def main(argv):
debug_level = 0
mylogger = rtclogger.LOGGER("AMPeventDetails", debug_level, "")
try:
dbconn = rtcdb.RTCDB()
dbresult = dbconn.getXconfig("iseconfig")
creds = json.loads(dbresult["configstring"])
ISE_SERVER = creds["ise_server"]
ISE_USERNAME = creds["ise_username"]
PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"]
PXGRID_CLIENT_KEY = creds["pxgrid_client_key"]
PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"]
PXGRID_SERVER_CERT = creds["pxgrid_server_cert"]
PXGRID_NODENAME = creds["pxgrid_nodename"]
if "pxgrid_password" in creds:
PXGRID_PASSWORD = creds["pxgrid_password"]
else:
PXGRID_PASSWORD = ""
if 'REQUEST_METHOD' in os.environ:
debug = False
else:
debug = True
# print("connecting to ....{} {} {}".format(ISE_SERVER,ISE_USERNAME,ISE_PASSWORD))
i = cats.ISE_PXGRID(server=ISE_SERVER,
password=PXGRID_PASSWORD,
debug=debug,
logfile="",
clientcert=PXGRID_CLIENT_CERT,
clientkey=PXGRID_CLIENT_KEY,
clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD,
servercert=PXGRID_SERVER_CERT,
nodename=PXGRID_NODENAME)
# i = cats.ISE_PXGRID(server=ISE_SERVER,username=ISE_USERNAME,password=ISE_PASSWORD,debug=True,logfile="")
rsp = i.getSessions()
# print(str(rsp))
rsp.update({"rtcResult": "OK"})
except Exception as err:
rsp = {"rtcResult": mylogger.exception_info(err)}
print("Content-type:application/json\n\n")
print(json.dumps(rsp))
def __init__(self,name,thresholdLogLevel,logfilename):
try:
threading.Thread.__init__(self)
self.logthreshold = thresholdLogLevel
self.logger = rtclogger.LOGGER(name,thresholdLogLevel,logfilename)
self.logger.log_debug(0,"starting {} thread with log level {}".format(name,str(thresholdLogLevel)))
self.db = rtcdb.RTCDB()
dbresult = self.db.getConfig("rtcconfig")
self.rtcConfig = json.loads(dbresult["configstring"])
self.threshold = self.rtcConfig["rtcThreshold"]
dbresult = self.db.getConfig("iseconfig")
creds = json.loads(dbresult["configstring"])
ISE_SERVER = creds["ise_server"]
ISE_USERNAME = creds["ise_username"]
ISE_PASSWORD = creds["ise_password"]
if "pxgrid_password" in creds:
PXGRID_PASSWORD = creds["pxgrid_password"]
else:
PXGRID_PASSWORD = ""
PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"]
PXGRID_CLIENT_KEY = creds["pxgrid_client_key"]
PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"]
PXGRID_SERVER_CERT = creds["pxgrid_server_cert"]
PXGRID_NODENAME = creds["pxgrid_nodename"]
self.pxgrid = cats.ISE_PXGRID(server=ISE_SERVER,clientcert=PXGRID_CLIENT_CERT,clientkey=PXGRID_CLIENT_KEY,clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD,servercert=PXGRID_SERVER_CERT,nodename=PXGRID_NODENAME,password=PXGRID_PASSWORD,debug=False,logfile="")
self.ise_anc = cats.ISE_ANC(ISE_SERVER,ISE_USERNAME,ISE_PASSWORD,debug=False)
self.ancpolicy = self.rtcConfig["rtcPolicyName"]
dbresultAMP = self.db.getXconfig("ampconfig")
credsAMP = json.loads(dbresultAMP["configstring"])
AMP_cloud = "us"
AMP_api_client_id = credsAMP["amp_api_client_id"]
AMP_api_key = credsAMP["amp_api_key"]
self.amp = cats.AMP(cloud=AMP_cloud,api_client_id=AMP_api_client_id,api_key=AMP_api_key,debug=False,logfile="")
except Exception as err:
self.logger.log_debug(0,self.logger.exception_info(err))
def main(argv):
# todo -
# input validation is for wimps
#
print("Content-type:application/json\n\n")
try:
debug_level = 4
mylogger = rtclogger.LOGGER("Config ", debug_level, "")
order = str(sys.stdin.read())
ppost = json.loads(order)
table = ppost["table"]
post = ppost["post"]
debugmsg = ""
dbconn = rtcdb.RTCDB()
if table == "iseconfig":
mylogger.log_debug(0, json.dumps(post))
if post["pxgrid_client_cert"]:
post.update({"pxgrid_password": ""})
else:
debugmsg = "not post client cert and iseconfig"
''' password based auth for ise may need to retrieve password if not already stored'''
dbresult = dbconn.getXconfig("iseconfig")
if dbresult["rtcResult"] == "OK":
configstring = dbresult["configstring"]
iseconfig = json.loads(configstring)
if not "pxgrid_password" in iseconfig:
debugmsg = debugmsg + " not pxgrid password"
i = cats.ISE_PXGRID(server=post["ise_server"],
nodename=post["pxgrid_nodename"],
description="",
debug=True,
logfile="/tmp/rtc.log")
password = i.getPassword()
debugmsg = debugmsg + "password is " + password
i.activate()
post.update({"pxgrid_password": password})
else:
rsp = {
"rtcResult": "DB ERROR",
"info": debugmsg + dbresult["info"]
}
print(json.dumps(rsp))
return
dbresult = dbconn.updateXconfig(table, json.dumps(post))
if dbresult["rtcResult"] == "OK":
dbresult = dbconn.getXconfig(table)
if dbresult["rtcResult"] == "OK":
configstring = dbresult["configstring"]
rsp = {"rtcResult": "OK"}
rsp.update({"configstring": configstring})
else:
rsp = {"rtcResult": "DB ERROR" + debugmsg}
else:
rsp = {
"rtcResult": "DB ERROR",
"info": debugmsg + dbresult["info"]
}
print(json.dumps(rsp))
except Exception as err:
result = {
"result":
"Error",
"info":
"some error {} table {} post {} {}".format(
mylogger.exception_info(err), table, post, debugmsg)
}
print(json.dumps(result))
def main(argv):
ISE_SERVER = ""
ISE_PASSWORD = ""
PXGRID_CLIENT_CERT = ""
PXGRID_CLIENT_KEY = ""
PXGRID_CLIENT_KEY_PASSWORD = ""
PXGRID_SERVER_CERT = ""
PXGRID_NODENAME = ""
mac = ""
ip = ""
debug = False
password = ""
nodename2 = ""
certauth = False
description = ""
server2 = ""
password2 = ""
jsonfile = "iseconfig.json"
operation = "getsessions"
try:
opts, args = getopt.getopt(argv, "hcdp:i:m:n:t:j:s:o:")
for opt, arg in opts:
if opt == '-h':
print_help()
sys.exit(2)
if opt == ("-d"):
debug = True
if opt == ("-c"):
certauth = True
if opt == ("-i"):
ip = arg
if opt == ("-m"):
mac = arg
if opt == ("-n"):
nodename2 = arg
if opt == ("-t"):
description = arg
if opt == ("-j"):
jsonfile = arg
if opt == ("-s"):
server2 = arg
if opt == ("-p"):
password = arg
if opt == ("-o"):
operation = arg
found = False
for o in OPERATIONS:
if operation == o["name"]:
found = True
if not found:
raise ValueError
except Exception as err:
print("Error in syntax")
print_help()
sys.exit(2)
try:
try:
print("opening config file {}".format(jsonfile))
creds = json.loads(open(jsonfile).read())
ISE_SERVER = creds["ise_server"]
PXGRID_PASSWORD = creds["ise_password"]
PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"]
PXGRID_CLIENT_KEY = creds["pxgrid_client_key"]
PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"]
PXGRID_SERVER_CERT = creds["pxgrid_server_cert"]
PXGRID_NODENAME = creds["pxgrid_nodename"]
except Exception as e:
print(
"unable to open jsonfile {}, continuing (will only work for password based auth)"
.format(jsonfile))
# override file config options for ise server and nodename
if server2:
ISE_SERVER = server2
if nodename2:
PXGRID_NODENAME = nodename2
if not ISE_SERVER:
print("No ISE server specified, nor in file or with -s option")
print_help()
sys.exit(2)
if certauth:
if debug:
print("NODE {} CLIENT CERT {} KEY {} SERVER CERT {}".format(
PXGRID_NODENAME, PXGRID_CLIENT_CERT, PXGRID_CLIENT_KEY,
PXGRID_SERVER_CERT))
if PXGRID_NODENAME and PXGRID_CLIENT_CERT and PXGRID_CLIENT_KEY and PXGRID_CLIENT_KEY_PASSWORD and PXGRID_SERVER_CERT:
i = cats.ISE_PXGRID(
server=ISE_SERVER,
nodename=PXGRID_NODENAME,
clientcert=PXGRID_CLIENT_CERT,
clientkey=PXGRID_CLIENT_KEY,
clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD,
servercert=PXGRID_SERVER_CERT,
description=description,
debug=debug,
logfile="")
## i.activate seems to be necessary once for the node name for cert based auth
i.activate()
else:
print(
"Not all options for cert auth specified in json file, see -h for help"
)
sys.exit(2)
else:
print("not cert auth")
if PXGRID_NODENAME:
i = cats.ISE_PXGRID(server=ISE_SERVER,
nodename=PXGRID_NODENAME,
password=password,
description=description,
debug=debug,
logfile="")
password = i.getPassword()
print("password is {}".format(password))
i.activate()
else:
print(
"Nodename must be specified for password based auth, see -h for help"
)
sys.exit(2)
if operation == "getsessions":
rsp = i.getSessions(ip=ip, mac=mac)
if operation == "getbindings":
rsp = i.getBindings()
if operation == "getsecuritygroups":
rsp = i.getSecurityGroups()
if operation == "getsecuritygroupacls":
rsp = i.getSecurityGroupACLs()
if operation == "getprofiles":
rsp = i.getProfiles()
if operation == "getfailures":
rsp = i.getFailures()
print(json.dumps(rsp, indent=4, sort_keys=True))
print("password used was {}".format(password))
except Exception as err:
print("ERROR")
print(exception_info(err))
print("ERROR")
def main(argv):
### default never log,change this if needed
debug_level = 0
mylogger = rtclogger.LOGGER("getHosts", debug_level, "")
try:
if 'REQUEST_METHOD' in os.environ:
### this is called as CGI script and we should avoid printouts
debug = False
post = str(sys.stdin.read())
temp = json.loads(post)
recurring = temp["recurring"]
else:
### this is called via CLI for troubleshooting
recurring = "True"
debug = True
dbconn = rtcdb.RTCDB()
rsp = dbconn.getHosts()
hosts = rsp["items"]
mylogger.log_debug(7, json.dumps(hosts))
dbresult = dbconn.getXconfig("iseconfig")
creds = json.loads(dbresult["configstring"])
i = None
if "ise_server" in creds:
ISE_SERVER = creds["ise_server"]
ISE_USERNAME = creds["ise_username"]
ISE_PASSWORD = creds["ise_password"]
if "pxgrid_password" in creds:
PXGRID_PASSWORD = creds["pxgrid_password"]
else:
PXGRID_PASSWORD = ""
PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"]
PXGRID_CLIENT_KEY = creds["pxgrid_client_key"]
PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"]
PXGRID_SERVER_CERT = creds["pxgrid_server_cert"]
PXGRID_NODENAME = creds["pxgrid_nodename"]
i = cats.ISE_PXGRID(server=ISE_SERVER,
debug=debug,
logfile="",
clientcert=PXGRID_CLIENT_CERT,
clientkey=PXGRID_CLIENT_KEY,
clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD,
servercert=PXGRID_SERVER_CERT,
nodename=PXGRID_NODENAME,
password=PXGRID_PASSWORD)
anc = cats.ISE_ANC(ISE_SERVER,
ISE_USERNAME,
ISE_PASSWORD,
debug=debug,
logfile="")
dbresult = dbconn.getXconfig("ampconfig")
creds = json.loads(dbresult["configstring"])
a = None
if "amp_api_client_id" in creds:
API_CLIENT_ID = creds["amp_api_client_id"]
API_KEY = creds["amp_api_key"]
a = cats.AMP(cloud="us",
api_client_id=API_CLIENT_ID,
api_key=API_KEY,
debug=debug,
logfile="")
for h in hosts:
mylogger.log_debug(7, "Host is ".format(json.dumps(h)))
if i:
try:
mylogger.log_debug(7, "getting sessions for " + h["mac"])
rsp = i.getSessions(mac=h["mac"])
mylogger.log_debug(
7, "pxgrid rsp {}".format(json.dumps(rsp)))
h.update({"ise": rsp})
except Exception as err:
mylogger.log_debug(
2, "ise sessions " + mylogger.exception_info(err))
h.update({"ise": {}})
else:
h.update({"ise": {}})
if a:
try:
# is this the same rsp as gotten from getsessions?!?!
ip = rsp["ipAddresses"][0]
rsp = a.computers(internal_ip=ip)
mylogger.log_debug(7, "AMP resp" + json.dumps(rsp))
h.update({"amp": rsp})
except Exception as err:
mylogger.log_debug(
1, "amp exception" + mylogger.exception_info(err))
h.update({"amp": {}})
else:
h.update({"amp": {}})
if anc:
try:
mylogger.log_debug(7, "reading ISE ANC for " + h["mac"])
rsp = anc.macPolicy(h["mac"])
h.update({"ancpolicy": rsp["policy"]})
except Exception as err:
h.update({"ancpolicy": ""})
mylogger.log_debug(
1, "ise anc exception" + mylogger.exception_info(err))
else:
h.update({"ancpolicy": ""})
# get all the rtcEvent for this host
try:
rsp = dbconn.getAMPevents(h["mac"])
h.update({"ampevents": rsp})
except Exception as err:
h.update({"ampevents": {}})
mylogger.log_debug(
1, "ampevents exception" + mylogger.exception_info(err))
try:
rsp = dbconn.getSWevents(h["mac"])
h.update({"swevents": rsp})
except Exception as err:
h.update({"swevents": {}})
try:
rsp = dbconn.getUMBevents(h["mac"])
h.update({"umbevents": rsp})
except Exception as err:
h.update({"umbevents": {}})
mylogger.log_debug(
1, "umbevents exception" + mylogger.exception_info(err))
rsp = {"rtcResult": "OK"}
rsp.update({"items": hosts})
rsp.update({"recurring": recurring})
except Exception as err:
rsp = {"rtcResult": mylogger.exception_info(err)}
print("Content-type:application/json\n\n")
print(json.dumps(rsp))