From 9f0009da96e50fc0faae373bbb4e734fc458a246 Mon Sep 17 00:00:00 2001 From: Jamil Bou Kheir Date: Tue, 5 Oct 2021 11:42:45 -0700 Subject: [PATCH] Teardown recipe --- .ci/functional_test.sh | 4 ++- .../default/ctl-commands/create_admin.rb | 15 +++++---- .../default/ctl-commands/reset_network.rb | 4 +-- omnibus/cookbooks/firezone/recipes/network.rb | 1 - .../cookbooks/firezone/recipes/teardown.rb | 33 +++++++++++++++++++ scripts/uninstall.sh | 5 ++- 6 files changed, 51 insertions(+), 11 deletions(-) create mode 100644 omnibus/cookbooks/firezone/recipes/teardown.rb diff --git a/.ci/functional_test.sh b/.ci/functional_test.sh index d504d19ae..3c0fb0229 100755 --- a/.ci/functional_test.sh +++ b/.ci/functional_test.sh @@ -1,5 +1,5 @@ #!/bin/bash -set -x +set -ex # This script should be run from the app root @@ -18,6 +18,8 @@ sudo firezone-ctl reconfigure sleep 10 # Helpful for debugging +sudo cat /var/log/firezone/nginx/current +sudo cat /var/log/firezone/postgresql/current sudo cat /var/log/firezone/phoenix/current echo "Trying to load homepage" diff --git a/omnibus/cookbooks/firezone/files/default/ctl-commands/create_admin.rb b/omnibus/cookbooks/firezone/files/default/ctl-commands/create_admin.rb index 6c16f37cd..9a62762b8 100644 --- a/omnibus/cookbooks/firezone/files/default/ctl-commands/create_admin.rb +++ b/omnibus/cookbooks/firezone/files/default/ctl-commands/create_admin.rb @@ -1,12 +1,15 @@ +# frozen_string_literal: true + require 'mixlib/shellout' -add_command 'create_admin', 'Create an Admin user', 1 do +add_command 'create-admin', 'Create an Admin user', 1 do command = %W( - chef-client - -z - -l info - -c #{base_path}/embedded/cookbooks/solo.rb - -o recipe[firezone::create_admin]) + chef-client + -z + -l info + -c #{base_path}/embedded/cookbooks/solo.rb + -o recipe[firezone::create_admin] + ) result = run_command(command.join(" ")) remove_old_node_state diff --git a/omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb b/omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb index 6fe333a44..10e9e86fb 100644 --- a/omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb +++ b/omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb @@ -2,14 +2,14 @@ require "mixlib/shellout" -add_command "reset_network", "Resets nftables, WireGuard interface, "\ +add_command "reset-network", "Resets nftables, WireGuard interface, "\ "and routing table back to Firezone defaults", 1 do command = %W( chef-client -z -l info -c #{base_path}/embedded/cookbooks/solo.rb - -o recipe[firezone::network] + -o recipe[firezone::teardown],recipe[firezone::network] ) result = run_command(command.join(" ")) diff --git a/omnibus/cookbooks/firezone/recipes/network.rb b/omnibus/cookbooks/firezone/recipes/network.rb index 9936466b7..dfa986b3a 100644 --- a/omnibus/cookbooks/firezone/recipes/network.rb +++ b/omnibus/cookbooks/firezone/recipes/network.rb @@ -17,7 +17,6 @@ include_recipe 'line::default' require 'mixlib/shellout' wg_path = "#{node['firezone']['install_directory']}/embedded/bin/wg" -nft_path = "#{node['firezone']['install_directory']}/embedded/sbin/nft" awk_path = "#{node['firezone']['install_directory']}/embedded/bin/awk" wg_interface = node['firezone']['wireguard']['interface_name'] private_key_path = "#{node['firezone']['var_directory']}/cache/wg_private_key" diff --git a/omnibus/cookbooks/firezone/recipes/teardown.rb b/omnibus/cookbooks/firezone/recipes/teardown.rb new file mode 100644 index 000000000..caa5fbeb8 --- /dev/null +++ b/omnibus/cookbooks/firezone/recipes/teardown.rb @@ -0,0 +1,33 @@ +# frozen_string_literal: true + +# Cookbook:: firezone +# Recipe:: teardown +# +# Copyright:: 2021, Firezone, All Rights Reserved. + +# Teardown all the network settings. Used during uninstall. + +include_recipe 'firezone::config' + +require 'mixlib/shellout' + +wg_interface = node['firezone']['wireguard']['interface_name'] +nft_path = "#{node['firezone']['install_directory']}/embedded/sbin/nft" + +# Delete wireguard interface if exists +wg_exists = Mixlib::ShellOut.new("ip link show dev #{wg_interface}") +wg_exists.run_command +if wg_exists.status.exitstatus == 1 + execute 'delete_wireguard_interface' do + command "ip link delete dev #{wg_interface}" + end +end + +# Delete firewall table +table_exists_cmd = Mixlib::ShellOut.new("#{nft_path} list table inet firezone") +table_exists_cmd.run_command +if table_exists.status.exitstatus == 0 + execute 'delete_firewall_table' do + command "#{nft_path} delete table inet firezone" + end +end diff --git a/scripts/uninstall.sh b/scripts/uninstall.sh index 1ab100d09..6bdf4aed5 100755 --- a/scripts/uninstall.sh +++ b/scripts/uninstall.sh @@ -1,6 +1,9 @@ #!/bin/sh -echo 'Removing all Firezone configuration data...' +echo 'Removing Firezone network settings...' +firezone-ctl teardown + +echo 'Removing all Firezone directories...' firezone-ctl cleanse yes echo 'Removing firezone package...'