Commit 37f7acad by Őry Máté

enh: port forward settings

parent f1626621
...@@ -15,6 +15,8 @@ urlpatterns = patterns('', ...@@ -15,6 +15,8 @@ urlpatterns = patterns('',
url(r'^vm/new/(?P<template>\d+)/$', 'one.views.vm_new', name='vm_new'), url(r'^vm/new/(?P<template>\d+)/$', 'one.views.vm_new', name='vm_new'),
url(r'^vm/show/(?P<iid>\d+)/$', 'one.views.vm_show', name='vm_show'), url(r'^vm/show/(?P<iid>\d+)/$', 'one.views.vm_show', name='vm_show'),
url(r'^vm/delete/(?P<iid>\d+)/$', 'one.views.vm_delete', name='vm_delete'), url(r'^vm/delete/(?P<iid>\d+)/$', 'one.views.vm_delete', name='vm_delete'),
url(r'^vm/port_add/(?P<iid>\d+)/$', 'one.views.vm_port_add', name='vm_port_add'),
url(r'^vm/port_del/(?P<iid>\d+)/(?P<proto>tcp|udp)/(?P<public>\d+)/$', 'one.views.vm_port_del', name='vm_port_del'),
url(r'^reload/$', 'firewall.views.reload_firewall', name='reload_firewall'), url(r'^reload/$', 'firewall.views.reload_firewall', name='reload_firewall'),
url(r'^fwapi/$', 'firewall.views.firewall_api', name='firewall_api'), url(r'^fwapi/$', 'firewall.views.firewall_api', name='firewall_api'),
) )
...@@ -115,14 +115,13 @@ class Host(models.Model): ...@@ -115,14 +115,13 @@ class Host(models.Model):
retval.append(str(rl)) retval.append(str(rl))
return ', '.join(retval) return ', '.join(retval)
def EnableNet(self): def enable_net(self):
rule = Rule(direction=False, owner=self.owner, description="%s netezhet" % (self.hostname), accept=True, r_type="host") self.groups.add(Group.objects.get(name="netezhet"))
rule.save()
rule.vlan.add(Vlan.objects.get(name="PUB"))
self.rules.add(rule)
def AddPort(self, proto, public, private): def add_port(self, proto, public, private):
proto = "tcp" if (proto == "tcp") else "udp" proto = "tcp" if (proto == "tcp") else "udp"
if public < 1024:
raise ValidationError("Csak az 1024 feletti portok hasznalhatok")
for host in Host.objects.filter(pub_ipv4=self.pub_ipv4): for host in Host.objects.filter(pub_ipv4=self.pub_ipv4):
if host.rules.filter(nat=True, proto=proto, dport=public): if host.rules.filter(nat=True, proto=proto, dport=public):
raise ValidationError("A %s %s port mar hasznalva" % (proto, public)) raise ValidationError("A %s %s port mar hasznalva" % (proto, public))
...@@ -130,21 +129,23 @@ class Host(models.Model): ...@@ -130,21 +129,23 @@ class Host(models.Model):
rule.full_clean() rule.full_clean()
rule.save() rule.save()
rule.vlan.add(Vlan.objects.get(name="PUB")) rule.vlan.add(Vlan.objects.get(name="PUB"))
rule.vlan.add(Vlan.objects.get(name="HOT"))
rule.vlan.add(Vlan.objects.get(name="LAB"))
rule.vlan.add(Vlan.objects.get(name="DMZ")) rule.vlan.add(Vlan.objects.get(name="DMZ"))
rule.vlan.add(Vlan.objects.get(name="VM-NET")) rule.vlan.add(Vlan.objects.get(name="VM-NET"))
rule.vlan.add(Vlan.objects.get(name="WAR")) rule.vlan.add(Vlan.objects.get(name="WAR"))
self.rules.add(rule) self.rules.add(rule)
def DelPort(self, proto, public): def del_port(self, proto, public):
self.rules.filter(owner=self.owner, proto=proto, nat=True, dport=public).delete() self.rules.filter(owner=self.owner, proto=proto, nat=True, dport=public).delete()
def ListPorts(self): def list_ports(self):
retval = [] retval = []
for rule in self.rules.filter(owner=self.owner, nat=True): for rule in self.rules.filter(owner=self.owner, nat=True):
retval.append({'public': rule.dport, 'private': rule.nat_dport}) retval.append({'proto': rule.proto, 'public': rule.dport, 'private': rule.nat_dport})
return retval return retval
def DelRules(self): def del_rules(self):
self.rules.filter(owner=self.owner).delete() self.rules.filter(owner=self.owner).delete()
class Firewall(models.Model): class Firewall(models.Model):
......
...@@ -44,10 +44,10 @@ def firewall_api(request): ...@@ -44,10 +44,10 @@ def firewall_api(request):
host.full_clean() host.full_clean()
host.save() host.save()
host.EnableNet() host.enable_net()
for p in data["portforward"]: for p in data["portforward"]:
host.AddPort(proto=p["proto"], public=int(p["public_port"]), private=int(p["private_port"])) host.add_port(proto=p["proto"], public=int(p["public_port"]), private=int(p["private_port"]))
elif(command == "destroy"): elif(command == "destroy"):
data["owner"] = "opennebula" data["owner"] = "opennebula"
...@@ -55,7 +55,7 @@ def firewall_api(request): ...@@ -55,7 +55,7 @@ def firewall_api(request):
owner = auth.models.User.objects.get(username=data["owner"]) owner = auth.models.User.objects.get(username=data["owner"])
host = models.Host.objects.get(hostname=data["hostname"], owner=owner) host = models.Host.objects.get(hostname=data["hostname"], owner=owner)
host.DelRules() host.del_rules()
host.delete() host.delete()
else: else:
raise Exception("rossz parancs") raise Exception("rossz parancs")
...@@ -69,12 +69,6 @@ def firewall_api(request): ...@@ -69,12 +69,6 @@ def firewall_api(request):
return HttpResponse(u"ok"); return HttpResponse(u"ok");
host = models.Host.objects.get(hostname="id-298-ubuntu-teszt2")
print host.ListPorts()
try:
host.AddPort("udp", 31337, 3133)
except:
host.DelPort("udp", 31337)
return HttpResponse(u"ez kerlek egy api lesz!\n"); return HttpResponse(u"ez kerlek egy api lesz!\n");
...@@ -325,8 +325,8 @@ class Instance(models.Model): ...@@ -325,8 +325,8 @@ class Instance(models.Model):
host.pub_ipv4 = "152.66.243.161" host.pub_ipv4 = "152.66.243.161"
host.full_clean() host.full_clean()
host.save() host.save()
host.EnableNet() host.enable_net()
host.AddPort("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type]) host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
inst.firewall_host=host inst.firewall_host=host
inst.save() inst.save()
reload_firewall_lock() reload_firewall_lock()
...@@ -336,7 +336,7 @@ class Instance(models.Model): ...@@ -336,7 +336,7 @@ class Instance(models.Model):
proc = subprocess.Popen(["/opt/occi.sh", "compute", proc = subprocess.Popen(["/opt/occi.sh", "compute",
"delete", "%d"%self.one_id], stdout=subprocess.PIPE) "delete", "%d"%self.one_id], stdout=subprocess.PIPE)
(out, err) = proc.communicate() (out, err) = proc.communicate()
self.firewall_host.DelRules() self.firewall_host.del_rules()
self.firewall_host.delete() self.firewall_host.delete()
reload_firewall_lock() reload_firewall_lock()
......
...@@ -70,14 +70,30 @@ ...@@ -70,14 +70,30 @@
<h2>Bejelentkezési adatok</h2> <h2>Bejelentkezési adatok</h2>
<div class="content"> <div class="content">
<table><tr><th>Protokoll:</th><td>{{i.template.access_type|upper}}</td></tr> <table><tr><th>Protokoll:</th><td>{{i.template.access_type|upper}}</td></tr>
<tr><th>Gépnév:</th><td>cloud.ik.bme.hu</td></tr> <tr><th>IP:</th><td>{{ i.firewall_host.pub_ipv4}}</td></tr>
<tr><th>Port:</th><td>{{ i.get_port}} <tr><th>Port:</th><td>{{ i.get_port}}</td></tr>
</td></tr>
<tr><th>Felhasználónév:</th><td>cloud</td></tr> <tr><th>Felhasználónév:</th><td>cloud</td></tr>
<tr><th>Jelszó:</th><td>{{ i.pw }}</td></tr> <tr><th>Jelszó:</th><td>{{ i.pw }}</td></tr>
</table> </table>
</div> </div>
</div> </div>
<div class="contentblock" id="state">
<h2>Portok kezelése</h2>
<div class="content">
<form action="{% url vm_port_add i.id %}" method="post">
{% csrf_token %}
<table><tr><th>Protokoll</th><th>Külső port</th><th>Belső port</th></tr>
{% for port in ports %}
<tr><td>{{port.proto}}</td><td>{{port.public}}</td><td>{{port.private}}</td><td><a href="/vm/port_del/{{i.id}}/{{port.proto}}/{{port.public}}/">Törlés</a></td></tr>
{% endfor %}
<tr><td><select style="min-width:50px;" name=proto><option value="tcp">tcp</option><option value="udp">udp</option></select></td>
<td><input style="min-width:70px;width:70px;" type="text" name="public"/></td>
<td><input style="min-width:70px;width:70px;" type="text" name="private"/></td>
<td><input type="submit" value="Hozzáadás" /></td></tr>
</table>
</form>
</div>
</div>
</div> </div>
<div class="boxes"> <div class="boxes">
{% include "box-vmlist.html" %} {% include "box-vmlist.html" %}
......
# -*- coding: utf8 -*-
from datetime import datetime from datetime import datetime
from django.conf import settings from django.conf import settings
from django.contrib.auth.decorators import login_required from django.contrib.auth.decorators import login_required
...@@ -20,6 +21,7 @@ from django.views.decorators.http import * ...@@ -20,6 +21,7 @@ from django.views.decorators.http import *
from django.views.generic import * from django.views.generic import *
from one.models import * from one.models import *
import django.contrib.auth as auth import django.contrib.auth as auth
from firewall.tasks import *
class LoginView(View): class LoginView(View):
def get(self, request, *args, **kwargs): def get(self, request, *args, **kwargs):
...@@ -107,8 +109,43 @@ def vm_show(request, iid): ...@@ -107,8 +109,43 @@ def vm_show(request, iid):
'instances': _list_instances(request), 'instances': _list_instances(request),
'i': inst, 'i': inst,
'booting' : not inst.active_since, 'booting' : not inst.active_since,
'ports': inst.firewall_host.list_ports()
})) }))
class VmPortAddView(View):
def post(self, request, iid, *args, **kwargs):
try:
public = int(request.POST['public'])
if public >= 22000 and public < 24000:
raise ValidationError("a port nem lehet 22000 es 24000 kozott")
inst = get_object_or_404(Instance, id=iid, owner=request.user)
inst.firewall_host.add_port(proto=request.POST['proto'], public=public, private=int(request.POST['private']))
reload_firewall_lock()
messages.success(request, _(u"A port hozzáadása sikerült."))
except:
messages.error(request, _(u"Nem sikerült a kért művelet"))
# raise
return redirect('/vm/show/%d/' % int(iid))
def get(self, request, iid, *args, **kwargs):
return redirect('/')
vm_port_add = login_required(VmPortAddView.as_view())
@require_safe
@login_required
@require_GET
def vm_port_del(request, iid, proto, public):
inst = get_object_or_404(Instance, id=iid, owner=request.user)
try:
inst.firewall_host.del_port(proto=proto, public=public)
reload_firewall_lock()
messages.success(request, _(u"A port törlése sikerült."))
except:
messages.error(request, _(u"Nem sikerült a kért művelet"))
return redirect('/vm/show/%d/' % int(iid))
class VmDeleteView(View): class VmDeleteView(View):
def post(self, request, iid, *args, **kwargs): def post(self, request, iid, *args, **kwargs):
try: try:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment