Class: Chef::Knife::BastionBase
- Inherits:
-
Chef::Knife
- Object
- Chef::Knife
- Chef::Knife::BastionBase
- Includes:
- Mixin::ShellOut
- Defined in:
- lib/chef/knife/bastion_base.rb
Direct Known Subclasses
Instance Method Summary collapse
- #initialize_params ⇒ Object
- #print_tunnel_info(header, timeout: nil, pid: nil) ⇒ Object
- #run ⇒ Object
- #tunnel_pid(local_port, raise_on_closed_port = true) ⇒ Object
Instance Method Details
#initialize_params ⇒ Object
8 9 10 11 12 13 14 |
# File 'lib/chef/knife/bastion_base.rb', line 8 def initialize_params @bastion_user = Chef::Config[:knife][:bastion_user] || ENV['CHEF_USER'] || ENV['USER'] @bastion_host = Chef::Config[:knife][:bastion_host] @bastion_network = Chef::Config[:knife][:bastion_network] @chef_host = URI.parse(Chef::Config[:chef_server_url]).host @local_port = Chef::Config[:knife][:bastion_local_port] || 4443 end |
#print_tunnel_info(header, timeout: nil, pid: nil) ⇒ Object
39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/chef/knife/bastion_base.rb', line 39 def print_tunnel_info(header, timeout: nil, pid: nil) ui.info <<-INFO #{header} * Bastion host: #{ui.color "#{@bastion_user}@#{@bastion_host}", [:bold, :white]} * Chef host: #{ui.color @chef_host, [:bold, :white]} * Local port: #{ui.color @local_port.to_s, [:bold, :white]} INFO if timeout ui.info <<-INFO * Timeout: #{ui.color timeout.to_s, [:bold, :white]} seconds INFO end if pid ui.info <<-INFO * Proxy PID: #{ui.color pid.to_s, [:bold, :white]} INFO end end |
#run ⇒ Object
58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 |
# File 'lib/chef/knife/bastion_base.rb', line 58 def run initialize_params # Retrieve proxy process PID. Raises an error if something is wrong proxy_pid = tunnel_pid(@local_port) print_tunnel_info("Found an esablished tunnel:", pid: proxy_pid) require 'socksify' TCPSocket::socks_server = "127.0.0.1" TCPSocket::socks_port = @local_port # This line will raise an exception if tunnel is broken rest.get_rest("/policies") ui.info ui.color("OK: ", :green) + "The tunnel is up and running" end |
#tunnel_pid(local_port, raise_on_closed_port = true) ⇒ Object
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
# File 'lib/chef/knife/bastion_base.rb', line 16 def tunnel_pid(local_port, raise_on_closed_port = true) # Check if local port is open, get proxy process PID pid_result = shell_out("lsof -nPt -i4TCP:#{local_port} -sTCP:LISTEN") unless pid_result.status.success? if raise_on_closed_port ui.fatal "Tunnel is not open on port #{local_port}" abort end return nil end proxy_pid = pid_result.stdout.chomp # Verify tunnel destination bastion_ip_addr = Resolv.getaddress(@bastion_host) dest_result = shell_out("lsof -an -p #{proxy_pid} -i4@#{bastion_ip_addr}:ssh") unless dest_result.status.success? ui.fatal "There is a process with PID #{proxy_pid} listening on port #{local_port}, but it does not look like a tunnel" abort end proxy_pid end |