def __getattr__(self, key):
# Dispatch to instance methods but only for adding interfaces.
# Makes this work: engine.loopback_interface.add
if key.startswith('add_'):
if 'fw_cluster' not in self._engine.type:
return getattr(LoopbackInterface(None, self._engine), key)
else: # Cluster
return getattr(LoopbackClusterInterface(None, self._engine), key)
raise AttributeError('Cannot proxy to given method: %s for the '
'following engine type: %s' % (key, self._engine.type))
def get_all_loopbacks(engine):
"""
Get all loopback interfaces for a given engine
"""
data = []
if 'fw_cluster' in engine.type:
for cvi in engine.data.get('loopback_cluster_virtual_interface', []):
data.append(LoopbackClusterInterface(cvi, engine))
for node in engine.nodes:
for lb in node.data.get('loopback_node_dedicated_interface', []):
data.append(LoopbackInterface(lb, engine))
return data
def create_dynamic(cls, name, interface_id,
dynamic_index=1,
primary_mgt=True,
reverse_connection=True,
automatic_default_route=True,
domain_server_address=None,
loopback_ndi='127.0.0.1',
loopback_ndi_network='127.0.0.1/32',
location_ref=None,
log_server_ref=None,
zone_ref=None,
enable_gti=False,
enable_antivirus=False,
sidewinder_proxy_enabled=False,
default_nat=False):
"""
Create a single layer 3 firewall with only a single DHCP interface. Useful
when creating virtualized FW's such as in Microsoft Azure.
"""
builder = InterfaceBuilder()
builder.interface_id = interface_id
builder.add_dhcp(dynamic_index, is_mgmt=primary_mgt)
builder.zone = zone_ref
loopback = LoopbackInterface.create(
address=loopback_ndi,
nodeid=1,
auth_request=True,
rank=1)
engine = super(Layer3Firewall, cls)._create(
name=name,
node_type='firewall_node',
loopback_ndi=[loopback.data],
physical_interfaces=[{'physical_interface': builder.data}],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1, enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)
def loopback_interface(self):
"""
Loopback interfaces for this node. This will return
empty if the engine is not a layer 3 firewall type::
>>> engine = Engine('dingo')
>>> for node in engine.nodes:
... for loopback in node.loopback_interface:
... loopback
...
LoopbackInterface(address=172.20.1.1, nodeid=1, rank=1)
LoopbackInterface(address=172.31.1.1, nodeid=1, rank=2)
LoopbackInterface(address=2.2.2.2, nodeid=1, rank=3)
:rtype: list(LoopbackInterface)
"""
for lb in self.data.get('loopback_node_dedicated_interface', []):
yield LoopbackInterface(lb, self._engine)
def create_dynamic(cls,
name,
interface_id,
dynamic_index=1,
reverse_connection=True,
automatic_default_route=True,
domain_server_address=None,
loopback_ndi="127.0.0.1",
location_ref=None,
log_server_ref=None,
zone_ref=None,
enable_gti=False,
enable_antivirus=False,
sidewinder_proxy_enabled=False,
default_nat=False,
comment=None,
extra_opts=None,
engine_type=None,
node_type="firewall_node",
**kw):
"""
Create a single layer 3 firewall with only a single DHCP interface. Useful
when creating virtualized engine's such as in Microsoft Azure.
:param str name: name of engine
:param str,int interface_id: interface ID used for dynamic interface and management
:param bool reverse_connection: specifies the dynamic interface should initiate connections
to management (default: True)
:param bool automatic_default_route: allow SMC to create a dynamic netlink for the default
route (default: True)
:param list domain_server_address: list of IP addresses for engine DNS
:param str loopback_ndi: IP address for a loopback NDI. When creating a dynamic engine, the
`auth_request` must be set to a different interface, so loopback is created
:param str location_ref: location by name for the engine
:param str log_server_ref: log server reference, will use the default or first retrieved if
not specified
:param dict extra_opts: extra options as a dict to be passed to the top level engine
:raises CreateElementFailed: failed to create engine
:return: :py:class:`smc.core.engine.Engine`
"""
interfaces = kw.pop("interfaces", [])
# Add the primary interface to the interface list
interface = {
"interface_id":
interface_id,
"interface":
"single_node_interface",
"zone_ref":
zone_ref,
"interfaces": [{
"nodes": [{
"dynamic": True,
"dynamic_index": dynamic_index,
"nodeid": 1,
"reverse_connection": reverse_connection,
"automatic_default_route": automatic_default_route,
}]
}],
}
interfaces.append(interface)
loopback = LoopbackInterface.create(address=loopback_ndi,
nodeid=1,
auth_request=True,
rank=1)
return Layer3Firewall.create_bulk(
name=name,
node_type=node_type,
primary_mgt=interface_id,
interfaces=interfaces,
loopback_ndi=[loopback.data],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
enable_gti=enable_gti,
nodes=1,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
comment=comment,
engine_type=engine_type,
extra_opts=extra_opts,
)
def create_dynamic(cls, name, interface_id,
dynamic_index=1,
reverse_connection=True,
automatic_default_route=True,
domain_server_address=None,
loopback_ndi='127.0.0.1',
location_ref=None,
log_server_ref=None,
zone_ref=None,
enable_gti=False,
enable_antivirus=False,
sidewinder_proxy_enabled=False,
default_nat=False, comment=None, **kw):
"""
Create a single layer 3 firewall with only a single DHCP interface. Useful
when creating virtualized FW's such as in Microsoft Azure.
:param str name: name of engine
:param str,int interface_id: interface ID used for dynamic interface and management
:param bool reverse_connection: specifies the dynamic interface should initiate connections
to management (default: True)
:param bool automatic_default_route: allow SMC to create a dynamic netlink for the default
route (default: True)
:param list domain_server_address: list of IP addresses for engine DNS
:param str loopback_ndi: IP address for a loopback NDI. When creating a dynamic engine, the
`auth_request` must be set to a different interface, so loopback is created
:param str location_ref: location by name for the engine
:param str log_server_ref: log server reference, will use the
"""
interfaces = kw.pop('interfaces', [])
# Add the primary interface to the interface list
interface = {'interface_id': interface_id,
'interface': 'single_node_interface',
'zone_ref': zone_ref,
'interfaces': [{
'nodes': [{'dynamic': True, 'dynamic_index': dynamic_index, 'nodeid': 1,
'reverse_connection': reverse_connection,
'automatic_default_route': automatic_default_route}]
}]
}
interfaces.append(interface)
loopback = LoopbackInterface.create(
address=loopback_ndi,
nodeid=1,
auth_request=True,
rank=1)
return Layer3Firewall.create_bulk(
name=name,
node_type='firewall_node',
primary_mgt=interface_id,
interfaces=interfaces,
loopback_ndi=[loopback.data],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1, enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
comment=comment, **kw)
def create_dynamic(cls,
name,
interface_id,
dynamic_index=1,
reverse_connection=True,
automatic_default_route=True,
domain_server_address=None,
loopback_ndi='127.0.0.1',
location_ref=None,
log_server_ref=None,
zone_ref=None,
enable_gti=False,
enable_antivirus=False,
sidewinder_proxy_enabled=False,
default_nat=False,
comment=None,
**kw):
"""
Create a single layer 3 firewall with only a single DHCP interface. Useful
when creating virtualized FW's such as in Microsoft Azure.
:param str name: name of engine
:param str,int interface_id: interface ID used for dynamic interface and management
:param bool reverse_connection: specifies the dynamic interface should initiate connections
to management (default: True)
:param bool automatic_default_route: allow SMC to create a dynamic netlink for the default
route (default: True)
:param list domain_server_address: list of IP addresses for engine DNS
:param str loopback_ndi: IP address for a loopback NDI. When creating a dynamic engine, the
`auth_request` must be set to a different interface, so loopback is created
:param str location_ref: location by name for the engine
:param str log_server_ref: log server reference, will use the
"""
interfaces = kw.pop('interfaces', [])
# Add the primary interface to the interface list
interface = {
'interface_id':
interface_id,
'interface':
'single_node_interface',
'zone_ref':
zone_ref,
'interfaces': [{
'nodes': [{
'dynamic': True,
'dynamic_index': dynamic_index,
'nodeid': 1,
'reverse_connection': reverse_connection,
'automatic_default_route': automatic_default_route
}]
}]
}
interfaces.append(interface)
loopback = LoopbackInterface.create(address=loopback_ndi,
nodeid=1,
auth_request=True,
rank=1)
return Layer3Firewall.create_bulk(
name=name,
node_type='firewall_node',
primary_mgt=interface_id,
interfaces=interfaces,
loopback_ndi=[loopback.data],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
sidewinder_proxy_enabled=sidewinder_proxy_enabled,
default_nat=default_nat,
location_ref=location_ref,
comment=comment,
**kw)