Merge branch 'master' of ssh://giccero.cloud.ik.bme.hu/cloud

firewall/admin.py

 from django.contrib import admin
 from firewall.models import *
+from django import contrib
 
 
+class AliasInline(contrib.admin.TabularInline):
+    model = Alias
+
 class HostAdmin(admin.ModelAdmin):
     list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description', 'reverse')
-    ordering = ('hostname',)
+    ordering = ('hostname', )
     list_filter = ('owner', 'vlan', 'groups')
     search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
-    filter_horizontal = ('groups', 'rules',)
+    filter_horizontal = ('groups', 'rules', )
+    inlines = (AliasInline, )
+
+class HostInline(contrib.admin.TabularInline):
+    model = Host
+    fields = ('hostname', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'reverse')
 
 class VlanAdmin(admin.ModelAdmin):
     list_display = ('vid', 'name', 'rules_l', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', 'description', 'domain', 'snat_ip', 'snat_to_l')
-    ordering = ('vid',)
+    ordering = ('vid', )
+    inlines = (HostInline, )
 
 class RuleAdmin(admin.ModelAdmin):
     list_display = ('r_type', 'color_desc', 'description', 'vlan_l', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport')
     list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat')
 
 class AliasAdmin(admin.ModelAdmin):
-        list_display = ('alias', 'host')
+    list_display = ('alias', 'host')
+
+class SettingAdmin(admin.ModelAdmin):
+    list_display = ('key', 'value')
 
 
 admin.site.register(Host, HostAdmin)
 admin.site.register(Vlan, VlanAdmin)
 admin.site.register(Rule, RuleAdmin)
 admin.site.register(Alias, AliasAdmin)
+admin.site.register(Setting, SettingAdmin)
 admin.site.register(Group)
 admin.site.register(Firewall)
-

firewall/fw.py

 from django.contrib import auth
 from firewall import models
+from modeldict import *
 import os
 
 import subprocess
 import re
-DNS_SERVER = "152.66.243.60"
+import json
 
 
 class firewall:
@@ -291,6 +292,12 @@ def ipv6_to_octal(ipv6):
             octets.append(int(part[2:], 16))
     return '\\' + '\\'.join(['%03o' % x for x in octets])
 
+def ipv4_to_arpa(ipv4, cname=False):
+    m2 = re.search(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$', ipv4)
+    if(cname):
+        return "%s.dns1.%s.%s.%s.in-addr.arpa" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1))
+    else:
+        return "%s.%s.%s.%s.in-addr.arpa" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1))
 
 def ipv6_to_arpa(ipv6):
     while len(ipv6.split(':')) < 8:
@@ -310,52 +317,65 @@ def ipv6_to_arpa(ipv6):
 
 
 
+# =fqdn:ip:ttl          A, PTR
+# &fqdn:ip:x:ttl        NS
+# ZfqdnSOA
+# +fqdn:ip:ttl          A
+# ^                     PTR
+# C                     CNAME
+# :                     generic
+
 def dns():
     vlans = models.Vlan.objects.all()
     regex = re.compile(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$')
     DNS = []
-    DNS.append("=cloud.ik.bme.hu:152.66.243.98:600::\n")
-    DNS.append(":cloud.ik.bme.hu:28:\040\001\007\070\040\001\100\061\000\002\000\000\000\007\000\000:600\n")
-# tarokkknak
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (75, 243, 66, 152, "se.hpc.iit.bme.hu"))
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (76, 243, 66, 152, "ce.hpc.iit.bme.hu"))
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (77, 243, 66, 152, "mon.hpc.iit.bme.hu"))
-    DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (62, 243, 66, 152, "r.cloud.ik.bme.hu"))
-    DNS.append("=r.cloud.ik.bme.hu:152.66.243.62:600::\n")
+    DNS.append("=cloud.ik.bme.hu:152.66.243.98:600::")
+    DNS.append(":cloud.ik.bme.hu:28:\040\001\007\070\040\001\100\061\000\002\000\000\000\007\000\000:600")
+    DNS.append("=r.cloud.ik.bme.hu:152.66.243.62:600::")
 
 
-    DNS.append("Z1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n") # soa
-    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::dns1.ik.bme.hu:600::\n")      # ns rekord
-    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::nic.bme.hu:600::\n")      # ns rekord
-#   DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::ns.bme.hu:600::\n")      # ns rekord
+    DNS.append("Z1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600") # soa
+    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::dns1.ik.bme.hu:600::")      # ns rekord
+    DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::nic.bme.hu:600::")      # ns rekord
 
     for i_vlan in vlans:
         m = regex.search(i_vlan.net4)
         if(i_vlan.name != "DMZ" and i_vlan.name != "PUB"):
-            DNS.append("Z%s.%s.in-addr.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % (m.group(2), m.group(1)))
-            DNS.append("&%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(2), m.group(1)))
-            DNS.append("Z%s:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % i_vlan.domain)
-            DNS.append("&%s::dns1.ik.bme.hu:600::\n" % i_vlan.domain)
+            DNS.append("Z%s.%s.in-addr.arpa:%s:support.ik.bme.hu::::::%s" % (m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
+            DNS.append("&%s.%s.in-addr.arpa::%s:%s:" % (m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
+            DNS.append("Z%s:%s:support.ik.bme.hu::::::%s" % (i_vlan.domain, models.settings['dns_hostname'], models.settings['dns_ttl']))
+            DNS.append("&%s::%s:%s" % (i_vlan.domain, models.settings['dns_hostname'], models.settings['dns_ttl']))
             if(i_vlan.name == "WAR"):
-                DNS.append("Zdns1.%s.%s.%s.in-addr.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % (m.group(3), m.group(2), m.group(1)))
-                DNS.append("&dns1.%s.%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(3), m.group(2), m.group(1)))
+                DNS.append("Zdns1.%s.%s.%s.in-addr.arpa:%s:support.ik.bme.hu::::::%s" % (m.group(3), m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
+                DNS.append("&dns1.%s.%s.%s.in-addr.arpa::%s:%s::" % (m.group(3), m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
         for i_host in i_vlan.host_set.all():
             ipv4 = ( i_host.pub_ipv4 if i_host.pub_ipv4 and not i_host.shared_ip else i_host.ipv4 )
-            m2 = regex.search(ipv4)
+            reverse = i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain
+            hostname = i_host.hostname + u'.' + i_vlan.domain
+
             # ipv4
-            DNS.append("+%s:%s:600::\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv4))
-            DNS.append("^%s.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
-            DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
+            if i_host.ipv4:
+                # A record
+                DNS.append("+%s:%s:%s" % (hostname, ipv4, models.settings['dns_ttl']))
+                # PTR record 4.3.2.1.in-addr.arpa
+                DNS.append("^%s:%s:%s" % (ipv4_to_arpa(i_host.ipv4), reverse, models.settings['dns_ttl']))
+                # PTR record 4.dns1.3.2.1.in-addr.arpa
+                DNS.append("^%s:%s:%s" % (ipv4_to_arpa(i_host.ipv4, cname=True), reverse, models.settings['dns_ttl']))
+
             # ipv6
             if i_host.ipv6:
-                DNS.append(":%s:28:%s:600\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv6_to_octal(i_host.ipv6)))
-                DNS.append("^%s:%s:600::\n" % (ipv6_to_arpa(i_host.ipv6), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain))
+                # AAAA record
+                DNS.append(":%s:28:%s:%s" % (hostname, ipv6_to_octal(i_host.ipv6), models.settings['dns_ttl']))
+                # PTR record
+                DNS.append("^%s:%s:%s" % (ipv6_to_arpa(i_host.ipv6), reverse, models.settings['dns_ttl']))
+
             # cname
             for i_alias in i_host.alias_set.all():
-                DNS.append("C%s:%s.%s:600\n" % (i_alias.alias, i_host.hostname, i_vlan.domain))
+                DNS.append("C%s:%s:%s" % (i_alias.alias, hostname, models.settings['dns_ttl']))
 
-    process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % DNS_SERVER], shell=False, stdin=subprocess.PIPE)
+    process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % models.settings['dns_hostname']], shell=False, stdin=subprocess.PIPE)
     process.communicate("\n".join(DNS)+"\n")
+    # print "\n".join(DNS)+"\n"
 
 
 def prefix_to_mask(prefix):
@@ -396,7 +416,7 @@ def dhcp():
                     'domain': i_vlan.domain,
                     'router': i_vlan.ipv4,
                     'ntp': i_vlan.ipv4,
-                    'dnsserver': DNS_SERVER,
+                    'dnsserver': models.settings['rdns_ip'],
                     'extra': "range %s" % i_vlan.dhcp_pool if m else "deny unknown-clients",
                     'interface': i_vlan.interface,
                     'name': i_vlan.name,

firewall/models.py

@@ -7,6 +7,13 @@ from django.utils.translation import ugettext_lazy as _
 from firewall.fields import *
 from south.modelsinspector import add_introspection_rules
 from django.core.validators import MinValueValidator, MaxValueValidator
+from modeldict import ModelDict
+
+class Setting(models.Model):
+    key = models.CharField(max_length=32)
+    value = models.CharField(max_length=200)
+
+settings = ModelDict(Setting, key='key', value='value', instances=False)
 
 class Rule(models.Model):
     CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan'))

firewall/tasks.py

@@ -3,7 +3,7 @@ from django.core.cache import cache
 import os
 import time
 from firewall.fw import *
-
+from firewall.models import settings
 
 def reload_firewall_lock():
     acquire_lock = lambda: cache.add("reload_lock1", "true", 9)
@@ -25,7 +25,11 @@ class ReloadTask(Task):
             return
 
         print "indul"
-        time.sleep(10)
+        try:
+            sleep = float(settings['reload_sleep'])
+        except:
+            sleep = 10
+        time.sleep(sleep)
 
         try:
             print "ipv4"

miscellaneous/devenv/boot_url.py

+#!/usr/bin/python
+
+import base64
+import xmltodict
+import urllib2
+import sys
+
+xml = base64.b64decode(sys.argv[1])
+data = xmltodict.parse(xml)
+try:
+    booturl = data["VM"]["TEMPLATE"]["CONTEXT"]["BOOTURL"]
+except:
+    print 'Error'
+req=urllib2.Request(booturl)
+response = urllib2.urlopen(req)
+

miscellaneous/devenv/clean.sh

+#!/bin/bash
+
+
+if [ "$1" != -f ]
+then
+    echo 'Clear ALL PRIVATE DATA ON THE VM. This is used for praparing VM template.'
+    echo -- '-f switch is required.'
+    exit 1
+fi
+
+
+rm -rf /opt/webadmin/cloud*
+rm .bash_history
+rm -f ~/.gitconfig
+mysql <<A
+DROP USER webadmin@localhost;
+A
+mysql <<A
+DROP DATABASE webadmin;
+A
+
+sudo chpasswd <<<'cloud:ezmiez'

miscellaneous/devenv/init.sh

+#!/bin/bash
+
+if [ -z "$SSH_AUTH_SOCK" ]
+then
+        cat <<A
+        Use SSH authentication agent forwarding ("ssh -A cloud@host").
+        On the client side you can use "ssh-add [filename]" to let the agent know more keys.
+        In .ssh/config you can also use "ForwardAgent yes" setting.
+A
+        exit 1
+fi
+
+
+if ! git config user.name
+then
+        echo -n "Your name: "
+        read NAME
+        git config --global user.name "$NAME"
+fi
+
+
+
+mysql <<A
+DROP USER webadmin@localhost;
+A
+mysql <<A
+DROP DATABASE webadmin;
+A
+
+set -e
+
+mysql <<A
+CREATE USER webadmin@localhost IDENTIFIED BY 'asjklddfjklqjf';
+CREATE DATABASE webadmin CHARACTER SET utf8 COLLATE utf8_general_ci;
+GRANT ALL ON webadmin.* TO webadmin@localhost;
+A
+
+
+cd /opt/webadmin/
+mv cloud cloud.$(date +%s) || true
+
+
+git clone 'ssh://git@giccero.cloud.ik.bme.hu/cloud'
+
+cd cloud
+./manage.py syncdb --noinput
+./manage.py migrate
+./manage.py createsuperuser --email=cloud@ik.bme.hu
+./manage.py loaddata /home/cloud/user.yaml 2>/dev/null || true
+./manage.py loaddata /home/cloud/fw.yaml
+./manage.py loaddata /home/cloud/one.yaml
+./manage.py update

miscellaneous/devenv/one.yaml

+- fields: {name: wifi, nat: true, public: false}
+  model: one.network
+  pk: 1
+- fields: {CPU: 1, RAM: 102, name: small}
+  model: one.instancetype
+  pk: 1
+- fields: {access_type: ssh, created_at: !!timestamp '2013-01-24 23:06:00+00:00', disk: 1, instance_type: 1, name: tty, network: 1, owner: 1}
+  model: one.template
+  pk: 1
+- fields: {name: Copy of ttylinux - kvm}
+  model: one.disk
+  pk: 1
+- fields:
+    comment: ''
+    description: ''
+    dhcp_pool: manual
+    domain: wifi.ik.bme.hu
+    interface: fake
+    ipv4: 192.168.255.254
+    ipv6: 2001:738:2001:4031:168:255:254:0
+    name: 'wifi'
+    net4: 192.168.0.0
+    net6: '2001:738:2001:4031:168::'
+    prefix4: 16
+    prefix6: 80
+    snat_ip: 152.66.243.160
+    snat_to: [4, 7]
+    vid: 168
+  model: firewall.vlan
+  pk: 168

miscellaneous/devenv/user.yaml

+- fields:
+    date_joined: 2012-11-27 10:33:20+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: true
+    is_superuser: false
+    last_login: 2013-01-14 21:41:28+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$nKZoYcdY1hCp$EUltsuHxLC4hYDMjh0P/3JCqZshnrvYTZpQDcotqjns=
+    user_permissions: []
+    username: bd
+  model: auth.user
+  pk: 2
+- fields:
+    date_joined: 2012-11-27 10:40:57+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: false
+    is_superuser: false
+    last_login: 2012-11-27 10:40:57+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$yQSOV0aqQyKoM$YryBbUnvH8pc3+OcpU6CoxPfxA+H/+s5LIRgKKbtrA=
+    user_permissions: []
+    username: mate
+  model: auth.user
+  pk: 3
+- fields:
+    date_joined: 2012-11-27 10:41:08+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: false
+    is_superuser: false
+    last_login: 2012-11-27 10:41:08+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$aDfLP2f50s9$/J3We6Rbgx5karvbK/xRcGJVPpQHKlPnGSxHMYl7/AgU=
+    user_permissions: []
+    username: tarokkk
+  model: auth.user
+  pk: 4
+- fields:
+    date_joined: 2012-12-23 18:57:31+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: false
+    is_superuser: false
+    last_login: 2012-12-23 18:57:31+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$fJrZiQ78vfDi$obQ8lqeEbWu1gJkUohGaL2VXDB+zHuc7qzrWwmDKye4=
+    user_permissions: []
+    username: opennebula
+  model: auth.user
+  pk: 5
+- fields:
+    date_joined: 2013-01-14 15:01:51+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: true
+    is_superuser: true
+    last_login: 2013-01-14 15:07:27+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$PxbeA5QOMTNr$hxUBeBD9yU7Gmu75+drJoqgpHFeYtop0w5ovx978Ec8=
+    user_permissions: []
+    username: lennon
+  model: auth.user
+  pk: 6
+- fields:
+    date_joined: 2013-01-16 12:36:01+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: true
+    is_superuser: true
+    last_login: 2013-01-22 15:21:22+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$gx04X6OpW8kW$iCU3cuhqQcvq7I8tRVkrnES03ty/3vqN8ou4xZgfPBQ=
+    user_permissions: []
+    username: test
+  model: auth.user
+  pk: 7
+- fields:
+    date_joined: 2013-01-21 18:07:32+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: true
+    is_superuser: true
+    last_login: 2013-01-21 18:08:27+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$1ckVZD48XFt8$7vj20S4x33KDRP/y02PKm8is9zf1FoLHJQ+xf1zhKzw=
+    user_permissions: []
+    username: test23
+  model: auth.user
+  pk: 9
+- fields:
+    date_joined: 2013-01-21 18:11:21+00:00
+    email: ''
+    first_name: ''
+    groups: []
+    is_active: true
+    is_staff: true
+    is_superuser: true
+    last_login: 2013-01-22 00:09:01+00:00
+    last_name: ''
+    password: pbkdf2_sha256$10000$9gr7ctlRFCS8$A3Ex+7gs0OVU+SzZNvijisjvCQjBT6l0Tl3dGCQ5UEs=
+    user_permissions: []
+    username: test77
+  model: auth.user
+  pk: 10
+- fields:
+    date_joined: 2013-01-22 23:03:18+00:00
+    email: orymate@gmail.com
+    first_name: "M\xE1t\xE9"
+    groups: []
+    is_active: true
+    is_staff: false
+    is_superuser: false
+    last_login: 2013-01-23 22:12:20+00:00
+    last_name: "\u0150ry"
+    password: '!'
+    user_permissions: []
+    username: K2JL24
+  model: auth.user
+  pk: 11
+- fields:
+    date_joined: 2013-01-23 08:49:10+00:00
+    email: bd@doszgep.hu
+    first_name: "D\xE1niel"
+    groups: []
+    is_active: true
+    is_staff: false
+    is_superuser: false
+    last_login: 2013-01-23 11:30:27+00:00
+    last_name: Bach
+    password: '!'
+    user_permissions: []
+    username: JI1M92
+  model: auth.user
+  pk: 12
+- fields:
+    date_joined: 2013-01-23 13:37:22+00:00
+    email: gubasanyi@gmail.com
+    first_name: "S\xE1ndor"
+    groups: []
+    is_active: true
+    is_staff: false
+    is_superuser: false
+    last_login: 2013-01-24 21:40:05+00:00
+    last_name: Guba
+    password: '!'
+    user_permissions: []
+    username: TFDAZ6
+  model: auth.user
+  pk: 13
+- fields:
+    date_joined: 2013-01-23 15:04:46+00:00
+    email: madbence@gmail.com
+    first_name: Bence
+    groups: []
+    is_active: true
+    is_staff: false
+    is_superuser: false
+    last_login: 2013-01-23 15:04:46+00:00
+    last_name: "D\xE1nyi"
+    password: '!'
+    user_permissions: []
+    username: K7YLW5
+  model: auth.user
+  pk: 14