+++ /dev/null
-*nat
-:PREROUTING ACCEPT [5:300]
-:POSTROUTING ACCEPT [8:674]
-:OUTPUT ACCEPT [8:674]
--A PREROUTING -s ! 18.181.0.60 -i eth0 -p tcp -m tcp --dport 10003 -j DNAT --to-destination 18.181.0.60:10003
--A POSTROUTING -d 18.181.0.60 -o eth0 -p tcp -m tcp --dport 10003 -j SNAT --to-source 18.181.0.62
--A PREROUTING -s ! 18.181.0.165 -i eth0 -p tcp -m tcp --dport 10004 -j DNAT --to-destination 18.181.0.165:10003
--A POSTROUTING -d 18.181.0.165 -o eth0 -p tcp -m tcp --dport 10003 -j SNAT --to-source 18.181.0.62
-COMMIT
-
-*filter
-:INPUT ACCEPT [366:44912]
-:FORWARD ACCEPT [0:0]
-:OUTPUT ACCEPT [292:53151]
--A FORWARD -d 18.181.0.60 -i eth0 -o eth0 -p tcp -m tcp --dport 10003 -j ACCEPT
--A FORWARD -d 18.181.0.165 -i eth0 -o eth0 -p tcp -m tcp --dport 10003 -j ACCEPT
-COMMIT
+++ /dev/null
-# will differ dev/prod
-files/etc/apache2/sites-available/ssl: web hostname
-files/etc/apache2/sites-available/svn: web hostname
-code/Makefile: base URI
-
-# may differ dev/prod?
-files/etc/apache2/sites-available/default: assumes trac
-files/etc/init.d/apache2.invirt: afs cell (for svn?)
-code/templates/error.tmpl: xvm@mit.edu
-code/templates/help.tmpl: assumes trac
-code/templates/list.tmpl: SIPB Virtual Servers
-code/templates/skeleton.tmpl: SIPB Virtual Servers (twice)
-code/templates/skeleton.tmpl: xvm@mit.edu
-code/templates/unauth.tmpl: tons of text
-code/templates/unauth.tmpl: https://xvm.mit.edu
-code/static/about.html: tons of text
-code/static/about.html: SIPB Virtual Servers
-
-# will take real code to generalize
-code/getafsgroups.py: lockers, /mit
-code/getafsgroups.py: use of pts for authz
-code/main.py: lockers, pts, in help text
-sipb-xen-www (3.14.3) unstable; urgency=low
+sipb-xen-iptables (2) unstable; urgency=low
- * Actually stop Apache on shutdown
+ * invirt-configurize sipb-xen-iptables
- -- Evan Broder <broder@mit.edu> Sun, 05 Oct 2008 00:24:40 -0400
+ -- Evan Broder <broder@mit.edu> Sun, 05 Oct 2008 01:22:25 -0400
-sipb-xen-www (3.14.2) unstable; urgency=low
-
- * Be a good debian package and undo what you did on uninstall
-
- -- Evan Broder <broder@mit.edu> Sun, 05 Oct 2008 00:06:30 -0400
-
-sipb-xen-www (3.14.1) unstable; urgency=low
-
- * Try again, now that I actually understand what the problem is
-
- -- Evan Broder <broder@mit.edu> Sat, 04 Oct 2008 23:58:46 -0400
-
-sipb-xen-www (3.14) unstable; urgency=low
-
- * Try to fix startup ordering problem by specifying that the new startup
- script depends on $remote_fs
-
- -- Evan Broder <broder@mit.edu> Sat, 04 Oct 2008 23:32:14 -0400
-
-sipb-xen-www (3.13.1) unstable; urgency=low
-
- * Don't add another Listen 443 directive - apache gets angry
- * And this, kids, is why you should always test your code before
- committing
-
- -- Evan broder <broder@mit.edu> Fri, 03 Oct 2008 22:01:22 -0400
-
-sipb-xen-www (3.13) unstable; urgency=low
-
- * Make sure we're listening on all the necessary ports
-
- -- Evan Broder <broder@mit.edu> Fri, 03 Oct 2008 21:40:47 -0400
-
-sipb-xen-www (3.12) unstable; urgency=low
-
- * invirt-confiscate the SVN checkout
-
- -- Evan Broder <broder@mit.edu> Fri, 03 Oct 2008 21:01:33 -0400
-
-sipb-xen-www (3.11) unstable; urgency=low
-
- * fix distribution
-
- -- Greg Price <price@mit.edu> Tue, 30 Sep 2008 23:48:37 -0400
-
-sipb-xen-www (3.10) hardy; urgency=low
-
- * depend on debathena-afs-config and python-flup
-
- -- Greg Price <price@mit.edu> Mon, 29 Sep 2008 05:58:01 +0000
-
-sipb-xen-www (3.9) unstable; urgency=low
-
- * further integration of invirt.config
-
- -- Yang Zhang <y_z@mit.edu> Fri, 8 Aug 2008 02:39:15 -0400
-
-sipb-xen-www (3.8) unstable; urgency=low
-
- * sipb_xen_database -> invirt.database in cache_acls.py
-
- -- Yang Zhang <y_z@mit.edu> Sun, 3 Aug 2008 19:45:19 -0400
-
-sipb-xen-www (3.7) unstable; urgency=low
-
- uncommitted changes in /etc/apache2 on xvm.mit.edu:
- * rewrite static/ uris for admin mode
- * allow ~ uris
-
- * take instance from keytab in k5start apache2.init wrapper
-
- -- Greg Price <price@mit.edu> Mon, 4 Aug 2008 01:22:47 -0400
-
-sipb-xen-www (3.6) unstable; urgency=low
-
- * Add Anders' kstart-using apache2 init script.
- * Add some dependencies the svn site needs.
- * Use daemon/xvm-2.mit.edu for svn site, as it's on xvm-2 now
-
- -- Greg Price <price@mit.edu> Fri, 1 Aug 2008 20:23:50 -0400
-
-sipb-xen-www (3.5) unstable; urgency=low
-
- * Use FCGI.
- * Lengthen timeouts to let the autoinstaller work.
-
- -- Greg Price <price@mit.edu> Sun, 15 Jun 2008 21:51:59 -0400
-
-sipb-xen-www (3.4) unstable; urgency=low
-
- * xvm.mit.edu rather than sipb-xen-dev.mit.edu
-
- -- Greg Price <price@mit.edu> Sun, 11 May 2008 00:49:58 -0400
-
-sipb-xen-www (3.3) unstable; urgency=low
-
- * Fix the SVN server to point to the new AFS mountpoint
-
- -- Evan Broder <broder@mit.edu> Fri, 9 May 2008 02:37:21 -0400
-
-sipb-xen-www (3.2) unstable; urgency=low
-
- * Check in (part of?) the Apache config.
- * Modify it to allow an informative front page without certs.
- * Add that front page.
-
- -- Greg Price <price@mit.edu> Fri, 9 May 2008 02:11:04 -0400
-
-sipb-xen-www (3.1) unstable; urgency=low
-
- * Fixed the crontab definition
-
- -- SIPB Xen Project <sipb-xen@mit.edu> Mon, 31 Mar 2008 05:49:32 -0400
-
-sipb-xen-www (3) unstable; urgency=low
-
- * Refresh the ACL cache every 5 minutes
-
- -- SIPB Xen Project <sipb-xen@mit.edu> Mon, 31 Mar 2008 05:38:16 -0400
-
-sipb-xen-www (2) unstable; urgency=low
-
- * Create sipb-xen group in preinst script.
-
- -- Eric Price <ecprice@sipb-xen-dev.mit.edu> Sat, 29 Mar 2008 18:45:02 -0400
-
-sipb-xen-www (1) unstable; urgency=low
+sipb-xen-iptables (1) unstable; urgency=low
* Initial Release.
- -- SIPB Xen Project <sipb-xen@mit.edu> Fri, 28 Mar 2008 22:43:12 -0500
+ -- SIPB Xen Project <sipb-xen@mit.edu> Fri, 28 Mar 2008 21:22:12 -0500
#!/usr/bin/make -f
-DEB_DIVERT_EXTENSION = .invirt
-DEB_DIVERT_FILES_sipb-xen-www += \
- /etc/init.d/apache2
-
include /usr/share/cdbs/1/rules/debhelper.mk
-include /usr/share/cdbs/1/rules/config-package.mk
-
-DEB_UPDATE_RCD_PARAMS_sipb-xen-www += defaults 91 9
-
-binary-fixup/sipb-xen-www::
- svn co $$(invirt-getconf svn.uri)/trunk/packages/sipb-xen-www/code/ $(DEB_DESTDIR)/var/www/sipb-xen-www
--- /dev/null
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: sipb-xen-iptables
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: sipb-xen iptables rules
+# Description:
+### END INIT INFO
+
+# Author: SIPB Xen Project <sipb-xen@mit.edu>
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Load the sipb-xen iptables rules"
+NAME=sipb-xen-iptables
+RULES=/usr/share/sipb-xen-iptables/iptables.rules
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ for i in /usr/share/sipb-xen-iptables/iptables.rules
+ do mako-render $i.mako > $i
+ done
+
+ /sbin/iptables-restore < $RULES
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ #reload|force-reload)
+ #
+ # If do_reload() is not implemented then leave this commented out
+ # and leave 'force-reload' as an alias for 'restart'.
+ #
+ #log_daemon_msg "Reloading $DESC" "$NAME"
+ #do_reload
+ #log_end_msg $?
+ #;;
+ restart|force-reload)
+ #
+ # If the "reload" option is implemented then remove the
+ # 'force-reload' alias
+ #
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+ echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+ exit 3
+ ;;
+esac
+
+:
--- /dev/null
+<%
+
+from invirt.config import structs as cfg
+h_port = cfg.vnc.base_port
+port = cfg.vnc.base_port
+
+%>\
+*nat
+:PREROUTING ACCEPT [5:300]
+:POSTROUTING ACCEPT [8:674]
+:OUTPUT ACCEPT [8:674]
+% for h in cfg.hosts:
+-A PREROUTING -s ! ${h.ip} -i eth0 -p tcp -m tcp --dport ${port} -j DNAT --to-destination ${h.ip}:${h_port}
+-A POSTROUTING -d ${h.ip} -o eth0 -p tcp -m tcp --dport ${h_port} -j SNAT --to-source ${cfg.vnc.proxy_ip}
+<% port += 1 %>
+% endfor
+COMMIT
+
+*filter
+:INPUT ACCEPT [366:44912]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [292:53151]
+% for h in cfg.hosts:
+-A FORWARD -d ${h.ip} -i eth0 -o eth0 -p tcp -m tcp --dport ${h_port} -j ACCEPT
+% endfor
+COMMIT
projects / invirt/packages/invirt-web.git / commitdiff
