def convert_ns_service(self, ns_service, ns_servers, ns_dns):
"""
This function defines that convert netscalar backend servers of service
:param ns_service: Object of service
:param ns_servers: List of servers are to be bind to service
:param ns_dns: List of dns add rec
:return: Return the servers
"""
attrs = ns_service.get('attrs')
server = ns_servers.get(attrs[1])
if not server:
return []
ns_add_server_command = 'add server'
status = ns_util.get_conv_status(
server, self.nsservice_server_skip, [], [],
user_ignore_val=self.nsservice_server_user_ignore)
ns_add_server_complete_command = \
ns_util.get_netscalar_full_command(ns_add_server_command, server)
ip_addr = server['attrs'][1]
enabled = True
state = server.get('state', 'ENABLED')
if not state == 'ENABLED':
enabled = False
port = attrs[3]
if port in ("*", "0"):
port = "1"
ip_addr = str(ip_addr).lower()
if ip_addr in ns_dns:
if isinstance(ns_dns[ip_addr], list):
ip_addr = ns_dns[ip_addr][0]['attrs'][1]
elif isinstance(ns_dns[ip_addr], dict):
ip_addr = ns_dns[ip_addr]['attrs'][1]
matches = re.findall('[0-9]+.[[0-9]+.[0-9]+.[0-9]+', ip_addr)
if not matches:
# Skipped this server if it does not have an Ip
ns_util.add_status_row(
server['line_no'], ns_add_server_command, server['attrs'][0],
ns_add_server_complete_command, STATUS_INCOMPLETE_CONFIGURATION)
LOG.warning('Not found IP of server : %s' %
ns_add_server_complete_command)
return []
server_obj = {
'ip': {
'addr': ip_addr,
'type': 'V4'
},
'port': port,
'enabled': enabled
}
# Successful this server if it has an IP
ns_util.add_conv_status(
server['line_no'], ns_add_server_command, server['attrs'][0],
ns_add_server_complete_command, status, server_obj)
return server_obj
def convert(self, monitor_config, input_dir=''):
"""
This functions defines that convert health monitor
:param ns_config: Dict of netscalar commands
:param avi_config: Dict of AVI
:param input_dir: Input dir for command_code
:param tenant_ref: Tenant
:param cloud_ref: Cloud ref
:return: None
"""
netscalar_command = 'add lb monitor'
LOG.debug("Conversion started for Health Monitors")
supported_types = ['PING', 'TCP', 'HTTP', 'DNS', 'USER', 'HTTP-ECV']
ns_monitor_complete_command = \
ns_util.get_netscalar_full_command(netscalar_command,
monitor_config)
ns_monitor_type = monitor_config['attrs'][1]
name = monitor_config['attrs'][0]
if ns_monitor_type not in supported_types:
# Skipped health monitor if type is not supported
ns_util.add_status_row(monitor_config['line_no'],
netscalar_command, name,
ns_monitor_complete_command,
STATUS_EXTERNAL_MONITOR)
LOG.warning('Monitor type %s not supported skipped:%s' %
(ns_monitor_type, name))
return
gslb_monitor = self.convert_monitor(monitor_config, input_dir,
netscalar_command,
ns_monitor_complete_command)
if not gslb_monitor:
return
# Add summery of this lb vs in CSV/report
conv_status = ns_util.get_conv_status(
monitor_config,
self.monitor_skip_attrs,
self.monitor_na_attrs,
self.monitor_indirect_list,
ignore_for_val=self.monitor_ignore_vals)
ns_util.add_conv_status(monitor_config['line_no'], netscalar_command,
name, ns_monitor_complete_command, conv_status,
gslb_monitor)
# avi_config['HealthMonitor'].append(avi_monitor)
LOG.debug("Health monitor conversion completed : %s" % name)
return gslb_monitor
def convert(self, monitor_config, input_dir=''):
"""
This functions defines that convert health monitor
:param ns_config: Dict of netscalar commands
:param avi_config: Dict of AVI
:param input_dir: Input dir for command_code
:param tenant_ref: Tenant
:param cloud_ref: Cloud ref
:return: None
"""
netscalar_command = 'add lb monitor'
LOG.debug("Conversion started for Health Monitors")
supported_types = ['PING', 'TCP', 'HTTP', 'DNS', 'USER', 'HTTP-ECV']
ns_monitor_complete_command = \
ns_util.get_netscalar_full_command(netscalar_command,
monitor_config)
ns_monitor_type = monitor_config['attrs'][1]
name = monitor_config['attrs'][0]
if ns_monitor_type not in supported_types:
# Skipped health monitor if type is not supported
ns_util.add_status_row(monitor_config['line_no'], netscalar_command,
name, ns_monitor_complete_command,
STATUS_EXTERNAL_MONITOR)
LOG.warning('Monitor type %s not supported skipped:%s' %
(ns_monitor_type, name))
return
gslb_monitor = self.convert_monitor(monitor_config, input_dir,
netscalar_command,
ns_monitor_complete_command)
if not gslb_monitor:
return
# Add summery of this lb vs in CSV/report
conv_status = ns_util.get_conv_status(
monitor_config, self.monitor_skip_attrs, self.monitor_na_attrs,
self.monitor_indirect_list,
ignore_for_val=self.monitor_ignore_vals)
ns_util.add_conv_status(monitor_config['line_no'], netscalar_command,
name, ns_monitor_complete_command,
conv_status, gslb_monitor)
# avi_config['HealthMonitor'].append(avi_monitor)
LOG.debug("Health monitor conversion completed : %s" % name)
return gslb_monitor
def convert_ssl_profile(self, profile):
"""
This function defines that convert ssl profile
:param profile: Object of ssl profile
:return: ssl profile
"""
avi_ssl_prof = dict()
netscalar_cmd = 'add ssl profile'
profile_name = re.sub('[:]', '-', profile['attrs'][0])
# Added prefix for objects
if self.prefix:
profile_name = self.prefix + '-' + profile_name
avi_ssl_prof['name'] = profile_name
avi_ssl_prof['tenant_ref'] = self.tenant_ref
scn = profile.get('sendCloseNotify', 'NO')
scn = True if scn == 'YES' else False
avi_ssl_prof['send_close_notify'] = scn
accepted_versions = []
if profile.get('tls1', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1"})
if profile.get('tls11', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1_1"})
if profile.get('tls12', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1_2"})
avi_ssl_prof["accepted_versions"] = accepted_versions
conv_status = ns_util.get_conv_status(
profile,
self.profile_ssl_prof_skip,
self.profile_ssl_prof_indirect,
self.profile_ssl_prof_na,
user_ignore_val=self.profile_ssl_prof_user_ignore)
ns_full_cmd = ns_util.get_netscalar_full_command(
netscalar_cmd, profile)
# Add summery in CSV/report for ssl profile
ns_util.add_conv_status(profile['line_no'], netscalar_cmd,
profile['attrs'][0], ns_full_cmd, conv_status,
avi_ssl_prof)
return avi_ssl_prof
def convert_ssl_profile(self, profile):
"""
This function defines that convert ssl profile
:param profile: Object of ssl profile
:return: ssl profile
"""
avi_ssl_prof = dict()
netscalar_cmd = 'add ssl profile'
profile_name = re.sub('[:]', '-', profile['attrs'][0])
# Added prefix for objects
if self.prefix:
profile_name = self.prefix + '-' + profile_name
avi_ssl_prof['name'] = profile_name
avi_ssl_prof['tenant_ref'] = self.tenant_ref
scn = profile.get('sendCloseNotify', 'NO')
scn = True if scn == 'YES' else False
avi_ssl_prof['send_close_notify'] = scn
accepted_versions = []
if profile.get('tls1', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1"})
if profile.get('tls11', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1_1"})
if profile.get('tls12', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1_2"})
avi_ssl_prof["accepted_versions"] = accepted_versions
conv_status = ns_util.get_conv_status(
profile, self.profile_ssl_prof_skip, self.profile_ssl_prof_indirect,
self.profile_ssl_prof_na,
user_ignore_val=self.profile_ssl_prof_user_ignore)
ns_full_cmd = ns_util.get_netscalar_full_command(netscalar_cmd, profile)
# Add summery in CSV/report for ssl profile
ns_util.add_conv_status(
profile['line_no'], netscalar_cmd, profile['attrs'][0], ns_full_cmd,
conv_status, avi_ssl_prof)
return avi_ssl_prof
def convert_ns_service_group(self, ns_service_group, ns_servers,
ns_dns, avi_config):
"""
This function defines that returns the monitor ref and servers
:param ns_service_group: Object of service group
:param ns_servers: List of servers
:param ns_dns: list of dns addrec
:return: servers and monitor ref
"""
servers = []
monitor_name = None
if isinstance(ns_service_group, dict):
ns_service_group = [ns_service_group]
for server_binding in ns_service_group:
attrs = server_binding.get('attrs')
ns_bind_service_group_command = 'bind serviceGroup'
group_status = \
ns_util.get_conv_status(
server_binding, self.nsservice_bind_sg_skip, [], [],
user_ignore_val=self.nsservice_bind_sg_user_ignore)
ns_bind_service_group_complete_command = \
ns_util.get_netscalar_full_command(
ns_bind_service_group_command, server_binding)
if server_binding.get('monitorName', None):
monitor_name = server_binding.get('monitorName')
# Added prefix for objects
if self.prefix:
monitor_name = self.prefix + '-' + monitor_name
if self.object_merge_check:
# Get the merge health monitor name
monitor_name = merge_object_mapping['health_monitor'].get(
monitor_name, None)
monitor = [monitor for monitor in avi_config['HealthMonitor']
if monitor['name'] == monitor_name]
if monitor:
# Add summery of service group in CSV/report
ns_util.add_conv_status(
server_binding['line_no'], ns_bind_service_group_command,
attrs[0], ns_bind_service_group_complete_command,
group_status, monitor[0])
else:
LOG.warning('External Health monitor: %s' %
ns_bind_service_group_complete_command)
# Skipped bind service group if doen not server
ns_util.add_status_row(
server_binding['line_no'], ns_bind_service_group_command,
attrs[0], ns_bind_service_group_complete_command,
STATUS_EXTERNAL_MONITOR)
continue
server = ns_servers.get(attrs[1])
if not server:
# Skipped bind service group if doen not server
ns_util.add_status_row(
server_binding['line_no'], ns_bind_service_group_command,
attrs[0], ns_bind_service_group_complete_command,
STATUS_INCOMPLETE_CONFIGURATION)
LOG.error('Skipped server : %s' %
ns_bind_service_group_complete_command)
continue
ns_add_server_command = 'add server'
ns_add_server_complete_command = \
ns_util.get_netscalar_full_command(
ns_add_server_command, server)
status = ns_util.get_conv_status(
server, self.nsservice_server_skip, [], [],
user_ignore_val=self.nsservice_server_user_ignore)
ip_addr = server['attrs'][1]
if ip_addr in ns_dns:
if isinstance(ns_dns[ip_addr], list):
ip_addr = ns_dns[ip_addr][0]['attrs'][1]
elif isinstance(ns_dns[ip_addr], dict):
ip_addr = ns_dns[ip_addr]['attrs'][1]
enabled = True
state = server.get('state', 'ENABLED')
if not state == 'ENABLED':
enabled = False
port = attrs[2]
if port in ("*", "0"):
port = "1"
matches = re.findall('[0-9]+.[[0-9]+.[0-9]+.[0-9]+', ip_addr)
server_obj = {
'ip': {
'addr': ip_addr,
'type': 'V4'
},
'port': port,
'enabled': enabled,
'health_monitor': server_binding.get('monitorName')
}
if not matches:
# Skipped this server if it does not have an Ip
ns_util.add_status_row(
server['line_no'], ns_add_server_command, server['attrs'][0],
ns_add_server_complete_command,
STATUS_INCOMPLETE_CONFIGURATION)
LOG.warning('Not found IP of server : %s %s' %
(ns_add_server_command, attrs[1]))
ns_util.add_status_row(
server_binding['line_no'], ns_bind_service_group_command,
attrs[0], ns_bind_service_group_complete_command,
STATUS_INCOMPLETE_CONFIGURATION)
LOG.error('Skipped server : %s' %
ns_bind_service_group_complete_command)
server_obj = None
if server_obj:
servers.append(server_obj)
# Add summery of add server in CSV/report
ns_util.add_conv_status(
server['line_no'], ns_add_server_command, server['attrs'][0],
ns_add_server_complete_command, status, server_obj)
# Add summery of service group in CSV/report
ns_util.add_conv_status(
server_binding['line_no'], ns_bind_service_group_command,
attrs[0], ns_bind_service_group_complete_command,
group_status, server_obj)
return servers, monitor_name
def get_service_montor(self, service_name, bind_ns_service, avi_config):
"""
This function defines that return the list of health monitor references
which is bind to service
:param service_name: Name of service
:param bind_ns_service: List of bind services
:param avi_config: Dict of avi config
:return: Return the list of monitor ref
"""
monitor_refs = []
bind_service = bind_ns_service.get(service_name, None)
bind_service_command = 'bind service'
if bind_service:
if isinstance(bind_service, dict):
bind_service = [bind_service]
for service in bind_service:
full_bind_service_command = \
ns_util.get_netscalar_full_command(bind_service_command,
service)
if service and service.get('monitorName', None):
monitor_name = service.get('monitorName')
# Added prefix for objects
if self.prefix:
monitor_name = self.prefix + '-' + monitor_name
if self.object_merge_check:
# Get the merge health monitor name
monitor_name = merge_object_mapping[
'health_monitor'].get(monitor_name, None)
monitor = [monitor for monitor in avi_config['HealthMonitor']
if monitor['name'] == monitor_name]
if not monitor:
monitor_name = '%s-%s' %(monitor_name, 'dummy')
monitor = [monitor for monitor in
avi_config['HealthMonitor']
if monitor['name'] == monitor_name]
if not monitor:
skipped_status = 'External Monitor : Not supported ' \
'Health monitor %s' % \
full_bind_service_command
LOG.warning(skipped_status)
ns_util.add_status_row(
service['line_no'], bind_service_command,
service_name, full_bind_service_command,
STATUS_EXTERNAL_MONITOR, skipped_status)
continue
monitor_refs.append(monitor_name)
LOG.info('Conversion successful : %s' %
full_bind_service_command)
# Successful if health monitor found in AVI
ns_util.add_status_row(
service['line_no'], bind_service_command, service_name,
full_bind_service_command, STATUS_SUCCESSFUL,
service.get('monitorName'))
else:
skipped_status = 'Skipped : Not found Health monitor %s' \
% full_bind_service_command
LOG.warning(skipped_status)
# Skipped if health monitor not found in AVI
ns_util.add_status_row(
service['line_no'], bind_service_command, service_name,
full_bind_service_command, STATUS_SKIPPED,
skipped_status)
return monitor_refs
def service_convert(self, ns_config, avi_config):
"""
This function is defines that convert service to pool
:param ns_config: Dict of netscalar commands
:param avi_config: Dict of AVI
:return: None
"""
used_pool_ref = []
avi_config['Pool'] = []
ns_services = ns_config.get('add service', {})
bind_service_group = ns_config.get('bind serviceGroup', {})
ns_servers = ns_config.get('add server', {})
ns_dns = ns_config.get('add dns addRec', {})
bind_ns_service = ns_config.get('bind service', {})
ns_service_groups = ns_config.get('add serviceGroup', {})
set_ssl_service_group = ns_config.get('set ssl serviceGroup', {})
set_ssl_service = ns_config.get('set ssl service', {})
bind_ssl_service = ns_config.get('bind ssl service', {})
bind_ssl_service_group = ns_config.get('bind ssl serviceGroup', {})
for key in ns_services:
service = ns_services.get(key, {})
service_command = 'add service'
service_name = key
service_netscalar_full_command = \
ns_util.get_netscalar_full_command(service_command, service)
server = self.convert_ns_service(service, ns_servers, ns_dns)
if not server:
LOG.warning('Skipped:No server found %s' %
service_netscalar_full_command)
# Skipped service if No sserver node
ns_util.add_status_row(
service['line_no'], service_command, service_name,
service_netscalar_full_command,
STATUS_INCOMPLETE_CONFIGURATION)
continue
pool_name = re.sub('[:]', '-', service_name + '-pool')
# Addded prefix for objects
if self.prefix:
pool_name = self.prefix + '-' + pool_name
pool_obj = {
'name': pool_name,
'servers': [server],
'health_monitor_refs': [],
'tenant_ref': self.tenant_ref,
'cloud_ref': self.cloud_ref
}
# Add health monitor reference to pool
monitor_refs = self.get_service_montor(service_name,
bind_ns_service, avi_config)
if monitor_refs:
pool_obj['health_monitor_refs'] = list(set(monitor_refs))
ssl_service = set_ssl_service.get(key, None)
if ssl_service:
bind_ssl_service_conf = bind_ssl_service.get(key, [])
if isinstance(bind_ssl_service_conf, dict):
bind_ssl_service_conf = [bind_ssl_service_conf]
for service_conf in bind_ssl_service_conf:
if service_conf.get('CA', None):
# Added prefix for objects
pkiname = self.prefix + '-' + service_conf['CA'] if \
self.prefix else service_conf['CA']
if self.object_merge_check:
pkiname = merge_object_mapping['pki_profile'].get(
pkiname, None)
if [pki for pki in avi_config['PKIProfile']
if pki['name'] == pkiname]:
updated_pki_ref = ns_util.get_object_ref(pkiname,
OBJECT_TYPE_PKI_PROFILE, self.tenant_name)
pool_obj['pki_profile_ref'] = updated_pki_ref
if service_conf.get('certkeyName', None):
# Added prefix for objects
certname = self.prefix + '-' + \
service_conf['certkeyName'] if \
self.prefix else service_conf['certkeyName']
if [key_cert for key_cert in avi_config[
'SSLKeyAndCertificate'] if key_cert[
'name'] == certname]:
ssl_key_cert_ref = ns_util.get_object_ref(certname,
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
pool_obj['ssl_key_and_certificate_ref'] = \
ssl_key_cert_ref
elif [key_cert for key_cert in avi_config[
'SSLKeyAndCertificate'] if key_cert[
'name'] == certname + '-dummy']:
ssl_key_cert_ref = ns_util.get_object_ref(
certname + '-dummy',
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
pool_obj['ssl_key_and_certificate_ref'] = \
ssl_key_cert_ref
ssl_profile_name = re.sub('[:]', '-', key)
# Added prefix for objects
if self.prefix:
ssl_profile_name = self.prefix + '-' + ssl_profile_name
if self.object_merge_check:
# Get the merge ssl profile name
ssl_profile_name = merge_object_mapping['ssl_profile'].get(
ssl_profile_name, None)
if [ssl_prof for ssl_prof in avi_config['SSLProfile']
if ssl_prof['name'] == ssl_profile_name]:
updated_ssl_profile_ref = ns_util.get_object_ref(
ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
self.tenant_name)
pool_obj['ssl_profile_ref'] = updated_ssl_profile_ref
if pool_obj.get('pki_profile_ref', None) or \
pool_obj.get('ssl_key_and_certificate_ref', None) or \
pool_obj.get('ssl_profile_ref', None):
# Remove health monitor reference of http type if pool has
# ssl profile or pki profile or ssl cert key
ns_util.remove_http_mon_from_pool(avi_config, pool_obj)
if len(pool_obj['health_monitor_refs']) > 6:
pool_obj['health_monitor_refs'] = \
pool_obj['health_monitor_refs'][:6]
if pool_obj['health_monitor_refs']:
updated_health_monitor_ref = []
for health_monitor_ref in pool_obj['health_monitor_refs']:
updated_health_monitor_ref.append(
ns_util.get_object_ref(
health_monitor_ref, OBJECT_TYPE_HEALTH_MONITOR,
self.tenant_name))
pool_obj['health_monitor_refs'] = updated_health_monitor_ref
avi_config['Pool'].append(pool_obj)
LOG.warning('Conversion successful: %s' %
service_netscalar_full_command)
# Add summery of this service in CSV/report
conv_status = ns_util.get_conv_status(
service, self.nsservice_bind_lb_skipped, [], [],
user_ignore_val=self.nsservice_bind_lb_user_ignore)
ns_util.add_conv_status(
service['line_no'], service_command, service_name,
service_netscalar_full_command, conv_status, pool_obj)
for group_key in ns_service_groups:
service_group_command = 'add serviceGroup'
service_group = ns_service_groups.get(group_key, {})
service_group_name = group_key
service_group_netscalar_full_command = \
ns_util.get_netscalar_full_command(
service_group_command, service_group)
bind_groups = bind_service_group.get(service_group['attrs'][0], [])
servers, monitor_ref = self.convert_ns_service_group(
bind_groups, ns_servers, ns_dns, avi_config)
if not servers:
LOG.warning('Skipped:No server found %s' %
service_group_netscalar_full_command)
# Skipped this service group if No server found
ns_util.add_status_row(
service_group['line_no'], service_group_command,
service_group_name, service_group_netscalar_full_command,
STATUS_INCOMPLETE_CONFIGURATION)
continue
pool_name = re.sub('[:]', '-', service_group_name + '-pool')
# Added prefix for objects
if self.prefix:
pool_name = self.prefix + '-' + pool_name
pool_obj = {
'name': pool_name,
'servers': servers,
'health_monitor_refs': [],
'tenant_ref': self.tenant_ref,
'cloud_ref': self.cloud_ref
}
# Add health monitor reference to pool
if monitor_ref and [monitor for monitor in
avi_config['HealthMonitor']
if monitor['name'] == monitor_ref]:
pool_obj['health_monitor_refs'].append(monitor_ref)
ssl_service_group = set_ssl_service_group.get(group_key, None)
if ssl_service_group:
bind_ssl_service_group_conf = \
bind_ssl_service_group.get(group_key, [])
if isinstance(bind_ssl_service_group_conf, dict):
bind_ssl_service_group_conf = [bind_ssl_service_group_conf]
for ssl_service_conf in bind_ssl_service_group_conf:
if ssl_service_conf.get('CA', None):
# Added prefix for objects
pkiname = self.prefix + '-' + ssl_service_conf['CA'] \
if self.prefix else ssl_service_conf['CA']
if self.object_merge_check:
pkiname = merge_object_mapping['pki_profile'].get(
pkiname, None)
if [pki for pki in avi_config['PKIProfile']
if pki['name'] == pkiname]:
updated_pki_ref = ns_util.get_object_ref(pkiname,
OBJECT_TYPE_PKI_PROFILE, self.tenant_name)
pool_obj['pki_profile_ref'] = updated_pki_ref
if ssl_service_conf.get('certkeyName', None):
certname = self.prefix + '-' + \
service_conf['certkeyName'] if \
self.prefix else service_conf.get['certkeyName']
if [key_cert for key_cert in avi_config[
'SSLKeyAndCertificate'] if key_cert['name'] ==
certname]:
ssl_key_cert_ref = ns_util.get_object_ref(certname,
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
pool_obj['ssl_key_and_certificate_ref'] = \
ssl_key_cert_ref
elif [key_cert for key_cert in avi_config[
'SSLKeyAndCertificate'] if key_cert[
'name'] == certname + '-dummy']:
ssl_key_cert_ref = ns_util.get_object_ref(
certname + '-dummy',
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
pool_obj['ssl_key_and_certificate_ref'] = \
ssl_key_cert_ref
ssl_profile_name = re.sub('[:]', '-', group_key)
# Added prefix for objects
if self.prefix:
ssl_profile_name = self.prefix + '-' + ssl_profile_name
if self.object_merge_check:
# Get the merge ssl profile name
ssl_profile_name = merge_object_mapping['ssl_profile'].get(
ssl_profile_name, None)
if [ssl_prof for ssl_prof in avi_config['SSLProfile']
if ssl_prof['name'] == ssl_profile_name]:
updated_ssl_profile_ref = ns_util.get_object_ref(
ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
self.tenant_name)
pool_obj['ssl_profile_ref'] = updated_ssl_profile_ref
if pool_obj.get('pki_profile_ref', None) or \
pool_obj.get('ssl_key_and_certificate_ref', None) or \
pool_obj.get('ssl_profile_ref', None):
# Remove health monitor reference of http type if pool has
# ssl profile or pki profile or ssl cert key
ns_util.remove_http_mon_from_pool(avi_config, pool_obj)
if len(pool_obj['health_monitor_refs']) > 6:
pool_obj['health_monitor_refs'] = \
pool_obj['health_monitor_refs'][:6]
if pool_obj['health_monitor_refs']:
if pool_obj['health_monitor_refs']:
updated_health_monitor_ref = []
for health_monitor_ref in pool_obj['health_monitor_refs']:
updated_health_monitor_ref.append(
ns_util.get_object_ref(
health_monitor_ref, OBJECT_TYPE_HEALTH_MONITOR,
self.tenant_name))
pool_obj['health_monitor_refs'] = updated_health_monitor_ref
avi_config['Pool'].append(pool_obj)
LOG.warning('Conversion successful: %s' %
service_group_netscalar_full_command)
# Add summery of this service group in CSV/report
conv_status = ns_util.get_conv_status(
service_group, self.nsservice_bind_lb_skipped, [], [],
user_ignore_val=self.nsservice_bind_lb_user_ignore)
ns_util.add_conv_status(
service_group['line_no'], service_group_command,
service_group_name, service_group_netscalar_full_command,
conv_status, pool_obj)
def convert(self, ns_config, avi_config, input_dir):
"""
This function defines that convert netscalar profiles to avi profiles
:param ns_config: It is dict of all netscalar commands which are
supported by AVI
:param avi_config: dict of AVI
:param input_dir: input dir path for key and cert
:param tenant_ref: Tenant
:param cloud_ref: Cloud ref
:return: None
"""
http_profiles = ns_config.get('add ns httpProfile', {})
tcp_profiles = ns_config.get('add ns tcpProfile', {})
ssl_mappings = ns_config.get('bind ssl vserver', {})
ssl_profiles = ns_config.get('add ssl profile', {})
ssl_vs_mapping = ns_config.get('set ssl vserver', {})
ssl_key_and_cert = ns_config.get('add ssl certKey', {})
set_ssl_service = ns_config.get('set ssl service', {})
bind_ssl_service = ns_config.get('bind ssl service', {})
set_ssl_service_group = ns_config.get('set ssl serviceGroup', {})
bind_ssl_service_group = ns_config.get('bind ssl serviceGroup', {})
#avi_config['ApplicationProfile'] = []
#avi_config['NetworkProfile'] = []
avi_config["SSLKeyAndCertificate"] = []
#avi_config["SSLProfile"] = []
#avi_config["PKIProfile"] = []
LOG.debug("Conversion started for HTTP profiles")
for key in http_profiles.keys():
ns_http_profile_command = 'add ns httpProfile'
profile = http_profiles[key]
ns_http_profile_complete_command = \
ns_util.get_netscalar_full_command(ns_http_profile_command,
profile)
app_profile = self.convert_http_profile(profile)
if app_profile:
conv_status = ns_util.get_conv_status(
profile,
self.profile_http_skip, [],
self.profile_http_indirect,
user_ignore_val=self.profile_http_user_ignore)
# Add summery in CSV/report for http profile
ns_util.add_conv_status(profile['line_no'],
ns_http_profile_command, key,
ns_http_profile_complete_command,
conv_status, app_profile)
if self.object_merge_check:
# Check application profile is duplicate of other
# application profile then skipped this application
# profile and increment of count of
# application_merge_count
dup_of = ns_util.update_skip_duplicates(
app_profile, avi_config['ApplicationProfile'],
'app_profile', merge_object_mapping, key, 'HTTP',
self.prefix)
if dup_of:
app_merge_count['count'] += 1
else:
avi_config['ApplicationProfile'].append(app_profile)
else:
avi_config['ApplicationProfile'].append(app_profile)
LOG.debug("HTTP profiles conversion completed")
LOG.debug("Conversion started for TCP profiles")
for key in tcp_profiles.keys():
ns_tcp_profile_command = 'add ns tcpProfile'
profile = tcp_profiles[key]
ns_tcp_profile_complete_command = \
ns_util.get_netscalar_full_command(ns_tcp_profile_command,
profile)
net_profile = self.convert_tcp_profile(profile)
if net_profile:
# Add summery in CSV/report for tcp profile
conv_status = ns_util.get_conv_status(
profile,
self.profile_tcp_skip, [],
self.profile_tcp_indirect,
user_ignore_val=self.profile_tcp_user_ignore)
ns_util.add_conv_status(profile['line_no'],
ns_tcp_profile_command, key,
ns_tcp_profile_complete_command,
conv_status, net_profile)
if self.object_merge_check:
# Check network profile is duplicate of other
# network profile then skipped this application
# profile and increment of count of
# network_merge_count
dup_of = ns_util.update_skip_duplicates(
net_profile, avi_config['NetworkProfile'],
'network_profile', merge_object_mapping, key, 'TCP',
self.prefix)
if dup_of:
self.network_merge_count += 1
else:
avi_config['NetworkProfile'].append(net_profile)
else:
avi_config['NetworkProfile'].append(net_profile)
LOG.debug("TCP profiles conversion completed")
LOG.debug("Conversion started for SSL profiles")
for key in ssl_mappings:
mapping = ssl_mappings[key]
if isinstance(mapping, dict):
mapping = [mapping]
obj = self.get_key_cert(mapping, ssl_key_and_cert, input_dir, None,
ns_config, 'bind ssl vserver')
if obj.get('cert', None):
avi_config["SSLKeyAndCertificate"].append(obj.get('cert'))
if obj.get('pki', None):
if self.object_merge_check:
# Check pki profile is duplicate of other pki profile then
# skipped this pki profile and increment of count of
# pki_merge_count
dup_of = ns_util.update_skip_duplicates(
obj['pki'], avi_config['PKIProfile'], 'pki_profile',
merge_object_mapping, obj['pki']['name'], None,
self.prefix)
if dup_of:
self.pki_merge_count += 1
else:
avi_config["PKIProfile"].append(obj['pki'])
else:
avi_config["PKIProfile"].append(obj['pki'])
# set ssl vserver conversion
self.convert_ssl_service_profile(set_ssl_service, bind_ssl_service,
ssl_key_and_cert, input_dir,
ns_config, avi_config,
'set ssl service', 'bind ssl service')
# Set ssl service conversion
self.convert_ssl_service_profile(ssl_vs_mapping, ssl_mappings,
ssl_key_and_cert, input_dir,
ns_config, avi_config,
'set ssl vserver', 'bind ssl vserver')
# Set ssl servicegroup conversion
self.convert_ssl_service_profile(set_ssl_service_group,
bind_ssl_service_group,
ssl_key_and_cert, input_dir,
ns_config, avi_config,
'set ssl serviceGroup',
'bind ssl serviceGroup')
LOG.debug("SSL profiles conversion completed")
def convert(self, ns_config, avi_config, input_dir):
"""
This functions defines that convert health monitor
:param ns_config: Dict of netscalar commands
:param avi_config: Dict of AVI
:param input_dir: Input dir for command_code
:return: None
"""
netscalar_command = 'add lb monitor'
LOG.debug("Conversion started for Health Monitors")
ns_monitors = ns_config.get('add lb monitor', {})
for name in ns_monitors.keys():
ns_monitor = ns_monitors.get(name)
ns_monitor_complete_command = \
ns_util.get_netscalar_full_command(netscalar_command,
ns_monitor)
ns_monitor_type = ns_monitor['attrs'][1]
if ns_monitor_type not in self.ns_monitor_types_supported:
# Skipped health monitor if type is not supported
avi_monitor = self.convert_monitor(
ns_monitor, input_dir, netscalar_command,
ns_monitor_complete_command)
if not avi_monitor:
continue
avi_monitor['name'] = '%s-%s' % (avi_monitor['name'], 'dummy')
avi_monitor["type"] = "HEALTH_MONITOR_EXTERNAL"
ext_monitor = {
"command_code": "",
}
avi_monitor["external_monitor"] = ext_monitor
avi_config['HealthMonitor'].append(avi_monitor)
ns_util.add_status_row(ns_monitor['line_no'],
netscalar_command, name,
ns_monitor_complete_command,
STATUS_EXTERNAL_MONITOR)
LOG.warning('Monitor type %s not supported created dummy '
'external monitor:%s' % (ns_monitor_type, name))
continue
avi_monitor = self.convert_monitor(ns_monitor, input_dir,
netscalar_command,
ns_monitor_complete_command)
if not avi_monitor:
continue
# Add summery of this lb vs in CSV/report
conv_status = ns_util.get_conv_status(
ns_monitor,
self.monitor_skip_attrs,
self.monitor_na_attrs,
self.monitor_indirect_list,
ignore_for_val=self.monitor_ignore_vals,
user_ignore_val=self.user_ignore)
ns_util.add_conv_status(ns_monitor['line_no'], netscalar_command,
name, ns_monitor_complete_command,
conv_status, avi_monitor)
if self.object_merge_check:
# Check health monitor is duplicate of other
# health monitor then skipped this health
# monitor and increment of count of
# monitor_merge_count
dup_of = ns_util.update_skip_duplicates(
avi_monitor, avi_config['HealthMonitor'], 'health_monitor',
merge_object_mapping, avi_monitor['name'], ns_monitor_type,
self.prefix)
if dup_of:
self.monitor_merge_count += 1
else:
avi_config['HealthMonitor'].append(avi_monitor)
else:
avi_config['HealthMonitor'].append(avi_monitor)
LOG.debug("Health monitor conversion completed : %s" % name)
def convert_ssl_service_profile(self, set_ssl_service, bind_ssl_service,
ssl_key_and_cert, input_dir, ns_config,
avi_config, set_ssl_service_command,
bind_ssl_service_command):
"""
This function defines that convert ssl profiles
:param set_ssl_service: dict of set_ssl_service netscalar command
:param bind_ssl_service: dict of bind_ssl_service netscalar command
:param ssl_key_and_cert: dict of set_ssl_service netscalar command
:param input_dir: path of input dir which keeps cert and key
:param ns_config: It is dict of all netscalar commands which are
supported by AVI
:param avi_config: dict of AVI
:param set_ssl_service_command: netscalar command set ssl
:param bind_ssl_service_command: netscalar command bind ssl
:return: None
"""
for key in set_ssl_service:
ssl_service = set_ssl_service[key]
full_set_ssl_service_command = ns_util.get_netscalar_full_command(
set_ssl_service_command, ssl_service)
ssl_profile_name = ssl_service['attrs'][0]
ssl_profile_name = re.sub('[:]', '-', ssl_profile_name)
# Added prefix for objects
if self.prefix:
updated_ssl_profile_name = self.prefix + '-' + ssl_profile_name
else:
updated_ssl_profile_name = ssl_profile_name
ssl_profile = {
'name': updated_ssl_profile_name,
'tenant_ref': self.tenant_ref,
'accepted_versions': []
}
# set ssl service
sess_reuse = ssl_service.get('sessReuse', None)
if sess_reuse == 'DISABLED':
ssl_profile['enable_ssl_session_reuse'] = False
if ssl_service.get('sessTimeout', None):
ssl_profile['ssl_session_timeout'] = \
int(ssl_service.get('sessTimeout'))
accepted_versions = []
if ssl_service.get('tls1', 'ENABLED') == 'ENABLED':
accepted_versions.append({'type': 'SSL_VERSION_TLS1'})
if ssl_service.get('tls11', 'ENABLED') == 'ENABLED':
accepted_versions.append({'type': 'SSL_VERSION_TLS1_1'})
if ssl_service.get('tls12', 'ENABLED') == 'ENABLED':
accepted_versions.append({'type': 'SSL_VERSION_TLS1_2'})
if accepted_versions:
ssl_profile['accepted_versions'] = accepted_versions
else:
ssl_profile['accepted_versions'].append(
{'type': 'SSL_VERSION_TLS1_1'})
send_close_notify = ssl_service.get('sendCloseNotify', None)
if send_close_notify == 'NO':
ssl_profile['send_close_notify'] = False
# bind ssl service
binding_mapping = bind_ssl_service.get(ssl_profile_name, [])
if isinstance(binding_mapping, dict):
binding_mapping = [binding_mapping]
obj = self.get_key_cert(
binding_mapping, ssl_key_and_cert, input_dir, None, ns_config,
bind_ssl_service_command)
if obj.get('accepted_ciphers', None):
# Todo supported only valid ciphers
ssl_profile['accepted_ciphers'] = obj.get('accepted_ciphers')
# ssl_profile['accepted_ciphers'] = 'AES:3DES:RC4'
if obj.get('cert', None):
avi_config["SSLKeyAndCertificate"].append(obj.get('cert'))
if obj.get('pki', None):
if self.object_merge_check:
# Check pki profile is duplicate of other pki profile then
# skipped this pki profile and increment of count of
# pki_merge_count
dup_of = ns_util.update_skip_duplicates(obj['pki'],
avi_config['PKIProfile'], 'pki_profile',
merge_object_mapping, obj['pki']['name'], None,
self.prefix)
if dup_of:
self.pki_merge_count += 1
else:
avi_config["PKIProfile"].append(obj['pki'])
else:
avi_config["PKIProfile"].append(obj['pki'])
if self.object_merge_check:
# Check ssl profile is duplicate of other ssl profile then
# skipped this application profile and increment of count
# of ssl_merge_count
# Added prefix for objects
if self.prefix:
ssl_profile_name = self.prefix + '-' + ssl_profile_name
dup_of = ns_util.update_skip_duplicates(
ssl_profile, avi_config['SSLProfile'], 'ssl_profile',
merge_object_mapping, ssl_profile_name, None, self.prefix)
if dup_of:
self.ssl_merge_count += 1
else:
avi_config['SSLProfile'].append(ssl_profile)
else:
avi_config['SSLProfile'].append(ssl_profile)
LOG.info('Conversion successful: %s' % full_set_ssl_service_command)
conv_status = ns_util.get_conv_status(
ssl_service, self.profile_set_ssl_service_skip,
self.profile_set_ssl_service_indirect, [],
user_ignore_val=self.profile_set_ssl_service_user_ignore)
# Add summery in CSV/report for ssl service
ns_util.add_conv_status(
ssl_service['line_no'], set_ssl_service_command, key,
full_set_ssl_service_command, conv_status, ssl_profile)
LOG.debug("SSL profiles conversion completed")
def convert(self, ns_config, avi_config, input_dir):
"""
This function defines that convert netscalar profiles to avi profiles
:param ns_config: It is dict of all netscalar commands which are
supported by AVI
:param avi_config: dict of AVI
:param input_dir: input dir path for key and cert
:param tenant_ref: Tenant
:param cloud_ref: Cloud ref
:return: None
"""
http_profiles = ns_config.get('add ns httpProfile', {})
tcp_profiles = ns_config.get('add ns tcpProfile', {})
ssl_mappings = ns_config.get('bind ssl vserver', {})
ssl_profiles = ns_config.get('add ssl profile', {})
ssl_vs_mapping = ns_config.get('set ssl vserver', {})
ssl_key_and_cert = ns_config.get('add ssl certKey', {})
set_ssl_service = ns_config.get('set ssl service', {})
bind_ssl_service = ns_config.get('bind ssl service', {})
set_ssl_service_group = ns_config.get('set ssl serviceGroup', {})
bind_ssl_service_group = ns_config.get('bind ssl serviceGroup', {})
#avi_config['ApplicationProfile'] = []
#avi_config['NetworkProfile'] = []
avi_config["SSLKeyAndCertificate"] = []
#avi_config["SSLProfile"] = []
#avi_config["PKIProfile"] = []
LOG.debug("Conversion started for HTTP profiles")
for key in http_profiles.keys():
ns_http_profile_command = 'add ns httpProfile'
profile = http_profiles[key]
ns_http_profile_complete_command = \
ns_util.get_netscalar_full_command(ns_http_profile_command,
profile)
app_profile = self.convert_http_profile(profile)
if app_profile:
conv_status = ns_util.get_conv_status(
profile, self.profile_http_skip, [],
self.profile_http_indirect,
user_ignore_val=self.profile_http_user_ignore)
# Add summery in CSV/report for http profile
ns_util.add_conv_status(
profile['line_no'], ns_http_profile_command, key,
ns_http_profile_complete_command, conv_status, app_profile)
if self.object_merge_check:
# Check application profile is duplicate of other
# application profile then skipped this application
# profile and increment of count of
# application_merge_count
dup_of = ns_util.update_skip_duplicates(app_profile,
avi_config['ApplicationProfile'], 'app_profile',
merge_object_mapping, key, 'HTTP', self.prefix)
if dup_of:
app_merge_count['count'] += 1
else:
avi_config['ApplicationProfile'].append(app_profile)
else:
avi_config['ApplicationProfile'].append(app_profile)
LOG.debug("HTTP profiles conversion completed")
LOG.debug("Conversion started for TCP profiles")
for key in tcp_profiles.keys():
ns_tcp_profile_command = 'add ns tcpProfile'
profile = tcp_profiles[key]
ns_tcp_profile_complete_command = \
ns_util.get_netscalar_full_command(ns_tcp_profile_command,
profile)
net_profile = self.convert_tcp_profile(profile)
if net_profile:
# Add summery in CSV/report for tcp profile
conv_status = ns_util.get_conv_status(
profile, self.profile_tcp_skip, [],
self.profile_tcp_indirect,
user_ignore_val=self.profile_tcp_user_ignore)
ns_util.add_conv_status(
profile['line_no'], ns_tcp_profile_command, key,
ns_tcp_profile_complete_command, conv_status, net_profile)
if self.object_merge_check:
# Check network profile is duplicate of other
# network profile then skipped this application
# profile and increment of count of
# network_merge_count
dup_of = ns_util.update_skip_duplicates(net_profile,
avi_config['NetworkProfile'], 'network_profile',
merge_object_mapping, key, 'TCP', self.prefix)
if dup_of:
self.network_merge_count += 1
else:
avi_config['NetworkProfile'].append(net_profile)
else:
avi_config['NetworkProfile'].append(net_profile)
LOG.debug("TCP profiles conversion completed")
LOG.debug("Conversion started for SSL profiles")
for key in ssl_mappings:
mapping = ssl_mappings[key]
if isinstance(mapping, dict):
mapping = [mapping]
obj = self.get_key_cert(mapping, ssl_key_and_cert,
input_dir, None, ns_config,
'bind ssl vserver')
if obj.get('cert', None):
avi_config["SSLKeyAndCertificate"].append(obj.get('cert'))
if obj.get('pki', None):
if self.object_merge_check:
# Check pki profile is duplicate of other pki profile then
# skipped this pki profile and increment of count of
# pki_merge_count
dup_of = ns_util.update_skip_duplicates(obj['pki'],
avi_config['PKIProfile'], 'pki_profile',
merge_object_mapping, obj['pki']['name'], None,
self.prefix)
if dup_of:
self.pki_merge_count += 1
else:
avi_config["PKIProfile"].append(obj['pki'])
else:
avi_config["PKIProfile"].append(obj['pki'])
# set ssl vserver conversion
self.convert_ssl_service_profile(
set_ssl_service, bind_ssl_service, ssl_key_and_cert, input_dir,
ns_config, avi_config, 'set ssl service', 'bind ssl service')
# Set ssl service conversion
self.convert_ssl_service_profile(
ssl_vs_mapping, ssl_mappings, ssl_key_and_cert, input_dir,
ns_config, avi_config, 'set ssl vserver', 'bind ssl vserver')
# Set ssl servicegroup conversion
self.convert_ssl_service_profile(
set_ssl_service_group, bind_ssl_service_group, ssl_key_and_cert,
input_dir, ns_config, avi_config, 'set ssl serviceGroup',
'bind ssl serviceGroup')
LOG.debug("SSL profiles conversion completed")
def get_ciphers(self, cipher, ns_config):
"""
This function is define to get the ssl ciphers
:param cipher: cipher name
:param ns_config: netscalar configuration
:return: list of ciphers
"""
cipher_config = ns_config.get('add ssl cipher', {})
cipher_mapping = ns_config.get('bind ssl cipher', {})
lb_cipher = cipher_config.get(cipher, None)
bind_ciphers = cipher_mapping.get(cipher, None)
add_ssl_cipher_command = 'add ssl cipher'
bind_ssl_cipher_command = 'bind ssl cipher'
# added default ssl ciphers
if not (lb_cipher and bind_ciphers):
return ['AES:3DES:RC4']
ciphers = []
full_add_ssl_cipher_command = \
ns_util.get_netscalar_full_command(add_ssl_cipher_command,
lb_cipher)
LOG.info('Conversion successful: %s' % full_add_ssl_cipher_command)
# Add Successful status in CSV/report for add ssl cipher
ns_util.add_status_row(lb_cipher['line_no'], add_ssl_cipher_command,
cipher, full_add_ssl_cipher_command,
STATUS_SUCCESSFUL, None)
if isinstance(bind_ciphers, dict):
bind_ciphers = [bind_ciphers]
for bind_cipher in bind_ciphers:
full_bind_ssl_cipher_command = ns_util. \
get_netscalar_full_command(bind_ssl_cipher_command, bind_cipher)
if bind_cipher.get('cipherName', None):
not_supported_open_ssl_cipher = \
self.non_supported_netscaler_to_open_ssl_cipher. \
get(bind_cipher['cipherName'], None)
if not_supported_open_ssl_cipher:
# Skipped ssl cipher which AVI does not support
skipped_status = \
'Skipped: ssl cipher does not supported by avi: %s' \
% full_bind_ssl_cipher_command
LOG.warning(skipped_status)
# Add skipped status in xlsx/report for add ssl cipher
ns_util.add_status_row(bind_cipher['line_no'],
bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command,
STATUS_INDIRECT, skipped_status)
continue
supported_open_ssl_cipher = \
self.supported_netscaler_to_open_ssl_cipher. \
get(bind_cipher['cipherName'], None)
if supported_open_ssl_cipher:
avi_cipher = {
'accepted_ciphers': supported_open_ssl_cipher
}
ciphers.append(supported_open_ssl_cipher)
LOG.info('Conversion successful: %s' %
full_bind_ssl_cipher_command)
# Add Successful status in CSV/report for add ssl cipher
ns_util.add_status_row(bind_cipher['line_no'],
bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command,
STATUS_SUCCESSFUL, avi_cipher)
else:
# Skipped ssl cipher if cipher is None
skipped_status = 'Skipped: Cipher not match in avi: %s' \
% full_bind_ssl_cipher_command
LOG.warning(skipped_status)
# Add skipped status in xlsx/report for add ssl cipher
ns_util.add_status_row(bind_cipher['line_no'],
bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command,
STATUS_SKIPPED, skipped_status)
else:
skipped_status = 'Skipped: Does not get any ciphers: %s' \
% full_bind_ssl_cipher_command
LOG.warning(skipped_status)
# Add skipped status in CSV/report for add ssl cipher
ns_util.add_status_row(bind_cipher['line_no'],
bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command,
STATUS_SKIPPED, skipped_status)
if not ciphers:
return [cipher]
return ciphers
def get_key_cert(self, ssl_mappings, ssl_key_and_cert, input_dir,
avi_ssl_prof, ns_config, bind_ssl_cmd):
"""
This function defines that convert PKI, SSL, and sslkeyandcert profiles
:param ssl_mappings: List of bind ssl
:param ssl_key_and_cert: Object of ssl key and cert
:param input_dir: path of input dir which keeps key and cert
:param avi_ssl_prof: Object of ssl profile
:param ns_config: dict of netscalar commands
:param bind_ssl_cmd: list of binding ssl
:return: key and cert/ ssl profile/PKI profile
"""
obj = dict()
ciphers = []
for mapping in ssl_mappings:
key_passphrase = None
output = None
bind_ssl_full_cmd = ns_util.get_netscalar_full_command(
bind_ssl_cmd, mapping)
bind_ssl_success = False
skipped_status = None
if 'policyName' in mapping.keys():
skipped_status = 'Not supported: %s' % bind_ssl_full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
mapping['attrs'][0], bind_ssl_full_cmd,
STATUS_COMMAND_NOT_SUPPORTED)
continue
elif 'CA' in mapping.keys():
key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
if not key_cert or mapping['attrs'][0] in tmp_pki_profile_list:
continue
key_file_name = key_cert.get('key')
cert_file_name = key_cert.get('cert')
ca_str = None
crl_str = None
netscalar_cmd = 'add ssl certKey'
full_cmd = ns_util.get_netscalar_full_command(
netscalar_cmd, key_cert)
if not (key_file_name and cert_file_name):
skipped_status = 'Missing key or cert file: %s' \
% full_cmd
LOG.warning(skipped_status)
# Add skipped status in CSV/report for ssl cert key
ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd,
STATUS_MISSING_FILE, skipped_status)
skipped_status = 'Missing key or cert file: %s' % \
bind_ssl_full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
mapping['attrs'][0],
bind_ssl_full_cmd,
STATUS_MISSING_FILE, skipped_status)
continue
if key_file_name:
ca_str = ns_util.upload_file(input_dir + os.path.sep +
key_file_name)
if cert_file_name:
crl_str = ns_util.upload_file(input_dir + os.path.sep +
cert_file_name)
if ca_str:
pki_profile = dict()
pki_profile["ca_certs"] = [{'certificate': ca_str}]
crl_check = mapping.get('crlCheck', 'Optional')
if crl_check == 'Mandatory':
pki_profile['crl_check'] = True
else:
pki_profile['crl_check'] = False
if crl_str:
pki_profile["crls"] = [{'body': crl_str}]
pki_name = mapping['attrs'][0]
# Added prefix for objects
if self.prefix:
pki_name = self.prefix + '-' + pki_name
pki_profile["name"] = pki_name
pki_profile["tenant_ref"] = self.tenant_ref
obj['pki'] = pki_profile
output = pki_profile
bind_ssl_success = True
LOG.info('Conversion successful: %s' % full_cmd)
conv_status = ns_util.get_conv_status(
key_cert,
self.profile_add_key_cert_skip, [], [],
user_ignore_val=self.profile_add_key_cert_user_ignore)
# Add summery in CSV/report for PKI
ns_util.add_conv_status(key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd,
conv_status, obj['pki'])
tmp_pki_profile_list.append(pki_profile["name"])
else:
skipped_status = 'Missing key or cert file: %s' % full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd,
STATUS_MISSING_FILE, skipped_status)
skipped_status = 'Missing key or cert file: %s' % \
bind_ssl_full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
mapping['attrs'][0],
bind_ssl_full_cmd,
STATUS_MISSING_FILE, skipped_status)
continue
elif 'certkeyName' in mapping.keys():
key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
if not key_cert:
continue
netscalar_cmd = 'add ssl certKey'
full_cmd = ns_util.get_netscalar_full_command(
netscalar_cmd, key_cert)
key_file_name = key_cert.get('key')
cert_file_name = key_cert.get('cert')
if '/' in key_file_name:
key_file_name = str(key_file_name).split('/')[-1].strip(
'"')
if key_file_name and cert_file_name:
cert = ns_util.upload_file(input_dir + os.path.sep +
cert_file_name)
key = ns_util.upload_file(input_dir + os.path.sep +
key_file_name)
is_key_protected = False
if key:
# Check kay is passphrase protected or not
is_key_protected = ns_util.is_certificate_key_protected(
input_dir + os.path.sep + key_file_name)
if cert and key:
cert_date = c.load_certificate(
c.FILETYPE_PEM,
file(input_dir + os.path.sep + cert_file_name).read())
expiry_date = datetime.strptime(cert_date.get_notAfter(),
"%Y%m%d%H%M%SZ")
present_date = datetime.now()
if expiry_date < present_date:
LOG.warning("Certificate %s is expired creating self "
"signed cert." % cert_file_name)
cert, key = None, None
key_passphrase = None
# Get the key passphrase for key_file
if self.netscalar_passphrase_keys:
key_passphrase = self.netscalar_passphrase_keys.get(
key_file_name, None)
# if key is protected and does not find passphrase key
# then none the key
if is_key_protected and not key_passphrase:
key = None
if not cert or not key:
name = key_cert['attrs'][0] + '-dummy'
else:
name = key_cert['attrs'][0]
# Added prefix for objects
if self.prefix:
name = self.prefix + '-' + name
# Skipped this certificate if already exist
if name in tmp_ssl_key_and_cert_list:
ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd,
STATUS_INDIRECT)
ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
mapping['attrs'][0],
bind_ssl_full_cmd, STATUS_INDIRECT)
continue
# Generate dummy cert and key
if not cert or not key:
key, cert = ns_util.create_self_signed_cert()
LOG.warning('Create self cerificate and key for : %s' %
name)
ssl_kc_obj = None
if key and cert:
cert = {"certificate": cert}
ssl_kc_obj = {
'name': name,
'key': key,
'certificate': cert,
'type': 'SSL_CERTIFICATE_TYPE_VIRTUALSERVICE',
'tenant_ref': self.tenant_ref
}
# set the key passphrase for ssl key and certificate object
if key_passphrase:
ssl_kc_obj['key_passphrase'] = key_passphrase
tmp_ssl_key_and_cert_list.append(name)
obj['cert'] = ssl_kc_obj
output = ssl_kc_obj
# Add ssummery in CSV/report for ssl service
ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd,
STATUS_INDIRECT)
bind_ssl_success = True
else:
skipped_status = 'Skipped: Key and certificate not ' \
'generated : %s' % full_cmd
elif 'cipherName' in mapping.keys():
ciphers_keys = self.get_ciphers(mapping['cipherName'],
ns_config)
ciphers += ciphers_keys
ciphers = list(set(ciphers))
obj['accepted_ciphers'] = ':'.join(ciphers)
bind_ssl_success = True
output = obj
if not obj['accepted_ciphers']:
skipped_status = 'Skipped:Does not get any ciphers : %s' \
% bind_ssl_full_cmd
elif 'eccCurveName' in mapping.keys():
LOG.warning('Indirect : %s' % bind_ssl_full_cmd)
# Add indirect status in CSV/report for bind ssl service
ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
mapping['attrs'][0], bind_ssl_full_cmd,
STATUS_INDIRECT)
continue
conv_status = ns_util.get_conv_status(
mapping,
self.profile_bind_sslvs_skip, [], [],
user_ignore_val=self.profile_bind_sslvs_user_ignore)
if not bind_ssl_success:
LOG.warning(skipped_status)
# Add skipped status in CSV/report for bind ssl service
ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
mapping['attrs'][0], bind_ssl_full_cmd,
STATUS_SKIPPED, skipped_status)
continue
LOG.info('Conversion successful: %s' % bind_ssl_full_cmd)
# Add successful status in CSV/report for ssl service
ns_util.add_conv_status(mapping['line_no'], bind_ssl_cmd,
mapping['attrs'][0], bind_ssl_full_cmd,
conv_status, output)
return obj
def convert_ssl_service_profile(self, set_ssl_service, bind_ssl_service,
ssl_key_and_cert, input_dir, ns_config,
avi_config, set_ssl_service_command,
bind_ssl_service_command):
"""
This function defines that convert ssl profiles
:param set_ssl_service: dict of set_ssl_service netscalar command
:param bind_ssl_service: dict of bind_ssl_service netscalar command
:param ssl_key_and_cert: dict of set_ssl_service netscalar command
:param input_dir: path of input dir which keeps cert and key
:param ns_config: It is dict of all netscalar commands which are
supported by AVI
:param avi_config: dict of AVI
:param set_ssl_service_command: netscalar command set ssl
:param bind_ssl_service_command: netscalar command bind ssl
:return: None
"""
for key in set_ssl_service:
ssl_service = set_ssl_service[key]
full_set_ssl_service_command = ns_util.get_netscalar_full_command(
set_ssl_service_command, ssl_service)
ssl_profile_name = ssl_service['attrs'][0]
ssl_profile_name = re.sub('[:]', '-', ssl_profile_name)
# Added prefix for objects
if self.prefix:
updated_ssl_profile_name = self.prefix + '-' + ssl_profile_name
else:
updated_ssl_profile_name = ssl_profile_name
ssl_profile = {
'name': updated_ssl_profile_name,
'tenant_ref': self.tenant_ref,
'accepted_versions': []
}
# set ssl service
sess_reuse = ssl_service.get('sessReuse', None)
if sess_reuse == 'DISABLED':
ssl_profile['enable_ssl_session_reuse'] = False
if ssl_service.get('sessTimeout', None):
ssl_profile['ssl_session_timeout'] = \
int(ssl_service.get('sessTimeout'))
accepted_versions = []
if ssl_service.get('tls1', 'ENABLED') == 'ENABLED':
accepted_versions.append({'type': 'SSL_VERSION_TLS1'})
if ssl_service.get('tls11', 'ENABLED') == 'ENABLED':
accepted_versions.append({'type': 'SSL_VERSION_TLS1_1'})
if ssl_service.get('tls12', 'ENABLED') == 'ENABLED':
accepted_versions.append({'type': 'SSL_VERSION_TLS1_2'})
if accepted_versions:
ssl_profile['accepted_versions'] = accepted_versions
else:
ssl_profile['accepted_versions'].append(
{'type': 'SSL_VERSION_TLS1_1'})
send_close_notify = ssl_service.get('sendCloseNotify', None)
if send_close_notify == 'NO':
ssl_profile['send_close_notify'] = False
# bind ssl service
binding_mapping = bind_ssl_service.get(ssl_profile_name, [])
if isinstance(binding_mapping, dict):
binding_mapping = [binding_mapping]
obj = self.get_key_cert(binding_mapping, ssl_key_and_cert,
input_dir, None, ns_config,
bind_ssl_service_command)
if obj.get('accepted_ciphers', None):
# Todo supported only valid ciphers
ssl_profile['accepted_ciphers'] = obj.get('accepted_ciphers')
# ssl_profile['accepted_ciphers'] = 'AES:3DES:RC4'
if obj.get('cert', None):
avi_config["SSLKeyAndCertificate"].append(obj.get('cert'))
if obj.get('pki', None):
if self.object_merge_check:
# Check pki profile is duplicate of other pki profile then
# skipped this pki profile and increment of count of
# pki_merge_count
dup_of = ns_util.update_skip_duplicates(
obj['pki'], avi_config['PKIProfile'], 'pki_profile',
merge_object_mapping, obj['pki']['name'], None,
self.prefix)
if dup_of:
self.pki_merge_count += 1
else:
avi_config["PKIProfile"].append(obj['pki'])
else:
avi_config["PKIProfile"].append(obj['pki'])
if self.object_merge_check:
# Check ssl profile is duplicate of other ssl profile then
# skipped this application profile and increment of count
# of ssl_merge_count
# Added prefix for objects
if self.prefix:
ssl_profile_name = self.prefix + '-' + ssl_profile_name
dup_of = ns_util.update_skip_duplicates(
ssl_profile, avi_config['SSLProfile'], 'ssl_profile',
merge_object_mapping, ssl_profile_name, None, self.prefix)
if dup_of:
self.ssl_merge_count += 1
else:
avi_config['SSLProfile'].append(ssl_profile)
else:
avi_config['SSLProfile'].append(ssl_profile)
LOG.info('Conversion successful: %s' %
full_set_ssl_service_command)
conv_status = ns_util.get_conv_status(
ssl_service,
self.profile_set_ssl_service_skip,
self.profile_set_ssl_service_indirect, [],
user_ignore_val=self.profile_set_ssl_service_user_ignore)
# Add summery in CSV/report for ssl service
ns_util.add_conv_status(ssl_service['line_no'],
set_ssl_service_command, key,
full_set_ssl_service_command, conv_status,
ssl_profile)
LOG.debug("SSL profiles conversion completed")
def convert(self, ns_config, avi_config):
"""
Converts service or service groups bound to VS to avi Pool entity
:param ns_config: Netscaler parsed config
:param avi_config: Avi converted config
:param tenant_ref: Tenant
:param cloud_ref: Cloud ref
:return: None
"""
used_pool_ref = []
groups = ns_config.get('bind lb vserver', {})
lb_vs_conf = ns_config.get('add lb vserver', {})
avi_config['PoolGroup'] = []
set_lb_groups = ns_config.get('set lb group', {})
bind_lb_groups = ns_config.get('bind lb group', {})
ns_bind_lb_vserver_command = 'bind lb vserver'
# Conversion set ssl service netscalar commands to pool in AVI
self.service_convert(ns_config, avi_config)
ns_dns = ns_config.get('add dns addRec', {})
for dns_key in ns_dns:
dns_obj = ns_dns.get(dns_key, [])
if isinstance(dns_obj, dict):
dns_obj = [dns_obj]
ns_dns_command = 'add dns addRec'
for element in dns_obj:
ns_dns_complate_command = ns_util.get_netscalar_full_command(
ns_dns_command, element)
# Add status indirect to all add dns addRec netscalar commands
# which are indirectly converted to AVI
ns_util.add_status_row(
element['line_no'], ns_dns_command, dns_key,
ns_dns_complate_command, STATUS_INDIRECT)
for group_key in groups:
try:
if not group_key:
skipped_status = 'Skipped: No bind lb vserver found. ' \
'Skipped pool' % group_key
LOG.warning(skipped_status)
# Skipped service if could not found bind lb vs
ns_util.add_status_row(
None, ns_bind_lb_vserver_command, group_key, None,
STATUS_SKIPPED, skipped_status)
continue
group = groups.get(group_key)
if isinstance(group, dict):
group = [group]
lb_vs = lb_vs_conf.get(group_key)
ns_bind_lb_vserver_complete_command = \
ns_util.get_netscalar_full_command(
ns_bind_lb_vserver_command, group[0])
if not lb_vs:
for element in group:
# Skipped service if could not found add lb vs
skipped_status = 'Skipped: No add lb vserver found. ' \
'Skipped pool %s' % element['attrs'][0]
ns_bind_lb_vserver_complete_command = \
ns_util.get_netscalar_full_command(
ns_bind_lb_vserver_command, element)
ns_util.add_status_row(
element['line_no'], ns_bind_lb_vserver_command,
element['attrs'][0],
ns_bind_lb_vserver_complete_command,
STATUS_INCOMPLETE_CONFIGURATION)
LOG.warning(skipped_status)
continue
ns_algo = lb_vs.get('lbMethod', 'LEASTCONNECTION')
algo = ns_util.get_avi_lb_algorithm(ns_algo)
pg_members = []
for element in group:
if len(element['attrs']) < 2:
# Skipped this service if it doen not have any server
continue
full_cmd = ns_util.get_netscalar_full_command(
ns_bind_lb_vserver_command, element)
service = element['attrs'][1]
pool_name = re.sub('[:]', '-', service + '-pool')
# Added prefix for objects
if self.prefix:
pool_name = self.prefix + '-' + pool_name
pool = [pool for pool in avi_config['Pool']
if pool['name'] == pool_name]
if pool:
if pool_name in used_pool_ref:
pool_name = ns_util.clone_pool(
pool_name, group_key, avi_config,
userprefix=self.prefix)
pool[0]['lb_algorithm'] = algo
updated_pool_ref = ns_util.get_object_ref(
pool_name, OBJECT_TYPE_POOL, self.tenant_name,
self.cloud_name)
pg_members.append({'pool_ref': updated_pool_ref})
used_pool_ref.append(pool_name)
LOG.info('Conversion successful : %s' % full_cmd)
# Add summery of add server in CSV/report
conv_status = ns_util.get_conv_status(
element, self.nsservice_bind_lb_skipped, [], [],
ignore_for_val=self.nsservice_bind_lb_ignore_val,
user_ignore_val=self.nsservice_bind_lb_user_ignore)
ns_util.add_conv_status(
element['line_no'], ns_bind_lb_vserver_command,
element['attrs'][0], full_cmd, conv_status, pool[0])
else:
# Skipped add server if pool not found in AVI
skipped_status = 'Skipped :Pool is not created %s' \
% element['attrs'][0]
LOG.warning(skipped_status)
ns_util.add_status_row(
element['line_no'], ns_bind_lb_vserver_command,
element['attrs'][0], full_cmd, STATUS_SKIPPED,
skipped_status)
pg_name = group_key + '-poolgroup'
pg_name = re.sub('[:]', '-', pg_name)
# Added prefix for objects
if self.prefix:
pg_name = self.prefix + '-' + pg_name
if pg_members:
pool_group = {
'name': pg_name,
'members': pg_members,
'tenant_ref': self.tenant_ref,
'cloud_ref': self.cloud_ref
}
avi_config['PoolGroup'].append(pool_group)
except Exception as e:
LOG.error('Error in bind lb vserver conversion bound to: %s' %
group_key, exc_info=True)
# Support for set lb group and bind lb group
for set_lb_group_key in set_lb_groups:
set_lb_group = set_lb_groups.get(set_lb_group_key)
set_lb_group_mappings = bind_lb_groups.get(set_lb_group['attrs'][0],
[])
persistenceType = set_lb_group.get('persistenceType', '')
profile_name = '%s-persistance-profile' % set_lb_group['attrs'][0]
ns_set_lb_group_command = 'set lb group'
ns_set_lb_group_complate_command = \
ns_util.get_netscalar_full_command(ns_set_lb_group_command,
set_lb_group)
# Added prefix before object
if self.prefix:
profile_name = self.prefix + '-' + profile_name
if persistenceType in self.lbvs_supported_persist_types:
application_persistence_profile = \
ns_util.convert_persistance_prof(set_lb_group, profile_name,
self.tenant_ref)
app_persist_profile_name = \
application_persistence_profile['name']
if self.object_merge_check:
dup_of = ns_util.update_skip_duplicates(
application_persistence_profile, avi_config[
'ApplicationPersistenceProfile'],
'app_persist_profile', merge_object_mapping,
app_persist_profile_name, persistenceType, self.prefix)
if dup_of:
app_per_merge_count['count'] += 1
app_persist_profile_name = merge_object_mapping[
'app_persist_profile'].get(
app_persist_profile_name, None)
else:
avi_config['ApplicationPersistenceProfile'].append(
application_persistence_profile)
else:
avi_config['ApplicationPersistenceProfile'].append(
application_persistence_profile)
application_persistence_profile_ref = \
ns_util.get_object_ref(app_persist_profile_name,
OBJECT_TYPE_APPLICATION_PERSISTENCE_PROFILE,
self.tenant_name)
# Added status successful in CSV/report if application
# persistence profile create
ns_util.add_status_row(
set_lb_group['line_no'], ns_set_lb_group_command,
set_lb_group['attrs'][0], ns_set_lb_group_complate_command,
STATUS_SUCCESSFUL, application_persistence_profile)
else:
skipped_status = 'Skipped:Persistance type %s not ' \
'supported by Avi' % persistenceType
LOG.warning(skipped_status)
# Skipped set lb group if type perstistence profile not
# supported by AVI
ns_util.add_status_row(
set_lb_group['line_no'], ns_set_lb_group_command,
set_lb_group['attrs'][0], ns_set_lb_group_complate_command,
STATUS_SKIPPED, skipped_status)
continue
if isinstance(set_lb_group_mappings, dict):
set_lb_group_mappings = [set_lb_group_mappings]
for bind_lb_group in set_lb_group_mappings:
ns_bind_lb_group_command = 'bind lb group'
ns_bind_lb_group_complate_command = \
ns_util.get_netscalar_full_command(ns_bind_lb_group_command,
bind_lb_group)
pool_group_name = bind_lb_group['attrs'][1] + '-poolgroup'
# Added prefix for objects
if self.prefix:
pool_group_name = self.prefix + '-' + pool_group_name
pool_group = [pool_group for pool_group in
avi_config['PoolGroup'] if pool_group['name'] ==
pool_group_name]
# Skipped if pool group not found in AVI
if not pool_group:
skipped_status = "Skipped: Pool group not found" \
% bind_lb_group['attrs'][1]
LOG.warning(skipped_status)
ns_util.add_status_row(
bind_lb_group['line_no'], ns_bind_lb_group_command,
bind_lb_group['attrs'][0],
ns_bind_lb_group_complate_command,
STATUS_SKIPPED, skipped_status)
continue
for pool_member in pool_group[0]['members']:
pool_name = \
pool_member['pool_ref'].split('&')[1].split('=')[1]
pool = [pool for pool in avi_config['Pool']
if pool['name'] == pool_name]
if pool:
pool[0]['application_persistence_profile_ref'] = \
application_persistence_profile_ref
# add successful statusin CSV/report for bind lb group
# updated pool with application perstistence profile ref
ns_util.add_status_row(
bind_lb_group['line_no'], ns_bind_lb_group_command,
bind_lb_group['attrs'][0],
ns_bind_lb_group_complate_command,
STATUS_SUCCESSFUL, pool_group[0])
def get_key_cert(self, ssl_mappings, ssl_key_and_cert, input_dir,
avi_ssl_prof, ns_config, bind_ssl_cmd):
"""
This function defines that convert PKI, SSL, and sslkeyandcert profiles
:param ssl_mappings: List of bind ssl
:param ssl_key_and_cert: Object of ssl key and cert
:param input_dir: path of input dir which keeps key and cert
:param avi_ssl_prof: Object of ssl profile
:param ns_config: dict of netscalar commands
:param bind_ssl_cmd: list of binding ssl
:return: key and cert/ ssl profile/PKI profile
"""
obj = dict()
ciphers = []
for mapping in ssl_mappings:
key_passphrase = None
output = None
bind_ssl_full_cmd = ns_util.get_netscalar_full_command(bind_ssl_cmd,
mapping)
bind_ssl_success = False
skipped_status = None
if 'policyName' in mapping.keys():
skipped_status = 'Not supported: %s' % bind_ssl_full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(
mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
bind_ssl_full_cmd, STATUS_COMMAND_NOT_SUPPORTED)
continue
elif 'CA' in mapping.keys():
key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
if not key_cert or mapping['attrs'][0] in tmp_pki_profile_list:
continue
key_file_name = key_cert.get('key')
cert_file_name = key_cert.get('cert')
ca_str = None
crl_str = None
netscalar_cmd = 'add ssl certKey'
full_cmd = ns_util.get_netscalar_full_command(netscalar_cmd,
key_cert)
if not (key_file_name and cert_file_name):
skipped_status = 'Missing key or cert file: %s' \
% full_cmd
LOG.warning(skipped_status)
# Add skipped status in CSV/report for ssl cert key
ns_util.add_status_row(
key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd, STATUS_MISSING_FILE,
skipped_status)
skipped_status = 'Missing key or cert file: %s' % \
bind_ssl_full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(
mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
bind_ssl_full_cmd, STATUS_MISSING_FILE, skipped_status)
continue
if key_file_name:
ca_str = ns_util.upload_file(
input_dir + os.path.sep + key_file_name)
if cert_file_name:
crl_str = ns_util.upload_file(
input_dir + os.path.sep + cert_file_name)
if ca_str:
pki_profile = dict()
pki_profile["ca_certs"] = [{'certificate': ca_str}]
crl_check = mapping.get('crlCheck', 'Optional')
if crl_check == 'Mandatory':
pki_profile['crl_check'] = True
else:
pki_profile['crl_check'] = False
if crl_str:
pki_profile["crls"] = [{'body': crl_str}]
pki_name = mapping['attrs'][0]
# Added prefix for objects
if self.prefix:
pki_name = self.prefix + '-' + pki_name
pki_profile["name"] = pki_name
pki_profile["tenant_ref"] = self.tenant_ref
obj['pki'] = pki_profile
output = pki_profile
bind_ssl_success = True
LOG.info('Conversion successful: %s' % full_cmd)
conv_status = ns_util.get_conv_status(
key_cert, self.profile_add_key_cert_skip, [], [],
user_ignore_val=self.profile_add_key_cert_user_ignore)
# Add summery in CSV/report for PKI
ns_util.add_conv_status(
key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd, conv_status, obj['pki'])
tmp_pki_profile_list.append(pki_profile["name"])
else:
skipped_status = 'Missing key or cert file: %s' % full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(
key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd, STATUS_MISSING_FILE,
skipped_status)
skipped_status = 'Missing key or cert file: %s' % \
bind_ssl_full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(
mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
bind_ssl_full_cmd, STATUS_MISSING_FILE, skipped_status)
continue
elif 'certkeyName' in mapping.keys():
key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
if not key_cert:
continue
netscalar_cmd = 'add ssl certKey'
full_cmd = ns_util.get_netscalar_full_command(netscalar_cmd,
key_cert)
key_file_name = key_cert.get('key')
cert_file_name = key_cert.get('cert')
if '/' in key_file_name:
key_file_name = str(key_file_name).split('/')[-1].strip('"')
if key_file_name and cert_file_name:
cert = ns_util.upload_file(
input_dir + os.path.sep + cert_file_name)
key = ns_util.upload_file(
input_dir + os.path.sep + key_file_name)
is_key_protected = False
if key:
# Check kay is passphrase protected or not
is_key_protected = ns_util.is_certificate_key_protected(
input_dir + os.path.sep + key_file_name)
if cert and key:
cert_date = c.load_certificate(c.FILETYPE_PEM,
file(input_dir + os.path.sep
+ cert_file_name).read())
expiry_date = datetime.strptime(cert_date.get_notAfter(),
"%Y%m%d%H%M%SZ")
present_date = datetime.now()
if expiry_date < present_date:
LOG.warning("Certificate %s is expired creating self "
"signed cert." % cert_file_name)
cert, key = None, None
key_passphrase = None
# Get the key passphrase for key_file
if self.netscalar_passphrase_keys:
key_passphrase = self.netscalar_passphrase_keys.get(
key_file_name, None)
# if key is protected and does not find passphrase key
# then none the key
if is_key_protected and not key_passphrase:
key = None
if not cert or not key:
name = key_cert['attrs'][0] + '-dummy'
else:
name = key_cert['attrs'][0]
# Added prefix for objects
if self.prefix:
name = self.prefix + '-' + name
# Skipped this certificate if already exist
if name in tmp_ssl_key_and_cert_list:
ns_util.add_status_row(
key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd, STATUS_INDIRECT)
ns_util.add_status_row(
mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
bind_ssl_full_cmd, STATUS_INDIRECT)
continue
# Generate dummy cert and key
if not cert or not key:
key, cert = ns_util.create_self_signed_cert()
LOG.warning('Create self cerificate and key for : %s' % name)
ssl_kc_obj = None
if key and cert:
cert = {"certificate": cert}
ssl_kc_obj = {
'name': name,
'key': key,
'certificate': cert,
'type': 'SSL_CERTIFICATE_TYPE_VIRTUALSERVICE',
'tenant_ref': self.tenant_ref
}
# set the key passphrase for ssl key and certificate object
if key_passphrase:
ssl_kc_obj['key_passphrase'] = key_passphrase
tmp_ssl_key_and_cert_list.append(name)
obj['cert'] = ssl_kc_obj
output = ssl_kc_obj
# Add ssummery in CSV/report for ssl service
ns_util.add_status_row(
key_cert['line_no'], netscalar_cmd,
key_cert['attrs'][0], full_cmd, STATUS_INDIRECT)
bind_ssl_success = True
else:
skipped_status = 'Skipped: Key and certificate not ' \
'generated : %s' % full_cmd
elif 'cipherName' in mapping.keys():
ciphers_keys = self.get_ciphers(mapping['cipherName'],
ns_config)
ciphers += ciphers_keys
ciphers = list(set(ciphers))
obj['accepted_ciphers'] = ':'.join(ciphers)
bind_ssl_success = True
output = obj
if not obj['accepted_ciphers']:
skipped_status = 'Skipped:Does not get any ciphers : %s' \
% bind_ssl_full_cmd
elif 'eccCurveName' in mapping.keys():
LOG.warning('Indirect : %s' % bind_ssl_full_cmd)
# Add indirect status in CSV/report for bind ssl service
ns_util.add_status_row(
mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
bind_ssl_full_cmd, STATUS_INDIRECT)
continue
conv_status = ns_util.get_conv_status(
mapping, self.profile_bind_sslvs_skip, [], [],
user_ignore_val=self.profile_bind_sslvs_user_ignore)
if not bind_ssl_success:
LOG.warning(skipped_status)
# Add skipped status in CSV/report for bind ssl service
ns_util.add_status_row(
mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
bind_ssl_full_cmd, STATUS_SKIPPED, skipped_status)
continue
LOG.info('Conversion successful: %s' % bind_ssl_full_cmd)
# Add successful status in CSV/report for ssl service
ns_util.add_conv_status(
mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
bind_ssl_full_cmd, conv_status, output)
return obj
def get_ciphers(self, cipher, ns_config):
"""
This function is define to get the ssl ciphers
:param cipher: cipher name
:param ns_config: netscalar configuration
:return: list of ciphers
"""
cipher_config = ns_config.get('add ssl cipher', {})
cipher_mapping = ns_config.get('bind ssl cipher', {})
lb_cipher = cipher_config.get(cipher, None)
bind_ciphers = cipher_mapping.get(cipher, None)
add_ssl_cipher_command = 'add ssl cipher'
bind_ssl_cipher_command = 'bind ssl cipher'
# added default ssl ciphers
if not (lb_cipher and bind_ciphers):
return ['AES:3DES:RC4']
ciphers = []
full_add_ssl_cipher_command = \
ns_util.get_netscalar_full_command(add_ssl_cipher_command,
lb_cipher)
LOG.info('Conversion successful: %s' % full_add_ssl_cipher_command)
# Add Successful status in CSV/report for add ssl cipher
ns_util.add_status_row(lb_cipher['line_no'], add_ssl_cipher_command,
cipher, full_add_ssl_cipher_command,
STATUS_SUCCESSFUL, None)
if isinstance(bind_ciphers, dict):
bind_ciphers = [bind_ciphers]
for bind_cipher in bind_ciphers:
full_bind_ssl_cipher_command = ns_util. \
get_netscalar_full_command(bind_ssl_cipher_command, bind_cipher)
if bind_cipher.get('cipherName', None):
not_supported_open_ssl_cipher = \
self.non_supported_netscaler_to_open_ssl_cipher. \
get(bind_cipher['cipherName'], None)
if not_supported_open_ssl_cipher:
# Skipped ssl cipher which AVI does not support
skipped_status = \
'Skipped: ssl cipher does not supported by avi: %s' \
% full_bind_ssl_cipher_command
LOG.warning(skipped_status)
# Add skipped status in xlsx/report for add ssl cipher
ns_util.add_status_row(
bind_cipher['line_no'], bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command, STATUS_INDIRECT,
skipped_status)
continue
supported_open_ssl_cipher = \
self.supported_netscaler_to_open_ssl_cipher. \
get(bind_cipher['cipherName'], None)
if supported_open_ssl_cipher:
avi_cipher = {'accepted_ciphers': supported_open_ssl_cipher}
ciphers.append(supported_open_ssl_cipher)
LOG.info('Conversion successful: %s' %
full_bind_ssl_cipher_command)
# Add Successful status in CSV/report for add ssl cipher
ns_util.add_status_row(bind_cipher['line_no'],
bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command,
STATUS_SUCCESSFUL, avi_cipher)
else:
# Skipped ssl cipher if cipher is None
skipped_status = 'Skipped: Cipher not match in avi: %s' \
% full_bind_ssl_cipher_command
LOG.warning(skipped_status)
# Add skipped status in xlsx/report for add ssl cipher
ns_util.add_status_row(
bind_cipher['line_no'], bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command, STATUS_SKIPPED,
skipped_status)
else:
skipped_status = 'Skipped: Does not get any ciphers: %s' \
% full_bind_ssl_cipher_command
LOG.warning(skipped_status)
# Add skipped status in CSV/report for add ssl cipher
ns_util.add_status_row(
bind_cipher['line_no'], bind_ssl_cipher_command, cipher,
full_bind_ssl_cipher_command, STATUS_SKIPPED,
skipped_status)
if not ciphers:
return [cipher]
return ciphers
def convert(self, ns_config, avi_config, vs_state):
"""
This function defines that it convert netscalar cs vs config to vs
config of AVI
:param ns_config: It is dict of all netscalar commands which are
supported by AVI
:param avi_config: It is dict of AVI output config
:param vs_state: state of vs
:return: None
"""
policy_converter = PolicyConverter(
self.tenant_name, self.cloud_name, self.tenant_ref, self.cloud_ref,
self.csvs_bind_skipped, self.csvs_na_attrs, self.csvs_ignore_vals,
self.csvs_bind_user_ignore, self.prefix)
cs_vs_conf = ns_config.get('add cs vserver', {})
bindings = ns_config.get('bind cs vserver', {})
lbvs_avi_conf = avi_config['VirtualService']
lb_vs_mapped = []
cs_vs_list = []
avi_config['StringGroup'] = []
avi_config['VirtualService'] = ns_util.remove_duplicate_objects(
'VirtualService', avi_config['VirtualService'])
for cs_vs_index, key in enumerate(cs_vs_conf):
LOG.debug("Context Switch VS conversion started for: %s" % key)
lbvs_bindings = []
cs_vs = cs_vs_conf[key]
ns_add_cs_vserver_command = 'add cs vserver'
ns_add_cs_vserver_complete_command = \
ns_util.get_netscalar_full_command(ns_add_cs_vserver_command,
cs_vs)
# Skipped this CS VS if it has type which are not supported
if not cs_vs['attrs'][1] in self.csvs_supported_types:
skipped_status = 'Skipped:Unsupported type %s of Context ' \
'switch VS: %s' % (cs_vs['attrs'][1], key)
LOG.warning(skipped_status)
ns_util.add_status_row(cs_vs['line_no'],
ns_add_cs_vserver_command, key,
ns_add_cs_vserver_complete_command,
STATUS_SKIPPED, skipped_status)
continue
tt = cs_vs.get('targetType', None)
if tt and tt == 'GSLB':
skipped_status = 'Skipped:Unsupported target type %s of ' \
'Context switch VS: %s' % (cs_vs['attrs'][1],
key)
LOG.warning(skipped_status)
# Skipped this CS VS if targetType is GSLB
ns_util.add_status_row(cs_vs['line_no'],
ns_add_cs_vserver_command,
key, ns_add_cs_vserver_complete_command,
STATUS_SKIPPED, skipped_status)
vs_name = cs_vs['attrs'][0]
ip_addr = cs_vs['attrs'][2]
port = cs_vs['attrs'][3]
enable_ssl = False
if vs_state == 'enable':
enabled = (cs_vs.get('state', 'ENABLED') == 'ENABLED')
else:
enabled = False
if cs_vs['attrs'][1] == 'SSL':
enable_ssl = True
updated_vs_name = re.sub('[:]', '-', vs_name)
# Added prefix for objects
if self.prefix:
updated_vs_name = self.prefix + '-' + updated_vs_name
# Regex to check Vs has IPV6 address if yes the Skipped
if re.findall(ns_constants.IPV6_Address, ip_addr) \
or ip_addr == '0.0.0.0':
skipped_status = "Skipped:Invalid VIP %s" \
% ns_add_cs_vserver_command
LOG.warning(skipped_status)
ns_util.add_status_row(
cs_vs['line_no'], ns_add_cs_vserver_command,
key, ns_add_cs_vserver_complete_command, STATUS_SKIPPED,
skipped_status)
continue
# VIP object for virtual service
vip = {
'ip_address': {
'addr': ip_addr,
'type': 'V4'
},
'vip_id': 0
}
vs_obj = {
'name': updated_vs_name,
'tenant_ref': self.tenant_ref,
'cloud_ref': self.cloud_ref,
'type': 'VS_TYPE_NORMAL',
'enabled': enabled,
'services': []
}
if parse_version(self.controller_version) >= parse_version('17.1'):
vs_obj['vip'] = [vip]
else:
vs_obj['ip_address'] = vip['ip_address']
service = {'port': port, 'enable_ssl': enable_ssl}
if port in ("0", "*"):
service['port'] = "1"
service['port_range_end'] = "65535"
vs_obj['services'].append(service)
http_prof = cs_vs.get('httpProfileName', None)
if http_prof:
# Added prefix for objects
if self.prefix:
http_prof = self.prefix + '-' + http_prof
# Get the merge application profile name
if self.object_merge_check:
http_prof = merge_object_mapping['app_profile'].get(
http_prof, http_prof)
if ns_util.object_exist('ApplicationProfile', http_prof,
avi_config):
LOG.info('Conversion successful: Added application profile '
'%s for %s' % (http_prof, updated_vs_name))
http_prof_ref = \
ns_util.get_object_ref(http_prof,
OBJECT_TYPE_APPLICATION_PROFILE,
self.tenant_name)
vs_obj['application_profile_ref'] = http_prof_ref
clttimeout = cs_vs.get('cltTimeout', None)
if clttimeout:
ns_util.add_clttimeout_for_http_profile(http_prof,
avi_config,
clttimeout)
clt_cmd = ns_add_cs_vserver_command + ' cltTimeout %s' \
% clttimeout
LOG.info('Conversion successful : %s' % clt_cmd)
else:
LOG.warning("%s application profile doesn't exist for "
"%s vs" % (http_prof, updated_vs_name))
ntwk_prof = cs_vs.get('tcpProfileName', None)
if ntwk_prof:
# Added prefix for objects
if self.prefix:
ntwk_prof = self.prefix + '-' + ntwk_prof
# Get the merge network profile name
if self.object_merge_check:
ntwk_prof = merge_object_mapping['network_profile'].get(
ntwk_prof, ntwk_prof)
if ns_util.object_exist('NetworkProfile', ntwk_prof,
avi_config):
LOG.info('Conversion successful: Added network profile %s '
'for %s' % (ntwk_prof, updated_vs_name))
ntwk_prof_ref = \
ns_util.get_object_ref(ntwk_prof,
OBJECT_TYPE_NETWORK_PROFILE,
self.tenant_name)
vs_obj['network_profile_ref'] = ntwk_prof_ref
else:
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-TCP-Proxy', 'networkprofile', tenant='admin')
LOG.error('Error: Not found Network profile %s for %s' %
(ntwk_prof, updated_vs_name))
if not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-DNS', 'applicationprofile', tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-UDP-Per-Pkt', 'networkprofile', tenant='admin')
elif not http_prof and (cs_vs['attrs'][1]).upper() == 'UDP':
vs_obj[
'application_profile_ref'] = ns_util.get_object_ref(
'System-L4-Application', 'applicationprofile',
tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-UDP-Fast-Path', 'networkprofile', tenant='admin')
elif not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS_TCP':
vs_obj[
'application_profile_ref'] = ns_util.get_object_ref(
'System-L4-Application', 'applicationprofile',
tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-TCP-Proxy', 'networkprofile', tenant='admin')
elif not http_prof and (cs_vs['attrs'][1]).upper() == 'SSL':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-Secure-HTTP', 'applicationprofile',
tenant='admin')
bind_conf_list = bindings.get(vs_name, None)
if not bind_conf_list:
continue
if isinstance(bind_conf_list, dict):
bind_conf_list = [bind_conf_list]
default_pool_group = None
lb_vserver_bind_conf = None
if enable_ssl:
ssl_mappings = ns_config.get('bind ssl vserver', {})
ssl_bindings = ssl_mappings.get(key, [])
if isinstance(ssl_bindings, dict):
ssl_bindings = [ssl_bindings]
for mapping in ssl_bindings:
if 'CA' in mapping:
pki_ref = mapping['attrs'][0]
# Added prefix for objects
if self.prefix:
pki_ref = self.prefix + '-' + pki_ref
if self.object_merge_check:
pki_ref = merge_object_mapping[
'pki_profile'].get(pki_ref)
if [pki_profile for pki_profile in
avi_config["PKIProfile"] if
pki_profile['name'] == pki_ref]:
pki_ref = \
ns_util.get_object_ref(pki_ref,
OBJECT_TYPE_PKI_PROFILE,
self.tenant_name)
app_profile_with_pki_profile = \
ns_util.update_application_profile(
http_prof, pki_ref, self.tenant_ref,
updated_vs_name, avi_config)
app_profile_name = \
app_profile_with_pki_profile['name']
# Get the merge application profile name
if self.object_merge_check:
dup_of = ns_util.update_skip_duplicates(
app_profile_with_pki_profile, avi_config[
'ApplicationProfile'], 'app_profile',
merge_object_mapping, app_profile_name,
'HTTP', self.prefix)
if dup_of:
app_merge_count['count'] += 1
app_profile_name = \
merge_object_mapping['app_profile'].get(
app_profile_name)
else:
avi_config["ApplicationProfile"].append(
app_profile_with_pki_profile)
else:
avi_config["ApplicationProfile"].append(
app_profile_with_pki_profile)
app_profile_with_pki_profile_ref = \
ns_util.get_object_ref(app_profile_name,
OBJECT_TYPE_APPLICATION_PROFILE,
self.tenant_name)
vs_obj['application_profile_ref'] = \
app_profile_with_pki_profile_ref
LOG.info(
'Added: %s PKI profile %s' % (pki_ref, key))
elif 'certkeyName' in mapping:
avi_ssl_ref = 'ssl_key_and_certificate_refs'
ckname = mapping['certkeyName']
# Added prefix for objects
if self.prefix:
ckname = self.prefix + '-' + ckname
if [obj for obj in avi_config['SSLKeyAndCertificate']
if obj['name'] == ckname]:
updated_ssl_ref = \
ns_util.get_object_ref(ckname,
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
elif [obj for obj in avi_config['SSLKeyAndCertificate']
if obj['name'] == ckname + '-dummy']:
updated_ssl_ref = \
ns_util.get_object_ref(ckname + '-dummy',
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
else:
LOG.warning(
'Could not find ssl key cert, so adding '
'default cert as system default insted')
vs_obj[avi_ssl_ref] = [ns_util.get_object_ref(
'System-Default-Cert', 'sslkeyandcertificate',
'admin')]
continue
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
ssl_vs_mapping = ns_config.get('set ssl vserver', {})
mapping = ssl_vs_mapping.get(key, None)
ssl_profile_name = re.sub('[:]', '-', key)
# Added prefix for objects
if self.prefix:
ssl_profile_name = self.prefix + '-' + ssl_profile_name
# Get the merge ssl profile name
if self.object_merge_check:
ssl_profile_name = merge_object_mapping['ssl_profile'].get(
ssl_profile_name, None)
if mapping and [ssl_profile for ssl_profile in
avi_config["SSLProfile"] if
ssl_profile['name'] == ssl_profile_name]:
updated_ssl_profile_ref = ns_util.get_object_ref(
ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
self.tenant_name)
# Changed ssl profile name to ssl profile ref.
vs_obj['ssl_profile_ref'] = updated_ssl_profile_ref
LOG.debug('Added: %s SSL profile %s' % (key, key))
for bind_conf in bind_conf_list:
if 'lbvserver' in bind_conf:
lbvs_bindings.append(bind_conf['lbvserver'])
default_pool_group = bind_conf['lbvserver']
lb_vserver_bind_conf = bind_conf
LOG.debug("CS VS %s context switch between lb vs: %s" %
(key, lbvs_bindings))
case_sensitive = False \
if cs_vs.get('caseSensitive', '') == 'OFF' else True
# Convert netscalar policy to AVI http policy set
policy = policy_converter.convert(
bind_conf_list, ns_config, avi_config, tmp_used_pool_group_ref,
redirect_pools, 'bind cs vserver', case_sensitive)
for binding in lbvs_bindings:
if self.prefix:
binding = '%s-%s' % (self.prefix, binding)
lb_vs_obj = [obj for obj in lbvs_avi_conf
if obj['name'] == binding]
if lb_vs_obj:
lb_vs_obj = lb_vs_obj[0]
lb_vs_mapped.append(lb_vs_obj)
lb_vs_obj = copy.deepcopy(lb_vs_obj)
lb_vs_obj.update(vs_obj)
vs_obj = lb_vs_obj
else:
policy_vs = [obj for obj in avi_config['Lbvs']
if binding in obj and obj[binding].get(
'redirect_url', None)]
if policy_vs:
redirect_rule = {
'index': 999,
'redirect_action': {
'keep_query': True,
'status_code': "HTTP_REDIRECT_STATUS_CODE_302",
'host': {
'tokens': [{
'str_value': policy_vs[0][
binding]['redirect_url'],
'type': "URI_TOKEN_TYPE_HOST",
'start_index': 0,
'end_index': 65535
}],
'type': "URI_PARAM_TYPE_TOKENIZED"
},
'protocol': "HTTPS",
'port': 443
},
'enable': True,
"name": '%s-default-redirect' % updated_vs_name
}
if policy and policy.get('http_request_policy', None):
policy['http_request_policy']['rules'].append(
redirect_rule)
elif policy:
policy['http_request_policy']['rules'] = [
redirect_rule]
else:
policy ={
'name': "vs-%s-HTTP-Policy-Set"
% updated_vs_name,
'tenant_ref': self.tenant_ref,
'http_request_policy': {
'rules': [redirect_rule]
},
'is_internal_policy': False
}
ns_util.update_status_target_lb_vs_to_indirect(binding)
else:
continue
vs_obj.pop('pool_group_ref', None)
# TODO move duplicate code for adding policy to vs in ns_util
# Add the http policy set reference to VS in AVI
if policy:
# Added fix for same policy refferred in multiple vs
policy['name'] = policy['name'] + updated_vs_name
if policy['name'] in tmp_policy_ref:
# clone the http policy set if it is referenced to other VS
policy = ns_util.clone_http_policy_set(
policy, updated_vs_name, avi_config, self.tenant_name,
self.cloud_name, userprefix=self.prefix)
updated_http_policy_ref = \
ns_util.get_object_ref(policy['name'],
OBJECT_TYPE_HTTP_POLICY_SET,
self.tenant_name)
tmp_policy_ref.append(policy['name'])
http_policies = {
'index': 11,
'http_policy_set_ref': updated_http_policy_ref
}
vs_obj['http_policies'] = []
vs_obj['http_policies'].append(http_policies)
avi_config['HTTPPolicySet'].append(policy)
# Add reference of pool group to VS
if default_pool_group:
pool_group_ref = '%s-poolgroup' % default_pool_group
updated_pool_group_ref = re.sub('[:]', '-', pool_group_ref)
# Added prefix for objects
if self.prefix:
updated_pool_group_ref = self.prefix + '-' + \
updated_pool_group_ref
pools = [pool_group['name'] for pool_group in
avi_config['PoolGroup']
if pool_group['name'] == updated_pool_group_ref]
if pools:
ns_util.update_status_target_lb_vs_to_indirect(
default_pool_group)
# clone the pool group if it is referenced to other VS ot
# http policy set
if updated_pool_group_ref in tmp_used_pool_group_ref:
updated_pool_group_ref = ns_util.clone_pool_group(
updated_pool_group_ref, vs_name, avi_config,
self.tenant_name, self.cloud_name,
userprefix=self.prefix)
avi_pool_group_ref = ns_util.get_object_ref(
updated_pool_group_ref, OBJECT_TYPE_POOL_GROUP,
self.tenant_name, self.cloud_name)
vs_obj['pool_group_ref'] = avi_pool_group_ref
tmp_used_pool_group_ref.append(updated_pool_group_ref)
if lb_vserver_bind_conf:
bind_cs_vserver_command = 'bind cs vserver'
bind_cs_vserver_complete_command = ns_util. \
get_netscalar_full_command(bind_cs_vserver_command,
lb_vserver_bind_conf)
LOG.debug('Conversion successful : %s' %
bind_cs_vserver_complete_command)
conv_status = ns_util.get_conv_status(
bind_conf, self.csvs_bind_skipped, [], [],
user_ignore_val=self.csvs_bind_user_ignore)
ns_util.add_conv_status(
lb_vserver_bind_conf['line_no'], bind_cs_vserver_command,
lb_vserver_bind_conf['attrs'][0],
bind_cs_vserver_complete_command, conv_status, vs_obj)
# Verify that this cs vs has share the same VIP of another vs
# If yes then skipped this cs vs
is_shared = ns_util.is_shared_same_vip(
vs_obj, cs_vs_list, avi_config, self.tenant_name,
self.cloud_name, self.tenant_ref, self.cloud_ref,
self.controller_version, self.prefix)
if is_shared:
skipped_status = 'Skipped: %s Same vip shared by another ' \
'virtual service' % vs_name
LOG.warning(skipped_status)
ns_util.add_status_row(
cs_vs['line_no'], ns_add_cs_vserver_command, key,
ns_add_cs_vserver_complete_command, STATUS_SKIPPED,
skipped_status)
continue
cs_vs_list.append(vs_obj)
# Add summery of this cs vs in CSV/report
conv_status = ns_util.get_conv_status(
cs_vs, self.csvs_skip_attrs, self.csvs_na_attrs, [],
ignore_for_val=self.csvs_ignore_vals,
user_ignore_val=self.csvs_user_ignore)
ns_util.add_conv_status(
cs_vs['line_no'], ns_add_cs_vserver_command,
key, ns_add_cs_vserver_complete_command, conv_status, vs_obj)
LOG.debug("Context Switch VS conversion completed for: %s" % key)
vs_list = [obj for obj in lbvs_avi_conf if obj not in lb_vs_mapped]
vs_list += cs_vs_list
avi_config['VirtualService'] = vs_list
ns_util.get_vs_if_shared_vip(avi_config, self.controller_version)
# Update the index value of all policy rules as per their priority
ns_util.set_rules_index_for_http_policy_set(avi_config)
ns_util.clean_virtual_service_from_avi_config(
avi_config, self.controller_version)
def convert(self, ns_config, avi_config, vs_state):
"""
This function defines that it convert netscalar cs vs config to vs
config of AVI
:param ns_config: It is dict of all netscalar commands which are
supported by AVI
:param avi_config: It is dict of AVI output config
:param vs_state: state of vs
:return: None
"""
policy_converter = PolicyConverter(
self.tenant_name, self.cloud_name, self.tenant_ref, self.cloud_ref,
self.csvs_bind_skipped, self.csvs_na_attrs, self.csvs_ignore_vals,
self.csvs_bind_user_ignore, self.prefix)
cs_vs_conf = ns_config.get('add cs vserver', {})
bindings = ns_config.get('bind cs vserver', {})
lbvs_avi_conf = avi_config['VirtualService']
lb_vs_mapped = []
cs_vs_list = []
avi_config['StringGroup'] = []
avi_config['VirtualService'] = ns_util.remove_duplicate_objects(
'VirtualService', avi_config['VirtualService'])
for cs_vs_index, key in enumerate(cs_vs_conf):
LOG.debug("Context Switch VS conversion started for: %s" % key)
lbvs_bindings = []
cs_vs = cs_vs_conf[key]
ns_add_cs_vserver_command = 'add cs vserver'
ns_add_cs_vserver_complete_command = \
ns_util.get_netscalar_full_command(ns_add_cs_vserver_command,
cs_vs)
# Skipped this CS VS if it has type which are not supported
if not cs_vs['attrs'][1] in self.csvs_supported_types:
skipped_status = 'Skipped:Unsupported type %s of Context ' \
'switch VS: %s' % (cs_vs['attrs'][1], key)
LOG.warning(skipped_status)
ns_util.add_status_row(cs_vs['line_no'],
ns_add_cs_vserver_command, key,
ns_add_cs_vserver_complete_command,
STATUS_SKIPPED, skipped_status)
continue
tt = cs_vs.get('targetType', None)
if tt and tt == 'GSLB':
skipped_status = 'Skipped:Unsupported target type %s of ' \
'Context switch VS: %s' % (cs_vs['attrs'][1],
key)
LOG.warning(skipped_status)
# Skipped this CS VS if targetType is GSLB
ns_util.add_status_row(cs_vs['line_no'],
ns_add_cs_vserver_command, key,
ns_add_cs_vserver_complete_command,
STATUS_SKIPPED, skipped_status)
vs_name = cs_vs['attrs'][0]
ip_addr = cs_vs['attrs'][2]
port = cs_vs['attrs'][3]
enable_ssl = False
if vs_state == 'enable':
enabled = (cs_vs.get('state', 'ENABLED') == 'ENABLED')
else:
enabled = False
if cs_vs['attrs'][1] == 'SSL':
enable_ssl = True
updated_vs_name = re.sub('[:]', '-', vs_name)
# Added prefix for objects
if self.prefix:
updated_vs_name = self.prefix + '-' + updated_vs_name
# Regex to check Vs has IPV6 address if yes the Skipped
if re.findall(ns_constants.IPV6_Address, ip_addr) \
or ip_addr == '0.0.0.0':
skipped_status = "Skipped:Invalid VIP %s" \
% ns_add_cs_vserver_command
LOG.warning(skipped_status)
ns_util.add_status_row(cs_vs['line_no'],
ns_add_cs_vserver_command, key,
ns_add_cs_vserver_complete_command,
STATUS_SKIPPED, skipped_status)
continue
# VIP object for virtual service
vip = {'ip_address': {'addr': ip_addr, 'type': 'V4'}, 'vip_id': 0}
vs_obj = {
'name': updated_vs_name,
'tenant_ref': self.tenant_ref,
'cloud_ref': self.cloud_ref,
'type': 'VS_TYPE_NORMAL',
'enabled': enabled,
'services': []
}
if parse_version(self.controller_version) >= parse_version('17.1'):
vs_obj['vip'] = [vip]
else:
vs_obj['ip_address'] = vip['ip_address']
service = {'port': port, 'enable_ssl': enable_ssl}
if port in ("0", "*"):
service['port'] = "1"
service['port_range_end'] = "65535"
vs_obj['services'].append(service)
http_prof = cs_vs.get('httpProfileName', None)
if http_prof:
# Added prefix for objects
if self.prefix:
http_prof = self.prefix + '-' + http_prof
# Get the merge application profile name
if self.object_merge_check:
http_prof = merge_object_mapping['app_profile'].get(
http_prof, http_prof)
if ns_util.object_exist('ApplicationProfile', http_prof,
avi_config):
LOG.info(
'Conversion successful: Added application profile '
'%s for %s' % (http_prof, updated_vs_name))
http_prof_ref = \
ns_util.get_object_ref(http_prof,
OBJECT_TYPE_APPLICATION_PROFILE,
self.tenant_name)
vs_obj['application_profile_ref'] = http_prof_ref
clttimeout = cs_vs.get('cltTimeout', None)
if clttimeout:
ns_util.add_clttimeout_for_http_profile(
http_prof, avi_config, clttimeout)
clt_cmd = ns_add_cs_vserver_command + ' cltTimeout %s' \
% clttimeout
LOG.info('Conversion successful : %s' % clt_cmd)
else:
LOG.warning("%s application profile doesn't exist for "
"%s vs" % (http_prof, updated_vs_name))
ntwk_prof = cs_vs.get('tcpProfileName', None)
if ntwk_prof:
# Added prefix for objects
if self.prefix:
ntwk_prof = self.prefix + '-' + ntwk_prof
# Get the merge network profile name
if self.object_merge_check:
ntwk_prof = merge_object_mapping['network_profile'].get(
ntwk_prof, ntwk_prof)
if ns_util.object_exist('NetworkProfile', ntwk_prof,
avi_config):
LOG.info('Conversion successful: Added network profile %s '
'for %s' % (ntwk_prof, updated_vs_name))
ntwk_prof_ref = \
ns_util.get_object_ref(ntwk_prof,
OBJECT_TYPE_NETWORK_PROFILE,
self.tenant_name)
vs_obj['network_profile_ref'] = ntwk_prof_ref
else:
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-TCP-Proxy', 'networkprofile', tenant='admin')
LOG.error('Error: Not found Network profile %s for %s' %
(ntwk_prof, updated_vs_name))
if not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-DNS', 'applicationprofile', tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-UDP-Per-Pkt', 'networkprofile', tenant='admin')
elif not http_prof and (cs_vs['attrs'][1]).upper() == 'UDP':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-L4-Application',
'applicationprofile',
tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-UDP-Fast-Path', 'networkprofile', tenant='admin')
elif not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS_TCP':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-L4-Application',
'applicationprofile',
tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-TCP-Proxy', 'networkprofile', tenant='admin')
elif not http_prof and (cs_vs['attrs'][1]).upper() == 'SSL':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-Secure-HTTP', 'applicationprofile', tenant='admin')
bind_conf_list = bindings.get(vs_name, None)
if not bind_conf_list:
continue
if isinstance(bind_conf_list, dict):
bind_conf_list = [bind_conf_list]
default_pool_group = None
lb_vserver_bind_conf = None
if enable_ssl:
ssl_mappings = ns_config.get('bind ssl vserver', {})
ssl_bindings = ssl_mappings.get(key, [])
if isinstance(ssl_bindings, dict):
ssl_bindings = [ssl_bindings]
for mapping in ssl_bindings:
if 'CA' in mapping:
pki_ref = mapping['attrs'][0]
# Added prefix for objects
if self.prefix:
pki_ref = self.prefix + '-' + pki_ref
if self.object_merge_check:
pki_ref = merge_object_mapping['pki_profile'].get(
pki_ref)
if [
pki_profile
for pki_profile in avi_config["PKIProfile"]
if pki_profile['name'] == pki_ref
]:
pki_ref = \
ns_util.get_object_ref(pki_ref,
OBJECT_TYPE_PKI_PROFILE,
self.tenant_name)
app_profile_with_pki_profile = \
ns_util.update_application_profile(
http_prof, pki_ref, self.tenant_ref,
updated_vs_name, avi_config)
app_profile_name = \
app_profile_with_pki_profile['name']
# Get the merge application profile name
if self.object_merge_check:
dup_of = ns_util.update_skip_duplicates(
app_profile_with_pki_profile,
avi_config['ApplicationProfile'],
'app_profile', merge_object_mapping,
app_profile_name, 'HTTP', self.prefix)
if dup_of:
app_merge_count['count'] += 1
app_profile_name = \
merge_object_mapping['app_profile'].get(
app_profile_name)
else:
avi_config["ApplicationProfile"].append(
app_profile_with_pki_profile)
else:
avi_config["ApplicationProfile"].append(
app_profile_with_pki_profile)
app_profile_with_pki_profile_ref = \
ns_util.get_object_ref(app_profile_name,
OBJECT_TYPE_APPLICATION_PROFILE,
self.tenant_name)
vs_obj['application_profile_ref'] = \
app_profile_with_pki_profile_ref
LOG.info('Added: %s PKI profile %s' %
(pki_ref, key))
elif 'certkeyName' in mapping:
avi_ssl_ref = 'ssl_key_and_certificate_refs'
ckname = mapping['certkeyName']
# Added prefix for objects
if self.prefix:
ckname = self.prefix + '-' + ckname
if [
obj
for obj in avi_config['SSLKeyAndCertificate']
if obj['name'] == ckname
]:
updated_ssl_ref = \
ns_util.get_object_ref(ckname,
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
elif [
obj
for obj in avi_config['SSLKeyAndCertificate']
if obj['name'] == ckname + '-dummy'
]:
updated_ssl_ref = \
ns_util.get_object_ref(ckname + '-dummy',
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
else:
LOG.warning(
'Could not find ssl key cert, so adding '
'default cert as system default insted')
vs_obj[avi_ssl_ref] = [
ns_util.get_object_ref('System-Default-Cert',
'sslkeyandcertificate',
'admin')
]
continue
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
ssl_vs_mapping = ns_config.get('set ssl vserver', {})
mapping = ssl_vs_mapping.get(key, None)
ssl_profile_name = re.sub('[:]', '-', key)
# Added prefix for objects
if self.prefix:
ssl_profile_name = self.prefix + '-' + ssl_profile_name
# Get the merge ssl profile name
if self.object_merge_check:
ssl_profile_name = merge_object_mapping['ssl_profile'].get(
ssl_profile_name, None)
if mapping and [
ssl_profile for ssl_profile in avi_config["SSLProfile"]
if ssl_profile['name'] == ssl_profile_name
]:
updated_ssl_profile_ref = ns_util.get_object_ref(
ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
self.tenant_name)
# Changed ssl profile name to ssl profile ref.
vs_obj['ssl_profile_ref'] = updated_ssl_profile_ref
LOG.debug('Added: %s SSL profile %s' % (key, key))
for bind_conf in bind_conf_list:
if 'lbvserver' in bind_conf:
lbvs_bindings.append(bind_conf['lbvserver'])
default_pool_group = bind_conf['lbvserver']
lb_vserver_bind_conf = bind_conf
LOG.debug("CS VS %s context switch between lb vs: %s" %
(key, lbvs_bindings))
case_sensitive = False \
if cs_vs.get('caseSensitive', '') == 'OFF' else True
# Convert netscalar policy to AVI http policy set
policy = policy_converter.convert(
bind_conf_list, ns_config, avi_config, tmp_used_pool_group_ref,
redirect_pools, 'bind cs vserver', case_sensitive)
for binding in lbvs_bindings:
if self.prefix:
binding = '%s-%s' % (self.prefix, binding)
lb_vs_obj = [
obj for obj in lbvs_avi_conf if obj['name'] == binding
]
if lb_vs_obj:
lb_vs_obj = lb_vs_obj[0]
lb_vs_mapped.append(lb_vs_obj)
lb_vs_obj = copy.deepcopy(lb_vs_obj)
lb_vs_obj.update(vs_obj)
vs_obj = lb_vs_obj
else:
policy_vs = [
obj for obj in avi_config['Lbvs'] if binding in obj
and obj[binding].get('redirect_url', None)
]
if policy_vs:
redirect_rule = {
'index': 999,
'redirect_action': {
'keep_query': True,
'status_code': "HTTP_REDIRECT_STATUS_CODE_302",
'host': {
'tokens': [{
'str_value':
policy_vs[0][binding]['redirect_url'],
'type':
"URI_TOKEN_TYPE_HOST",
'start_index':
0,
'end_index':
65535
}],
'type':
"URI_PARAM_TYPE_TOKENIZED"
},
'protocol': "HTTPS",
'port': 443
},
'enable': True,
"name": '%s-default-redirect' % updated_vs_name
}
if policy and policy.get('http_request_policy', None):
policy['http_request_policy']['rules'].append(
redirect_rule)
elif policy:
policy['http_request_policy']['rules'] = [
redirect_rule
]
else:
policy = {
'name':
"vs-%s-HTTP-Policy-Set" % updated_vs_name,
'tenant_ref': self.tenant_ref,
'http_request_policy': {
'rules': [redirect_rule]
},
'is_internal_policy': False
}
ns_util.update_status_target_lb_vs_to_indirect(binding)
else:
continue
vs_obj.pop('pool_group_ref', None)
# TODO move duplicate code for adding policy to vs in ns_util
# Add the http policy set reference to VS in AVI
if policy:
# Added fix for same policy refferred in multiple vs
policy['name'] = policy['name'] + updated_vs_name
if policy['name'] in tmp_policy_ref:
# clone the http policy set if it is referenced to other VS
policy = ns_util.clone_http_policy_set(
policy,
updated_vs_name,
avi_config,
self.tenant_name,
self.cloud_name,
userprefix=self.prefix)
updated_http_policy_ref = \
ns_util.get_object_ref(policy['name'],
OBJECT_TYPE_HTTP_POLICY_SET,
self.tenant_name)
tmp_policy_ref.append(policy['name'])
http_policies = {
'index': 11,
'http_policy_set_ref': updated_http_policy_ref
}
vs_obj['http_policies'] = []
vs_obj['http_policies'].append(http_policies)
avi_config['HTTPPolicySet'].append(policy)
# Add reference of pool group to VS
if default_pool_group:
pool_group_ref = '%s-poolgroup' % default_pool_group
updated_pool_group_ref = re.sub('[:]', '-', pool_group_ref)
# Added prefix for objects
if self.prefix:
updated_pool_group_ref = self.prefix + '-' + \
updated_pool_group_ref
pools = [
pool_group['name']
for pool_group in avi_config['PoolGroup']
if pool_group['name'] == updated_pool_group_ref
]
if pools:
ns_util.update_status_target_lb_vs_to_indirect(
default_pool_group)
# clone the pool group if it is referenced to other VS ot
# http policy set
if updated_pool_group_ref in tmp_used_pool_group_ref:
updated_pool_group_ref = ns_util.clone_pool_group(
updated_pool_group_ref,
vs_name,
avi_config,
self.tenant_name,
self.cloud_name,
userprefix=self.prefix)
avi_pool_group_ref = ns_util.get_object_ref(
updated_pool_group_ref, OBJECT_TYPE_POOL_GROUP,
self.tenant_name, self.cloud_name)
vs_obj['pool_group_ref'] = avi_pool_group_ref
tmp_used_pool_group_ref.append(updated_pool_group_ref)
if lb_vserver_bind_conf:
bind_cs_vserver_command = 'bind cs vserver'
bind_cs_vserver_complete_command = ns_util. \
get_netscalar_full_command(bind_cs_vserver_command,
lb_vserver_bind_conf)
LOG.debug('Conversion successful : %s' %
bind_cs_vserver_complete_command)
conv_status = ns_util.get_conv_status(
bind_conf,
self.csvs_bind_skipped, [], [],
user_ignore_val=self.csvs_bind_user_ignore)
ns_util.add_conv_status(lb_vserver_bind_conf['line_no'],
bind_cs_vserver_command,
lb_vserver_bind_conf['attrs'][0],
bind_cs_vserver_complete_command,
conv_status, vs_obj)
# Verify that this cs vs has share the same VIP of another vs
# If yes then skipped this cs vs
is_shared = ns_util.is_shared_same_vip(
vs_obj, cs_vs_list, avi_config, self.tenant_name,
self.cloud_name, self.tenant_ref, self.cloud_ref,
self.controller_version, self.prefix)
if is_shared:
skipped_status = 'Skipped: %s Same vip shared by another ' \
'virtual service' % vs_name
LOG.warning(skipped_status)
ns_util.add_status_row(cs_vs['line_no'],
ns_add_cs_vserver_command, key,
ns_add_cs_vserver_complete_command,
STATUS_SKIPPED, skipped_status)
continue
cs_vs_list.append(vs_obj)
# Add summery of this cs vs in CSV/report
conv_status = ns_util.get_conv_status(
cs_vs,
self.csvs_skip_attrs,
self.csvs_na_attrs, [],
ignore_for_val=self.csvs_ignore_vals,
user_ignore_val=self.csvs_user_ignore)
ns_util.add_conv_status(cs_vs['line_no'],
ns_add_cs_vserver_command, key,
ns_add_cs_vserver_complete_command,
conv_status, vs_obj)
LOG.debug("Context Switch VS conversion completed for: %s" % key)
vs_list = [obj for obj in lbvs_avi_conf if obj not in lb_vs_mapped]
vs_list += cs_vs_list
avi_config['VirtualService'] = vs_list
ns_util.get_vs_if_shared_vip(avi_config, self.controller_version)
# Update the index value of all policy rules as per their priority
ns_util.set_rules_index_for_http_policy_set(avi_config)
ns_util.clean_virtual_service_from_avi_config(avi_config,
self.controller_version)
def convert(self, ns_config, avi_config, input_dir):
"""
This functions defines that convert health monitor
:param ns_config: Dict of netscalar commands
:param avi_config: Dict of AVI
:param input_dir: Input dir for command_code
:return: None
"""
netscalar_command = 'add lb monitor'
LOG.debug("Conversion started for Health Monitors")
ns_monitors = ns_config.get('add lb monitor', {})
for name in ns_monitors.keys():
ns_monitor = ns_monitors.get(name)
ns_monitor_complete_command = \
ns_util.get_netscalar_full_command(netscalar_command,
ns_monitor)
ns_monitor_type = ns_monitor['attrs'][1]
if ns_monitor_type not in self.ns_monitor_types_supported:
# Skipped health monitor if type is not supported
avi_monitor = self.convert_monitor(
ns_monitor, input_dir, netscalar_command,
ns_monitor_complete_command)
if not avi_monitor:
continue
avi_monitor['name'] = '%s-%s' % (avi_monitor['name'], 'dummy')
avi_monitor["type"] = "HEALTH_MONITOR_EXTERNAL"
ext_monitor = {
"command_code": "",
}
avi_monitor["external_monitor"] = ext_monitor
avi_config['HealthMonitor'].append(avi_monitor)
ns_util.add_status_row(
ns_monitor['line_no'], netscalar_command,
name, ns_monitor_complete_command, STATUS_EXTERNAL_MONITOR)
LOG.warning('Monitor type %s not supported created dummy '
'external monitor:%s' %
(ns_monitor_type, name))
continue
avi_monitor = self.convert_monitor(
ns_monitor, input_dir, netscalar_command,
ns_monitor_complete_command)
if not avi_monitor:
continue
# Add summery of this lb vs in CSV/report
conv_status = ns_util.get_conv_status(
ns_monitor, self.monitor_skip_attrs, self.monitor_na_attrs,
self.monitor_indirect_list,
ignore_for_val=self.monitor_ignore_vals,
user_ignore_val=self.user_ignore)
ns_util.add_conv_status(
ns_monitor['line_no'], netscalar_command, name,
ns_monitor_complete_command, conv_status, avi_monitor)
if self.object_merge_check:
# Check health monitor is duplicate of other
# health monitor then skipped this health
# monitor and increment of count of
# monitor_merge_count
dup_of = ns_util.update_skip_duplicates(
avi_monitor, avi_config['HealthMonitor'], 'health_monitor',
merge_object_mapping, avi_monitor['name'], ns_monitor_type,
self.prefix)
if dup_of:
self.monitor_merge_count += 1
else:
avi_config['HealthMonitor'].append(avi_monitor)
else:
avi_config['HealthMonitor'].append(avi_monitor)
LOG.debug("Health monitor conversion completed : %s" % name)
def convert(self, ns_config, avi_config, vs_state):
"""
This function defines that it convert netscalar lb vs config to vs
config of AVI
:param ns_config: It is dict of all netscalar commands which are
supported by AVI
:param avi_config: It is dict of AVI output config
:param vs_state: state of vs
:return: None
"""
lb_vs_conf = ns_config.get('add lb vserver', {})
bind_lb_vs_config = ns_config.get('bind lb vserver', {})
avi_config['VirtualService'] = []
avi_config['Lbvs'] = []
tmp_avi_config['VirtualService'] = []
avi_config['HTTPPolicySet'] = []
if parse_version(self.controller_version) >= parse_version('17.1'):
avi_config['VsVip'] = []
supported_types = ['HTTP', 'TCP', 'UDP', 'SSL', 'SSL_BRIDGE',
'SSL_TCP', 'DNS', 'DNS_TCP']
policy_converter = PolicyConverter(
self.tenant_name, self.cloud_name, self.tenant_ref, self.cloud_ref,
self.lbvs_skip_attrs, self.lbvs_na_attrs, self.lbvs_ignore_vals,
self.lbvs_user_ignore, self.prefix)
tmp_policy_ref = []
for key in lb_vs_conf.keys():
try:
LOG.debug('LB VS conversion started for: %s' % key)
lb_vs = lb_vs_conf[key]
type = lb_vs['attrs'][1]
cmd = 'add lb vserver'
full_cmd = ns_util.get_netscalar_full_command(cmd, lb_vs)
# Skipped this lb vs if it has type which are not supported
if type not in supported_types:
skipped_status = 'Skipped:Unsupported type %s of LB VS: ' \
'%s' % (type, key)
LOG.warning(skipped_status)
ns_util.add_status_row(
lb_vs['line_no'], cmd, key, full_cmd, STATUS_SKIPPED,
skipped_status)
continue
enable_ssl = False
if type in ['SSL', 'SSL_BRIDGE', 'SSL_TCP']:
enable_ssl = True
vs_name = key
ip_addr = lb_vs['attrs'][2]
port = lb_vs['attrs'][3]
if vs_state == 'enable':
enabled = (lb_vs.get('state', 'ENABLED') == 'ENABLED')
else:
enabled = False
pool_group_name = '%s-poolgroup' % vs_name
# Added prefix for objects
if self.prefix:
pool_group_name = self.prefix + '-' + pool_group_name
pool_group_name = re.sub('[:]', '-', pool_group_name)
pool_group = [pool_group for pool_group in
avi_config.get("PoolGroup", [])
if pool_group['name'] == pool_group_name]
pool_group_ref = None
if pool_group:
pool_group_ref = pool_group_name
redirect_url = lb_vs.get('redirectURL', None)
backup_server = lb_vs.get('backupVServer', None)
updated_vs_name = re.sub('[:]', '-', vs_name)
# Added prefix for objects
if self.prefix:
updated_vs_name = self.prefix + '-' + updated_vs_name
# # Regex to check Vs has IPV6 address if yes the Skipped
# if re.findall(ns_constants.IPV6_Address, ip_addr) or \
# ip_addr == '0.0.0.0':
# if redirect_url:
# redirect_dict = {updated_vs_name: redirect_url}
# avi_config['Lbvs'].append(redirect_dict)
# if backup_server:
# backup_server_name = {}
# skipped_status = "Skipped:Invalid VIP %s" % full_cmd
# LOG.warning(skipped_status)
# ns_util.add_status_row(
# lb_vs['line_no'], cmd, key, full_cmd, STATUS_SKIPPED,
# skipped_status)
# continue
# VIP object for virtual service
vip = {
'ip_address': {
'addr': ip_addr,
'type': 'V4'
},
'vip_id': 0
}
vs_obj = {
'name': updated_vs_name,
'type': 'VS_TYPE_NORMAL',
'tenant_ref': self.tenant_ref,
'cloud_ref': self.cloud_ref,
'enabled': enabled,
'services': [],
}
if parse_version(self.controller_version) >= \
parse_version('17.1'):
vs_obj['vip'] = [vip]
else:
vs_obj['ip_address'] = vip['ip_address']
bind_conf_list = bind_lb_vs_config.get(key, None)
# Skipped this lb vs if it do not have any bind lb vserver
if (not bind_conf_list) and (not redirect_url):
continue
if isinstance(bind_conf_list, dict):
bind_conf_list = [bind_conf_list]
policy = None
if bind_conf_list:
# Convert netscalar policy to AVI http policy set
policy = policy_converter.convert(
bind_conf_list, ns_config, avi_config, [],
redirect_pools, 'bind lb vserver', True)
# TODO move duplicate code for adding policy to vs in ns_util
# Convert netscalar policy to AVI http policy set
if policy:
if policy['name'] in tmp_policy_ref:
policy = ns_util.clone_http_policy_set(
policy, updated_vs_name, avi_config,
self.tenant_name, self.cloud_name,
userprefix=self.prefix)
tmp_policy_ref.append(policy['name'])
updated_http_policy_ref = ns_util.get_object_ref(
policy['name'], OBJECT_TYPE_HTTP_POLICY_SET,
self.tenant_name)
http_policies = {
'index': 11,
'http_policy_set_ref': updated_http_policy_ref
}
vs_obj['http_policies'] = []
vs_obj['http_policies'].append(http_policies)
avi_config['HTTPPolicySet'].append(policy)
http_prof = lb_vs.get('httpProfileName', None)
if http_prof:
# Added prefix for objects
if self.prefix:
http_prof = self.prefix + '-' + http_prof
# Get the merge application profile name
if self.object_merge_check:
http_prof = merge_object_mapping['app_profile'].get(
http_prof, http_prof)
if ns_util.object_exist('ApplicationProfile', http_prof,
avi_config):
LOG.info(
'Conversion successful: Added application profile '
'%s for %s' % (http_prof, updated_vs_name))
http_prof_ref = \
ns_util.get_object_ref(http_prof,
OBJECT_TYPE_APPLICATION_PROFILE,
self.tenant_name)
vs_obj['application_profile_ref'] = http_prof_ref
clttimeout = lb_vs.get('cltTimeout', None)
if clttimeout:
ns_util.add_clttimeout_for_http_profile(
http_prof, avi_config, clttimeout)
clt_cmd = cmd + '%s cltTimeout %s' % (key,
clttimeout)
LOG.info('Conversion successful : %s' % clt_cmd)
else:
LOG.warning("%s application profile doesn't exist for "
"%s vs" %(http_prof, updated_vs_name))
elif not http_prof and (lb_vs['attrs'][1]).upper() == 'DNS':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-DNS', 'applicationprofile', tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-UDP-Per-Pkt', 'networkprofile', tenant='admin')
elif not http_prof and (lb_vs['attrs'][1]).upper() == 'UDP':
vs_obj[
'application_profile_ref'] = ns_util.get_object_ref(
'System-L4-Application', 'applicationprofile',
tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-UDP-Fast-Path', 'networkprofile',
tenant='admin')
elif not http_prof and (lb_vs['attrs'][1]).upper() == 'DNS_TCP':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-L4-Application', 'applicationprofile',
tenant='admin')
vs_obj['network_profile_ref'] = ns_util.get_object_ref(
'System-TCP-Proxy', 'networkprofile', tenant='admin')
elif not http_prof and (lb_vs['attrs'][1]).upper() == 'SSL':
vs_obj['application_profile_ref'] = ns_util.get_object_ref(
'System-Secure-HTTP', 'applicationprofile',
tenant='admin')
if pool_group:
# clone the pool group if it is referenced to other
# VS ot http policy set
if pool_group_ref in used_pool_group_ref:
pool_group_ref = ns_util.clone_pool_group(
pool_group_ref, vs_name, avi_config,
self.tenant_name, self.cloud_name,
userprefix=self.prefix)
pool_group_ref = re.sub('[:]', '-', pool_group_ref)
used_pool_group_ref.append(pool_group_ref)
updated_pool_group = [pg for pg in
avi_config.get('PoolGroup', [])
if pg['name'] == pool_group_ref]
vs_obj['pool_group_ref'] = ns_util.get_object_ref(
pool_group_ref, OBJECT_TYPE_POOL_GROUP,
self.tenant_name, self.cloud_name)
pool_group = updated_pool_group[0]
# Update fail cation of pool as FAIL_ACTION_HTTP_REDIRECT in AVI
# if lb vs has redirect url
if redirect_url:
fail_action = ns_util.get_redirect_fail_action(redirect_url)
if pool_group:
pool_group["fail_action"] = fail_action
backup_configured = False
if backup_server:
# Add backup pool of poolgroup if this lb vs has an ip
# backup vserver
try:
backup_pool_group_ref = backup_server + '-poolgroup'
backup_pool_group_ref = re.sub('[:]', '-',
backup_pool_group_ref)
# Added prefix for objects
if self.prefix:
backup_pool_group_ref = self.prefix + '-' + \
backup_pool_group_ref
backup_pool_group = [
pg for pg in avi_config.get("PoolGroup", [])
if pg['name'] == backup_pool_group_ref]
backup_pool_ref = ns_util.get_name(
backup_pool_group[0]['members'][0]['pool_ref']
)
# Added backupvserver to poolgroup
new_backup_pool_ref = ns_util.clone_pool(
backup_pool_ref, pool_group['name'], avi_config,
userprefix=self.prefix)
new_backup_pool_ref = ns_util.get_object_ref(
new_backup_pool_ref, OBJECT_TYPE_POOL,
self.tenant_name, self.cloud_name)
backup_pool = {
'type': 'FAIL_ACTION_BACKUP_POOL',
'backup_pool': {
'backup_pool_ref': new_backup_pool_ref
}
}
pool_group['fail_action'] = backup_pool
backup_configured = True
except Exception as e:
# Skipped lb vs if backup pool is found in AVI
LOG.error('No Backup pool found: %s' % full_cmd)
ns_util.add_status_row(lb_vs['line_no'], cmd, key,
full_cmd, STATUS_INDIRECT)
continue
elif ip_addr == "0.0.0.0" and not redirect_url and not \
backup_server:
# Skipped lb vs if it has ip 0.0.0.0 and does not have
# backup pool and redirect url
if pool_group:
ns_util.add_status_row(lb_vs['line_no'], cmd, key,
full_cmd, STATUS_INDIRECT)
LOG.warning(
'%s %s Skipped VS, Service point to %s server'
' and not have redirect action and backup '
'vserver' % (cmd, key, ip_addr)
)
else:
msg = ('%s %s Skipped VS, Invalid VIP %s and do not '
'have service assigned, redirect action and '
'backup vserver' % (cmd, key, ip_addr))
ns_util.add_status_row(lb_vs['line_no'], cmd, key,
full_cmd, STATUS_SKIPPED,
avi_object=msg)
LOG.warning(msg)
continue
# Regex to check Vs has IPV6 address if yes the Skipped
if re.findall(ns_constants.IPV6_Address, ip_addr) \
or ip_addr == '0.0.0.0':
# Added condition to handel redirect_url and backupvserver
if redirect_url:
redirect_dict = {
updated_vs_name:
{
"redirect_url": redirect_url
}
}
avi_config['Lbvs'].append(redirect_dict)
if backup_server:
backup_server_name = {
updated_vs_name:
{
"backupvserver":
pool_group['name']
}
}
avi_config['Lbvs'].append(backup_server_name)
vs_conv_status = STATUS_SKIPPED
if backup_configured:
vs_conv_status = STATUS_INDIRECT
skipped_status = "Skipped:Invalid VIP %s" % full_cmd
LOG.warning(skipped_status)
ns_util.add_status_row(
lb_vs['line_no'], cmd, key, full_cmd, vs_conv_status,
skipped_status)
continue
service = {'port': port, 'enable_ssl': enable_ssl}
if port in ("0", "*"):
service['port'] = "1"
service['port_range_end'] = "65535"
vs_obj['services'].append(service)
persistence_type = lb_vs.get('persistenceType', '')
if pool_group_ref and persistence_type in \
self.lbvs_supported_persist_types:
profile_name = '%s-persistance-profile' % vs_name
# Added prefix for objects
if self.prefix:
profile_name = self.prefix + '-' + profile_name
persist_profile = \
ns_util.convert_persistance_prof(lb_vs, profile_name,
self.tenant_ref)
persist_profile_name = persist_profile['name']
if self.object_merge_check:
dup_of = ns_util.update_skip_duplicates(persist_profile,
avi_config['ApplicationPersistenceProfile'],
'app_persist_profile', merge_object_mapping,
persist_profile_name, persistence_type, self.prefix)
if dup_of:
app_per_merge_count['count'] += 1
persist_profile_name = merge_object_mapping[
'app_persist_profile'].get(
persist_profile_name, None)
else:
avi_config['ApplicationPersistenceProfile'].append(
persist_profile)
else:
avi_config['ApplicationPersistenceProfile'].append(
persist_profile)
self.update_pool_for_persist(avi_config, pool_group,
persist_profile_name)
elif not persistence_type == 'NONE':
LOG.warning('Persistance type %s not supported by Avi' %
persistence_type)
ntwk_prof = lb_vs.get('tcpProfileName', None)
if ntwk_prof:
# Added prefix for objects
if self.prefix:
ntwk_prof = self.prefix + '-' + ntwk_prof
# Get the merge network profile name
if self.object_merge_check:
ntwk_prof = merge_object_mapping['network_profile'].get(
ntwk_prof, ntwk_prof)
if ns_util.object_exist('NetworkProfile', ntwk_prof,
avi_config):
LOG.info('Conversion successful: Added network profile '
'%s for %s' % (ntwk_prof, updated_vs_name))
ntwk_prof_ref = \
ns_util.get_object_ref(ntwk_prof,
OBJECT_TYPE_NETWORK_PROFILE,
self.tenant_name)
vs_obj['network_profile_ref'] = ntwk_prof_ref
else:
LOG.warning("%s netwrok profile doesn't exist for "
"%s vs" %(ntwk_prof, updated_vs_name))
if redirect_url and not pool_group:
redirect_pools.update({vs_obj['name']: redirect_url})
ns_util.create_http_policy_set_for_redirect_url(
vs_obj, redirect_url, avi_config, self.tenant_name,
self.tenant_ref)
if redirect_url:
if parse_version(self.controller_version) >= parse_version(
'17.1'):
ns_util.create_update_vsvip(
ip_addr, avi_config['VsVip'], self.tenant_ref,
self.cloud_ref, prefix=self.prefix)
# Added prefix for objects
if self.prefix:
ip_addr = self.prefix + '-' + ip_addr
updated_vsvip_ref = ns_util.get_object_ref(
ip_addr + '-vsvip', 'vsvip', self.tenant_name,
self.cloud_name)
vs_obj['vsvip_ref'] = updated_vsvip_ref
avi_config['VirtualService'].append(vs_obj)
tmp_avi_config['VirtualService'].append(vs_obj)
# Marked redirect url as status indirect
ns_util.add_status_row(lb_vs['line_no'], cmd, key,
full_cmd, STATUS_INDIRECT, vs_obj)
else:
# Verify that this lb vs has share the same VIP of another
# vs If yes then skipped this lb vs
is_shared = ns_util.is_shared_same_vip(
vs_obj, avi_config['VirtualService'], avi_config,
self.tenant_name, self.cloud_name, self.tenant_ref,
self.cloud_ref, self.controller_version, self.prefix)
if is_shared:
skipped_status = 'Skipped: %s Same vip shared by ' \
'another virtual service' % vs_name
LOG.warning(skipped_status)
ns_util.add_status_row(lb_vs['line_no'], cmd, key,
full_cmd, STATUS_SKIPPED,
skipped_status)
continue
avi_config['VirtualService'].append(vs_obj)
# Add summery of this lb vs in CSV/report
conv_status = ns_util.get_conv_status(
lb_vs, self.lbvs_skip_attrs, self.lbvs_na_attrs,
self.lbvs_indirect_list,
ignore_for_val=self.lbvs_ignore_vals,
user_ignore_val=self.lbvs_user_ignore)
ns_util.add_conv_status(lb_vs['line_no'], cmd, key,
full_cmd, conv_status, vs_obj)
if enable_ssl:
ssl_mappings = ns_config.get('bind ssl vserver', {})
ssl_bindings = ssl_mappings.get(key, [])
if isinstance(ssl_bindings, dict):
ssl_bindings = [ssl_bindings]
for mapping in ssl_bindings:
if 'CA' in mapping:
pki_ref = mapping['attrs'][0]
# Added prefix for objects
if self.prefix:
pki_ref = self.prefix + '-' + pki_ref
if self.object_merge_check:
pki_ref = merge_object_mapping[
'pki_profile'].get(pki_ref)
if [pki_profile for pki_profile in
avi_config["PKIProfile"] if
pki_profile['name'] == pki_ref]:
pki_ref = ns_util.get_object_ref(
pki_ref, OBJECT_TYPE_PKI_PROFILE,
self.tenant_name)
app_profile_with_pki_profile = \
ns_util.update_application_profile(
http_prof, pki_ref, self.tenant_ref,
updated_vs_name, avi_config)
app_profile_name = \
app_profile_with_pki_profile['name']
# Get the merge application profile name
if self.object_merge_check:
dup_of = ns_util.update_skip_duplicates(
app_profile_with_pki_profile,
avi_config['ApplicationProfile'],
'app_profile', merge_object_mapping,
app_profile_name, 'HTTP', self.prefix)
if dup_of:
app_merge_count['count'] += 1
app_profile_name = \
merge_object_mapping[
'app_profile'].get(
app_profile_name)
else:
avi_config["ApplicationProfile"].append(
app_profile_with_pki_profile)
else:
avi_config["ApplicationProfile"].append(
app_profile_with_pki_profile)
app_profile_with_pki_profile_ref = \
ns_util.get_object_ref(app_profile_name,
OBJECT_TYPE_APPLICATION_PROFILE,
self.tenant_name)
vs_obj['application_profile_ref'] = \
app_profile_with_pki_profile_ref
LOG.info(
'Added: %s PKI profile %s' % (pki_ref, key))
elif 'certkeyName' in mapping:
avi_ssl_ref = 'ssl_key_and_certificate_refs'
ckname = mapping['certkeyName']
if self.prefix:
ckname = self.prefix + '-' + ckname
if [obj for obj in
avi_config['SSLKeyAndCertificate']
if obj['name'] == ckname]:
updated_ssl_ref = ns_util.get_object_ref(ckname,
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
elif [obj for obj in
avi_config['SSLKeyAndCertificate']
if obj['name'] == ckname + '-dummy']:
updated_ssl_ref = ns_util.get_object_ref(
ckname + '-dummy',
OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
self.tenant_name)
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
else:
LOG.warning(
'Could not find ssl key cert, so adding '
'default cert as system default insted')
vs_obj[avi_ssl_ref] = [ns_util.get_object_ref(
'System-Default-Cert',
'sslkeyandcertificate', 'admin')]
continue
vs_obj[avi_ssl_ref] = [updated_ssl_ref]
ssl_vs_mapping = ns_config.get('set ssl vserver', {})
mapping = ssl_vs_mapping.get(key, None)
ssl_profile_name = re.sub('[:]', '-', key)
# Added prefix for objects
if self.prefix:
ssl_profile_name = self.prefix + '-' + ssl_profile_name
# Get the merge ssl profile name
if self.object_merge_check:
ssl_profile_name = \
merge_object_mapping['ssl_profile'].get(
ssl_profile_name, None)
if mapping and [ssl_profile for ssl_profile in
avi_config["SSLProfile"] if
ssl_profile['name'] == ssl_profile_name]:
updated_ssl_profile_ref = ns_util.get_object_ref(
ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
self.tenant_name)
# Changed ssl profile name to ssl profile ref.
vs_obj['ssl_profile_ref'] = updated_ssl_profile_ref
LOG.debug('Added: %s SSL profile %s' % (key, key))
LOG.debug('LB VS conversion completed for: %s' % key)
except:
LOG.error('Error in lb vs conversion for: %s' %
key, exc_info=True)
