def _applyMultisiteThread(component, context, template_content, generic_links, netcfg):
logger = ContextLoggerChild(context, component)
lock_manager = component.core.lock_manager
use_template = bool(template_content)
config = component.config
use_nufw = (config['global']['firewall_type'] == NUFW_GATEWAY)
last_ruleset = lastRulesetApplied()
ruleset_name = last_ruleset.get('ruleset')
# Create transactions
transactions = []
if use_template:
# Write the new multisite template content
write_template = WriteTemplate(logger, MULTISITE_TEMPLATE_FILENAME, template_content)
transactions.append(write_template)
transactions.append(WriteGenericLinks(generic_links, logger))
if use_template and (not ruleset_name):
# There is not production ruleset:
# create an empty ruleset using the template
create_empty = CreateEmptyRuleset(logger, component, netcfg)
transactions.append(create_empty)
else:
create_empty = None
# Replace the template in all existing rulesets
replace = replaceTemplateTransactions(logger, component, netcfg,
MULTISITE_TEMPLATE_NAME, use_template)
transactions.append(replace)
# Reapply the ruleset
apply = ApplyRuleset(logger, component, context, netcfg,
ruleset_name, use_nufw)
transactions.append(apply)
if create_empty:
create_empty.name_callbacks.append(apply.setRuleset)
# The new ruleset is now the production ruleset
save = SaveRuleset(None, use_nufw)
transactions.append(save)
create_empty.name_callbacks.append(save.setRuleset)
if (not use_template) and exists(MULTISITE_TEMPLATE_FILENAME):
# Remove the multisite template
remove = RemoveTemplate(logger, MULTISITE_TEMPLATE_FILENAME)
transactions.append(remove)
lock_manager.acquire(context, LOCK_RULESET)
try:
executeTransactions(logger, transactions)
finally:
lock_manager.release(context, LOCK_RULESET)
def service_productionRules(self, context):
"""
Get informations about the rules in production as a dictionary with
keys:
- timestamp: use parseDatetime() from ufwi_rpcd.common.transport
to get a datetime object
- use_nufw: boolean (True if NuFW is used)
- ruleset (optional): name of the ruleset
Name is not set if localfw component was used to create the rules
(without any ruleset).
Return an empty dict if ufwi_ruleset.apply() nor localfw.apply() was not
called (if no rules are in production).
"""
return lastRulesetApplied()
def reapplyLastRuleset(netcfg, context, component):
logger = ContextLoggerChild(context, component)
last_ruleset = lastRulesetApplied()
if 'ruleset' in last_ruleset:
name = last_ruleset['ruleset']
message = "Reapply the last rule set: %s" % name
ruleset = Ruleset(component, logger, netcfg)
ruleset.load(logger, "ruleset", name, filename=PRODUCTION_RULESET)
use_nufw = last_ruleset['use_nufw']
else:
message = "Reapply the last rule set: not rule set (only write localfw rules)"
ruleset = None
use_nufw = False
logger.error(message)
apply = ApplyRules(context, component, ruleset, use_nufw,
raise_error=True, consistency_error=False)
return apply.applyRules()
