enh: port forward settings

37f7acad · Őry Máté · f1626621 · 37f7acad · 37f7acad · 37f7acad
Commit 37f7acad authored Jan 02, 2013 by Őry Máté
Hide whitespace changes
Inline Side-by-side

Showing with 75 additions and 25 deletions

cloud/urls.py
+2 -0

firewall/models.py
+11 -10

firewall/views.py
+3 -9

one/models.py
+3 -3

one/templates/show.html
+19 -3

one/views.py
+37 -0

No files found.
--- a/cloud/urls.py
+++ b/cloud/urls.py
@@ -15,6 +15,8 @@ urlpatterns = patterns('',
     url(r'^vm/new/(?P<template>\d+)/$', 'one.views.vm_new', name='vm_new'),
     url(r'^vm/show/(?P<iid>\d+)/$', 'one.views.vm_show', name='vm_show'),
     url(r'^vm/delete/(?P<iid>\d+)/$', 'one.views.vm_delete', name='vm_delete'),
+     url(r'^vm/port_add/(?P<iid>\d+)/$', 'one.views.vm_port_add', name='vm_port_add'),
+     url(r'^vm/port_del/(?P<iid>\d+)/(?P<proto>tcp|udp)/(?P<public>\d+)/$', 'one.views.vm_port_del', name='vm_port_del'),
     url(r'^reload/$', 'firewall.views.reload_firewall', name='reload_firewall'),
     url(r'^fwapi/$', 'firewall.views.firewall_api', name='firewall_api'),
 )
--- a/firewall/models.py
+++ b/firewall/models.py
@@ -115,14 +115,13 @@ class Host(models.Model):
 		retval.append(str(rl))
 	return ', '.join(retval)
-    def EnableNet(self):
+    def enable_net(self):
-	rule = Rule(direction=False, owner=self.owner, description="%s netezhet" % (self.hostname), accept=True, r_type="host")
+	self.groups.add(Group.objects.get(name="netezhet"))
-	rule.save()
-	rule.vlan.add(Vlan.objects.get(name="PUB"))
-	self.rules.add(rule)
-    def AddPort(self, proto, public, private):
+    def add_port(self, proto, public, private):
 	proto = "tcp" if (proto == "tcp") else "udp"
+        if public < 1024: 
+        	raise ValidationError("Csak az 1024 feletti portok hasznalhatok")
 	for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
 		if host.rules.filter(nat=True, proto=proto, dport=public):
 			raise ValidationError("A %s %s port mar hasznalva" % (proto, public))
@@ -130,21 +129,23 @@ class Host(models.Model):
 	rule.full_clean()
 	rule.save()
 	rule.vlan.add(Vlan.objects.get(name="PUB"))
+	rule.vlan.add(Vlan.objects.get(name="HOT"))
+	rule.vlan.add(Vlan.objects.get(name="LAB"))
 	rule.vlan.add(Vlan.objects.get(name="DMZ"))
 	rule.vlan.add(Vlan.objects.get(name="VM-NET"))
 	rule.vlan.add(Vlan.objects.get(name="WAR"))
 	self.rules.add(rule)
-    def DelPort(self, proto, public):
+    def del_port(self, proto, public):
 	self.rules.filter(owner=self.owner, proto=proto, nat=True, dport=public).delete()
-    def ListPorts(self):
+    def list_ports(self):
 	retval = []
 	for rule in self.rules.filter(owner=self.owner, nat=True):
-		retval.append({'public': rule.dport, 'private': rule.nat_dport})
+		retval.append({'proto': rule.proto, 'public': rule.dport, 'private': rule.nat_dport})
 	return retval
-    def DelRules(self):
+    def del_rules(self):
 	self.rules.filter(owner=self.owner).delete()
 class Firewall(models.Model):

--- a/firewall/views.py
+++ b/firewall/views.py
@@ -44,10 +44,10 @@ def firewall_api(request):
 				host.full_clean()
 				host.save()
-				host.EnableNet()
+				host.enable_net()
 				for p in data["portforward"]:
-					host.AddPort(proto=p["proto"], public=int(p["public_port"]), private=int(p["private_port"]))
+					host.add_port(proto=p["proto"], public=int(p["public_port"]), private=int(p["private_port"]))
 			elif(command == "destroy"):
 				data["owner"] = "opennebula"
@@ -55,7 +55,7 @@ def firewall_api(request):
 				owner = auth.models.User.objects.get(username=data["owner"])
 				host = models.Host.objects.get(hostname=data["hostname"], owner=owner)
-				host.DelRules()
+				host.del_rules()
 				host.delete()
 			else:
 				raise Exception("rossz parancs")
@@ -69,12 +69,6 @@ def firewall_api(request):
 		return HttpResponse(u"ok");
-	host = models.Host.objects.get(hostname="id-298-ubuntu-teszt2")
-	print host.ListPorts()
-	try:
-		host.AddPort("udp", 31337, 3133)
-	except:
-		host.DelPort("udp", 31337)
 	return HttpResponse(u"ez kerlek egy api lesz!\n");
--- a/one/models.py
+++ b/one/models.py
@@ -325,8 +325,8 @@ class Instance(models.Model):
        host.pub_ipv4 = "152.66.243.161"
        host.full_clean()
        host.save()
-        host.EnableNet()
+        host.enable_net()
-        host.AddPort("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
+        host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
        inst.firewall_host=host
        inst.save()
        reload_firewall_lock()
@@ -336,7 +336,7 @@ class Instance(models.Model):
        proc = subprocess.Popen(["/opt/occi.sh", "compute",
               "delete", "%d"%self.one_id], stdout=subprocess.PIPE)
        (out, err) = proc.communicate()
-        self.firewall_host.DelRules()
+        self.firewall_host.del_rules()
        self.firewall_host.delete()
        reload_firewall_lock()

--- a/one/templates/show.html
+++ b/one/templates/show.html
@@ -70,14 +70,30 @@
            <h2>Bejelentkezési adatok</h2>
            <div class="content">
 		<table><tr><th>Protokoll:</th><td>{{i.template.access_type|upper}}</td></tr>
-		       <tr><th>Gépnév:</th><td>cloud.ik.bme.hu</td></tr>
+		       <tr><th>IP:</th><td>{{ i.firewall_host.pub_ipv4}}</td></tr>
-                       <tr><th>Port:</th><td>{{ i.get_port}}
+                       <tr><th>Port:</th><td>{{ i.get_port}}</td></tr>
-</td></tr>
                       <tr><th>Felhasználónév:</th><td>cloud</td></tr>
                       <tr><th>Jelszó:</th><td>{{ i.pw }}</td></tr>
 		</table>
            </div>
        </div>
+        <div class="contentblock" id="state">
+            <h2>Portok kezelése</h2>
+            <div class="content">
+                <form action="{% url vm_port_add i.id %}" method="post">
+		{% csrf_token %}
+                <table><tr><th>Protokoll</th><th>Külső port</th><th>Belső port</th></tr>
+                {% for port in ports %}
+                       <tr><td>{{port.proto}}</td><td>{{port.public}}</td><td>{{port.private}}</td><td><a href="/vm/port_del/{{i.id}}/{{port.proto}}/{{port.public}}/">Törlés</a></td></tr>
+                {% endfor %}
+		       <tr><td><select style="min-width:50px;" name=proto><option value="tcp">tcp</option><option value="udp">udp</option></select></td>
+                           <td><input style="min-width:70px;width:70px;" type="text" name="public"/></td>
+                           <td><input style="min-width:70px;width:70px;" type="text" name="private"/></td>
+		           <td><input type="submit" value="Hozzáadás" /></td></tr>
+                </table>
+                </form>
+            </div>
+        </div>
 </div>
 <div class="boxes">
 	{% include "box-vmlist.html" %}

--- a/one/views.py
+++ b/one/views.py
+# -*- coding: utf8 -*-
 from datetime import datetime
 from django.conf import settings
 from django.contrib.auth.decorators import login_required
@@ -20,6 +21,7 @@ from django.views.decorators.http import *
 from django.views.generic import *
 from one.models import *
 import django.contrib.auth as auth
+from firewall.tasks import *
 class LoginView(View):
    def get(self, request, *args, **kwargs):
@@ -107,8 +109,43 @@ def vm_show(request, iid):
        'instances': _list_instances(request),
        'i': inst,
 	'booting' : not inst.active_since,
+        'ports': inst.firewall_host.list_ports()
        }))
+class VmPortAddView(View):
+    def post(self, request, iid, *args, **kwargs):
+        try:
+            public = int(request.POST['public'])
+            if public >= 22000 and public < 24000:
+                raise ValidationError("a port nem lehet 22000 es 24000 kozott")
+            inst = get_object_or_404(Instance, id=iid, owner=request.user)
+            inst.firewall_host.add_port(proto=request.POST['proto'], public=public, private=int(request.POST['private']))
+            reload_firewall_lock()
+            messages.success(request, _(u"A port hozzáadása sikerült."))
+        except:
+            messages.error(request, _(u"Nem sikerült a kért művelet"))
+#            raise
+        return redirect('/vm/show/%d/' % int(iid))
+    def get(self, request, iid, *args, **kwargs):
+        return redirect('/')
+vm_port_add = login_required(VmPortAddView.as_view())
+@require_safe
+@login_required
+@require_GET
+def vm_port_del(request, iid, proto, public):
+    inst = get_object_or_404(Instance, id=iid, owner=request.user)
+    try:
+        inst.firewall_host.del_port(proto=proto, public=public)
+        reload_firewall_lock()
+        messages.success(request, _(u"A port törlése sikerült."))
+    except:
+        messages.error(request, _(u"Nem sikerült a kért művelet"))
+    return redirect('/vm/show/%d/' % int(iid))
 class VmDeleteView(View):
    def post(self, request, iid, *args, **kwargs):
        try: