automatic firewall loading + minor cleanup

a668ab57 · Őry Máté · 2b73175f · a668ab57 · a668ab57 · a668ab57
Commit a668ab57 authored Dec 25, 2012 by Őry Máté
Hide whitespace changes
Inline Side-by-side

Showing with 92 additions and 34 deletions

cloud/settings.py
+8 -0

firewall/fw.py
+0 -19

firewall/models.py
+15 -8

firewall/tasks.py
+41 -0

firewall/views.py
+28 -7

No files found.
--- a/cloud/settings.py
+++ b/cloud/settings.py
@@ -125,6 +125,8 @@ INSTALLED_APPS = (
    'cloud',
    'firewall',
    'south',
+    'djcelery',
+    'kombu.transport.django',
    #'django_bfm',
 )
@@ -170,4 +172,10 @@ LOGGING = {
 }
 LOGIN_URL="/login"
 AUTH_PROFILE_MODULE = 'school.Person'
+import djcelery
+djcelery.setup_loader()
+BROKER_URL = 'django://'
 # vim: et sw=4 ai fenc=utf8 smarttab :
--- a/firewall/fw.py
+++ b/firewall/fw.py
@@ -397,22 +397,3 @@ for mac, name, ipend in [("18:a9:05:64:19:aa", "mega6", 16), ("00:1e:0b:e9:79:1e
 #	h1.save()
 #except:
 #	print "nemsikerult"
--- a/firewall/models.py
+++ b/firewall/models.py
@@ -11,21 +11,28 @@ class Rule(models.Model):
     direction = models.BooleanField()
     description = models.TextField(blank=True)
     vlan = models.ManyToManyField('Vlan', symmetrical=False, blank=True, null=True)
-     dport = models.IntegerField(blank=True, null=True);
+     dport = models.IntegerField(blank=True, null=True)
-     sport = models.IntegerField(blank=True, null=True);
+     sport = models.IntegerField(blank=True, null=True)
     proto = models.CharField(max_length=10, choices=CHOICES_proto, blank=True, null=True)
-     nat_dport = models.IntegerField(blank=True, null=True);
+     nat_dport = models.IntegerField(blank=True, null=True)
-     extra = models.TextField(blank=True);
+     extra = models.TextField(blank=True)
     accept = models.BooleanField(default=False)
     owner = models.ForeignKey(User, blank=True, null=True)
     r_type = models.CharField(max_length=10, choices=CHOICES)
     nat = models.BooleanField(default=False)
-     nat_dport = models.IntegerField();
+     nat_dport = models.IntegerField(blank=True, null=True)
     def __unicode__(self):
        return self.desc()
     def desc(self):
-	return '[' + self.r_type + '] ' + (self.vlan_l() + '->' + self.r_type if self.direction else self.r_type + '->' + self.vlan_l()) + ' ' + self.description
+	para = ""
+	if(self.dport):
+		para = "dport=%s %s" % (self.dport, para)
+	if(self.sport):
+		para = "dport=%s %s" % (self.sport, para)
+	if(self.proto):
+		para = "dport=%s %s" % (self.proto, para)
+	return '[' + self.r_type + '] ' + (self.vlan_l() + '->' + self.r_type if self.direction else self.r_type + '->' + self.vlan_l()) + ' ' + para + ' ' +self.description
     def vlan_l(self):
 	retval = []
 	for vl in self.vlan.all():
@@ -35,8 +42,8 @@ class Rule(models.Model):
 class Vlan(models.Model):
    vid = models.IntegerField(unique=True)
    name = models.CharField(max_length=20, unique=True, validators=[val_alfanum])
-    prefix4 = models.IntegerField(default=16);
+    prefix4 = models.IntegerField(default=16)
-    prefix6 = models.IntegerField(default=80);
+    prefix6 = models.IntegerField(default=80)
    interface = models.CharField(max_length=20, unique=True)
    net4 = models.GenericIPAddressField(protocol='ipv4', unique=True)
    net6 = models.GenericIPAddressField(protocol='ipv6', unique=True)

--- a/firewall/tasks.py
+++ b/firewall/tasks.py
+from celery.task import Task, PeriodicTask
+from django.core.cache import cache
+import os
+from firewall.fw import *
+LOCK_EXPIRE = 9 # Lock expires in 5 minutes
+lock_id = "blabla"
+def lock(para):
+	acquire_lock = lambda: cache.add(lock_id, "true", LOCK_EXPIRE)
+	if acquire_lock():
+		print "megszereztem"
+		ReloadTask.delay("asd")
+	else:
+		print "nem szereztem meg"
+class ReloadTask(Task):
+	def run(self, para, **kwargs):
+		print "indul"
+		os.system("sleep 10")
+		try:
+			print "ipv4"
+			ipv4 = firewall()
+#			html += ipv4.show()
+			ipv4.reload()
+			print "ipv6"
+			ipv6 = firewall(True)
+			ipv6.reload()
+			print "dns"
+			dns()
+			print "dhcp"
+			dhcp()
+			print "vege"
+		except:
+			print "nem sikerult :("
+		print "leall"
--- a/firewall/views.py
+++ b/firewall/views.py
@@ -5,11 +5,15 @@ from firewall.models import *
 from firewall.fw import *
 from django.views.decorators.csrf import csrf_exempt              
 from django.db import IntegrityError               
+from tasks import *
+from celery.task.control import inspect
+import re
 import base64
 import json
 import sys
 def reload_firewall(request):
 	if request.user.is_authenticated():
 		if(request.user.is_superuser):
@@ -43,27 +47,47 @@ def firewall_api(request):
 		try:
 			data=json.loads(base64.b64decode(request.POST["data"]))
 			command = request.POST["command"]
+			if(data["password"] != "bdmegintelrontottaanetet"):
+				raise Exception("rossz jelszo")
+			data["hostname"] = re.sub(r' ','_', data["hostname"])
 			if(command == "create"):
-				data["owner"] = "tarokkk"
+				data["owner"] = "opennebula"
 				owner = auth.models.User.objects.get(username=data["owner"])
 				host = models.Host(hostname=data["hostname"], vlan=models.Vlan.objects.get(name=data["vlan"]), mac=data["mac"], ipv4=data["ip"], owner=owner, description=data["description"])
 				host.full_clean()
 				host.save()
+				rule = models.Rule(direction=False, owner=owner, description="%s netezhet" % (data["hostname"]), accept=True, r_type="host", nat_dport=0)
+				rule.save()
+				rule.vlan.add(models.Vlan.objects.get(name="PUB"))
+				host.rules.add(rule)
 				for p in data["portforward"]:
 					proto = "tcp" if (p["proto"] == "tcp") else "udp"
 					rule = models.Rule(direction=True, owner=owner, description="%s %s %s->%s" % (data["hostname"], proto, p["public_port"], p["private_port"]), dport=int(p["public_port"]), proto=p["proto"], nat=True, accept=True, r_type="host", nat_dport=int(p["private_port"]))
 					rule.save()
 					rule.vlan.add(models.Vlan.objects.get(name="PUB"))
+					rule.vlan.add(models.Vlan.objects.get(name="DMZ"))
+					rule.vlan.add(models.Vlan.objects.get(name="VM-NET"))
+					rule.vlan.add(models.Vlan.objects.get(name="WAR"))
 					host.rules.add(rule)
-			elif(command == "destory"):
+			elif(command == "destroy"):
-				print ""
+				data["owner"] = "opennebula"
+				print data["hostname"]
+				owner = auth.models.User.objects.get(username=data["owner"])
+				host = models.Host.objects.get(hostname=data["hostname"], owner=owner)
+				for rule in host.rules.filter(owner=owner):
+					rule.delete()
+				host.delete()
 			else:
 				raise Exception("rossz parancs")
+			lock("asd")
 		except (ValidationError, IntegrityError, AttributeError, Exception) as e:
 			return HttpResponse(u"rosszul hasznalod! :(\n%s\n" % e);
 		except:
@@ -72,9 +96,6 @@ def firewall_api(request):
 		return HttpResponse(u"ok");
-##	for r in models.Rule.objects.filter(r_type="host"):
-##		print [r.host_set.all(), r.group_set.all()]
-##		print "VEGE"
 	return HttpResponse(u"ez kerlek egy api lesz!\n");