[vpn] update to show reservations, create wireguard config
This commit is contained in:
parent
85b4d70592
commit
ff133e81b7
7 changed files with 75 additions and 19 deletions
|
@ -1,9 +0,0 @@
|
||||||
## Introduction
|
|
||||||
|
|
||||||
This document describes how to create a product and use it.
|
|
||||||
|
|
||||||
A product (like a VMSnapshotproduct) creates an order when ordered.
|
|
||||||
The "order" is used to combine products together.
|
|
||||||
|
|
||||||
Sub-products or related products link to the same order.
|
|
||||||
Each product has one (?) orderrecord
|
|
34
uncloud_django_based/uncloud/doc/README-products.md
Normal file
34
uncloud_django_based/uncloud/doc/README-products.md
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
## Introduction
|
||||||
|
|
||||||
|
This document describes how to create, modify or
|
||||||
|
delete a product and use it.
|
||||||
|
|
||||||
|
A product (like a VMSnapshotproduct) creates an order when ordered.
|
||||||
|
The "order" is used to combine products together.
|
||||||
|
|
||||||
|
Sub-products or related products link to the same order.
|
||||||
|
Each product has one (?) orderrecord
|
||||||
|
|
||||||
|
|
||||||
|
## How to delete a product (logic 1)
|
||||||
|
|
||||||
|
If a user want so delete (=cancel) a product, the following steps
|
||||||
|
should be taken:
|
||||||
|
|
||||||
|
* the associated order is set to cancelled
|
||||||
|
* the product itself is deleted
|
||||||
|
|
||||||
|
[above steps to be reviewed]
|
||||||
|
|
||||||
|
## How to delete a product (rest api)
|
||||||
|
|
||||||
|
http -a nicoschottelius:$(pass
|
||||||
|
ungleich.ch/nico.schottelius@ungleich.ch)
|
||||||
|
http://localhost:8000/net/vpn/43c83088-f4d6-49b9-86c7-40251ac07ada/
|
||||||
|
|
||||||
|
-> does not delete the reservation.
|
||||||
|
|
||||||
|
|
||||||
|
### Deleting a VPN
|
||||||
|
|
||||||
|
When the product is deleted, the network must be marked as free.
|
|
@ -14,3 +14,7 @@ django-extensions
|
||||||
|
|
||||||
# PDF creating
|
# PDF creating
|
||||||
django-hardcopy
|
django-hardcopy
|
||||||
|
|
||||||
|
# schema support
|
||||||
|
pyyaml
|
||||||
|
uritemplate
|
||||||
|
|
|
@ -19,8 +19,8 @@ from django.urls import path, include
|
||||||
from django.conf import settings
|
from django.conf import settings
|
||||||
from django.conf.urls.static import static
|
from django.conf.urls.static import static
|
||||||
|
|
||||||
|
|
||||||
from rest_framework import routers
|
from rest_framework import routers
|
||||||
|
from rest_framework.schemas import get_schema_view
|
||||||
|
|
||||||
from opennebula import views as oneviews
|
from opennebula import views as oneviews
|
||||||
from uncloud_auth import views as authviews
|
from uncloud_auth import views as authviews
|
||||||
|
@ -47,6 +47,7 @@ router.register(r'service/matrix', serviceviews.MatrixServiceProductViewSet, bas
|
||||||
|
|
||||||
# Net
|
# Net
|
||||||
router.register(r'net/vpn', netviews.VPNNetworkViewSet, basename='vpnnet')
|
router.register(r'net/vpn', netviews.VPNNetworkViewSet, basename='vpnnet')
|
||||||
|
router.register(r'net/vpnreservation', netviews.VPNNetworkReservationViewSet, basename='vpnnetreservation')
|
||||||
|
|
||||||
|
|
||||||
# Pay
|
# Pay
|
||||||
|
@ -75,5 +76,10 @@ urlpatterns = [
|
||||||
# web/ = stuff to view in the browser
|
# web/ = stuff to view in the browser
|
||||||
|
|
||||||
path('web/pdf/', payviews.MyPDFView.as_view(), name='pdf'),
|
path('web/pdf/', payviews.MyPDFView.as_view(), name='pdf'),
|
||||||
path('api-auth/', include('rest_framework.urls', namespace='rest_framework')) # for login to REST API
|
path('api-auth/', include('rest_framework.urls', namespace='rest_framework')), # for login to REST API
|
||||||
|
path('openapi', get_schema_view(
|
||||||
|
title="uncloud",
|
||||||
|
description="uncloud API",
|
||||||
|
version="1.0.0"
|
||||||
|
), name='openapi-schema'),
|
||||||
]
|
]
|
||||||
|
|
|
@ -114,15 +114,20 @@ PrivateKey = {privatekey}
|
||||||
|
|
||||||
peers = []
|
peers = []
|
||||||
|
|
||||||
for vpnnetwork in self.vpnnetworkreservation_set:
|
for reservation in self.vpnnetworkreservation_set.filter(status='used'):
|
||||||
public_key = vpnnetwork.wireguard_public_key
|
public_key = reservation.vpnnetwork_set.first().wireguard_public_key
|
||||||
peer_network = "{}/{}".format(vpnnetwork.address, self.subnetwork_size)
|
peer_network = "{}/{}".format(reservation.address, self.subnetwork_size)
|
||||||
|
owner = reservation.vpnnetwork_set.first().owner
|
||||||
|
|
||||||
peers.append("""
|
peers.append("""
|
||||||
|
# Owner: {owner}
|
||||||
[Peer]
|
[Peer]
|
||||||
PublicKey = {public_key}
|
PublicKey = {public_key}
|
||||||
AllowedIPs = {peer_network}
|
AllowedIPs = {peer_network}
|
||||||
""")
|
""".format(
|
||||||
|
owner=owner,
|
||||||
|
public_key=public_key,
|
||||||
|
peer_network=peer_network))
|
||||||
|
|
||||||
wireguard_config.extend(peers)
|
wireguard_config.extend(peers)
|
||||||
|
|
||||||
|
@ -140,9 +145,6 @@ AllowedIPs = {peer_network}
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class VPNNetworkReservation(UncloudModel):
|
class VPNNetworkReservation(UncloudModel):
|
||||||
"""
|
"""
|
||||||
This class tracks the used VPN networks. It will be deleted, when the product is cancelled.
|
This class tracks the used VPN networks. It will be deleted, when the product is cancelled.
|
||||||
|
@ -170,3 +172,12 @@ class VPNNetwork(Product):
|
||||||
editable=False)
|
editable=False)
|
||||||
|
|
||||||
wireguard_public_key = models.CharField(max_length=48)
|
wireguard_public_key = models.CharField(max_length=48)
|
||||||
|
|
||||||
|
def delete(self, *args, **kwargs):
|
||||||
|
self.network.status = 'free'
|
||||||
|
self.network.save()
|
||||||
|
super().save(*args, **kwargs)
|
||||||
|
print("deleted {}".format(self))
|
||||||
|
|
||||||
|
# managing deletion
|
||||||
|
# - record free network (?)
|
||||||
|
|
|
@ -11,6 +11,12 @@ class VPNPoolSerializer(serializers.ModelSerializer):
|
||||||
model = VPNPool
|
model = VPNPool
|
||||||
fields = '__all__'
|
fields = '__all__'
|
||||||
|
|
||||||
|
class VPNNetworkReservationSerializer(serializers.ModelSerializer):
|
||||||
|
class Meta:
|
||||||
|
model = VPNNetworkReservation
|
||||||
|
fields = '__all__'
|
||||||
|
|
||||||
|
|
||||||
class VPNNetworkSerializer(serializers.ModelSerializer):
|
class VPNNetworkSerializer(serializers.ModelSerializer):
|
||||||
class Meta:
|
class Meta:
|
||||||
model = VPNNetwork
|
model = VPNNetwork
|
||||||
|
@ -29,7 +35,6 @@ class VPNNetworkSerializer(serializers.ModelSerializer):
|
||||||
i.e. contains \n or similar!
|
i.e. contains \n or similar!
|
||||||
We might even need to be more strict to not break wireguard...
|
We might even need to be more strict to not break wireguard...
|
||||||
"""
|
"""
|
||||||
print(value)
|
|
||||||
|
|
||||||
try:
|
try:
|
||||||
base64.standard_b64decode(value)
|
base64.standard_b64decode(value)
|
||||||
|
|
|
@ -13,6 +13,11 @@ class VPNPoolViewSet(viewsets.ModelViewSet):
|
||||||
permission_classes = [permissions.IsAdminUser]
|
permission_classes = [permissions.IsAdminUser]
|
||||||
queryset = VPNPool.objects.all()
|
queryset = VPNPool.objects.all()
|
||||||
|
|
||||||
|
class VPNNetworkReservationViewSet(viewsets.ModelViewSet):
|
||||||
|
serializer_class = VPNNetworkReservationSerializer
|
||||||
|
permission_classes = [permissions.IsAdminUser]
|
||||||
|
queryset = VPNNetworkReservation.objects.all()
|
||||||
|
|
||||||
|
|
||||||
class VPNNetworkViewSet(viewsets.ModelViewSet):
|
class VPNNetworkViewSet(viewsets.ModelViewSet):
|
||||||
serializer_class = VPNNetworkSerializer
|
serializer_class = VPNNetworkSerializer
|
||||||
|
|
Loading…
Reference in a new issue