def ldap_settings_exist(handle, **kwargs):
"""
Checks if the specified LDAP settings are already applied
Args:
handle (ImcHandle)
kwargs: Key-Value paired arguments
Returns:
(True, AaaLdap) if settings match, else (False, None)
Examples:
match, mo = ldap_settings_exist(
handle, enabled=True,
basedn='DC=LAB,DC=cisco,DC=com',
domain='LAB.cisco.com',
timeout=20, group_auth=True,
bind_dn='CN=administrator,CN=Users,DC=LAB,DC=cisco,DC=com',
password='******', ldap_servers=ldap_servers)
"""
mo = _get_mo(handle, dn=LDAP_DN)
params = _get_ldap_params(kwargs)
if not mo.check_prop_match(**params):
return False, None
if _is_valid_arg('ldap_servers', kwargs):
if not _check_ldap_server_match(mo, kwargs.pop('ldap_servers')):
return False, None
if not mo.check_prop_match(**kwargs):
return False, None
return True, mo
def ntp_servers_clear(handle, ntp_servers=[]):
"""
Clears the NTP servers provided in the arguments.
Clears all the NTP servers, only if ntp is disabled.
Args:
handle (ImcHandle)
ntp_servers (list): List of NTP servers in the format
["192.168.1.1", "192.168.1.2"]
Returns:
CommNtpProvider object
"""
mo = _get_mo(handle, dn=NTP_DN)
args = {}
if ntp_servers:
args = {x: "" for x in _NTP_SERVER_LIST if getattr(mo, x) in ntp_servers}
else:
args = {x: "" for x in _NTP_SERVER_LIST}
if mo.ntp_enable.lower() in ["yes", "true"] and len(args) == len(_NTP_SERVER_LIST):
raise ImcOperationError("Clear NTP Servers",
"Cannot clear all NTP servers when NTP is enabled")
mo.set_prop_multiple(**args)
mo.ntp_enable = mo.ntp_enable
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_settings_exist(handle, **kwargs):
"""
Checks if the specified LDAP settings are already applied
Args:
handle (ImcHandle)
kwargs: Key-Value paired arguments
Returns:
(True, AaaLdap) if settings match, else (False, None)
Examples:
match, mo = ldap_settings_exist(
handle, enabled=True,
basedn='DC=LAB,DC=cisco,DC=com',
domain='LAB.cisco.com',
timeout=20, group_auth=True,
bind_dn='CN=administrator,CN=Users,DC=LAB,DC=cisco,DC=com',
password='******', ldap_servers=ldap_servers)
"""
mo = _get_mo(handle, dn=LDAP_DN)
params = _get_ldap_params(kwargs)
if not mo.check_prop_match(**params):
return False, None
if _is_valid_arg('ldap_servers', kwargs):
if not _check_ldap_server_match(mo, kwargs.pop('ldap_servers')):
return False, None
if not mo.check_prop_match(**kwargs):
return False, None
return True, mo
def ldap_certificate_binding_check(handle, user=None, pwd=None, **kwargs):
"""
Tests the LDAP CA certificate binding
Args:
handle (ImcHandle)
user (str): Username for the remote server
pwd (str): Password for the remote server
Returns:
LdapCACertificate object
Examples:
ldap_certificate_binding_check(handle, user='******', pwd='pqrs')
"""
mo = _get_mo(handle, dn='sys/ldap-ext/ldap-ca-cert-mgmt/ldap-ca-cert')
params = {
'user': user,
'pwd': pwd,
'admin_action': 'test-ldap-binding'
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def snmp_user_modify(handle, user_id, **kwargs):
"""
Modifies snmp user. Use this after getting the id from snmp_user_exists
Args:
handle (ImcHandle)
user_id (int) : unique id for the user
kwargs: Key-Value paired arguments relevant to CommSnmpUser object
Returns:
CommSnmpUser: Managed Object
Raises:
ImcOperationError: If user is not present
Example:
snmp_user_modify(handle, user_id=1, name="snmpuser",
security_level="authpriv", auth_pwd="password",
auth="MD5", privacy="AES", privacy_pwd="password")
"""
dn = SNMP_DN + "/snmpv3-user-" + str(user_id)
mo = _get_mo(handle, dn=dn)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ntp_enable(handle, ntp_servers=[]):
"""
Enables NTP and configures the NTP servers provided
Args:
handle (ImcHandle)
ntp_servers (list): List of dictionaries in the format
[{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"}]
Upto 4 ntp servers can be specified.
Returns:
CommNtpProvider object
Example:
ntp_enable(handle,
ntp_servers = [{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"}]
"""
log.warning('IPMI Set SEL Time command will be disabled if NTP is enabled.')
mo = _get_mo(handle, dn=NTP_DN)
mo.ntp_enable = "yes"
_set_ntp_servers(mo, ntp_servers)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def snmp_user_modify(handle, user_id, **kwargs):
"""
Modifies snmp user. Use this after getting the id from snmp_user_exists
Args:
handle (ImcHandle)
user_id (int) : unique id for the user
kwargs: Key-Value paired arguments relevant to CommSnmpUser object
Returns:
CommSnmpUser: Managed Object
Raises:
ImcOperationError: If user is not present
Example:
snmp_user_modify(handle, user_id=1, name="snmpuser",
security_level="authpriv", auth_pwd="password",
auth="MD5", privacy="AES", privacy_pwd="password")
"""
dn = SNMP_DN + "/snmpv3-user-" + str(user_id)
mo = _get_mo(handle, dn=dn)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_certificate_export(handle, remote_server, remote_file,
user=None, pwd=None, protocol='tftp', **kwargs):
"""
Export the LDAP CA certificate from the Cisco IMC to a remote location
Args:
handle (ImcHandle)
remote_server (str): Remote Server IP or Hostname
remote_file (str): Remote file path
user (str): Username for the remote server
pwd (str): Password for the remote server
protocol (str): Protocol for downloading the certificate
['tftp', 'ftp', 'http', 'scp', 'sftp']
kwargs: Key-Value paired arguments for future use
Returns:
ExportLdapCACertificate object
Examples:
ldap_certificate_export(handle, user='******', pwd='pqrs',
remote_server='1.1.1.1', remote_file='/tmp/cert', protocol='scp')
"""
mo = _get_mo(handle, dn='sys/ldap-ext/ldap-ca-cert-mgmt/ldap-ca-cert-export')
params = {
'user': user,
'pwd': pwd,
'remote_server': remote_server,
'remote_file': remote_file,
'protocol': protocol
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def snmp_trap_remove(handle, trap_id):
"""
Modifies snmp trap.
Args:
handle (ImcHandle)
trap_id (int): Trap id
Returns:
None
Raises:
ImcOperationError if trap not found
Example:
snmp_trap_remove(handle, trap_id=6)
"""
from imcsdk.mometa.comm.CommSnmpTrap import CommSnmpTrapConsts
dn = SNMP_DN + '/snmp-trap-' + str(trap_id)
mo = _get_mo(handle, dn=dn)
mo.admin_state = CommSnmpTrapConsts.ADMIN_STATE_DISABLED
mo.admin_action = CommSnmpTrapConsts.ADMIN_ACTION_CLEAR
handle.set_mo(mo)
def ntp_enable(handle, ntp_servers=[]):
"""
Enables NTP and configures the NTP servers provided
Args:
handle (ImcHandle)
ntp_servers (list): List of dictionaries in the format
[{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"}]
Upto 4 ntp servers can be specified.
Returns:
CommNtpProvider object
Example:
ntp_enable(handle,
ntp_servers = [{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"}]
"""
log.warning('IPMI Set SEL Time command will disable if NTP is enabled.')
mo = _get_mo(handle, dn=NTP_DN)
mo.ntp_enable = "yes"
_set_ntp_servers(mo, ntp_servers)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ntp_setting_exists(handle, **kwargs):
"""
Check if the specified NTP settings are already applied
Args:
handle (ImcHandle)
kwargs: key-value paired arguments
Returns:
(True, CommNtpProvider) if settings match, (False, None) otherwise
"""
mo = _get_mo(handle, dn=NTP_DN)
if mo is None:
return False, None
kwargs['ntp_enable'] = "yes"
if _is_valid_arg("ntp_servers", kwargs):
args = _get_ntp_servers(kwargs['ntp_servers'])
del kwargs['ntp_servers']
kwargs.update(args)
if not mo.check_prop_match(**kwargs):
return False, mo
return True, mo
def snmp_trap_modify(handle, trap_id, **kwargs):
"""
Modifies snmp trap referred to by id
Args:
handle (ImcHandle)
trap_id (int) : Range is (1,15)
kwargs : Key-Value paired arguments relevant to CommSnmpTrap object
Returns:
CommSnmpTrap: Managed Object
Raises:
ImcOperationError if trap not found
Example:
snmp_trap_modify(handle, id="5", hostname="10.10.10.10",
port="162",
version="v3",
notification_type="traps",
user="******")
"""
dn = SNMP_DN + '/snmp-trap-' + str(trap_id)
mo = _get_mo(handle, dn=dn)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ntp_servers_clear(handle, ntp_servers=[]):
"""
Clears the NTP servers provided in the arguments.
Clears all the NTP servers, only if ntp is disabled.
Args:
handle (ImcHandle)
ntp_servers (list): List of NTP servers in the format
["192.168.1.1", "192.168.1.2"]
Returns:
CommNtpProvider object
"""
mo = _get_mo(handle, dn=NTP_DN)
args = {}
if ntp_servers:
args = {
x: ""
for x in _NTP_SERVER_LIST if getattr(mo, x) in ntp_servers
}
else:
args = {x: "" for x in _NTP_SERVER_LIST}
if mo.ntp_enable.lower() in ["yes", "true"] and \
len(args) == len(_NTP_SERVER_LIST):
raise ImcOperationError(
"Clear NTP Servers",
"Cannot clear all NTP servers when NTP is enabled")
mo.set_prop_multiple(**args)
mo.ntp_enable = mo.ntp_enable
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def snmp_trap_modify(handle, trap_id, **kwargs):
"""
Modifies snmp trap referred to by id
Args:
handle (ImcHandle)
trap_id (int) : Range is (1,15)
kwargs : Key-Value paired arguments relevant to CommSnmpTrap object
Returns:
CommSnmpTrap: Managed Object
Raises:
ImcOperationError if trap not found
Example:
snmp_trap_modify(handle, id="5", hostname="10.10.10.10",
port="162",
version="v3",
notification_type="traps",
user="******")
"""
dn = SNMP_DN + '/snmp-trap-' + str(trap_id)
mo = _get_mo(handle, dn=dn)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ssh_enable(handle, port=None, session_timeout=None, **kwargs):
"""
Enables ssh Policy and sets the given properties
Args:
handle (ImcHandle)
port (int): Port number used by SSH
session_timeout (int): No of seconds to wait before the system considers a SSH request to have timed out
kwargs: key-value paired arguments for future use
Returns:
CommSsh object
Raises:
ImcOperationError if the CommSsh Mo is not present
Example:
ssh_enable(handle, 22, 120)
"""
from imcsdk.mometa.comm.CommSsh import CommSshConsts
mo = _get_mo(handle, dn=_SSH_DN)
params = {
'admin_state': CommSshConsts.ADMIN_STATE_ENABLED,
'port': str(port) if port else None,
'session_timeout': str(session_timeout) if session_timeout else None
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return mo
def ntp_servers_modify(handle, ntp_servers=[]):
"""
Modifies the configured NTP servers
Args:
handle (ImcHandle)
ntp_servers (list): List of dictionaries in the format
[{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"}]
Upto 4 ntp servers can be specified.
Returns:
CommNtpProvider object
Example:
ntp_servers_modify(handle,
ntp_servers = [{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"},
{"id": 3, "ip": ""}]
"""
# While sending the modified list of servers, it is imperative to send
# ntp_enable property in the request.
# Hence, query the MO and reassign the same value to ntp_enable
mo = _get_mo(handle, dn=NTP_DN)
mo.ntp_enable = mo.ntp_enable
_set_ntp_servers(mo, ntp_servers)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ssh_enable(handle, port=None, session_timeout=None, **kwargs):
"""
Enables ssh Policy and sets the given properties
Args:
handle (ImcHandle)
port (int): Port number used by SSH
session_timeout (int): No of seconds to wait before the system considers a SSH request to have timed out
kwargs: key-value paired arguments for future use
Returns:
CommSsh object
Raises:
ImcOperationError if the CommSsh Mo is not present
Example:
ssh_enable(handle, 22, 120)
"""
from imcsdk.mometa.comm.CommSsh import CommSshConsts
mo = _get_mo(handle, dn=_SSH_DN)
params = {
'admin_state': CommSshConsts.ADMIN_STATE_ENABLED,
'port': str(port) if port else None,
'session_timeout': str(session_timeout) if session_timeout else None
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return mo
def snmp_trap_remove(handle, trap_id):
"""
Modifies snmp trap.
Args:
handle (ImcHandle)
trap_id (int): Trap id
Returns:
None
Raises:
ImcOperationError if trap not found
Example:
snmp_trap_remove(handle, trap_id=6)
"""
from imcsdk.mometa.comm.CommSnmpTrap import CommSnmpTrapConsts
dn = SNMP_DN + '/snmp-trap-' + str(trap_id)
mo = _get_mo(handle, dn=dn)
mo.admin_state = CommSnmpTrapConsts.ADMIN_STATE_DISABLED
mo.admin_action = CommSnmpTrapConsts.ADMIN_ACTION_CLEAR
handle.set_mo(mo)
def ntp_setting_exists(handle, **kwargs):
"""
Check if the specified NTP settings are already applied
Args:
handle (ImcHandle)
kwargs: key-value paired arguments
Returns:
(True, CommNtpProvider) if settings match, (False, None) otherwise
"""
mo = _get_mo(handle, dn=NTP_DN)
if mo is None:
return False, None
kwargs['ntp_enable'] = "yes"
if _is_valid_arg("ntp_servers", kwargs):
args = _get_ntp_servers(kwargs['ntp_servers'])
del kwargs['ntp_servers']
kwargs.update(args)
if not mo.check_prop_match(**kwargs):
return False, None
return True, mo
def ntp_servers_modify(handle, ntp_servers=[]):
"""
Modifies the configured NTP servers
Args:
handle (ImcHandle)
ntp_servers (list): List of dictionaries in the format
[{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"}]
Upto 4 ntp servers can be specified.
Returns:
CommNtpProvider object
Example:
ntp_servers_modify(handle,
ntp_servers = [{"id": 1, "ip": "192.168.1.1"},
{"id": 2, "ip": "192.168.1.2"},
{"id": 3, "ip": ""}]
"""
# While sending the modified list of servers, it is imperative to send
# ntp_enable property in the request.
# Hence, query the MO and reassign the same value to ntp_enable
mo = _get_mo(handle, dn=NTP_DN)
mo.ntp_enable = mo.ntp_enable
_set_ntp_servers(mo, ntp_servers)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_certificate_binding_check(handle, user=None, pwd=None, **kwargs):
"""
Tests the LDAP CA certificate binding
Args:
handle (ImcHandle)
user (str): Username for the remote server
pwd (str): Password for the remote server
Returns:
LdapCACertificate object
Examples:
ldap_certificate_binding_check(handle, user='******', pwd='pqrs')
"""
mo = _get_mo(handle, dn='sys/ldap-ext/ldap-ca-cert-mgmt/ldap-ca-cert')
params = {
'user': user,
'pwd': pwd,
'admin_action': 'test-ldap-binding'
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_certificate_export(handle, remote_server, remote_file,
user=None, pwd=None, protocol='tftp', **kwargs):
"""
Export the LDAP CA certificate from the Cisco IMC to a remote location
Args:
handle (ImcHandle)
remote_server (str): Remote Server IP or Hostname
remote_file (str): Remote file path
user (str): Username for the remote server
pwd (str): Password for the remote server
protocol (str): Protocol for downloading the certificate
['tftp', 'ftp', 'http', 'scp', 'sftp']
kwargs: Key-Value paired arguments for future use
Returns:
ExportLdapCACertificate object
Examples:
ldap_certificate_export(handle, user='******', pwd='pqrs',
remote_server='1.1.1.1', remote_file='/tmp/cert', protocol='scp')
"""
mo = _get_mo(handle,
dn='sys/ldap-ext/ldap-ca-cert-mgmt/ldap-ca-cert-export')
params = {
'user': user,
'pwd': pwd,
'remote_server': remote_server,
'remote_file': remote_file,
'protocol': protocol
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_certificate_management_exists(handle):
"""
Checks if LDAP certificate management is enabled
Args:
handle (ImcHandle)
Returns:
bool
"""
mo = _get_mo(handle, dn="sys/ldap-ext/ldap-ca-cert-mgmt")
return mo.binding_certificate.lower() == "enabled"
def is_ntp_enabled(handle):
"""
Check if NTP is enabled
Args:
handle (ImcHandle)
Returns:
bool
"""
mo = _get_mo(handle, dn=NTP_DN)
return (mo.ntp_enable.lower() in ["true", "yes"])
def is_ntp_enabled(handle):
"""
Check if NTP is enabled
Args:
handle (ImcHandle)
Returns:
bool
"""
mo = _get_mo(handle, dn=NTP_DN)
return (mo.ntp_enable.lower() in ["true", "yes"])
def is_ldap_certificate_management_enabled(handle):
"""
Checks if LDAP certificate management is enabled
Args:
handle (ImcHandle)
Returns:
bool
"""
mo = _get_mo(handle, dn="sys/ldap-ext/ldap-ca-cert-mgmt")
return mo.binding_certificate.lower() == "enabled"
def snmp_enable(handle,
community=None,
privilege="disabled",
trap_community=None,
sys_contact=None,
sys_location=None,
port="161",
**kwargs):
"""
Enables SNMP.
Args:
handle (ImcHandle)
community (string): community
privilege (string): "disabled", "limited", "full"
trap_community(string): community to be used when generating traps
sys_contact (string): sys_contact
sys_location (string): sys_location
port (string): port on which SNMP agent runs
kwargs: key-value paired arguments for future use
Returns:
CommSnmp: Managed object
Raises:
ImcOperationError: If CommSnmp Mo is not present
Example:
mo = snmp_enable(handle,
community="username",
sys_contact="user contact",
sys_location="user location")
"""
from imcsdk.mometa.comm.CommSnmp import CommSnmpConsts
mo = _get_mo(handle, dn=SNMP_DN)
params = {
'admin_state': CommSnmpConsts.ADMIN_STATE_ENABLED,
'community': community,
'com2_sec': privilege,
'trap_community': trap_community,
'sys_contact': sys_contact,
'sys_location': sys_location,
'port': port,
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_certificate_management_disable(handle):
"""
Disables ldap certificate management
Args:
handle (ImcHandle)
Returns:
LdapCACertificateManagement object
"""
mo = _get_mo(handle, dn="sys/ldap-ext/ldap-ca-cert-mgmt")
mo.binding_certificate = "disabled"
handle.set_mo(mo)
return mo
def ldap_certificate_management_disable(handle):
"""
Disables ldap certificate management
Args:
handle (ImcHandle)
Returns:
LdapCACertificateManagement object
"""
mo = _get_mo(handle, dn="sys/ldap-ext/ldap-ca-cert-mgmt")
mo.binding_certificate = "disabled"
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def is_snmp_enabled(handle):
"""
Checks if snmp is enabled or not
Args:
handle (ImcHandle)
Returns:
bool
"""
from imcsdk.mometa.comm.CommSnmp import CommSnmpConsts
mo = _get_mo(handle, dn=SNMP_DN)
return (mo.admin_state == CommSnmpConsts.ADMIN_STATE_ENABLED)
def snmp_enable(handle, port=None, community=None,
com2_sec=None, trap_community=None,
sys_contact=None, sys_location=None,
engine_id_key=None, **kwargs):
"""
Enables SNMP.
Args:
handle (ImcHandle)
port (int): port on which SNMP agent runs
community (string): community
com2_sec (string): "disabled", "limited", "full"
trap_community(string): community to be used when generating traps
sys_contact (string): sys_contact
sys_location (string): sys_location
engine_id_key (string): engine id key
kwargs: key-value paired arguments for future use
Returns:
CommSnmp: Managed object
Raises:
ImcOperationError: If CommSnmp Mo is not present
Example:
mo = snmp_enable(handle,
community="username",
sys_contact="user contact",
sys_location="user location")
"""
from imcsdk.mometa.comm.CommSnmp import CommSnmpConsts
mo = _get_mo(handle, dn=SNMP_DN)
params = {
'admin_state': CommSnmpConsts.ADMIN_STATE_ENABLED,
'port': str(port) if port is not None else None,
'community': community,
'com2_sec': com2_sec,
'trap_community': trap_community,
'sys_contact': sys_contact,
'sys_location': sys_location,
'engine_id_key': engine_id_key
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return mo
def is_ldap_enabled(handle):
"""
Checks if LDAP is enabled
Args:
handle (ImcHandle)
Returns:
bool
Examples:
is_ldap_enabled(handle)
"""
mo = _get_mo(handle, dn=LDAP_DN)
return mo.admin_state.lower() == "enabled"
def is_ldap_enabled(handle):
"""
Checks if LDAP is enabled
Args:
handle (ImcHandle)
Returns:
bool
Examples:
is_ldap_enabled(handle)
"""
mo = _get_mo(handle, dn=LDAP_DN)
return mo.admin_state.lower() == "enabled"
def ntp_disable(handle):
"""
Disables NTP
Args:
handle (ImcHandle)
Returns:
CommNtpProvider object
"""
log.warning('Disabling NTP may cause Cisco IMC to lose timesync with server/s')
mo = _get_mo(handle, dn=NTP_DN)
mo.ntp_enable = "no"
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_role_group_create(handle, domain, name, role='read-only', **kwargs):
"""
Creates an LDAP role group
Args:
handle (ImcHandle)
domain (str): The LDAP server domain the group resides in.
name (str): The name of the group in the LDAP server database.
role (str): The role assigned to all users in this LDAP server group.
['read-only', 'user', 'admin']
kwargs: Key-Value paired arguments for future use
Raises:
ImcOperationError if LDAP is not enabled or
LDAP group authorization is not enabled
Returns:
AaaLdapRoleGroup object
Examples:
ldap_role_group_create(handle, domain='abcd.pqrs.com', name='abcd', role='user')
"""
ldap_mo = _get_mo(handle, dn=LDAP_DN)
if ldap_mo.admin_state.lower() != "enabled" or ldap_mo.group_auth.lower(
) != "enabled":
raise ImcOperationError(
"LDAP Role Group Create",
"Either of LDAP or LDAP group auth is not enabled")
match, mo = ldap_role_group_exists(handle,
domain=domain,
name=name,
role=role)
if match:
log.info("LDAP Role Group with domain:%s name:%s exists" %
(domain, name))
return mo
free_id = _get_free_ldap_role_group_id(handle)
mo = AaaLdapRoleGroup(parent_mo_or_dn=LDAP_DN, id=free_id)
mo.domain = domain
mo.name = name
mo.role = role
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def smtp_disable(handle):
"""
Disable SMTP Settings
Args:
handle (ImcHandle)
Raises:
ImcOperationError
Returns:
CommMailAlert object
"""
mo = _get_mo(handle, dn=_SMTP_DN)
mo.admin_state = 'disabled'
handle.set_mo(mo)
return mo
def smtp_disable(handle):
"""
Disable SMTP Settings
Args:
handle (ImcHandle)
Raises:
ImcOperationError
Returns:
CommMailAlert object
"""
mo = _get_mo(handle, dn=_SMTP_DN)
mo.admin_state = 'disabled'
handle.set_mo(mo)
return mo
def ntp_disable(handle):
"""
Disables NTP
Args:
handle (ImcHandle)
Returns:
CommNtpProvider object
"""
log.warning(
'Disabling NTP may cause Cisco IMC to lose timesync with server/s')
mo = _get_mo(handle, dn=NTP_DN)
mo.ntp_enable = "no"
handle.set_mo(mo)
return mo
def ldap_disable(handle):
"""
Disables the ldap settings
Args:
handle (ImcHandle)
Returns:
AaaLdap Managed Object
Examples:
ldap_disable(handle)
"""
mo = _get_mo(handle, dn=LDAP_DN)
mo.admin_state = "disabled"
handle.set_mo(mo)
return mo
def adaptor_unit_get(handle, adaptor_slot, server_id=1, **kwargs):
"""
This method fetches the adaptorUnit Managed Object for the specified
adaptor Slot on a server.
Args:
handle (ImcHandle)
adaptor_slot (string): PCI slot number of the adaptor
server_id (int): Server Id for C3260 platforms
kwargs: key=value paired arguments
Returns:
AdaptorUnit object
Examples:
adaptor_unit_get(handle, adaptor_slot=1, server_id=1)
"""
return _get_mo(handle, dn=_get_adaptor_dn(handle, adaptor_slot, server_id))
def ldap_disable(handle):
"""
Disables the ldap settings
Args:
handle (ImcHandle)
Returns:
AaaLdap Managed Object
Examples:
ldap_disable(handle)
"""
mo = _get_mo(handle, dn=LDAP_DN)
mo.admin_state = "disabled"
handle.set_mo(mo)
return mo
def snmp_exists(handle, **kwargs):
"""
Checks if snmp is enabled or not
Args:
handle (ImcHandle)
kwargs: Key-Value paired arguments relevant to CommSnmp object
Returns:
True/false, CommSnmp MO/None
Example:
snmp_exists(handle)
"""
from imcsdk.mometa.comm.CommSnmp import CommSnmpConsts
mo = _get_mo(handle, dn=SNMP_DN)
kwargs['admin_state'] = CommSnmpConsts.ADMIN_STATE_ENABLED
return mo.check_prop_match(**kwargs), mo
def ldap_exists(handle, change_password=False, **kwargs):
"""
Checks if the specified LDAP settings are already applied
Args:
handle (ImcHandle)
kwargs: Key-Value paired arguments
Returns:
(True, AaaLdap) if settings match, else (False, None)
Examples:
match, mo = ldap_exists(
handle, enabled=True,
basedn='DC=LAB,DC=cisco,DC=com',
domain='LAB.cisco.com',
timeout=20, group_auth=True,
bind_dn='CN=administrator,CN=Users,DC=LAB,DC=cisco,DC=com',
password='******', ldap_servers=ldap_servers)
"""
mo = _get_mo(handle, dn=LDAP_DN)
if mo is None:
return False, None
if _is_valid_arg('ldap_servers', kwargs):
if not _check_ldap_server_match(mo, kwargs.pop('ldap_servers')):
return False, mo
if 'password' in kwargs and not change_password:
kwargs.pop('password', None)
if 'dns_search_domain' in kwargs and kwargs['dns_search_domain'] == "":
kwargs.pop('dns_search_domain', None)
if 'dns_search_forest' in kwargs and kwargs['dns_search_forest'] == "":
kwargs.pop('dns_search_forest', None)
kwargs['admin_state'] = 'enabled'
if not mo.check_prop_match(**kwargs):
return False, mo
return True, mo
def ldap_certificate_delete(handle):
"""
Deletes the LDAP CA certificate
Args:
handle (ImcHandle)
user (str): Username for the remote server
pwd (str): Password for the remote server
Returns:
LdapCACertificate object
Examples:
ldap_certificate_delete(handle)
"""
mo = _get_mo(handle, dn='sys/ldap-ext/ldap-ca-cert-mgmt/ldap-ca-cert')
mo.admin_action = 'delete-ca-certificate'
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def ldap_certificate_delete(handle):
"""
Deletes the LDAP CA certificate
Args:
handle (ImcHandle)
user (str): Username for the remote server
pwd (str): Password for the remote server
Returns:
LdapCACertificate object
Examples:
ldap_certificate_delete(handle)
"""
mo = _get_mo(handle, dn='sys/ldap-ext/ldap-ca-cert-mgmt/ldap-ca-cert')
mo.admin_action = 'delete-ca-certificate'
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def smtp_enable(handle,
ip_address=None,
port=None,
min_severity_level=None,
**kwargs):
"""
Enables SMTP Policy and sets the given properties
Args:
handle (ImcHandle)
ip_address (str): Ip Address of the SMTP server
port (int): Port number of the SMTP server
min_severity_level (str): Minimum fault severity level
Valid values: "condition", "critical", "major", "minor", "warning"
kwargs: key-value paired arguments for future use
Returns:
CommMailAlert object
Raises:
ImcOperationError if the severity level is not correct
Example:
smtp_enable(handle, '10.105.110.219', 25, 'minor')
"""
if min_severity_level and not _is_valid_severity_level(min_severity_level):
raise ImcOperationError(
'Configure SMTP Policy',
'Invalid severity level %s ' % min_severity_level)
mo = _get_mo(handle, dn=_SMTP_DN)
params = {
'admin_state': 'enabled',
'ip_address': ip_address,
'port': str(port) if port is not None else None,
'min_severity_level': min_severity_level
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return mo
def ldap_role_group_create(handle, domain, name, role='read-only', **kwargs):
"""
Creates an LDAP role group
Args:
handle (ImcHandle)
domain (str): The LDAP server domain the group resides in.
name (str): The name of the group in the LDAP server database.
role (str): The role assigned to all users in this LDAP server group.
['read-only', 'user', 'admin']
kwargs: Key-Value paired arguments for future use
Raises:
ImcOperationError if LDAP is not enabled or
LDAP group authorization is not enabled
Returns:
AaaLdapRoleGroup object
Examples:
ldap_role_group_create(handle, domain='abcd.pqrs.com', name='abcd', role='user')
"""
ldap_mo = _get_mo(handle, dn=LDAP_DN)
if ldap_mo.admin_state.lower() != "enabled" or ldap_mo.group_auth.lower() != "enabled":
raise ImcOperationError("LDAP Role Group Create",
"Either of LDAP or LDAP group auth is not enabled")
match, mo = ldap_role_group_exists(handle, domain=domain, name=name, role=role)
if match:
log.info("LDAP Role Group with domain:%s name:%s exists" % (domain, name))
return mo
free_id = _get_free_ldap_role_group_id(handle)
mo = AaaLdapRoleGroup(parent_mo_or_dn=LDAP_DN, id=free_id)
mo.domain = domain
mo.name = name
mo.role = role
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return handle.query_dn(mo.dn)
def smtp_exists(handle, **kwargs):
"""
Check whether the specified SMTP settings already exist
Args:
handle (ImcHandle)
kwargs: key-value paired arguments
Returns:
(True, CommMailAlert) if settings match, (False, None) otherwise
"""
try:
mo = _get_mo(handle, dn=_SMTP_DN)
except:
return False, None
kwargs['admin_state'] = 'enabled'
if not mo.check_prop_match(**kwargs):
return False, mo
return True, None
def smtp_exists(handle, **kwargs):
"""
Check whether the specified SMTP settings already exist
Args:
handle (ImcHandle)
kwargs: key-value paired arguments
Returns:
(True, CommMailAlert) if settings match, (False, None) otherwise
"""
try:
mo = _get_mo(handle, dn=_SMTP_DN)
except:
return False, None
kwargs['admin_state'] = 'enabled'
if not mo.check_prop_match(**kwargs):
return False, mo
return True, None
def ip_blocking_exists(handle, **kwargs):
"""
Checks if IP blocking settings match according to the parameters specified.
Args:
handle (ImcHandle)
kwargs: Key-Value paired arguments relevant to IpBlocking object
Returns:
(True, IpBlocking object) if exists, else (False, None)
Examples:
ip_blocking_exists(handle, fail_count='6',
fail_window='120', penalty_time='800')
"""
mo = IpBlocking(parent_mo_or_dn=_get_mgmt_if_dn(handle))
mo = _get_mo(handle, dn=mo.dn)
if mo.check_prop_match(**kwargs):
return (True, mo)
return (False, None)
def adaptor_properties_get(handle, adaptor_slot, server_id=1, **kwargs):
"""
This method is used to get the vic adaptor properties
Args:
handle (ImcHandle)
adaptor_slot (string): PCI slot of the vic adaptor
server_id (int): Server Id to be specified for C3260 platforms
kwargs: key=value paired arguments
Examples:
For non-3x60 platforms:-
adaptor_properties_get(handle, adaptor_slot="1")
For 3x60 platforms:-
adaptor_properties_get(handle, adaptor_slot="1", server_id=1)
Returns:
AdaptorGenProfile object
"""
dn = _get_adaptor_dn(handle, adaptor_slot, server_id) + "/general"
return _get_mo(handle, dn=dn)
def snmp_disable(handle):
"""
Disables SNMP.
Args:
handle (ImcHandle)
Returns:
CommSnmp: Managed Object
Raises:
ValueError: If CommSnmp Mo is not present
Example:
snmp_disable(handle)
"""
from imcsdk.mometa.comm.CommSnmp import CommSnmpConsts
mo = _get_mo(handle, dn=SNMP_DN)
mo.admin_state = CommSnmpConsts.ADMIN_STATE_DISABLED
handle.set_mo(mo)
return mo
def ip_blocking_exists(handle, **kwargs):
"""
Checks if IP blocking settings match according to the parameters specified.
Args:
handle (ImcHandle)
kwargs: Key-Value paired arguments relevant to IpBlocking object
Returns:
(True, IpBlocking object) if exists, else (False, None)
Examples:
ip_blocking_exists(handle, fail_count='6',
fail_window='120', penalty_time='800')
"""
mo = IpBlocking(parent_mo_or_dn=_get_mgmt_if_dn(handle))
mo = _get_mo(handle, dn=mo.dn)
if mo.check_prop_match(**kwargs):
return (True, mo)
return (False, None)
def smtp_enable(handle, ip_address=None, port=None, min_severity_level=None,
**kwargs):
"""
Enables SMTP Policy and sets the given properties
Args:
handle (ImcHandle)
ip_address (str): Ip Address of the SMTP server
port (int): Port number of the SMTP server
min_severity_level (str): Minimum fault severity level
Valid values: "condition", "critical", "major", "minor", "warning"
kwargs: key-value paired arguments for future use
Returns:
CommMailAlert object
Raises:
ImcOperationError if the severity level is not correct
Example:
smtp_enable(handle, '10.105.110.219', 25, 'minor')
"""
if min_severity_level and not _is_valid_severity_level(min_severity_level):
raise ImcOperationError(
'Configure SMTP Policy',
'Invalid severity level %s ' % min_severity_level)
mo = _get_mo(handle, dn=_SMTP_DN)
params = {
'admin_state': 'enabled',
'ip_address': ip_address,
'port': str(port) if port is not None else None,
'min_severity_level': min_severity_level
}
mo.set_prop_multiple(**params)
mo.set_prop_multiple(**kwargs)
handle.set_mo(mo)
return mo
def ssh_exists(handle, **kwargs):
"""
Checks if ssh is enabled or not
Args:
handle (ImcHandle)
kwargs: Key-Value paired arguments relevant to CommSsh object
Returns:
True/false, CommSsh MO/None
Example:
ssh_exists(handle)
"""
from imcsdk.mometa.comm.CommSsh import CommSshConsts
try:
mo = _get_mo(handle, dn=_SSH_DN)
except:
return False, None
kwargs['admin_state'] = CommSshConsts.ADMIN_STATE_ENABLED
return mo.check_prop_match(**kwargs), mo
def snmp_user_delete_all(handle):
"""
delete all snmp users.
Args:
handle (ImcHandle)
Returns:
None
Raises:
ImcOperationError: If user is not present
Example:
snmp_user_delete_all(handle)
"""
from imcsdk.mometa.comm.CommSnmpUser import CommSnmpUserConsts
from imcsdk.mometa.comm.CommSnmp import CommSnmpConsts
api = 'snmp_user_delete_all'
parent_mo = _get_mo(handle, dn=SNMP_DN)
if parent_mo.admin_state != CommSnmpConsts.ADMIN_STATE_ENABLED:
raise ImcOperationError(api, 'SNMP is not enabled.')
mos = []
users = _get_snmp_users(handle)
for user in users:
if user.name == "":
continue
user.admin_action = CommSnmpUserConsts.ADMIN_ACTION_CLEAR
mos.append(user)
response = handle.set_mos(mos)
if response:
process_conf_mos_response(response, api)
def ntp_setting_exists(handle, **kwargs):
"""
Check if the specified NTP settings are already applied
Args:
handle (ImcHandle)
kwargs: key-value paired arguments
Returns:
(True, CommNtpProvider) if settings match, (False, None) otherwise
"""
ntp_mo = _get_mo(handle, dn=NTP_DN)
if _is_valid_arg("ntp_enable", kwargs):
if ntp_mo.ntp_enable != kwargs.get("ntp_enable"):
return False, None
if _is_valid_arg("ntp_servers", kwargs):
mo = CommNtpProvider(parent_mo_or_dn=COMM_EXT_DN)
_set_ntp_servers(mo, kwargs.get("ntp_servers"))
if not _check_ntp_server_match(ntp_mo, mo):
return False, None
return True, ntp_mo