json_file, region, instance_id, options)
43
43
  # Should bail out, exiting nonzero if there were changes to commit
44
44
  end
45
45
 
46
- r = Reyes::RunManager.new(g)
46
+ r = Reyes::RunManager.new(g, options[:config])
47
47
 
48
48
  data = r.generate_data!(options.fetch(:gen_options))
49
49
  r.apply_data!(data, options.fetch(:apply_options))
data/config.yaml.example CHANGED
@@ -26,3 +26,4 @@ aws:
26
26
  reyes:
27
27
  pgp:
28
28
  signing_key: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
29
+ nf_conntrack_max: 262144
@@ -4,8 +4,11 @@ module Reyes
4
4
 
5
5
  IPSET_NAME_PATTERN = /(\d+)(?<nogen>:(\w+):(sg-[a-f0-9]{8}):(\w+))/
6
6
 
7
- def initialize(group_manager)
7
+ # @param group_manager [Reyes::GroupManager]
8
+ # @param config_path [String] Path to reyes config file
9
+ def initialize(group_manager, config_path=nil)
8
10
  @group_manager = group_manager
11
+ @config = Reyes::Config.new(config_path)
9
12
  end
10
13
 
11
14
  # @param [Hash] options
@@ -84,6 +87,11 @@ module Reyes
84
87
  materialize_ipsets(new_ipsets)
85
88
  iptables_restore(new_rules)
86
89
 
90
+ ct_max = @config.reyes_config['nf_conntrack_max']
91
+ if ct_max
92
+ set_nf_conntrack_max(Integer(ct_max))
93
+ end
94
+
87
95
  # XXX(richo) Should we be pruning inside run! ?
88
96
  log.info('Finished RunManager.apply_data!')
89
97
  end
@@ -111,6 +119,24 @@ module Reyes
111
119
  log.info('restored')
112
120
  end
113
121
 
122
+ # Increase nf_conntrack_max to the desired value.
123
+ #
124
+ # @param value [Integer]
125
+ #
126
+ def set_nf_conntrack_max(value)
127
+ raise ArgumentError.new('bad value') unless value.is_a?(Fixnum)
128
+
129
+ log.info('Checking net.netfilter.nf_conntrack_max')
130
+ current = File.read('/proc/sys/net/netfilter/nf_conntrack_max')
131
+
132
+ current = Integer(current)
133
+
134
+ if current != value
135
+ log.info("Changing nf_conntrack_max from #{current} to #{value}")
136
+ File.write('/proc/sys/net/netfilter/nf_conntrack_max', value)
137
+ end
138
+ end
139
+
114
140
  # Remove old IPSets from previous run generations.
115
141
  def prune_ipsets
116
142
  log.info('Pruning old IPSets')
data/lib/reyes/version.rb CHANGED
@@ -1,6 +1,6 @@
1
1
  module Reyes
2
2
  # The Reyes version number
3
- VERSION = '1.2.2' unless defined?(self::VERSION)
3
+ VERSION = '1.2.3' unless defined?(self::VERSION)
4
4
 
5
5
  # Number defining the JSON serialization format
6
6
  JSON_FORMAT_VERSION = 2 unless defined?(self::JSON_FORMAT_VERSION)
metadata CHANGED
@@ -1,7 +1,8 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: reyes
3
3
  version: !ruby/object:Gem::Version
4
- version: 1.2.2
4
+ version: 1.2.3
5
+ prerelease:
5
6
  platform: ruby
6
7
  authors:
7
8
  - Andy Brody
@@ -9,11 +10,12 @@ authors:
9
10
  autorequire:
10
11
  bindir: bin
11
12
  cert_chain: []
12
- date: 2015-03-27 00:00:00.000000000 Z
13
+ date: 2015-05-29 00:00:00.000000000 Z
13
14
  dependencies:
14
15
  - !ruby/object:Gem::Dependency
15
16
  name: aws-sdk
16
17
  requirement: !ruby/object:Gem::Requirement
18
+ none: false
17
19
  requirements:
18
20
  - - ~>
19
21
  - !ruby/object:Gem::Version
@@ -21,6 +23,7 @@ dependencies:
21
23
  type: :runtime
22
24
  prerelease: false
23
25
  version_requirements: !ruby/object:Gem::Requirement
26
+ none: false
24
27
  requirements:
25
28
  - - ~>
26
29
  - !ruby/object:Gem::Version
@@ -28,6 +31,7 @@ dependencies:
28
31
  - !ruby/object:Gem::Dependency
29
32
  name: chalk-log
30
33
  requirement: !ruby/object:Gem::Requirement
34
+ none: false
31
35
  requirements:
32
36
  - - ~>
33
37
  - !ruby/object:Gem::Version
@@ -35,6 +39,7 @@ dependencies:
35
39
  type: :runtime
36
40
  prerelease: false
37
41
  version_requirements: !ruby/object:Gem::Requirement
42
+ none: false
38
43
  requirements:
39
44
  - - ~>
40
45
  - !ruby/object:Gem::Version
@@ -42,6 +47,7 @@ dependencies:
42
47
  - !ruby/object:Gem::Dependency
43
48
  name: subprocess
44
49
  requirement: !ruby/object:Gem::Requirement
50
+ none: false
45
51
  requirements:
46
52
  - - ~>
47
53
  - !ruby/object:Gem::Version
@@ -49,6 +55,7 @@ dependencies:
49
55
  type: :runtime
50
56
  prerelease: false
51
57
  version_requirements: !ruby/object:Gem::Requirement
58
+ none: false
52
59
  requirements:
53
60
  - - ~>
54
61
  - !ruby/object:Gem::Version
@@ -56,6 +63,7 @@ dependencies:
56
63
  - !ruby/object:Gem::Dependency
57
64
  name: pry
58
65
  requirement: !ruby/object:Gem::Requirement
66
+ none: false
59
67
  requirements:
60
68
  - - ! '>='
61
69
  - !ruby/object:Gem::Version
@@ -63,6 +71,7 @@ dependencies:
63
71
  type: :development
64
72
  prerelease: false
65
73
  version_requirements: !ruby/object:Gem::Requirement
74
+ none: false
66
75
  requirements:
67
76
  - - ! '>='
68
77
  - !ruby/object:Gem::Version
@@ -70,6 +79,7 @@ dependencies:
70
79
  - !ruby/object:Gem::Dependency
71
80
  name: rake
72
81
  requirement: !ruby/object:Gem::Requirement
82
+ none: false
73
83
  requirements:
74
84
  - - ! '>='
75
85
  - !ruby/object:Gem::Version
@@ -77,6 +87,7 @@ dependencies:
77
87
  type: :development
78
88
  prerelease: false
79
89
  version_requirements: !ruby/object:Gem::Requirement
90
+ none: false
80
91
  requirements:
81
92
  - - ! '>='
82
93
  - !ruby/object:Gem::Version
@@ -84,6 +95,7 @@ dependencies:
84
95
  - !ruby/object:Gem::Dependency
85
96
  name: rubocop
86
97
  requirement: !ruby/object:Gem::Requirement
98
+ none: false
87
99
  requirements:
88
100
  - - ! '>='
89
101
  - !ruby/object:Gem::Version
@@ -91,6 +103,7 @@ dependencies:
91
103
  type: :development
92
104
  prerelease: false
93
105
  version_requirements: !ruby/object:Gem::Requirement
106
+ none: false
94
107
  requirements:
95
108
  - - ! '>='
96
109
  - !ruby/object:Gem::Version
@@ -133,25 +146,29 @@ files:
133
146
  - reyes.gemspec
134
147
  homepage: https://github.com/stripe/reyes/
135
148
  licenses: []
136
- metadata: {}
137
149
  post_install_message:
138
150
  rdoc_options: []
139
151
  require_paths:
140
152
  - lib
141
153
  required_ruby_version: !ruby/object:Gem::Requirement
154
+ none: false
142
155
  requirements:
143
156
  - - ! '>='
144
157
  - !ruby/object:Gem::Version
145
158
  version: 1.9.3
146
159
  required_rubygems_version: !ruby/object:Gem::Requirement
160
+ none: false
147
161
  requirements:
148
162
  - - ! '>='
149
163
  - !ruby/object:Gem::Version
150
164
  version: '0'
165
+ segments:
166
+ - 0
167
+ hash: -3798691146626456435
151
168
  requirements: []
152
169
  rubyforge_project:
153
- rubygems_version: 2.3.0
170
+ rubygems_version: 1.8.23.2
154
171
  signing_key:
155
- specification_version: 4
172
+ specification_version: 3
156
173
  summary: Reyes manages IPTables rules based on EC2 security groups.
157
174
  test_files: []
checksums.yaml DELETED
@@ -1,15 +0,0 @@
1
- ---
2
- !binary "U0hBMQ==":
3
- metadata.gz: !binary |-
4
- MWNhNWYxOTI2NzcxY2Q4YWY5OWJkOWMxZTVlYjA0ZjdjMTgxY2IyMw==
5
- data.tar.gz: !binary |-
6
- YjgzYzZmNzkyY2VmY2Y4OGIxZmQ3N2VlNTg2OTdlODFiODM2NzVkYQ==
7
- SHA512:
8
- metadata.gz: !binary |-
9
- ZTVlMzI4YWM1OGMxOTI0ZTNjMTNiMThjZTAzMTdjM2VhMzJmMjRjMDViZWIw
10
- ZGNlY2NhNWJmMjRjODY5NGI0M2U1YTU4ZDFhMDY5YjQ3NmNlOWNiOTUzNGEz
11
- Y2VjZDBmNTkyNTVmNzgzY2I2MmNhZjhhN2ExMmI2MTkyODU2OTI=
12
- data.tar.gz: !binary |-
13
- MTNlZmQ1ZTExMmJkNjRkOTQwNGVhY2NmYzhmYmM3Yzk3YjcyMGMyNzlhNGUw
14
- N2MzZGJiOTc2ODUxMmUzODBkNGNhMWFlYjRmYzRkYjdlNWRmZDI5NDExNjU2
15
- OTcxNDEwNmUxMjY0YzRmMjY1YWJhMGMxOGUxYTgyZjM1ZmY0ZjM=