def run(outdir, diff, no_write, no_exec, no_git):
kwargs = {'diff': diff, 'dry_run': no_write, 'remove_empty': True}
if any([
util.write_file(outdir, ff_ssl_catchall_file, ff_ssl_catchall_output, **kwargs),
util.write_file(outdir, ff_app_file, ff_app_output, **kwargs),
util.write_file(outdir, ff_redirect_file, ff_redirect_output, **kwargs),
util.write_file(outdir, appnode_catchall_file, appnode_catchall_output, **kwargs),
util.write_file(outdir, appnode_app_file, appnode_app_output, **kwargs),
]):
if os.geteuid() == 0:
util.cmd(('service', 'nginx', 'reload'), no_exec)
elif pwd.getpwuid(os.getuid())[0] == 'appctl':
util.cmd(('sudo', 'service', 'nginx', 'reload'), no_exec)
util.git_commit(outdir, 'nginx/caretakr.d/', no_git, 'nginx')
def run(outdir, diff, no_write, no_exec, no_git):
if util.write_file(outdir, 'ipsec-tools.conf',
_render_ipsec_tools(tunnels), no_write, diff):
if os.geteuid() == 0:
util.cmd(('/etc/ipsec-tools.conf',), no_exec)
if any([
util.write_file(outdir, 'racoon/psk.txt', _render_racoon_psk(tunnels), no_write, diff),
util.write_file(outdir, 'racoon/racoon.conf', _render_racoon(tunnels), no_write, diff),
]):
if os.geteuid() == 0:
util.cmd(('racoonctl', 'reload-config'), no_exec)
if util.write_file(outdir, 'network/interfaces.d/caretakr.ipsec.conf',
_render_interfaces(internal_interfaces), no_write, diff=True):
logger.warn("Automatic activation of interface changes not implemented!")
util.git_commit(outdir, ['ipsec-tools.conf',
'racoon/psk.txt', 'racoon/racoon.conf',
'network/interfaces.d/caretakr.ipsec.conf'], no_git, 'ipsec')
def run(outdir, diff, no_write, no_exec, no_git):
if any([
util.write_file(outdir, 'network/firewall', firewall_lines, no_write, diff),
util.write_file(outdir, 'network/firewall6', firewall6_lines, no_write, diff),
util.write_file(outdir, 'hosts.allow', hosts_allow_lines, no_write, diff),
]):
if os.geteuid() == 0:
if no_exec is True:
util.cmd(('/sbin/iptables-restore', '-t'), dry_run=False, stdin=firewall_lines)
util.cmd(('/sbin/ip6tables-restore', '-t'),
dry_run=False, stdin=firewall6_lines)
else:
util.cmd(('/sbin/iptables-restore'), dry_run=False, stdin=firewall_lines)
util.cmd(('/sbin/ip6tables-restore'), dry_run=False, stdin=firewall6_lines)
util.git_commit(outdir, ['network/firewall', 'network/firewall6', 'hosts.allow'],
no_git, 'firewall')
def run(outdir, diff, no_write, no_exec, no_git):
if util.write_file(outdir, 'keepalived/keepalived.conf', ze_output, no_write, diff):
if os.geteuid() == 0:
util.cmd(['service', 'keepalived', 'reload'], no_exec)
util.git_commit(outdir, 'keepalived/keepalived.conf', no_git, 'keepalived')