Ejemplos de add_conv_status en Python

Ejemplo n.º 1

Archivo: pool_converter.py Proyecto: ypraveen/sdk

    def add_status(self, name, skipped_attr, member_skipped, skipped_monitors,
                   converted_objs, user_ignore, skipped_servers):
        skipped = []
        conv_status = dict()
        conv_status['user_ignore'] = []
        if skipped_attr:
            p_ignore = user_ignore.get('pool', [])
            conv_status['user_ignore'] = [val for val in skipped_attr
                                          if val in p_ignore]
            skipped_attr = [attr for attr in skipped_attr
                            if attr not in p_ignore]
            if skipped_attr:
                skipped.append(skipped_attr)
        if member_skipped:
            m_ignore = user_ignore.get('members', [])
            if m_ignore:
                ms_new = []
                um_list = []
                for obj in member_skipped:
                    um_skipped = dict()
                    um_skipped[obj.keys()[0]] = \
                        [val for val in obj[obj.keys()[0]] if val in m_ignore]
                    temp = [val for val in obj[obj.keys()[0]]
                            if val not in m_ignore]
                    if um_skipped[um_skipped.keys()[0]]:
                        um_list.append(um_skipped)
                    if temp:
                        ms_new.append({obj.keys()[0]: temp})
                conv_status['user_ignore'].append(um_list)
                if ms_new:
                    skipped.append(ms_new)
            else:
                skipped.append(member_skipped)

        if skipped_monitors and not user_ignore.get('monitor', None):
            skipped.append({"monitor": skipped_monitors})
        if skipped_servers:
            skipped.append({"server": skipped_servers})
        conv_status['skipped'] = skipped
        status = conv_const.STATUS_SUCCESSFUL
        if skipped:
            status = conv_const.STATUS_PARTIAL
        conv_status['status'] = status

        conv_utils.add_conv_status('pool', None, name, conv_status,
                                   converted_objs)

Ejemplo n.º 2

 def convert_cookie(self, name, profile, skipped, tenant):
     method = profile.get('cookie mode', 'insert')
     if not method == 'insert':
         LOG.warn("Skipped cookie method not supported for profile '%s' " %
                  name)
         conv_utils.add_conv_status('persistence', 'cookie', name,
                                    'skipped')
         return None
     #supported_attr = ["cookie name", "mode", "defaults from", "cookie mode",
     #"cookie hash offset", "cookie hash length",
     #"cookie expiration"]
     skipped += [
         attr for attr in profile.keys() if attr not in self.supported_attr
     ]
     cookie_name = profile.get("cookie name", name + ':-cookie')
     if not cookie_name:
         LOG.error("Missing Required field cookie name in: %s", name)
         conv_utils.add_status_row('profile', 'persist-cookie', name,
                                   final.STATUS_SKIPPED)
         return None
     timeout = profile.get("cookie expiration", '1')
     if timeout == 'immediate':
         timeout = '0'
     parent_obj = super(PersistenceConfigConvV10, self)
     if 'd ' in timeout:
         timeout = timeout.replace('d ', ':')
     elif 'd' in timeout:
         timeout = timeout.replace('d', '')
     timeout = parent_obj.convert_timeout(timeout)
     persist_profile = {
         "name": name,
         "app_cookie_persistence_profile": {
             "prst_hdr_name": cookie_name,
             "timeout": timeout
         },
         "server_hm_down_recovery": "HM_DOWN_PICK_NEW_SERVER",
         "persistence_type": "PERSISTENCE_TYPE_APP_COOKIE",
     }
     persist_profile['tenant_ref'] = conv_utils.get_object_ref(
         tenant, 'tenant')
     return persist_profile

Ejemplo n.º 3

Archivo: persistence_converter.py Proyecto: ypraveen/sdk

 def convert_cookie(self, name, profile, skipped, tenant):
     method = profile.get('cookie mode', 'insert')
     if not method == 'insert':
         LOG.warn("Skipped cookie method not supported for profile '%s' "
                  % name)
         conv_utils.add_conv_status('persistence', 'cookie', name, 'skipped')
         return None
     #supported_attr = ["cookie name", "mode", "defaults from", "cookie mode",
                       #"cookie hash offset", "cookie hash length",
                       #"cookie expiration"]
     skipped += [attr for attr in profile.keys()
                if attr not in self.supported_attr]
     cookie_name = profile.get("cookie name", name+':-cookie')
     if not cookie_name:
         LOG.error("Missing Required field cookie name in: %s", name)
         conv_utils.add_status_row('profile', 'persist-cookie', name,
                                   final.STATUS_SKIPPED)
         return None
     timeout = profile.get("cookie expiration", '1')
     if timeout == 'immediate':
         timeout = '0'
     parent_obj = super(PersistenceConfigConvV10, self)
     if 'd ' in timeout:
         timeout = timeout.replace('d ', ':')
     elif 'd' in timeout:
         timeout = timeout.replace('d', '')
     timeout = parent_obj.convert_timeout(timeout)
     persist_profile = {
         "name": name,
         "app_cookie_persistence_profile": {
             "prst_hdr_name": cookie_name,
             "timeout": timeout
         },
         "server_hm_down_recovery": "HM_DOWN_PICK_NEW_SERVER",
         "persistence_type": "PERSISTENCE_TYPE_APP_COOKIE",
     }
     persist_profile['tenant_ref'] = conv_utils.get_object_ref(
             tenant, 'tenant')
     return persist_profile

Ejemplo n.º 4

Archivo: vs_converter.py Proyecto: ypraveen/sdk

    def convert_vs(self, vs_name, f5_vs, vs_state, avi_config, snat_config,
                   user_ignore, tenant_ref, cloud_name, controller_version):
        tenant, vs_name = conv_utils.get_tenant_ref(vs_name)
        if not tenant_ref == 'admin':
            tenant = tenant_ref
        hash_profiles = avi_config.get('hash_algorithm', [])
        description = f5_vs.get("description", None)
        skipped = [key for key in f5_vs.keys()
                   if key not in self.supported_attr]
        enabled = (vs_state == 'enable')
        if enabled:
            enabled = False if "disabled" in f5_vs.keys() else True
        profiles = f5_vs.get("profiles", {})
        ssl_vs, ssl_pool = conv_utils.get_vs_ssl_profiles(profiles, avi_config,
                                                          self.prefix)
        oc_prof = False
        for prof in profiles:
            if prof in avi_config.get('OneConnect', []):
                oc_prof = True
        app_prof, f_host, realm, policy_set = conv_utils.get_vs_app_profiles(
            profiles, avi_config, tenant, self.prefix, oc_prof)

        if not app_prof:
            LOG.warning('Profile type not supported by Avi Skipping VS : %s'
                        % vs_name)
            conv_utils.add_status_row('virtual', None, vs_name,
                                      final.STATUS_SKIPPED)
            return None

        ntwk_prof = conv_utils.get_vs_ntwk_profiles(profiles, avi_config,
                                                    self.prefix)

        # If one connect profile is not assigned to f5 VS and avi app profile
        # assigned to VS has connection_multiplexing_enabled value True then
        # clone profile and make connection_multiplexing_enabled as False
        pool_ref = f5_vs.get("pool", None)
        app_prof_obj = [obj for obj in avi_config['ApplicationProfile']
                        if obj['name'] == app_prof[0]]
        cme = True
        app_prof_type = None
        if app_prof_obj:
            app_prof_type = app_prof_obj[0].get('type')
        if app_prof_type == 'APPLICATION_PROFILE_TYPE_HTTP':
            cme = app_prof_obj[0]['http_profile'].get(
                'connection_multiplexing_enabled', False)
        if not (cme or oc_prof):
            # Check if already cloned profile present
            app_prof_cmd = [obj for obj in avi_config['ApplicationProfile']
                            if obj['name'] == '%s-cmd' % app_prof[0]]
            if app_prof_cmd:
                app_prof[0] = app_prof_cmd[0]['name']
            else:
                app_prof_cmd = copy.deepcopy(app_prof_obj[0])
                app_prof_cmd['name'] = '%s-cmd' % app_prof_cmd['name']
                app_prof_cmd['connection_multiplexing_enabled'] = False
                avi_config['ApplicationProfile'].append(app_prof_cmd)
                app_prof[0] = app_prof_cmd['name']

        enable_ssl = False
        if ssl_vs:
            enable_ssl = True
        destination = f5_vs.get("destination", None)
        d_tenant, destination = conv_utils.get_tenant_ref(destination)
        # if destination is not present then skip vs.
        services_obj, ip_addr, vsvip_ref, vrf_ref = conv_utils.get_service_obj(
            destination, avi_config, enable_ssl, controller_version, tenant,
            cloud_name, self.prefix, vs_name)
        # Added Check for if port is no digit skip vs.
        if not services_obj and not ip_addr and not vsvip_ref:
            LOG.debug("Skipped: Virtualservice: %s" % vs_name)
            conv_utils.add_status_row('virtual', None, vs_name,
                                      final.STATUS_SKIPPED)
            return

        is_pool_group = False
        if pool_ref:
            p_tenant, pool_ref = conv_utils.get_tenant_ref(pool_ref)
            # TODO: need to revisit after shared pool support implemented
            pool_ref, is_pool_group = conv_utils.clone_pool_if_shared(
                pool_ref, avi_config, vs_name, tenant, p_tenant,
                cloud_name=cloud_name, prefix=self.prefix)
            if ssl_pool:
                if is_pool_group:
                    conv_utils.add_ssl_to_pool_group(avi_config, pool_ref,
                                                     ssl_pool[0], tenant)
                    conv_utils.remove_http_mon_from_pool_group(
                        avi_config, pool_ref, tenant)
                else:
                    conv_utils.add_ssl_to_pool(avi_config['Pool'], pool_ref,
                                               ssl_pool[0], tenant)
                    conv_utils.remove_http_mon_from_pool(
                        avi_config, pool_ref, tenant)
            else:
                # TODO Remove this once controller support this scenario.
                if is_pool_group:
                    conv_utils.remove_https_mon_from_pool_group(
                        avi_config, pool_ref, tenant)
                else:
                    conv_utils.remove_https_mon_from_pool(
                        avi_config, pool_ref, tenant)

            persist_ref = self.get_persist_ref(f5_vs)
            if persist_ref:
                avi_persistence = avi_config.get(
                    'ApplicationPersistenceProfile', [])

                if is_pool_group:
                    pool_updated = conv_utils.update_pool_group_for_persist(
                        avi_config, pool_ref, persist_ref, hash_profiles,
                        avi_persistence, tenant)
                else:
                    pool_updated = conv_utils.update_pool_for_persist(
                        avi_config['Pool'], pool_ref, persist_ref,
                        hash_profiles, avi_persistence, tenant)

                if not pool_updated:
                    skipped.append("persist")
                    LOG.warning(
                        "persist profile %s not found for vs:%s" %
                        (persist_ref, vs_name))
            if f_host:
                conv_utils.update_pool_for_fallback(
                    f_host, avi_config['Pool'], pool_ref)
        ip_addr = ip_addr.strip()
        matches = re.findall('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', ip_addr)
        if not matches or ip_addr == '0.0.0.0':
            LOG.warning('Avi does not support IPv6 : %s. '
                        'Generated random ipv4 for vs: %s' % (ip_addr, vs_name))
            vs_name += '-needs-ipv6-ip'
            ip_addr = ".".join(map(str, (
                random.randint(0, 255) for _ in range(4))))
        # VIP object for virtual service
        vip = {
            'ip_address': {
                'addr': ip_addr,
                'type': 'V4'
            },
            'vip_id': 0
        }
        vs_obj = {
            'name': vs_name,
            'description': description,
            'type': 'VS_TYPE_NORMAL',
            'enabled': enabled,
            'cloud_ref': conv_utils.get_object_ref(
                cloud_name, 'cloud', tenant=tenant),
            'services': services_obj,
            'application_profile_ref': app_prof[0],
            'vs_datascripts': [],
            'tenant_ref': conv_utils.get_object_ref(tenant, 'tenant')
        }

        if vrf_ref:
            vs_obj['vrf_context_ref'] = vrf_ref
        if parse_version(controller_version) >= parse_version('17.1'):
            vs_obj['vip'] = [vip]
            vs_obj['vsvip_ref'] = vsvip_ref
        else:
            vs_obj['ip_address'] = vip['ip_address']
        vs_ds_rules = None
        if 'rules' in f5_vs:
            if isinstance(f5_vs['rules'], basestring):
                vs_ds_rules = [f5_vs['rules']]
            else:
                vs_ds_rules = f5_vs['rules'].keys()
            for index, rule in enumerate(vs_ds_rules):
                # converted _sys_https_redirect data script to rule in
                # http policy
                if rule == '_sys_https_redirect':
                    # Added prefix for objects
                    if self.prefix:
                        policy_name = self.prefix + '-' + rule + '-' + vs_name
                    else:
                        policy_name = rule + '-' + vs_name
                    policy = {
                        "name": policy_name,
                        "http_request_policy": {
                            "rules": [
                                {
                                    "index": 1,
                                    "redirect_action": {
                                        "keep_query": True,
                                        "status_code":
                                            "HTTP_REDIRECT_STATUS_CODE_302",
                                        "protocol": "HTTPS",
                                        "port": 443
                                    },
                                    "enable": True,
                                    "name": policy_name + "-Redirect",
                                    "match": {
                                        "protocol": {
                                            "protocols": "HTTP",
                                            "match_criteria": "IS_IN"
                                        }
                                    }
                                }
                            ]
                        },
                        'tenant_ref': conv_utils.get_object_ref(tenant,
                                                                'tenant'),
                        "is_internal_policy": False
                    }
                    http_policies = {
                        'index': 11,
                        'http_policy_set_ref':
                            conv_utils.get_object_ref(policy_name,
                                                      'httppolicyset',
                                                      tenant=tenant)
                    }
                    vs_obj['http_policies'] = []
                    vs_obj['http_policies'].append(http_policies)
                    avi_config['HTTPPolicySet'].append(policy)
        if is_pool_group:
            vs_obj['pool_group_ref'] = conv_utils.get_object_ref(
                pool_ref, 'poolgroup', tenant=tenant, cloud_name=cloud_name)
        elif pool_ref:
            vs_obj['pool_ref'] = conv_utils.get_object_ref(
                pool_ref, 'pool', tenant=tenant, cloud_name=cloud_name)

        self.convert_translate_port(avi_config, f5_vs, app_prof[0], pool_ref,
                                    skipped)
        conn_limit = int(f5_vs.get(self.connection_limit, '0'))
        if conn_limit > 0:
            vs_obj["performance_limits"] = {
                "max_concurrent_connections": conn_limit
            }
        rate_limit = int(f5_vs.get('rate-limit', '0'))
        if rate_limit > 0:
            vs_obj["connections_rate_limit"] = {
                "count": rate_limit
            }

        if realm:
            vs_obj['client_auth'] = realm

        if policy_set:
            vs_obj['http_policies'] = policy_set

        source = f5_vs.get('source', '0.0.0.0/0')
        if '%' in source:
            s_parts = source.split('%')
        elif '/' in source:
            s_parts = source.split('/')
        else:
            s_parts = [source]
        if not s_parts[0] == '0.0.0.0':
            parts = source.split('/')
            if '%' in parts[0]:
                parts[0] = parts[0].split('%')[0]
            mask = 24
            if len(parts) > 1:
                mask = parts[1]
            policy_name = ('vs-%s-ns' % vs_name)
            policy = conv_utils.create_network_security_rule(
                policy_name, parts[0], mask, tenant)
            avi_config['NetworkSecurityPolicy'].append(policy)
            vs_obj['network_security_policy_ref'] = conv_utils.get_object_ref(
                policy_name, 'networksecuritypolicy', tenant=tenant)

        # Checking snat conversion flag and snat info for creating snat ip object
        snat = f5_vs.get("source-address-translation", {})
        snat_pool_name = snat.get("pool", f5_vs.get("snatpool", None))
        snat_pool = snat_config.pop(snat_pool_name, None)
        if snat_pool:
            if self.con_snatpool:
                LOG.debug("Converting the snat as input flag and snat information is set")
                snat_list = conv_utils.get_snat_list_for_vs(snat_pool)
                if len(snat_list) > 32:
                    vs_obj["snat_ip"] = snat_list[0:32]
                    LOG.warning(
                        'Ignore the snat IPs, its count is beyond 32 for vs : %s' %
                        vs_name)
                else:
                    vs_obj["snat_ip"] = snat_list
                conv_status = {'status': final.STATUS_SUCCESSFUL}
                message = 'Mapped indirectly to VS -> SNAT IP Address'
                conv_utils.add_conv_status('snatpool', '', snat_pool_name,
                                           conv_status, message)
            else:
                LOG.debug("Skipped: snat conversion as input flag is not set for vs : %s" % vs_name)
                skipped.append("source-address-translation" if f5_vs.get(
                    "source-address-translation") else "snatpool" if f5_vs.get(
                    "snatpool") else None)

        if ntwk_prof:
            vs_obj['network_profile_ref'] = ntwk_prof[0]
        if enable_ssl:
            vs_obj['ssl_profile_ref'] = ssl_vs[0]["profile"]
            if ssl_vs[0]["cert"]:
                vs_obj['ssl_key_and_certificate_refs'] = [ssl_vs[0]["cert"]]
            if ssl_vs[0]["pki"] and app_prof[0] != "http":
                app_profiles = [obj for obj in
                                avi_config["ApplicationProfile"]
                                if obj['name'] ==
                                conv_utils.get_name_from_ref(app_prof[0])]
                if app_profiles[0]["type"] == \
                        'APPLICATION_PROFILE_TYPE_HTTP':
                    app_profiles[0]["http_profile"][
                        "ssl_client_certificate_mode"] = ssl_vs[0]["mode"]
                    app_profiles[0]["http_profile"]["pki_profile_ref"] = \
                        ssl_vs[0]["pki"]

        # Added code to skipped L4 VS if pool or pool group not present
        if vs_obj['application_profile_ref']:
            app_profile_name = \
                str(vs_obj['application_profile_ref']).split(
                    '&name=')[1]
            application_profile_obj = \
                [obj for obj in avi_config['ApplicationProfile']
                 if obj['name'] == app_profile_name]
            if application_profile_obj and application_profile_obj[0]['type'] \
                    == 'APPLICATION_PROFILE_TYPE_L4':
                if not 'pool_ref' and not 'pool_group_ref' in vs_obj:
                    LOG.debug("Failed to convert L4 VS dont have "
                              "pool or pool group ref: %s" % vs_name)
                    conv_utils.add_status_row('virtual', None,
                                              vs_name,
                                              final.STATUS_SKIPPED)
                    return
        for attr in self.ignore_for_value:
            ignore_val = self.ignore_for_value[attr]
            actual_val = f5_vs.get(attr, None)
            if not actual_val:
                continue
            if isinstance(ignore_val, str) and actual_val == ignore_val:
                skipped.remove(attr)
            elif isinstance(ignore_val, list) and actual_val in ignore_val:
                skipped.remove(attr)
        conv_status = dict()
        conv_status['user_ignore'] = [val for val in skipped
                                      if val in user_ignore]

        if vs_ds_rules:
            skipped_rules = [rule for rule in vs_ds_rules
                             if rule != '_sys_https_redirect']
            if skipped_rules:
                skipped.append('rules: %s' % skipped_rules)
        conv_status['na_list'] = [val for val in skipped if
                                  val in self.vs_na_attr]
        skipped = [attr for attr in skipped if attr not in self.vs_na_attr]
        skipped = [attr for attr in skipped if attr not in user_ignore]
        conv_status['skipped'] = skipped
        status = final.STATUS_SUCCESSFUL
        if skipped:
            status = final.STATUS_PARTIAL
        conv_status['status'] = status

        conv_utils.add_conv_status('virtual', None, vs_name,
                                   conv_status, vs_obj)

        return vs_obj

Ejemplo n.º 5

Archivo: monitor_converter.py Proyecto: ypraveen/sdk

    def convert_monitor(self, f5_monitor, key, monitor_config, input_dir,
                        user_ignore, tenant_ref, avi_config, cloud_name,
                        controller_version):
        monitor_type, name = self.get_name_type(f5_monitor, key)
        skipped = [val for val in f5_monitor.keys()
                   if val not in self.supported_attributes]
        indirect = copy.deepcopy(self.indirect_mappings)
        timeout = int(f5_monitor.get("timeout", conv_const.DEFAULT_TIMEOUT))
        interval = int(f5_monitor.get("interval", conv_const.DEFAULT_INTERVAL))
        time_until_up = int(f5_monitor.get(self.tup,
                                           conv_const.DEFAULT_TIME_UNTIL_UP))
        # Fixed Successful interval and failed checks
        failed_checks = int(timeout/interval)
        successful_checks = conv_const.DEFAULT_FAILED_CHECKS
        if time_until_up > 0:
            successful_checks = int(time_until_up/interval)
            successful_checks = 1 \
                if successful_checks == 0 else successful_checks

        description = f5_monitor.get("description", None)
        monitor_dict = dict()
        tenant, name = conv_utils.get_tenant_ref(name)
        # Added prefix for objects
        if self.prefix:
            name = self.prefix + '-' + name
        if tenant_ref != 'admin':
            tenant = tenant_ref
        monitor_dict['tenant_ref'] = conv_utils.get_object_ref(tenant, 'tenant')
        monitor_dict["name"] = name
        monitor_dict["receive_timeout"] = interval-1
        monitor_dict["failed_checks"] = failed_checks
        monitor_dict["send_interval"] = interval
        monitor_dict["successful_checks"] = successful_checks

        if description:
            monitor_dict["description"] = description
        # transparent : Only flag if destination or port are set, else ignore
        transparent = f5_monitor.get("transparent", 'disabled')
        transparent = False if transparent == 'disabled' else True
        destination = f5_monitor.get(self.dest_key, '*:*')
        if destination in ['*', '*:0']:
            destination = '*:*'
            f5_monitor[self.dest_key] = destination
        if not transparent or destination == '*:*':
            if 'transparent' in skipped:
                indirect.append('transparent')
        ignore_for_defaults = {}
        defaults = self.get_default_monitor(monitor_type, monitor_config)
        if defaults:
            ignore_for_defaults = copy.deepcopy(defaults)
        ignore_for_defaults.update(self.ignore)
        u_ignore = []
        na_list = []
        if monitor_type == "http":
            u_ignore = user_ignore.get("http", [])
            na_list = self.na_http
            skipped = self.convert_http(monitor_dict, f5_monitor, skipped)
        elif monitor_type == "https":
            na_list = self.na_https
            u_ignore = user_ignore.get("https", [])
            skipped = self.convert_https(
                monitor_dict, f5_monitor, skipped, avi_config, tenant_ref,
                input_dir, cloud_name, controller_version)
        elif monitor_type == "dns":
            na_list = self.na_dns
            u_ignore = user_ignore.get("dns", [])
            if f5_monitor.get('qname', None) and (not f5_monitor.get(
                    'qname') == 'none'):
                skipped = self.convert_dns(monitor_dict, f5_monitor, skipped)
                ignore_for_defaults.update({'qtype': 'a'})
            else:
                LOG.warning('No value for mandatory field query_name, skipped '
                            'DNS Monitor %s' % key)
                conv_utils.add_status_row('monitor', monitor_type, name,
                                          conv_const.STATUS_SKIPPED)
                return None
        elif monitor_type in ["tcp", "tcp_half_open", "tcp-half-open"]:
            na_list = self.na_tcp
            u_ignore = user_ignore.get("tcp", [])
            skipped = self.convert_tcp(monitor_dict, f5_monitor, skipped,
                                       monitor_type)
        elif monitor_type == "udp":
            na_list = self.na_udp
            u_ignore = user_ignore.get("udp", [])
            skipped = self.convert_udp(monitor_dict, f5_monitor, skipped)
        elif monitor_type in ["icmp", "gateway-icmp", "gateway_icmp"]:
            na_list = self.na_icmp
            u_ignore = user_ignore.get("icmp", [])
            u_ignore += user_ignore.get("gateway-icmp", [])
            u_ignore += user_ignore.get("gateway_icmp", [])
            skipped = self.convert_icmp(monitor_dict, f5_monitor, skipped)
        elif monitor_type == "external":
            na_list = self.na_external
            u_ignore = user_ignore.get("external", [])
            skipped = self.convert_external(monitor_dict, f5_monitor, skipped,
                                            input_dir, name)
        if monitor_dict.get('error', False):
            return []
        conv_status = conv_utils.get_conv_status(
            skipped, indirect, ignore_for_defaults, f5_monitor,
            u_ignore, na_list)

        conv_utils.add_conv_status('monitor', monitor_type, name, conv_status,
                                   monitor_dict)
        return monitor_dict

Ejemplo n.º 6

Archivo: persistence_converter.py Proyecto: ypraveen/sdk

    def convert(self, f5_config, avi_config, user_ignore, tenant_ref):
        avi_config['hash_algorithm'] = []
        converted_objs = []
        f5_persistence_dict = f5_config.get('persistence')
        user_ignore = user_ignore.get('persistence', {})
        for key in f5_persistence_dict.keys():
            persist_mode = None
            name = None
            skipped = []
            try:
                persist_mode, name = key.split(" ")
                LOG.debug("Converting persistence profile: %s" % name)
                profile = f5_persistence_dict[key]
                prof_conv = ProfileConfigConv()
                profile = prof_conv.update_with_default_profile(
                    persist_mode, profile, f5_persistence_dict, name)
                tenant, name = conv_utils.get_tenant_ref(name)
                if tenant_ref != 'admin':
                    tenant = tenant_ref
                # TODO: Should be enabled after controller app cookie issue is fixed
                # if persist_mode == "cookie":
                #     persist_profile = self.convert_cookie(name, profile,
                #                                           skipped, tenant)
                #     if not persist_profile:
                #         continue
                #     u_ignore = user_ignore.get('cookie', [])
                if persist_mode == "ssl":
                    persist_profile = self.convert_ssl(
                        name, profile, skipped, self.indirect, tenant)
                    u_ignore = user_ignore.get('ssl', [])
                elif persist_mode == "source-addr":
                    persist_profile = self.convert_source_addr(
                        name, profile, skipped, tenant)
                    u_ignore = user_ignore.get('source-addr', [])
                elif persist_mode == "hash":
                    avi_config['hash_algorithm'].append(name)
                    skipped = profile.keys()
                    LOG.warn('hash-persistence profile %s will be mapped '
                             'indirectly to Pool -> Load Balance  Algorithm'
                             % name)
                    conv_status = {
                        'status': conv_const.STATUS_PARTIAL,
                        'skipped': skipped
                    }
                    msg = 'Indirectly mapped to Pool -> Load Balance Algorithm'
                    conv_utils.add_conv_status(
                        'profile', "hash-persistence", name, conv_status, msg)
                    continue
                else:
                    LOG.warning(
                        'persist mode not supported skipping conversion: %s' %
                        name)
                    self.update_conv_status_for_skip(persist_mode, name)
                    continue
                if not persist_profile:
                    continue
                # code to merge applicaation persistence profile.
                if self.object_merge_check:
                    conv_utils.update_skip_duplicates(persist_profile,
                                    avi_config['ApplicationPersistenceProfile'],
                                    'app_per_profile', converted_objs, name,
                                                      None)
                    self.app_per_count += 1
                else:
                    avi_config["ApplicationPersistenceProfile"].append(
                        persist_profile)

                ignore_for_defaults = {"app-service": "none", "mask": "none"}
                conv_status = conv_utils.get_conv_status(
                    skipped, self.indirect, ignore_for_defaults,
                    profile, u_ignore)
                self.update_conversion_status(conv_status, persist_mode,
                                              name, persist_profile)
            except:
                LOG.error("Failed to convert persistance profile : %s" % key,
                          exc_info=True)
                self.update_conv_status_for_error(name, persist_mode, key)

        count = len(avi_config["ApplicationPersistenceProfile"])
        LOG.debug("Converted %s persistence profiles" % count)
        f5_config.pop('persistence')

Ejemplo n.º 7

Archivo: persistence_converter.py Proyecto: ypraveen/sdk

 def update_conversion_status(self, conv_status, persist_mode, name,
                              persist_profile):
     conv_utils.add_conv_status('profile', 'persist', name,
                                conv_status, persist_profile)
     LOG.debug("Conversion successful for persistence profile: %s" %
               name)

Ejemplo n.º 8

    def convert_vs(self, vs_name, f5_vs, vs_state, avi_config, snat_config,
                   user_ignore, tenant_ref, cloud_name, controller_version):
        tenant, vs_name = conv_utils.get_tenant_ref(vs_name)
        if not tenant_ref == 'admin':
            tenant = tenant_ref
        hash_profiles = avi_config.get('hash_algorithm', [])
        description = f5_vs.get("description", None)
        skipped = [
            key for key in f5_vs.keys() if key not in self.supported_attr
        ]
        enabled = (vs_state == 'enable')
        if enabled:
            enabled = False if "disabled" in f5_vs.keys() else True
        profiles = f5_vs.get("profiles", {})
        ssl_vs, ssl_pool = conv_utils.get_vs_ssl_profiles(
            profiles, avi_config, self.prefix)
        oc_prof = False
        for prof in profiles:
            if prof in avi_config.get('OneConnect', []):
                oc_prof = True
        app_prof, f_host, realm, policy_set = conv_utils.get_vs_app_profiles(
            profiles, avi_config, tenant, self.prefix, oc_prof)

        if not app_prof:
            LOG.warning('Profile type not supported by Avi Skipping VS : %s' %
                        vs_name)
            conv_utils.add_status_row('virtual', None, vs_name,
                                      final.STATUS_SKIPPED)
            return None

        ntwk_prof = conv_utils.get_vs_ntwk_profiles(profiles, avi_config,
                                                    self.prefix)

        # If one connect profile is not assigned to f5 VS and avi app profile
        # assigned to VS has connection_multiplexing_enabled value True then
        # clone profile and make connection_multiplexing_enabled as False
        pool_ref = f5_vs.get("pool", None)
        app_prof_obj = [
            obj for obj in avi_config['ApplicationProfile']
            if obj['name'] == app_prof[0]
        ]
        cme = True
        app_prof_type = None
        if app_prof_obj:
            app_prof_type = app_prof_obj[0].get('type')
        if app_prof_type == 'APPLICATION_PROFILE_TYPE_HTTP':
            cme = app_prof_obj[0]['http_profile'].get(
                'connection_multiplexing_enabled', False)
        if not (cme or oc_prof):
            # Check if already cloned profile present
            app_prof_cmd = [
                obj for obj in avi_config['ApplicationProfile']
                if obj['name'] == '%s-cmd' % app_prof[0]
            ]
            if app_prof_cmd:
                app_prof[0] = app_prof_cmd[0]['name']
            else:
                app_prof_cmd = copy.deepcopy(app_prof_obj[0])
                app_prof_cmd['name'] = '%s-cmd' % app_prof_cmd['name']
                app_prof_cmd['connection_multiplexing_enabled'] = False
                avi_config['ApplicationProfile'].append(app_prof_cmd)
                app_prof[0] = app_prof_cmd['name']

        enable_ssl = False
        if ssl_vs:
            enable_ssl = True
        destination = f5_vs.get("destination", None)
        d_tenant, destination = conv_utils.get_tenant_ref(destination)
        # if destination is not present then skip vs.
        services_obj, ip_addr, vsvip_ref, vrf_ref = conv_utils.get_service_obj(
            destination, avi_config, enable_ssl, controller_version, tenant,
            cloud_name, self.prefix, vs_name)
        # Added Check for if port is no digit skip vs.
        if not services_obj and not ip_addr and not vsvip_ref:
            LOG.debug("Skipped: Virtualservice: %s" % vs_name)
            conv_utils.add_status_row('virtual', None, vs_name,
                                      final.STATUS_SKIPPED)
            return

        is_pool_group = False
        if pool_ref:
            p_tenant, pool_ref = conv_utils.get_tenant_ref(pool_ref)
            # TODO: need to revisit after shared pool support implemented
            pool_ref, is_pool_group = conv_utils.clone_pool_if_shared(
                pool_ref,
                avi_config,
                vs_name,
                tenant,
                p_tenant,
                cloud_name=cloud_name,
                prefix=self.prefix)
            if ssl_pool:
                if is_pool_group:
                    conv_utils.add_ssl_to_pool_group(avi_config, pool_ref,
                                                     ssl_pool[0], tenant)
                    conv_utils.remove_http_mon_from_pool_group(
                        avi_config, pool_ref, tenant)
                else:
                    conv_utils.add_ssl_to_pool(avi_config['Pool'], pool_ref,
                                               ssl_pool[0], tenant)
                    conv_utils.remove_http_mon_from_pool(
                        avi_config, pool_ref, tenant)
            else:
                # TODO Remove this once controller support this scenario.
                if is_pool_group:
                    conv_utils.remove_https_mon_from_pool_group(
                        avi_config, pool_ref, tenant)
                else:
                    conv_utils.remove_https_mon_from_pool(
                        avi_config, pool_ref, tenant)

            persist_ref = self.get_persist_ref(f5_vs)
            if persist_ref:
                avi_persistence = avi_config.get(
                    'ApplicationPersistenceProfile', [])

                if is_pool_group:
                    pool_updated = conv_utils.update_pool_group_for_persist(
                        avi_config, pool_ref, persist_ref, hash_profiles,
                        avi_persistence, tenant)
                else:
                    pool_updated = conv_utils.update_pool_for_persist(
                        avi_config['Pool'], pool_ref, persist_ref,
                        hash_profiles, avi_persistence, tenant)

                if not pool_updated:
                    skipped.append("persist")
                    LOG.warning("persist profile %s not found for vs:%s" %
                                (persist_ref, vs_name))
            if f_host:
                conv_utils.update_pool_for_fallback(f_host, avi_config['Pool'],
                                                    pool_ref)
        ip_addr = ip_addr.strip()
        matches = re.findall('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', ip_addr)
        if not matches or ip_addr == '0.0.0.0':
            LOG.warning('Avi does not support IPv6 : %s. '
                        'Generated random ipv4 for vs: %s' %
                        (ip_addr, vs_name))
            vs_name += '-needs-ipv6-ip'
            ip_addr = ".".join(
                map(str, (random.randint(0, 255) for _ in range(4))))
        # VIP object for virtual service
        vip = {'ip_address': {'addr': ip_addr, 'type': 'V4'}, 'vip_id': 0}
        vs_obj = {
            'name':
            vs_name,
            'description':
            description,
            'type':
            'VS_TYPE_NORMAL',
            'enabled':
            enabled,
            'cloud_ref':
            conv_utils.get_object_ref(cloud_name, 'cloud', tenant=tenant),
            'services':
            services_obj,
            'application_profile_ref':
            app_prof[0],
            'vs_datascripts': [],
            'tenant_ref':
            conv_utils.get_object_ref(tenant, 'tenant')
        }

        if vrf_ref:
            vs_obj['vrf_context_ref'] = vrf_ref
        if parse_version(controller_version) >= parse_version('17.1'):
            vs_obj['vip'] = [vip]
            vs_obj['vsvip_ref'] = vsvip_ref
        else:
            vs_obj['ip_address'] = vip['ip_address']
        vs_ds_rules = None
        if 'rules' in f5_vs:
            if isinstance(f5_vs['rules'], basestring):
                vs_ds_rules = [f5_vs['rules']]
            else:
                vs_ds_rules = f5_vs['rules'].keys()
            for index, rule in enumerate(vs_ds_rules):
                # converted _sys_https_redirect data script to rule in
                # http policy
                if rule == '_sys_https_redirect':
                    # Added prefix for objects
                    if self.prefix:
                        policy_name = self.prefix + '-' + rule + '-' + vs_name
                    else:
                        policy_name = rule + '-' + vs_name
                    policy = {
                        "name": policy_name,
                        "http_request_policy": {
                            "rules": [{
                                "index": 1,
                                "redirect_action": {
                                    "keep_query": True,
                                    "status_code":
                                    "HTTP_REDIRECT_STATUS_CODE_302",
                                    "protocol": "HTTPS",
                                    "port": 443
                                },
                                "enable": True,
                                "name": policy_name + "-Redirect",
                                "match": {
                                    "protocol": {
                                        "protocols": "HTTP",
                                        "match_criteria": "IS_IN"
                                    }
                                }
                            }]
                        },
                        'tenant_ref':
                        conv_utils.get_object_ref(tenant, 'tenant'),
                        "is_internal_policy": False
                    }
                    http_policies = {
                        'index':
                        11,
                        'http_policy_set_ref':
                        conv_utils.get_object_ref(policy_name,
                                                  'httppolicyset',
                                                  tenant=tenant)
                    }
                    vs_obj['http_policies'] = []
                    vs_obj['http_policies'].append(http_policies)
                    avi_config['HTTPPolicySet'].append(policy)
        if is_pool_group:
            vs_obj['pool_group_ref'] = conv_utils.get_object_ref(
                pool_ref, 'poolgroup', tenant=tenant, cloud_name=cloud_name)
        elif pool_ref:
            vs_obj['pool_ref'] = conv_utils.get_object_ref(
                pool_ref, 'pool', tenant=tenant, cloud_name=cloud_name)

        self.convert_translate_port(avi_config, f5_vs, app_prof[0], pool_ref,
                                    skipped)
        conn_limit = int(f5_vs.get(self.connection_limit, '0'))
        if conn_limit > 0:
            vs_obj["performance_limits"] = {
                "max_concurrent_connections": conn_limit
            }
        rate_limit = int(f5_vs.get('rate-limit', '0'))
        if rate_limit > 0:
            vs_obj["connections_rate_limit"] = {"count": rate_limit}

        if realm:
            vs_obj['client_auth'] = realm

        if policy_set:
            vs_obj['http_policies'] = policy_set

        source = f5_vs.get('source', '0.0.0.0/0')
        if '%' in source:
            s_parts = source.split('%')
        elif '/' in source:
            s_parts = source.split('/')
        else:
            s_parts = [source]
        if not s_parts[0] == '0.0.0.0':
            parts = source.split('/')
            if '%' in parts[0]:
                parts[0] = parts[0].split('%')[0]
            mask = 24
            if len(parts) > 1:
                mask = parts[1]
            policy_name = ('vs-%s-ns' % vs_name)
            policy = conv_utils.create_network_security_rule(
                policy_name, parts[0], mask, tenant)
            avi_config['NetworkSecurityPolicy'].append(policy)
            vs_obj['network_security_policy_ref'] = conv_utils.get_object_ref(
                policy_name, 'networksecuritypolicy', tenant=tenant)

        # Checking snat conversion flag and snat info for creating snat ip object
        snat = f5_vs.get("source-address-translation", {})
        snat_pool_name = snat.get("pool", f5_vs.get("snatpool", None))
        snat_pool = snat_config.pop(snat_pool_name, None)
        if snat_pool:
            if self.con_snatpool:
                LOG.debug(
                    "Converting the snat as input flag and snat information is set"
                )
                snat_list = conv_utils.get_snat_list_for_vs(snat_pool)
                if len(snat_list) > 32:
                    vs_obj["snat_ip"] = snat_list[0:32]
                    LOG.warning(
                        'Ignore the snat IPs, its count is beyond 32 for vs : %s'
                        % vs_name)
                else:
                    vs_obj["snat_ip"] = snat_list
                conv_status = {'status': final.STATUS_SUCCESSFUL}
                message = 'Mapped indirectly to VS -> SNAT IP Address'
                conv_utils.add_conv_status('snatpool', '', snat_pool_name,
                                           conv_status, message)
            else:
                LOG.debug(
                    "Skipped: snat conversion as input flag is not set for vs : %s"
                    % vs_name)
                skipped.append("source-address-translation" if f5_vs.get(
                    "source-address-translation") else "snatpool" if f5_vs.
                               get("snatpool") else None)

        if ntwk_prof:
            vs_obj['network_profile_ref'] = ntwk_prof[0]
        if enable_ssl:
            vs_obj['ssl_profile_ref'] = ssl_vs[0]["profile"]
            if ssl_vs[0]["cert"]:
                vs_obj['ssl_key_and_certificate_refs'] = [ssl_vs[0]["cert"]]
            if ssl_vs[0]["pki"] and app_prof[0] != "http":
                app_profiles = [
                    obj for obj in avi_config["ApplicationProfile"]
                    if obj['name'] == conv_utils.get_name_from_ref(app_prof[0])
                ]
                if app_profiles[0]["type"] == \
                        'APPLICATION_PROFILE_TYPE_HTTP':
                    app_profiles[0]["http_profile"][
                        "ssl_client_certificate_mode"] = ssl_vs[0]["mode"]
                    app_profiles[0]["http_profile"]["pki_profile_ref"] = \
                        ssl_vs[0]["pki"]

        # Added code to skipped L4 VS if pool or pool group not present
        if vs_obj['application_profile_ref']:
            app_profile_name = \
                str(vs_obj['application_profile_ref']).split(
                    '&name=')[1]
            application_profile_obj = \
                [obj for obj in avi_config['ApplicationProfile']
                 if obj['name'] == app_profile_name]
            if application_profile_obj and application_profile_obj[0]['type'] \
                    == 'APPLICATION_PROFILE_TYPE_L4':
                if not 'pool_ref' and not 'pool_group_ref' in vs_obj:
                    LOG.debug("Failed to convert L4 VS dont have "
                              "pool or pool group ref: %s" % vs_name)
                    conv_utils.add_status_row('virtual', None, vs_name,
                                              final.STATUS_SKIPPED)
                    return
        for attr in self.ignore_for_value:
            ignore_val = self.ignore_for_value[attr]
            actual_val = f5_vs.get(attr, None)
            if not actual_val:
                continue
            if isinstance(ignore_val, str) and actual_val == ignore_val:
                skipped.remove(attr)
            elif isinstance(ignore_val, list) and actual_val in ignore_val:
                skipped.remove(attr)
        conv_status = dict()
        conv_status['user_ignore'] = [
            val for val in skipped if val in user_ignore
        ]

        if vs_ds_rules:
            skipped_rules = [
                rule for rule in vs_ds_rules if rule != '_sys_https_redirect'
            ]
            if skipped_rules:
                skipped.append('rules: %s' % skipped_rules)
        conv_status['na_list'] = [
            val for val in skipped if val in self.vs_na_attr
        ]
        skipped = [attr for attr in skipped if attr not in self.vs_na_attr]
        skipped = [attr for attr in skipped if attr not in user_ignore]
        conv_status['skipped'] = skipped
        status = final.STATUS_SUCCESSFUL
        if skipped:
            status = final.STATUS_PARTIAL
        conv_status['status'] = status

        conv_utils.add_conv_status('virtual', None, vs_name, conv_status,
                                   vs_obj)

        return vs_obj

Ejemplo n.º 9

    def convert(self, f5_config, avi_config, user_ignore, tenant_ref):
        avi_config['hash_algorithm'] = []
        converted_objs = []
        f5_persistence_dict = f5_config.get('persistence')
        user_ignore = user_ignore.get('persistence', {})
        for key in f5_persistence_dict.keys():
            persist_mode = None
            name = None
            skipped = []
            try:
                persist_mode, name = key.split(" ")
                LOG.debug("Converting persistence profile: %s" % name)
                profile = f5_persistence_dict[key]
                prof_conv = ProfileConfigConv()
                profile = prof_conv.update_with_default_profile(
                    persist_mode, profile, f5_persistence_dict, name)
                tenant, name = conv_utils.get_tenant_ref(name)
                if tenant_ref != 'admin':
                    tenant = tenant_ref
                # TODO: Should be enabled after controller app cookie issue is fixed
                # if persist_mode == "cookie":
                #     persist_profile = self.convert_cookie(name, profile,
                #                                           skipped, tenant)
                #     if not persist_profile:
                #         continue
                #     u_ignore = user_ignore.get('cookie', [])
                if persist_mode == "ssl":
                    persist_profile = self.convert_ssl(name, profile, skipped,
                                                       self.indirect, tenant)
                    u_ignore = user_ignore.get('ssl', [])
                elif persist_mode == "source-addr":
                    persist_profile = self.convert_source_addr(
                        name, profile, skipped, tenant)
                    u_ignore = user_ignore.get('source-addr', [])
                elif persist_mode == "hash":
                    avi_config['hash_algorithm'].append(name)
                    skipped = profile.keys()
                    LOG.warn('hash-persistence profile %s will be mapped '
                             'indirectly to Pool -> Load Balance  Algorithm' %
                             name)
                    conv_status = {
                        'status': conv_const.STATUS_PARTIAL,
                        'skipped': skipped
                    }
                    msg = 'Indirectly mapped to Pool -> Load Balance Algorithm'
                    conv_utils.add_conv_status('profile', "hash-persistence",
                                               name, conv_status, msg)
                    continue
                else:
                    LOG.warning(
                        'persist mode not supported skipping conversion: %s' %
                        name)
                    self.update_conv_status_for_skip(persist_mode, name)
                    continue
                if not persist_profile:
                    continue
                # code to merge applicaation persistence profile.
                if self.object_merge_check:
                    conv_utils.update_skip_duplicates(
                        persist_profile,
                        avi_config['ApplicationPersistenceProfile'],
                        'app_per_profile', converted_objs, name, None)
                    self.app_per_count += 1
                else:
                    avi_config["ApplicationPersistenceProfile"].append(
                        persist_profile)

                ignore_for_defaults = {"app-service": "none", "mask": "none"}
                conv_status = conv_utils.get_conv_status(
                    skipped, self.indirect, ignore_for_defaults, profile,
                    u_ignore)
                self.update_conversion_status(conv_status, persist_mode, name,
                                              persist_profile)
            except:
                LOG.error("Failed to convert persistance profile : %s" % key,
                          exc_info=True)
                self.update_conv_status_for_error(name, persist_mode, key)

        count = len(avi_config["ApplicationPersistenceProfile"])
        LOG.debug("Converted %s persistence profiles" % count)
        f5_config.pop('persistence')

Ejemplo n.º 10

 def update_conversion_status(self, conv_status, persist_mode, name,
                              persist_profile):
     conv_utils.add_conv_status('profile', 'persist', name, conv_status,
                                persist_profile)
     LOG.debug("Conversion successful for persistence profile: %s" % name)