summaryrefslogtreecommitdiff
path: root/lib/leap_cli
diff options
context:
space:
mode:
Diffstat (limited to 'lib/leap_cli')
-rw-r--r--lib/leap_cli/commands/compile.rb66
-rw-r--r--lib/leap_cli/commands/db.rb1
-rw-r--r--lib/leap_cli/macros/stunnel.rb13
3 files changed, 60 insertions, 20 deletions
diff --git a/lib/leap_cli/commands/compile.rb b/lib/leap_cli/commands/compile.rb
index 8f6c7769..c388e5c3 100644
--- a/lib/leap_cli/commands/compile.rb
+++ b/lib/leap_cli/commands/compile.rb
@@ -265,56 +265,86 @@ remove this directory if you don't use it.
# serial is any number less than 2^32 (4294967296)
#
def compile_zone_file
- provider = manager.env('default').provider
+ provider = manager.env('default').provider
hosts_seen = {}
- f = $stdout
- f.puts ZONE_HEADER % {:domain => provider.domain, :ns => provider.domain, :contact => provider.contacts.default.first.sub('@','.')}
- max_width = manager.nodes.values.inject(0) {|max, node| [max, relative_hostname(node.domain.full, provider).length].max }
- put_line = lambda do |host, line|
- host = '@' if host == ''
- f.puts("%-#{max_width}s %s" % [host, line])
- end
+ lines = []
+
+ #
+ # header
+ #
+ lines << ZONE_HEADER % {:domain => provider.domain, :ns => provider.domain, :contact => provider.contacts.default.first.sub('@','.')}
- f.puts ORIGIN_HEADER
+ #
+ # common records
+ #
+ lines << ORIGIN_HEADER
# 'A' records for primary domain
manager.nodes[:environment => '!local'].each_node do |node|
if node.dns['aliases'] && node.dns.aliases.include?(provider.domain)
- put_line.call "", "IN A #{node.ip_address}"
+ lines << ["@", "IN A #{node.ip_address}"]
end
end
-
# NS records
if provider['dns'] && provider.dns['nameservers']
provider.dns.nameservers.each do |ns|
- put_line.call "", "IN NS #{ns}."
+ lines << ["@", "IN NS #{ns}."]
end
end
- # all other records
+ # environment records
manager.environment_names.each do |env|
next if env == 'local'
nodes = manager.nodes[:environment => env]
next unless nodes.any?
- f.puts ENV_HEADER % (env.nil? ? 'default' : env)
+ spf = nil
+ lines << ENV_HEADER % (env.nil? ? 'default' : env)
nodes.each_node do |node|
if node.dns.public
- hostname = relative_hostname(node.domain.full, provider)
- put_line.call relative_hostname(node.domain.full, provider), "IN A #{node.ip_address}"
+ lines << [relative_hostname(node.domain.full, provider), "IN A #{node.ip_address}"]
end
if node.dns['aliases']
node.dns.aliases.each do |host_alias|
if host_alias != node.domain.full && host_alias != provider.domain
- put_line.call relative_hostname(host_alias, provider), "IN A #{node.ip_address}"
+ lines << [relative_hostname(host_alias, provider), "IN A #{node.ip_address}"]
end
end
end
if node.services.include? 'mx'
- put_line.call relative_hostname(node.domain.full_suffix, provider), "IN MX 10 #{relative_hostname(node.domain.full, provider)}"
+ mx_domain = relative_hostname(node.domain.full_suffix, provider)
+ lines << [mx_domain, "IN MX 10 #{relative_hostname(node.domain.full, provider)}"]
+ spf ||= [mx_domain, spf_record(node)]
end
end
+ lines << spf if spf
+ end
+
+ # print the lines
+ max_width = lines.inject(0) {|max, line| line.is_a?(Array) ? [max, line[0].length].max : max}
+ lines.each do |host, line|
+ if line.nil?
+ puts(host)
+ else
+ host = '@' if host == ''
+ puts("%-#{max_width}s %s" % [host, line])
+ end
end
end
+ #
+ # allow mail from any mx node, plus the webapp nodes.
+ #
+ # TODO: ipv6
+ #
+ def spf_record(node)
+ ips = node.nodes_like_me['services' => 'webapp'].values.collect {|n|
+ "ip4:" + n.ip_address
+ }
+ # TXT strings may not be longer than 255 characters, although
+ # you can chain multiple strings together.
+ strings = "v=spf1 MX #{ips.join(' ')} -all".scan(/.{1,255}/).join('" "')
+ %(IN TXT "#{strings}")
+ end
+
ENV_HEADER = %[
;;
;; ENVIRONMENT %s
diff --git a/lib/leap_cli/commands/db.rb b/lib/leap_cli/commands/db.rb
index e4fd3858..5703e4bd 100644
--- a/lib/leap_cli/commands/db.rb
+++ b/lib/leap_cli/commands/db.rb
@@ -40,7 +40,6 @@ module LeapCli; module Commands
def destroy_all_dbs(nodes)
ssh_connect(nodes) do |ssh|
ssh.run('/etc/init.d/bigcouch stop && test ! -z "$(ls /opt/bigcouch/var/lib/ 2> /dev/null)" && rm -r /opt/bigcouch/var/lib/* && echo "db destroyed" || echo "db already destroyed"')
- ssh.run('grep ^seq_dir /etc/leap/tapicero.yaml | cut -f2 -d\" | xargs rm -rv')
end
end
diff --git a/lib/leap_cli/macros/stunnel.rb b/lib/leap_cli/macros/stunnel.rb
index f16308c7..821bda38 100644
--- a/lib/leap_cli/macros/stunnel.rb
+++ b/lib/leap_cli/macros/stunnel.rb
@@ -49,12 +49,14 @@ module LeapCli
result = Config::ObjectList.new
node_list.each_node do |node|
if node.name != self.name || options[:include_self]
+ s_port = stunnel_port(port)
result["#{node.name}_#{port}"] = Config::Object[
'accept_port', @next_stunnel_port,
'connect', node.domain.internal,
- 'connect_port', stunnel_port(port),
+ 'connect_port', s_port,
'original_port', port
]
+ manager.connections.add(:from => @node.ip_address, :to => node.ip_address, :port => s_port)
@next_stunnel_port += 1
end
end
@@ -76,6 +78,15 @@ module LeapCli
}
end
+ #
+ # lists the ips that connect to this node, on particular ports.
+ #
+ def stunnel_firewall
+ manager.connections.select {|connection|
+ connection['to'] == @node.ip_address
+ }
+ end
+
private
#