def get_controllers_csr_cert(self, client_ip, cntrl_type, vm_mgmt_host,
vm_user, vm_pass):
auth = Authentication(host=vm_mgmt_host,
user=vm_user,
password=vm_pass).login()
cert = Certificate(auth, vm_mgmt_host)
self.__logger.info(f'Get CSR certificate for {client_ip}')
cert_csr = cert.generate_csr(client_ip)
with open(f'{self.cert_path}/{cntrl_type}.csr', mode="w") as fn:
fn.write(cert_csr)
self.openssl(
'x509',
'-req',
'-in',
f'{self.cert_path}/{cntrl_type}.csr',
'-CA',
f'{self.cert_path}/{self.rootca_name}',
'-CAkey',
f'{self.cert_path}/CA.key',
'-CAcreateserial',
'-out',
f'{self.cert_path}/{cntrl_type}.crt',
'-days',
'2000',
'-sha256',
)
# cn.log(cert_csr)
self.__logger.info(f'Write CRT to file [green]{cntrl_type}.crt')
with open(f'{self.cert_path}/{cntrl_type}.crt', mode="r") as fn:
cert_crt = fn.read()
self.__logger.info(
f'Install CRT certificate [green]{cntrl_type}.crt to {client_ip}')
cert.install_device_cert(cert_crt)
def install(ctx, cert):
"""
Install certificate
"""
vmanage_certificate = Certificate(ctx.auth, ctx.host, ctx.port)
click.echo("Installing certificate...")
vmanage_certificate.install_device_cert(cert)
def push(ctx):
"""
Push certificates to all controllers
"""
vmanage_certificate = Certificate(ctx.auth, ctx.host)
click.echo("Pushing certificates to controllers...")
vmanage_certificate.push_certificates()
def root_cert(ctx):
"""
Get vManage root certificate
"""
vmanage_certificate = Certificate(ctx.auth, ctx.host, ctx.port)
result = vmanage_certificate.get_vmanage_root_cert()
click.echo(result)
def generate_csr(ctx, ip, csr_file):
"""
Generate CSR for a device
"""
vmanage_certificate = Certificate(ctx.auth, ctx.host)
csr = vmanage_certificate.generate_csr(ip)
with open(csr_file, 'w') as outfile:
outfile.write(csr)
def run_module():
# define available arguments/parameters a user can pass to the module
argument_spec = vmanage_argument_spec()
argument_spec.update(organization=dict(type='str'),
vbond=dict(type='str'),
vbond_port=dict(type='int', default=12346),
root_cert=dict(type='str'),
push=dict(type='bool'))
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(changed=False, )
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
vmanage = Vmanage(module)
vmanage_certificate = Certificate(vmanage.auth, vmanage.host)
vmanage.result['what_changed'] = []
if vmanage.params['push']:
vmanage_certificate.push_certificates()
if vmanage.result['what_changed']:
vmanage.result['changed'] = True
vmanage.exit_json(**vmanage.result)
def run_module():
# define available arguments/parameters a user can pass to the module
argument_spec = vmanage_argument_spec()
argument_spec.update(organization=dict(type='str'),
vbond=dict(type='str'),
vbond_port=dict(type='str', default='12346'),
root_cert=dict(type='str'),
ca_type=dict(type='str'))
# seed the result dict in the object
# we primarily care about changed and state
# change is if this module effectively modified the target
# state will include any data that you want your module to pass back
# for consumption, for example, in a subsequent task
result = dict(changed=False, )
# the AnsibleModule object will be our abstraction working with Ansible
# this includes instantiation, a couple of common attr would be the
# args/params passed to the execution, as well as if the module
# supports check mode
module = AnsibleModule(
argument_spec=argument_spec,
supports_check_mode=True,
)
vmanage = Vmanage(module)
vmanage_settings = Settings(vmanage.auth, vmanage.host)
vmanage_certificate = Certificate(vmanage.auth, vmanage.host)
vmanage.result['what_changed'] = []
if vmanage.params['organization']:
current = vmanage_settings.get_vmanage_org()
if vmanage.params['organization'] != current:
vmanage.result['what_changed'].append('organization')
if not module.check_mode:
vmanage_settings.set_vmanage_org(
vmanage.params['organization'])
if vmanage.params['vbond']:
current = vmanage_settings.get_vmanage_vbond()
if vmanage.params['vbond'] != current['domainIp'] or vmanage.params[
'vbond_port'] != current['port']:
vmanage.result['what_changed'].append('vbond')
if not module.check_mode:
vmanage_settings.set_vmanage_vbond(
vmanage.params['vbond'], vmanage.params['vbond_port'])
if vmanage.params['ca_type']:
current = vmanage_settings.get_vmanage_ca_type()
if vmanage.params['ca_type'] != current:
vmanage.result['what_changed'].append('ca_type')
if not module.check_mode:
vmanage_settings.set_vmanage_ca_type(vmanage.params['ca_type'])
if vmanage.params['root_cert']:
current = vmanage_certificate.get_vmanage_root_cert()
if vmanage.params['root_cert'] not in current:
vmanage.result['what_changed'].append('root_cert')
if not module.check_mode:
vmanage_settings.set_vmanage_root_cert(
vmanage.params['root_cert'])
if vmanage.result['what_changed']:
vmanage.result['changed'] = True
vmanage.exit_json(**vmanage.result)
def push_cert_to_controllers(self):
cert = Certificate(self.vm_auth, self.vm_mgmt_ip)
self.__logger.info(f'[orange1]Push certificates to controllers')
response = cert.push_certificates()
self.__logger.info(f"[cyan]{response}")