[英]How to read IPs/Subnets from file and use in Chef firewall recipe
I want to use a file on a the local system to populate UFW firewall rules using Chef. 我想在本地系统上使用文件来使用Chef填充UFW防火墙规则。 The
firewall
recipe ( https://supermarket.chef.io/cookbooks/firewall ) has the functionality to do this but I get errors when trying to pass a variable to the blocks. firewall
配方( https://supermarket.chef.io/cookbooks/firewall )具有执行此功能的功能,但是在尝试将变量传递给块时出现错误。
If I hard code the IP addresses/subnets everything works fine. 如果我对IP地址/子网进行硬编码,则一切正常。 If I put that exact same IP/subnet into the file, I get an Invalid IP Address error.
如果我将完全相同的IP /子网放入文件中,则会收到“无效IP地址”错误。
In the code below the first firewall_rule
block will execute but the second and subsequent blocks with "#{subnet}"
do not. 在下面的代码中,将执行第一个
firewall_rule
块,但不会执行带有"#{subnet}"
的第二个及后续块。 I have also tried just passing the variable directly instead of with string substitution with the same results. 我也尝试过直接传递变量,而不是用字符串替换传递相同的结果。
# Try to read from the client list of IPs
if File.exist?("/secure/targs/client.lst") then
File.open("/secure/targs/client.lst", "r") do |subnets|
subnets.each_line do |subnet|
# Only allow outbound connection to in-scope targs
firewall_rule 'client-out-ether' do
interface 'eno1'
destination "10.0.0.128/25"
direction :out
command :allow
end
firewall_rule 'client-out-wifi' do
interface 'wlp58s0'
destination "#{subnet}"
direction :out
command :allow
end
# Allow inbound connections from in-scope targs
# Ideally we scope this to specific ports
# OR remove this and do it manually as needed
firewall_rule 'client-in-eth' do
dest_interface 'eno0'
source "#{subnet}"
command :allow
end
firewall_rule 'client-in-wifi' do
dest_interface 'wlp58s0'
source "#{subnet}"
command :allow
end
end
end
# Default allow all out on client interfaces if scope not defined
else
firewall_rule 'client-out-ether' do
interface 'eno1'
direction :out
command :allow
end
firewall_rule 'client-out-wifi' do
interface 'wlp58s0'
direction :out
command :allow
end
end
I am guessing this is a syntax issue but this seems to be normal Ruby syntax that should work. 我猜这是一个语法问题,但这似乎是正常的Ruby语法,应该可以使用。 It seems that maybe the recipe is reading the supplied variable as a literal?
似乎配方正在将提供的变量作为文字读取?
The file injects either whitespace or control characters. 该文件注入空格或控制字符。 Doing
subnet.strip
solved the problem. 做
subnet.strip
解决了这个问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.