229 |
229 |
self.setup_fabric()
|
230 |
230 |
self.logger.info("Setup firewall")
|
231 |
231 |
accept_ssh_from = self.config.get('Global', 'filter_access_network')
|
232 |
|
self.logger.debug("Block ssh except from %s" % accept_ssh_from)
|
233 |
|
cmd = """
|
234 |
|
local_ip=$(/sbin/ifconfig eth0 | grep 'inet addr:' | \
|
235 |
|
cut -d':' -f2 | cut -d' ' -f1)
|
236 |
|
iptables -A INPUT -s localhost -j ACCEPT
|
237 |
|
iptables -A INPUT -s $local_ip -j ACCEPT
|
238 |
|
iptables -A INPUT -s {0} -p tcp --dport 22 -j ACCEPT
|
239 |
|
iptables -A INPUT -p tcp --dport 22 -j DROP
|
240 |
|
""".format(accept_ssh_from)
|
241 |
|
_run(cmd, False)
|
|
232 |
if accept_ssh_from != "":
|
|
233 |
self.logger.debug("Block ssh except from %s" % accept_ssh_from)
|
|
234 |
cmd = """
|
|
235 |
local_ip=$(/sbin/ifconfig eth0 | grep 'inet addr:' | \
|
|
236 |
cut -d':' -f2 | cut -d' ' -f1)
|
|
237 |
iptables -A INPUT -s localhost -j ACCEPT
|
|
238 |
iptables -A INPUT -s $local_ip -j ACCEPT
|
|
239 |
iptables -A INPUT -s {0} -p tcp --dport 22 -j ACCEPT
|
|
240 |
iptables -A INPUT -p tcp --dport 22 -j DROP
|
|
241 |
""".format(accept_ssh_from)
|
|
242 |
_run(cmd, False)
|
242 |
243 |
|
243 |
244 |
def _find_image(self):
|
244 |
245 |
"""Find a suitable image to use
|
... | ... | |
275 |
276 |
|
276 |
277 |
@_check_fabric
|
277 |
278 |
def _copy_ssh_keys(self):
|
|
279 |
if not self.config.has_option("Deployment", "ssh_keys"):
|
|
280 |
return
|
278 |
281 |
authorized_keys = self.config.get("Deployment",
|
279 |
282 |
"ssh_keys")
|
280 |
|
if os.path.exists(authorized_keys):
|
|
283 |
if authorized_keys != "" and os.path.exists(authorized_keys):
|
281 |
284 |
keyfile = '/tmp/%s.pub' % fabric.env.user
|
282 |
285 |
_run('mkdir -p ~/.ssh && chmod 700 ~/.ssh', False)
|
283 |
286 |
fabric.put(authorized_keys, keyfile)
|