def _configure(self):
pkgmgr.installed(
'augeas-tools' if linux.os['family'] == 'Debian' else 'augeas',
updatedb=True)
augscript = '\n'.join([
'set /files/etc/sysctl.conf/net.ipv4.ip_forward 1',
'rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-ip6tables',
'rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-iptables',
'rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-arptables',
'save'
])
linux.system(('augtool', ), stdin=augscript)
linux.system(('sysctl', '-p'))
if self._data.get('cidr'):
iptables.ensure({
'POSTROUTING': [{
'table': 'nat',
'source': self._data['cidr'],
'not_destination': self._data['cidr'],
'jump': 'MASQUERADE'
}]
})
solo_home = '/tmp/chef'
solo_rb = '%s/solo.rb' % solo_home
solo_attr = '%s/attr.json' % solo_home
pkgmgr.installed('git')
if os.path.exists(solo_home):
shutil.rmtree(solo_home)
linux.system('git clone https://github.com/Scalr/cookbooks.git %s' %
solo_home,
shell=True)
with open(solo_attr, 'w+') as fp:
json.dump(
{
'run_list': ['recipe[scalarizr_proxy]'],
'scalarizr_proxy': {
'scalr_addr': self._data['scalr_addr'],
'whitelist': self._data['whitelist']
}
}, fp)
with open(solo_rb, 'w+') as fp:
fp.write('file_cache_path "%s"\n'
'cookbook_path "%s/cookbooks"' % (solo_home, solo_home))
linux.system(('chef-solo', '-c', solo_rb, '-j', solo_attr),
close_fds=True,
preexec_fn=os.setsid,
log_level=logging.INFO)
def _configure(self):
pkgmgr.installed("augeas-tools" if linux.os["family"] == "Debian" else "augeas")
augscript = "\n".join(
[
"set /files/etc/sysctl.conf/net.ipv4.ip_forward 1",
"rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-ip6tables",
"rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-iptables",
"rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-arptables",
"save",
]
)
linux.system(("augtool",), stdin=augscript)
linux.system(("sysctl", "-p"))
if self._data.get("cidr"):
iptables.ensure(
{
"POSTROUTING": [
{
"table": "nat",
"source": self._data["cidr"],
"not_destination": self._data["cidr"],
"jump": "MASQUERADE",
}
]
}
)
solo_home = "/tmp/chef"
solo_rb = "%s/solo.rb" % solo_home
solo_attr = "%s/attr.json" % solo_home
pkgmgr.installed("git")
if os.path.exists(solo_home):
shutil.rmtree(solo_home)
linux.system("git clone https://github.com/Scalr/cookbooks.git %s" % solo_home, shell=True)
with open(solo_attr, "w+") as fp:
json.dump(
{
"run_list": ["recipe[scalarizr_proxy]"],
"scalarizr_proxy": {"scalr_addr": self._data["scalr_addr"], "whitelist": self._data["whitelist"]},
},
fp,
)
with open(solo_rb, "w+") as fp:
fp.write('file_cache_path "%s"\n' 'cookbook_path "%s/cookbooks"' % (solo_home, solo_home))
linux.system(
("chef-solo", "-c", solo_rb, "-j", solo_attr), close_fds=True, preexec_fn=os.setsid, log_level=logging.INFO
)
def _configure(self):
pkgmgr.installed('augeas-tools' if linux.os['family'] == 'Debian' else 'augeas')
augscript = '\n'.join([
'set /files/etc/sysctl.conf/net.ipv4.ip_forward 1',
'rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-ip6tables',
'rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-iptables',
'rm /files/etc/sysctl.conf/net.bridge.bridge-nf-call-arptables',
'save'
])
linux.system(('augtool',), stdin=augscript)
linux.system(('sysctl', '-p'))
if self._data['cidr']:
iptables.ensure({'POSTROUTING': [{
'table': 'nat',
'source': self._data['cidr'],
'not_destination': self._data['cidr'],
'jump': 'MASQUERADE'
}]})
solo_home = '/tmp/chef'
solo_rb = '%s/solo.rb' % solo_home
solo_attr = '%s/attr.json' % solo_home
pkgmgr.installed('git')
if os.path.exists(solo_home):
shutil.rmtree(solo_home)
linux.system('git clone https://github.com/Scalr/cookbooks.git %s' % solo_home, shell=True)
with open(solo_attr, 'w+') as fp:
json.dump({
'run_list': ['recipe[scalarizr_proxy]'],
'normal': {
'scalr_addr': self._data['scalr_addr'],
'whitelist': self._data['whitelist']
}
}, fp)
with open(solo_rb, 'w+') as fp:
fp.write(
'file_cache_path "%s"\n'
'cookbook_path "%s/cookbooks"' % (solo_home, solo_home)
)
linux.system(('chef-solo', '-c', solo_rb, '-j', solo_attr),
close_fds=True, preexec_fn=os.setsid)
def test_ensure(self, append_w, insert_w, list_w):
two_rules = [{
"source": "192.168.0.1/32",
"destination": "192.168.0.2/32",
"protocol": "tcp",
"match": "tcp",
"dport": "22",
"jump": "ACCEPT",
}, {
"in-interface": "eth1",
"match": "comment",
"comment": "my local LAN",
}]
# 1
iptables.chains["INPUT"].list.return_value = two_rules
iptables.ensure({"INPUT": [two_rules[0]]})
iptables.chains["INPUT"].list.assert_called_once_with()
assert not iptables.chains["INPUT"].insert.called
assert not iptables.chains["INPUT"].append.called
#
iptables.chains["INPUT"].list.reset_mock()
iptables.chains["INPUT"].insert.reset_mock()
iptables.chains["INPUT"].append.reset_mock()
# 2
iptables.chains["INPUT"].list.return_value = [two_rules[1]]
iptables.ensure({"INPUT": [two_rules[0]]})
iptables.chains["INPUT"].list.assert_called_once_with()
iptables.chains["INPUT"].insert.assert_called_once_with(
None, two_rules[0])
assert not iptables.chains["INPUT"].append.called
def test_ensure(self, append_w, insert_w, list_w):
two_rules = [{
"source": "192.168.0.1/32",
"destination": "192.168.0.2/32",
"protocol": "tcp",
"match": "tcp",
"dport": "22",
"jump": "ACCEPT",
},
{
"in-interface": "eth1",
"match": "comment",
"comment": "my local LAN",
}]
# 1
iptables.chains["INPUT"].list.return_value = two_rules
iptables.ensure({"INPUT": [two_rules[0]]})
iptables.chains["INPUT"].list.assert_called_once_with()
assert not iptables.chains["INPUT"].insert.called
assert not iptables.chains["INPUT"].append.called
#
iptables.chains["INPUT"].list.reset_mock()
iptables.chains["INPUT"].insert.reset_mock()
iptables.chains["INPUT"].append.reset_mock()
# 2
iptables.chains["INPUT"].list.return_value = [two_rules[1]]
iptables.ensure({"INPUT": [two_rules[0]]})
iptables.chains["INPUT"].list.assert_called_once_with()
iptables.chains["INPUT"].insert.assert_called_once_with(None, two_rules[0])
assert not iptables.chains["INPUT"].append.called