Beispiel #1
0
    def process(self):
        acls = CsAcl('networkacl', self.config)
        acls.process()

        acls = CsAcl('firewallrules', self.config)
        acls.process()

        fwd = CsForwardingRules("forwardingrules", self.config)
        fwd.process()

        vpns = CsSite2SiteVpn("site2sitevpn", self.config)
        vpns.process()

        rvpn = CsRemoteAccessVpn("remoteaccessvpn", self.config)
        rvpn.process()

        lb = CsLoadBalancer("loadbalancer", self.config)
        lb.process()

        logging.debug("Configuring iptables rules")
        nf = CsNetfilters()
        nf.compare(self.config.get_fw())

        logging.debug("Configuring iptables rules done ...saving rules")

        # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
        CsHelper.save_iptables("iptables-save", "/etc/iptables/rules.v4")
        CsHelper.save_iptables("ip6tables-save", "/etc/iptables/rules.v6")
Beispiel #2
0
    def process(self):
        acls = CsAcl('networkacl', self.config)
        acls.process()

        acls = CsAcl('publicipacl', self.config)
        acls.process()

        acls = CsAcl('firewallrules', self.config)
        acls.process()

        fwd = CsForwardingRules("forwardingrules", self.config)
        fwd.process()

        vpns = CsSite2SiteVpn("site2sitevpn", self.config)
        vpns.process()

        rvpn = CsRemoteAccessVpn("remoteaccessvpn", self.config)
        rvpn.process()

        lb = CsLoadBalancer("loadbalancer", self.config)
        lb.process()

        logging.debug("Configuring iptables rules")
        nf = CsNetfilters(False)
        nf.compare(self.config.get_fw())

        logging.debug("Configuring iptables rules done ...saving rules")

        # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
        CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
        CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
Beispiel #3
0
def main(argv):
    config = CsConfig()
    logging.basicConfig(filename=config.get_logger(),
                        level=config.get_level(),
                        format=config.get_format())
    config.set_address()

    # IP configuration
    config.address().compare()
    config.address().process()

    password = CsPassword("vmpassword", config)
    password.process()

    metadata = CsVmMetadata('vmdata', config)
    metadata.process()

    acls = CsAcl('networkacl', config)
    acls.process()

    acls = CsAcl('firewallrules', config)
    acls.process()

    fwd = CsForwardingRules("forwardingrules", config)
    fwd.process()

    red = CsRedundant(config)
    red.set()

    vpns = CsSite2SiteVpn("site2sitevpn", config)
    vpns.process()

    #remote access vpn
    rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
    rvpn.process()

    #remote access vpn users
    vpnuser = CsVpnUser("vpnuserlist", config)
    vpnuser.process()

    dhcp = CsDhcp("dhcpentry", config)
    dhcp.process()

    lb = CsLoadBalancer("loadbalancer", config)
    lb.process()

    mon = CsMonitor("monitorservice", config)
    mon.process()

    nf = CsNetfilters()
    nf.compare(config.get_fw())

    # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
    CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
    CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
Beispiel #4
0
def main(argv):
    config = CsConfig()
    logging.basicConfig(filename=config.get_logger(),
                        level=config.get_level(),
                        format=config.get_format())
    config.set_address()

    # IP configuration
    config.address().compare()
    config.address().process()

    password = CsPassword("vmpassword", config)
    password.process()

    metadata = CsVmMetadata('vmdata', config)
    metadata.process()

    acls = CsAcl('networkacl', config)
    acls.process()

    acls = CsAcl('firewallrules', config)
    acls.process()

    fwd = CsForwardingRules("forwardingrules", config)
    fwd.process()

    red = CsRedundant(config)
    red.set()

    vpns = CsSite2SiteVpn("site2sitevpn", config)
    vpns.process()

    #remote access vpn
    rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
    rvpn.process()

    #remote access vpn users
    vpnuser = CsVpnUser("vpnuserlist", config)
    vpnuser.process()

    dhcp = CsDhcp("dhcpentry", config)
    dhcp.process()

    lb = CsLoadBalancer("loadbalancer", config)
    lb.process()

    mon = CsMonitor("monitorservice", config)
    mon.process()

    nf = CsNetfilters()
    nf.compare(config.get_fw())

    # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
    CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
    CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
Beispiel #5
0
def main(argv):
    config = CsConfig()
    logging.basicConfig(filename=config.get_logger(),
                        level=config.get_level(),
                        format=config.get_format())
    config.set_address()

    # IP configuration
    config.address().compare()
    config.address().process()

    password = CsPassword("vmpassword", config)
    password.process()

    metadata = CsVmMetadata('vmdata', config)
    metadata.process()

    acls = CsAcl('networkacl', config)
    acls.process()

    acls = CsAcl('firewallrules', config)
    acls.process()

    fwd = CsForwardingRules("forwardingrules", config)
    fwd.process()

    nf = CsNetfilters()
    nf.compare(config.get_fw())

    red = CsRedundant(config)
    red.set()

    nf = CsNetfilters()
    nf.compare(config.get_fw())

    vpns = CsSite2SiteVpn("site2sitevpn", config)
    vpns.process()

    dhcp = CsDhcp("dhcpentry", config)
    dhcp.process()

    lb = CsLoadBalancer("loadbalancer", config)
    lb.process()

    mon = CsMonitor("monitorservice", config)
    mon.process()
Beispiel #6
0
def main(argv):
    config = CsConfig()
    logging.basicConfig(filename=config.get_logger(),
                        level=config.get_level(),
                        format=config.get_format())
    config.set_address()

    # IP configuration
    config.address().compare()
    config.address().process()

    password = CsPassword("vmpassword", config)
    password.process()

    metadata = CsVmMetadata('vmdata', config)
    metadata.process()

    acls = CsAcl('networkacl', config)
    acls.process()

    acls = CsAcl('firewallrules', config)
    acls.process()

    fwd = CsForwardingRules("forwardingrules", config)
    fwd.process()

    nf = CsNetfilters()
    nf.compare(config.get_fw())

    red = CsRedundant(config)
    red.set()

    nf = CsNetfilters()
    nf.compare(config.get_fw())

    vpns = CsSite2SiteVpn("site2sitevpn", config)
    vpns.process()

    dhcp = CsDhcp("dhcpentry", config)
    dhcp.process()

    lb = CsLoadBalancer("loadbalancer", config)
    lb.process()

    mon = CsMonitor("monitorservice", config)
    mon.process()
Beispiel #7
0
    def process(self):
        firewall = Firewall(self.config)
        firewall.sync()

        acls = CsAcl(self.config)
        acls.process()

        fwd = CsForwardingRules(self.config)
        fwd.process()

        vr = CsVrConfig(self.config)
        vr.process()

        lb = CsLoadBalancer(self.config)
        lb.process()

        logging.debug("Configuring iptables rules")
        nf = CsNetfilters(self.config, False)
        nf.compare(self.config.get_fw())
Beispiel #8
0
def main(argv):
    # The file we are currently processing, if it is "cmd_line.json" everything will be processed.
    process_file = argv[1]

    # process_file can be None, if so assume cmd_line.json
    if process_file is None:
        process_file = "cmd_line.json"

    # Track if changes need to be committed to NetFilter
    iptables_change = False

    # The "GLOBAL" Configuration object
    config = CsConfig()

    logging.basicConfig(filename=config.get_logger(),
                        level=config.get_level(),
                        format=config.get_format())

    # Load stored ip adresses from disk to CsConfig()
    config.set_address()

    logging.debug("Configuring ip addresses")
    config.address().compare()
    config.address().process()

    if process_file in ["cmd_line.json", "guest_network.json"]:
        logging.debug("Configuring Guest Network")
        iptables_change = True

    if process_file in ["cmd_line.json", "vm_password.json"]:
        logging.debug("Configuring vmpassword")
        password = CsPassword("vmpassword", config)
        password.process()

    if process_file in ["cmd_line.json", "vm_metadata.json"]:
        logging.debug("Configuring vmdata")
        metadata = CsVmMetadata('vmdata', config)
        metadata.process()

    if process_file in ["cmd_line.json", "network_acl.json"]:
        logging.debug("Configuring networkacl")
        iptables_change = True

    if process_file in ["cmd_line.json", "firewall_rules.json"]:
        logging.debug("Configuring firewall rules")
        iptables_change = True

    if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
        logging.debug("Configuring PF rules")
        iptables_change = True

    if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
        logging.debug("Configuring s2s vpn")
        iptables_change = True

    if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
        logging.debug("Configuring remote access vpn")
        iptables_change = True

    if process_file in ["cmd_line.json", "vpn_user_list.json"]:
        logging.debug("Configuring vpn users list")
        vpnuser = CsVpnUser("vpnuserlist", config)
        vpnuser.process()

    if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
        logging.debug("Configuring dhcp entry")
        dhcp = CsDhcp("dhcpentry", config)
        dhcp.process()

    if process_file in ["cmd_line.json", "load_balancer.json"]:
        logging.debug("Configuring load balancer")
        iptables_change = True

    if process_file in ["cmd_line.json", "monitor_service.json"]:
        logging.debug("Configuring monitor service")
        mon = CsMonitor("monitorservice", config)
        mon.process()

    # If iptable rules have changed, apply them.
    if iptables_change:
        acls = CsAcl('networkacl', config)
        acls.process()

        acls = CsAcl('firewallrules', config)
        acls.process()

        fwd = CsForwardingRules("forwardingrules", config)
        fwd.process()

        vpns = CsSite2SiteVpn("site2sitevpn", config)
        vpns.process()

        rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
        rvpn.process()

        lb = CsLoadBalancer("loadbalancer", config)
        lb.process()

        logging.debug("Configuring iptables rules")
        nf = CsNetfilters()
        nf.compare(config.get_fw())

        logging.debug("Configuring iptables rules done ...saving rules")

        # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
        CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
        CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")

    red = CsRedundant(config)
    red.set()

    if process_file in ["cmd_line.json", "static_routes.json"]:
        logging.debug("Configuring static routes")
        static_routes = CsStaticRoutes("staticroutes", config)
        static_routes.process()
Beispiel #9
0
def main(argv):
    # The file we are currently processing, if it is "cmd_line.json" everything will be processed.
    process_file = argv[1]

    # process_file can be None, if so assume cmd_line.json
    if process_file is None:
        process_file = "cmd_line.json"

    # Track if changes need to be committed to NetFilter
    iptables_change = False

    # The "GLOBAL" Configuration object
    config = CsConfig()

    logging.basicConfig(filename=config.get_logger(),
                        level=config.get_level(),
                        format=config.get_format())

    # Load stored ip adresses from disk to CsConfig()
    config.set_address()

    logging.debug("Configuring ip addresses")
    config.address().compare()
    config.address().process()

    if process_file in ["cmd_line.json", "guest_network.json"]:
        logging.debug("Configuring Guest Network")
        iptables_change = True

    if process_file in ["cmd_line.json", "vm_password.json"]:
        logging.debug("Configuring vmpassword")
        password = CsPassword("vmpassword", config)
        password.process()

    if process_file in ["cmd_line.json", "vm_metadata.json"]:
        logging.debug("Configuring vmdata")
        metadata = CsVmMetadata('vmdata', config)
        metadata.process()

    if process_file in ["cmd_line.json", "network_acl.json"]:
        logging.debug("Configuring networkacl")
        iptables_change = True

    if process_file in ["cmd_line.json", "firewall_rules.json"]:
        logging.debug("Configuring firewall rules")
        iptables_change = True

    if process_file in [
            "cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"
    ]:
        logging.debug("Configuring PF rules")
        iptables_change = True

    if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
        logging.debug("Configuring s2s vpn")
        iptables_change = True

    if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
        logging.debug("Configuring remote access vpn")
        iptables_change = True

    if process_file in ["cmd_line.json", "vpn_user_list.json"]:
        logging.debug("Configuring vpn users list")
        vpnuser = CsVpnUser("vpnuserlist", config)
        vpnuser.process()

    if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
        logging.debug("Configuring dhcp entry")
        dhcp = CsDhcp("dhcpentry", config)
        dhcp.process()

    if process_file in ["cmd_line.json", "load_balancer.json"]:
        logging.debug("Configuring load balancer")
        iptables_change = True

    if process_file in ["cmd_line.json", "monitor_service.json"]:
        logging.debug("Configuring monitor service")
        mon = CsMonitor("monitorservice", config)
        mon.process()

    # If iptable rules have changed, apply them.
    if iptables_change:
        acls = CsAcl('networkacl', config)
        acls.process()

        acls = CsAcl('firewallrules', config)
        acls.process()

        fwd = CsForwardingRules("forwardingrules", config)
        fwd.process()

        vpns = CsSite2SiteVpn("site2sitevpn", config)
        vpns.process()

        rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
        rvpn.process()

        lb = CsLoadBalancer("loadbalancer", config)
        lb.process()

        logging.debug("Configuring iptables rules")
        nf = CsNetfilters()
        nf.compare(config.get_fw())

        logging.debug("Configuring iptables rules done ...saving rules")

        # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
        CsHelper.save_iptables("iptables-save",
                               "/etc/iptables/router_rules.v4")
        CsHelper.save_iptables("ip6tables-save",
                               "/etc/iptables/router_rules.v6")

    red = CsRedundant(config)
    red.set()

    if process_file in ["cmd_line.json", "static_routes.json"]:
        logging.debug("Configuring static routes")
        static_routes = CsStaticRoutes("staticroutes", config)
        static_routes.process()
def main(argv):
    # The file we are currently processing, if it is "cmd_line.json" everything will be processed.
    process_file = argv[1]

    # process_file can be None, if so assume cmd_line.json
    if process_file is None:
        process_file = "cmd_line.json"

    # Track if changes need to be committed to NetFilter
    iptables_change = False

    # The "GLOBAL" Configuration object
    config = CsConfig()

    logging.basicConfig(filename=config.get_logger(),
                        level=config.get_level(),
                        format=config.get_format())
    try:
        # Load stored ip adresses from disk to CsConfig()
        config.set_address()

        logging.debug("Configuring ip addresses")
        config.address().compare()
        config.address().process()
#lllkkk ..................
        if process_file in ["cmd_line.json", "sql_restart.json"]:
            logging.debug("Configuring sqlrestart")
            password = CsSqlRestart("sqlrestrt", config)
            password.process()
        if process_file in ["cmd_line.json", "sql_chport.json"]:
            logging.debug("Configuring sqlport")
            password = CsSqlPort("sqlport", config)
            password.process()
        if process_file in ["cmd_line.json", "sql_chpassword.json"]:
            logging.debug("Configuring sqlpassword")
            password = CsSqlPassword("sqlpassword", config)
            password.process()
#lllkkk-------------------

        if process_file in ["cmd_line.json", "guest_network.json"]:
            logging.debug("Configuring Guest Network")
            iptables_change = True

        if process_file in ["cmd_line.json", "vm_password.json"]:
            logging.debug("Configuring vmpassword")
            password = CsPassword("vmpassword", config)
            password.process()

        if process_file in ["cmd_line.json", "vm_metadata.json"]:
            logging.debug("Configuring vmdata")
            metadata = CsVmMetadata('vmdata', config)
            metadata.process()

        if process_file in ["cmd_line.json", "network_acl.json"]:
            logging.debug("Configuring networkacl")
            iptables_change = True

        if process_file in ["cmd_line.json", "firewall_rules.json"]:
            logging.debug("Configuring firewall rules")
            iptables_change = True

        if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
            logging.debug("Configuring PF rules")
            iptables_change = True

        if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
            logging.debug("Configuring s2s vpn")
            iptables_change = True

        if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
            logging.debug("Configuring remote access vpn")
            iptables_change = True

        if process_file in ["cmd_line.json", "vpn_user_list.json"]:
            logging.debug("Configuring vpn users list")
            vpnuser = CsVpnUser("vpnuserlist", config)
            vpnuser.process()

        if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
            logging.debug("Configuring dhcp entry")
            dhcp = CsDhcp("dhcpentry", config)
            dhcp.process()

        if process_file in ["cmd_line.json", "load_balancer.json"]:
            logging.debug("Configuring load balancer")
            iptables_change = True

        if process_file in ["cmd_line.json", "monitor_service.json"]:
            logging.debug("Configuring monitor service")
            mon = CsMonitor("monitorservice", config)
            mon.process()
    	
        # If iptable rules have changed, apply them.
        if iptables_change:
            acls = CsAcl('networkacl', config)
            acls.process()

            acls = CsAcl('firewallrules', config)
            acls.flushAllowAllEgressRules()
            acls.process()

            fwd = CsForwardingRules("forwardingrules", config)
            fwd.process()

            vpns = CsSite2SiteVpn("site2sitevpn", config)
            vpns.process()

            rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
            rvpn.process()

            lb = CsLoadBalancer("loadbalancer", config)
            lb.process()

            logging.debug("Configuring iptables rules")
            nf = CsNetfilters()
            nf.compare(config.get_fw())
    
            # zhangxilei 20171117 update start ( Add static routing firewall to release static routing and subnet ) #
            staticRoutesRules = "/etc/cloudstack/static_routes_rules.json"
            logging.debug("xrstack - Read Configuring static routes rules file: %s" % staticRoutesRules)
            if os.path.isfile(staticRoutesRules):
                logging.debug("xrstack - Configuring static routes rules json file exist")
                f = open(staticRoutesRules)
                setting = json.load(f)
                logging.debug("xrstack - Processing static routes rules json file id ==> %s " % setting['id'])
   
                for item in setting['configs']:
                    if item['add']:
                        #iptables -A FORWARD -s 192.168.2.0/24  -d 192.168.3.0/24 -j ACCEPT
                        logging.debug("xrstack - Processing add static routes rules , subnet:router ==> [%s, %s]" % (item['tier'], item['router']))
                        command = "iptables -A FORWARD -s %s  -d %s -j ACCEPT" % (item['tier'], item['router'])
                        CsHelper.execute(command)
                    else:
                        logging.debug("xrstack - Processing add static routes rules Json file add is false , subnet:router ==> [%s, %s]" % (item['tier'], item['router']))
            else:
                logging.debug("xrstack - Configuring static routes rules json file not exist")
            # zhangxilei 20171117 update end ( Add static routing firewall to release static routing and subnet ) #
            # zhangxilei 20171206 update start ( Set static NAT. First determine active NAT. If there is no. Add static NAT firewall rules ) #
            forwardingrules = "/etc/cloudstack/forwardingrules.json"
            logging.debug("xrstack - Read Configuring forwardingrules.json: %s" % forwardingrules)
            if os.path.isfile(forwardingrules):
                logging.debug("xrstack - Configuring static routes rules json file exist")
                f = open(forwardingrules)
                setting = json.load(f)
                logging.debug("xrstack - Processing json file id ==> %s " % setting['id'])
                for key,value in setting.items():
                    if len(value) and "public_ip" in value[0] and value[0].get("internal_ip") and value[0].get("type") == "staticnat":
                        logging.debug("xrstack - Processing add firewall rules internal_ip ==> %s" % value[0].get("internal_ip"))
                        command = "iptables -A FORWARD -s %s/32 ! -d %s/32 -j ACCEPT" % (value[0].get("internal_ip"), value[0].get("internal_ip"))
                        CsHelper.execute(command)
                    else:
                        logging.debug("xrstack - Processing add firewall rules Json, value = %s" % value)   
            else:
                logging.debug("xrstack - Configuring forwardingrules.json file not exist")
            # zhangxilei 20171206 update end ( Set static NAT. First determine active NAT. If there is no. Add static NAT firewall rules ) #
            logging.debug("Configuring iptables rules done ...saving rules")

            # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
            CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
            CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")

        red = CsRedundant(config)
        red.set()

        if process_file in ["cmd_line.json", "static_routes.json"]:
            logging.debug("Configuring static routes")
            static_routes = CsStaticRoutes("staticroutes", config)
            static_routes.process()	
			
    except Exception:
        logging.exception("Exception while configuring router")