I'm using Chef to automate deployment of various SmartOS zones. I'm trying to figure out what the correct way of determining if a network interface has a public or private address and keeping track of that. For generic Apache Listen and NameVirtualHost directives the following is sufficient:
ips = []
links = %x{dladm show-vnic -o link | grep -v LINK}.strip.split("\n")
links.each do |link|
ips << %x{ifconfig #{link} | grep inet | awk '{ print $2 }'}.strip
end
For ipfilter rules I need to have two different classes of rules. Rules that get applied to public interfaces and then apply a different set to private interfaces. Should I be passing all the interfaces to chef via the json configuration file rather than figuring it out inside recipes?
ohai generates attribute data at runtime.
in particular you may be interested in
$ sudo ohai network/interfacesand the related
node["network"]["interfaces"]You will still have to reject RFC1918 inet4 addresses and check the link scope is global for inet6