Merge pull request #288 from firezone/284/network_cleanup

Add teardown recipe

.ci/functional_test.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-set -x
+set -ex
 
 # This script should be run from the app root
 
@@ -18,6 +18,8 @@ sudo firezone-ctl reconfigure
 sleep 10
 
 # Helpful for debugging
+sudo cat /var/log/firezone/nginx/current
+sudo cat /var/log/firezone/postgresql/current
 sudo cat /var/log/firezone/phoenix/current
 
 echo "Trying to load homepage"

README.md

@@ -156,7 +156,7 @@ listed above, follow these steps to setup and install Firezone:
    default['firezone']['ssl']['certificate_key'] = '/path/to/key.pem'
    ```
 6. Reconfigure the application to pick up the new changes: `sudo firezone-ctl reconfigure`.
-7. Finally, create an admin user with `sudo firezone-ctl create_admin`.
+7. Finally, create an admin user with `sudo firezone-ctl create-admin`.
    The login credentials will be printed to the console output.
 8. Now you should be able to log into the web UI at the FQDN you specified in
    step 5 above, e.g. `https://firezone.example.com`
@@ -177,15 +177,17 @@ Your Firezone installation can be managed via the `firezone-ctl` command, as sho
 root@demo:~# firezone-ctl
 I don't know that command.
 omnibus-ctl: command (subcommand)
-create_admin
-  Create an Admin user
 General Commands:
   cleanse
     Delete *all* firezone data, and start from scratch.
+  create-admin
+    Create an Admin user.
   help
     Print this help message.
   reconfigure
     Reconfigure the application.
+  reset-network
+    Resets nftables, WireGuard interface, and routing table back to Firezone defaults.
   show-config
     Show the configuration that would be generated by reconfigure.
   uninstall

omnibus/cookbooks/firezone/files/default/ctl-commands/create_admin.rb

@@ -1,12 +1,15 @@
+# frozen_string_literal: true
+
 require 'mixlib/shellout'
 
-add_command 'create_admin', 'Create an Admin user', 1 do
+add_command_under_category 'create-admin', 'general', 'Create an Admin user.', 2 do
   command = %W(
-  chef-client
-  -z
-  -l info
-  -c #{base_path}/embedded/cookbooks/solo.rb
-  -o recipe[firezone::create_admin])
+    chef-client
+    -z
+    -l info
+    -c #{base_path}/embedded/cookbooks/solo.rb
+    -o recipe[firezone::create_admin]
+  )
 
   result = run_command(command.join(" "))
   remove_old_node_state

omnibus/cookbooks/firezone/files/default/ctl-commands/reset_network.rb

@@ -2,14 +2,14 @@
 
 require "mixlib/shellout"
 
-add_command "reset_network", "Resets nftables, WireGuard interface, "\
-  "and routing table back to Firezone defaults", 1 do
+add_command_under_category "reset-network", "general", "Resets nftables, WireGuard interface, "\
+  "and routing table back to Firezone defaults.", 2 do
   command = %W(
     chef-client
     -z
     -l info
     -c #{base_path}/embedded/cookbooks/solo.rb
-    -o recipe[firezone::network]
+    -o recipe[firezone::teardown],recipe[firezone::network]
   )
 
   result = run_command(command.join(" "))

omnibus/cookbooks/firezone/recipes/network.rb

@@ -17,7 +17,6 @@ include_recipe 'line::default'
 require 'mixlib/shellout'
 
 wg_path = "#{node['firezone']['install_directory']}/embedded/bin/wg"
-nft_path = "#{node['firezone']['install_directory']}/embedded/sbin/nft"
 awk_path = "#{node['firezone']['install_directory']}/embedded/bin/awk"
 wg_interface = node['firezone']['wireguard']['interface_name']
 private_key_path = "#{node['firezone']['var_directory']}/cache/wg_private_key"

omnibus/cookbooks/firezone/recipes/teardown.rb

@@ -0,0 +1,33 @@
+# frozen_string_literal: true
+
+# Cookbook:: firezone
+# Recipe:: teardown
+#
+# Copyright:: 2021, Firezone, All Rights Reserved.
+
+# Teardown all the network settings. Used during uninstall.
+
+include_recipe 'firezone::config'
+
+require 'mixlib/shellout'
+
+wg_interface = node['firezone']['wireguard']['interface_name']
+nft_path = "#{node['firezone']['install_directory']}/embedded/sbin/nft"
+
+# Delete wireguard interface if exists
+wg_exists = Mixlib::ShellOut.new("ip link show dev #{wg_interface}")
+wg_exists.run_command
+if wg_exists.status.exitstatus == 1
+  execute 'delete_wireguard_interface' do
+    command "ip link delete dev #{wg_interface}"
+  end
+end
+
+# Delete firewall table
+table_exists_cmd = Mixlib::ShellOut.new("#{nft_path} list table inet firezone")
+table_exists_cmd.run_command
+if table_exists_cmd.status.exitstatus.zero?
+  execute 'delete_firewall_table' do
+    command "#{nft_path} delete table inet firezone"
+  end
+end

scripts/uninstall.sh

@@ -1,6 +1,9 @@
 #!/bin/sh
 
-echo 'Removing all Firezone configuration data...'
+echo 'Removing Firezone network settings...'
+firezone-ctl teardown
+
+echo 'Removing all Firezone directories...'
 firezone-ctl cleanse yes
 
 echo 'Removing firezone package...'