Update cookbooks and add wordpress cookbook
This commit is contained in:
Greg Karékinian
@@ -1,9 +1,9 @@
|
||||
#
|
||||
# Author:: Matt Ray <matt@opscode.com>
|
||||
# Author:: Matt Ray <matt@chef.io>
|
||||
# Cookbook Name:: ufw
|
||||
# Recipe:: databag
|
||||
#
|
||||
# Copyright 2011, Opscode, Inc
|
||||
# Copyright 2011-2015, Chef Software, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@@ -18,12 +18,12 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
#flatten the run_list to just the names of the roles and recipes in order
|
||||
# flatten the run_list to just the names of the roles and recipes in order
|
||||
def run_list_names(run_list)
|
||||
names = []
|
||||
run_list.each do |entry|
|
||||
Chef::Log.debug "ufw::databag:run_list_names+name: #{entry.name}"
|
||||
if entry.name.index('::') #cookbook::recipe
|
||||
if entry.name.index('::') # cookbook::recipe
|
||||
names.push(entry.name.sub('::', '__'))
|
||||
else
|
||||
names.push(entry.name)
|
||||
@@ -34,7 +34,7 @@ def run_list_names(run_list)
|
||||
end
|
||||
end
|
||||
Chef::Log.debug "ufw::databag:run_list_names+names: #{names}"
|
||||
return names
|
||||
names
|
||||
end
|
||||
|
||||
rlist = run_list_names(node.run_list)
|
||||
@@ -46,13 +46,13 @@ Chef::Log.debug "ufw::databag:firewall:#{fw_db}"
|
||||
|
||||
rlist.each do |entry|
|
||||
Chef::Log.debug "ufw::databag: \"#{entry}\""
|
||||
if fw_db.member?(entry)
|
||||
#add the list of firewall rules to the current list
|
||||
item = data_bag_item('firewall', entry)
|
||||
rules = item['rules']
|
||||
node.set['firewall']['rules'].concat(rules) unless rules.nil?
|
||||
end
|
||||
next unless fw_db.member?(entry)
|
||||
|
||||
# add the list of firewall rules to the current list
|
||||
item = data_bag_item('firewall', entry)
|
||||
rules = item['rules']
|
||||
node.set['firewall']['rules'].concat(rules) unless rules.nil?
|
||||
end
|
||||
|
||||
#now go apply the rules
|
||||
include_recipe "ufw::default"
|
||||
# now go apply the rules
|
||||
include_recipe 'ufw::default'
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#
|
||||
# Author:: Matt Ray <matt@opscode.com>
|
||||
# Author:: Matt Ray <matt@chef.io>
|
||||
# Cookbook Name:: ufw
|
||||
# Recipe:: default
|
||||
#
|
||||
# Copyright 2011, Opscode, Inc
|
||||
# Copyright 2011-2015, Chef Software, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@@ -18,32 +18,32 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
package "ufw"
|
||||
package 'ufw'
|
||||
|
||||
old_state = node['firewall']['state']
|
||||
new_state = node['firewall']['rules'].to_s
|
||||
Chef::Log.debug "Old firewall state:#{old_state}"
|
||||
Chef::Log.debug "New firewall state:#{new_state}"
|
||||
|
||||
#check to see if the firewall rules changed.
|
||||
#the rules are always changed the first run
|
||||
# check to see if the firewall rules changed.
|
||||
# the rules are always changed the first run
|
||||
if old_state == new_state
|
||||
Chef::Log.info "Firewall rules unchanged."
|
||||
Chef::Log.info 'Firewall rules unchanged.'
|
||||
else
|
||||
Chef::Log.info "Firewall rules updated."
|
||||
Chef::Log.info 'Firewall rules updated.'
|
||||
node.set['firewall']['state'] = new_state
|
||||
|
||||
#drop rules and re-enable
|
||||
execute "ufw --force reset"
|
||||
# drop rules and re-enable
|
||||
execute 'ufw --force reset'
|
||||
|
||||
firewall "ufw" do
|
||||
action :enable
|
||||
firewall 'ufw' do
|
||||
action :install
|
||||
end
|
||||
|
||||
#leave this on by default
|
||||
firewall_rule "ssh" do
|
||||
# leave this on by default
|
||||
firewall_rule 'ssh' do
|
||||
port 22
|
||||
action :allow
|
||||
action :create
|
||||
end
|
||||
|
||||
node['firewall']['rules'].each do |rule_mash|
|
||||
@@ -64,8 +64,8 @@ else
|
||||
Chef::Log.debug "ufw:rule:dest_port #{params['dest_port']}" if params['dest_port']
|
||||
Chef::Log.debug "ufw:rule:position #{params['position']}" if params['position']
|
||||
act = params['action']
|
||||
act ||= "allow"
|
||||
raise "ufw: port_range was specified to firewall_rule without protocol" if params['port_range'] && !params['protocol']
|
||||
act ||= 'create'
|
||||
fail 'ufw: port_range was specified to firewall_rule without protocol' if params['port_range'] && !params['protocol']
|
||||
Chef::Log.debug "ufw:rule:action :#{act}"
|
||||
firewall_rule rule do
|
||||
name params['name'] if params['name']
|
||||
@@ -74,10 +74,10 @@ else
|
||||
interface params['interface'] if params['interface']
|
||||
logging params['logging'].to_sym if params['logging']
|
||||
port params['port'].to_i if params['port']
|
||||
if params['port_range']
|
||||
ends = params['port_range'].split('..').map{|d| Integer(d)}
|
||||
port_range ends[0]..ends[1]
|
||||
end
|
||||
if params['port_range']
|
||||
ends = params['port_range'].split('..').map { |d| Integer(d) }
|
||||
port_range ends[0]..ends[1]
|
||||
end
|
||||
source params['source'] if params['source']
|
||||
destination params['destination'] if params['destination']
|
||||
dest_port params['dest_port'].to_i if params['dest_port']
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#
|
||||
# Author:: Matt Ray <matt@opscode.com>
|
||||
# Author:: Matt Ray <matt@chef.io>
|
||||
# Cookbook Name:: ufw
|
||||
# Recipe:: disable
|
||||
#
|
||||
# Copyright 2011, Opscode, Inc
|
||||
# Copyright 2011-2015, Chef Software, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@@ -18,6 +18,6 @@
|
||||
# limitations under the License.
|
||||
#
|
||||
|
||||
firewall "ufw" do
|
||||
firewall 'ufw' do
|
||||
action :disable
|
||||
end
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#
|
||||
# Author:: Matt Ray <matt@opscode.com>
|
||||
# Author:: Matt Ray <matt@chef.io>
|
||||
# Cookbook Name:: ufw
|
||||
# Recipe:: recipes
|
||||
#
|
||||
# Copyright 2011, Opscode, Inc
|
||||
# Copyright 2011-2015, Chef Software, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@@ -23,19 +23,19 @@
|
||||
node.expand!.recipes.each do |recipe|
|
||||
Chef::Log.debug "ufw::recipes: #{recipe}"
|
||||
cookbook = recipe.split('::')[0]
|
||||
#get the cookbook attributes if there are any
|
||||
if recipe != cookbook and node[cookbook] and node[cookbook]['firewall'] and node[cookbook]['firewall']['rules']
|
||||
# get the cookbook attributes if there are any
|
||||
if recipe != cookbook && node[cookbook] && node[cookbook]['firewall'] && node[cookbook]['firewall']['rules']
|
||||
rules = node[cookbook]['firewall']['rules']
|
||||
Chef::Log.debug "ufw::recipes:#{cookbook}:rules #{rules}"
|
||||
node.set['firewall']['rules'].concat(rules) unless rules.nil?
|
||||
end
|
||||
#get the recipe attributes if there are any
|
||||
if node[recipe] and node[recipe]['firewall'] and node[recipe]['firewall']['rules']
|
||||
rules = node[recipe]['firewall']['rules']
|
||||
Chef::Log.debug "ufw::recipes:#{recipe}:rules #{rules}"
|
||||
node.set['firewall']['rules'].concat(rules) unless rules.nil?
|
||||
end
|
||||
# get the recipe attributes if there are any
|
||||
next unless node[recipe] && node[recipe]['firewall'] && node[recipe]['firewall']['rules']
|
||||
|
||||
rules = node[recipe]['firewall']['rules']
|
||||
Chef::Log.debug "ufw::recipes:#{recipe}:rules #{rules}"
|
||||
node.set['firewall']['rules'].concat(rules) unless rules.nil?
|
||||
end
|
||||
|
||||
#now go apply the rules
|
||||
include_recipe "ufw::default"
|
||||
# now go apply the rules
|
||||
include_recipe 'ufw::default'
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
#
|
||||
# Author:: Matt Ray <matt@opscode.com>
|
||||
# Author:: Matt Ray <matt@chef.io>
|
||||
# Cookbook Name:: ufw
|
||||
# Recipe:: securitylevel
|
||||
#
|
||||
# Copyright 2011, Opscode, Inc
|
||||
# Copyright 2011-2015, Chef Software, Inc.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
@@ -22,20 +22,20 @@ securitylevel = node['firewall']['securitylevel']
|
||||
|
||||
Chef::Log.info "ufw::securitylevel:#{securitylevel}"
|
||||
|
||||
#verify that only 1 "color" security group is applied"
|
||||
count = node.expand!.roles.count {|role| role =~ /SecurityLevel-(Red|Green|Yellow)/ }
|
||||
# verify that only 1 "color" security group is applied"
|
||||
count = node.expand!.roles.count { |role| role =~ /SecurityLevel-(Red|Green|Yellow)/ }
|
||||
if count > 1
|
||||
raise Chef::Exceptions::AmbiguousRunlistSpecification, "conflicting SecurityLevel-'color' roles, only 1 may be applied."
|
||||
fail Chef::Exceptions::AmbiguousRunlistSpecification, "conflicting SecurityLevel-'color' roles, only 1 may be applied."
|
||||
end
|
||||
|
||||
case securitylevel
|
||||
when 'red'
|
||||
#put special stuff for red here
|
||||
# put special stuff for red here
|
||||
when 'yellow'
|
||||
#put special stuff for red here
|
||||
# put special stuff for red here
|
||||
when 'green'
|
||||
#put special stuff for red here
|
||||
# put special stuff for red here
|
||||
end
|
||||
|
||||
#now go apply the rules
|
||||
include_recipe "ufw::default"
|
||||
# now go apply the rules
|
||||
include_recipe 'ufw::default'
|
||||
|
||||
Reference in New Issue
Block a user