• R/O
  • HTTP
  • SSH
  • HTTPS

grid-chef-repo: Commit

Grid環境構築用のChefリポジトリです。


Commit MetaInfo

Revisióne0627c6ec25cb8b4437eec84c4b8b616ec97923f (tree)
Tiempo2016-01-16 12:24:49
Autorwhitestar <whitestar@gaea...>
Commiterwhitestar

Log Message

add commons::tcp_wrappers recipe.

Cambiar Resumen

Diferencia incremental

--- a/cookbooks/commons/CHANGELOG.md
+++ b/cookbooks/commons/CHANGELOG.md
@@ -1,6 +1,10 @@
11 commons CHANGELOG
22 =================
33
4+0.4.0
5+-----
6+- add tcp_wrappers recipe.
7+
48 0.3.1
59 -----
610 - add some recipes.
--- a/cookbooks/commons/README.md
+++ b/cookbooks/commons/README.md
@@ -10,8 +10,11 @@ Requirements
1010
1111 Attributes
1212 ----------
13-
14-Nothing.
13+#### commons::default
14+|Key|Type|Description (with examples)|Default|
15+|:--|:--|:--|:--|
16+|`['commons']['tcp_wrappers']['host_allow']`|Array|Entries in /etc/hosts.allow (ver. 0.4.0 or later)|`[]`|
17+|`['commons']['tcp_wrappers']['host_deny']`|Array|Entries in /etc/hosts.deny (ver. 0.4.0 or later)|`[]`|
1518
1619 Usage
1720 -----
@@ -24,12 +27,13 @@ Usage
2427 - `Commons::PackageUtils::get_libbz2_pkg_name`
2528
2629 #### recipes
27-- `commons::apt` -
30+- `commons::apt` - sets up APT for Chef.
2831 - `commons::crond` - installs cron package and enables & starts the service.
2932 - `commons::httpd` - installs httpd package and enables & starts the service.
3033 - `commons::ntpd` - installs ntpd package and enables & starts the service.
3134 - `commons::platform_update` - updates all packages for platform.
32-- `commons::yum-epel` -
35+- `commons::tcp_wrappers` - sets up hosts.allow and hosts.deny. (ver. 0.4.0 or later)
36+- `commons::yum-epel` - installs YUM EPEL repository configuration.
3337
3438 License and Authors
3539 -------------------
--- /dev/null
+++ b/cookbooks/commons/attributes/default.rb
@@ -0,0 +1,22 @@
1+#
2+# Cookbook Name:: commons
3+# Attributes:: default
4+#
5+# Copyright 2016, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+default['commons']['tcp_wrappers']['hosts_allow'] = []
21+default['commons']['tcp_wrappers']['hosts_deny'] = []
22+
--- a/cookbooks/commons/metadata.rb
+++ b/cookbooks/commons/metadata.rb
@@ -4,7 +4,7 @@ maintainer_email ''
44 license 'Apache 2.0'
55 description 'Installs/Configures commons'
66 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
7-version '0.3.1'
7+version '0.4.0'
88
99 %w{ debian ubuntu centos redhat fedora }.each do |os|
1010 supports os
--- /dev/null
+++ b/cookbooks/commons/recipes/tcp_wrappers.rb
@@ -0,0 +1,31 @@
1+#
2+# Cookbook Name:: commons
3+# Recipe:: tcp_wrappers
4+#
5+# Copyright 2016, whitestar
6+#
7+# Licensed under the Apache License, Version 2.0 (the "License");
8+# you may not use this file except in compliance with the License.
9+# You may obtain a copy of the License at
10+#
11+# http://www.apache.org/licenses/LICENSE-2.0
12+#
13+# Unless required by applicable law or agreed to in writing, software
14+# distributed under the License is distributed on an "AS IS" BASIS,
15+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16+# See the License for the specific language governing permissions and
17+# limitations under the License.
18+#
19+
20+[
21+ 'hosts.allow',
22+ 'hosts.deny',
23+].each {|conf|
24+ template "/etc/#{conf}" do
25+ source "etc/#{conf}"
26+ owner 'root'
27+ group 'root'
28+ mode '0644'
29+ end
30+}
31+
--- /dev/null
+++ b/cookbooks/commons/templates/default/etc/hosts.allow
@@ -0,0 +1,17 @@
1+# /etc/hosts.allow: list of hosts that are allowed to access the system.
2+# See the manual pages hosts_access(5) and hosts_options(5).
3+#
4+# Example: ALL: LOCAL @some_netgroup
5+# ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
6+#
7+# If you're going to protect the portmapper use the name "portmap" for the
8+# daemon name. Remember that you can only use the keyword "ALL" and IP
9+# addresses (NOT host or domain names) for the portmapper, as well as for
10+# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
11+# for further information.
12+#
13+
14+<% node['commons']['tcp_wrappers']['hosts_allow'].each {|entry| -%>
15+<%= entry %>
16+<% } -%>
17+
--- /dev/null
+++ b/cookbooks/commons/templates/default/etc/hosts.deny
@@ -0,0 +1,24 @@
1+# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
2+# See the manual pages hosts_access(5) and hosts_options(5).
3+#
4+# Example: ALL: some.host.name, .some.domain
5+# ALL EXCEPT in.fingerd: other.host.name, .other.domain
6+#
7+# If you're going to protect the portmapper use the name "portmap" for the
8+# daemon name. Remember that you can only use the keyword "ALL" and IP
9+# addresses (NOT host or domain names) for the portmapper, as well as for
10+# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
11+# for further information.
12+#
13+# The PARANOID wildcard matches any host whose name does not match its
14+# address.
15+#
16+# You may wish to enable this to ensure any programs that don't
17+# validate looked up hostnames still leave understandable logs. In past
18+# versions of Debian this has been the default.
19+# ALL: PARANOID
20+
21+<% node['commons']['tcp_wrappers']['hosts_deny'].each {|entry| -%>
22+<%= entry %>
23+<% } -%>
24+
Show on old repository browser