firewall: rewrite management command

55e743b2 · Bach Dániel · 3159f5f9 · 55e743b2
Commit 55e743b2 authored Mar 25, 2015 by Bach Dániel
Hide whitespace changes
Inline Side-by-side

Showing with 27 additions and 40 deletions

circle/dashboard/management/commands/init.py
+27 -40

No files found.
--- a/circle/dashboard/management/commands/init.py
+++ b/circle/dashboard/management/commands/init.py
@@ -23,8 +23,7 @@ from optparse import make_option
 from django.contrib.auth.models import User
 from django.core.management.base import BaseCommand

-from firewall.models import (Vlan, VlanGroup, Domain, Firewall, Rule,
-                             SwitchPort, EthernetDevice, Host)
+from firewall.models import Vlan, VlanGroup, Domain, Firewall, Rule
 from storage.models import DataStore
 from vm.models import Lease

@@ -35,13 +34,12 @@ logger = logging.getLogger(__name__)
 class Command(BaseCommand):
    option_list = BaseCommand.option_list + (
        make_option('--force', action="store_true"),
-        make_option('--portal-ip'),
        make_option('--external-net'),
        make_option('--management-net'),
        make_option('--vm-net'),
        make_option('--external-if'),
        make_option('--management-if'),
-        make_option('--trunk-if'),
+        make_option('--vm-if'),
        make_option('--datastore-queue'),
        make_option('--firewall-queue'),
        make_option('--admin-user'),
@@ -91,20 +89,28 @@ class Command(BaseCommand):
                    suspend_interval_seconds=3600 * 24 * 365,
                    delete_interval_seconds=3600 * 24 * 365 * 3)

-        domain = self.create(Domain, 'name', name='example.com', owner=admin)
+        net_domain = self.create(Domain, 'name', name='net.example.com',
+                                 owner=admin)
+        man_domain = self.create(Domain, 'name', name='man.example.com',
+                                 owner=admin)
+        vm_domain = self.create(Domain, 'name', name='vm.example.com',
+                                owner=admin)

        # vlans
-        net = self.create(Vlan, 'name', name='net', vid=4,
-                          network4=options['external_net'], domain=domain)
+        net = self.create(Vlan, 'vid', name=options['external_if'], vid=4,
+                          network4=options['external_net'], domain=net_domain)

-        man = self.create(Vlan, 'name', name='man', vid=3, dhcp_pool='manual',
-                          network4=options['management_net'], domain=domain,
+        man = self.create(Vlan, 'vid', name=options['management_if'], vid=3,
+                          dhcp_pool='manual',
+                          network4=options['management_net'],
+                          domain=man_domain,
                          snat_ip=options['external_net'].split('/')[0])
        man.snat_to.add(net)
        man.snat_to.add(man)

-        vm = self.create(Vlan, 'name', name='vm', vid=2, dhcp_pool='manual',
-                         network4=options['vm_net'], domain=domain,
+        vm = self.create(Vlan, 'vid', name=options['vm_if'], vid=2,
+                         dhcp_pool='manual',
+                         network4=options['vm_net'], domain=vm_domain,
                         snat_ip=options['external_net'].split('/')[0])
        vm.snat_to.add(net)
        vm.snat_to.add(vm)
@@ -119,14 +125,6 @@ class Command(BaseCommand):
        vg_net = self.create(VlanGroup, 'name', name='net')
        vg_net.vlans.add(net)

-        # portal host
-        portal = self.create(Host, 'hostname', hostname='portal', vlan=man,
-                             mac='11:22:33:44:55:66', owner=admin,
-                             shared_ip=True, external_ipv4=man.snat_ip,
-                             ipv4=options['portal_ip'])
-        portal.add_port(proto='tcp', public=443, private=443)
-        portal.add_port(proto='tcp', public=22, private=22)
-
        # firewall rules
        fw = self.create(Firewall, 'name', name=options['firewall_queue'])

@@ -134,8 +132,16 @@ class Command(BaseCommand):
                    direction='out', action='accept',
                    foreign_network=vg_all, firewall=fw)

-        self.create(Rule, 'description', description='default input rule',
-                    direction='in', action='accept',
+        self.create(Rule, 'description', description='portal https',
+                    direction='in', action='accept', proto='tcp', dport=443,
+                    foreign_network=vg_all, firewall=fw)
+
+        self.create(Rule, 'description', description='portal http',
+                    direction='in', action='accept', proto='tcp', dport=80,
+                    foreign_network=vg_all, firewall=fw)
+
+        self.create(Rule, 'description', description='ssh',
+                    direction='in', action='accept', proto='tcp', dport=22,
                    foreign_network=vg_all, firewall=fw)

        # vlan rules
@@ -147,23 +153,4 @@ class Command(BaseCommand):
                    direction='out', action='accept',
                    foreign_network=vg_net, vlan=man)

-        # switch
-        # uplink interface
-        sp_net = self.create(SwitchPort, 'untagged_vlan', untagged_vlan=net)
-        self.create(EthernetDevice, 'switch_port', switch_port=sp_net,
-                    name=options['external_if'])
-
-        # management interface
-        if options['management_if']:
-            sp_man = self.create(
-                SwitchPort, 'untagged_vlan', untagged_vlan=man)
-            self.create(EthernetDevice, 'switch_port', switch_port=sp_man,
-                        name=options['management_if'])
-
-        # vm interface
-        sp_trunk = self.create(
-            SwitchPort, 'tagged_vlans', untagged_vlan=man, tagged_vlans=vg_all)
-        self.create(EthernetDevice, 'switch_port', switch_port=sp_trunk,
-                    name=options['trunk_if'])
-
        return self.print_state()