Commit e21437b1 by Bach Dániel

firewall: ssh replaced with rabbitmq

parent fe568466
......@@ -175,7 +175,13 @@ AUTH_PROFILE_MODULE = 'school.Person'
import djcelery
djcelery.setup_loader()
BROKER_URL = 'django://'
BROKER_URL = 'amqp://nyuszi:teszt@localhost:5672/django'
CELERY_ROUTES = {
'firewall.tasks.ReloadTask': {'queue': 'local'},
'firewall.tasks.reload_dns_task': {'queue': 'dns'},
'firewall.tasks.reload_firewall_task': {'queue': 'firewall'},
'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'},
}
store_settings = {
"basic_auth": "True",
......
......@@ -280,6 +280,12 @@ class firewall:
process = subprocess.Popen(['/usr/bin/ssh', 'fw2', '/usr/bin/sudo', '/sbin/iptables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(self.SZABALYOK)+"\n"+"\n".join(self.SZABALYOK_NAT)+"\n")
def get(self):
if self.IPV6:
return { 'filter': self.SZABALYOK, }
else:
return { 'filter': self.SZABALYOK, 'nat':self.SZABALYOK_NAT }
def show(self):
if self.IPV6:
return "\n".join(self.SZABALYOK)+"\n"
......@@ -373,6 +379,7 @@ def dns():
mx = d['address'].split(':', 2)
DNS.append("@%(fqdn)s::%(mx)s:%(dist)s:%(ttl)s" % {'fqdn': d['name'], 'mx': mx[1], 'dist': mx[0], 'ttl': d['ttl']})
return DNS
process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % settings['dns_hostname']], shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(DNS)+"\n")
# print "\n".join(DNS)+"\n"
......@@ -434,6 +441,7 @@ def dhcp():
'ipv4': i_host.ipv4,
})
return DHCP
process = subprocess.Popen(['/usr/bin/ssh', 'fw2', 'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'], shell=False, stdin=subprocess.PIPE)
# print "\n".join(DHCP)+"\n"
process.communicate("\n".join(DHCP)+"\n")
......
......@@ -9,6 +9,7 @@ from south.modelsinspector import add_introspection_rules
from django.core.validators import MinValueValidator, MaxValueValidator
from cloud.settings import firewall_settings as settings
from django.utils.ipv6 import is_valid_ipv6_address
from django.db.models.signals import post_save
import re
class Rule(models.Model):
......@@ -270,4 +271,16 @@ class Record(models.Model):
return retval
def send_task(sender, instance, created, **kwargs):
from firewall.tasks import ReloadTask
ReloadTask.apply_async(args=[sender.__name__])
post_save.connect(send_task, sender=Host)
post_save.connect(send_task, sender=Rule)
post_save.connect(send_task, sender=Domain)
post_save.connect(send_task, sender=Record)
post_save.connect(send_task, sender=Vlan)
post_save.connect(send_task, sender=Firewall)
post_save.connect(send_task, sender=Group)
post_save.connect(send_task, sender=Host)
from celery.task import Task, PeriodicTask
import celery
from django.core.cache import cache
import os
import time
from firewall.fw import *
from cloud.settings import firewall_settings as settings
def reload_firewall_lock():
acquire_lock = lambda: cache.add("reload_lock1", "true", 9)
if acquire_lock():
print "megszereztem"
ReloadTask.delay()
else:
print "nem szereztem meg"
@celery.task
def reload_dns_task(data):
pass
@celery.task
def reload_firewall_task(data4, data6):
pass
@celery.task
def reload_dhcp_task(data):
pass
class ReloadTask(Task):
def run(self, **kwargs):
acquire_lock = lambda: cache.add("reload_lock1", "true", 90)
release_lock = lambda: cache.delete("reload_lock1")
def run(self, type):
if type in ["Host", "Records", "Domain", "Vlan"]:
lock = lambda: cache.add("dns_lock", "true", 9)
if lock():
reload_dns_task.delay(dns())
if not acquire_lock():
print "mar folyamatban van egy reload"
return
if type == "Host":
lock = lambda: cache.add("dhcp_lock", "true", 9)
if lock():
reload_dhcp_task.delay(dhcp())
print "indul"
try:
sleep = float(settings['reload_sleep'])
except:
sleep = 10
time.sleep(sleep)
if type in ["Host", "Rule", "Firewall"]:
lock = lambda: cache.add("firewall_lock", "true", 9)
if lock():
ipv4 = firewall().get()
ipv6 = firewall(True).get()
reload_firewall_task.delay(ipv4, ipv6)
try:
print "ipv4"
ipv4 = firewall()
ipv4.reload()
# print ipv4.show()
print "ipv6"
ipv6 = firewall(True)
ipv6.reload()
print "dns"
dns()
print "dhcp"
dhcp()
print "vege"
except:
raise
print "nem sikerult :("
print type
print "leall"
release_lock()
......@@ -8,7 +8,6 @@ from django.db.models.signals import post_save
from django import forms
from django.utils.translation import ugettext_lazy as _
from firewall.models import Host, Rule, Vlan
from firewall.tasks import reload_firewall_lock
from one.util import keygen
from school.models import Person, Group
from datetime import timedelta as td
......@@ -531,7 +530,6 @@ class Instance(models.Model):
host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
inst.firewall_host=host
inst.save()
reload_firewall_lock()
return inst
"""
......@@ -549,7 +547,6 @@ class Instance(models.Model):
self.firewall_host = None
self.save()
h.delete()
reload_firewall_lock()
def _update_vm(self, template):
out = ""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment