Skip to content

Gelencsér Szabolcs / cloud

Go to a project

A prog2-höz tartozó friss repo anyagok itt elérhetőek: https://git.iit.bme.hu/

Commit 0043974b by Bach Dániel
Options

firewall: add ovs support

parent 0c366826
Showing with 59 additions and 16 deletions
firewall/fw.py
...@@ -500,3 +500,15 @@ for mac, name, ipend in [("18:a9:05:64:19:aa", "mega6", 16), ("00:1e:0b:e9:79:1e ...@@ -500,3 +500,15 @@ for mac, name, ipend in [("18:a9:05:64:19:aa", "mega6", 16), ("00:1e:0b:e9:79:1e
print "nemok %s" % name print "nemok %s" % name
''' '''
def vlan():
obj = models.Vlan.objects.values('vid', 'interface', 'ipv4', 'prefix4',
'ipv6', 'prefix6')
return {
x['interface']: {
'tag': x['vid'],
'type': 'internal',
'interfaces': [x['interface']],
'addresses': ['%s/%s' % (x['ipv4'], x['prefix4']),
'%s/%s' % (x['ipv6'], x['prefix6'])]}
for x in obj}
firewall/models.py
...@@ -8,7 +8,7 @@ from firewall.fields import * ...@@ -8,7 +8,7 @@ from firewall.fields import *
from south.modelsinspector import add_introspection_rules from south.modelsinspector import add_introspection_rules
from django.core.validators import MinValueValidator, MaxValueValidator from django.core.validators import MinValueValidator, MaxValueValidator
import django.conf import django.conf
from django.db.models.signals import post_save from django.db.models.signals import post_save, post_delete
import re import re
import random import random
...@@ -416,13 +416,6 @@ def send_task(sender, instance, created, **kwargs): ...@@ -416,13 +416,6 @@ def send_task(sender, instance, created, **kwargs):
from firewall.tasks import ReloadTask from firewall.tasks import ReloadTask
ReloadTask.apply_async(args=[sender.__name__]) ReloadTask.apply_async(args=[sender.__name__])
for sender in [Host, Rule, Domain, Record, Vlan, Firewall, Group, Blacklist]:
post_save.connect(send_task, sender=Host) post_save.connect(send_task, sender=sender)
post_save.connect(send_task, sender=Rule) # post_delete.connect(send_task, sender=sender)
post_save.connect(send_task, sender=Domain)
post_save.connect(send_task, sender=Record)
post_save.connect(send_task, sender=Vlan)
post_save.connect(send_task, sender=Firewall)
post_save.connect(send_task, sender=Group)
post_save.connect(send_task, sender=Host)
post_save.connect(send_task, sender=Blacklist)
firewall/tasks.py
...@@ -21,6 +21,28 @@ def reload_dhcp_task(data): ...@@ -21,6 +21,28 @@ def reload_dhcp_task(data):
def reload_blacklist_task(data): def reload_blacklist_task(data):
pass pass
# new tasks
@celery.task(name='firewall.reload_firewall')
def reload_firewall(data4, data6):
pass
@celery.task(name='firewall.reload_firewall_vlan')
def reload_firewall_vlan(data):
pass
@celery.task(name='firewall.reload_dhcp')
def reload_dhcp(data):
pass
@celery.task(name='firewall.reload_blacklist')
def reload_blacklist(data):
pass
class Periodic(PeriodicTask): class Periodic(PeriodicTask):
run_every = timedelta(seconds=10) run_every = timedelta(seconds=10)
...@@ -34,20 +56,33 @@ class Periodic(PeriodicTask): ...@@ -34,20 +56,33 @@ class Periodic(PeriodicTask):
if cache.get('dhcp_lock'): if cache.get('dhcp_lock'):
cache.delete("dhcp_lock") cache.delete("dhcp_lock")
reload_dhcp_task.delay(dhcp()) reload_dhcp_task.delay(dhcp())
reload_dhcp_task.apply_async((dhcp(), ), queue='dhcp2') reload_dhcp.apply_async(args=[dhcp()], queue='dhcp2')
print "dhcp ujratoltese kesz" print "dhcp ujratoltese kesz"
if cache.get('firewall_lock'): if cache.get('firewall_lock'):
cache.delete("firewall_lock") cache.delete("firewall_lock")
ipv4 = Firewall().get() ipv4 = Firewall().get()
ipv6 = Firewall(True).get() ipv6 = Firewall(True).get()
reload_firewall_task.delay(ipv4, ipv6) # old
reload_firewall_task.apply_async((ipv4, ipv6), queue='firewall2') reload_firewall_task.apply_async((ipv4, ipv6), queue='firewall')
# new
reload_firewall.apply_async(args=[ipv4, ipv6], queue='firewall2')
print "firewall ujratoltese kesz" print "firewall ujratoltese kesz"
if cache.get('firewall_vlan_lock'):
cache.delete("firewall_vlan_lock")
data = vlan()
# reload_firewall_vlan.apply_async(args=[data], queue='firewall')
reload_firewall_vlan.apply_async(args=[data], queue='firewall2')
print "firewall_vlan ujratoltese kesz"
if cache.get('blacklist_lock'): if cache.get('blacklist_lock'):
cache.delete("blacklist_lock") cache.delete("blacklist_lock")
# old
reload_blacklist_task.delay(list(ipset())) reload_blacklist_task.delay(list(ipset()))
# new
reload_blacklist.apply_async(args=[list(ipset())], queue='firewall2')
print "blacklist ujratoltese kesz" print "blacklist ujratoltese kesz"
class ReloadTask(Task): class ReloadTask(Task):
...@@ -56,14 +91,17 @@ class ReloadTask(Task): ...@@ -56,14 +91,17 @@ class ReloadTask(Task):
if type in ["Host", "Records", "Domain", "Vlan"]: if type in ["Host", "Records", "Domain", "Vlan"]:
cache.add("dns_lock", "true", 30) cache.add("dns_lock", "true", 30)
if type == "Host": if type in ["Host", "Vlan"]:
cache.add("dhcp_lock", "true", 30) cache.add("dhcp_lock", "true", 30)
if type in ["Host", "Rule", "Firewall"]: if type in ["Host", "Rule", "Firewall", "Vlan"]:
cache.add("firewall_lock", "true", 30) cache.add("firewall_lock", "true", 30)
if type == "Blacklist": if type == "Blacklist":
cache.add("blacklist_lock", "true", 30) cache.add("blacklist_lock", "true", 30)
if type in ["Vlan"]:
cache.add("firewall_vlan_lock", "true", 30)
print type print type
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment