Move django-based uncloud to top-level

2020-05-07 12:12:35 +02:00 · 2020-05-07 12:12:35 +02:00 · 95d43f002f
commit 95d43f002f
parent 0560063326
265 changed files with 0 additions and 0 deletions
--- a/uncloud_net/init.py
+++ b/uncloud_net/init.py
--- a/uncloud_net/admin.py
+++ b/uncloud_net/admin.py
@ -0,0 +1,3 @@
+from django.contrib import admin
+
+# Register your models here.
--- a/uncloud_net/apps.py
+++ b/uncloud_net/apps.py
@ -0,0 +1,5 @@
+from django.apps import AppConfig
+
+
+class UncloudNetConfig(AppConfig):
+    name = 'uncloud_net'
--- a/uncloud_net/management/commands/vpn.py
+++ b/uncloud_net/management/commands/vpn.py
@ -0,0 +1,44 @@
+import sys
+from datetime import datetime
+
+from django.core.management.base import BaseCommand
+
+from django.contrib.auth import get_user_model
+
+from opennebula.models import VM as VMModel
+from uncloud_vm.models import VMHost, VMProduct, VMNetworkCard, VMDiskImageProduct, VMDiskProduct, VMCluster
+
+import logging
+log = logging.getLogger(__name__)
+
+
+
+peer_template="""
+# {username}
+[Peer]
+PublicKey = {public_key}
+AllowedIPs = {vpnnetwork}
+"""
+
+class Command(BaseCommand):
+    help = 'General uncloud commands'
+
+    def add_arguments(self, parser):
+        parser.add_argument('--hostname',
+                            action='store_true',
+                            help='Name of this VPN Host',
+                            required=True)
+
+    def handle(self, *args, **options):
+        if options['bootstrap']:
+            self.bootstrap()
+
+        self.create_vpn_config(options['hostname'])
+
+    def create_vpn_config(self, hostname):
+        configs = []
+
+        for pool in VPNPool.objects.filter(vpn_hostname=hostname):
+            configs.append(pool_config)
+
+        print(configs)
--- a/uncloud_net/migrations/0001_initial.py
+++ b/uncloud_net/migrations/0001_initial.py
@ -0,0 +1,68 @@
+# Generated by Django 3.0.5 on 2020-04-06 21:38
+
+from django.conf import settings
+import django.contrib.postgres.fields.jsonb
+import django.core.validators
+from django.db import migrations, models
+import django.db.models.deletion
+import uuid
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('uncloud_pay', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='MACAdress',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='VPNPool',
+            fields=[
+                ('extra_data', django.contrib.postgres.fields.jsonb.JSONField(blank=True, editable=False, null=True)),
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('network', models.GenericIPAddressField(unique=True)),
+                ('network_size', models.IntegerField(validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(128)])),
+                ('subnetwork_size', models.IntegerField(validators=[django.core.validators.MinValueValidator(0), django.core.validators.MaxValueValidator(128)])),
+                ('vpn_hostname', models.CharField(max_length=256)),
+                ('wireguard_private_key', models.CharField(max_length=48)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='VPNNetworkReservation',
+            fields=[
+                ('extra_data', django.contrib.postgres.fields.jsonb.JSONField(blank=True, editable=False, null=True)),
+                ('address', models.GenericIPAddressField(primary_key=True, serialize=False)),
+                ('vpnpool', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='uncloud_net.VPNPool')),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+        migrations.CreateModel(
+            name='VPNNetwork',
+            fields=[
+                ('extra_data', django.contrib.postgres.fields.jsonb.JSONField(blank=True, editable=False, null=True)),
+                ('uuid', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)),
+                ('status', models.CharField(choices=[('PENDING', 'Pending'), ('AWAITING_PAYMENT', 'Awaiting payment'), ('BEING_CREATED', 'Being created'), ('SCHEDULED', 'Scheduled'), ('ACTIVE', 'Active'), ('MODIFYING', 'Modifying'), ('DELETED', 'Deleted'), ('DISABLED', 'Disabled'), ('UNUSABLE', 'Unusable')], default='PENDING', max_length=32)),
+                ('wireguard_public_key', models.CharField(max_length=48)),
+                ('network', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='uncloud_net.VPNNetworkReservation')),
+                ('order', models.ForeignKey(editable=False, null=True, on_delete=django.db.models.deletion.CASCADE, to='uncloud_pay.Order')),
+                ('owner', models.ForeignKey(editable=False, on_delete=django.db.models.deletion.CASCADE, to=settings.AUTH_USER_MODEL)),
+            ],
+            options={
+                'abstract': False,
+            },
+        ),
+    ]
--- a/uncloud_net/migrations/0002_auto_20200409_1225.py
+++ b/uncloud_net/migrations/0002_auto_20200409_1225.py
@ -0,0 +1,24 @@
+# Generated by Django 3.0.5 on 2020-04-09 12:25
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('uncloud_net', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='vpnnetworkreservation',
+            name='status',
+            field=models.CharField(choices=[('used', 'used'), ('free', 'free')], default='used', max_length=256),
+        ),
+        migrations.AlterField(
+            model_name='vpnnetwork',
+            name='network',
+            field=models.ForeignKey(editable=False, on_delete=django.db.models.deletion.CASCADE, to='uncloud_net.VPNNetworkReservation'),
+        ),
+    ]
--- a/uncloud_net/migrations/0003_auto_20200417_0551.py
+++ b/uncloud_net/migrations/0003_auto_20200417_0551.py
@ -0,0 +1,18 @@
+# Generated by Django 3.0.5 on 2020-04-17 05:51
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('uncloud_net', '0002_auto_20200409_1225'),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name='vpnnetwork',
+            name='status',
+            field=models.CharField(choices=[('PENDING', 'Pending'), ('AWAITING_PAYMENT', 'Awaiting payment'), ('BEING_CREATED', 'Being created'), ('SCHEDULED', 'Scheduled'), ('ACTIVE', 'Active'), ('MODIFYING', 'Modifying'), ('DELETED', 'Deleted'), ('DISABLED', 'Disabled'), ('UNUSABLE', 'Unusable')], default='AWAITING_PAYMENT', max_length=32),
+        ),
+    ]
--- a/uncloud_net/migrations/init.py
+++ b/uncloud_net/migrations/init.py
--- a/uncloud_net/models.py
+++ b/uncloud_net/models.py
@ -0,0 +1,180 @@
+import uuid
+import ipaddress
+
+from django.db import models
+from django.contrib.auth import get_user_model
+from django.core.validators import MinValueValidator, MaxValueValidator
+
+
+from uncloud_pay.models import Product, RecurringPeriod
+from uncloud.models import UncloudModel, UncloudStatus
+
+
+class MACAdress(models.Model):
+    default_prefix = 0x420000000000
+
+class VPNPool(UncloudModel):
+    """
+    Network address pools from which VPNs can be created
+    """
+
+    uuid = models.UUIDField(primary_key=True, default=uuid.uuid4, editable=False)
+
+    network = models.GenericIPAddressField(unique=True)
+    network_size = models.IntegerField(validators=[MinValueValidator(0),
+                                                   MaxValueValidator(128)])
+
+    subnetwork_size = models.IntegerField(validators=[
+                                              MinValueValidator(0),
+                                              MaxValueValidator(128)
+                                          ])
+
+    vpn_hostname = models.CharField(max_length=256)
+
+    wireguard_private_key = models.CharField(max_length=48)
+
+    @property
+    def num_maximum_networks(self):
+        """
+        sample:
+        network_size = 40
+        subnetwork_size = 48
+        maximum_networks = 2^(48-40)
+
+        2nd sample:
+        network_size = 8
+        subnetwork_size = 24
+        maximum_networks = 2^(24-8)
+        """
+
+        return 2**(self.subnetwork_size - self.network_size)
+
+    @property
+    def used_networks(self):
+        return self.vpnnetworkreservation_set.filter(vpnpool=self, status='used')
+
+    @property
+    def free_networks(self):
+        return self.vpnnetworkreservation_set.filter(vpnpool=self, status='free')
+
+    @property
+    def num_used_networks(self):
+        return len(self.used_networks)
+
+    @property
+    def num_free_networks(self):
+        return self.num_maximum_networks - self.num_used_networks + len(self.free_networks)
+
+    @property
+    def next_free_network(self):
+        if self.num_free_networks == 0:
+            # FIXME: use right exception
+            raise Exception("No free networks")
+
+        if len(self.free_networks) > 0:
+            return self.free_networks[0].address
+
+        if len(self.used_networks) > 0:
+            """
+            sample:
+
+            pool = 2a0a:e5c1:200::/40
+            last_used = 2a0a:e5c1:204::/48
+
+            next:
+            """
+
+            last_net = ipaddress.ip_network(self.used_networks.last().address)
+            last_net_ip = last_net[0]
+
+            if last_net_ip.version == 6:
+                offset_to_next = 2**(128 - self.subnetwork_size)
+            elif last_net_ip.version == 4:
+                offset_to_next = 2**(32 - self.subnetwork_size)
+
+            next_net_ip = last_net_ip + offset_to_next
+
+            return str(next_net_ip)
+        else:
+            # first network to be created
+            return self.network
+
+    @property
+    def wireguard_config_filename(self):
+        return '/etc/wireguard/{}.conf'.format(self.network)
+
+    @property
+    def wireguard_config(self):
+        wireguard_config = [
+            """
+[Interface]
+ListenPort = 51820
+PrivateKey = {privatekey}
+""".format(privatekey=self.wireguard_private_key) ]
+
+        peers = []
+
+        for reservation in self.vpnnetworkreservation_set.filter(status='used'):
+            public_key = reservation.vpnnetwork_set.first().wireguard_public_key
+            peer_network = "{}/{}".format(reservation.address, self.subnetwork_size)
+            owner = reservation.vpnnetwork_set.first().owner
+
+            peers.append("""
+# Owner: {owner}
+[Peer]
+PublicKey = {public_key}
+AllowedIPs = {peer_network}
+""".format(
+    owner=owner,
+    public_key=public_key,
+    peer_network=peer_network))
+
+        wireguard_config.extend(peers)
+
+        return "\n".join(wireguard_config)
+
+
+    def configure_wireguard_vpnserver(self):
+        """
+        This method is designed to run as a celery task and should
+        not be called directly from the web
+        """
+
+        # subprocess, ssh
+
+        pass
+
+
+class VPNNetworkReservation(UncloudModel):
+    """
+     This class tracks the used VPN networks. It will be deleted, when the product is cancelled.
+     """
+    vpnpool = models.ForeignKey(VPNPool,
+                                 on_delete=models.CASCADE)
+
+    address = models.GenericIPAddressField(primary_key=True)
+
+    status = models.CharField(max_length=256,
+                              default='used',
+                              choices = (
+                                  ('used', 'used'),
+                                  ('free', 'free')
+                              )
+    )
+
+
+class VPNNetwork(Product):
+    """
+    A selected network. Used for tracking reservations / used networks
+    """
+    network = models.ForeignKey(VPNNetworkReservation,
+                               on_delete=models.CASCADE,
+                               editable=False)
+
+    wireguard_public_key = models.CharField(max_length=48)
+
+    def delete(self, *args, **kwargs):
+        self.network.status = 'free'
+        self.network.save()
+        super().save(*args, **kwargs)
+        print("deleted {}".format(self))
--- a/uncloud_net/serializers.py
+++ b/uncloud_net/serializers.py
@ -0,0 +1,100 @@
+import base64
+
+from django.contrib.auth import get_user_model
+from django.utils.translation import gettext_lazy as _
+from rest_framework import serializers
+
+from .models import *
+
+class VPNPoolSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = VPNPool
+        fields = '__all__'
+
+class VPNNetworkReservationSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = VPNNetworkReservation
+        fields = '__all__'
+
+
+class VPNNetworkSerializer(serializers.ModelSerializer):
+    class Meta:
+        model = VPNNetwork
+        fields = '__all__'
+
+    # This is required for finding the VPN pool, but does not
+    # exist in the model
+    network_size = serializers.IntegerField(min_value=0,
+                                            max_value=128,
+                                            write_only=True)
+
+    def validate_wireguard_public_key(self, value):
+        msg = _("Supplied key is not a valid wireguard public key")
+
+        """ FIXME: verify that this does not create broken wireguard config files,
+        i.e. contains \n or similar!
+        We might even need to be more strict to not break wireguard...
+        """
+
+        try:
+            base64.standard_b64decode(value)
+        except Exception as e:
+            raise serializers.ValidationError(msg)
+
+        if '\n' in value:
+            raise serializers.ValidationError(msg)
+
+        return value
+
+    def validate(self, data):
+
+        # FIXME: filter for status = active or similar
+        all_pools = VPNPool.objects.all()
+        sizes = [ p.subnetwork_size for p in all_pools ]
+
+        pools = VPNPool.objects.filter(subnetwork_size=data['network_size'])
+
+        if len(pools) == 0:
+            msg = _("No pool available for networks with size = {}. Available are: {}".format(data['network_size'], sizes))
+            raise serializers.ValidationError(msg)
+
+        return data
+
+    def create(self, validated_data):
+        """
+        Creating a new vpnnetwork - there are a couple of race conditions,
+        especially when run in parallel.
+
+        What we should be doing:
+
+        - create a reservation race free
+        - map the reservation to a network (?)
+        """
+
+        pools = VPNPool.objects.filter(subnetwork_size=validated_data['network_size'])
+
+        vpn_network = None
+
+        for pool in pools:
+            if pool.num_free_networks > 0:
+                next_address = pool.next_free_network
+
+                reservation, created = VPNNetworkReservation.objects.update_or_create(
+                    vpnpool=pool, address=next_address,
+                    defaults = {
+                        'status': 'used'
+                    })
+
+                vpn_network = VPNNetwork.objects.create(
+                    owner=self.context['request'].user,
+                    network=reservation,
+                    wireguard_public_key=validated_data['wireguard_public_key']
+                )
+
+                break
+        if not vpn_network:
+            # FIXME: use correct exception
+            raise Exception("Did not find any free pool")
+
+
+        return vpn_network
--- a/uncloud_net/tests.py
+++ b/uncloud_net/tests.py
@ -0,0 +1,3 @@
+from django.test import TestCase
+
+# Create your tests here.
--- a/uncloud_net/views.py
+++ b/uncloud_net/views.py
@ -0,0 +1,32 @@
+
+from django.shortcuts import render
+
+from rest_framework import viewsets, permissions
+
+
+from .models      import *
+from .serializers import *
+
+
+class VPNPoolViewSet(viewsets.ModelViewSet):
+    serializer_class = VPNPoolSerializer
+    permission_classes = [permissions.IsAdminUser]
+    queryset = VPNPool.objects.all()
+
+class VPNNetworkReservationViewSet(viewsets.ModelViewSet):
+    serializer_class = VPNNetworkReservationSerializer
+    permission_classes = [permissions.IsAdminUser]
+    queryset = VPNNetworkReservation.objects.all()
+
+
+class VPNNetworkViewSet(viewsets.ModelViewSet):
+    serializer_class = VPNNetworkSerializer
+    permission_classes = [permissions.IsAdminUser]
+
+    def get_queryset(self):
+        if self.request.user.is_superuser:
+            obj = VPNNetwork.objects.all()
+        else:
+            obj = VPNNetwork.objects.filter(owner=self.request.user)
+
+        return obj