Teardown recipe

.ci/functional_test.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-set -x
+set -ex
 
 # This script should be run from the app root
 
@@ -18,6 +18,8 @@ sudo firezone-ctl reconfigure
 sleep 10
 
 # Helpful for debugging
+sudo cat /var/log/firezone/nginx/current
+sudo cat /var/log/firezone/postgresql/current
 sudo cat /var/log/firezone/phoenix/current
 
 echo "Trying to load homepage"

omnibus/cookbooks/firezone/files/default/ctl-commands/create_admin.rb

@@ -1,12 +1,15 @@
+# frozen_string_literal: true
+
 require 'mixlib/shellout'
 
-add_command 'create_admin', 'Create an Admin user', 1 do
+add_command 'create-admin', 'Create an Admin user', 1 do
   command = %W(
-  chef-client
-  -z
-  -l info
-  -c #{base_path}/embedded/cookbooks/solo.rb
-  -o recipe[firezone::create_admin])
+    chef-client
+    -z
+    -l info
+    -c #{base_path}/embedded/cookbooks/solo.rb
+    -o recipe[firezone::create_admin]
+  )
 
   result = run_command(command.join(" "))
   remove_old_node_state

omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb

@@ -2,14 +2,14 @@
 
 require "mixlib/shellout"
 
-add_command "reset_network", "Resets nftables, WireGuard interface, "\
+add_command "reset-network", "Resets nftables, WireGuard interface, "\
   "and routing table back to Firezone defaults", 1 do
   command = %W(
     chef-client
     -z
     -l info
     -c #{base_path}/embedded/cookbooks/solo.rb
-    -o recipe[firezone::network]
+    -o recipe[firezone::teardown],recipe[firezone::network]
   )
 
   result = run_command(command.join(" "))

omnibus/cookbooks/firezone/recipes/network.rb

@@ -17,7 +17,6 @@ include_recipe 'line::default'
 require 'mixlib/shellout'
 
 wg_path = "#{node['firezone']['install_directory']}/embedded/bin/wg"
-nft_path = "#{node['firezone']['install_directory']}/embedded/sbin/nft"
 awk_path = "#{node['firezone']['install_directory']}/embedded/bin/awk"
 wg_interface = node['firezone']['wireguard']['interface_name']
 private_key_path = "#{node['firezone']['var_directory']}/cache/wg_private_key"

omnibus/cookbooks/firezone/recipes/teardown.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# Cookbook:: firezone
+# Recipe:: teardown
+#
+# Copyright:: 2021, Firezone, All Rights Reserved.
+
+# Teardown all the network settings. Used during uninstall.
+
+include_recipe 'firezone::config'
+
+require 'mixlib/shellout'
+
+wg_interface = node['firezone']['wireguard']['interface_name']
+nft_path = "#{node['firezone']['install_directory']}/embedded/sbin/nft"
+
+# Delete wireguard interface if exists
+wg_exists = Mixlib::ShellOut.new("ip link show dev #{wg_interface}")
+wg_exists.run_command
+if wg_exists.status.exitstatus == 1
+  execute 'delete_wireguard_interface' do
+    command "ip link delete dev #{wg_interface}"
+  end
+end
+
+# Delete firewall table
+table_exists_cmd = Mixlib::ShellOut.new("#{nft_path} list table inet firezone")
+table_exists_cmd.run_command
+if table_exists.status.exitstatus == 0
+  execute 'delete_firewall_table' do
+    command "#{nft_path} delete table inet firezone"
+  end
+end

scripts/uninstall.sh

@@ -1,6 +1,9 @@
 #!/bin/sh
 
-echo 'Removing all Firezone configuration data...'
+echo 'Removing Firezone network settings...'
+firezone-ctl teardown
+
+echo 'Removing all Firezone directories...'
 firezone-ctl cleanse yes
 
 echo 'Removing firezone package...'