-
Notifications
You must be signed in to change notification settings - Fork 141
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature/rebuild fully tested #108
Feature/rebuild fully tested #108
Conversation
This commit creates a chain resource which will handle default chains, different values and other situations without throwing errors Also includes full unit testing of the resource and library Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
This commit restores and attempts to retain compatability with existing resources, while not all are possible it does alert where items are no longer supported and have been deprecated Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
…let's keep that for testing Signed-off-by: Jason Field <jason@avon-lea.co.uk>
@tas50 will write some docs around this tomorrow if I get time, Documentation plans are:
I have restored as well travis for now (Note, travis also only ran |
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
@tas50 ready for a review on this one, will sort out resources for the other recipes if this goes ahead |
This commit will line up the properties with the properties that previously existed Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Adds the resource iptables_packages to manage installing iptables on the desired system Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Work in progress but adds tests for everything pretty much Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Left to fix is Centos-6 as some packages do not exist there we use, and any other tests that break, hopefully I can get this all green tomorrow and ready to merge in with full testing supported. Also want to extend the unit tests on the helper library for the few additional functions now in there |
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
Signed-off-by: Jason Field <jason@avon-lea.co.uk>
@bmhughes do you have any idea how to get this working on centos 6, I keep getting modules cannot be loaded errors (note |
@xorima ignore the last comment I'd help if I was on the right branch 🤦🏻♂️. It converges for me on vagrant, it fails on stopping when trying to unload the iptables kernel modules which I presume is the same error. It failed with module in use so I'm wondering if it's possible to do in docker? There are a few google hits around this. |
Yeah, the tests also fail mate, just banging my head against a wall, centos 6 support ends in november |
On vagrant it's failing the test because the iptable modules are missing and on docker it won't unload them, it's catch 22. The CentOS 6 vagrant image is missing the Docker I'm looking into but that seems more difficult with how the networking side of it works. |
If you want to take a stab at getting it in you have write access to my repo :) |
Will do, I have something that may work. I want to test with it a bit more tomorrow and I'll push it, still haven't given up on docker yet. |
Signed-off-by: Ben Hughes <bmhughes@bmhughes.co.uk>
Change CentOS 6 default behaviour to not unload the kernel modules on service stop. This fixes testing on Dokken and matches CentOS 7 and later and Fedora. Add the centos-6-helper recipe to the test cookbook to load the required modules that are missing in the default bento image. Signed-off-by: Ben Hughes <bmhughes@bmhughes.co.uk>
Signed-off-by: Ben Hughes <bmhughes@bmhughes.co.uk>
It's not perfect but that passes for me on Vagrant and Dokken now. edit: Hmm doesn't work on azure though with the image they have, I guess if we aren't super fussed about Vagrant testing we can remove the module part. |
Signed-off-by: Ben Hughes <bmhughes@bmhughes.co.uk>
Signed-off-by: <bmhughes@bmhughes.co.uk>
Signed-off-by: Ben Hughes <bmhughes@bmhughes.co.uk>
Signed-off-by: Ben Hughes <bmhughes@bmhughes.co.uk>
Signed-off-by: Ben Hughes <bmhughes@bmhughes.co.uk>
That needs a serious squash but it passes on CI/dokken/vagrant now. |
I don't think so as it's all a workaround for Kitchen on various platforms and I believe it shouldn't be relevant for a 'proper' system. Without spinning up a full CentOS 6 VM to test with I never remember having to manually load the modules.
I don't feel bad changing the default behaviour on CentOS 6 a bit as they removed unloading the modules upstream going forward anyway. |
I'm ok with retaining the history. It's huge, but this way we don't squash out valuable information later. Thanks for doing all this @xorima. |
Description
The current iteration of the cookbook does not expose all the common parts of a rule and has used
-m comment
while match does not prefix with the-m
.This commit totally rewrites the cookbook and is still a work in progress, opening for comments and thoughts
This will also migrate the cookbook to github actions for testing
Things still to do:
iptables_rule
, such as aiptables_tcp_rule
which will add properties for the options the tcp matcher providesIssues Resolved
[List any existing issues this PR resolves]
Check List