class Pvcglue::Packages::Firewall
Public Instance Methods
install!()
click to toggle source
# File lib/pvcglue/packages/firewall.rb, line 10 def install! connection.run!(:root, '', 'ufw disable; ufw --force reset; ufw allow ssh; ufw --force enable') # connection.run!(:root, '', 'ufw logging off') connection.run!(:root, '', 'ufw logging low') if has_role?(:lb) connection.run!(:root, '', 'ufw allow http') connection.run!(:root, '', 'ufw allow https') end unless has_role?(:manager) minion.cloud.minions.each do |other_minion_name, other_minion| next if other_minion_name == minion.machine_name next unless other_minion.provisioned? connection.run!(:root, '', "ufw allow from #{other_minion.private_ip}") end end set_minion_state end
installed?()
click to toggle source
Reference: manpages.ubuntu.com/manpages/xenial/en/man8/ufw-framework.8.html Examples: help.ubuntu.com/community/UFW
# File lib/pvcglue/packages/firewall.rb, line 6 def installed? get_minion_state end
post_install_check?()
click to toggle source
# File lib/pvcglue/packages/firewall.rb, line 31 def post_install_check? result = connection.run_get_stdout!(:root, '', 'ufw status verbose') result =~ /Status: active/ && result =~ /Default: deny \(incoming\), allow \(outgoing\)/ end