Revision 1c75c4dd

b/ci/new_config
20 20
git_config_mail = synnefo@builder.dev.grnet.gr
21 21
# Url to fetch ssh public keys
22 22
public_ssh_keys_url =
23
# Network address from which we allow access to server
24
filter_access_network = 195.251.29.0/24,62.217.123.39
23
# Network address from which we allow access to server. If not set, access
24
# to server is not restricted.
25
filter_access_network =
25 26
# Config file to save temporary options (eg IPs, passwords etc)
26 27
temporary_config = /tmp/ci_temp_conf
27 28

  
b/ci/utils.py
229 229
        self.setup_fabric()
230 230
        self.logger.info("Setup firewall")
231 231
        accept_ssh_from = self.config.get('Global', 'filter_access_network')
232
        self.logger.debug("Block ssh except from %s" % accept_ssh_from)
233
        cmd = """
234
        local_ip=$(/sbin/ifconfig eth0 | grep 'inet addr:' | \
235
            cut -d':' -f2 | cut -d' ' -f1)
236
        iptables -A INPUT -s localhost -j ACCEPT
237
        iptables -A INPUT -s $local_ip -j ACCEPT
238
        iptables -A INPUT -s {0} -p tcp --dport 22 -j ACCEPT
239
        iptables -A INPUT -p tcp --dport 22 -j DROP
240
        """.format(accept_ssh_from)
241
        _run(cmd, False)
232
        if accept_ssh_from != "":
233
            self.logger.debug("Block ssh except from %s" % accept_ssh_from)
234
            cmd = """
235
            local_ip=$(/sbin/ifconfig eth0 | grep 'inet addr:' | \
236
                cut -d':' -f2 | cut -d' ' -f1)
237
            iptables -A INPUT -s localhost -j ACCEPT
238
            iptables -A INPUT -s $local_ip -j ACCEPT
239
            iptables -A INPUT -s {0} -p tcp --dport 22 -j ACCEPT
240
            iptables -A INPUT -p tcp --dport 22 -j DROP
241
            """.format(accept_ssh_from)
242
            _run(cmd, False)
242 243

  
243 244
    def _find_image(self):
244 245
        """Find a suitable image to use
......
275 276

  
276 277
    @_check_fabric
277 278
    def _copy_ssh_keys(self):
279
        if not self.config.has_option("Deployment", "ssh_keys"):
280
            return
278 281
        authorized_keys = self.config.get("Deployment",
279 282
                                          "ssh_keys")
280
        if os.path.exists(authorized_keys):
283
        if authorized_keys != "" and os.path.exists(authorized_keys):
281 284
            keyfile = '/tmp/%s.pub' % fabric.env.user
282 285
            _run('mkdir -p ~/.ssh && chmod 700 ~/.ssh', False)
283 286
            fabric.put(authorized_keys, keyfile)

Also available in: Unified diff