def update_firewallrules(self, firewall_sig, firewallrules=None):
"""Update the firewallrules for this region
:param: firewall_sig
:param: firewallrules
:return: ifirewallrules
"""
if not firewallrules:
# firewallrules not provided, obtain from SystemController
firewall_rules_file = os.path.join(
tsc.CONFIG_PATH, sysinv_constants.FIREWALL_RULES_FILE)
with open(firewall_rules_file, 'r') as content_file:
firewallrules = content_file.read()
LOG.info("update_firewallrules from shared file={}".format(
firewallrules))
if not self._validate_firewallrules(firewall_sig, firewallrules):
raise exceptions.SyncRequestFailedRetry()
try:
ifirewallrules = self.client.firewallrules.import_firewall_rules(
firewallrules)
LOG.info("region={} firewallrules uuid={} firewall_sig={}".format(
self.region_name, ifirewallrules.get('uuid'), firewall_sig))
except Exception as e:
LOG.error("update_firewallrules exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return ifirewallrules
def update_user(self, passwd_hash, root_sig, passwd_expiry_days):
"""Update the user passwd for this region
:param: passwd_hash
:return: iuser
"""
try:
iuser = self.get_user()
if not iuser:
LOG.warn("iuser not found %s" % self.region_name)
return iuser
if (iuser.passwd_hash != passwd_hash
or iuser.passwd_expiry_days != passwd_expiry_days):
patch = make_sysinv_patch({
'passwd_hash': passwd_hash,
'passwd_expiry_days': passwd_expiry_days,
'root_sig': root_sig,
'action': 'apply',
})
LOG.info("region={} user update uuid={} patch={}".format(
self.region_name, iuser.uuid, patch))
iuser = self.client.iuser.update(iuser.uuid, patch)
else:
LOG.info("update_user no changes, skip user region={} "
"update uuid={} passwd_hash={}".format(
self.region_name, iuser.uuid, passwd_hash))
except Exception as e:
LOG.error("update_user exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return iuser
def update_remotelogging(self, values):
"""Update the remotelogging values for this region
:param: values dictionary or payload
:return: remotelogging
"""
try:
remotelogging = self.get_remotelogging()
if not remotelogging:
LOG.warn("remotelogging not found %s" % self.region_name)
return remotelogging
if isinstance(values, dict):
patch = self.create_remote_logging_patch_from_dict(values)
else:
patch = values
if (not self.ip_address_in_patch(patch)
and not remotelogging.ip_address):
# This region does not have an ip_address set yet
LOG.info("region={} remotelogging ip_address not set "
"uuid={} patch={}. Skip patch operation.".format(
self.region_name, remotelogging.uuid, patch))
return remotelogging
LOG.info("region={} remotelogging update uuid={} patch={}".format(
self.region_name, remotelogging.uuid, patch))
remotelogging = self.client.remotelogging.update(
remotelogging.uuid, patch)
except Exception as e:
LOG.error("update_remotelogging exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return remotelogging
def update_ntp(self, ntpservers):
"""Update the ntpservers for this region
:param: ntpservers csv string
:return: Nothing
"""
try:
intp = self.get_ntp()
if not intp:
LOG.warn("intp not found %s" % self.region_name)
return intp
# if intp.ntpservers != ntpservers:
if not self._same_ntp(intp.ntpservers, ntpservers):
if ntpservers == "":
ntpservers = "NC"
patch = make_sysinv_patch({
'ntpservers': ntpservers,
'action': 'apply'
})
LOG.info("region={} ntp update uuid={} patch={}".format(
self.region_name, intp.uuid, patch))
intp = self.client.intp.update(intp.uuid, patch)
else:
LOG.info("update_ntp no changes, skip ntp region={} "
"update uuid={} ntpservers={}".format(
self.region_name, intp.uuid, ntpservers))
except Exception as e:
LOG.error("update_ntp exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return intp
def update_dns(self, nameservers):
"""Update the dns nameservers for this region
:param: nameservers csv string
:return: Nothing
"""
try:
idns = self.get_dns()
if not idns:
LOG.warn("idns not found %s" % self.region_name)
return idns
if idns.nameservers != nameservers:
if nameservers == "":
nameservers = "NC"
patch = make_sysinv_patch({
'nameservers': nameservers,
'action': 'apply'
})
LOG.info("region={} dns update uuid={} patch={}".format(
self.region_name, idns.uuid, patch))
idns = self.client.idns.update(idns.uuid, patch)
else:
LOG.info("update_dns no changes, skip dns region={} "
"update uuid={} nameservers={}".format(
self.region_name, idns.uuid, nameservers))
except Exception as e:
LOG.error("update_dns exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return idns
def update_ptp(self, enabled):
"""Update the ptp configuration for this region
:param: enabled
:return: Nothing
"""
try:
ptp = self.get_ptp()
if not ptp:
LOG.warn("ptp not found %s" % self.region_name)
return ptp
if ptp.enabled != (enabled == "True"):
patch = make_sysinv_patch({'enabled': enabled})
LOG.info("region={} ptp update uuid={} patch={}".format(
self.region_name, ptp.uuid, patch))
ptp = self.client.ptp.update(ptp.uuid, patch)
else:
LOG.info("update_ptp no changes, skip ptp region={} "
"update uuid={} enabled={}".format(
self.region_name, ptp.uuid, enabled))
except Exception as e:
LOG.error("update_ptp exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return ptp
def get_certificates(self):
"""Get the certificates for this region
:return: certificates
"""
try:
certificates = self.client.certificate.list()
except Exception as e:
LOG.error("get_certificates region={} "
"exception={}".format(self.region_name, e))
raise exceptions.SyncRequestFailedRetry()
if not certificates:
LOG.info("No certificates in region: {}".format(self.region_name))
return certificates
def snmp_community_delete(self, community):
"""Delete the community for this region
:param: community
"""
try:
LOG.info("snmp_community_delete region {} community: {}".format(
self.region_name, community))
self.client.icommunity.delete(community)
except HTTPNotFound:
LOG.info("snmp_community_delete NotFound %s for region: {}".format(
community, self.region_name))
raise exceptions.CommunityNotFound(region_name=self.region_name,
community=community)
except Exception as e:
LOG.error("snmp_community_delete exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
def snmp_trapdest_delete(self, trapdest_ip_address):
"""Delete the trapdest for this region
:param: trapdest_ip_address
"""
try:
LOG.info("snmp_trapdest_delete region {} ip_address: {}".format(
self.region_name, trapdest_ip_address))
self.client.itrapdest.delete(trapdest_ip_address)
except HTTPNotFound:
LOG.info("snmp_trapdest_delete NotFound %s for region: {}".format(
trapdest_ip_address, self.region_name))
raise exceptions.TrapDestNotFound(region_name=self.region_name,
ip_address=trapdest_ip_address)
except Exception as e:
LOG.error("snmp_trapdest_delete exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
def get_remotelogging(self):
"""Get the remotelogging for this region
:return: remotelogging
"""
try:
remoteloggings = self.client.remotelogging.list()
remotelogging = remoteloggings[0]
except Exception as e:
LOG.error("get_remotelogging exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
if not remotelogging:
LOG.info("remotelogging is None for region: %s" % self.region_name)
else:
LOG.debug("get_remotelogging uuid=%s ip_address=%s" %
(remotelogging.uuid, remotelogging.ip_address))
return remotelogging
def get_firewallrules(self):
"""Get the firewallrules for this region
:return: firewallrules
"""
try:
firewallruless = self.client.firewallrules.list()
firewallrules = firewallruless[0]
except Exception as e:
LOG.error("get_firewallrules region={} "
"exception={}".format(self.region_name, e))
raise exceptions.SyncRequestFailedRetry()
if not firewallrules:
LOG.info("firewallrules is None for region: {}".format(
self.region_name))
else:
LOG.info("get_firewallrules uuid=%s firewall_sig=%s" %
(firewallrules.uuid, firewallrules.firewall_sig))
return firewallrules
def snmp_trapdest_create(self, trapdest_dict):
"""Add the trapdest for this region
:param: trapdest_payload dictionary
:return: itrapdest
"""
# Example trapdest_dict:
# {"ip_address": "10.10.10.12", "community": "cgcs"}
itrapdest = None
trapdest_create_dict = {}
for k, v in trapdest_dict.iteritems():
if k in SNMP_TRAPDEST_CREATION_ATTRIBUTES:
trapdest_create_dict[str(k)] = v
LOG.info("snmp_trapdest_create driver region={}"
"trapdest_create_dict={}".format(self.region_name,
trapdest_create_dict))
try:
itrapdest = self.client.itrapdest.create(**trapdest_create_dict)
except HTTPConflict:
LOG.info("snmp_trapdest_create exists region={}"
"trapdest_dict={}".format(self.region_name,
trapdest_dict))
# Retrieve the existing itrapdest
trapdests = self.snmp_trapdest_list()
for trapdest in trapdests:
if trapdest.ip_address == trapdest_dict.get('ip_address'):
LOG.info("snmp_trapdest_create found existing {}"
"for region: {}".format(trapdest,
self.region_name))
itrapdest = trapdest
break
except Exception as e:
LOG.error("snmp_trapdest_create exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return itrapdest
def snmp_community_create(self, community_dict):
"""Add the community for this region
:param: community_payload dictionary
:return: icommunity
"""
# Example community_dict: {"community": "cgcs"}
icommunity = None
community_create_dict = {}
for k, v in community_dict.iteritems():
if k in SNMP_COMMUNITY_CREATION_ATTRIBUTES:
community_create_dict[str(k)] = v
LOG.info("snmp_community_create driver region={}"
"community_create_dict={}".format(self.region_name,
community_create_dict))
try:
icommunity = self.client.icommunity.create(**community_create_dict)
except HTTPConflict:
LOG.info("snmp_community_create exists region={}"
"community_dict={}".format(self.region_name,
community_dict))
# Retrieve the existing icommunity
communitys = self.snmp_community_list()
for community in communitys:
if community.community == community_dict.get('community'):
LOG.info("snmp_community_create found existing {}"
"for region: {}".format(community,
self.region_name))
icommunity = community
break
except Exception as e:
LOG.error("snmp_community_create exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return icommunity
def update_ptp(self, enabled, mode, transport, mechanism):
"""Update the ptp configuration for this region
:param: enabled
:param: mode
:param: transport
:param: mechanism
:return: Nothing
"""
try:
ptp = self.get_ptp()
if not ptp:
LOG.warn("ptp not found %s" % self.region_name)
return ptp
if ptp.enabled != (enabled == "True") or \
ptp.mode != mode or \
ptp.transport != transport or \
ptp.mechanism != mechanism:
patch = make_sysinv_patch({'enabled': enabled},
{'mode': mode},
{'transport': transport},
{'mechanism': mechanism})
LOG.info("region={} ptp update uuid={} patch={}".format(
self.region_name, ptp.uuid, patch))
ptp = self.client.ptp.update(ptp.uuid, patch)
else:
LOG.info("update_ptp no changes, skip ptp region={} "
"update uuid={} enabled={} mode={} "
"transport={} mechanism={}".format(
self.region_name, ptp.uuid,
enabled, mode, transport, mechanism))
except Exception as e:
LOG.error("update_ptp exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return ptp
def update_certificate(self, signature, certificate=None, data=None):
"""Update the certificate for this region
:param: signature of the public certificate
:param: certificate
:param: data
:return: icertificate
"""
LOG.info("update_certificate signature {} data {}".format(
signature, data))
if not certificate:
tpmconfigs = self.client.tpmconfig.list()
if tpmconfigs:
LOG.info("region={} no certificates available, "
"tpm configured".format(self.region_name))
return
if data:
data['passphrase'] = None
mode = data.get('mode', sysinv_constants.CERT_MODE_SSL)
if mode == sysinv_constants.CERT_MODE_SSL_CA:
certificate_files = [sysinv_constants.SSL_CERT_CA_FILE]
elif mode == sysinv_constants.CERT_MODE_SSL:
certificate_files = [sysinv_constants.SSL_PEM_FILE]
elif mode == sysinv_constants.CERT_MODE_MURANO_CA:
certificate_files = [sysinv_constants.MURANO_CERT_CA_FILE]
elif mode == sysinv_constants.CERT_MODE_MURANO:
certificate_files = [
sysinv_constants.MURANO_CERT_KEY_FILE,
sysinv_constants.MURANO_CERT_FILE
]
else:
LOG.warn("update_certificate mode {} not supported".format(
mode))
return
elif signature and signature.startswith(
sysinv_constants.CERT_MODE_SSL_CA):
data['mode'] = sysinv_constants.CERT_MODE_SSL_CA
certificate_files = [sysinv_constants.SSL_CERT_CA_FILE]
elif signature and signature.startswith(
sysinv_constants.CERT_MODE_SSL):
data['mode'] = sysinv_constants.CERT_MODE_SSL
certificate_files = [sysinv_constants.SSL_PEM_FILE]
elif signature and signature.startswith(
sysinv_constants.CERT_MODE_MURANO_CA):
data['mode'] = sysinv_constants.CERT_MODE_MURANO_CA
certificate_files = [sysinv_constants.MURANO_CERT_CA_FILE]
elif signature and signature.startswith(
sysinv_constants.CERT_MODE_MURANO + '_'):
data['mode'] = sysinv_constants.CERT_MODE_MURANO
certificate_files = [
sysinv_constants.MURANO_CERT_KEY_FILE,
sysinv_constants.MURANO_CERT_FILE
]
else:
LOG.warn("update_certificate signature {} "
"not supported".format(signature))
return
certificate = ""
for certificate_file in certificate_files:
with open(certificate_file, 'r') as content_file:
certificate += content_file.read()
LOG.info("update_certificate from shared file {} {}".format(
signature, certificate_files))
if (signature
and (signature.startswith(sysinv_constants.CERT_MODE_SSL) or
(signature.startswith(sysinv_constants.CERT_MODE_TPM)))):
# ensure https is enabled
isystem = self.client.isystem.list()[0]
https_enabled = isystem.capabilities.get('https_enabled', False)
if not https_enabled:
isystem = self.client.isystem.update(
isystem.uuid, [{
"path": "/https_enabled",
"value": "true",
"op": "replace"
}])
LOG.info("region={} enabled https system={}".format(
self.region_name, isystem.uuid))
try:
icertificate = self.client.certificate.certificate_install(
certificate, data)
LOG.info("update_certificate region={} signature={}".format(
self.region_name, signature))
except Exception as e:
LOG.error("update_certificate exception={}".format(e))
raise exceptions.SyncRequestFailedRetry()
return icertificate
