我想使用本地系统上的文件来使用 Chef 填充 UFW 防火墙规则。firewall
食谱(https://supermarket.chef.io/cookbooks/firewall )具有执行此操作的功能,但是在尝试将变量传递给块时出现错误。
如果我对 IP 地址/子网进行硬编码,一切正常。如果我将完全相同的 IP/子网放入文件中,则会收到 Invalid IP Address 错误。
在下面的代码中,第一个firewall_rule
块将执行,但第二个和后续块"#{subnet}"
不执行。我也试过直接传递变量而不是字符串替换,结果相同。
# Try to read from the client list of IPs
if File.exist?("/secure/targs/client.lst") then
File.open("/secure/targs/client.lst", "r") do |subnets|
subnets.each_line do |subnet|
# Only allow outbound connection to in-scope targs
firewall_rule 'client-out-ether' do
interface 'eno1'
destination "10.0.0.128/25"
direction :out
command :allow
end
firewall_rule 'client-out-wifi' do
interface 'wlp58s0'
destination "#{subnet}"
direction :out
command :allow
end
# Allow inbound connections from in-scope targs
# Ideally we scope this to specific ports
# OR remove this and do it manually as needed
firewall_rule 'client-in-eth' do
dest_interface 'eno0'
source "#{subnet}"
command :allow
end
firewall_rule 'client-in-wifi' do
dest_interface 'wlp58s0'
source "#{subnet}"
command :allow
end
end
end
# Default allow all out on client interfaces if scope not defined
else
firewall_rule 'client-out-ether' do
interface 'eno1'
direction :out
command :allow
end
firewall_rule 'client-out-wifi' do
interface 'wlp58s0'
direction :out
command :allow
end
end
我猜这是一个语法问题,但这似乎是应该工作的正常 Ruby 语法。似乎配方正在将提供的变量作为文字读取?