Revision 1c75c4dd ci/utils.py
b/ci/utils.py | ||
---|---|---|
229 | 229 |
self.setup_fabric() |
230 | 230 |
self.logger.info("Setup firewall") |
231 | 231 |
accept_ssh_from = self.config.get('Global', 'filter_access_network') |
232 |
self.logger.debug("Block ssh except from %s" % accept_ssh_from) |
|
233 |
cmd = """ |
|
234 |
local_ip=$(/sbin/ifconfig eth0 | grep 'inet addr:' | \ |
|
235 |
cut -d':' -f2 | cut -d' ' -f1) |
|
236 |
iptables -A INPUT -s localhost -j ACCEPT |
|
237 |
iptables -A INPUT -s $local_ip -j ACCEPT |
|
238 |
iptables -A INPUT -s {0} -p tcp --dport 22 -j ACCEPT |
|
239 |
iptables -A INPUT -p tcp --dport 22 -j DROP |
|
240 |
""".format(accept_ssh_from) |
|
241 |
_run(cmd, False) |
|
232 |
if accept_ssh_from != "": |
|
233 |
self.logger.debug("Block ssh except from %s" % accept_ssh_from) |
|
234 |
cmd = """ |
|
235 |
local_ip=$(/sbin/ifconfig eth0 | grep 'inet addr:' | \ |
|
236 |
cut -d':' -f2 | cut -d' ' -f1) |
|
237 |
iptables -A INPUT -s localhost -j ACCEPT |
|
238 |
iptables -A INPUT -s $local_ip -j ACCEPT |
|
239 |
iptables -A INPUT -s {0} -p tcp --dport 22 -j ACCEPT |
|
240 |
iptables -A INPUT -p tcp --dport 22 -j DROP |
|
241 |
""".format(accept_ssh_from) |
|
242 |
_run(cmd, False) |
|
242 | 243 |
|
243 | 244 |
def _find_image(self): |
244 | 245 |
"""Find a suitable image to use |
... | ... | |
275 | 276 |
|
276 | 277 |
@_check_fabric |
277 | 278 |
def _copy_ssh_keys(self): |
279 |
if not self.config.has_option("Deployment", "ssh_keys"): |
|
280 |
return |
|
278 | 281 |
authorized_keys = self.config.get("Deployment", |
279 | 282 |
"ssh_keys") |
280 |
if os.path.exists(authorized_keys): |
|
283 |
if authorized_keys != "" and os.path.exists(authorized_keys):
|
|
281 | 284 |
keyfile = '/tmp/%s.pub' % fabric.env.user |
282 | 285 |
_run('mkdir -p ~/.ssh && chmod 700 ~/.ssh', False) |
283 | 286 |
fabric.put(authorized_keys, keyfile) |
Also available in: Unified diff