Skip to content

CIRCLE / fwdriver

Go to a project
Commit f6dc0c99 by Bach Dániel
Options

remove install howto from fw.py

parent 8702eb74
Showing with 96 additions and 69 deletions
docs/install.rst 0 → 100644
Install
=======
.. highlight:: bash
Setting up required software
----------------------------
Create a new user::
$ sudo adduser fw
Update the package lists, and install the required system software::
$ sudo apt-get update
$ sudo apt-get install virtualenvwrapper isc-dhcp-server openvswitch-switch\
iptables openvswitch-controller git linux-image-generic-lts-raring ntp
Configure ISC-DHCP server::
$ sudo tee /etc/dhcp/dhcpd.conf <<END
ddns-update-style none;
default-lease-time 60000;
max-lease-time 720000;
log-facility local7;
include "/tools/dhcp3/dhcpd.conf.generated";
END
$ sudo touch /etc/dhcp/dhcpd.conf.generated
$ sudo chown fw:fw /etc/dhcp/dhcpd.conf.generated
Configure sudo::
$ sudo tee /etc/sudoers.d/firewall <<END
fw ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw /sbin/ip addr *, /sbin/ip netns exec fw /sbin/ip ro *, /sbin/ip netns exec fw /sbin/ip link *, /sbin/ip netns exec fw /usr/sbin/ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw /sbin/iptables-restore -c, /sbin/ip netns exec fw /sbin/ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
END
$ sudo chmod 440 /etc/sudoers.d/firewall
Configure /etc/rc.local::
$ sudo tee /etc/rc.local <<END
#!/bin/sh -e
/etc/init.d/openvswitch-switch restart
/sbin/ip netns add fw
ovs-vsctl del-br firewall
/sbin/ip netns exec fw sysctl -f /etc/sysctl.d/60-circle-firewall.conf
/sbin/ip netns exec fw ip link set lo up
exit 0
END
$ sudo tee /etc/sysctl.d/60-circle-firewall.conf <<END
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
END
Setting up firewall
-------------------
Clone the git repository::
$ sudo -i -u fw
$ git clone git@git.ik.bme.hu:circle/fwdriver.git
Set up *virtualenvwrapper* and the *virtual Python environment* for the project::
$ source /etc/bash_completion.d/virtualenvwrapper
$ mkvirtualenv circle
Install the required Python libraries to the virtual environment::
$ pip install -r fwdriver/requirements.txt
Set up default Firewall configuration::
$ cat >> ~fw/.virtualenvs/fw/local/bin/postactivate <<END
export GATEWAY="152.66.243.254"
export AMQP_URI="amqp://guest:guest@localhost:5672/vhost"
END
$ exit
$ sudo cp ~fw/fwdriver/miscellaneous/firewall.conf /etc/init/
Reboot
------
Reboot::
$ reboot
fw.py
...@@ -2,6 +2,8 @@ from celery import Celery, task ...@@ -2,6 +2,8 @@ from celery import Celery, task
from os import getenv from os import getenv
import re import re
import json import json
import logging
from ovs import Switch from ovs import Switch
DHCP_LOGFILE = getenv('DHCP_LOGFILE', '/var/log/syslog') DHCP_LOGFILE = getenv('DHCP_LOGFILE', '/var/log/syslog')
...@@ -14,75 +16,7 @@ celery.conf.update(CELERY_TASK_RESULT_EXPIRES=300, ...@@ -14,75 +16,7 @@ celery.conf.update(CELERY_TASK_RESULT_EXPIRES=300,
BROKER_URL=getenv("AMQP_URI"), BROKER_URL=getenv("AMQP_URI"),
CELERY_CREATE_MISSING_QUEUES=True) CELERY_CREATE_MISSING_QUEUES=True)
logger = logging.getLogger(__name__)
r'''
________
/ \
|install:|
\________/
run as root:
adduser fw
apt-get update
apt-get install virtualenvwrapper isc-dhcp-server openvswitch-switch\
iptables openvswitch-controller git linux-image-generic-lts-raring
cat > /etc/dhcp/dhcpd.conf <<END
ddns-update-style none;
default-lease-time 60000;
max-lease-time 720000;
log-facility local7;
include "/tools/dhcp3/dhcpd.conf.generated";
END
mkdir -p /tools/dhcp3/
touch /tools/dhcp3/dhcpd.conf.generated && \
chown fw:fw /tools/dhcp3/dhcpd.conf.generated
cat > /etc/sudoers.d/firewall <<END
fw ALL= (ALL) NOPASSWD: /sbin/ip netns exec fw /sbin/ip addr *, /sbin/ip netns exec fw /sbin/ip ro *, /sbin/ip netns exec fw /sbin/ip link *, /sbin/ip netns exec fw /usr/sbin/ipset *, /usr/bin/ovs-vsctl, /sbin/ip netns exec fw /sbin/iptables-restore -c, /sbin/ip netns exec fw /sbin/ip6tables-restore -c, /etc/init.d/isc-dhcp-server restart, /sbin/ip link *
END
chmod 440 /etc/sudoers.d/firewall
cat > /etc/rc.local <<END
#!/bin/sh -e
/sbin/ip netns add fw
ovs-vsctl del-br firewall
/sbin/ip netns exec fw /etc/init.d/openvswitch-switch restart
/sbin/ip netns exec fw sysctl -f
exit 0
END
cat >> /etc/sysctl.conf <<END
net.ipv4.ip_forward=1
net.ipv6.conf.all.forwarding=1
END
/etc/rc.local
su - fw
git clone git@git.ik.bme.hu:circle/fwdriver.git
mkvirtualenv fw
pip install -r fwdriver/requirements.txt
exit
cp ~fw/fwdriver/miscellaneous/firewall.conf /etc/init/
cat >> ~fw/.virtualenvs/fw/local/bin/postactivate <<END
export UPLINK='["eth1"]'
export GATEWAY="152.66.243.254"
export ADDRESSES='{"vlan0006": ["152.66.243.60/32", "152.66.243.62/32", "152.66.243.97/32", "152.66.243.98/32", "152.66.243.130/32", "152.66.243.147/32", "152.66.243.148/32", "152.66.243.149/32"]}'
export AMQP_URI="amqp://guest:guest@localhost:5672/vhost"
export MAC='02\:00\:98\:42\:f3\:92'
END
reboot
ip netns exec fw ip a
'''
@task(name="firewall.reload_firewall") @task(name="firewall.reload_firewall")
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment