reyes 1.2.2 → 1.2.3

data/bin/reyes

@@ -18,7 +18,7 @@ def command_fetch(region, instance_id, options)
   fake = Reyes::FakeAws.new(JSON.load(cleartext_rules),
                             options.fetch(:fake_aws_options))
   g = Reyes::GroupManager.new(fake, region, instance_id)
-  r = Reyes::RunManager.new(g)
+  r = Reyes::RunManager.new(g, options[:config])
 
   data = r.generate_data!(options.fetch(:gen_options))
   r.apply_data!(data, options.fetch(:apply_options))
@@ -43,7 +43,7 @@ def command_install(json_file, region, instance_id, options)
     # Should bail out, exiting nonzero if there were changes to commit
   end
 
-  r = Reyes::RunManager.new(g)
+  r = Reyes::RunManager.new(g, options[:config])
 
   data = r.generate_data!(options.fetch(:gen_options))
   r.apply_data!(data, options.fetch(:apply_options))

data/config.yaml.example

@@ -26,3 +26,4 @@ aws:
 reyes:
   pgp:
     signing_key: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
+  nf_conntrack_max: 262144

data/lib/reyes/run_manager.rb

@@ -4,8 +4,11 @@ module Reyes
 
     IPSET_NAME_PATTERN = /(\d+)(?<nogen>:(\w+):(sg-[a-f0-9]{8}):(\w+))/
 
-    def initialize(group_manager)
+    # @param group_manager [Reyes::GroupManager]
+    # @param config_path [String] Path to reyes config file
+    def initialize(group_manager, config_path=nil)
       @group_manager = group_manager
+      @config = Reyes::Config.new(config_path)
     end
 
     # @param [Hash] options
@@ -84,6 +87,11 @@ module Reyes
       materialize_ipsets(new_ipsets)
       iptables_restore(new_rules)
 
+      ct_max = @config.reyes_config['nf_conntrack_max']
+      if ct_max
+        set_nf_conntrack_max(Integer(ct_max))
+      end
+
       # XXX(richo) Should we be pruning inside run! ?
       log.info('Finished RunManager.apply_data!')
     end
@@ -111,6 +119,24 @@ module Reyes
       log.info('restored')
     end
 
+    # Increase nf_conntrack_max to the desired value.
+    #
+    # @param value [Integer]
+    #
+    def set_nf_conntrack_max(value)
+      raise ArgumentError.new('bad value') unless value.is_a?(Fixnum)
+
+      log.info('Checking net.netfilter.nf_conntrack_max')
+      current = File.read('/proc/sys/net/netfilter/nf_conntrack_max')
+
+      current = Integer(current)
+
+      if current != value
+        log.info("Changing nf_conntrack_max from #{current} to #{value}")
+        File.write('/proc/sys/net/netfilter/nf_conntrack_max', value)
+      end
+    end
+
     # Remove old IPSets from previous run generations.
     def prune_ipsets
       log.info('Pruning old IPSets')

data/lib/reyes/version.rb

@@ -1,6 +1,6 @@
 module Reyes
   # The Reyes version number
-  VERSION = '1.2.2' unless defined?(self::VERSION)
+  VERSION = '1.2.3' unless defined?(self::VERSION)
 
   # Number defining the JSON serialization format
   JSON_FORMAT_VERSION = 2 unless defined?(self::JSON_FORMAT_VERSION)

metadata

@@ -1,7 +1,8 @@
 --- !ruby/object:Gem::Specification
 name: reyes
 version: !ruby/object:Gem::Version
-  version: 1.2.2
+  version: 1.2.3
+  prerelease: 
 platform: ruby
 authors:
 - Andy Brody
@@ -9,11 +10,12 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-27 00:00:00.000000000 Z
+date: 2015-05-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -21,6 +23,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -28,6 +31,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: chalk-log
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -35,6 +39,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -42,6 +47,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: subprocess
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -49,6 +55,7 @@ dependencies:
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ~>
       - !ruby/object:Gem::Version
@@ -56,6 +63,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: pry
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -63,6 +71,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -70,6 +79,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -77,6 +87,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -84,6 +95,7 @@ dependencies:
 - !ruby/object:Gem::Dependency
   name: rubocop
   requirement: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -91,6 +103,7 @@ dependencies:
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
+    none: false
     requirements:
     - - ! '>='
       - !ruby/object:Gem::Version
@@ -133,25 +146,29 @@ files:
 - reyes.gemspec
 homepage: https://github.com/stripe/reyes/
 licenses: []
-metadata: {}
 post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
 required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: 1.9.3
 required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
   requirements:
   - - ! '>='
     - !ruby/object:Gem::Version
       version: '0'
+      segments:
+      - 0
+      hash: -3798691146626456435
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.3.0
+rubygems_version: 1.8.23.2
 signing_key: 
-specification_version: 4
+specification_version: 3
 summary: Reyes manages IPTables rules based on EC2 security groups.
 test_files: []

checksums.yaml

@@ -1,15 +0,0 @@
----
-!binary "U0hBMQ==":
-  metadata.gz: !binary |-
-    MWNhNWYxOTI2NzcxY2Q4YWY5OWJkOWMxZTVlYjA0ZjdjMTgxY2IyMw==
-  data.tar.gz: !binary |-
-    YjgzYzZmNzkyY2VmY2Y4OGIxZmQ3N2VlNTg2OTdlODFiODM2NzVkYQ==
-SHA512:
-  metadata.gz: !binary |-
-    ZTVlMzI4YWM1OGMxOTI0ZTNjMTNiMThjZTAzMTdjM2VhMzJmMjRjMDViZWIw
-    ZGNlY2NhNWJmMjRjODY5NGI0M2U1YTU4ZDFhMDY5YjQ3NmNlOWNiOTUzNGEz
-    Y2VjZDBmNTkyNTVmNzgzY2I2MmNhZjhhN2ExMmI2MTkyODU2OTI=
-  data.tar.gz: !binary |-
-    MTNlZmQ1ZTExMmJkNjRkOTQwNGVhY2NmYzhmYmM3Yzk3YjcyMGMyNzlhNGUw
-    N2MzZGJiOTc2ODUxMmUzODBkNGNhMWFlYjRmYzRkYjdlNWRmZDI5NDExNjU2
-    OTcxNDEwNmUxMjY0YzRmMjY1YWJhMGMxOGUxYTgyZjM1ZmY0ZjM=