Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
CIRCLE
/
fwdriver
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
1
Wiki
Snippets
Members
Activity
Graph
Charts
Create a new issue
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
f6dc0c99
authored
Mar 18, 2014
by
Bach Dániel
1
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
remove install howto from fw.py
parent
8702eb74
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
96 additions
and
69 deletions
+96
-69
docs/install.rst
+93
-0
fw.py
+3
-69
No files found.
docs/install.rst
0 → 100644
View file @
f6dc0c99
Install
=======
.. highlight:: bash
Setting up required software
----------------------------
Create a new user::
$ sudo adduser fw
Update the package lists, and install the required system software::
$ sudo apt-get update
$ sudo apt-get install virtualenvwrapper isc-dhcp-server openvswitch-switch\
iptables openvswitch-controller git linux-image-generic-lts-raring ntp
Configure ISC-DHCP server::
$ sudo tee /etc/dhcp/dhcpd.conf <<END
ddns-update-style none;
default-lease-time 60000;
max-lease-time 720000;
log-facility local7;
include "/tools/dhcp3/dhcpd.conf.generated";
END
$ sudo touch /etc/dhcp/dhcpd.conf.generated
$ sudo chown fw:fw /etc/dhcp/dhcpd.conf.generated
Configure sudo::
$ sudo tee /etc/sudoers.d/firewall <<END
fw ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw /sbin/ip addr *, /sbin/ip netns exec fw /sbin/ip ro *, /sbin/ip netns exec fw /sbin/ip link *, /sbin/ip netns exec fw /usr/sbin/ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw /sbin/iptables-restore -c, /sbin/ip netns exec fw /sbin/ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
END
$ sudo chmod 440 /etc/sudoers.d/firewall
Configure /etc/rc.local::
$ sudo tee /etc/rc.local <<END
#!/bin/sh -e
/etc/init.d/openvswitch-switch restart
/sbin/ip netns add fw
ovs-vsctl del-br firewall
/sbin/ip netns exec fw sysctl -f /etc/sysctl.d/60-circle-firewall.conf
/sbin/ip netns exec fw ip link set lo up
exit 0
END
$ sudo tee /etc/sysctl.d/60-circle-firewall.conf <<END
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
END
Setting up firewall
-------------------
Clone the git repository::
$ sudo -i -u fw
$ git clone git@git.ik.bme.hu:circle/fwdriver.git
Set up *virtualenvwrapper* and the *virtual Python environment* for the project::
$ source /etc/bash_completion.d/virtualenvwrapper
$ mkvirtualenv circle
Install the required Python libraries to the virtual environment::
$ pip install -r fwdriver/requirements.txt
Set up default Firewall configuration::
$ cat >> ~fw/.virtualenvs/fw/local/bin/postactivate <<END
export GATEWAY="152.66.243.254"
export AMQP_URI="amqp://guest:guest@localhost:5672/vhost"
END
$ exit
$ sudo cp ~fw/fwdriver/miscellaneous/firewall.conf /etc/init/
Reboot
------
Reboot::
$ reboot
fw.py
View file @
f6dc0c99
...
...
@@ -2,6 +2,8 @@ from celery import Celery, task
from
os
import
getenv
import
re
import
json
import
logging
from
ovs
import
Switch
DHCP_LOGFILE
=
getenv
(
'DHCP_LOGFILE'
,
'/var/log/syslog'
)
...
...
@@ -14,75 +16,7 @@ celery.conf.update(CELERY_TASK_RESULT_EXPIRES=300,
BROKER_URL
=
getenv
(
"AMQP_URI"
),
CELERY_CREATE_MISSING_QUEUES
=
True
)
r'''
________
/
\
|install:|
\________/
run as root:
adduser fw
apt-get update
apt-get install virtualenvwrapper isc-dhcp-server openvswitch-switch
\
iptables openvswitch-controller git linux-image-generic-lts-raring
cat > /etc/dhcp/dhcpd.conf <<END
ddns-update-style none;
default-lease-time 60000;
max-lease-time 720000;
log-facility local7;
include "/tools/dhcp3/dhcpd.conf.generated";
END
mkdir -p /tools/dhcp3/
touch /tools/dhcp3/dhcpd.conf.generated &&
\
chown fw:fw /tools/dhcp3/dhcpd.conf.generated
cat > /etc/sudoers.d/firewall <<END
fw ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw /sbin/ip addr *, /sbin/ip netns exec fw /sbin/ip ro *, /sbin/ip netns exec fw /sbin/ip link *, /sbin/ip netns exec fw /usr/sbin/ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw /sbin/iptables-restore -c, /sbin/ip netns exec fw /sbin/ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
END
chmod 440 /etc/sudoers.d/firewall
cat > /etc/rc.local <<END
#!/bin/sh -e
/sbin/ip netns add fw
ovs-vsctl del-br firewall
/sbin/ip netns exec fw /etc/init.d/openvswitch-switch restart
/sbin/ip netns exec fw sysctl -f
exit 0
END
cat >> /etc/sysctl.conf <<END
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
END
/etc/rc.local
su - fw
git clone git@git.ik.bme.hu:circle/fwdriver.git
mkvirtualenv fw
pip install -r fwdriver/requirements.txt
exit
cp ~fw/fwdriver/miscellaneous/firewall.conf /etc/init/
cat >> ~fw/.virtualenvs/fw/local/bin/postactivate <<END
export UPLINK='["eth1"]'
export GATEWAY="152.66.243.254"
export ADDRESSES='{"vlan0006": ["152.66.243.60/32", "152.66.243.62/32", "152.66.243.97/32", "152.66.243.98/32", "152.66.243.130/32", "152.66.243.147/32", "152.66.243.148/32", "152.66.243.149/32"]}'
export AMQP_URI="amqp://guest:guest@localhost:5672/vhost"
export MAC='02\:00\:98\:42\:f3\:92'
END
reboot
ip netns exec fw ip a
'''
logger
=
logging
.
getLogger
(
__name__
)
@task
(
name
=
"firewall.reload_firewall"
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment