Commit 469d2175 by x

Merge branch 'master' of ssh://giccero.cloud.ik.bme.hu/cloud

parents ef249bc8 822a14e0
from django.contrib import admin from django.contrib import admin
from firewall.models import * from firewall.models import *
from django import contrib
class AliasInline(contrib.admin.TabularInline):
model = Alias
class HostAdmin(admin.ModelAdmin): class HostAdmin(admin.ModelAdmin):
list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description', 'reverse') list_display = ('hostname', 'vlan', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'groups_l', 'rules_l', 'description', 'reverse')
ordering = ('hostname',) ordering = ('hostname', )
list_filter = ('owner', 'vlan', 'groups') list_filter = ('owner', 'vlan', 'groups')
search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac') search_fields = ('hostname', 'description', 'ipv4', 'ipv6', 'mac')
filter_horizontal = ('groups', 'rules',) filter_horizontal = ('groups', 'rules', )
inlines = (AliasInline, )
class HostInline(contrib.admin.TabularInline):
model = Host
fields = ('hostname', 'ipv4', 'ipv6', 'pub_ipv4', 'mac', 'shared_ip', 'owner', 'reverse')
class VlanAdmin(admin.ModelAdmin): class VlanAdmin(admin.ModelAdmin):
list_display = ('vid', 'name', 'rules_l', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', 'description', 'domain', 'snat_ip', 'snat_to_l') list_display = ('vid', 'name', 'rules_l', 'ipv4', 'net_ipv4', 'ipv6', 'net_ipv6', 'description', 'domain', 'snat_ip', 'snat_to_l')
ordering = ('vid',) ordering = ('vid', )
inlines = (HostInline, )
class RuleAdmin(admin.ModelAdmin): class RuleAdmin(admin.ModelAdmin):
list_display = ('r_type', 'color_desc', 'description', 'vlan_l', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport') list_display = ('r_type', 'color_desc', 'description', 'vlan_l', 'owner', 'extra', 'direction', 'accept', 'proto', 'sport', 'dport', 'nat', 'nat_dport')
list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat') list_filter = ('r_type', 'vlan', 'owner', 'direction', 'accept', 'proto', 'nat')
class AliasAdmin(admin.ModelAdmin): class AliasAdmin(admin.ModelAdmin):
list_display = ('alias', 'host') list_display = ('alias', 'host')
class SettingAdmin(admin.ModelAdmin):
list_display = ('key', 'value')
admin.site.register(Host, HostAdmin) admin.site.register(Host, HostAdmin)
admin.site.register(Vlan, VlanAdmin) admin.site.register(Vlan, VlanAdmin)
admin.site.register(Rule, RuleAdmin) admin.site.register(Rule, RuleAdmin)
admin.site.register(Alias, AliasAdmin) admin.site.register(Alias, AliasAdmin)
admin.site.register(Setting, SettingAdmin)
admin.site.register(Group) admin.site.register(Group)
admin.site.register(Firewall) admin.site.register(Firewall)
from django.contrib import auth from django.contrib import auth
from firewall import models from firewall import models
from modeldict import *
import os import os
import subprocess import subprocess
import re import re
DNS_SERVER = "152.66.243.60" import json
class firewall: class firewall:
...@@ -291,6 +292,12 @@ def ipv6_to_octal(ipv6): ...@@ -291,6 +292,12 @@ def ipv6_to_octal(ipv6):
octets.append(int(part[2:], 16)) octets.append(int(part[2:], 16))
return '\\' + '\\'.join(['%03o' % x for x in octets]) return '\\' + '\\'.join(['%03o' % x for x in octets])
def ipv4_to_arpa(ipv4, cname=False):
m2 = re.search(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$', ipv4)
if(cname):
return "%s.dns1.%s.%s.%s.in-addr.arpa" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1))
else:
return "%s.%s.%s.%s.in-addr.arpa" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1))
def ipv6_to_arpa(ipv6): def ipv6_to_arpa(ipv6):
while len(ipv6.split(':')) < 8: while len(ipv6.split(':')) < 8:
...@@ -310,52 +317,65 @@ def ipv6_to_arpa(ipv6): ...@@ -310,52 +317,65 @@ def ipv6_to_arpa(ipv6):
# =fqdn:ip:ttl A, PTR
# &fqdn:ip:x:ttl NS
# ZfqdnSOA
# +fqdn:ip:ttl A
# ^ PTR
# C CNAME
# : generic
def dns(): def dns():
vlans = models.Vlan.objects.all() vlans = models.Vlan.objects.all()
regex = re.compile(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$') regex = re.compile(r'^([0-9]+)\.([0-9]+)\.([0-9]+)\.([0-9]+)$')
DNS = [] DNS = []
DNS.append("=cloud.ik.bme.hu:152.66.243.98:600::\n") DNS.append("=cloud.ik.bme.hu:152.66.243.98:600::")
DNS.append(":cloud.ik.bme.hu:28:\040\001\007\070\040\001\100\061\000\002\000\000\000\007\000\000:600\n") DNS.append(":cloud.ik.bme.hu:28:\040\001\007\070\040\001\100\061\000\002\000\000\000\007\000\000:600")
# tarokkknak DNS.append("=r.cloud.ik.bme.hu:152.66.243.62:600::")
DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (75, 243, 66, 152, "se.hpc.iit.bme.hu"))
DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (76, 243, 66, 152, "ce.hpc.iit.bme.hu"))
DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (77, 243, 66, 152, "mon.hpc.iit.bme.hu"))
DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (62, 243, 66, 152, "r.cloud.ik.bme.hu"))
DNS.append("=r.cloud.ik.bme.hu:152.66.243.62:600::\n")
DNS.append("Z1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n") # soa DNS.append("Z1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600") # soa
DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::dns1.ik.bme.hu:600::\n") # ns rekord DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::dns1.ik.bme.hu:600::") # ns rekord
DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::nic.bme.hu:600::\n") # ns rekord DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::nic.bme.hu:600::") # ns rekord
# DNS.append("&1.3.0.4.1.0.0.2.8.3.7.0.1.0.0.2.ip6.arpa::ns.bme.hu:600::\n") # ns rekord
for i_vlan in vlans: for i_vlan in vlans:
m = regex.search(i_vlan.net4) m = regex.search(i_vlan.net4)
if(i_vlan.name != "DMZ" and i_vlan.name != "PUB"): if(i_vlan.name != "DMZ" and i_vlan.name != "PUB"):
DNS.append("Z%s.%s.in-addr.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % (m.group(2), m.group(1))) DNS.append("Z%s.%s.in-addr.arpa:%s:support.ik.bme.hu::::::%s" % (m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
DNS.append("&%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(2), m.group(1))) DNS.append("&%s.%s.in-addr.arpa::%s:%s:" % (m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
DNS.append("Z%s:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % i_vlan.domain) DNS.append("Z%s:%s:support.ik.bme.hu::::::%s" % (i_vlan.domain, models.settings['dns_hostname'], models.settings['dns_ttl']))
DNS.append("&%s::dns1.ik.bme.hu:600::\n" % i_vlan.domain) DNS.append("&%s::%s:%s" % (i_vlan.domain, models.settings['dns_hostname'], models.settings['dns_ttl']))
if(i_vlan.name == "WAR"): if(i_vlan.name == "WAR"):
DNS.append("Zdns1.%s.%s.%s.in-addr.arpa:dns1.ik.bme.hu:support.ik.bme.hu::::::600\n" % (m.group(3), m.group(2), m.group(1))) DNS.append("Zdns1.%s.%s.%s.in-addr.arpa:%s:support.ik.bme.hu::::::%s" % (m.group(3), m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
DNS.append("&dns1.%s.%s.%s.in-addr.arpa::dns1.ik.bme.hu:600::\n" % (m.group(3), m.group(2), m.group(1))) DNS.append("&dns1.%s.%s.%s.in-addr.arpa::%s:%s::" % (m.group(3), m.group(2), m.group(1), models.settings['dns_hostname'], models.settings['dns_ttl']))
for i_host in i_vlan.host_set.all(): for i_host in i_vlan.host_set.all():
ipv4 = ( i_host.pub_ipv4 if i_host.pub_ipv4 and not i_host.shared_ip else i_host.ipv4 ) ipv4 = ( i_host.pub_ipv4 if i_host.pub_ipv4 and not i_host.shared_ip else i_host.ipv4 )
m2 = regex.search(ipv4) reverse = i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain
hostname = i_host.hostname + u'.' + i_vlan.domain
# ipv4 # ipv4
DNS.append("+%s:%s:600::\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv4)) if i_host.ipv4:
DNS.append("^%s.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain)) # A record
DNS.append("^%s.dns1.%s.%s.%s.in-addr.arpa:%s:600::\n" % (m2.group(4), m2.group(3), m2.group(2), m2.group(1), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain)) DNS.append("+%s:%s:%s" % (hostname, ipv4, models.settings['dns_ttl']))
# PTR record 4.3.2.1.in-addr.arpa
DNS.append("^%s:%s:%s" % (ipv4_to_arpa(i_host.ipv4), reverse, models.settings['dns_ttl']))
# PTR record 4.dns1.3.2.1.in-addr.arpa
DNS.append("^%s:%s:%s" % (ipv4_to_arpa(i_host.ipv4, cname=True), reverse, models.settings['dns_ttl']))
# ipv6 # ipv6
if i_host.ipv6: if i_host.ipv6:
DNS.append(":%s:28:%s:600\n" % (i_host.hostname + u'.' + i_vlan.domain, ipv6_to_octal(i_host.ipv6))) # AAAA record
DNS.append("^%s:%s:600::\n" % (ipv6_to_arpa(i_host.ipv6), i_host.reverse if(i_host.reverse and len(i_host.reverse)) else i_host.hostname + u'.' + i_vlan.domain)) DNS.append(":%s:28:%s:%s" % (hostname, ipv6_to_octal(i_host.ipv6), models.settings['dns_ttl']))
# PTR record
DNS.append("^%s:%s:%s" % (ipv6_to_arpa(i_host.ipv6), reverse, models.settings['dns_ttl']))
# cname # cname
for i_alias in i_host.alias_set.all(): for i_alias in i_host.alias_set.all():
DNS.append("C%s:%s.%s:600\n" % (i_alias.alias, i_host.hostname, i_vlan.domain)) DNS.append("C%s:%s:%s" % (i_alias.alias, hostname, models.settings['dns_ttl']))
process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % DNS_SERVER], shell=False, stdin=subprocess.PIPE) process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % models.settings['dns_hostname']], shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(DNS)+"\n") process.communicate("\n".join(DNS)+"\n")
# print "\n".join(DNS)+"\n"
def prefix_to_mask(prefix): def prefix_to_mask(prefix):
...@@ -396,7 +416,7 @@ def dhcp(): ...@@ -396,7 +416,7 @@ def dhcp():
'domain': i_vlan.domain, 'domain': i_vlan.domain,
'router': i_vlan.ipv4, 'router': i_vlan.ipv4,
'ntp': i_vlan.ipv4, 'ntp': i_vlan.ipv4,
'dnsserver': DNS_SERVER, 'dnsserver': models.settings['rdns_ip'],
'extra': "range %s" % i_vlan.dhcp_pool if m else "deny unknown-clients", 'extra': "range %s" % i_vlan.dhcp_pool if m else "deny unknown-clients",
'interface': i_vlan.interface, 'interface': i_vlan.interface,
'name': i_vlan.name, 'name': i_vlan.name,
......
...@@ -7,6 +7,13 @@ from django.utils.translation import ugettext_lazy as _ ...@@ -7,6 +7,13 @@ from django.utils.translation import ugettext_lazy as _
from firewall.fields import * from firewall.fields import *
from south.modelsinspector import add_introspection_rules from south.modelsinspector import add_introspection_rules
from django.core.validators import MinValueValidator, MaxValueValidator from django.core.validators import MinValueValidator, MaxValueValidator
from modeldict import ModelDict
class Setting(models.Model):
key = models.CharField(max_length=32)
value = models.CharField(max_length=200)
settings = ModelDict(Setting, key='key', value='value', instances=False)
class Rule(models.Model): class Rule(models.Model):
CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan')) CHOICES_type = (('host', 'host'), ('firewall', 'firewall'), ('vlan', 'vlan'))
......
...@@ -3,7 +3,7 @@ from django.core.cache import cache ...@@ -3,7 +3,7 @@ from django.core.cache import cache
import os import os
import time import time
from firewall.fw import * from firewall.fw import *
from firewall.models import settings
def reload_firewall_lock(): def reload_firewall_lock():
acquire_lock = lambda: cache.add("reload_lock1", "true", 9) acquire_lock = lambda: cache.add("reload_lock1", "true", 9)
...@@ -25,7 +25,11 @@ class ReloadTask(Task): ...@@ -25,7 +25,11 @@ class ReloadTask(Task):
return return
print "indul" print "indul"
time.sleep(10) try:
sleep = float(settings['reload_sleep'])
except:
sleep = 10
time.sleep(sleep)
try: try:
print "ipv4" print "ipv4"
......
#!/usr/bin/python
import base64
import xmltodict
import urllib2
import sys
xml = base64.b64decode(sys.argv[1])
data = xmltodict.parse(xml)
try:
booturl = data["VM"]["TEMPLATE"]["CONTEXT"]["BOOTURL"]
except:
print 'Error'
req=urllib2.Request(booturl)
response = urllib2.urlopen(req)
#!/bin/bash
if [ "$1" != -f ]
then
echo 'Clear ALL PRIVATE DATA ON THE VM. This is used for praparing VM template.'
echo -- '-f switch is required.'
exit 1
fi
rm -rf /opt/webadmin/cloud*
rm .bash_history
rm -f ~/.gitconfig
mysql <<A
DROP USER webadmin@localhost;
A
mysql <<A
DROP DATABASE webadmin;
A
sudo chpasswd <<<'cloud:ezmiez'
#!/bin/bash
if [ -z "$SSH_AUTH_SOCK" ]
then
cat <<A
Use SSH authentication agent forwarding ("ssh -A cloud@host").
On the client side you can use "ssh-add [filename]" to let the agent know more keys.
In .ssh/config you can also use "ForwardAgent yes" setting.
A
exit 1
fi
if ! git config user.name
then
echo -n "Your name: "
read NAME
git config --global user.name "$NAME"
fi
mysql <<A
DROP USER webadmin@localhost;
A
mysql <<A
DROP DATABASE webadmin;
A
set -e
mysql <<A
CREATE USER webadmin@localhost IDENTIFIED BY 'asjklddfjklqjf';
CREATE DATABASE webadmin CHARACTER SET utf8 COLLATE utf8_general_ci;
GRANT ALL ON webadmin.* TO webadmin@localhost;
A
cd /opt/webadmin/
mv cloud cloud.$(date +%s) || true
git clone 'ssh://git@giccero.cloud.ik.bme.hu/cloud'
cd cloud
./manage.py syncdb --noinput
./manage.py migrate
./manage.py createsuperuser --email=cloud@ik.bme.hu
./manage.py loaddata /home/cloud/user.yaml 2>/dev/null || true
./manage.py loaddata /home/cloud/fw.yaml
./manage.py loaddata /home/cloud/one.yaml
./manage.py update
- fields: {name: wifi, nat: true, public: false}
model: one.network
pk: 1
- fields: {CPU: 1, RAM: 102, name: small}
model: one.instancetype
pk: 1
- fields: {access_type: ssh, created_at: !!timestamp '2013-01-24 23:06:00+00:00', disk: 1, instance_type: 1, name: tty, network: 1, owner: 1}
model: one.template
pk: 1
- fields: {name: Copy of ttylinux - kvm}
model: one.disk
pk: 1
- fields:
comment: ''
description: ''
dhcp_pool: manual
domain: wifi.ik.bme.hu
interface: fake
ipv4: 192.168.255.254
ipv6: 2001:738:2001:4031:168:255:254:0
name: 'wifi'
net4: 192.168.0.0
net6: '2001:738:2001:4031:168::'
prefix4: 16
prefix6: 80
snat_ip: 152.66.243.160
snat_to: [4, 7]
vid: 168
model: firewall.vlan
pk: 168
- fields:
date_joined: 2012-11-27 10:33:20+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: true
is_superuser: false
last_login: 2013-01-14 21:41:28+00:00
last_name: ''
password: pbkdf2_sha256$10000$nKZoYcdY1hCp$EUltsuHxLC4hYDMjh0P/3JCqZshnrvYTZpQDcotqjns=
user_permissions: []
username: bd
model: auth.user
pk: 2
- fields:
date_joined: 2012-11-27 10:40:57+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: false
is_superuser: false
last_login: 2012-11-27 10:40:57+00:00
last_name: ''
password: pbkdf2_sha256$10000$yQSOV0aqQyKoM$YryBbUnvH8pc3+OcpU6CoxPfxA+H/+s5LIRgKKbtrA=
user_permissions: []
username: mate
model: auth.user
pk: 3
- fields:
date_joined: 2012-11-27 10:41:08+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: false
is_superuser: false
last_login: 2012-11-27 10:41:08+00:00
last_name: ''
password: pbkdf2_sha256$10000$aDfLP2f50s9$/J3We6Rbgx5karvbK/xRcGJVPpQHKlPnGSxHMYl7/AgU=
user_permissions: []
username: tarokkk
model: auth.user
pk: 4
- fields:
date_joined: 2012-12-23 18:57:31+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: false
is_superuser: false
last_login: 2012-12-23 18:57:31+00:00
last_name: ''
password: pbkdf2_sha256$10000$fJrZiQ78vfDi$obQ8lqeEbWu1gJkUohGaL2VXDB+zHuc7qzrWwmDKye4=
user_permissions: []
username: opennebula
model: auth.user
pk: 5
- fields:
date_joined: 2013-01-14 15:01:51+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: true
is_superuser: true
last_login: 2013-01-14 15:07:27+00:00
last_name: ''
password: pbkdf2_sha256$10000$PxbeA5QOMTNr$hxUBeBD9yU7Gmu75+drJoqgpHFeYtop0w5ovx978Ec8=
user_permissions: []
username: lennon
model: auth.user
pk: 6
- fields:
date_joined: 2013-01-16 12:36:01+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: true
is_superuser: true
last_login: 2013-01-22 15:21:22+00:00
last_name: ''
password: pbkdf2_sha256$10000$gx04X6OpW8kW$iCU3cuhqQcvq7I8tRVkrnES03ty/3vqN8ou4xZgfPBQ=
user_permissions: []
username: test
model: auth.user
pk: 7
- fields:
date_joined: 2013-01-21 18:07:32+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: true
is_superuser: true
last_login: 2013-01-21 18:08:27+00:00
last_name: ''
password: pbkdf2_sha256$10000$1ckVZD48XFt8$7vj20S4x33KDRP/y02PKm8is9zf1FoLHJQ+xf1zhKzw=
user_permissions: []
username: test23
model: auth.user
pk: 9
- fields:
date_joined: 2013-01-21 18:11:21+00:00
email: ''
first_name: ''
groups: []
is_active: true
is_staff: true
is_superuser: true
last_login: 2013-01-22 00:09:01+00:00
last_name: ''
password: pbkdf2_sha256$10000$9gr7ctlRFCS8$A3Ex+7gs0OVU+SzZNvijisjvCQjBT6l0Tl3dGCQ5UEs=
user_permissions: []
username: test77
model: auth.user
pk: 10
- fields:
date_joined: 2013-01-22 23:03:18+00:00
email: orymate@gmail.com
first_name: "M\xE1t\xE9"
groups: []
is_active: true
is_staff: false
is_superuser: false
last_login: 2013-01-23 22:12:20+00:00
last_name: "\u0150ry"
password: '!'
user_permissions: []
username: K2JL24
model: auth.user
pk: 11
- fields:
date_joined: 2013-01-23 08:49:10+00:00
email: bd@doszgep.hu
first_name: "D\xE1niel"
groups: []
is_active: true
is_staff: false
is_superuser: false
last_login: 2013-01-23 11:30:27+00:00
last_name: Bach
password: '!'
user_permissions: []
username: JI1M92
model: auth.user
pk: 12
- fields:
date_joined: 2013-01-23 13:37:22+00:00
email: gubasanyi@gmail.com
first_name: "S\xE1ndor"
groups: []
is_active: true
is_staff: false
is_superuser: false
last_login: 2013-01-24 21:40:05+00:00
last_name: Guba
password: '!'
user_permissions: []
username: TFDAZ6
model: auth.user
pk: 13
- fields:
date_joined: 2013-01-23 15:04:46+00:00
email: madbence@gmail.com
first_name: Bence
groups: []
is_active: true
is_staff: false
is_superuser: false
last_login: 2013-01-23 15:04:46+00:00
last_name: "D\xE1nyi"
password: '!'
user_permissions: []
username: K7YLW5
model: auth.user
pk: 14
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment