def get_controllers_csr_cert(self, client_ip, cntrl_type, vm_mgmt_host, vm_user, vm_pass): auth = Authentication(host=vm_mgmt_host, user=vm_user, password=vm_pass).login() cert = Certificate(auth, vm_mgmt_host) self.__logger.info(f'Get CSR certificate for {client_ip}') cert_csr = cert.generate_csr(client_ip) with open(f'{self.cert_path}/{cntrl_type}.csr', mode="w") as fn: fn.write(cert_csr) self.openssl( 'x509', '-req', '-in', f'{self.cert_path}/{cntrl_type}.csr', '-CA', f'{self.cert_path}/{self.rootca_name}', '-CAkey', f'{self.cert_path}/CA.key', '-CAcreateserial', '-out', f'{self.cert_path}/{cntrl_type}.crt', '-days', '2000', '-sha256', ) # cn.log(cert_csr) self.__logger.info(f'Write CRT to file [green]{cntrl_type}.crt') with open(f'{self.cert_path}/{cntrl_type}.crt', mode="r") as fn: cert_crt = fn.read() self.__logger.info( f'Install CRT certificate [green]{cntrl_type}.crt to {client_ip}') cert.install_device_cert(cert_crt)
def install(ctx, cert): """ Install certificate """ vmanage_certificate = Certificate(ctx.auth, ctx.host, ctx.port) click.echo("Installing certificate...") vmanage_certificate.install_device_cert(cert)
def push(ctx): """ Push certificates to all controllers """ vmanage_certificate = Certificate(ctx.auth, ctx.host) click.echo("Pushing certificates to controllers...") vmanage_certificate.push_certificates()
def root_cert(ctx): """ Get vManage root certificate """ vmanage_certificate = Certificate(ctx.auth, ctx.host, ctx.port) result = vmanage_certificate.get_vmanage_root_cert() click.echo(result)
def generate_csr(ctx, ip, csr_file): """ Generate CSR for a device """ vmanage_certificate = Certificate(ctx.auth, ctx.host) csr = vmanage_certificate.generate_csr(ip) with open(csr_file, 'w') as outfile: outfile.write(csr)
def run_module(): # define available arguments/parameters a user can pass to the module argument_spec = vmanage_argument_spec() argument_spec.update(organization=dict(type='str'), vbond=dict(type='str'), vbond_port=dict(type='int', default=12346), root_cert=dict(type='str'), push=dict(type='bool')) # seed the result dict in the object # we primarily care about changed and state # change is if this module effectively modified the target # state will include any data that you want your module to pass back # for consumption, for example, in a subsequent task result = dict(changed=False, ) # the AnsibleModule object will be our abstraction working with Ansible # this includes instantiation, a couple of common attr would be the # args/params passed to the execution, as well as if the module # supports check mode module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) vmanage = Vmanage(module) vmanage_certificate = Certificate(vmanage.auth, vmanage.host) vmanage.result['what_changed'] = [] if vmanage.params['push']: vmanage_certificate.push_certificates() if vmanage.result['what_changed']: vmanage.result['changed'] = True vmanage.exit_json(**vmanage.result)
def run_module(): # define available arguments/parameters a user can pass to the module argument_spec = vmanage_argument_spec() argument_spec.update(organization=dict(type='str'), vbond=dict(type='str'), vbond_port=dict(type='str', default='12346'), root_cert=dict(type='str'), ca_type=dict(type='str')) # seed the result dict in the object # we primarily care about changed and state # change is if this module effectively modified the target # state will include any data that you want your module to pass back # for consumption, for example, in a subsequent task result = dict(changed=False, ) # the AnsibleModule object will be our abstraction working with Ansible # this includes instantiation, a couple of common attr would be the # args/params passed to the execution, as well as if the module # supports check mode module = AnsibleModule( argument_spec=argument_spec, supports_check_mode=True, ) vmanage = Vmanage(module) vmanage_settings = Settings(vmanage.auth, vmanage.host) vmanage_certificate = Certificate(vmanage.auth, vmanage.host) vmanage.result['what_changed'] = [] if vmanage.params['organization']: current = vmanage_settings.get_vmanage_org() if vmanage.params['organization'] != current: vmanage.result['what_changed'].append('organization') if not module.check_mode: vmanage_settings.set_vmanage_org( vmanage.params['organization']) if vmanage.params['vbond']: current = vmanage_settings.get_vmanage_vbond() if vmanage.params['vbond'] != current['domainIp'] or vmanage.params[ 'vbond_port'] != current['port']: vmanage.result['what_changed'].append('vbond') if not module.check_mode: vmanage_settings.set_vmanage_vbond( vmanage.params['vbond'], vmanage.params['vbond_port']) if vmanage.params['ca_type']: current = vmanage_settings.get_vmanage_ca_type() if vmanage.params['ca_type'] != current: vmanage.result['what_changed'].append('ca_type') if not module.check_mode: vmanage_settings.set_vmanage_ca_type(vmanage.params['ca_type']) if vmanage.params['root_cert']: current = vmanage_certificate.get_vmanage_root_cert() if vmanage.params['root_cert'] not in current: vmanage.result['what_changed'].append('root_cert') if not module.check_mode: vmanage_settings.set_vmanage_root_cert( vmanage.params['root_cert']) if vmanage.result['what_changed']: vmanage.result['changed'] = True vmanage.exit_json(**vmanage.result)
def push_cert_to_controllers(self): cert = Certificate(self.vm_auth, self.vm_mgmt_ip) self.__logger.info(f'[orange1]Push certificates to controllers') response = cert.push_certificates() self.__logger.info(f"[cyan]{response}")