def set_file(appliances=[], credentials=[], timeout=120, no_check_hostname=False, file_in=None, destination=None, Domain='default', overwrite=True, web=False): """Uploads a file to the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-f, --file-in`: The path and filename of the file to upload * `-d, --destination`: Should be the path and filename of the file once uploaded to the DataPower **NOTE: file_out should contain the filename ie. local:/test.txt** * `-D, --Domain`: The domain to which to upload the file, * `-N, --no-overwrite`: If specified this program will exit with an error rather than overwrite a file * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) kwargs = { 'file_in': file_in, 'file_out': destination, 'domain': Domain, 'overwrite': overwrite} resp = env.perform_async_action('set_file', **kwargs) if web: return util.render_boolean_results_table( resp, suffix="set_file"), util.render_history(env)
def set_file(appliances=[], credentials=[], timeout=120, no_check_hostname=False, file_in=None, destination=None, Domain='default', overwrite=True, web=False): """Uploads a file to the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-f, --file-in`: The path and filename of the file to upload * `-d, --destination`: Should be the path and filename of the file once uploaded to the DataPower **NOTE: file_out should contain the filename ie. local:/test.txt** * `-D, --Domain`: The domain to which to upload the file, * `-N, --no-overwrite`: If specified this program will exit with an error rather than overwrite a file * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) kwargs = { 'file_in': file_in, 'file_out': destination, 'domain': Domain, 'overwrite': overwrite } resp = env.perform_async_action('set_file', **kwargs) if web: return util.render_boolean_results_table( resp, suffix="set_file"), util.render_history(env)
def flush_aaa_cache(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", aaa_policy="", web=False): """Flushes the AAA Cache of the specified aaa_policy in the specified Domain. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain where the aaa_policy resides * `-A, --aaa-policy`: the AAAPolicy who's cache you would like to flush * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) msg = "Attempting to flush AAA cache on {}".format(str(env.appliances)) logger.info(msg) if not web: print msg kwargs = {"PolicyName": aaa_policy, 'domain': Domain} responses = env.perform_action('FlushAAACache', **kwargs) logger.debug("Responses received {}".format(str(responses))) if not web: for host, resp in responses.items(): print "{}\n{}".format(host, "=" * len(host)) pprint_xml(resp.xml) else: return util.render_boolean_results_table( responses, suffix="flush_aaa_cache"), util.render_history(env)
def list_checkpoints(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", web=False): """Lists the checkpoints which are currently in the specified domain Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain to list the checkpoints for * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) logger.info( "Attempting to list checkpoints for {} in {} domain".format( str(env.appliances), Domain)) resp = env.perform_action("get_existing_checkpoints", domain=Domain) logger.debug("Responses received: {}".format(str(resp))) if web: return (util.web_list_checkpoints(resp, Domain), util.render_history(env)) for host, d in resp.items(): print host, '\n', '=' * len(host) for key, value in d.items(): print key, "-".join(value["date"]), ":".join(value["time"]) print
def flush_rbm_cache(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", web=False): """Flush the RBM Cache in the specified Domain Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain for which to flush the RBM Cache * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) msg = "Attempting to flush RBM cache on {}".format(str(env.appliances)) logger.info(msg) if not web: print msg responses = env.perform_action('FlushRBMCache', **{'domain': Domain}) logger.debug("Responses received {}".format(str(responses))) if not web: for host, resp in responses.items(): print "{}\n{}".format(host, "="*len(host)) pprint_xml(resp.xml) else: return util.render_boolean_results_table( responses, suffix="flush_rbm_cache"), util.render_history(env)
def list_checkpoints(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", web=False): """Lists the checkpoints which are currently in the specified domain Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain to list the checkpoints for * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) logger.info("Attempting to list checkpoints for {} in {} domain".format( str(env.appliances), Domain)) resp = env.perform_action("get_existing_checkpoints", domain=Domain) logger.debug("Responses received: {}".format(str(resp))) if web: return (util.web_list_checkpoints(resp, Domain), util.render_history(env)) for host, d in resp.items(): print host, '\n', '=' * len(host) for key, value in d.items(): print key, "-".join(value["date"]), ":".join(value["time"]) print
def del_password_map_alias( appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", alias_name="", save_config=True, web=False, ): """delete a password map alias on the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-A, --alias-name`: The name of the password map alias to delete * `-N, --no-save-config`: If specified, the configuration of the domain will be persisted * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" check_hostname = not no_check_hostname logger = make_logger('mast.datapower.deployment') env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname ) if web: output = OrderedDict() for appliance in env.appliances: if not web: print(appliance.hostname) print("\tAttempting to remove Password Map Alias") response = appliance.DeletePasswordMap( domain=Domain, AliasName=alias_name, ) logger.info(repr(response)) if web: output["{}-{}".format(appliance.hostname, "DeletePasswordMapAlias")] = "\n".join( response.xml.find( ".//{http://www.datapower.com/schemas/management}result" ).itertext() ) else: print( "\t\t{}".format( "\n\t\t".join( response.xml.find( ".//{http://www.datapower.com/schemas/management}result" ).itertext() ).strip() ) ) if save_config and response: if not web: print("\tSaving Configuration") response = appliance.SaveConfig(domain=Domain) logger.info(repr(response)) if web: output["{}-{}".format(appliance.hostname, "SaveConfig")] = "\n".join( response.xml.find( ".//{http://www.datapower.com/schemas/management}result" ).itertext() ) else: print( "\t\t{}".format( "\n\t\t".join( response.xml.find( ".//{http://www.datapower.com/schemas/management}result" ).itertext() ).strip() ) ) if web: return ( render_results_table(output), render_history(env), )
def list_rbm_fallback_users(appliances=[], credentials=[], timeout=120, no_check_hostname=False, web=False): """Lists the current RBM Fallback Users for the specified appliances, as well as the fallback users which are common to all appliances. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) if web: return util.web_list_rbm_fallback(env), util.render_history(env) sets = [] for appliance in env.appliances: logger.info("Attempting to list RBM Fallback users on {}".format( appliance.hostname)) users = appliance.fallback_users logger.debug("RBM Fallback users for {}: {}".format( appliance.hostname, str(users))) sets.append(set(users)) print '\n', appliance.hostname print '=' * len(appliance.hostname) for user in users: print '\t', user common = sets[0].intersection(*sets) logger.debug("RBM Fallback usesrs common to {}: {}".format( str(env.appliances), str(common))) print '\nCommon' print '======' for user in common: print '\t', user
def add_group(appliances=[], credentials=[], timeout=120, no_check_hostname=False, save_config=False, name=None, access_policies=[], web=False): """Adds a user group to the specified appliances. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-s, --save-config`: If specified the configuration on the appliances will be saved * `-N, --name`: The name of the group to add * `-A, --access-policies`: The access policies which will be associated with this group * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) kwargs = {'name': name, 'access_policies': access_policies} msg = "Adding group {} to {}".format(name, str(env.appliances)) logger.info(msg) if not web: print msg resp = env.perform_async_action('add_group', **kwargs) logger.debug("responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "="*len(host)) pprint_xml(resp.xml) else: output = util.render_boolean_results_table(resp, suffix="add_group") if save_config: kwargs = {'domain': 'default'} msg = "Saving configuration in the default domain of {}".format(str(env.appliances)) logger.info(msg) if not web: print msg resp = env.perform_async_action('SaveConfig', **kwargs) logger.debug("Responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "="*len(host)) pprint_xml(resp.xml) else: output += util.render_boolean_results_table( resp, suffix="save_config") if web: return output, util.render_history(env)
def restore_secure_backup(appliances=[], credentials=[], timeout=1200, no_check_hostname=False, CryptoCertificate="", location="", validate_only=False, web=False): """Restores a secure backup to the specified appliances. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-C, --CryptoCertificate`: The CryptoCertificate object with which the secure backup was encrypted * `-l, --location`: The location on the appliances where the SecureBackup resides (This means that you will have to upload the secure backup if you got it from MAST, external to the appliance) * `-v, --validate-only`: If specified then the appliances will only attemp to validate the backup instead of actually restoring it * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) logger.info("Attempting to restore Secure Backup on {}".format( str(env.appliances))) validate = "on" if validate_only else "off" kwargs = { "cred": CryptoCertificate, "source": location, "validate": validate } resp = env.perform_action("SecureRestore", **kwargs) logger.debug("Responses received: {}".format(str(resp))) if web: return (util.render_boolean_results_table(resp), util.render_history(env)) for host, msg in resp.items(): print host, '\n', "=" * len(host) print msg print
def delete_file(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", filename="", backup=False, out_dir="tmp", web=False): """Deletes a file from the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain from which to delete the file * `-f, --filename`: The name of the file (on DataPower) you would like to delete * `-b, --backup`: Whether to backup the file before deleting * `-o, --out-dir`: (NOT NEEDED IN THE WEB GUI)The directory you would like to save the file to * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) if backup: resp = {} for appliance in env.appliances: _out_dir = os.path.join(out_dir, appliance.hostname) if not os.path.exists(_out_dir): os.makedirs(_out_dir) resp[appliance.hostname] = appliance.del_file(filename=filename, domain=Domain, backup=True, local_dir=_out_dir) else: resp = env.perform_action("del_file", filename=filename, domain=Domain) if web: return (util.render_boolean_results_table(resp), util.render_history(env)) for host, response in resp.items(): print host print "=" * len(host) if response: print "Success" else: print "Error" print
def clean_up(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain='default', checkpoints=False, export=False, error_reports=False, recursive=False, logtemp=False, logstore=False, backup_files=True, out_dir='tmp', web=False): """This will clean up the specified appliances filesystem optionally (defaults to True) taking copies of the files as backups. Parameters: * `-a, --appliances` - The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain who's filesystem you would like to clean up * `-C, --checkpoints`: If specified, all checkpoints will be removed from the domain * `-e, --export`: If specified all exports will be removed from the domain * `-l, --logtemp`: If specified, all files in `logtemp:` will be removed from the domain * `-L, --logstore`: If specified, all files in `logstore:` will be removed * `-E, --error-reports`: If specified, all error reports will be removed from the appliance(s) * `-r, --recursive`: If specified, directories will be cleaned recursively * `--no-backup-files`: If specified, files will not be backed up before deleting * `-o, --out-dir`: The directory to save backed up files * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) t = Timestamp() dirs = [] if checkpoints: dirs.append('chkpoints:/') if export: dirs.append('export:/') if logtemp: dirs.append('logtemp:/') if logstore: dirs.append('logstore:/') if web: rows = [] for appliance in env.appliances: if web: rows.append((appliance.hostname, )) for _dir in dirs: _clean_dir( appliance, _dir, Domain, recursive, backup_files, t.timestamp, out_dir) if web: rows.append(("", _dir, "Cleaned")) if error_reports: _clean_error_reports( appliance, Domain, backup_files, t.timestamp, out_dir) rows.append(("", "ErrorReports", "Cleaned")) return flask.render_template( "results_table.html", header_row=["Appliance", "Location", "Action"], rows=rows), util.render_history(env)
def get_normal_backup(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain=[], comment="", out_dir='tmp', individual=False, web=False): """Performs a normal backup of the specified domain. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domains to backup (all-domains will backup all domains) To spcify multiple domains, use multiple entries of the form `[-D domain1 [-D domain2...]]` * `-C, --comment`: The comment to add to the backup * `-o, --out-dir`: (NOT NEEDED IN WEB GUI) The directory (local) where you would like to store the backup * `-I, --individual`: If specified and all-domains is specified as --Domain then backup each domain individually instead of "all-domains" * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) if not Domain: raise ValueError( "Must provide one or more domains including 'all-domains'") if isinstance(Domain, basestring): Domain = [Domain] # Fixes duplicate domains issue Domain = list(set(Domain)) results = {} if not individual: logger.info("Attempting to retrieve normal backup from " "{} in {} domain".format(str(env.appliances), Domain)) kwargs = {'domains': Domain, 'comment': comment} _results = env.perform_async_action('get_normal_backup', **kwargs) logger.debug("backups retrieved, check file for contents") for hostname, backup in _results.items(): directory = os.path.join(out_dir, hostname, "NormalBackup", t.timestamp) os.makedirs(directory) filename = os.path.join( directory, '%s-%s-%s.zip' % (t.timestamp, hostname, "_".join(Domain))) logger.debug("Writing backup for {} to {}".format( hostname, filename)) with open(filename, 'wb') as fout: fout.write(backup) if _verify_zip(filename): logger.info("backup for {} in {} domain verified".format( hostname, str(Domain))) results[hostname + "-" + "_".join(Domain) + "-normalBackup"] = "Verified" else: logger.info("backup for {} in {} domain corrupt".format( hostname, str(Domain))) results[hostname + "-" + "_".join(Domain) + "-normalBackup"] = "Corrupt" else: for domain in Domain: logger.info("Attempting to retrieve normal backup from " "{} in {} domain".format(str(env.appliances), domain)) kwargs = {'domains': domain, 'comment': comment} _results = env.perform_async_action('get_normal_backup', **kwargs) logger.debug("backups retrieved, check file for contents") for hostname, backup in _results.items(): directory = os.path.join(out_dir, hostname, "NormalBackup", t.timestamp) if not os.path.exists(directory): os.makedirs(directory) filename = os.path.join( directory, '%s-%s-%s.zip' % (t.timestamp, hostname, domain)) logger.debug("Writing backup for {} to {}".format( hostname, filename)) with open(filename, 'wb') as fout: fout.write(backup) if _verify_zip(filename): logger.info("backup for {} in {} domain verified".format( hostname, domain)) results[hostname + "-" + domain + "-normalBackup"] = "Verified" else: logger.info("backup for {} in {} domain corrupt".format( hostname, domain)) results[hostname + "-" + domain + "-normalBackup"] = "Corrupt" if web: return util.render_results_table(results), util.render_history(env) for k, v in results.items(): print print k print '=' * len(k) print v print
def set_checkpoint(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain=['default'], comment='', remove_oldest=True, web=False): """Sets a checkpoint in the given domains on the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: Domains to set checkpoints in. To spcify multiple domains, use multiple entries of the form `[-D domain1 [-D domain2...]]` * `-C, --comment`: The comment to use for the checkpoint (will also be used to build the checkpoint name) * `-N, --no-remove-oldest`: If specified this script will attempt to remove the oldest checkpoint __IF__ the maximum number of checkpoints exist * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) logger.info( "Attempting to set checkpoint on {} in {} domain(s)".format( str(env.appliances), str(Domain))) t = Timestamp() if web: header_row = ("Appliance", "Result") rows = [] for appliance in env.appliances: if not web: print appliance.hostname _domains = Domain print Domain print _domains if "all-domains" in _domains: _domains = appliance.domains print _domains for domain in _domains: print domain if not web: print "\t", domain name = '{0}-{1}-{2}'.format(comment, domain, t.timestamp) logger.debug( "Attempting to set checkpoint {} on {} in {} domain".format( name, appliance, domain)) if remove_oldest: _max = appliance.max_checkpoints(domain) if len(appliance.get_existing_checkpoints(domain)) >= _max: logger.info( "Maximum number of checkpoints for domain " "{} on {} reached. Removing oldest checkpoint.".format( domain, appliance.hostname)) _resp = appliance.remove_oldest_checkpoint(domain) logger.debug("Response received: {}".format(_resp)) kwargs = {'domain': domain, 'ChkName': name} resp = appliance.SaveCheckpoint(**kwargs) logger.debug("Response received: {}".format(resp)) if not web: if resp: print "\t\tSuccessful" else: print "\t\tFailed" if web: if resp: rows.append(( "{}-{}-set_checkpoint".format( appliance.hostname, domain), "Succeeded")) else: rows.append(( "{}-{}-set_checkpoint".format( appliance.hostname, domain), "Failed")) if web: return flask.render_template( "results_table.html", header_row=header_row, rows=rows), util.render_history(env)
def _import(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain=[], file_in=None, deployment_policy=None, deployment_policy_variables=None, dry_run=False, overwrite_files=True, overwrite_objects=True, rewrite_local_ip=True, source_type='ZIP', out_dir="tmp/", web=False): """Import a service/object into the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D. --Domain`: The domain into which the configuration will be imported * `-f, --file-in`: The file to import into the specified domain. This __MUST__ match the format specified in source_type * `-d, --deployment-policy`: The deployment policy to use for the import (must already exist on the appliances) * `--dry-run`: Whether to do a dry-run (nothing will be imported) * `-N, --no-overwrite-files`: If specified, no files will be overwritten as part of the import * `--no-overwrite-objects`: If specified, no objects will be overwritten as part of the import * `--no-rewrite-local-ip`: If specified, no local ip addresses will be rewritten as part of the import * `-s, --source-type`: The type of file to import. Can be "XML" or "ZIP" * `-o, --out-dir`: The directory to output artifacts generated by this script * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.developer") t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) msg = "Attempting to import {} to {}".format(file_in, str(env.appliances)) logger.info(msg) if not web: print msg results = {} out_dir = os.path.join(out_dir, "import_results", t.timestamp) os.makedirs(out_dir) for appliance in env.appliances: if not web: print appliance.hostname results[appliance.hostname] = {} domains = Domain if "all-domains" in domains: domains = appliance.domains for domain in domains: if not web: print "\t", domain kwargs = { 'domain': domain, 'zip_file': file_in, 'deployment_policy': deployment_policy, 'deployment_policy_variables': deployment_policy_variables, 'dry_run': dry_run, 'overwrite_files': overwrite_files, 'overwrite_objects': overwrite_objects, 'rewrite_local_ip': rewrite_local_ip, 'source_type': source_type} resp = appliance.do_import(**kwargs) results[appliance.hostname][domain] = resp if not web: pprint_xml(resp.xml) logger.debug("Response received: {}".format(str(resp))) filename = os.path.join( out_dir, "{}-{}-import_results.xml".format( appliance.hostname, domain ) ) with open(filename, 'wb') as fout: fout.write(resp.pretty) if web: return util.render_see_download_table( results, suffix="import"), util.render_history(env)
def get_file(appliances=[], credentials=[], timeout=120, no_check_hostname=False, location=None, Domain='default', out_dir='tmp', web=False): """Retrieves a file from the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-l, --location`: The location of the file (on DataPower) you would like to get * `-D, --Domain`: The domain from which to get the file * `-o, --out-dir`: (NOT NEEDED IN THE WEB GUI)The directory you would like to save the file to * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) kwargs = {'domain': Domain, 'filename': location} responses = env.perform_async_action('getfile', **kwargs) if not os.path.exists(out_dir) or not os.path.isdir(out_dir): os.makedirs(out_dir) for hostname, fin in list(responses.items()): filename = location.split('/')[-1] filename = os.path.join(out_dir, '%s-%s-%s' % (hostname, t.timestamp, filename)) with open(filename, 'wb') as fout: fout.write(fin) if web: return util.render_see_download_table( responses, suffix="get_file"), util.render_history(env)
def restore_normal_backup(appliances=[], credentials=[], timeout=120, no_check_hostname=False, file_in=None, Domain="", source_type="ZIP", overwrite_files=True, overwrite_objects=True, rewrite_local_ip=True, deployment_policy=None, import_domain=True, reset_domain=True, dry_run=False, out_dir="tmp", web=False): """Restores a normal backup to the specified appliances and Domains. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-f, --file-in`: The backup file which will be restored. This must be in the format specified in source_type * `-D, --Domain`: The domain to which to restore the backup * `-s, --source-type`: The type of backup, must be either "ZIP" or "XML" * `-N, --no-overwrite-files`: Whether to overwrite files when restoring the backup * `--no-overwrite-objects`: Whether to overwrite objects when restoring the backup * `--no-rewrite-local-ip`: Whether to rewrite the local IP Addresses * `-d, --deployment-policy`: The deployment policy to apply when restoring the backup * `--no-import-domain`: Whether we are importing a domain * `--no-reset-domain`: Whether to reset the domain * `--dry-run`: Whether this should be a dry-run * `-o, --out_dir`: (NOT NEEDED IN WEB GUI) The directory (local) where you would want all of the files generated by the restore to be placed * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) logger.info( "Attempting to restore normal backup on {} in {} domain".format( str(env.appliances), Domain)) kwargs = { "file_in": file_in, "source_type": source_type, "domain": Domain, "overwrite_files": overwrite_files, "overwrite_objects": overwrite_objects, "rewrite_local_ip": rewrite_local_ip, "deployment_policy": deployment_policy, "import_domain": import_domain, "reset_domain": reset_domain, "dry_run": dry_run} resp = env.perform_action("restore_normal_backup", **kwargs) logger.debug("Responses received {}".format(str(resp))) out_dir = os.path.join(out_dir, "restore_normal_backup", t.timestamp) os.makedirs(out_dir) for host, r in resp.items(): filename = os.path.join(out_dir, "{}-{}-{}-results.xml".format( t.timestamp, host, Domain)) with open(filename, 'wb') as fout: fout.write(r.pretty) if web: return util.render_see_download_table(resp), util.render_history(env)
def restore_secure_backup(appliances=[], credentials=[], timeout=1200, no_check_hostname=False, CryptoCertificate="", location="", validate_only=False, web=False): """Restores a secure backup to the specified appliances. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-C, --CryptoCertificate`: The CryptoCertificate object with which the secure backup was encrypted * `-l, --location`: The location on the appliances where the SecureBackup resides (This means that you will have to upload the secure backup if you got it from MAST, external to the appliance) * `-v, --validate-only`: If specified then the appliances will only attemp to validate the backup instead of actually restoring it * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) logger.info( "Attempting to restore Secure Backup on {}".format( str(env.appliances))) validate = "on" if validate_only else "off" kwargs = {"cred": CryptoCertificate, "source": location, "validate": validate} resp = env.perform_action("SecureRestore", **kwargs) logger.debug("Responses received: {}".format(str(resp))) if web: return (util.render_boolean_results_table(resp), util.render_history(env)) for host, msg in resp.items(): print host, '\n', "=" * len(host) print msg print
def get_secure_backup(appliances=[], credentials=[], timeout=1200, no_check_hostname=False, out_dir='tmp', CryptoCertificate="", destination='local:/raid0', include_iscsi=False, include_raid=False, remove=True, quiesce_before=True, unquiesce_after=True, quiesce_timeout=60, web=False): """Performs a secure backup of the specified domain. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-o, --out-dir`: (NOT NEEDED IN WEB GUI) The directory (local) to store the backup * `-C, --CryptoCertificate`: The CryptoCertificate object to use to encrypt the backup * `-d, --destination`: The base location (on the appliance) to store the backup * `-i, --include-iscsi`: Whether to include the iscsi filesystem * `-I, --include-raid`: Whether to include the RAID filesystem * `-N, --no-remove`: If specified the backup will NOT be removed from the DataPower * `--no-quiesce-before`: If specified, the appliance will not be quiesced before performing the secure backup * `--no-unquiesce-after`: If specified, the appliance will not be unquiesced after performing the secure backup * `-q, --quiesce-timeout`: The timeout to wait before the appliance attempts to quiesce * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) output = "" if quiesce_before: resp = {} for appliance in env.appliances: logger.info( "Quiescing {} in preparation of Secure Backup".format( appliance.hostname)) resp[appliance.hostname] = appliance.QuiesceDP( timeout=quiesce_timeout) logger.debug( "Response received {}".format(resp[appliance.hostname])) if web: output += util.render_boolean_results_table( resp, suffix="Quiesce_appliance") sleep(quiesce_timeout) t = Timestamp() if destination.endswith("/"): destination = destination.rstrip("/") destination = '%s/%s' % (destination, t.timestamp) kwargs = {'Dir': destination, 'domain': 'default'} logger.info( "Creating directory {} on {} to store Secure Backup".format( destination, str(env.appliances))) resp = env.perform_async_action('CreateDir', **kwargs) logger.debug("Responses received {}".format(str(resp))) if web: output += util.render_boolean_results_table(resp, suffix="CreateDir") include_raid = 'on' if include_raid else 'off' include_iscsi = 'on' if include_iscsi else 'off' kwargs = { 'cert': CryptoCertificate, 'destination': destination, 'include_iscsi': include_iscsi, 'include_raid': include_raid} logger.info( "Attempting to perform a Secure Backup on {}".format( str(env.appliances))) resp = env.perform_async_action('SecureBackup', **kwargs) logger.debug("Responses received: {}".format(str(resp))) if web: output += util.render_boolean_results_table( resp, suffix="SecureBackup") if web: results = {} remove_results = {} for appliance in env.appliances: directory = os.path.join( out_dir, appliance.hostname, "SecureBackup", t.timestamp) start = time() while not appliance.file_exists( '{}/backupmanifest.xml'.format( destination), 'default'): sleep(5) if time() - start > timeout: raise TimeoutError logger.info( "Attempting to retrieve Secure Backup from {}".format( appliance.hostname)) appliance.copy_directory( destination, directory) _directory = os.path.join( directory, destination.replace(":", "").replace("///", "/")) try: logger.info( "Attempting to verify Secure Backup for {}".format( appliance.hostname)) if appliance.verify_local_backup(_directory): logger.info( "Secure Backup integrity verified for {}".format( appliance.hostname)) if web: results[appliance.hostname] = "Succeeded" else: print '\t', appliance.hostname, " - ", "Succeeded" if remove: logger.info( "Attempting to remove Secure Backup from appliance " "{}".format( appliance.hostname)) _resp = appliance.RemoveDir( Dir=destination, domain='default') logger.debug("Response received: {}".format(_resp)) if web: remove_results[appliance.hostname] = _resp else: logger.warn( "Secure Backup for {} Corrupt!".format( appliance.hostname)) if web: results[appliance.hostname] = "Failed" else: print '\t', appliance.hostname, " - ", "Failed" appliance.log_error( 'Verification of backup in %s failed' % (_directory)) except: if web: results[appliance.hostname] = "Failed" logger.exception( "An unhandled exception occurred during execution.") if web: output += util.render_results_table( results, suffix="verify-SecureBackup") output += util.render_boolean_results_table( remove_results, suffix="RemoveDir") if unquiesce_after: resp = {} for appliance in env.appliances: logger.info( "Attempting to unquiesce {}".format( str(appliance.hostname))) resp[appliance.hostname] = appliance.UnquiesceDP() logger.debug( "Response received: {}".format( resp[appliance.hostname])) if web: output += util.render_boolean_results_table( resp, suffix="Unquiesce_appliance") if web: return output, util.render_history(env)
def get_normal_backup(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain=[], comment="", out_dir='tmp', individual=False, web=False): """Performs a normal backup of the specified domain. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domains to backup (all-domains will backup all domains) To spcify multiple domains, use multiple entries of the form `[-D domain1 [-D domain2...]]` * `-C, --comment`: The comment to add to the backup * `-o, --out-dir`: (NOT NEEDED IN WEB GUI) The directory (local) where you would like to store the backup * `-I, --individual`: If specified and all-domains is specified as --Domain then backup each domain individually instead of "all-domains" * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) if not Domain: raise ValueError("Must provide one or more domains including 'all-domains'") if isinstance(Domain, basestring): Domain = [Domain] # Fixes duplicate domains issue Domain = list(set(Domain)) results = {} if not individual: logger.info( "Attempting to retrieve normal backup from " "{} in {} domain".format(str(env.appliances), Domain)) kwargs = {'domains': Domain, 'comment': comment} _results = env.perform_async_action('get_normal_backup', **kwargs) logger.debug("backups retrieved, check file for contents") for hostname, backup in _results.items(): directory = os.path.join( out_dir, hostname, "NormalBackup", t.timestamp) os.makedirs(directory) filename = os.path.join( directory, '%s-%s-%s.zip' % ( t.timestamp, hostname, "_".join(Domain))) logger.debug( "Writing backup for {} to {}".format( hostname, filename)) with open(filename, 'wb') as fout: fout.write(backup) if _verify_zip(filename): logger.info( "backup for {} in {} domain verified".format( hostname, str(Domain))) results[hostname + "-" + "_".join(Domain) + "-normalBackup"] = "Verified" else: logger.info( "backup for {} in {} domain corrupt".format( hostname, str(Domain))) results[hostname + "-" + "_".join(Domain) + "-normalBackup"] = "Corrupt" else: for domain in Domain: logger.info( "Attempting to retrieve normal backup from " "{} in {} domain".format(str(env.appliances), domain)) kwargs = {'domains': domain, 'comment': comment} _results = env.perform_async_action('get_normal_backup', **kwargs) logger.debug("backups retrieved, check file for contents") for hostname, backup in _results.items(): directory = os.path.join( out_dir, hostname, "NormalBackup", t.timestamp) if not os.path.exists(directory): os.makedirs(directory) filename = os.path.join( directory, '%s-%s-%s.zip' % ( t.timestamp, hostname, domain)) logger.debug( "Writing backup for {} to {}".format( hostname, filename)) with open(filename, 'wb') as fout: fout.write(backup) if _verify_zip(filename): logger.info( "backup for {} in {} domain verified".format( hostname, domain)) results[hostname + "-" + domain + "-normalBackup"] = "Verified" else: logger.info( "backup for {} in {} domain corrupt".format( hostname, domain)) results[hostname + "-" + domain + "-normalBackup"] = "Corrupt" if web: return util.render_results_table(results), util.render_history(env) for k, v in results.items(): print print k print '=' * len(k) print v print
def get_file(appliances=[], credentials=[], timeout=120, no_check_hostname=False, location=None, Domain='default', out_dir='tmp', web=False): """Retrieves a file from the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-l, --location`: The location of the file (on DataPower) you would like to get * `-D, --Domain`: The domain from which to get the file * `-o, --out-dir`: (NOT NEEDED IN THE WEB GUI)The directory you would like to save the file to * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) kwargs = {'domain': Domain, 'filename': location} responses = env.perform_async_action('getfile', **kwargs) if not os.path.exists(out_dir) or not os.path.isdir(out_dir): os.makedirs(out_dir) for hostname, fin in list(responses.items()): filename = location.split('/')[-1] filename = os.path.join( out_dir, '%s-%s-%s' % (hostname, t.timestamp, filename)) with open(filename, 'wb') as fout: fout.write(fin) if web: return util.render_see_download_table( responses, suffix="get_file"), util.render_history(env)
def restore_normal_backup(appliances=[], credentials=[], timeout=120, no_check_hostname=False, file_in=None, Domain="", source_type="ZIP", overwrite_files=True, overwrite_objects=True, rewrite_local_ip=True, deployment_policy=None, import_domain=True, reset_domain=True, dry_run=False, out_dir="tmp", web=False): """Restores a normal backup to the specified appliances and Domains. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-f, --file-in`: The backup file which will be restored. This must be in the format specified in source_type * `-D, --Domain`: The domain to which to restore the backup * `-s, --source-type`: The type of backup, must be either "ZIP" or "XML" * `-N, --no-overwrite-files`: Whether to overwrite files when restoring the backup * `--no-overwrite-objects`: Whether to overwrite objects when restoring the backup * `--no-rewrite-local-ip`: Whether to rewrite the local IP Addresses * `-d, --deployment-policy`: The deployment policy to apply when restoring the backup * `--no-import-domain`: Whether we are importing a domain * `--no-reset-domain`: Whether to reset the domain * `--dry-run`: Whether this should be a dry-run * `-o, --out_dir`: (NOT NEEDED IN WEB GUI) The directory (local) where you would want all of the files generated by the restore to be placed * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) logger.info( "Attempting to restore normal backup on {} in {} domain".format( str(env.appliances), Domain)) kwargs = { "file_in": file_in, "source_type": source_type, "domain": Domain, "overwrite_files": overwrite_files, "overwrite_objects": overwrite_objects, "rewrite_local_ip": rewrite_local_ip, "deployment_policy": deployment_policy, "import_domain": import_domain, "reset_domain": reset_domain, "dry_run": dry_run } resp = env.perform_action("restore_normal_backup", **kwargs) logger.debug("Responses received {}".format(str(resp))) out_dir = os.path.join(out_dir, "restore_normal_backup", t.timestamp) os.makedirs(out_dir) for host, r in resp.items(): filename = os.path.join( out_dir, "{}-{}-{}-results.xml".format(t.timestamp, host, Domain)) with open(filename, 'wb') as fout: fout.write(r.pretty) if web: return util.render_see_download_table(resp), util.render_history(env)
def delete_file(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", filename="", backup=False, out_dir="tmp", web=False): """Deletes a file from the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain from which to delete the file * `-f, --filename`: The name of the file (on DataPower) you would like to delete * `-b, --backup`: Whether to backup the file before deleting * `-o, --out-dir`: (NOT NEEDED IN THE WEB GUI)The directory you would like to save the file to * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) if backup: resp = {} for appliance in env.appliances: _out_dir = os.path.join(out_dir, appliance.hostname) if not os.path.exists(_out_dir): os.makedirs(_out_dir) resp[appliance.hostname] = appliance.del_file( filename=filename, domain=Domain, backup=True, local_dir=_out_dir) else: resp = env.perform_action("del_file", filename=filename, domain=Domain) if web: return ( util.render_boolean_results_table(resp), util.render_history(env)) for host, response in resp.items(): print host print "=" * len(host) if response: print "Success" else: print "Error" print
def cert_file_audit(appliances=[], credentials=[], timeout=120, no_check_hostname=False, out_file=os.path.join("tmp", "cert-file-audit.xlsx"), web=False): """Perform an audit of all files which reside in `cert:`, `pubcert:` and `sharedcert:` on the specified appliances. Output: A table and an excel spreadsheet. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-o, --out-file`: The excel spreadsheet to output, use either relative or absolute path. The file should end in `.xlsx` * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("cert-file-audit") if out_file is None: logger.error("Must specify out file") if not web: print "Must specify out_file" sys.exit(2) if not os.path.exists(os.path.dirname(out_file)): os.makedirs(os.path.dirname(out_file)) locations = ["cert:", "pubcert:", "sharedcert:"] check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) header_row = ["appliance", "domain", "directory", "filename", "size", "modified"] rows = [header_row] for appliance in env.appliances: if not web: print appliance.hostname domain = "default" for location in locations: if not web: print "\t{}".format(location) filestore = appliance.get_filestore(domain=domain, location=location) _location = filestore.xml.find(datapower.FILESTORE_XPATH) if _location is None: continue if _location.findall("./file") is not None: for _file in _location.findall("./file"): dir_name = _location.get("name") filename = _file.get("name") if not web: print "\t\t{}".format(filename) size = _file.find("size").text modified = _file.find("modified").text rows.append([appliance.hostname, domain, dir_name, filename, size, modified]) for directory in _location.findall(".//directory"): dir_name = directory.get("name") if not web: print "\t\t{}".format(dir_name) for _file in directory.findall(".//file"): filename = _file.get("name") if not web: print "\t\t\t{}".format(filename) size = _file.find("size").text modified = _file.find("modified").text rows.append([appliance.hostname, domain, dir_name, filename, size, modified]) wb = openpyxl.Workbook() ws = wb.active ws.title = "CertFileAudit" for row in rows: ws.append(row) wb.save(out_file) if not web: print_table(rows) else: return (html_table(rows, table_class="width-100", header_row_class="results_table_header_row", header_cell_class="results_table_header_column", body_row_class="result_table_row", body_cell_class="result_table_cell"), util.render_history(env))
def add_group(appliances=[], credentials=[], timeout=120, no_check_hostname=False, save_config=False, name=None, access_policies=[], web=False): """Adds a user group to the specified appliances. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-s, --save-config`: If specified the configuration on the appliances will be saved * `-N, --name`: The name of the group to add * `-A, --access-policies`: The access policies which will be associated with this group * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) kwargs = {'name': name, 'access_policies': access_policies} msg = "Adding group {} to {}".format(name, str(env.appliances)) logger.info(msg) if not web: print msg resp = env.perform_async_action('add_group', **kwargs) logger.debug("responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "=" * len(host)) pprint_xml(resp.xml) else: output = util.render_boolean_results_table(resp, suffix="add_group") if save_config: kwargs = {'domain': 'default'} msg = "Saving configuration in the default domain of {}".format( str(env.appliances)) logger.info(msg) if not web: print msg resp = env.perform_async_action('SaveConfig', **kwargs) logger.debug("Responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "=" * len(host)) pprint_xml(resp.xml) else: output += util.render_boolean_results_table(resp, suffix="save_config") if web: return output, util.render_history(env)
def export_certs(appliances=[], credentials=[], timeout=120, no_check_hostname=False, domains=[], out_dir="tmp", delay=0.5, web=False): """Export all CryptoCertificate objects which are up and enabled from the specified domains on the specified appliances in PEM format and download them to `out-dir` Output: Downloaded files Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-d, --domains`: The domains to audit, to audit all domains, provide `all-domains`, to specify multiple domains use multiple entries of the form `[-d domain1 [-d domain2...]]`. * `-o, --out-dir`: The directory to which to download the certificates. * `-D, --delay`: The amount of time in seconds to wait between exporting each certificate. If you are experiencing intermitten `AuthenticationFailure`s, it is a good idea to increase this parameter. * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("export-certs") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) for appliance in env.appliances: logger.info("Checking appliance {}".format(appliance.hostname)) if not web: print appliance.hostname _domains = domains if "all-domains" in domains: _domains = appliance.domains for domain in _domains: logger.info("In domain {}".format(domain)) if not web: print "\t", domain # Get a list of all certificates in this domain config = appliance.get_config("CryptoCertificate", domain=domain) certs = [x for x in config.xml.findall(datapower.CONFIG_XPATH)] # Filter out disabled objects because the results won't change, # but we will perform less network traffic certs = filter( lambda x: x.find("mAdminState").text == "enabled", certs) if not certs: continue # Create a directory structure $out_dir/hostname/domain dir_name = os.path.join(out_dir, appliance.hostname, domain) if not os.path.exists(dir_name): os.makedirs(dir_name) for cert in certs: logger.info("Exporting cert {}".format(cert)) # Get filename as it will appear locally filename = cert.find("Filename").text out_file = re.sub(r":[/]*", "/", filename) out_file = out_file.split("/") out_file = os.path.join(dir_name, *out_file) # extract directory name as it will appear locally _out_dir = out_file.split(os.path.sep)[:-1] _out_dir = os.path.join(*_out_dir) # Create the directory if it doesn't exist if not os.path.exists(_out_dir): os.makedirs(_out_dir) name = cert.get("name") if not web: print "\t\t", name export = appliance.CryptoExport(domain=domain, ObjectType="cert", ObjectName=name, OutputFilename=name) # TODO: Test export and handle failure logger.info("Finished exporting cert {}".format(cert)) try: logger.info( "Retrieving file temporary:///{}".format(name)) cert = appliance.getfile(domain, "temporary:///{}".format(name)) logger.info( "Finished retrieving file temporary:///{}".format( name)) logger.info( "Attempting to delete file temporary:///{}".format( name)) appliance.DeleteFile(domain=domain, File="temporary:///{}".format(name)) logger.info( "Finished deleting file temporary:///{}".format(name)) except: logger.exception("An unhandled exception has occurred") if not web: print "SKIPPING CERT" continue cert = etree.fromstring(cert) with open(out_file, "w") as fout: _contents = insert_newlines(cert.find("certificate").text) contents = "{}\n{}\n{}\n".format( "-----BEGIN CERTIFICATE-----", _contents, "-----END CERTIFICATE-----") fout.write(contents) if web: return (util.render_see_download_table({k.hostname: "" for k in env.appliances}, "export-certs"), util.render_history(env))
def get_secure_backup(appliances=[], credentials=[], timeout=1200, no_check_hostname=False, out_dir='tmp', CryptoCertificate="", destination='local:/raid0', include_iscsi=False, include_raid=False, remove=True, quiesce_before=True, unquiesce_after=True, quiesce_timeout=60, web=False): """Performs a secure backup of the specified domain. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-o, --out-dir`: (NOT NEEDED IN WEB GUI) The directory (local) to store the backup * `-C, --CryptoCertificate`: The CryptoCertificate object to use to encrypt the backup * `-d, --destination`: The base location (on the appliance) to store the backup * `-i, --include-iscsi`: Whether to include the iscsi filesystem * `-I, --include-raid`: Whether to include the RAID filesystem * `-N, --no-remove`: If specified the backup will NOT be removed from the DataPower * `--no-quiesce-before`: If specified, the appliance will not be quiesced before performing the secure backup * `--no-unquiesce-after`: If specified, the appliance will not be unquiesced after performing the secure backup * `-q, --quiesce-timeout`: The timeout to wait before the appliance attempts to quiesce * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) output = "" if quiesce_before: resp = {} for appliance in env.appliances: logger.info("Quiescing {} in preparation of Secure Backup".format( appliance.hostname)) resp[appliance.hostname] = appliance.QuiesceDP( timeout=quiesce_timeout) logger.debug("Response received {}".format( resp[appliance.hostname])) if web: output += util.render_boolean_results_table( resp, suffix="Quiesce_appliance") sleep(quiesce_timeout) t = Timestamp() if destination.endswith("/"): destination = destination.rstrip("/") destination = '%s/%s' % (destination, t.timestamp) kwargs = {'Dir': destination, 'domain': 'default'} logger.info("Creating directory {} on {} to store Secure Backup".format( destination, str(env.appliances))) resp = env.perform_async_action('CreateDir', **kwargs) logger.debug("Responses received {}".format(str(resp))) if web: output += util.render_boolean_results_table(resp, suffix="CreateDir") include_raid = 'on' if include_raid else 'off' include_iscsi = 'on' if include_iscsi else 'off' kwargs = { 'cert': CryptoCertificate, 'destination': destination, 'include_iscsi': include_iscsi, 'include_raid': include_raid } logger.info("Attempting to perform a Secure Backup on {}".format( str(env.appliances))) resp = env.perform_async_action('SecureBackup', **kwargs) logger.debug("Responses received: {}".format(str(resp))) if web: output += util.render_boolean_results_table(resp, suffix="SecureBackup") if web: results = {} remove_results = {} for appliance in env.appliances: directory = os.path.join(out_dir, appliance.hostname, "SecureBackup", t.timestamp) start = time() while not appliance.file_exists( '{}/backupmanifest.xml'.format(destination), 'default'): sleep(5) if time() - start > timeout: raise TimeoutError logger.info("Attempting to retrieve Secure Backup from {}".format( appliance.hostname)) appliance.copy_directory(destination, directory) _directory = os.path.join( directory, destination.replace(":", "").replace("///", "/")) try: logger.info("Attempting to verify Secure Backup for {}".format( appliance.hostname)) if appliance.verify_local_backup(_directory): logger.info("Secure Backup integrity verified for {}".format( appliance.hostname)) if web: results[appliance.hostname] = "Succeeded" else: print '\t', appliance.hostname, " - ", "Succeeded" if remove: logger.info( "Attempting to remove Secure Backup from appliance " "{}".format(appliance.hostname)) _resp = appliance.RemoveDir(Dir=destination, domain='default') logger.debug("Response received: {}".format(_resp)) if web: remove_results[appliance.hostname] = _resp else: logger.warn("Secure Backup for {} Corrupt!".format( appliance.hostname)) if web: results[appliance.hostname] = "Failed" else: print '\t', appliance.hostname, " - ", "Failed" appliance.log_error('Verification of backup in %s failed' % (_directory)) except: if web: results[appliance.hostname] = "Failed" logger.exception( "An unhandled exception occurred during execution.") if web: output += util.render_results_table(results, suffix="verify-SecureBackup") output += util.render_boolean_results_table(remove_results, suffix="RemoveDir") if unquiesce_after: resp = {} for appliance in env.appliances: logger.info("Attempting to unquiesce {}".format( str(appliance.hostname))) resp[appliance.hostname] = appliance.UnquiesceDP() logger.debug("Response received: {}".format( resp[appliance.hostname])) if web: output += util.render_boolean_results_table( resp, suffix="Unquiesce_appliance") if web: return output, util.render_history(env)
def export(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain="", object_name=None, object_class=None, comment='', format='ZIP', persisted=True, all_files=True, referenced_files=True, referenced_objects=True, out_dir='tmp', web=False): """Exports a service or object to be used to import into another domain or appliance Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain from which to export service/object * `-o, --object-name`: The name of the object to export * `-O, --object-class`: The class of the object to export * `-C, --comment`: The comment to embed into the export * `-f, --format`: the format in which to export the configuration. This can be either "XML" or "ZIP" * `-N, --no-persisted`: If specified, the running configuration will be exported as opposed to the persisted configuration * `--no-all-files`: If specified, the export will not include all files * `--no-referenced-files`: If specified, the referenced files will not be included in the export * `--no-referenced-objects`: If specified, referenced objects will not be included in the export. * `--out-dir`: (**NOT NEEDED IN THE WEB GUI**)The directory (local) in which to save the export * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.developer") t = Timestamp() if object_name is None or object_class is None: try: raise TypeError("Must Provide both object name and object class") except: logger.exception("Must Provide both object name and object class") raise check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) msg = "Attempting to export {} from {}".format(object_name, str(env.appliances)) logger.info(msg) kwargs = { 'domain': Domain, 'obj': object_name, 'object_class': object_class, 'comment': comment, 'format': format, 'persisted': persisted, 'all_files': all_files, 'referenced_objects': referenced_objects, 'referenced_files': referenced_files} results = env.perform_action( 'export', **kwargs) for hostname, _export in results.items(): d = os.path.join(out_dir, hostname, t.timestamp) os.makedirs(d) extention = format.lower() filename = os.path.join(d, '%s-%s-%s.%s' % ( t.timestamp, hostname, object_name, extention)) msg = "Writing export of {} from {} to {}".format(object_name, hostname, filename) logger.debug(msg) if not web: print msg with open(filename, 'wb') as fout: fout.write(_export) if web: return util.render_see_download_table( results, suffix="export"), util.render_history(env)
def clean_up(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain='default', checkpoints=False, export=False, error_reports=False, recursive=False, logtemp=False, logstore=False, backup_files=True, out_dir='tmp', web=False): """This will clean up the specified appliances filesystem optionally (defaults to True) taking copies of the files as backups. Parameters: * `-a, --appliances` - The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: The domain who's filesystem you would like to clean up * `-C, --checkpoints`: If specified, all checkpoints will be removed from the domain * `-e, --export`: If specified all exports will be removed from the domain * `-l, --logtemp`: If specified, all files in `logtemp:` will be removed from the domain * `-L, --logstore`: If specified, all files in `logstore:` will be removed * `-E, --error-reports`: If specified, all error reports will be removed from the appliance(s) * `-r, --recursive`: If specified, directories will be cleaned recursively * `--no-backup-files`: If specified, files will not be backed up before deleting * `-o, --out-dir`: The directory to save backed up files * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) t = Timestamp() dirs = [] if checkpoints: dirs.append('chkpoints:/') if export: dirs.append('export:/') if logtemp: dirs.append('logtemp:/') if logstore: dirs.append('logstore:/') if web: rows = [] for appliance in env.appliances: if web: rows.append((appliance.hostname, )) for _dir in dirs: _clean_dir(appliance, _dir, Domain, recursive, backup_files, t.timestamp, out_dir) if web: rows.append(("", _dir, "Cleaned")) if error_reports: _clean_error_reports(appliance, Domain, backup_files, t.timestamp, out_dir) rows.append(("", "ErrorReports", "Cleaned")) return flask.render_template( "results_table.html", header_row=["Appliance", "Location", "Action"], rows=rows), util.render_history(env)
def set_checkpoint(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain=['default'], comment='', remove_oldest=True, web=False): """Sets a checkpoint in the given domains on the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: Domains to set checkpoints in. To spcify multiple domains, use multiple entries of the form `[-D domain1 [-D domain2...]]` * `-C, --comment`: The comment to use for the checkpoint (will also be used to build the checkpoint name) * `-N, --no-remove-oldest`: If specified this script will attempt to remove the oldest checkpoint __IF__ the maximum number of checkpoints exist * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.backups") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) logger.info("Attempting to set checkpoint on {} in {} domain(s)".format( str(env.appliances), str(Domain))) t = Timestamp() if web: header_row = ("Appliance", "Result") rows = [] for appliance in env.appliances: if not web: print appliance.hostname _domains = Domain print Domain print _domains if "all-domains" in _domains: _domains = appliance.domains print _domains for domain in _domains: print domain if not web: print "\t", domain name = '{0}-{1}-{2}'.format(comment, domain, t.timestamp) logger.debug( "Attempting to set checkpoint {} on {} in {} domain".format( name, appliance, domain)) if remove_oldest: _max = appliance.max_checkpoints(domain) if len(appliance.get_existing_checkpoints(domain)) >= _max: logger.info( "Maximum number of checkpoints for domain " "{} on {} reached. Removing oldest checkpoint.".format( domain, appliance.hostname)) _resp = appliance.remove_oldest_checkpoint(domain) logger.debug("Response received: {}".format(_resp)) kwargs = {'domain': domain, 'ChkName': name} resp = appliance.SaveCheckpoint(**kwargs) logger.debug("Response received: {}".format(resp)) if not web: if resp: print "\t\tSuccessful" else: print "\t\tFailed" if web: if resp: rows.append( ("{}-{}-set_checkpoint".format(appliance.hostname, domain), "Succeeded")) else: rows.append( ("{}-{}-set_checkpoint".format(appliance.hostname, domain), "Failed")) if web: return flask.render_template("results_table.html", header_row=header_row, rows=rows), util.render_history(env)
def list_probes(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain=[], web=False): """Lists all enabled probes in all specified domains Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D, --Domain`: One or more domains to inspect. To spcify multiple domains, use multiple entries of the form `[-D domain1 [-D domain2...]]` * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" import urllib2 check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout=timeout, check_hostname=check_hostname) results = {} for appliance in env.appliances: domains = Domain if "all-domains" in Domain: domains = appliance.domains for domain in domains: try: config = appliance.get_config( _class="all-classes", name="all-objects", domain=domain, persisted=False) except urllib2.HTTPError: config = appliance.get_config(domain=domain, persisted=False) for obj in config.xml.findall(datapower.CONFIG_XPATH): if obj.find("DebugMode") is not None: if obj.find("DebugMode").text == "on": k = "{}-{}".format(appliance.hostname, domain) v = "{} - {}".format(obj.tag, obj.get("name")) if k in results: results[k].append(v) else: results[k] = [v] if web: for k, v in results.items(): results[k] = "\n".join(v) return ( util.render_results_table(results), util.render_history(env)) else: for k, v in results.items(): print k, "\n", "-" * len(k) for item in v: print "\t{}".format(item)
def cert_audit(appliances=[], credentials=[], timeout=120, no_check_hostname=False, domains=[], out_file="tmp/cert-audit.xlsx", delay=0.5, date_time_format="%A, %B %d, %Y, %X", localtime=False, days_only=False, web=False): """Perform an audit of all CryptoCertificate objects which are up and enabled for the specified appliances and domains. Output: A table and an excel spreadsheet. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-d, --domains`: The domains to audit, to audit all domains, provide `all-domains`, to specify multiple domains use multiple entries of the form `[-d domain1 [-d domain2...]]`. * `-o, --out-file`: The excel spreadsheet to output, use either relative or absolute path. The file should end in `.xlsx` * `-D, --delay`: The amount of time in seconds to wait between auditing each certificate. If you are experiencing intermitten `AuthenticationFailure`s, it is a good idea to increase this parameter. * `--date-time-format`: The format for date-timestamps. Refer to [this document](https://docs.python.org/2/library/time.html#time.strftime) for information on using this parameter * `-l, --localtime`: If specified, the date-timestamps will be output in local time instead of UTC. * `--days-only`: If specified, only the number of days (floored) will be reported in the `time-since-expiration` and `time-until-expiration` columns. * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("cert-audit") if out_file is None: logger.error("Must specify out file") if not web: print "Must specify out_file" sys.exit(2) if not os.path.exists(os.path.dirname(out_file)): os.makedirs(os.path.dirname(out_file)) check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) header_row = [ "appliance", "domain", "certificate-object", "filename", "serial-number", "subject", "signature_algorithm", "not_before", "not_after", "issuer", "is-expired", "time-since-expiration", "time-until-expiration"] rows = [header_row] for appliance in env.appliances: logger.info("Checking appliance {}".format(appliance.hostname)) if not web: print appliance.hostname _domains = domains if "all-domains" in domains: _domains = appliance.domains for domain in _domains: logger.info("In domain {}".format(domain)) if not web: print "\t", domain config = appliance.get_config("CryptoCertificate", domain=domain) certs = [x for x in config.xml.findall(datapower.CONFIG_XPATH)] # Filter out disabled objects because the results won't change, # but we will perform less network traffic certs = filter( lambda x: x.find("mAdminState").text == "enabled", certs) for cert in certs: logger.info("Exporting cert {}".format(cert)) filename = cert.find("Filename").text name = cert.get("name") _filename = name if not web: print "\t\t", name row = [appliance.hostname, domain, name, filename] appliance.CryptoExport( domain=domain, ObjectType="cert", ObjectName=name, OutputFilename=_filename) logger.info("Finished exporting cert {}".format(cert)) try: logger.info( "Retrieving file {}".format( "temporary:///{}".format(_filename))) cert = appliance.getfile( domain, "temporary:///{}".format(_filename)) logger.info( "Finished retrieving file {}".format( "temporary:///{}".format(_filename))) logger.info( "Attempting to delete file {}".format( "temporary:///{}".format(_filename))) appliance.DeleteFile( domain=domain, File="temporary:///{}".format(_filename)) logger.info( "Finished deleting file {}".format( "temporary:///{}".format(_filename))) except: logger.exception("An unhandled exception has occurred") rows.append(row) if not web: print "SKIPPING CERT" continue cert = etree.fromstring(cert) _contents = insert_newlines(cert.find("certificate").text) certificate = \ "-----BEGIN CERTIFICATE-----\n" +\ _contents +\ "\n-----END CERTIFICATE-----\n" _cert = OpenSSL.crypto.load_certificate( OpenSSL.crypto.FILETYPE_PEM, certificate) subject = "'{}'".format( ";".join( ["=".join(x) for x in _cert.get_subject().get_components()])) issuer = "'{}'".format( ";".join( ["=".join(x) for x in _cert.get_issuer().get_components()])) serial_number = _cert.get_serial_number() try: signature_algorithm = _cert.get_signature_algorithm() except AttributeError: signature_algorithm = "" local_tz = tz.tzlocal() utc_tz = tz.tzutc() notBefore_utc = parser.parse(_cert.get_notBefore()) notBefore_local = notBefore_utc.astimezone(local_tz) notAfter_utc = parser.parse(_cert.get_notAfter()) notAfter_local = notAfter_utc.astimezone(local_tz) if localtime: notAfter = notAfter_local.strftime(date_time_format) notBefore = notBefore_local.strftime(date_time_format) else: notAfter = notAfter_utc.strftime(date_time_format) notBefore = notBefore_utc.strftime(date_time_format) if _cert.has_expired(): time_since_expiration = datetime.utcnow().replace(tzinfo=utc_tz) - notAfter_utc if days_only: time_since_expiration = time_since_expiration.days else: time_since_expiration = str(time_since_expiration) time_until_expiration = 0 else: time_until_expiration = notAfter_utc - datetime.utcnow().replace(tzinfo=utc_tz) if days_only: time_until_expiration = time_until_expiration.days else: time_until_expiration = str(time_until_expiration) time_since_expiration = 0 row.extend( [serial_number, subject, signature_algorithm, notBefore, notAfter, issuer, str(_cert.has_expired()), time_since_expiration, time_until_expiration]) rows.append(row) sleep(delay) wb = openpyxl.Workbook() ws = wb.active for row in rows: ws.append(row) wb.save(out_file) if not web: print "\n\nCertificate Report (available at {}):".format(os.path.abspath(out_file)) print_table(rows) print else: return (html_table(rows, table_class="width-100", header_row_class="results_table_header_row", header_cell_class="results_table_header_column", body_row_class="result_table_row", body_cell_class="result_table_cell"), util.render_history(env))
def change_password(appliances=[], credentials=[], timeout=120, no_check_hostname=False, save_config=False, User="", password="", web=False): """Changes the specified user's password to the specified password. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-textpasswords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-s, --save-config`: If specified the configuration on the appliances will be saved * `-U, --User`: The name of the user whose password you are changing * `-p, --password`: The new password for the specified user. NOTE: You may need to place quotations around the argument passed if using special characters as these might be incorrectly interpreted by your shell. * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) msg = "Attempting to change password for {} on {}".format(User, str(env.appliances)) logger.info(msg) if not web: print msg kwargs = {'username': User, 'password': password} resp = env.perform_async_action('change_password', **kwargs) logger.debug("Responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "="*len(host)) pprint_xml(resp.xml) else: output = util.render_boolean_results_table( resp, suffix="change_password") if save_config: msg = "Attempting to save config of default domain on {}".format(str(env.appliances)) logger.info(msg) if not web: print msg resp = env.perform_async_action('SaveConfig', **{'domain': 'default'}) logger.debug("Responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "="*len(host)) pprint_xml(resp.xml) else: output += util.render_boolean_results_table( resp, suffix="save_config") if web: return output, util.render_history(env)
def _import(appliances=[], credentials=[], timeout=120, no_check_hostname=False, Domain=[], file_in=None, deployment_policy=None, dry_run=False, overwrite_files=True, overwrite_objects=True, rewrite_local_ip=True, source_type='ZIP', out_dir="tmp/", web=False): """Import a service/object into the specified appliances Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-D. --Domain`: The domain into which the configuration will be imported * `-f, --file-in`: The file to import into the specified domain. This __MUST__ match the format specified in source_type * `-d, --deployment-policy`: The deployment policy to use for the import (must already exist on the appliances) * `--dry-run`: Whether to do a dry-run (nothing will be imported) * `-N, --no-overwrite-files`: If specified, no files will be overwritten as part of the import * `--no-overwrite-objects`: If specified, no objects will be overwritten as part of the import * `--no-rewrite-local-ip`: If specified, no local ip addresses will be rewritten as part of the import * `-s, --source-type`: The type of file to import. Can be "XML" or "ZIP" * `-o, --out-dir`: The directory to output artifacts generated by this script * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.developer") t = Timestamp() check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) msg = "Attempting to import {} to {}".format(file_in, str(env.appliances)) logger.info(msg) if not web: print msg results = {} out_dir = os.path.join(out_dir, "import_results", t.timestamp) os.makedirs(out_dir) for appliance in env.appliances: if not web: print appliance.hostname results[appliance.hostname] = {} domains = Domain if "all-domains" in domains: domains = appliance.domains for domain in domains: if not web: print "\t", domain kwargs = { 'domain': domain, 'zip_file': file_in, 'deployment_policy': deployment_policy, 'dry_run': dry_run, 'overwrite_files': overwrite_files, 'overwrite_objects': overwrite_objects, 'rewrite_local_ip': rewrite_local_ip, 'source_type': source_type} resp = appliance.do_import(**kwargs) results[appliance.hostname][domain] = resp if not web: pprint_xml(resp.xml) logger.debug("Response received: {}".format(str(resp))) filename = os.path.join( out_dir, "{}-{}-import_results.xml".format( appliance.hostname, domain ) ) with open(filename, 'wb') as fout: fout.write(resp.pretty) if web: return util.render_see_download_table( results, suffix="import"), util.render_history(env)
def list_rbm_fallback_users(appliances=[], credentials=[], timeout=120, no_check_hostname=False, web=False): """Lists the current RBM Fallback Users for the specified appliances, as well as the fallback users which are common to all appliances. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-text passwords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment( appliances, credentials, timeout, check_hostname=check_hostname) if web: return util.web_list_rbm_fallback(env), util.render_history(env) sets = [] for appliance in env.appliances: logger.info( "Attempting to list RBM Fallback users on {}".format( appliance.hostname)) users = appliance.fallback_users logger.debug( "RBM Fallback users for {}: {}".format( appliance.hostname, str(users))) sets.append(set(users)) print '\n', appliance.hostname print '=' * len(appliance.hostname) for user in users: print '\t', user common = sets[0].intersection(*sets) logger.debug( "RBM Fallback usesrs common to {}: {}".format( str(env.appliances), str(common))) print '\nCommon' print '======' for user in common: print '\t', user
def change_password(appliances=[], credentials=[], timeout=120, no_check_hostname=False, save_config=False, User="", password="", web=False): """Changes the specified user's password to the specified password. Parameters: * `-a, --appliances`: The hostname(s), ip address(es), environment name(s) or alias(es) of the appliances you would like to affect. For details on configuring environments please see the comments in `environments.conf` located in `$MAST_HOME/etc/default`. For details on configuring aliases, please see the comments in `hosts.conf` located in `$MAST_HOME/etc/default`. To pass multiple arguments to this parameter, use multiple entries of the form `[-a appliance1 [-a appliance2...]]` * `-c, --credentials`: The credentials to use for authenticating to the appliances. Should be either one set to use for all appliances or one set for each appliance. Credentials should be in the form `username:password`. To pass multiple credentials to this parameter, use multiple entries of the form `[-c credential1 [-c credential2...]]`. When referencing multiple appliances with multiple credentials, there must be a one-to-one correspondence of credentials to appliances: `[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]` If you would prefer to not use plain-textpasswords, you can use the output of `$ mast-system xor <username:password>`. * `-t, --timeout`: The timeout in seconds to wait for a response from an appliance for any single request. __NOTE__ Program execution may halt if a timeout is reached. * `-n, --no-check-hostname`: If specified SSL verification will be turned off when sending commands to the appliances. * `-s, --save-config`: If specified the configuration on the appliances will be saved * `-U, --User`: The name of the user whose password you are changing * `-p, --password`: The new password for the specified user. NOTE: You may need to place quotations around the argument passed if using special characters as these might be incorrectly interpreted by your shell. * `-w, --web`: __For Internel Use Only, will be removed in future versions. DO NOT USE.__""" logger = make_logger("mast.accounts") check_hostname = not no_check_hostname env = datapower.Environment(appliances, credentials, timeout, check_hostname=check_hostname) msg = "Attempting to change password for {} on {}".format( User, str(env.appliances)) logger.info(msg) if not web: print msg kwargs = {'username': User, 'password': password} resp = env.perform_async_action('change_password', **kwargs) logger.debug("Responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "=" * len(host)) pprint_xml(resp.xml) else: output = util.render_boolean_results_table(resp, suffix="change_password") if save_config: msg = "Attempting to save config of default domain on {}".format( str(env.appliances)) logger.info(msg) if not web: print msg resp = env.perform_async_action('SaveConfig', **{'domain': 'default'}) logger.debug("Responses received {}".format(str(resp))) if not web: for host, resp in resp.items(): print "{}\n{}".format(host, "=" * len(host)) pprint_xml(resp.xml) else: output += util.render_boolean_results_table(resp, suffix="save_config") if web: return output, util.render_history(env)