Commit e21437b1 by Bach Dániel

firewall: ssh replaced with rabbitmq

parent fe568466
...@@ -175,7 +175,13 @@ AUTH_PROFILE_MODULE = 'school.Person' ...@@ -175,7 +175,13 @@ AUTH_PROFILE_MODULE = 'school.Person'
import djcelery import djcelery
djcelery.setup_loader() djcelery.setup_loader()
BROKER_URL = 'django://' BROKER_URL = 'amqp://nyuszi:teszt@localhost:5672/django'
CELERY_ROUTES = {
'firewall.tasks.ReloadTask': {'queue': 'local'},
'firewall.tasks.reload_dns_task': {'queue': 'dns'},
'firewall.tasks.reload_firewall_task': {'queue': 'firewall'},
'firewall.tasks.reload_dhcp_task': {'queue': 'dhcp'},
}
store_settings = { store_settings = {
"basic_auth": "True", "basic_auth": "True",
......
...@@ -280,6 +280,12 @@ class firewall: ...@@ -280,6 +280,12 @@ class firewall:
process = subprocess.Popen(['/usr/bin/ssh', 'fw2', '/usr/bin/sudo', '/sbin/iptables-restore', '-c'], shell=False, stdin=subprocess.PIPE) process = subprocess.Popen(['/usr/bin/ssh', 'fw2', '/usr/bin/sudo', '/sbin/iptables-restore', '-c'], shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(self.SZABALYOK)+"\n"+"\n".join(self.SZABALYOK_NAT)+"\n") process.communicate("\n".join(self.SZABALYOK)+"\n"+"\n".join(self.SZABALYOK_NAT)+"\n")
def get(self):
if self.IPV6:
return { 'filter': self.SZABALYOK, }
else:
return { 'filter': self.SZABALYOK, 'nat':self.SZABALYOK_NAT }
def show(self): def show(self):
if self.IPV6: if self.IPV6:
return "\n".join(self.SZABALYOK)+"\n" return "\n".join(self.SZABALYOK)+"\n"
...@@ -373,6 +379,7 @@ def dns(): ...@@ -373,6 +379,7 @@ def dns():
mx = d['address'].split(':', 2) mx = d['address'].split(':', 2)
DNS.append("@%(fqdn)s::%(mx)s:%(dist)s:%(ttl)s" % {'fqdn': d['name'], 'mx': mx[1], 'dist': mx[0], 'ttl': d['ttl']}) DNS.append("@%(fqdn)s::%(mx)s:%(dist)s:%(ttl)s" % {'fqdn': d['name'], 'mx': mx[1], 'dist': mx[0], 'ttl': d['ttl']})
return DNS
process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % settings['dns_hostname']], shell=False, stdin=subprocess.PIPE) process = subprocess.Popen(['/usr/bin/ssh', 'tinydns@%s' % settings['dns_hostname']], shell=False, stdin=subprocess.PIPE)
process.communicate("\n".join(DNS)+"\n") process.communicate("\n".join(DNS)+"\n")
# print "\n".join(DNS)+"\n" # print "\n".join(DNS)+"\n"
...@@ -434,6 +441,7 @@ def dhcp(): ...@@ -434,6 +441,7 @@ def dhcp():
'ipv4': i_host.ipv4, 'ipv4': i_host.ipv4,
}) })
return DHCP
process = subprocess.Popen(['/usr/bin/ssh', 'fw2', 'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'], shell=False, stdin=subprocess.PIPE) process = subprocess.Popen(['/usr/bin/ssh', 'fw2', 'cat > /tools/dhcp3/dhcpd.conf.generated;sudo /etc/init.d/isc-dhcp-server restart'], shell=False, stdin=subprocess.PIPE)
# print "\n".join(DHCP)+"\n" # print "\n".join(DHCP)+"\n"
process.communicate("\n".join(DHCP)+"\n") process.communicate("\n".join(DHCP)+"\n")
......
...@@ -9,6 +9,7 @@ from south.modelsinspector import add_introspection_rules ...@@ -9,6 +9,7 @@ from south.modelsinspector import add_introspection_rules
from django.core.validators import MinValueValidator, MaxValueValidator from django.core.validators import MinValueValidator, MaxValueValidator
from cloud.settings import firewall_settings as settings from cloud.settings import firewall_settings as settings
from django.utils.ipv6 import is_valid_ipv6_address from django.utils.ipv6 import is_valid_ipv6_address
from django.db.models.signals import post_save
import re import re
class Rule(models.Model): class Rule(models.Model):
...@@ -270,4 +271,16 @@ class Record(models.Model): ...@@ -270,4 +271,16 @@ class Record(models.Model):
return retval return retval
def send_task(sender, instance, created, **kwargs):
from firewall.tasks import ReloadTask
ReloadTask.apply_async(args=[sender.__name__])
post_save.connect(send_task, sender=Host)
post_save.connect(send_task, sender=Rule)
post_save.connect(send_task, sender=Domain)
post_save.connect(send_task, sender=Record)
post_save.connect(send_task, sender=Vlan)
post_save.connect(send_task, sender=Firewall)
post_save.connect(send_task, sender=Group)
post_save.connect(send_task, sender=Host)
from celery.task import Task, PeriodicTask from celery.task import Task, PeriodicTask
import celery
from django.core.cache import cache from django.core.cache import cache
import os import os
import time import time
from firewall.fw import * from firewall.fw import *
from cloud.settings import firewall_settings as settings from cloud.settings import firewall_settings as settings
def reload_firewall_lock(): @celery.task
acquire_lock = lambda: cache.add("reload_lock1", "true", 9) def reload_dns_task(data):
pass
if acquire_lock(): @celery.task
print "megszereztem" def reload_firewall_task(data4, data6):
ReloadTask.delay() pass
else: @celery.task
print "nem szereztem meg" def reload_dhcp_task(data):
pass
class ReloadTask(Task): class ReloadTask(Task):
def run(self, **kwargs): def run(self, type):
acquire_lock = lambda: cache.add("reload_lock1", "true", 90)
release_lock = lambda: cache.delete("reload_lock1") if type in ["Host", "Records", "Domain", "Vlan"]:
lock = lambda: cache.add("dns_lock", "true", 9)
if lock():
reload_dns_task.delay(dns())
if not acquire_lock(): if type == "Host":
print "mar folyamatban van egy reload" lock = lambda: cache.add("dhcp_lock", "true", 9)
return if lock():
reload_dhcp_task.delay(dhcp())
print "indul" if type in ["Host", "Rule", "Firewall"]:
try: lock = lambda: cache.add("firewall_lock", "true", 9)
sleep = float(settings['reload_sleep']) if lock():
except: ipv4 = firewall().get()
sleep = 10 ipv6 = firewall(True).get()
time.sleep(sleep) reload_firewall_task.delay(ipv4, ipv6)
try: print type
print "ipv4"
ipv4 = firewall()
ipv4.reload()
# print ipv4.show()
print "ipv6"
ipv6 = firewall(True)
ipv6.reload()
print "dns"
dns()
print "dhcp"
dhcp()
print "vege"
except:
raise
print "nem sikerult :("
print "leall"
release_lock()
...@@ -8,7 +8,6 @@ from django.db.models.signals import post_save ...@@ -8,7 +8,6 @@ from django.db.models.signals import post_save
from django import forms from django import forms
from django.utils.translation import ugettext_lazy as _ from django.utils.translation import ugettext_lazy as _
from firewall.models import Host, Rule, Vlan from firewall.models import Host, Rule, Vlan
from firewall.tasks import reload_firewall_lock
from one.util import keygen from one.util import keygen
from school.models import Person, Group from school.models import Person, Group
from datetime import timedelta as td from datetime import timedelta as td
...@@ -531,7 +530,6 @@ class Instance(models.Model): ...@@ -531,7 +530,6 @@ class Instance(models.Model):
host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type]) host.add_port("tcp", inst.get_port(), {"rdp": 3389, "nx": 22, "ssh": 22}[inst.template.access_type])
inst.firewall_host=host inst.firewall_host=host
inst.save() inst.save()
reload_firewall_lock()
return inst return inst
""" """
...@@ -549,7 +547,6 @@ class Instance(models.Model): ...@@ -549,7 +547,6 @@ class Instance(models.Model):
self.firewall_host = None self.firewall_host = None
self.save() self.save()
h.delete() h.delete()
reload_firewall_lock()
def _update_vm(self, template): def _update_vm(self, template):
out = "" out = ""
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or sign in to comment