Skip to content
Toggle navigation
P
Projects
G
Groups
S
Snippets
Help
Gelencsér Szabolcs
/
cloud
This project
Loading...
Sign in
Toggle navigation
Go to a project
Project
Repository
Issues
0
Merge Requests
0
Pipelines
Wiki
Members
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Commit
e21437b1
authored
Feb 13, 2013
by
Bach Dániel
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
firewall: ssh replaced with rabbitmq
parent
fe568466
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
55 additions
and
43 deletions
+55
-43
cloud/settings.py
+7
-1
firewall/fw.py
+8
-0
firewall/models.py
+13
-0
firewall/tasks.py
+27
-39
one/models.py
+0
-3
No files found.
cloud/settings.py
View file @
e21437b1
...
@@ -175,7 +175,13 @@ AUTH_PROFILE_MODULE = 'school.Person'
...
@@ -175,7 +175,13 @@ AUTH_PROFILE_MODULE = 'school.Person'
import
djcelery
import
djcelery
djcelery
.
setup_loader
()
djcelery
.
setup_loader
()
BROKER_URL
=
'django://'
BROKER_URL
=
'amqp://nyuszi:teszt@localhost:5672/django'
CELERY_ROUTES
=
{
'firewall.tasks.ReloadTask'
:
{
'queue'
:
'local'
},
'firewall.tasks.reload_dns_task'
:
{
'queue'
:
'dns'
},
'firewall.tasks.reload_firewall_task'
:
{
'queue'
:
'firewall'
},
'firewall.tasks.reload_dhcp_task'
:
{
'queue'
:
'dhcp'
},
}
store_settings
=
{
store_settings
=
{
"basic_auth"
:
"True"
,
"basic_auth"
:
"True"
,
...
...
firewall/fw.py
View file @
e21437b1
...
@@ -280,6 +280,12 @@ class firewall:
...
@@ -280,6 +280,12 @@ class firewall:
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'fw2'
,
'/usr/bin/sudo'
,
'/sbin/iptables-restore'
,
'-c'
],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'fw2'
,
'/usr/bin/sudo'
,
'/sbin/iptables-restore'
,
'-c'
],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
process
.
communicate
(
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
+
"
\n
"
.
join
(
self
.
SZABALYOK_NAT
)
+
"
\n
"
)
process
.
communicate
(
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
+
"
\n
"
.
join
(
self
.
SZABALYOK_NAT
)
+
"
\n
"
)
def
get
(
self
):
if
self
.
IPV6
:
return
{
'filter'
:
self
.
SZABALYOK
,
}
else
:
return
{
'filter'
:
self
.
SZABALYOK
,
'nat'
:
self
.
SZABALYOK_NAT
}
def
show
(
self
):
def
show
(
self
):
if
self
.
IPV6
:
if
self
.
IPV6
:
return
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
return
"
\n
"
.
join
(
self
.
SZABALYOK
)
+
"
\n
"
...
@@ -373,6 +379,7 @@ def dns():
...
@@ -373,6 +379,7 @@ def dns():
mx
=
d
[
'address'
]
.
split
(
':'
,
2
)
mx
=
d
[
'address'
]
.
split
(
':'
,
2
)
DNS
.
append
(
"@
%(fqdn)
s::
%(mx)
s:
%(dist)
s:
%(ttl)
s"
%
{
'fqdn'
:
d
[
'name'
],
'mx'
:
mx
[
1
],
'dist'
:
mx
[
0
],
'ttl'
:
d
[
'ttl'
]})
DNS
.
append
(
"@
%(fqdn)
s::
%(mx)
s:
%(dist)
s:
%(ttl)
s"
%
{
'fqdn'
:
d
[
'name'
],
'mx'
:
mx
[
1
],
'dist'
:
mx
[
0
],
'ttl'
:
d
[
'ttl'
]})
return
DNS
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'tinydns@
%
s'
%
settings
[
'dns_hostname'
]],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'tinydns@
%
s'
%
settings
[
'dns_hostname'
]],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
process
.
communicate
(
"
\n
"
.
join
(
DNS
)
+
"
\n
"
)
process
.
communicate
(
"
\n
"
.
join
(
DNS
)
+
"
\n
"
)
# print "\n".join(DNS)+"\n"
# print "\n".join(DNS)+"\n"
...
@@ -434,6 +441,7 @@ def dhcp():
...
@@ -434,6 +441,7 @@ def dhcp():
'ipv4'
:
i_host
.
ipv4
,
'ipv4'
:
i_host
.
ipv4
,
})
})
return
DHCP
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'fw2'
,
'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'
],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
process
=
subprocess
.
Popen
([
'/usr/bin/ssh'
,
'fw2'
,
'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'
],
shell
=
False
,
stdin
=
subprocess
.
PIPE
)
# print "\n".join(DHCP)+"\n"
# print "\n".join(DHCP)+"\n"
process
.
communicate
(
"
\n
"
.
join
(
DHCP
)
+
"
\n
"
)
process
.
communicate
(
"
\n
"
.
join
(
DHCP
)
+
"
\n
"
)
...
...
firewall/models.py
View file @
e21437b1
...
@@ -9,6 +9,7 @@ from south.modelsinspector import add_introspection_rules
...
@@ -9,6 +9,7 @@ from south.modelsinspector import add_introspection_rules
from
django.core.validators
import
MinValueValidator
,
MaxValueValidator
from
django.core.validators
import
MinValueValidator
,
MaxValueValidator
from
cloud.settings
import
firewall_settings
as
settings
from
cloud.settings
import
firewall_settings
as
settings
from
django.utils.ipv6
import
is_valid_ipv6_address
from
django.utils.ipv6
import
is_valid_ipv6_address
from
django.db.models.signals
import
post_save
import
re
import
re
class
Rule
(
models
.
Model
):
class
Rule
(
models
.
Model
):
...
@@ -270,4 +271,16 @@ class Record(models.Model):
...
@@ -270,4 +271,16 @@ class Record(models.Model):
return
retval
return
retval
def
send_task
(
sender
,
instance
,
created
,
**
kwargs
):
from
firewall.tasks
import
ReloadTask
ReloadTask
.
apply_async
(
args
=
[
sender
.
__name__
])
post_save
.
connect
(
send_task
,
sender
=
Host
)
post_save
.
connect
(
send_task
,
sender
=
Rule
)
post_save
.
connect
(
send_task
,
sender
=
Domain
)
post_save
.
connect
(
send_task
,
sender
=
Record
)
post_save
.
connect
(
send_task
,
sender
=
Vlan
)
post_save
.
connect
(
send_task
,
sender
=
Firewall
)
post_save
.
connect
(
send_task
,
sender
=
Group
)
post_save
.
connect
(
send_task
,
sender
=
Host
)
firewall/tasks.py
View file @
e21437b1
from
celery.task
import
Task
,
PeriodicTask
from
celery.task
import
Task
,
PeriodicTask
import
celery
from
django.core.cache
import
cache
from
django.core.cache
import
cache
import
os
import
os
import
time
import
time
from
firewall.fw
import
*
from
firewall.fw
import
*
from
cloud.settings
import
firewall_settings
as
settings
from
cloud.settings
import
firewall_settings
as
settings
def
reload_firewall_lock
():
@celery.task
acquire_lock
=
lambda
:
cache
.
add
(
"reload_lock1"
,
"true"
,
9
)
def
reload_dns_task
(
data
):
pass
if
acquire_lock
():
@celery.task
print
"megszereztem"
def
reload_firewall_task
(
data4
,
data6
):
ReloadTask
.
delay
()
pass
else
:
@celery.task
print
"nem szereztem meg"
def
reload_dhcp_task
(
data
):
pass
class
ReloadTask
(
Task
):
class
ReloadTask
(
Task
):
def
run
(
self
,
**
kwargs
):
def
run
(
self
,
type
):
acquire_lock
=
lambda
:
cache
.
add
(
"reload_lock1"
,
"true"
,
90
)
release_lock
=
lambda
:
cache
.
delete
(
"reload_lock1"
)
if
type
in
[
"Host"
,
"Records"
,
"Domain"
,
"Vlan"
]:
lock
=
lambda
:
cache
.
add
(
"dns_lock"
,
"true"
,
9
)
if
lock
():
reload_dns_task
.
delay
(
dns
())
if
not
acquire_lock
():
if
type
==
"Host"
:
print
"mar folyamatban van egy reload"
lock
=
lambda
:
cache
.
add
(
"dhcp_lock"
,
"true"
,
9
)
return
if
lock
():
reload_dhcp_task
.
delay
(
dhcp
())
print
"indul"
if
type
in
[
"Host"
,
"Rule"
,
"Firewall"
]:
try
:
lock
=
lambda
:
cache
.
add
(
"firewall_lock"
,
"true"
,
9
)
sleep
=
float
(
settings
[
'reload_sleep'
])
if
lock
():
except
:
ipv4
=
firewall
()
.
get
()
sleep
=
10
ipv6
=
firewall
(
True
)
.
get
()
time
.
sleep
(
sleep
)
reload_firewall_task
.
delay
(
ipv4
,
ipv6
)
try
:
print
type
print
"ipv4"
ipv4
=
firewall
()
ipv4
.
reload
()
# print ipv4.show()
print
"ipv6"
ipv6
=
firewall
(
True
)
ipv6
.
reload
()
print
"dns"
dns
()
print
"dhcp"
dhcp
()
print
"vege"
except
:
raise
print
"nem sikerult :("
print
"leall"
release_lock
()
one/models.py
View file @
e21437b1
...
@@ -8,7 +8,6 @@ from django.db.models.signals import post_save
...
@@ -8,7 +8,6 @@ from django.db.models.signals import post_save
from
django
import
forms
from
django
import
forms
from
django.utils.translation
import
ugettext_lazy
as
_
from
django.utils.translation
import
ugettext_lazy
as
_
from
firewall.models
import
Host
,
Rule
,
Vlan
from
firewall.models
import
Host
,
Rule
,
Vlan
from
firewall.tasks
import
reload_firewall_lock
from
one.util
import
keygen
from
one.util
import
keygen
from
school.models
import
Person
,
Group
from
school.models
import
Person
,
Group
from
datetime
import
timedelta
as
td
from
datetime
import
timedelta
as
td
...
@@ -531,7 +530,6 @@ class Instance(models.Model):
...
@@ -531,7 +530,6 @@ class Instance(models.Model):
host
.
add_port
(
"tcp"
,
inst
.
get_port
(),
{
"rdp"
:
3389
,
"nx"
:
22
,
"ssh"
:
22
}[
inst
.
template
.
access_type
])
host
.
add_port
(
"tcp"
,
inst
.
get_port
(),
{
"rdp"
:
3389
,
"nx"
:
22
,
"ssh"
:
22
}[
inst
.
template
.
access_type
])
inst
.
firewall_host
=
host
inst
.
firewall_host
=
host
inst
.
save
()
inst
.
save
()
reload_firewall_lock
()
return
inst
return
inst
"""
"""
...
@@ -549,7 +547,6 @@ class Instance(models.Model):
...
@@ -549,7 +547,6 @@ class Instance(models.Model):
self
.
firewall_host
=
None
self
.
firewall_host
=
None
self
.
save
()
self
.
save
()
h
.
delete
()
h
.
delete
()
reload_firewall_lock
()
def
_update_vm
(
self
,
template
):
def
_update_vm
(
self
,
template
):
out
=
""
out
=
""
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment