Skip to content

CIRCLE / cloud

Go to a project
Commit 2d520ecb by Bach Dániel
Options

one,firewall: public ip support added

parent 6065b04f
Showing with 44 additions and 27 deletions
firewall/models.py
...@@ -179,28 +179,37 @@ class Host(models.Model): ...@@ -179,28 +179,37 @@ class Host(models.Model):
def enable_net(self): def enable_net(self):
self.groups.add(Group.objects.get(name="netezhet")) self.groups.add(Group.objects.get(name="netezhet"))
def add_port(self, proto, public, private): def add_port(self, proto, public, private = 0):
proto = "tcp" if (proto == "tcp") else "udp" proto = "tcp" if (proto == "tcp") else "udp"
if public < 1024: if self.shared_ip:
raise ValidationError(_("Only ports above 1024 can be used.")) if public < 1024:
for host in Host.objects.filter(pub_ipv4=self.pub_ipv4): raise ValidationError(_("Only ports above 1024 can be used."))
if host.rules.filter(nat=True, proto=proto, dport=public): for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
if host.rules.filter(nat=True, proto=proto, dport=public):
raise ValidationError(_("Port %s %s is already in use.") %
(proto, public))
rule = Rule(direction='1', owner=self.owner, dport=public,
proto=proto, nat=True, accept=True, r_type="host",
nat_dport=private, host=self, foreign_network=VlanGroup.
objects.get(name=settings["default_vlangroup"]))
else:
if self.rules.filter(proto=proto, dport=public):
raise ValidationError(_("Port %s %s is already in use.") % raise ValidationError(_("Port %s %s is already in use.") %
(proto, public)) (proto, public))
rule = Rule(direction='1', owner=self.owner, dport=public, rule = Rule(direction='1', owner=self.owner, dport=public,
proto=proto, nat=True, accept=True, r_type="host", proto=proto, nat=False, accept=True, r_type="host", host=self,
nat_dport=private, host=self, foreign_network=VlanGroup. foreign_network=VlanGroup.objects.get(name=settings["default_vlangroup"]))
objects.get(name=settings["default_vlangroup"]))
rule.full_clean() rule.full_clean()
rule.save() rule.save()
def del_port(self, proto, public): def del_port(self, proto, public):
self.rules.filter(owner=self.owner, proto=proto, nat=True, self.rules.filter(owner=self.owner, proto=proto, host=self,
dport=public).delete() dport=public).delete()
def list_ports(self): def list_ports(self):
retval = [] retval = []
for rule in self.rules.filter(owner=self.owner, nat=True): for rule in self.rules.filter(owner=self.owner):
retval.append({'proto': rule.proto, 'public': rule.dport, retval.append({'proto': rule.proto, 'public': rule.dport,
'private': rule.nat_dport}) 'private': rule.nat_dport})
return retval return retval
......
one/models.py
...@@ -224,7 +224,7 @@ class Disk(models.Model): ...@@ -224,7 +224,7 @@ class Disk(models.Model):
return u"%s (#%d)" % (self.name, self.id) return u"%s (#%d)" % (self.name, self.id)
@staticmethod @staticmethod
def update(): def update(delete=True):
"""Get and register virtual disks from OpenNebula.""" """Get and register virtual disks from OpenNebula."""
import subprocess import subprocess
proc = subprocess.Popen(["/opt/occi.sh", "storage", "list"], proc = subprocess.Popen(["/opt/occi.sh", "storage", "list"],
...@@ -244,7 +244,8 @@ class Disk(models.Model): ...@@ -244,7 +244,8 @@ class Disk(models.Model):
except: except:
Disk(id=id, name=name).save() Disk(id=id, name=name).save()
l.append(id) l.append(id)
Disk.objects.exclude(id__in=l).delete() if delete:
Disk.objects.exclude(id__in=l).delete()
class Network(models.Model): class Network(models.Model):
"""Virtual networks automatically synchronized with OpenNebula.""" """Virtual networks automatically synchronized with OpenNebula."""
...@@ -262,7 +263,7 @@ class Network(models.Model): ...@@ -262,7 +263,7 @@ class Network(models.Model):
return self.name return self.name
@staticmethod @staticmethod
def update(delete=True): def update():
"""Get and register virtual networks from OpenNebula.""" """Get and register virtual networks from OpenNebula."""
import subprocess import subprocess
proc = subprocess.Popen(["/opt/occi.sh", "network", "list"], proc = subprocess.Popen(["/opt/occi.sh", "network", "list"],
...@@ -282,8 +283,7 @@ class Network(models.Model): ...@@ -282,8 +283,7 @@ class Network(models.Model):
except: except:
Network(id=id, name=name).save() Network(id=id, name=name).save()
l.append(id) l.append(id)
if delete: Network.objects.exclude(id__in=l).delete()
Network.objects.exclude(id__in=l).delete()
class InstanceType(models.Model): class InstanceType(models.Model):
...@@ -413,9 +413,9 @@ class Instance(models.Model): ...@@ -413,9 +413,9 @@ class Instance(models.Model):
def get_connect_host(self): def get_connect_host(self):
"""Get public hostname.""" """Get public hostname."""
if self.template.network.nat: if self.template.network.nat:
return 'cloud' return self.firewall_host.pub_ipv4
else: else:
return self.ip return self.firewall_host.ipv4
def get_connect_uri(self): def get_connect_uri(self):
"""Get access parameters in URI format.""" """Get access parameters in URI format."""
...@@ -428,7 +428,7 @@ class Instance(models.Model): ...@@ -428,7 +428,7 @@ class Instance(models.Model):
pw = self.pw pw = self.pw
return ("%(proto)s:cloud:%(pw)s:%(host)s:%(port)d" % return ("%(proto)s:cloud:%(pw)s:%(host)s:%(port)d" %
{"port": port, "proto": proto, "pw": pw, {"port": port, "proto": proto, "pw": pw,
"host": self.firewall_host.pub_ipv4}) "host": host})
except: except:
return return
...@@ -541,11 +541,13 @@ class Instance(models.Model): ...@@ -541,11 +541,13 @@ class Instance(models.Model):
inst.save() inst.save()
inst.update_state() inst.update_state()
host = Host(vlan=Vlan.objects.get(name=template.network.name), host = Host(vlan=Vlan.objects.get(name=template.network.name),
owner=owner, shared_ip=True) owner=owner)
host.hostname = hostname host.hostname = hostname
host.mac = x.getElementsByTagName("MAC")[0].childNodes[0].nodeValue host.mac = x.getElementsByTagName("MAC")[0].childNodes[0].nodeValue
host.ipv4 = inst.ip host.ipv4 = inst.ip
host.pub_ipv4 = Vlan.objects.get(name=template.network.name).snat_ip if inst.template.network.nat:
host.pub_ipv4 = Vlan.objects.get(name=template.network.name).snat_ip
host.shared_ip = True
host.ipv6 = "auto" host.ipv6 = "auto"
try: try:
host.save() host.save()
......
one/templates/show.html
...@@ -113,13 +113,13 @@ ...@@ -113,13 +113,13 @@
<tr> <tr>
<th>{% trans "Protocol" %}</th> <th>{% trans "Protocol" %}</th>
<th>{% trans "Public port" %}</th> <th>{% trans "Public port" %}</th>
<th colspan="2">{% trans "Private port" %}</th> {% if i.template.network.nat %}<th colspan="2">{% trans "Private port" %}</th>{%endif%}
</tr> </tr>
{% for port in ports %} {% for port in ports %}
<tr> <tr>
<td>{{port.proto}}</td> <td>{{port.proto}}</td>
<td>{{port.public}}</td> <td>{{port.public}}</td>
<td>{{port.private}}</td> {% if i.template.network.nat %}<td>{{port.private}}</td>{%endif%}
<td> <td>
<a href="/vm/port_del/{{i.id}}/{{port.proto}}/{{port.public}}/">{% trans "Delete" %}</a> <a href="/vm/port_del/{{i.id}}/{{port.proto}}/{{port.public}}/">{% trans "Delete" %}</a>
</td> </td>
...@@ -135,9 +135,11 @@ ...@@ -135,9 +135,11 @@
<td> <td>
<input style="min-width:70px;width:70px;" type="text" name="public"/> <input style="min-width:70px;width:70px;" type="text" name="public"/>
</td> </td>
{% if i.template.network.nat %}
<td> <td>
<input style="min-width:70px;width:70px;" type="text" name="private"/> <input style="min-width:70px;width:70px;" type="text" name="private"/>
</td> </td>
{% endif %}
<td> <td>
<input type="submit" style="min-width:3em" value="{% trans "Add" %}" /> <input type="submit" style="min-width:3em" value="{% trans "Add" %}" />
</td> </td>
......
one/templates/vm-credentials.html
...@@ -35,7 +35,7 @@ ...@@ -35,7 +35,7 @@
</tr> </tr>
<tr> <tr>
<th>{% trans "IP" %}:</th> <th>{% trans "IP" %}:</th>
<td>{{ i.firewall_host.pub_ipv4 }}</td> <td>{{ i.get_connect_host }}</td>
</tr> </tr>
<tr> <tr>
<th>{% trans "Port" %}:</th> <th>{% trans "Port" %}:</th>
......
one/views.py
...@@ -342,7 +342,11 @@ class VmPortAddView(View): ...@@ -342,7 +342,11 @@ class VmPortAddView(View):
if public >= 22000 and public < 24000: if public >= 22000 and public < 24000:
raise ValidationError(_("Port number is in a restricted domain (22000 to 24000).")) raise ValidationError(_("Port number is in a restricted domain (22000 to 24000)."))
inst = get_object_or_404(Instance, id=iid, owner=request.user) inst = get_object_or_404(Instance, id=iid, owner=request.user)
inst.firewall_host.add_port(proto=request.POST['proto'], public=public, private=int(request.POST['private'])) if inst.template.network.nat:
private = private=int(request.POST['private'])
else:
private = 0
inst.firewall_host.add_port(proto=request.POST['proto'], public=public, private=private)
messages.success(request, _(u"Port %d successfully added.") % public) messages.success(request, _(u"Port %d successfully added.") % public)
except: except:
messages.error(request, _(u"Adding port failed.")) messages.error(request, _(u"Adding port failed."))
...@@ -361,7 +365,7 @@ def vm_port_del(request, iid, proto, public): ...@@ -361,7 +365,7 @@ def vm_port_del(request, iid, proto, public):
inst = get_object_or_404(Instance, id=iid, owner=request.user) inst = get_object_or_404(Instance, id=iid, owner=request.user)
try: try:
inst.firewall_host.del_port(proto=proto, public=public) inst.firewall_host.del_port(proto=proto, public=public)
messages.success(request, _(u"Port %d successfully removed.") % public) messages.success(request, _(u"Port %s successfully removed.") % public)
except: except:
messages.error(request, _(u"Removing port failed.")) messages.error(request, _(u"Removing port failed."))
return redirect('/vm/show/%d/' % int(iid)) return redirect('/vm/show/%d/' % int(iid))
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment