firewall: ssh replaced with rabbitmq

cloud/settings.py

@@ -175,7 +175,13 @@ AUTH_PROFILE_MODULE = 'school.Person'
 
 import djcelery
 djcelery.setup_loader()
-BROKER_URL = 'django://'
+BROKER_URL = 'amqp://nyuszi:teszt@localhost:5672/django'
+CELERY_ROUTES = {
+    'firewall.tasks.ReloadTask': {'queue': 'local'},
+    'firewall.tasks.reload_dns_task': {'queue': 'dns'},
+    'firewall.tasks.reload_firewall_task': {'queue': 'firewall'},
+    'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'},
+}
 
 store_settings = {
         "basic_auth": "True",

firewall/fw.py

@@ -280,6 +280,12 @@ class firewall:
             process = subprocess.Popen(['/usr/bin/ssh', 'fw2', '/usr/bin/sudo', '/sbin/iptables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
             process.communicate("\n".join(self.SZABALYOK)+"\n"+"\n".join(self.SZABALYOK_NAT)+"\n")
 
+    def get(self):
+        if self.IPV6:
+            return { 'filter': self.SZABALYOK, }
+        else:
+            return { 'filter': self.SZABALYOK, 'nat':self.SZABALYOK_NAT }
+
     def show(self):
         if self.IPV6:
             return "\n".join(self.SZABALYOK)+"\n"
@@ -373,6 +379,7 @@ def dns():
             mx = d['address'].split(':', 2)
             DNS.append("@%(fqdn)s::%(mx)s:%(dist)s:%(ttl)s" % {'fqdn': d['name'], 'mx': mx[1], 'dist': mx[0], 'ttl': d['ttl']})
 
+    return DNS
     process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % settings['dns_hostname']], shell=False, stdin=subprocess.PIPE)
     process.communicate("\n".join(DNS)+"\n")
     # print "\n".join(DNS)+"\n"
@@ -434,6 +441,7 @@ def dhcp():
                         'ipv4': i_host.ipv4,
                     })
 
+    return DHCP
     process = subprocess.Popen(['/usr/bin/ssh', 'fw2', 'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'], shell=False, stdin=subprocess.PIPE)
 #   print "\n".join(DHCP)+"\n"
     process.communicate("\n".join(DHCP)+"\n")

firewall/models.py

@@ -9,6 +9,7 @@ from south.modelsinspector import add_introspection_rules
 from django.core.validators import MinValueValidator, MaxValueValidator
 from cloud.settings import firewall_settings as settings
 from django.utils.ipv6 import is_valid_ipv6_address
+from django.db.models.signals import post_save
 import re
 
 class Rule(models.Model):
@@ -270,4 +271,16 @@ class Record(models.Model):
         return retval
 
 
+def send_task(sender, instance, created, **kwargs):
+    from firewall.tasks import ReloadTask
+    ReloadTask.apply_async(args=[sender.__name__])
 
+
+post_save.connect(send_task, sender=Host)
+post_save.connect(send_task, sender=Rule)
+post_save.connect(send_task, sender=Domain)
+post_save.connect(send_task, sender=Record)
+post_save.connect(send_task, sender=Vlan)
+post_save.connect(send_task, sender=Firewall)
+post_save.connect(send_task, sender=Group)
+post_save.connect(send_task, sender=Host)

firewall/tasks.py

 from celery.task import Task, PeriodicTask
+import celery
 from django.core.cache import cache
 import os
 import time
 from firewall.fw import *
 from cloud.settings import firewall_settings as settings
 
-def reload_firewall_lock():
-    acquire_lock = lambda: cache.add("reload_lock1", "true", 9)
-
-    if acquire_lock():
-        print "megszereztem"
-        ReloadTask.delay()
-    else:
-        print "nem szereztem meg"
-
+@celery.task
+def reload_dns_task(data):
+    pass
+@celery.task
+def reload_firewall_task(data4, data6):
+    pass
+@celery.task
+def reload_dhcp_task(data):
+    pass
 
 class ReloadTask(Task):
-    def run(self, **kwargs):
-        acquire_lock = lambda: cache.add("reload_lock1", "true", 90)
-        release_lock = lambda: cache.delete("reload_lock1")
+    def run(self, type):
+
+        if type in ["Host", "Records", "Domain", "Vlan"]:
+            lock = lambda: cache.add("dns_lock", "true", 9)
+            if lock():
+                reload_dns_task.delay(dns())
 
-        if not acquire_lock():
-            print "mar folyamatban van egy reload"
-            return
+        if type == "Host":
+            lock = lambda: cache.add("dhcp_lock", "true", 9)
+            if lock():
+                reload_dhcp_task.delay(dhcp())
 
-        print "indul"
-        try:
-            sleep = float(settings['reload_sleep'])
-        except:
-            sleep = 10
-        time.sleep(sleep)
+        if type in ["Host", "Rule", "Firewall"]:
+            lock = lambda: cache.add("firewall_lock", "true", 9)
+            if lock():
+                ipv4 = firewall().get()
+                ipv6 = firewall(True).get()
+                reload_firewall_task.delay(ipv4, ipv6)
 
-        try:
-            print "ipv4"
-            ipv4 = firewall()
-            ipv4.reload()
-#           print ipv4.show()
-            print "ipv6"
-            ipv6 = firewall(True)
-            ipv6.reload()
-            print "dns"
-            dns()
-            print "dhcp"
-            dhcp()
-            print "vege"
-        except:
-            raise
-            print "nem sikerult :("
+        print type
 
-        print "leall"
-        release_lock()

one/models.py

@@ -8,7 +8,6 @@ from django.db.models.signals import post_save
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 from firewall.models import Host, Rule, Vlan
-from firewall.tasks import reload_firewall_lock
 from one.util import keygen
 from school.models import Person, Group
 from datetime import timedelta as td
@@ -531,7 +530,6 @@ class Instance(models.Model):
         host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
         inst.firewall_host=host
         inst.save()
-        reload_firewall_lock()
         return inst
 
     """
@@ -549,7 +547,6 @@ class Instance(models.Model):
             self.firewall_host = None
             self.save()
             h.delete()
-        reload_firewall_lock()
 
     def _update_vm(self, template):
         out = ""