{"id":20263598,"url":"https://github.com/springerpe/chef_pe_network","last_synced_at":"2025-12-01T03:03:44.416Z","repository":{"id":19395749,"uuid":"22637155","full_name":"SpringerPE/chef_pe_network","owner":"SpringerPE","description":"Cookbook to manage the network (devices and MACs) and  iptables FW on the servers","archived":false,"fork":false,"pushed_at":"2014-09-01T16:28:02.000Z","size":289,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-01-14T04:44:33.593Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Ruby","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/SpringerPE.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-08-05T08:57:46.000Z","updated_at":"2015-11-25T10:46:15.000Z","dependencies_parsed_at":"2022-09-11T16:41:43.546Z","dependency_job_id":null,"html_url":"https://github.com/SpringerPE/chef_pe_network","commit_stats":null,"previous_names":[],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SpringerPE%2Fchef_pe_network","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SpringerPE%2Fchef_pe_network/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SpringerPE%2Fchef_pe_network/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/SpringerPE%2Fchef_pe_network/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/SpringerPE","download_url":"https://codeload.github.com/SpringerPE/chef_pe_network/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":241731744,"owners_count":20010781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-14T11:35:40.669Z","updated_at":"2025-12-01T03:03:44.386Z","avatar_url":"https://github.com/SpringerPE.png","language":"Ruby","readme":"# pe_network-cookbook\n\nCookbook to control network devices, physical mappings, internet addresses and firewall \nrules on a server. It can read all the attributes from a databag.\n\nWarning, For the moment, this cookbook does not control the GW!\n\n## Supported Platforms\n\n * Debian\n * Ubuntu\n * Centos\n\nThis cookbook does not work in Debian platforms with chef version 11.4\n\n## Attributes\n\nTo can define the attributes, or use a databag to read and setup all of them.\nFor instance, here you see the attribute file of this cookbook:\n\n```\n### Main databag attributes\ndefault[:pe_network][:data_bag] = 'network'\ndefault[:pe_network][:bag_name] = node[:hostname]\ndefault[:pe_network][:environment] = node[:chef_environment] ? node[:chef_environment] : \"_default\"\n\n### Network Definitions\ndefault[:pe_network][:udev] = \"/etc/udev/rules.d/70-persistent-net.rules\"\ndefault[:pe_network][:network] = {\n#\n# Linking an IP to a device:\n#  'eth0' =\u003e {\n#      :ip =\u003e \"192.168.1.2\",\n#      :network =\u003e \"192.168.1.0\",\n#      :mask =\u003e \"255.255.255.0\",\n#      :mac =\u003e \"08:00:27:84:ee:e7\",\n#      :mtu =\u003e \"1400\",\n#      :bcast =\u003e \"192.168.1.255\",\n#      :onboot =\u003e \"yes\"\n#  },\n#\n# Forcing the name of a device by the MAC:\n#  'eth1' =\u003e {\n#      :mac =\u003e \"08:00:27:84:ee:e7\"\n#  }\n}\n# Do not run the FW recipe by default\ndefault[:pe_network][:run_fw] = false\n\n### Firewall\ndefault[:pe_network][:firewall][:enabled] = true\ndefault[:pe_network][:firewall][:log] = true\n# DROP all input packets by defaut\ndefault[:pe_network][:firewall][:enable_input_drop] = true\n# DROP all output packets by defaut\ndefault[:pe_network][:firewall][:enable_output_drop] = false\n# Rules\ndefault[:pe_network][:firewall][:rules] = {\n   'allow ssh' =\u003e {\n      :direction =\u003e 'in',\n      :user =\u003e 'root',\n      :protocol =\u003e 'tcp',\n      :source =\u003e ['0.0.0.0/0'],\n      :dport =\u003e '22'\n    }\n#  '\u003crule name\u003e' =\u003e\n#     :direction =\u003e '\u003cin|out\u003e',\n#     :protocol =\u003e '\u003cudp|tcp|icmp\u003e',\n#     :user =\u003e '\u003clocal user from /etc/passwd\u003e',\n#     :interface =\u003e '\u003cdefault|all|eth0|eth1|br0|...\u003e',\n#     :source =\u003e '\u003cip|fqdn|chef search\u003e|['\u003cip|fqdn|chef search\u003e',...]'\u003e',\n#     :sport =\u003e '\u003cinteger(:integer))\u003e',\n#     :destination =\u003e '\u003cip|fqdn|chef search\u003e|['\u003cip|fqdn|chef search\u003e',...]'\u003e',\n#     :dport =\u003e '\u003cinteger(:integer)\u003e',\n#     :env =\u003e '\u003cproduction|staging|...\u003e',\n#     :options =\u003e ['disable_env_limit', 'disable_syntax_check', ...]\n}\n```\nAll the default value of the attributes are safe and the best way to define the \nparameters is using a databag.\n\n\n## Usage\n\nThe easy way is just use a databag to define the device mappings, ips and firewall rules. \nBe carefull defining the rules on the primary interface ... you can lost the connectivity \nin the middle of the chef convergence. So, you have to create a databag named `network` \nwith a file named equal as the node's name. In that file you can define all the attributes \nin json format, for example:\n\n```json\n{\n    \"id\": \"pe-network-berkshelf\",\n    \"_default\": {\n        \"network\": {\n           \"eth1\": {\n               \"ip\": \"192.168.1.2\",\n               \"mac\": \"08:00:27:84:ee:e7\",\n               \"mtu\": \"1400\"\n           }\n        },\n        \"firewall\": {\n            \"enabled\": true,\n            \"enable_input_drop\": true,\n            \"enable_output_drop\": false,\n            \"rules\": {\n                \"allow ssh\": {\n                    \"direction\": \"in\",\n                    \"user\": \"root\",\n                    \"protocol\": \"tcp\",\n                    \"source\": [\"0.0.0.0/0\"],\n                    \"dport\": \"22\"\n                },\n                \"allow web\": {\n                    \"direction\": \"in\",\n                    \"user\": \"root\",\n                    \"protocol\": \"tcp\",\n                    \"source\": [\"0.0.0.0/0\"],\n                    \"dport\": \"80\"\n                }\n        }\n    }\n}\n```\n\nThe configuration is pretty easy to understand. There are two parts, the first part `network` \nis to define the ifconfig parameters (it also supports Centos and RH):\n\n * `device` is the only mandatory attribute, the cookbook will assign the IP to it.\n * If there is a `mac`, it will change or create the udev rules to assure the mapping (even if the mac is not found).\n * You can define other attributes like:\n     * `mtu`\n     * `network`\n     * `mask`\n     * `bcast` \n\nIn the second part you can define all the firewall rules. You can use chef searchs in the source and destination attributes :\n\n * 'rule name' =\u003e\n     * `direction` =\u003e '\u003cin|out\u003e'  (*mandatory*)\n     * `protocol` =\u003e '\u003cudp|tcp|icmp\u003e' (*mandatory*)\n     * `user` =\u003e '\u003clocal user from /etc/passwd\u003e' (*mandatory*)\n     * `interface` =\u003e '\u003cdefault|all|eth0|eth1|br0|...\u003e'\n     * `source` =\u003e '\u003cip|fqdn|chef search\u003e|['\u003cip|fqdn|chef search\u003e',...]'\u003e' (*mandatory for `in` rules*)\n     * `sport` =\u003e '\u003cinteger(:integer))\u003e'\n     * `destination` =\u003e '\u003cip|fqdn|chef search\u003e|['\u003cip|fqdn|chef search\u003e',...]'\u003e' (*mandatory for `out` rules*)\n     * `dport` =\u003e '\u003cinteger(:integer)\u003e'\n     * `env` =\u003e '\u003cproduction|staging|...\u003e',\n     * `options` =\u003e ['disable_env_limit', 'disable_syntax_check', ...]\n\nYou can use chef searchs in the source and destination attributes. More info in the\nAFW's home site: https://github.com/jvehent/AFW\n\nTo apply the cookbook just include `pe_network` in your node's `run_list`:\n\n```json\n{\n  \"run_list\": [\n    \"recipe[pe_network::default]\"\n  ]\n}\n```\n\n## License and Authors\n\nAuthor:: Jose Riguera Lopez, Springer SBM (\u003cjose.riguera@springer.com\u003e)\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspringerpe%2Fchef_pe_network","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fspringerpe%2Fchef_pe_network","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fspringerpe%2Fchef_pe_network/lists"}