def main(argv):
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_address()
# IP configuration
config.address().compare()
config.address().process()
password = CsPassword("vmpassword", config)
password.process()
metadata = CsVmMetadata('vmdata', config)
metadata.process()
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
nf = CsNetfilters()
nf.compare(config.get_fw())
red = CsRedundant(config)
red.set()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
mon = CsMonitor("monitorservice", config)
mon.process()
nf = CsNetfilters()
nf.compare(config.get_fw())
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
def main(argv):
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_address()
# IP configuration
config.address().compare()
config.address().process()
password = CsPassword("vmpassword", config)
password.process()
metadata = CsVmMetadata('vmdata', config)
metadata.process()
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
nf = CsNetfilters()
nf.compare(config.get_fw())
red = CsRedundant(config)
red.set()
nf = CsNetfilters()
nf.compare(config.get_fw())
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
mon = CsMonitor("monitorservice", config)
mon.process()
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
# process_file can be None, if so assume cmd_line.json
if process_file is None:
process_file = "cmd_line.json"
# Track if changes need to be committed to NetFilter
iptables_change = False
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
# Load stored ip adresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
if process_file in ["cmd_line.json", "guest_network.json"]:
logging.debug("Configuring Guest Network")
iptables_change = True
if process_file in ["cmd_line.json", "vm_password.json"]:
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
if process_file in ["cmd_line.json", "vm_metadata.json"]:
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
if process_file in ["cmd_line.json", "network_acl.json"]:
logging.debug("Configuring networkacl")
iptables_change = True
if process_file in ["cmd_line.json", "firewall_rules.json"]:
logging.debug("Configuring firewall rules")
iptables_change = True
if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
logging.debug("Configuring PF rules")
iptables_change = True
if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
logging.debug("Configuring s2s vpn")
iptables_change = True
if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
logging.debug("Configuring remote access vpn")
iptables_change = True
if process_file in ["cmd_line.json", "vpn_user_list.json"]:
logging.debug("Configuring vpn users list")
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
if process_file in ["cmd_line.json", "load_balancer.json"]:
logging.debug("Configuring load balancer")
iptables_change = True
if process_file in ["cmd_line.json", "monitor_service.json"]:
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
# If iptable rules have changed, apply them.
if iptables_change:
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
red = CsRedundant(config)
red.set()
if process_file in ["cmd_line.json", "static_routes.json"]:
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", config)
static_routes.process()
def main(argv):
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_address()
logging.debug("Configuring ip addresses")
# IP configuration
config.address().compare()
config.address().process()
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
logging.debug("Configuring networkacl")
acls = CsAcl('networkacl', config)
acls.process()
logging.debug("Configuring firewall rules")
acls = CsAcl('firewallrules', config)
acls.process()
logging.debug("Configuring PF rules")
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
red = CsRedundant(config)
red.set()
logging.debug("Configuring s2s vpn")
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
logging.debug("Configuring remote access vpn")
#remote access vpn
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
logging.debug("Configuring vpn users list")
#remote access vpn users
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
logging.debug("Configuring load balancer")
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
logging.debug("Configuring iptables rules .....")
nf = CsNetfilters()
nf.compare(config.get_fw())
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
# process_file can be None, if so assume cmd_line.json
if process_file is None:
process_file = "cmd_line.json"
# Track if changes need to be committed to NetFilter
iptables_change = False
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
# Load stored ip adresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
if process_file in ["cmd_line.json", "guest_network.json"]:
logging.debug("Configuring Guest Network")
iptables_change = True
if process_file in ["cmd_line.json", "vm_password.json"]:
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
if process_file in ["cmd_line.json", "vm_metadata.json"]:
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
if process_file in ["cmd_line.json", "network_acl.json"]:
logging.debug("Configuring networkacl")
iptables_change = True
if process_file in ["cmd_line.json", "firewall_rules.json"]:
logging.debug("Configuring firewall rules")
iptables_change = True
if process_file in [
"cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"
]:
logging.debug("Configuring PF rules")
iptables_change = True
if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
logging.debug("Configuring s2s vpn")
iptables_change = True
if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
logging.debug("Configuring remote access vpn")
iptables_change = True
if process_file in ["cmd_line.json", "vpn_user_list.json"]:
logging.debug("Configuring vpn users list")
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
if process_file in ["cmd_line.json", "load_balancer.json"]:
logging.debug("Configuring load balancer")
iptables_change = True
if process_file in ["cmd_line.json", "monitor_service.json"]:
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
# If iptable rules have changed, apply them.
if iptables_change:
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save",
"/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save",
"/etc/iptables/router_rules.v6")
red = CsRedundant(config)
red.set()
if process_file in ["cmd_line.json", "static_routes.json"]:
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", config)
static_routes.process()
def main(argv):
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
config.set_address()
logging.debug("Configuring ip addresses")
# IP configuration
config.address().compare()
config.address().process()
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
logging.debug("Configuring networkacl")
acls = CsAcl('networkacl', config)
acls.process()
logging.debug("Configuring firewall rules")
acls = CsAcl('firewallrules', config)
acls.process()
logging.debug("Configuring PF rules")
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
red = CsRedundant(config)
red.set()
logging.debug("Configuring s2s vpn")
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
logging.debug("Configuring remote access vpn")
#remote access vpn
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
logging.debug("Configuring vpn users list")
#remote access vpn users
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
logging.debug("Configuring load balancer")
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
logging.debug("Configuring iptables rules .....")
nf = CsNetfilters()
nf.compare(config.get_fw())
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
def main(argv):
# The file we are currently processing, if it is "cmd_line.json" everything will be processed.
process_file = argv[1]
# process_file can be None, if so assume cmd_line.json
if process_file is None:
process_file = "cmd_line.json"
# Track if changes need to be committed to NetFilter
iptables_change = False
# The "GLOBAL" Configuration object
config = CsConfig()
logging.basicConfig(filename=config.get_logger(),
level=config.get_level(),
format=config.get_format())
try:
# Load stored ip adresses from disk to CsConfig()
config.set_address()
logging.debug("Configuring ip addresses")
config.address().compare()
config.address().process()
#lllkkk ..................
if process_file in ["cmd_line.json", "sql_restart.json"]:
logging.debug("Configuring sqlrestart")
password = CsSqlRestart("sqlrestrt", config)
password.process()
if process_file in ["cmd_line.json", "sql_chport.json"]:
logging.debug("Configuring sqlport")
password = CsSqlPort("sqlport", config)
password.process()
if process_file in ["cmd_line.json", "sql_chpassword.json"]:
logging.debug("Configuring sqlpassword")
password = CsSqlPassword("sqlpassword", config)
password.process()
#lllkkk-------------------
if process_file in ["cmd_line.json", "guest_network.json"]:
logging.debug("Configuring Guest Network")
iptables_change = True
if process_file in ["cmd_line.json", "vm_password.json"]:
logging.debug("Configuring vmpassword")
password = CsPassword("vmpassword", config)
password.process()
if process_file in ["cmd_line.json", "vm_metadata.json"]:
logging.debug("Configuring vmdata")
metadata = CsVmMetadata('vmdata', config)
metadata.process()
if process_file in ["cmd_line.json", "network_acl.json"]:
logging.debug("Configuring networkacl")
iptables_change = True
if process_file in ["cmd_line.json", "firewall_rules.json"]:
logging.debug("Configuring firewall rules")
iptables_change = True
if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]:
logging.debug("Configuring PF rules")
iptables_change = True
if process_file in ["cmd_line.json", "site_2_site_vpn.json"]:
logging.debug("Configuring s2s vpn")
iptables_change = True
if process_file in ["cmd_line.json", "remote_access_vpn.json"]:
logging.debug("Configuring remote access vpn")
iptables_change = True
if process_file in ["cmd_line.json", "vpn_user_list.json"]:
logging.debug("Configuring vpn users list")
vpnuser = CsVpnUser("vpnuserlist", config)
vpnuser.process()
if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]:
logging.debug("Configuring dhcp entry")
dhcp = CsDhcp("dhcpentry", config)
dhcp.process()
if process_file in ["cmd_line.json", "load_balancer.json"]:
logging.debug("Configuring load balancer")
iptables_change = True
if process_file in ["cmd_line.json", "monitor_service.json"]:
logging.debug("Configuring monitor service")
mon = CsMonitor("monitorservice", config)
mon.process()
# If iptable rules have changed, apply them.
if iptables_change:
acls = CsAcl('networkacl', config)
acls.process()
acls = CsAcl('firewallrules', config)
acls.flushAllowAllEgressRules()
acls.process()
fwd = CsForwardingRules("forwardingrules", config)
fwd.process()
vpns = CsSite2SiteVpn("site2sitevpn", config)
vpns.process()
rvpn = CsRemoteAccessVpn("remoteaccessvpn", config)
rvpn.process()
lb = CsLoadBalancer("loadbalancer", config)
lb.process()
logging.debug("Configuring iptables rules")
nf = CsNetfilters()
nf.compare(config.get_fw())
# zhangxilei 20171117 update start ( Add static routing firewall to release static routing and subnet ) #
staticRoutesRules = "/etc/cloudstack/static_routes_rules.json"
logging.debug("xrstack - Read Configuring static routes rules file: %s" % staticRoutesRules)
if os.path.isfile(staticRoutesRules):
logging.debug("xrstack - Configuring static routes rules json file exist")
f = open(staticRoutesRules)
setting = json.load(f)
logging.debug("xrstack - Processing static routes rules json file id ==> %s " % setting['id'])
for item in setting['configs']:
if item['add']:
#iptables -A FORWARD -s 192.168.2.0/24 -d 192.168.3.0/24 -j ACCEPT
logging.debug("xrstack - Processing add static routes rules , subnet:router ==> [%s, %s]" % (item['tier'], item['router']))
command = "iptables -A FORWARD -s %s -d %s -j ACCEPT" % (item['tier'], item['router'])
CsHelper.execute(command)
else:
logging.debug("xrstack - Processing add static routes rules Json file add is false , subnet:router ==> [%s, %s]" % (item['tier'], item['router']))
else:
logging.debug("xrstack - Configuring static routes rules json file not exist")
# zhangxilei 20171117 update end ( Add static routing firewall to release static routing and subnet ) #
# zhangxilei 20171206 update start ( Set static NAT. First determine active NAT. If there is no. Add static NAT firewall rules ) #
forwardingrules = "/etc/cloudstack/forwardingrules.json"
logging.debug("xrstack - Read Configuring forwardingrules.json: %s" % forwardingrules)
if os.path.isfile(forwardingrules):
logging.debug("xrstack - Configuring static routes rules json file exist")
f = open(forwardingrules)
setting = json.load(f)
logging.debug("xrstack - Processing json file id ==> %s " % setting['id'])
for key,value in setting.items():
if len(value) and "public_ip" in value[0] and value[0].get("internal_ip") and value[0].get("type") == "staticnat":
logging.debug("xrstack - Processing add firewall rules internal_ip ==> %s" % value[0].get("internal_ip"))
command = "iptables -A FORWARD -s %s/32 ! -d %s/32 -j ACCEPT" % (value[0].get("internal_ip"), value[0].get("internal_ip"))
CsHelper.execute(command)
else:
logging.debug("xrstack - Processing add firewall rules Json, value = %s" % value)
else:
logging.debug("xrstack - Configuring forwardingrules.json file not exist")
# zhangxilei 20171206 update end ( Set static NAT. First determine active NAT. If there is no. Add static NAT firewall rules ) #
logging.debug("Configuring iptables rules done ...saving rules")
# Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local
CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
red = CsRedundant(config)
red.set()
if process_file in ["cmd_line.json", "static_routes.json"]:
logging.debug("Configuring static routes")
static_routes = CsStaticRoutes("staticroutes", config)
static_routes.process()
except Exception:
logging.exception("Exception while configuring router")