def update_firewallrules(self, firewall_sig, firewallrules=None): """Update the firewallrules for this region :param: firewall_sig :param: firewallrules :return: ifirewallrules """ if not firewallrules: # firewallrules not provided, obtain from SystemController firewall_rules_file = os.path.join( tsc.CONFIG_PATH, sysinv_constants.FIREWALL_RULES_FILE) with open(firewall_rules_file, 'r') as content_file: firewallrules = content_file.read() LOG.info("update_firewallrules from shared file={}".format( firewallrules)) if not self._validate_firewallrules(firewall_sig, firewallrules): raise exceptions.SyncRequestFailedRetry() try: ifirewallrules = self.client.firewallrules.import_firewall_rules( firewallrules) LOG.info("region={} firewallrules uuid={} firewall_sig={}".format( self.region_name, ifirewallrules.get('uuid'), firewall_sig)) except Exception as e: LOG.error("update_firewallrules exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return ifirewallrules
def update_user(self, passwd_hash, root_sig, passwd_expiry_days): """Update the user passwd for this region :param: passwd_hash :return: iuser """ try: iuser = self.get_user() if not iuser: LOG.warn("iuser not found %s" % self.region_name) return iuser if (iuser.passwd_hash != passwd_hash or iuser.passwd_expiry_days != passwd_expiry_days): patch = make_sysinv_patch({ 'passwd_hash': passwd_hash, 'passwd_expiry_days': passwd_expiry_days, 'root_sig': root_sig, 'action': 'apply', }) LOG.info("region={} user update uuid={} patch={}".format( self.region_name, iuser.uuid, patch)) iuser = self.client.iuser.update(iuser.uuid, patch) else: LOG.info("update_user no changes, skip user region={} " "update uuid={} passwd_hash={}".format( self.region_name, iuser.uuid, passwd_hash)) except Exception as e: LOG.error("update_user exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return iuser
def update_remotelogging(self, values): """Update the remotelogging values for this region :param: values dictionary or payload :return: remotelogging """ try: remotelogging = self.get_remotelogging() if not remotelogging: LOG.warn("remotelogging not found %s" % self.region_name) return remotelogging if isinstance(values, dict): patch = self.create_remote_logging_patch_from_dict(values) else: patch = values if (not self.ip_address_in_patch(patch) and not remotelogging.ip_address): # This region does not have an ip_address set yet LOG.info("region={} remotelogging ip_address not set " "uuid={} patch={}. Skip patch operation.".format( self.region_name, remotelogging.uuid, patch)) return remotelogging LOG.info("region={} remotelogging update uuid={} patch={}".format( self.region_name, remotelogging.uuid, patch)) remotelogging = self.client.remotelogging.update( remotelogging.uuid, patch) except Exception as e: LOG.error("update_remotelogging exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return remotelogging
def update_ntp(self, ntpservers): """Update the ntpservers for this region :param: ntpservers csv string :return: Nothing """ try: intp = self.get_ntp() if not intp: LOG.warn("intp not found %s" % self.region_name) return intp # if intp.ntpservers != ntpservers: if not self._same_ntp(intp.ntpservers, ntpservers): if ntpservers == "": ntpservers = "NC" patch = make_sysinv_patch({ 'ntpservers': ntpservers, 'action': 'apply' }) LOG.info("region={} ntp update uuid={} patch={}".format( self.region_name, intp.uuid, patch)) intp = self.client.intp.update(intp.uuid, patch) else: LOG.info("update_ntp no changes, skip ntp region={} " "update uuid={} ntpservers={}".format( self.region_name, intp.uuid, ntpservers)) except Exception as e: LOG.error("update_ntp exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return intp
def update_dns(self, nameservers): """Update the dns nameservers for this region :param: nameservers csv string :return: Nothing """ try: idns = self.get_dns() if not idns: LOG.warn("idns not found %s" % self.region_name) return idns if idns.nameservers != nameservers: if nameservers == "": nameservers = "NC" patch = make_sysinv_patch({ 'nameservers': nameservers, 'action': 'apply' }) LOG.info("region={} dns update uuid={} patch={}".format( self.region_name, idns.uuid, patch)) idns = self.client.idns.update(idns.uuid, patch) else: LOG.info("update_dns no changes, skip dns region={} " "update uuid={} nameservers={}".format( self.region_name, idns.uuid, nameservers)) except Exception as e: LOG.error("update_dns exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return idns
def update_ptp(self, enabled): """Update the ptp configuration for this region :param: enabled :return: Nothing """ try: ptp = self.get_ptp() if not ptp: LOG.warn("ptp not found %s" % self.region_name) return ptp if ptp.enabled != (enabled == "True"): patch = make_sysinv_patch({'enabled': enabled}) LOG.info("region={} ptp update uuid={} patch={}".format( self.region_name, ptp.uuid, patch)) ptp = self.client.ptp.update(ptp.uuid, patch) else: LOG.info("update_ptp no changes, skip ptp region={} " "update uuid={} enabled={}".format( self.region_name, ptp.uuid, enabled)) except Exception as e: LOG.error("update_ptp exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return ptp
def get_certificates(self): """Get the certificates for this region :return: certificates """ try: certificates = self.client.certificate.list() except Exception as e: LOG.error("get_certificates region={} " "exception={}".format(self.region_name, e)) raise exceptions.SyncRequestFailedRetry() if not certificates: LOG.info("No certificates in region: {}".format(self.region_name)) return certificates
def snmp_community_delete(self, community): """Delete the community for this region :param: community """ try: LOG.info("snmp_community_delete region {} community: {}".format( self.region_name, community)) self.client.icommunity.delete(community) except HTTPNotFound: LOG.info("snmp_community_delete NotFound %s for region: {}".format( community, self.region_name)) raise exceptions.CommunityNotFound(region_name=self.region_name, community=community) except Exception as e: LOG.error("snmp_community_delete exception={}".format(e)) raise exceptions.SyncRequestFailedRetry()
def snmp_trapdest_delete(self, trapdest_ip_address): """Delete the trapdest for this region :param: trapdest_ip_address """ try: LOG.info("snmp_trapdest_delete region {} ip_address: {}".format( self.region_name, trapdest_ip_address)) self.client.itrapdest.delete(trapdest_ip_address) except HTTPNotFound: LOG.info("snmp_trapdest_delete NotFound %s for region: {}".format( trapdest_ip_address, self.region_name)) raise exceptions.TrapDestNotFound(region_name=self.region_name, ip_address=trapdest_ip_address) except Exception as e: LOG.error("snmp_trapdest_delete exception={}".format(e)) raise exceptions.SyncRequestFailedRetry()
def get_remotelogging(self): """Get the remotelogging for this region :return: remotelogging """ try: remoteloggings = self.client.remotelogging.list() remotelogging = remoteloggings[0] except Exception as e: LOG.error("get_remotelogging exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() if not remotelogging: LOG.info("remotelogging is None for region: %s" % self.region_name) else: LOG.debug("get_remotelogging uuid=%s ip_address=%s" % (remotelogging.uuid, remotelogging.ip_address)) return remotelogging
def get_firewallrules(self): """Get the firewallrules for this region :return: firewallrules """ try: firewallruless = self.client.firewallrules.list() firewallrules = firewallruless[0] except Exception as e: LOG.error("get_firewallrules region={} " "exception={}".format(self.region_name, e)) raise exceptions.SyncRequestFailedRetry() if not firewallrules: LOG.info("firewallrules is None for region: {}".format( self.region_name)) else: LOG.info("get_firewallrules uuid=%s firewall_sig=%s" % (firewallrules.uuid, firewallrules.firewall_sig)) return firewallrules
def snmp_trapdest_create(self, trapdest_dict): """Add the trapdest for this region :param: trapdest_payload dictionary :return: itrapdest """ # Example trapdest_dict: # {"ip_address": "10.10.10.12", "community": "cgcs"} itrapdest = None trapdest_create_dict = {} for k, v in trapdest_dict.iteritems(): if k in SNMP_TRAPDEST_CREATION_ATTRIBUTES: trapdest_create_dict[str(k)] = v LOG.info("snmp_trapdest_create driver region={}" "trapdest_create_dict={}".format(self.region_name, trapdest_create_dict)) try: itrapdest = self.client.itrapdest.create(**trapdest_create_dict) except HTTPConflict: LOG.info("snmp_trapdest_create exists region={}" "trapdest_dict={}".format(self.region_name, trapdest_dict)) # Retrieve the existing itrapdest trapdests = self.snmp_trapdest_list() for trapdest in trapdests: if trapdest.ip_address == trapdest_dict.get('ip_address'): LOG.info("snmp_trapdest_create found existing {}" "for region: {}".format(trapdest, self.region_name)) itrapdest = trapdest break except Exception as e: LOG.error("snmp_trapdest_create exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return itrapdest
def snmp_community_create(self, community_dict): """Add the community for this region :param: community_payload dictionary :return: icommunity """ # Example community_dict: {"community": "cgcs"} icommunity = None community_create_dict = {} for k, v in community_dict.iteritems(): if k in SNMP_COMMUNITY_CREATION_ATTRIBUTES: community_create_dict[str(k)] = v LOG.info("snmp_community_create driver region={}" "community_create_dict={}".format(self.region_name, community_create_dict)) try: icommunity = self.client.icommunity.create(**community_create_dict) except HTTPConflict: LOG.info("snmp_community_create exists region={}" "community_dict={}".format(self.region_name, community_dict)) # Retrieve the existing icommunity communitys = self.snmp_community_list() for community in communitys: if community.community == community_dict.get('community'): LOG.info("snmp_community_create found existing {}" "for region: {}".format(community, self.region_name)) icommunity = community break except Exception as e: LOG.error("snmp_community_create exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return icommunity
def update_ptp(self, enabled, mode, transport, mechanism): """Update the ptp configuration for this region :param: enabled :param: mode :param: transport :param: mechanism :return: Nothing """ try: ptp = self.get_ptp() if not ptp: LOG.warn("ptp not found %s" % self.region_name) return ptp if ptp.enabled != (enabled == "True") or \ ptp.mode != mode or \ ptp.transport != transport or \ ptp.mechanism != mechanism: patch = make_sysinv_patch({'enabled': enabled}, {'mode': mode}, {'transport': transport}, {'mechanism': mechanism}) LOG.info("region={} ptp update uuid={} patch={}".format( self.region_name, ptp.uuid, patch)) ptp = self.client.ptp.update(ptp.uuid, patch) else: LOG.info("update_ptp no changes, skip ptp region={} " "update uuid={} enabled={} mode={} " "transport={} mechanism={}".format( self.region_name, ptp.uuid, enabled, mode, transport, mechanism)) except Exception as e: LOG.error("update_ptp exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return ptp
def update_certificate(self, signature, certificate=None, data=None): """Update the certificate for this region :param: signature of the public certificate :param: certificate :param: data :return: icertificate """ LOG.info("update_certificate signature {} data {}".format( signature, data)) if not certificate: tpmconfigs = self.client.tpmconfig.list() if tpmconfigs: LOG.info("region={} no certificates available, " "tpm configured".format(self.region_name)) return if data: data['passphrase'] = None mode = data.get('mode', sysinv_constants.CERT_MODE_SSL) if mode == sysinv_constants.CERT_MODE_SSL_CA: certificate_files = [sysinv_constants.SSL_CERT_CA_FILE] elif mode == sysinv_constants.CERT_MODE_SSL: certificate_files = [sysinv_constants.SSL_PEM_FILE] elif mode == sysinv_constants.CERT_MODE_MURANO_CA: certificate_files = [sysinv_constants.MURANO_CERT_CA_FILE] elif mode == sysinv_constants.CERT_MODE_MURANO: certificate_files = [ sysinv_constants.MURANO_CERT_KEY_FILE, sysinv_constants.MURANO_CERT_FILE ] else: LOG.warn("update_certificate mode {} not supported".format( mode)) return elif signature and signature.startswith( sysinv_constants.CERT_MODE_SSL_CA): data['mode'] = sysinv_constants.CERT_MODE_SSL_CA certificate_files = [sysinv_constants.SSL_CERT_CA_FILE] elif signature and signature.startswith( sysinv_constants.CERT_MODE_SSL): data['mode'] = sysinv_constants.CERT_MODE_SSL certificate_files = [sysinv_constants.SSL_PEM_FILE] elif signature and signature.startswith( sysinv_constants.CERT_MODE_MURANO_CA): data['mode'] = sysinv_constants.CERT_MODE_MURANO_CA certificate_files = [sysinv_constants.MURANO_CERT_CA_FILE] elif signature and signature.startswith( sysinv_constants.CERT_MODE_MURANO + '_'): data['mode'] = sysinv_constants.CERT_MODE_MURANO certificate_files = [ sysinv_constants.MURANO_CERT_KEY_FILE, sysinv_constants.MURANO_CERT_FILE ] else: LOG.warn("update_certificate signature {} " "not supported".format(signature)) return certificate = "" for certificate_file in certificate_files: with open(certificate_file, 'r') as content_file: certificate += content_file.read() LOG.info("update_certificate from shared file {} {}".format( signature, certificate_files)) if (signature and (signature.startswith(sysinv_constants.CERT_MODE_SSL) or (signature.startswith(sysinv_constants.CERT_MODE_TPM)))): # ensure https is enabled isystem = self.client.isystem.list()[0] https_enabled = isystem.capabilities.get('https_enabled', False) if not https_enabled: isystem = self.client.isystem.update( isystem.uuid, [{ "path": "/https_enabled", "value": "true", "op": "replace" }]) LOG.info("region={} enabled https system={}".format( self.region_name, isystem.uuid)) try: icertificate = self.client.certificate.certificate_install( certificate, data) LOG.info("update_certificate region={} signature={}".format( self.region_name, signature)) except Exception as e: LOG.error("update_certificate exception={}".format(e)) raise exceptions.SyncRequestFailedRetry() return icertificate