Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
94
Merge Requests
10
Pipelines
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
2d520ecb
authored
Feb 25, 2013
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
one,firewall: public ip support added
parent
6065b04f
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
44 additions
and
27 deletions
+44
-27
firewall/models.py
+21
-12
one/models.py
+12
-10
one/templates/show.html
+4
-2
one/templates/vm-credentials.html
+1
-1
one/views.py
+6
-2
No files found.
firewall/models.py
View file @
2d520ecb
...
...
@@ -179,28 +179,37 @@ class Host(models.Model):
def
enable_net
(
self
):
self
.
groups
.
add
(
Group
.
objects
.
get
(
name
=
"netezhet"
))
def
add_port
(
self
,
proto
,
public
,
private
):
def
add_port
(
self
,
proto
,
public
,
private
=
0
):
proto
=
"tcp"
if
(
proto
==
"tcp"
)
else
"udp"
if
public
<
1024
:
raise
ValidationError
(
_
(
"Only ports above 1024 can be used."
))
for
host
in
Host
.
objects
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
):
if
host
.
rules
.
filter
(
nat
=
True
,
proto
=
proto
,
dport
=
public
):
if
self
.
shared_ip
:
if
public
<
1024
:
raise
ValidationError
(
_
(
"Only ports above 1024 can be used."
))
for
host
in
Host
.
objects
.
filter
(
pub_ipv4
=
self
.
pub_ipv4
):
if
host
.
rules
.
filter
(
nat
=
True
,
proto
=
proto
,
dport
=
public
):
raise
ValidationError
(
_
(
"Port
%
s
%
s is already in use."
)
%
(
proto
,
public
))
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
dport
=
public
,
proto
=
proto
,
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
nat_dport
=
private
,
host
=
self
,
foreign_network
=
VlanGroup
.
objects
.
get
(
name
=
settings
[
"default_vlangroup"
]))
else
:
if
self
.
rules
.
filter
(
proto
=
proto
,
dport
=
public
):
raise
ValidationError
(
_
(
"Port
%
s
%
s is already in use."
)
%
(
proto
,
public
))
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
dport
=
public
,
proto
=
proto
,
nat
=
True
,
accept
=
True
,
r_type
=
"host"
,
nat_dport
=
private
,
host
=
self
,
foreign_network
=
VlanGroup
.
objects
.
get
(
name
=
settings
[
"default_vlangroup"
]))
(
proto
,
public
))
rule
=
Rule
(
direction
=
'1'
,
owner
=
self
.
owner
,
dport
=
public
,
proto
=
proto
,
nat
=
False
,
accept
=
True
,
r_type
=
"host"
,
host
=
self
,
foreign_network
=
VlanGroup
.
objects
.
get
(
name
=
settings
[
"default_vlangroup"
]))
rule
.
full_clean
()
rule
.
save
()
def
del_port
(
self
,
proto
,
public
):
self
.
rules
.
filter
(
owner
=
self
.
owner
,
proto
=
proto
,
nat
=
True
,
self
.
rules
.
filter
(
owner
=
self
.
owner
,
proto
=
proto
,
host
=
self
,
dport
=
public
)
.
delete
()
def
list_ports
(
self
):
retval
=
[]
for
rule
in
self
.
rules
.
filter
(
owner
=
self
.
owner
,
nat
=
True
):
for
rule
in
self
.
rules
.
filter
(
owner
=
self
.
owner
):
retval
.
append
({
'proto'
:
rule
.
proto
,
'public'
:
rule
.
dport
,
'private'
:
rule
.
nat_dport
})
return
retval
...
...
one/models.py
View file @
2d520ecb
...
...
@@ -224,7 +224,7 @@ class Disk(models.Model):
return
u"
%
s (#
%
d)"
%
(
self
.
name
,
self
.
id
)
@staticmethod
def
update
():
def
update
(
delete
=
True
):
"""Get and register virtual disks from OpenNebula."""
import
subprocess
proc
=
subprocess
.
Popen
([
"/opt/occi.sh"
,
"storage"
,
"list"
],
...
...
@@ -244,7 +244,8 @@ class Disk(models.Model):
except
:
Disk
(
id
=
id
,
name
=
name
)
.
save
()
l
.
append
(
id
)
Disk
.
objects
.
exclude
(
id__in
=
l
)
.
delete
()
if
delete
:
Disk
.
objects
.
exclude
(
id__in
=
l
)
.
delete
()
class
Network
(
models
.
Model
):
"""Virtual networks automatically synchronized with OpenNebula."""
...
...
@@ -262,7 +263,7 @@ class Network(models.Model):
return
self
.
name
@staticmethod
def
update
(
delete
=
True
):
def
update
():
"""Get and register virtual networks from OpenNebula."""
import
subprocess
proc
=
subprocess
.
Popen
([
"/opt/occi.sh"
,
"network"
,
"list"
],
...
...
@@ -282,8 +283,7 @@ class Network(models.Model):
except
:
Network
(
id
=
id
,
name
=
name
)
.
save
()
l
.
append
(
id
)
if
delete
:
Network
.
objects
.
exclude
(
id__in
=
l
)
.
delete
()
Network
.
objects
.
exclude
(
id__in
=
l
)
.
delete
()
class
InstanceType
(
models
.
Model
):
...
...
@@ -413,9 +413,9 @@ class Instance(models.Model):
def
get_connect_host
(
self
):
"""Get public hostname."""
if
self
.
template
.
network
.
nat
:
return
'cloud'
return
self
.
firewall_host
.
pub_ipv4
else
:
return
self
.
ip
return
self
.
firewall_host
.
ipv4
def
get_connect_uri
(
self
):
"""Get access parameters in URI format."""
...
...
@@ -428,7 +428,7 @@ class Instance(models.Model):
pw
=
self
.
pw
return
(
"
%(proto)
s:cloud:
%(pw)
s:
%(host)
s:
%(port)
d"
%
{
"port"
:
port
,
"proto"
:
proto
,
"pw"
:
pw
,
"host"
:
self
.
firewall_host
.
pub_ipv4
})
"host"
:
host
})
except
:
return
...
...
@@ -541,11 +541,13 @@ class Instance(models.Model):
inst
.
save
()
inst
.
update_state
()
host
=
Host
(
vlan
=
Vlan
.
objects
.
get
(
name
=
template
.
network
.
name
),
owner
=
owner
,
shared_ip
=
True
)
owner
=
owner
)
host
.
hostname
=
hostname
host
.
mac
=
x
.
getElementsByTagName
(
"MAC"
)[
0
]
.
childNodes
[
0
]
.
nodeValue
host
.
ipv4
=
inst
.
ip
host
.
pub_ipv4
=
Vlan
.
objects
.
get
(
name
=
template
.
network
.
name
)
.
snat_ip
if
inst
.
template
.
network
.
nat
:
host
.
pub_ipv4
=
Vlan
.
objects
.
get
(
name
=
template
.
network
.
name
)
.
snat_ip
host
.
shared_ip
=
True
host
.
ipv6
=
"auto"
try
:
host
.
save
()
...
...
one/templates/show.html
View file @
2d520ecb
...
...
@@ -113,13 +113,13 @@
<tr>
<th>
{% trans "Protocol" %}
</th>
<th>
{% trans "Public port" %}
</th>
<th
colspan=
"2"
>
{% trans "Private port" %}
</th>
{% if i.template.network.nat %}
<th
colspan=
"2"
>
{% trans "Private port" %}
</th>
{%endif%}
</tr>
{% for port in ports %}
<tr>
<td>
{{port.proto}}
</td>
<td>
{{port.public}}
</td>
<td>
{{port.private}}
</td>
{% if i.template.network.nat %}
<td>
{{port.private}}
</td>
{%endif%}
<td>
<a
href=
"/vm/port_del/{{i.id}}/{{port.proto}}/{{port.public}}/"
>
{% trans "Delete" %}
</a>
</td>
...
...
@@ -135,9 +135,11 @@
<td>
<input
style=
"min-width:70px;width:70px;"
type=
"text"
name=
"public"
/>
</td>
{% if i.template.network.nat %}
<td>
<input
style=
"min-width:70px;width:70px;"
type=
"text"
name=
"private"
/>
</td>
{% endif %}
<td>
<input
type=
"submit"
style=
"min-width:3em"
value=
"{% trans "
Add
"
%}"
/>
</td>
...
...
one/templates/vm-credentials.html
View file @
2d520ecb
...
...
@@ -35,7 +35,7 @@
</tr>
<tr>
<th>
{% trans "IP" %}:
</th>
<td>
{{ i.
firewall_host.pub_ipv4
}}
</td>
<td>
{{ i.
get_connect_host
}}
</td>
</tr>
<tr>
<th>
{% trans "Port" %}:
</th>
...
...
one/views.py
View file @
2d520ecb
...
...
@@ -342,7 +342,11 @@ class VmPortAddView(View):
if
public
>=
22000
and
public
<
24000
:
raise
ValidationError
(
_
(
"Port number is in a restricted domain (22000 to 24000)."
))
inst
=
get_object_or_404
(
Instance
,
id
=
iid
,
owner
=
request
.
user
)
inst
.
firewall_host
.
add_port
(
proto
=
request
.
POST
[
'proto'
],
public
=
public
,
private
=
int
(
request
.
POST
[
'private'
]))
if
inst
.
template
.
network
.
nat
:
private
=
private
=
int
(
request
.
POST
[
'private'
])
else
:
private
=
0
inst
.
firewall_host
.
add_port
(
proto
=
request
.
POST
[
'proto'
],
public
=
public
,
private
=
private
)
messages
.
success
(
request
,
_
(
u"Port
%
d successfully added."
)
%
public
)
except
:
messages
.
error
(
request
,
_
(
u"Adding port failed."
))
...
...
@@ -361,7 +365,7 @@ def vm_port_del(request, iid, proto, public):
inst
=
get_object_or_404
(
Instance
,
id
=
iid
,
owner
=
request
.
user
)
try
:
inst
.
firewall_host
.
del_port
(
proto
=
proto
,
public
=
public
)
messages
.
success
(
request
,
_
(
u"Port
%
d
successfully removed."
)
%
public
)
messages
.
success
(
request
,
_
(
u"Port
%
s
successfully removed."
)
%
public
)
except
:
messages
.
error
(
request
,
_
(
u"Removing port failed."
))
return
redirect
(
'/vm/show/
%
d/'
%
int
(
iid
))
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment