class Pvcglue::Packages::Firewall

Public Instance Methods

install!() click to toggle source
# File lib/pvcglue/packages/firewall.rb, line 10
def install!
  connection.run!(:root, '', 'ufw disable; ufw --force reset; ufw allow ssh; ufw --force enable')
  # connection.run!(:root, '', 'ufw logging off')
  connection.run!(:root, '', 'ufw logging low')

  if has_role?(:lb)
    connection.run!(:root, '', 'ufw allow http')
    connection.run!(:root, '', 'ufw allow https')
  end

  unless has_role?(:manager)
    minion.cloud.minions.each do |other_minion_name, other_minion|
      next if other_minion_name == minion.machine_name
      next unless other_minion.provisioned?
      connection.run!(:root, '', "ufw allow from #{other_minion.private_ip}")
    end
  end

  set_minion_state
end
installed?() click to toggle source

Reference: manpages.ubuntu.com/manpages/xenial/en/man8/ufw-framework.8.html Examples: help.ubuntu.com/community/UFW

# File lib/pvcglue/packages/firewall.rb, line 6
def installed?
  get_minion_state
end
post_install_check?() click to toggle source
# File lib/pvcglue/packages/firewall.rb, line 31
def post_install_check?
  result = connection.run_get_stdout!(:root, '', 'ufw status verbose')
  result =~ /Status: active/ && result =~ /Default: deny \(incoming\), allow \(outgoing\)/
end