Figuring out if IP addresses are public or private for use in chef recipes

943 views Asked by At

I'm using Chef to automate deployment of various SmartOS zones. I'm trying to figure out what the correct way of determining if a network interface has a public or private address and keeping track of that. For generic Apache Listen and NameVirtualHost directives the following is sufficient:

ips = []
links = %x{dladm show-vnic -o link | grep -v LINK}.strip.split("\n")
links.each do |link|
  ips << %x{ifconfig #{link} | grep inet | awk '{ print $2 }'}.strip
end

For ipfilter rules I need to have two different classes of rules. Rules that get applied to public interfaces and then apply a different set to private interfaces. Should I be passing all the interfaces to chef via the json configuration file rather than figuring it out inside recipes?

1

There are 1 answers

0
EnabrenTane On

ohai generates attribute data at runtime.

in particular you may be interested in

$ sudo ohai network/interfaces

and the related

node["network"]["interfaces"]

You will still have to reject RFC1918 inet4 addresses and check the link scope is global for inet6