堆栈内存溢出
  简体   繁体   English

如何从文件读取IP /子网并在Chef防火墙配方中使用

[英]How to read IPs/Subnets from file and use in Chef firewall recipe

 原文  2019-02-01 12:56:28       ruby/ chef/ firewall/ ufw

问题描述

I want to use a file on a the local system to populate UFW firewall rules using Chef. 我想在本地系统上使用文件来使用Chef填充UFW防火墙规则。 The firewall recipe ( https://supermarket.chef.io/cookbooks/firewall ) has the functionality to do this but I get errors when trying to pass a variable to the blocks. firewall配方( https://supermarket.chef.io/cookbooks/firewall )具有执行此功能的功能,但是在尝试将变量传递给块时出现错误。

If I hard code the IP addresses/subnets everything works fine. 如果我对IP地址/子网进行硬编码,则一切正常。 If I put that exact same IP/subnet into the file, I get an Invalid IP Address error. 如果我将完全相同的IP /子网放入文件中,则会收到“无效IP地址”错误。

In the code below the first firewall_rule block will execute but the second and subsequent blocks with "#{subnet}" do not. 在下面的代码中,将执行第一个firewall_rule块,但不会执行带有"#{subnet}"的第二个及后续块。 I have also tried just passing the variable directly instead of with string substitution with the same results. 我也尝试过直接传递变量,而不是用字符串替换传递相同的结果。 

# Try to read from the client list of IPs

if File.exist?("/secure/targs/client.lst") then
  File.open("/secure/targs/client.lst", "r") do |subnets|
    subnets.each_line do |subnet|

      # Only allow outbound connection to in-scope targs
      firewall_rule 'client-out-ether' do
        interface     'eno1'
        destination   "10.0.0.128/25"
        direction     :out
        command       :allow
      end

      firewall_rule 'client-out-wifi' do
        interface     'wlp58s0'
        destination   "#{subnet}"
        direction     :out
        command       :allow
      end

      # Allow inbound connections from in-scope targs
      # Ideally we scope this to specific ports
      # OR remove this and do it manually as needed
      firewall_rule 'client-in-eth' do
        dest_interface  'eno0'
        source          "#{subnet}"
        command         :allow
      end

      firewall_rule 'client-in-wifi' do
        dest_interface  'wlp58s0'
        source          "#{subnet}"
        command         :allow
      end
    end
  end

  # Default allow all out on client interfaces if scope not defined
  else
    firewall_rule 'client-out-ether' do
      interface 'eno1'
      direction :out
      command   :allow
    end

    firewall_rule 'client-out-wifi' do
      interface 'wlp58s0'
      direction :out
      command   :allow
    end
end

I am guessing this is a syntax issue but this seems to be normal Ruby syntax that should work. 我猜这是一个语法问题,但这似乎是正常的Ruby语法,应该可以使用。 It seems that maybe the recipe is reading the supplied variable as a literal? 似乎配方正在将提供的变量作为文字读取?

1 个解决方案

解决方案1
 0  2019-02-01 13:25:07

The file injects either whitespace or control characters. 该文件注入空格或控制字符。 Doing subnet.strip solved the problem. subnet.strip解决了这个问题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Chef-在运行时从git repo读取文件,并在配方中使用解析值 - Chef - Read a file from git repo at runtime and use parse value in recipe 从json读取时File.open在厨师配方中失败 - File.open failes in chef recipe when read from json 如何在厨师食谱中使用not_if - How to use not_if in a chef recipe 厨师食谱如何检查文件是否存在 - Chef Recipe How To Check If File Exists 如何在厨师食谱中选择数千个文件 - How to select thousands of file in chef recipe 如何使用 Chef 配方通过读取 Shell 脚本来设置环境变量? - How can you use a Chef recipe to set an environment variable by reading from Shell script? 通过从属性文件动态传递值来创建厨师配方 - Create chef recipe by passing values dynamically, from properties file 如何使用Ruby块在厨师食谱中分配变量 - How to use a Ruby block to assign variables in chef recipe 如何使用Chef食谱删除文件中的一行? - How do I delete a line in a file using Chef recipe? Chef:从文件中读取变量并在一个汇聚中使用它 - Chef: Read variable from file and use it in one converge
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM