[英]How to read IPs/Subnets from file and use in Chef firewall recipe
我想在本地系統上使用文件來使用Chef填充UFW防火牆規則。 firewall配方( https://supermarket.chef.io/cookbooks/firewall )具有執行此功能的功能,但是在嘗試將變量傳遞給塊時出現錯誤。
如果我對IP地址/子網進行硬編碼,則一切正常。 如果我將完全相同的IP /子網放入文件中,則會收到“無效IP地址”錯誤。
在下面的代碼中,將執行第一個firewall_rule塊,但不會執行帶有"#{subnet}"的第二個及后續塊。 我也嘗試過直接傳遞變量,而不是用字符串替換傳遞相同的結果。
# Try to read from the client list of IPs
if File.exist?("/secure/targs/client.lst") then
File.open("/secure/targs/client.lst", "r") do |subnets|
subnets.each_line do |subnet|
# Only allow outbound connection to in-scope targs
firewall_rule 'client-out-ether' do
interface 'eno1'
destination "10.0.0.128/25"
direction :out
command :allow
end
firewall_rule 'client-out-wifi' do
interface 'wlp58s0'
destination "#{subnet}"
direction :out
command :allow
end
# Allow inbound connections from in-scope targs
# Ideally we scope this to specific ports
# OR remove this and do it manually as needed
firewall_rule 'client-in-eth' do
dest_interface 'eno0'
source "#{subnet}"
command :allow
end
firewall_rule 'client-in-wifi' do
dest_interface 'wlp58s0'
source "#{subnet}"
command :allow
end
end
end
# Default allow all out on client interfaces if scope not defined
else
firewall_rule 'client-out-ether' do
interface 'eno1'
direction :out
command :allow
end
firewall_rule 'client-out-wifi' do
interface 'wlp58s0'
direction :out
command :allow
end
end
我猜這是一個語法問題,但這似乎是正常的Ruby語法,應該可以使用。 似乎配方正在將提供的變量作為文字讀取?
該文件注入空格或控制字符。 做subnet.strip解決了這個問題。
Chef-在運行時從git repo讀取文件,並在配方中使用解析值
[英]Chef - Read a file from git repo at runtime and use parse value in recipe
如何使用 Chef 配方通過讀取 Shell 腳本來設置環境變量?
[英]How can you use a Chef recipe to set an environment variable by reading from Shell script?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.