def getTACACSAccountingCfged():
"""
@returns true if TACACS+ is configured as an accounting method
and that there is a valid TACACS+ server configured.
"""
acct = [Mgmt.get_value("/aaa/cmd_audit_method/1/name"),
Mgmt.get_value("/aaa/cmd_audit_method/2/name")]
return ('tacacs+' in acct)
def getTACACSAuthorizationCfged():
"""
@returns true if TACACS+ is configured as an authorization method
and that there is a valid TACACS+ server configured.
"""
author = [Mgmt.get_value("/aaa/cmd_author_method/1/name"),
Mgmt.get_value("/aaa/cmd_author_method/2/name")]
return ('tacacs+' in author)
def __set_user_password(self, username, password):
# XXX/jshilkaitis: lame, should be an action on the mgmtd side
# XXX/jshilkaitis: why doesn't the framework do validation?
valid_password = common.lc_password_validate(password)
if not valid_password:
# XXX/jshilkaitis: hardcode the reason for now, since we know
# length is the only criterion, but that may not be true in the
# future.
raise ServiceError, 'Password must contain at least 6 characters'
use_sha512 = Mgmt.get_value('/rbt/support/config/sha_password/enable')
if use_sha512:
crypted_password = common.sha_encrypt_password(False, password)
else:
crypted_password = common.ltc_encrypt_password(password)
password_node_name = '/auth/passwd/user/%s/password' % username
code, msg = Mgmt.set((password_node_name, 'string', crypted_password))
if code != 0:
raise ServiceError, msg
def get_pfs_stats(self, start_time, end_time, share_name):
"""
get_pfs_stats(auth, start_time, end_time, share_name) ->
[
[share size],
[bytes received],
[bytes sent]
]
Fetch the system's PFS statistics.
Parameters:
start_time (datetime) - start of the stats query period
end_time (datetime) - end of the stats query period
share_name (string) - share whose stats are desired or 'all' for the
sum of all shares
Exceptions:
get_pfs_statsFault - Datetime not in known format
get_pfs_statsFault - Unknown share name
"""
if share_name == 'all':
share_id = 0
else:
share_id = Mgmt.get_value('/rbt/rcu/share/%s/config/id'
% share_name)
if share_id is None:
raise ServiceError, 'Unknown share name: %s' % share_name
return self.get_stats_internal('pfs', 3,
start_time, end_time, share_id)
def getNTPAuthEnabled():
"""
@returns true if any enabled NTP server has a valid key configured.
"""
auth_enabled = False
ntp_hosts = Mgmt.get_pattern('/ntp/server/address/*')
for host in ntp_hosts:
key = Mgmt.get_value('/ntp/server/address/%s/key' % host[2])
enable = Mgmt.get_value('/ntp/server/address/%s/enable' % host[2])
if (key != '0') and (enable == 'true'):
if Mgmt.get_value('/ntp/keys/%s' % key):
auth_enabled = True
break
return auth_enabled
def is_memlock_enabled():
"""!
Queries mgmtd to determine if workstation memlock is turned on
"""
memlock_node = "/rbt/vsp/config/memlock/enable"
memlocked = Mgmt.get_value(memlock_node)
if not memlocked or memlocked == "":
Logging.log(Logging.LOG_ERR, "Cannot determine if memlock is enabled")
memlocked = "false"
return memlocked == "true"
def get_node_value(node_name):
"""get value of a specified node
takes one argument:
node_name -> name of the node you want the value of
returns:
(value) -> value of the node_name
"""
import Mgmt
value = Mgmt.get_value(node_name)
return value
def is_interceptor_in_cluster():
RSI = '/rbt/sport/intercept'
names = Mgmt.get_children(RSI + '/config/neighbor/name')[0]
for name in names:
is_interceptor = Mgmt.get_value(RSI + '/neighbor/' + \
name + '/is_interceptor') == 'true'
if is_interceptor:
return True
return False;
def __start_sport(self):
val = Mgmt.get_value('/pm/monitor/process/sport/state')
if val is None:
raise ServiceError, "Could not determine the service's state"
if val != 'running':
code, msg, bindings = Mgmt.action(
'/rbt/sport/main/action/restart_service')
if code != 0:
raise ServiceError, msg
def get_rios_manage_esxi_ip():
"""!
Queries mgmtd for the current RiOS manage ESXi IP address and returns it
Any callers of this function MUST have an open Mgmt GCL session
If failed, the function returns None.
"""
current_rios_mgmt_esxi_ip_node = "/rbt/vsp/state/network/rios_manage_esxi/ip"
current_rios_mgmt_esxi_ip = Mgmt.get_value(current_rios_mgmt_esxi_ip_node)
if not current_rios_mgmt_esxi_ip or current_rios_mgmt_esxi_ip == "0.0.0.0":
Logging.log(Logging.LOG_INFO, "Failed to get RiOS manage ESXi IP address")
current_rios_mgmt_esxi_ip = None
return current_rios_mgmt_esxi_ip
def getAuthenticationCfged(auth_method):
"""
@params auth_method: The authentication method to look for.
local, radius or tacacs.
@returns bool indicating whether the specified authentication
method is configured. In the case of TACACS+ and RADIUS,
true is only returned if the authentication method is
configured AND a valid RADIUS/TACACS+ server is configured.
"""
auth = [Mgmt.get_value("/aaa/auth_method/1/name"),
Mgmt.get_value("/aaa/auth_method/2/name"),
Mgmt.get_value("/aaa/auth_method/3/name")]
if auth_method == radius:
configured = ('radius' in auth)
elif auth_method == tacacs:
configured = ('tacacs+' in auth)
elif auth_method == local:
configured = ('local' in auth)
else:
configured = False
return configured
def get_debug_option():
"""!
Note: requires an existing Mgmt connection
Returns either "release", "debug", "stats"
"""
node_name = "/rbt/vsp/config/esxi/vmx/debug_option"
ret_option = "release"
option = Mgmt.get_value(node_name)
# If somehow the node does not exist, we'll assume the release binary
if option:
ret_option = option
return ret_option
def get_rsp_vni_stats(self, start_time, end_time, opt_vni, side):
"""
get_rsp_vni_stats(auth, start_time, end_time, opt_vni, side) ->
[
[ingress bytes],
[egress bytes],
[ingress packets],
[egress packets]
]
Fetch the system's RSP VNI statistics.
Parameters:
start_time (datetime) - start of the stats query period
end_time (datetime) - end of the stats query period
opt_vni (string) - name of vni whose stats are desired
side (string) - side of the vni whose stats are desired
(lan, wan, or pkg)
Exceptions:
get_rsp_vni_statsFault - Datetime not in known format
get_rsp_vni_statsFault - Invalid optimization VNI side
get_rsp_vni_statsFault - Invalid optimization VNI
"""
offset_dict = {
'lan' : 0,
'wan' : 10,
'pkg' : 20,
}
try:
offset = offset_dict[side]
except KeyError:
raise ServiceError, '%s is not a valid optimization VNI side' % side
id = Mgmt.get_value('/rbt/rsp2/state/vni/opt/%s/stats_id' % opt_vni)
if id is None:
raise ServiceError, '%s is not a valid optimization vni' % opt_vni
vni_id = int(id) + offset
return self.get_stats_internal('rsp', 4, start_time, end_time, vni_id)
def __stop_sport(self):
val = Mgmt.get_value('/pm/monitor/process/sport/state')
if val is None:
raise ServiceError, "Could not determine the service's state"
if val == 'running':
code, msg, bindings = Mgmt.action(
'/rbt/sport/status/action/unset_restart_needed')
if code != 0:
raise ServiceError, msg
code, msg, bindings = Mgmt.action(
'/pm/actions/terminate_process',
('process_name', 'string', 'sport'))
if code != 0:
raise ServiceError, msg
def get_alarm_status(self, alarm):
"""
get_alarm_status(auth, alarm) -> string
Get an alarm's status.
Parameters:
alarm (string) - name of the alarm whose status will be returned
Exceptions:
get_alarm_statusFault - Alarm does not exist
get_alarm_statusFault - Server Error. Contact Support.
"""
alarm = alarm.lower()
alarm_enabled = Mgmt.get_value('/stats/config/alarm/%s/enable'
% alarm)
if alarm_enabled is None:
raise ServiceError, 'Alarm %s does not exist' % alarm
elif alarm_enabled == 'false':
return 'disabled'
elif alarm_enabled == 'true':
# XXX/jshilkaitis: use mdc_iterate_binding_pattern one day, but
# need to expose it first, and since it's non-trivial, I'm
# punting on that for now.
alarm_pfx = '/stats/state/alarm/' + alarm
alarm_nodes = Mgmt.iterate(alarm_pfx, subtree=True)
for node in alarm_nodes:
if ((Mgmt.bn_name_pattern_match(
node[0], alarm_pfx + '/node/*/rising/error') or
Mgmt.bn_name_pattern_match(
node[0], alarm_pfx + '/node/*/falling/error')) and
node[2] == 'true'):
return 'ERROR'
else:
raise ServiceError, 'Server error. Contact Support.'
return 'ok'
def get_root_password():
"""!
Queries mgmtd for the encrypted root password for ESXi and then returns
the decrypted password.
Any callers of this function MUST have an open Mgmt GCL session
"""
# Mgmt nodes related to ESXi password
rootpw_node = "/rbt/vsp/config/esxi/root/password"
ret_password = None
encrypted_str = Mgmt.get_value(rootpw_node)
if encrypted_str:
ret_password = decrypt_scrypt(context, encrypted_str)
else:
# If the root password is default empty string, node returns empty
ret_password = ""
return ret_password
def set_user_password(self, username, password):
"""
set_user_password(auth, username, password) -> None
Modify the password of an existing user.
Parameters:
username (string) - username whose password will be modified
password (string) - username's new password
Exceptions:
set_user_passwordFault - Cannot modify non-existent user
set_user_passwordFault - Password must contain at least 6 characters
set_user_passwordFault - Cannot modify another user's password
"""
existing_user = Mgmt.get_value('/auth/passwd/user/%s/password' %
username)
if existing_user is None:
raise ServiceError, \
'Cannot modify non-existent user "%s"' % username
self.__set_user_password(username, password)
def __assert_alarm_exists(self, alarm):
alarm_exists = Mgmt.get_value('/stats/config/alarm/%s/enable' % alarm)
if alarm_exists is None:
raise ServiceError, 'Alarm %s does not exist' % alarm
if options.verbose:
print "Updating CRON config due to interval changes"
do_install()
elif minimal and minimal != options.min_interval:
if options.verbose:
print "Updating CRON config due to interval changes"
do_install()
# Command line & Config. Configuration settings (or defaults) come
# from mgmt. The command line can override.
HC = '/rbt/support/healthcheck'
md_bool_map = {'true':True, 'false':False}
try:
Mgmt.open()
enable_default=md_bool_map[Mgmt.get_value(HC + '/enable')]
transport_default=Mgmt.get_value(HC + '/transport')
url_default=Mgmt.get_value(HC + '/url')
recipient_default=Mgmt.get_value(HC + '/recipient')
proxy_default=Mgmt.get_value(HC + '/proxy')
full_interval_default=Mgmt.get_value(HC + '/full_interval')
min_interval_default=Mgmt.get_value(HC + '/min_interval')
level_default=Mgmt.get_value(HC + '/level')
Mgmt.close()
except:
# Mgmt cannot be accessed at boot so we muddle along with command
# line only to allow the boot install. The first run after boot
# will fix the scheduling to any user defined values or
# md_support.xml defaults.
enable_default=False
transport_default='autosupport_gw'
def get_qos_stats(self, start_time, end_time, qos_class):
"""
get_passthrough_stats(auth, start_time, end_time, qos_class) ->
[
[packets sent],
[packets dropped],
[bits sent],
[bits dropped]
]
Fetch the system's QoS statistics.
Parameters:
start_time (datetime) - start of the stats query period
end_time (datetime) - end of the stats query period
qos_class (string) - name of qos class whose stats are desired
or 'all'
Exceptions:
get_qos_statsFault - Datetime not in known format
get_qos_statsFault - QoS class does not exist
get_qos_statsFault - Internal error. Failed to map class to id.
"""
classid = None
# the default class is guaranteed to exist, so this is always safe
check_rbm_permissions('/rbt/hfsc/config/class/default/params/classid',
RBM_READ)
if qos_class == 'all':
classid = "0"
# elif qos_class == 'unknown':
# XXX/jshilkaitis: figure out how to deal with this
# pass
else:
# convert class name to class id
classid = Mgmt.get_value('/rbt/hfsc/config/class/%s/params/classid'
% qos_class)
if classid is None:
raise ServiceError, 'QoS class "%s" does not exist' % qos_class
check_rbm_permissions('/rbt/hfsc/action/get_family_ids',
RBM_ACTION)
# handle hierarchical QoS classes
code, msg, bindings = Mgmt.action('/rbt/hfsc/action/get_family_ids',
('parent_id', 'uint16', classid))
if code != 0:
raise ServiceError, 'Unable to map class name "%s" to class id.' \
% qos_class
if bindings == {}:
family_ids = classid
else:
family_ids = bindings['family_ids']
data_dict = {0:{}, 1:{}, 2:{}, 3:{}}
# all datapoints with the same timestamp have equal durations
gran_dict = {}
# merge the datapoints for each class into a summary dict
for cid in family_ids.split(','):
stats_array = self.get_stats_internal('qos', 4,
start_time, end_time, cid)
for i in range(4):
curr_dict = data_dict[i]
sub_array = stats_array[i]
for dp in sub_array:
curr_dict[dp.time] = curr_dict.get(dp.time, 0) + dp.value
gran_dict[dp.time] = dp.duration
results = []
sorted_times = gran_dict.keys()
sorted_times.sort()
# turn the summary dict into a list of datapoints, sorted by time
for i in range(4):
curr_dict = data_dict[i]
curr_result_array = []
for t in sorted_times:
d = Datapoint()
d.time = t
d.value = curr_dict[t]
d.duration = gran_dict[t]
curr_result_array.append(d)
results.append(curr_result_array)
return results
def getBridgeInterfaceMTU(self, bridgeName):
bn_node = "/rbt/vsp/state/interface/%s/bridged/interface/mtu" % bridgeName
Mgmt.open()
infMTU = Mgmt.get_value(bn_node)
Mgmt.close()
return infMTU
