Saruman Documentation



Similar documents
Dry Dock Documentation

depl Documentation Release depl contributors

Penetration Testing LAB Setup Guide

Source Code Management for Continuous Integration and Deployment. Version 1.0 DO NOT DISTRIBUTE

VOC Documentation. Release 0.1. Russell Keith-Magee

Authorize Sauce Documentation

CDH installation & Application Test Report

LAVA Project Update. Paul Larson

Python DNS Failover Documentation

Ulteo Open Virtual Desktop Installation

Tool & Asset Manager 2.0. User's guide 2015

Platform as a Service and Container Clouds

Repris de : Version Debian (de base)

Magento OpenERP Integration Documentation

Install guide for Websphere 7.0

Diablo 3 API Documentation

Why we Picked CF as the Basis for our Public Cloud Multi-Tenant Platform

Django FTP Deploy Documentation

Smarter Balanced Reporting (RFP 15) Developer Guide

Continuous Integration/Testing and why you should assume every change breaks your code

monoseq Documentation

System Requirements Orion

Pyak47 - Performance Test Framework. Release 1.2.1

Hadoop Data Warehouse Manual

Installation documentation for Ulteo Open Virtual Desktop

Liste d'adresses URL

Sun Management Center Change Manager Release Notes

Module Google Rich Snippets + Product Ratings and Reviews

Tivoli Endpoint Manager BigFix Dashboard

Other documents in this series are available at: servernotes.wazmac.com

SSL User Authentication with the HTTP Security Server

Windmill. Automated Testing for Web Applications

Administering Jive for Outlook

NOC PS manual. Copyright Maxnet All rights reserved. Page 1/45 NOC-PS Manuel EN version 1.3

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Penetration Testing LAB Setup Guide

Python and Google App Engine

python-escpos Documentation

Healthstone Monitoring System

Linux Terminal Server Project

Audit de sécurité avec Backtrack 5

Installing an open source version of MateCat

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Linux Embedded devices with PicoDebian Martin Noha

INUVIKA OVD INSTALLING INUVIKA OVD ON UBUNTU (TRUSTY TAHR)

Introduction. Created by Richard Bell 10/29/2014

TP : Configuration de routeurs CISCO

DevKey Documentation. Release 0.1. Colm O Connor

Embedded Based Web Server for CMS and Automation System

POB-JAVA Documentation

Kollaborate Server Installation Guide!! 1. Kollaborate Server! Installation Guide!

INSTALLATION GUIDE El Jefe 2.1 Document version: June 2014

SI455 Advanced Computer Networking. Lab2: Adding DNS and Servers (v1.0) Due 6 Feb by start of class

ALERT installation setup

1 Basic Configuration of Cisco 2600 Router. Basic Configuration Cisco 2600 Router

CommandCenter Secure Gateway

vmprof Documentation Release 0.1 Maciej Fijalkowski, Antonio Cuni, Sebastian Pawlus

Using GitHub for Rally Apps (Mac Version)

DevShop. Drupal Infrastructure in a Box. Jon Pugh CEO, Founder ThinkDrop Consulting Brooklyn NY

SunFDDI 6.0 on the Sun Enterprise Server

Tunnel Client FAQ. Table of Contents. Version 0v5, November 2014 Revised: Kate Lance Author: Karl Auer

Name Services (DNS): This is Quick rule will enable the Domain Name Services on the firewall.

Setting up IO Python Library on BeagleBone Black

ULTEO OPEN VIRTUAL DESKTOP UBUNTU (PRECISE PANGOLIN) SUPPORT

OnCommand Performance Manager 1.1

latest Release 0.2.6

École des Ponts Paristech DSI. Installing OpenVPN

ABRAHAM ARCHITECTURE OF A CLOUD SERVICE USING PYTHON TECHNOLOGIES

socketio Documentation

2. Boot using the Debian Net Install cd and when prompted to continue type "linux26", this will load the 2.6 kernel

Version Control using Git and Github. Joseph Rivera

Flask-SSO Documentation

Solaris 10 Documentation README

APPLICATION NOTE. How to build pylon applications for ARM

Creating a DUO MFA Service in AWS

You can choose to install the plugin through Magento Connect or by directly using the archive files.

citools Documentation

A SHORT INTRODUCTION TO DUPLICITY WITH CLOUD OBJECT STORAGE. Version

State of Maryland Health Insurance Exchange

Installing Proview on an Windows XP machine

Version control. with git and GitHub. Karl Broman. Biostatistics & Medical Informatics, UW Madison

OpenWRT - embedded Linux for wireless routers

Send TLM. Table of contents

AFW: Automating host-based firewalls with Chef

Cloud.com CloudStack Community Edition 2.1 Beta Installation Guide

The QueueMetrics Uniloader User Manual. Loway

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

Installation & Upgrade Guide

Embedded Linux development with Buildroot training 3-day session

ONLINE BACKUP MANAGER TROUBLESHOOTING MISSING BACKUP JOBS

FioranoMQ 9. High Availability Guide

Installing Booked scheduler on CentOS 6.5

pyownet Documentation

Introducing the Adafruit Bluefruit LE Sniffer

N1 Grid Service Provisioning System 5.0 User s Guide for the Linux Plug-In

Langages Orientés Objet Java

Transcription:

Saruman Documentation Release 0.3.0 Tycho Tatitscheff January 05, 2016

Contents 1 Saruman 3 1.1 Most important Urls.................................... 3 1.2 Technologies used..................................... 3 1.3 Available commands.................................... 3 1.4 AMQP json-rpc api..................................... 4 2 Options 5 2.1 Command line options................................... 5 3 Assumptions 7 4 Further reading 9 5 Improving saruman: report bugs, fork on github or email us 11 6 Credits 13 7 Information for developers of saruman 15 7.1 Running tests........................................ 15 7.2 Python versions...................................... 15 7.3 Necessary programs.................................... 15 8 Complete documentation from the source code 17 8.1 saruman package...................................... 17 9 Entrypoints for saruman 21 10 Changelog for Saruman 23 10.1 0.3.0 (2016-01-03)..................................... 23 10.2 0.2.3 (2016-01-03)..................................... 23 10.3 0.2.2 (2016-01-03)..................................... 23 10.4 0.2.1 (2016-01-03)..................................... 23 10.5 0.2.0 (2016-01-03)..................................... 23 10.6 0.1.2 (2016-01-03)..................................... 23 10.7 0.1.1 (2016-01-03)..................................... 23 10.8 0.1.0 (2016-01-03)..................................... 24 Python Module Index 25 i

ii

Saruman Documentation, Release 0.3.0 A simply logic, configuration based, distributable and reliable extended-firewall. Saruman is a extended firewall, meaning: firewall dns dhcp intruision detection reverse proxy) build by a former Iresam. It targets I-Resam need s first but should be enough flexible to be used elsewhere. saruman takes care of the boring bits for you. Here s an overview of the documentation we have for you. First the documentation on using saruman: Contents 1

Saruman Documentation, Release 0.3.0 2 Contents

CHAPTER 1 Saruman A simply logic, configuration based, distributable and reliable extended-firewall. Saruman is a extended firewall (meaning firewall + dns + dhcp +intruision detection + reverse proxy) build by a former Iresam. It targets I-Resam need s first but should be enough flexible to be used elsewhere. It still unstable and yet brings not that much. Try at your own risks. 1.1 Most important Urls The full documentation is at saruman.readthedocs.org We are on Pypi so we re only an pip install saruman away from installation on your computer. The code is at github.com/tychota/saruman. And... we re automatically being tested by Scrutinizer! 1.2 Technologies used Saruman does require Python 3, and if possible the newest version (Python3.5 for now) It does require an Celery broker : take RabbitMQ, it is good, fast and reliable. It does only works on a recent linux machine : it requires nftables and iproute2 so a linux 4+ kernel would be a necessity. 1.3 Available commands Saruman gives you three commands to manage the worker and one to run your firewall. Worker s commands must be run in root since they manage main parts of your system. Firewall s one doesn t need this. The commands are: saruman workers enable: start the celery workers on the machine. saruman workers disable: start the celery workers on the machine. saruman workers reload: restart the celery workers on the machine. 3

Saruman Documentation, Release 0.3.0 saruman firewall start: start the firewall 1.4 AMQP json-rpc api Still infant 4 Chapter 1. Saruman

CHAPTER 2 Options 2.1 Command line options These command line options are supported by the release commands (saruman workers enable, saruman workers enable, saruman workers enable, saruman firewall start). -v, --verbose -h, --help Run in verbose mode, printing a bit more, mostly only interesting for debugging. Display help text 5

Saruman Documentation, Release 0.3.0 6 Chapter 2. Options

CHAPTER 3 Assumptions Saruman originated at Iresam so there are some assumptions build-in that might or might not fit you but I m pretty sure it ll probably fit :-) In our case, saruman is run on a VM cluster so we have different VM handling different stuff For instance one for the netfilter firewall and router, one for dhcp, one for reverse proxy, one for admin site, one for AMQP broker so you have to tag the tasks you create so saruman could know which VM has to handle what. That s just the style we started with. Pretty clear and useful. 7

Saruman Documentation, Release 0.3.0 8 Chapter 3. Assumptions

CHAPTER 4 Further reading Mighty fine documementation, the stuff you re reading now. But some other suggestions, ideas and a different tone might help you improve your firewall. So here are some pointers to other material. And documentation on saruman as a project; for instance for reporting bugs and fixing the code: 9

Saruman Documentation, Release 0.3.0 10 Chapter 4. Further reading

CHAPTER 5 Improving saruman: report bugs, fork on github or email us Did you find a bug? Do you have an improvement? Do you have questions? We run saruman as a proper open source project on github at https://github.com/tychota/saruman, so you have three basic options: Report bugs or problems at https://github.com/tychota/saruman/issues! And feature requests too! Normally you ll get a quick reply within a day or so, depending on our relative timezones. If you don t get an answer within a few days, please send off a quick email to remind us. Or make a fork, fix the bug or add something and open a pull request. If you are going to fork saruman, take a look at Information for developers of saruman for setup and test running information. You can mail Tycho Tatitscheff if you want to ask a question, too. Or if you want to tell us about an idea you have. 11

Saruman Documentation, Release 0.3.0 12 Chapter 5. Improving saruman: report bugs, fork on github or email us

CHAPTER 6 Credits Tycho Tatitscheff is the originator and main author. Zest software for their releases manager and also for inspiration (copy paste of most docs). 13

Saruman Documentation, Release 0.3.0 14 Chapter 6. Credits

CHAPTER 7 Information for developers of saruman 7.1 Running tests We like to use Virtual env to get a simple environment and to use pytest to test. When you are in the root folder of your saruman checkout, do this: $ virtualenv ~/venv/saruman --python=`which python3.5` # Or a different python version. $ source ~/venv/firewall/bin/activate $ python setup.py test 7.2 Python versions The tests currently pass on python 3.4 and 3.5. Travis continuous integration tests 3.4 and 3.5 for us automatically. 7.3 Necessary programs To run the firewall and test, you need to have an AMQP broker! On ubuntu: $ sudo apt-get install rabbitmq 15

Saruman Documentation, Release 0.3.0 16 Chapter 7. Information for developers of saruman

CHAPTER 8 Complete documentation from the source code 8.1 saruman package 8.1.1 Subpackages saruman.actions package Submodules saruman.actions.start module saruman.app package Submodules saruman.app.queue module saruman.conf package Submodules saruman.conf.celery module saruman.helpers package Submodules saruman.helpers.check module saruman.helpers.check.get_celery_worker_status() saruman.helpers.config module saruman.helpers.error_handling module saruman.helpers.error_handling.error_handling(*args, **kwds) 17

Saruman Documentation, Release 0.3.0 saruman.helpers.exceptions module exception saruman.helpers.exceptions.firewallgenericerror Bases: exceptions.exception saruman.helpers.logger module saruman.tasks package Subpackages saruman.tasks.iproute2 package Submodules saruman.tasks.iproute2.interfaces module saruman.tasks.kernel package Submodules saruman.tasks.kernel.modprobe module tasks.kernel.modprobe Contains all the functionalities that help loading or unloading a kernel module class saruman.tasks.kernel.modprobe.check Bases: celery.app.task.task Tache de vérification de l activation d un module dans le kernel Vérifie si le module module_name est activé dans le kernel. Se réfère à une liste des modules autorisés (ainsi, l utilisateur ne peut pas supprimer le module du filesystem par exemple). La tache tourne dans un context (:py:func:error_handling) qui gère les erreurs acks_late = False ignore_result = False name = kernel.modules.check rate_limit = None request_stack = <celery.utils.threads._localstack object> run(module_name) Parameters module_name (str) le nom du module à checker Returns oui si le module est activé, non sinon Return type bool send_error_emails = False 18 Chapter 8. Complete documentation from the source code

Saruman Documentation, Release 0.3.0 serializer = json store_errors_even_if_ignored = False track_started = False class saruman.tasks.kernel.modprobe.add Bases: celery.app.task.task Tache de vérification de l activation d un module dans le kernel Vérifie si le module module_name est activé dans le kernel. Se réfère à une liste des modules autorisés (ainsi, l utilisateur ne peut pas supprimer le module du filesystem par exemple). La tache tourne dans un context (:py:func:error_handling) qui gère les erreurs acks_late = False ignore_result = False name = kernel.modules.add rate_limit = None request_stack = <celery.utils.threads._localstack object> run(module_name) Parameters module_name (str) le nom du module à checker send_error_emails = False serializer = json store_errors_even_if_ignored = False track_started = False class saruman.tasks.kernel.modprobe.addwithargs Bases: celery.app.task.task Tache de vérification de l activation d un module dans le kernel Vérifie si le module module_name est activé dans le kernel. Se réfère à une liste des modules autorisés (ainsi, l utilisateur ne peut pas supprimer le module du filesystem par exemple). La tache tourne dans un context (:py:func:error_handling) qui gère les erreurs acks_late = False ignore_result = False name = kernel.modules.addwithargs rate_limit = None request_stack = <celery.utils.threads._localstack object> run(module_name, module_args) Parameters module_name (str) le nom du module à checker module_args (dict) un dictionnaire d arguments send_error_emails = False 8.1. saruman package 19

Saruman Documentation, Release 0.3.0 serializer = json store_errors_even_if_ignored = False track_started = False class saruman.tasks.kernel.modprobe.remove Bases: celery.app.task.task acks_late = False ignore_result = False name = kernel.modules.remove rate_limit = None request_stack = <celery.utils.threads._localstack object> run(module_name) send_error_emails = False serializer = json store_errors_even_if_ignored = False track_started = False saruman.tasks.misc package Submodules saruman.tasks.misc.hello_world module 20 Chapter 8. Complete documentation from the source code

CHAPTER 9 Entrypoints for saruman Saruman use an unique cli-entrypoint, that use click to parse command line arguments 21

Saruman Documentation, Release 0.3.0 22 Chapter 9. Entrypoints for saruman

CHAPTER 10 Changelog for Saruman 10.1 0.3.0 (2016-01-03) big modifications of the documentation structure 10.2 0.2.3 (2016-01-03) fixing badges and coverage in testing 10.3 0.2.2 (2016-01-03) testing works 10.4 0.2.1 (2016-01-03) fixing a lot of nasty issues 10.5 0.2.0 (2016-01-03) adding sphinx documentation adding CI coverage fixing nasty unpack in modprobe.py 10.6 0.1.2 (2016-01-03) fixing some typo. 10.7 0.1.1 (2016-01-03) remove download urls as we use sdist 23

Saruman Documentation, Release 0.3.0 10.8 0.1.0 (2016-01-03) add zest.release to perform check on release an better automation add some yaml config files 24 Chapter 10. Changelog for Saruman

Python Module Index s saruman.actions.start, 17 saruman.app.queue, 17 saruman.conf.celery, 17 saruman.helpers.check, 17 saruman.helpers.config, 17 saruman.helpers.error_handling, 17 saruman.helpers.exceptions, 18 saruman.helpers.logger, 18 saruman.tasks.kernel.modprobe, 18 saruman.tasks.misc.hello_world, 20 25

Saruman Documentation, Release 0.3.0 26 Python Module Index

Index A acks_late (saruman.tasks.kernel.modprobe.add attribute), 19 acks_late (saruman.tasks.kernel.modprobe.addwithargs attribute), 19 acks_late (saruman.tasks.kernel.modprobe.check attribute), 18 acks_late (saruman.tasks.kernel.modprobe.remove attribute), 20 Add (class in saruman.tasks.kernel.modprobe), 19 AddWithArgs (class in saruman.tasks.kernel.modprobe), 19 C Check (class in saruman.tasks.kernel.modprobe), 18 E error_handling() (in module saruman.helpers.error_handling), 17 F FirewallGenericError, 18 G get_celery_worker_status() (in module saruman.helpers.check), 17 I ignore_result (saruman.tasks.kernel.modprobe.add attribute), 19 ignore_result (saruman.tasks.kernel.modprobe.addwithargs attribute), 19 ignore_result (saruman.tasks.kernel.modprobe.check attribute), 18 ignore_result (saruman.tasks.kernel.modprobe.remove attribute), 20 N name (saruman.tasks.kernel.modprobe.add attribute), 19 name (saruman.tasks.kernel.modprobe.addwithargs attribute), 19 name (saruman.tasks.kernel.modprobe.check attribute), 18 name (saruman.tasks.kernel.modprobe.remove attribute), 20 R rate_limit (saruman.tasks.kernel.modprobe.add attribute), 19 rate_limit (saruman.tasks.kernel.modprobe.addwithargs attribute), 19 rate_limit (saruman.tasks.kernel.modprobe.check attribute), 18 rate_limit (saruman.tasks.kernel.modprobe.remove attribute), 20 Remove (class in saruman.tasks.kernel.modprobe), 20 request_stack (saruman.tasks.kernel.modprobe.add attribute), 19 request_stack (saruman.tasks.kernel.modprobe.addwithargs attribute), 19 request_stack (saruman.tasks.kernel.modprobe.check attribute), 18 request_stack (saruman.tasks.kernel.modprobe.remove attribute), 20 run() (saruman.tasks.kernel.modprobe.add method), 19 27

Saruman Documentation, Release 0.3.0 run() (saruman.tasks.kernel.modprobe.addwithargs method), 19 track_started (saruman.tasks.kernel.modprobe.add at- run() (saruman.tasks.kernel.modprobe.check method), 18 tribute), 19 run() (saruman.tasks.kernel.modprobe.remove track_started (saruman.tasks.kernel.modprobe.addwithargs method), 20 attribute), 20 S track_started (saruman.tasks.kernel.modprobe.check saruman.actions.start (module), 17 saruman.app.queue (module), 17 attribute), 19 saruman.conf.celery (module), 17 track_started (saruman.tasks.kernel.modprobe.remove saruman.helpers.check (module), 17 saruman.helpers.config (module), 17 attribute), 20 saruman.helpers.error_handling (module), 17 saruman.helpers.exceptions (module), 18 saruman.helpers.logger (module), 18 saruman.tasks.kernel.modprobe (module), 18 saruman.tasks.misc.hello_world (module), 20 send_error_emails (saruman.tasks.kernel.modprobe.add attribute), 19 send_error_emails (saruman.tasks.kernel.modprobe.addwithargs attribute), 19 send_error_emails (saruman.tasks.kernel.modprobe.check attribute), 18 send_error_emails (saruman.tasks.kernel.modprobe.remove attribute), 20 serializer (saruman.tasks.kernel.modprobe.add attribute), 19 serializer (saruman.tasks.kernel.modprobe.addwithargs attribute), 19 serializer (saruman.tasks.kernel.modprobe.check attribute), 19 serializer (saruman.tasks.kernel.modprobe.remove attribute), 20 store_errors_even_if_ignored (saruman.tasks.kernel.modprobe.add attribute), 19 store_errors_even_if_ignored (saruman.tasks.kernel.modprobe.addwithargs attribute), 20 store_errors_even_if_ignored (saruman.tasks.kernel.modprobe.check attribute), 19 store_errors_even_if_ignored (saruman.tasks.kernel.modprobe.remove attribute), 20 T 28 Index

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information