Skip to content

CIRCLE / cloud

Go to a project
Commit 55e743b2 by Bach Dániel
Options

firewall: rewrite management command

parent 3159f5f9
Showing with 27 additions and 40 deletions
circle/dashboard/management/commands/init.py
...@@ -23,8 +23,7 @@ from optparse import make_option ...@@ -23,8 +23,7 @@ from optparse import make_option
from django.contrib.auth.models import User from django.contrib.auth.models import User
from django.core.management.base import BaseCommand from django.core.management.base import BaseCommand
from firewall.models import (Vlan, VlanGroup, Domain, Firewall, Rule, from firewall.models import Vlan, VlanGroup, Domain, Firewall, Rule
SwitchPort, EthernetDevice, Host)
from storage.models import DataStore from storage.models import DataStore
from vm.models import Lease from vm.models import Lease
...@@ -35,13 +34,12 @@ logger = logging.getLogger(__name__) ...@@ -35,13 +34,12 @@ logger = logging.getLogger(__name__)
class Command(BaseCommand): class Command(BaseCommand):
option_list = BaseCommand.option_list + ( option_list = BaseCommand.option_list + (
make_option('--force', action="store_true"), make_option('--force', action="store_true"),
make_option('--portal-ip'),
make_option('--external-net'), make_option('--external-net'),
make_option('--management-net'), make_option('--management-net'),
make_option('--vm-net'), make_option('--vm-net'),
make_option('--external-if'), make_option('--external-if'),
make_option('--management-if'), make_option('--management-if'),
make_option('--trunk-if'), make_option('--vm-if'),
make_option('--datastore-queue'), make_option('--datastore-queue'),
make_option('--firewall-queue'), make_option('--firewall-queue'),
make_option('--admin-user'), make_option('--admin-user'),
...@@ -91,20 +89,28 @@ class Command(BaseCommand): ...@@ -91,20 +89,28 @@ class Command(BaseCommand):
suspend_interval_seconds=3600 * 24 * 365, suspend_interval_seconds=3600 * 24 * 365,
delete_interval_seconds=3600 * 24 * 365 * 3) delete_interval_seconds=3600 * 24 * 365 * 3)
domain = self.create(Domain, 'name', name='example.com', owner=admin) net_domain = self.create(Domain, 'name', name='net.example.com',
owner=admin)
man_domain = self.create(Domain, 'name', name='man.example.com',
owner=admin)
vm_domain = self.create(Domain, 'name', name='vm.example.com',
owner=admin)
# vlans # vlans
net = self.create(Vlan, 'name', name='net', vid=4, net = self.create(Vlan, 'vid', name=options['external_if'], vid=4,
network4=options['external_net'], domain=domain) network4=options['external_net'], domain=net_domain)
man = self.create(Vlan, 'name', name='man', vid=3, dhcp_pool='manual', man = self.create(Vlan, 'vid', name=options['management_if'], vid=3,
network4=options['management_net'], domain=domain, dhcp_pool='manual',
network4=options['management_net'],
domain=man_domain,
snat_ip=options['external_net'].split('/')[0]) snat_ip=options['external_net'].split('/')[0])
man.snat_to.add(net) man.snat_to.add(net)
man.snat_to.add(man) man.snat_to.add(man)
vm = self.create(Vlan, 'name', name='vm', vid=2, dhcp_pool='manual', vm = self.create(Vlan, 'vid', name=options['vm_if'], vid=2,
network4=options['vm_net'], domain=domain, dhcp_pool='manual',
network4=options['vm_net'], domain=vm_domain,
snat_ip=options['external_net'].split('/')[0]) snat_ip=options['external_net'].split('/')[0])
vm.snat_to.add(net) vm.snat_to.add(net)
vm.snat_to.add(vm) vm.snat_to.add(vm)
...@@ -119,14 +125,6 @@ class Command(BaseCommand): ...@@ -119,14 +125,6 @@ class Command(BaseCommand):
vg_net = self.create(VlanGroup, 'name', name='net') vg_net = self.create(VlanGroup, 'name', name='net')
vg_net.vlans.add(net) vg_net.vlans.add(net)
# portal host
portal = self.create(Host, 'hostname', hostname='portal', vlan=man,
mac='11:22:33:44:55:66', owner=admin,
shared_ip=True, external_ipv4=man.snat_ip,
ipv4=options['portal_ip'])
portal.add_port(proto='tcp', public=443, private=443)
portal.add_port(proto='tcp', public=22, private=22)
# firewall rules # firewall rules
fw = self.create(Firewall, 'name', name=options['firewall_queue']) fw = self.create(Firewall, 'name', name=options['firewall_queue'])
...@@ -134,8 +132,16 @@ class Command(BaseCommand): ...@@ -134,8 +132,16 @@ class Command(BaseCommand):
direction='out', action='accept', direction='out', action='accept',
foreign_network=vg_all, firewall=fw) foreign_network=vg_all, firewall=fw)
self.create(Rule, 'description', description='default input rule', self.create(Rule, 'description', description='portal https',
direction='in', action='accept', direction='in', action='accept', proto='tcp', dport=443,
foreign_network=vg_all, firewall=fw)
self.create(Rule, 'description', description='portal http',
direction='in', action='accept', proto='tcp', dport=80,
foreign_network=vg_all, firewall=fw)
self.create(Rule, 'description', description='ssh',
direction='in', action='accept', proto='tcp', dport=22,
foreign_network=vg_all, firewall=fw) foreign_network=vg_all, firewall=fw)
# vlan rules # vlan rules
...@@ -147,23 +153,4 @@ class Command(BaseCommand): ...@@ -147,23 +153,4 @@ class Command(BaseCommand):
direction='out', action='accept', direction='out', action='accept',
foreign_network=vg_net, vlan=man) foreign_network=vg_net, vlan=man)
# switch
# uplink interface
sp_net = self.create(SwitchPort, 'untagged_vlan', untagged_vlan=net)
self.create(EthernetDevice, 'switch_port', switch_port=sp_net,
name=options['external_if'])
# management interface
if options['management_if']:
sp_man = self.create(
SwitchPort, 'untagged_vlan', untagged_vlan=man)
self.create(EthernetDevice, 'switch_port', switch_port=sp_man,
name=options['management_if'])
# vm interface
sp_trunk = self.create(
SwitchPort, 'tagged_vlans', untagged_vlan=man, tagged_vlans=vg_all)
self.create(EthernetDevice, 'switch_port', switch_port=sp_trunk,
name=options['trunk_if'])
return self.print_state() return self.print_state()
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment