firewall: ssh replaced with rabbitmq

e21437b1 · Bach Dániel · fe568466 · e21437b1 · e21437b1 · e21437b1
Commit e21437b1 authored Feb 13, 2013 by Bach Dániel
Hide whitespace changes
Inline Side-by-side

Showing with 55 additions and 43 deletions

cloud/settings.py
+7 -1

firewall/fw.py
+8 -0

firewall/models.py
+13 -0

firewall/tasks.py
+27 -39

one/models.py
+0 -3

No files found.
--- a/cloud/settings.py
+++ b/cloud/settings.py
@@ -175,7 +175,13 @@ AUTH_PROFILE_MODULE = 'school.Person'
 import djcelery
 djcelery.setup_loader()
-BROKER_URL = 'django://'
+BROKER_URL = 'amqp://nyuszi:teszt@localhost:5672/django'
+CELERY_ROUTES = {
+    'firewall.tasks.ReloadTask': {'queue': 'local'},
+    'firewall.tasks.reload_dns_task': {'queue': 'dns'},
+    'firewall.tasks.reload_firewall_task': {'queue': 'firewall'},
+    'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'},
+}
 store_settings = {
        "basic_auth": "True",

--- a/firewall/fw.py
+++ b/firewall/fw.py
@@ -280,6 +280,12 @@ class firewall:
            process = subprocess.Popen(['/usr/bin/ssh', 'fw2', '/usr/bin/sudo', '/sbin/iptables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
            process.communicate("\n".join(self.SZABALYOK)+"\n"+"\n".join(self.SZABALYOK_NAT)+"\n")
+    def get(self):
+        if self.IPV6:
+            return { 'filter': self.SZABALYOK, }
+        else:
+            return { 'filter': self.SZABALYOK, 'nat':self.SZABALYOK_NAT }
    def show(self):
        if self.IPV6:
            return "\n".join(self.SZABALYOK)+"\n"
@@ -373,6 +379,7 @@ def dns():
            mx = d['address'].split(':', 2)
            DNS.append("@%(fqdn)s::%(mx)s:%(dist)s:%(ttl)s" % {'fqdn': d['name'], 'mx': mx[1], 'dist': mx[0], 'ttl': d['ttl']})
+    return DNS
    process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % settings['dns_hostname']], shell=False, stdin=subprocess.PIPE)
    process.communicate("\n".join(DNS)+"\n")
    # print "\n".join(DNS)+"\n"
@@ -434,6 +441,7 @@ def dhcp():
                        'ipv4': i_host.ipv4,
                    })
+    return DHCP
    process = subprocess.Popen(['/usr/bin/ssh', 'fw2', 'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'], shell=False, stdin=subprocess.PIPE)
 #   print "\n".join(DHCP)+"\n"
    process.communicate("\n".join(DHCP)+"\n")

--- a/firewall/models.py
+++ b/firewall/models.py
@@ -9,6 +9,7 @@ from south.modelsinspector import add_introspection_rules
 from django.core.validators import MinValueValidator, MaxValueValidator
 from cloud.settings import firewall_settings as settings
 from django.utils.ipv6 import is_valid_ipv6_address
+from django.db.models.signals import post_save
 import re
 class Rule(models.Model):
@@ -270,4 +271,16 @@ class Record(models.Model):
        return retval
+def send_task(sender, instance, created, **kwargs):
+    from firewall.tasks import ReloadTask
+    ReloadTask.apply_async(args=[sender.__name__])
+post_save.connect(send_task, sender=Host)
+post_save.connect(send_task, sender=Rule)
+post_save.connect(send_task, sender=Domain)
+post_save.connect(send_task, sender=Record)
+post_save.connect(send_task, sender=Vlan)
+post_save.connect(send_task, sender=Firewall)
+post_save.connect(send_task, sender=Group)
+post_save.connect(send_task, sender=Host)
--- a/firewall/tasks.py
+++ b/firewall/tasks.py
 from celery.task import Task, PeriodicTask
+import celery
 from django.core.cache import cache
 import os
 import time
 from firewall.fw import *
 from cloud.settings import firewall_settings as settings
-def reload_firewall_lock():
+@celery.task
-    acquire_lock = lambda: cache.add("reload_lock1", "true", 9)
+def reload_dns_task(data):
+    pass
-    if acquire_lock():
+@celery.task
-        print "megszereztem"
+def reload_firewall_task(data4, data6):
-        ReloadTask.delay()
+    pass
-    else:
+@celery.task
-        print "nem szereztem meg"
+def reload_dhcp_task(data):
+    pass
 class ReloadTask(Task):
-    def run(self, **kwargs):
+    def run(self, type):
-        acquire_lock = lambda: cache.add("reload_lock1", "true", 90)
-        release_lock = lambda: cache.delete("reload_lock1")
+        if type in ["Host", "Records", "Domain", "Vlan"]:
+            lock = lambda: cache.add("dns_lock", "true", 9)
+            if lock():
+                reload_dns_task.delay(dns())
-        if not acquire_lock():
+        if type == "Host":
-            print "mar folyamatban van egy reload"
+            lock = lambda: cache.add("dhcp_lock", "true", 9)
-            return
+            if lock():
+                reload_dhcp_task.delay(dhcp())
-        print "indul"
+        if type in ["Host", "Rule", "Firewall"]:
-        try:
+            lock = lambda: cache.add("firewall_lock", "true", 9)
-            sleep = float(settings['reload_sleep'])
+            if lock():
-        except:
+                ipv4 = firewall().get()
-            sleep = 10
+                ipv6 = firewall(True).get()
-        time.sleep(sleep)
+                reload_firewall_task.delay(ipv4, ipv6)
-        try:
+        print type
-            print "ipv4"
-            ipv4 = firewall()
-            ipv4.reload()
-#           print ipv4.show()
-            print "ipv6"
-            ipv6 = firewall(True)
-            ipv6.reload()
-            print "dns"
-            dns()
-            print "dhcp"
-            dhcp()
-            print "vege"
-        except:
-            raise
-            print "nem sikerult :("
-        print "leall"
-        release_lock()
--- a/one/models.py
+++ b/one/models.py
@@ -8,7 +8,6 @@ from django.db.models.signals import post_save
 from django import forms
 from django.utils.translation import ugettext_lazy as _
 from firewall.models import Host, Rule, Vlan
-from firewall.tasks import reload_firewall_lock
 from one.util import keygen
 from school.models import Person, Group
 from datetime import timedelta as td
@@ -531,7 +530,6 @@ class Instance(models.Model):
        host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
        inst.firewall_host=host
        inst.save()
-        reload_firewall_lock()
        return inst
    """
@@ -549,7 +547,6 @@ class Instance(models.Model):
            self.firewall_host = None
            self.save()
            h.delete()
-        reload_firewall_lock()
    def _update_vm(self, template):
        out = ""