Refactor the default recipe

chantra · Sep 1, 2014 · 1a37646 · 1a37646
1 parent 484e786
commit 1a37646
Showing 1 changed file with 30 additions and 86 deletions.
diff --git a/recipes/default.rb b/recipes/default.rb
@@ -58,29 +58,32 @@
   end
 end
 
-case node['platform_family']
-when 'debian'
-  iptable_rules = '/etc/iptables-rules'
-  ip6table_rules = '/etc/ip6tables-rules'
-when 'rhel', 'fedora'
-  iptable_rules = '/etc/sysconfig/iptables'
-  ip6table_rules = '/etc/sysconfig/ip6tables'
-end
+# maps protocol version to a character that will be used to differentiate
+# iptables* (ipv4) and ip6tables* (ipv6)
+v2s = {'ipv4' => '', 'ipv6' => '6'}
+
+node["simple_iptables"]["ip_versions"].each do |ip_version|
+  v = v2s[ip_version]
+  case node['platform_family']
+  when 'debian'
+    iptable_rules = "/etc/ip#{v}tables-rules"
+  when 'rhel', 'fedora'
+    iptable_rules = "/etc/sysconfig/ip#{v}tables"
+  end
 
-if node["simple_iptables"]["ip_versions"].include?("ipv4")
-  ruby_block "test-iptables" do
+  ruby_block "test-ip#{v}tables" do
     block do
-      cmd = Mixlib::ShellOut.new("iptables-restore --test < #{iptable_rules}",
+      cmd = Mixlib::ShellOut.new("ip#{v}tables-restore --test < #{iptable_rules}",
                                  :user => "root")
       cmd.run_command
       if !Array(cmd.valid_exit_codes).include?(cmd.exitstatus)
         msg = <<-eos
-  iptables-restore exited with code #{cmd.exitstatus} while testing new rules
-  STDOUT:
-  #{cmd.stdout}
-  STDERR:
-  #{cmd.stderr}
-  eos
+ip#{v}tables-restore exited with code #{cmd.exitstatus} while testing new rules
+STDOUT:
+#{cmd.stdout}
+STDERR:
+#{cmd.stderr}
+eos
         match = cmd.stderr.match /line:?\s*(\d+)/
         if match
           line_no = match[1].to_i
@@ -95,92 +98,33 @@
         raise msg
       end
     end
-    notifies :run, "execute[reload-iptables]"
+    notifies :run, "execute[reload-ip#{v}tables]"
     action :nothing
   end
 
-  execute "reload-iptables" do
-    command "iptables-restore < #{iptable_rules}"
+  execute "reload-ip#{v}tables" do
+    command "ip#{v}tables-restore < #{iptable_rules}"
     user "root"
     action :nothing
   end
 
   template iptable_rules do
-    source "iptables-rules.erb"
+    source "ip#{v}tables-rules.erb"
     cookbook "simple_iptables"
-    notifies :create, "ruby_block[test-iptables]"
+    notifies :create, "ruby_block[test-ip#{v}tables]"
     action :create
   end
-end
 
-if node["simple_iptables"]["ip_versions"].include?("ipv6")
-  ruby_block "test-ip6tables" do
-    block do
-      cmd = Mixlib::ShellOut.new("ip6tables-restore --test < #{ip6table_rules}",
-                                 :user => "root")
-      cmd.run_command
-      if !Array(cmd.valid_exit_codes).include?(cmd.exitstatus)
-        msg = <<-eos
-  ip6tables-restore exited with code #{cmd.exitstatus} while testing new rules
-  STDOUT:
-  #{cmd.stdout}
-  STDERR:
-  #{cmd.stderr}
-  eos
-        match = cmd.stderr.match /line:?\s*(\d+)/
-        if match
-          line_no = match[1].to_i
-          msg << "Line #{line_no}: #{IO.readlines(ip6table_rules)[line_no-1]}"
-        end
-        # Delete the file so that the next Chef run is forced to recreate it
-        # and retest it. Otherwise, if the rules remain unchanged, the template
-        # resource won't recreate the file, won't notify the test resource,
-        # and the Chef run will be allowed to complete successfully despite
-        # and invalid rule being present.
-        File.delete(ip6table_rules)
-        raise msg
-      end
-    end
-    notifies :run, "execute[reload-ip6tables]"
-    action :nothing
-  end
-
-  execute "reload-ip6tables" do
-    command "ip6tables-restore < #{ip6table_rules}"
-    user "root"
-    action :nothing
-  end
-
-  template ip6table_rules do
-    source "ip6tables-rules.erb"
-    cookbook "simple_iptables"
-    notifies :create, "ruby_block[test-ip6tables]"
-    action :create
-  end
-end
-
-case node['platform_family']
-when 'debian'
-
-  if node["simple_iptables"]["ip_versions"].include?("ipv4")
+  case node['platform_family']
+  when 'debian'
     # TODO: Generalize this for other platforms somehow
-    file "/etc/network/if-up.d/iptables-rules" do
-      owner "root"
-      group "root"
-      mode "0755"
-      content "#!/bin/bash\niptables-restore < #{iptable_rules}\n"
-      action :create
-    end
-  end
-
-  if node["simple_iptables"]["ip_versions"].include?("ipv6")
-    file "/etc/network/if-up.d/ip6tables-rules" do
+    file "/etc/network/if-up.d/ip#{v}tables-rules" do
       owner "root"
       group "root"
       mode "0755"
-      content "#!/bin/bash\nip6tables-restore < #{ip6table_rules}\n"
+      content "#!/bin/bash\nip#{v}tables-restore < #{iptable_rules}\n"
       action :create
     end
   end
-
 end
+