reyes 1.2.2 → 1.2.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/bin/reyes +2 -2
- data/config.yaml.example +1 -0
- data/lib/reyes/run_manager.rb +27 -1
- data/lib/reyes/version.rb +1 -1
- metadata +22 -5
- checksums.yaml +0 -15
data/bin/reyes
CHANGED
@@ -18,7 +18,7 @@ def command_fetch(region, instance_id, options)
|
|
18
18
|
fake = Reyes::FakeAws.new(JSON.load(cleartext_rules),
|
19
19
|
options.fetch(:fake_aws_options))
|
20
20
|
g = Reyes::GroupManager.new(fake, region, instance_id)
|
21
|
-
r = Reyes::RunManager.new(g)
|
21
|
+
r = Reyes::RunManager.new(g, options[:config])
|
22
22
|
|
23
23
|
data = r.generate_data!(options.fetch(:gen_options))
|
24
24
|
r.apply_data!(data, options.fetch(:apply_options))
|
@@ -43,7 +43,7 @@ def command_install(json_file, region, instance_id, options)
|
|
43
43
|
# Should bail out, exiting nonzero if there were changes to commit
|
44
44
|
end
|
45
45
|
|
46
|
-
r = Reyes::RunManager.new(g)
|
46
|
+
r = Reyes::RunManager.new(g, options[:config])
|
47
47
|
|
48
48
|
data = r.generate_data!(options.fetch(:gen_options))
|
49
49
|
r.apply_data!(data, options.fetch(:apply_options))
|
data/config.yaml.example
CHANGED
data/lib/reyes/run_manager.rb
CHANGED
@@ -4,8 +4,11 @@ module Reyes
|
|
4
4
|
|
5
5
|
IPSET_NAME_PATTERN = /(\d+)(?<nogen>:(\w+):(sg-[a-f0-9]{8}):(\w+))/
|
6
6
|
|
7
|
-
|
7
|
+
# @param group_manager [Reyes::GroupManager]
|
8
|
+
# @param config_path [String] Path to reyes config file
|
9
|
+
def initialize(group_manager, config_path=nil)
|
8
10
|
@group_manager = group_manager
|
11
|
+
@config = Reyes::Config.new(config_path)
|
9
12
|
end
|
10
13
|
|
11
14
|
# @param [Hash] options
|
@@ -84,6 +87,11 @@ module Reyes
|
|
84
87
|
materialize_ipsets(new_ipsets)
|
85
88
|
iptables_restore(new_rules)
|
86
89
|
|
90
|
+
ct_max = @config.reyes_config['nf_conntrack_max']
|
91
|
+
if ct_max
|
92
|
+
set_nf_conntrack_max(Integer(ct_max))
|
93
|
+
end
|
94
|
+
|
87
95
|
# XXX(richo) Should we be pruning inside run! ?
|
88
96
|
log.info('Finished RunManager.apply_data!')
|
89
97
|
end
|
@@ -111,6 +119,24 @@ module Reyes
|
|
111
119
|
log.info('restored')
|
112
120
|
end
|
113
121
|
|
122
|
+
# Increase nf_conntrack_max to the desired value.
|
123
|
+
#
|
124
|
+
# @param value [Integer]
|
125
|
+
#
|
126
|
+
def set_nf_conntrack_max(value)
|
127
|
+
raise ArgumentError.new('bad value') unless value.is_a?(Fixnum)
|
128
|
+
|
129
|
+
log.info('Checking net.netfilter.nf_conntrack_max')
|
130
|
+
current = File.read('/proc/sys/net/netfilter/nf_conntrack_max')
|
131
|
+
|
132
|
+
current = Integer(current)
|
133
|
+
|
134
|
+
if current != value
|
135
|
+
log.info("Changing nf_conntrack_max from #{current} to #{value}")
|
136
|
+
File.write('/proc/sys/net/netfilter/nf_conntrack_max', value)
|
137
|
+
end
|
138
|
+
end
|
139
|
+
|
114
140
|
# Remove old IPSets from previous run generations.
|
115
141
|
def prune_ipsets
|
116
142
|
log.info('Pruning old IPSets')
|
data/lib/reyes/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,8 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: reyes
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.2.
|
4
|
+
version: 1.2.3
|
5
|
+
prerelease:
|
5
6
|
platform: ruby
|
6
7
|
authors:
|
7
8
|
- Andy Brody
|
@@ -9,11 +10,12 @@ authors:
|
|
9
10
|
autorequire:
|
10
11
|
bindir: bin
|
11
12
|
cert_chain: []
|
12
|
-
date: 2015-
|
13
|
+
date: 2015-05-29 00:00:00.000000000 Z
|
13
14
|
dependencies:
|
14
15
|
- !ruby/object:Gem::Dependency
|
15
16
|
name: aws-sdk
|
16
17
|
requirement: !ruby/object:Gem::Requirement
|
18
|
+
none: false
|
17
19
|
requirements:
|
18
20
|
- - ~>
|
19
21
|
- !ruby/object:Gem::Version
|
@@ -21,6 +23,7 @@ dependencies:
|
|
21
23
|
type: :runtime
|
22
24
|
prerelease: false
|
23
25
|
version_requirements: !ruby/object:Gem::Requirement
|
26
|
+
none: false
|
24
27
|
requirements:
|
25
28
|
- - ~>
|
26
29
|
- !ruby/object:Gem::Version
|
@@ -28,6 +31,7 @@ dependencies:
|
|
28
31
|
- !ruby/object:Gem::Dependency
|
29
32
|
name: chalk-log
|
30
33
|
requirement: !ruby/object:Gem::Requirement
|
34
|
+
none: false
|
31
35
|
requirements:
|
32
36
|
- - ~>
|
33
37
|
- !ruby/object:Gem::Version
|
@@ -35,6 +39,7 @@ dependencies:
|
|
35
39
|
type: :runtime
|
36
40
|
prerelease: false
|
37
41
|
version_requirements: !ruby/object:Gem::Requirement
|
42
|
+
none: false
|
38
43
|
requirements:
|
39
44
|
- - ~>
|
40
45
|
- !ruby/object:Gem::Version
|
@@ -42,6 +47,7 @@ dependencies:
|
|
42
47
|
- !ruby/object:Gem::Dependency
|
43
48
|
name: subprocess
|
44
49
|
requirement: !ruby/object:Gem::Requirement
|
50
|
+
none: false
|
45
51
|
requirements:
|
46
52
|
- - ~>
|
47
53
|
- !ruby/object:Gem::Version
|
@@ -49,6 +55,7 @@ dependencies:
|
|
49
55
|
type: :runtime
|
50
56
|
prerelease: false
|
51
57
|
version_requirements: !ruby/object:Gem::Requirement
|
58
|
+
none: false
|
52
59
|
requirements:
|
53
60
|
- - ~>
|
54
61
|
- !ruby/object:Gem::Version
|
@@ -56,6 +63,7 @@ dependencies:
|
|
56
63
|
- !ruby/object:Gem::Dependency
|
57
64
|
name: pry
|
58
65
|
requirement: !ruby/object:Gem::Requirement
|
66
|
+
none: false
|
59
67
|
requirements:
|
60
68
|
- - ! '>='
|
61
69
|
- !ruby/object:Gem::Version
|
@@ -63,6 +71,7 @@ dependencies:
|
|
63
71
|
type: :development
|
64
72
|
prerelease: false
|
65
73
|
version_requirements: !ruby/object:Gem::Requirement
|
74
|
+
none: false
|
66
75
|
requirements:
|
67
76
|
- - ! '>='
|
68
77
|
- !ruby/object:Gem::Version
|
@@ -70,6 +79,7 @@ dependencies:
|
|
70
79
|
- !ruby/object:Gem::Dependency
|
71
80
|
name: rake
|
72
81
|
requirement: !ruby/object:Gem::Requirement
|
82
|
+
none: false
|
73
83
|
requirements:
|
74
84
|
- - ! '>='
|
75
85
|
- !ruby/object:Gem::Version
|
@@ -77,6 +87,7 @@ dependencies:
|
|
77
87
|
type: :development
|
78
88
|
prerelease: false
|
79
89
|
version_requirements: !ruby/object:Gem::Requirement
|
90
|
+
none: false
|
80
91
|
requirements:
|
81
92
|
- - ! '>='
|
82
93
|
- !ruby/object:Gem::Version
|
@@ -84,6 +95,7 @@ dependencies:
|
|
84
95
|
- !ruby/object:Gem::Dependency
|
85
96
|
name: rubocop
|
86
97
|
requirement: !ruby/object:Gem::Requirement
|
98
|
+
none: false
|
87
99
|
requirements:
|
88
100
|
- - ! '>='
|
89
101
|
- !ruby/object:Gem::Version
|
@@ -91,6 +103,7 @@ dependencies:
|
|
91
103
|
type: :development
|
92
104
|
prerelease: false
|
93
105
|
version_requirements: !ruby/object:Gem::Requirement
|
106
|
+
none: false
|
94
107
|
requirements:
|
95
108
|
- - ! '>='
|
96
109
|
- !ruby/object:Gem::Version
|
@@ -133,25 +146,29 @@ files:
|
|
133
146
|
- reyes.gemspec
|
134
147
|
homepage: https://github.com/stripe/reyes/
|
135
148
|
licenses: []
|
136
|
-
metadata: {}
|
137
149
|
post_install_message:
|
138
150
|
rdoc_options: []
|
139
151
|
require_paths:
|
140
152
|
- lib
|
141
153
|
required_ruby_version: !ruby/object:Gem::Requirement
|
154
|
+
none: false
|
142
155
|
requirements:
|
143
156
|
- - ! '>='
|
144
157
|
- !ruby/object:Gem::Version
|
145
158
|
version: 1.9.3
|
146
159
|
required_rubygems_version: !ruby/object:Gem::Requirement
|
160
|
+
none: false
|
147
161
|
requirements:
|
148
162
|
- - ! '>='
|
149
163
|
- !ruby/object:Gem::Version
|
150
164
|
version: '0'
|
165
|
+
segments:
|
166
|
+
- 0
|
167
|
+
hash: -3798691146626456435
|
151
168
|
requirements: []
|
152
169
|
rubyforge_project:
|
153
|
-
rubygems_version:
|
170
|
+
rubygems_version: 1.8.23.2
|
154
171
|
signing_key:
|
155
|
-
specification_version:
|
172
|
+
specification_version: 3
|
156
173
|
summary: Reyes manages IPTables rules based on EC2 security groups.
|
157
174
|
test_files: []
|
checksums.yaml
DELETED
@@ -1,15 +0,0 @@
|
|
1
|
-
---
|
2
|
-
!binary "U0hBMQ==":
|
3
|
-
metadata.gz: !binary |-
|
4
|
-
MWNhNWYxOTI2NzcxY2Q4YWY5OWJkOWMxZTVlYjA0ZjdjMTgxY2IyMw==
|
5
|
-
data.tar.gz: !binary |-
|
6
|
-
YjgzYzZmNzkyY2VmY2Y4OGIxZmQ3N2VlNTg2OTdlODFiODM2NzVkYQ==
|
7
|
-
SHA512:
|
8
|
-
metadata.gz: !binary |-
|
9
|
-
ZTVlMzI4YWM1OGMxOTI0ZTNjMTNiMThjZTAzMTdjM2VhMzJmMjRjMDViZWIw
|
10
|
-
ZGNlY2NhNWJmMjRjODY5NGI0M2U1YTU4ZDFhMDY5YjQ3NmNlOWNiOTUzNGEz
|
11
|
-
Y2VjZDBmNTkyNTVmNzgzY2I2MmNhZjhhN2ExMmI2MTkyODU2OTI=
|
12
|
-
data.tar.gz: !binary |-
|
13
|
-
MTNlZmQ1ZTExMmJkNjRkOTQwNGVhY2NmYzhmYmM3Yzk3YjcyMGMyNzlhNGUw
|
14
|
-
N2MzZGJiOTc2ODUxMmUzODBkNGNhMWFlYjRmYzRkYjdlNWRmZDI5NDExNjU2
|
15
|
-
OTcxNDEwNmUxMjY0YzRmMjY1YWJhMGMxOGUxYTgyZjM1ZmY0ZjM=
|