def get_num_se_dp_threads(se_ip, user="******", password="******"):
cmd = "ps -efT | grep se_dp"
vm = Linux(se_ip, user, password)
out = vm.execute_command(cmd)
result = []
for line in out:
if line.find("worker process") > 0:
result.append(line.split(":")[-2].strip())
return result
def _get_controller_all_ips(controller_ip, user, password):
controller = Linux(controller_ip, user, password)
cmd = "ip addr | grep 'state UP' -A2"
out = controller.execute_command(cmd)
controller_ips = []
for index in range(2, len(out), 4):
ip = out[index].split()[1].split('/')[0]
controller_ips.append(ip)
return controller_ips
def get_hsm_event_counters(hsm_server_ip="10.128.1.51",
user="******",
password="******",
expected_counters=[]):
cmd = "hsm information show"
vm = Linux(hsm_server_ip, user, password)
out = vm.execute_command(cmd)
hsm_stats = {}
for line in out:
for expected_counter in expected_counters:
if expected_counter in line:
hsm_stats[expected_counter] = line.split(":")[1].strip()
return hsm_stats
def _get_registered_client_ips(hsm_server_ip):
register_client_ips = []
hsm_server = Linux(hsm_server_ip,
hsm_server_details[hsm_server_ip]['hsm_username'],
hsm_server_details[hsm_server_ip]['hsm_password'])
client_list_resp = hsm_server.execute_command("client list")
for line in client_list_resp:
try:
register_client_ips.append(
re.findall(r'[0-9]+(?:\.[0-9]+){3}', line)[0])
except:
pass
return register_client_ips
def _reboot_all_se(session):
se_ips = _get_se_ips(session)
for se_ip in se_ips:
se = Linux(se_ip, session.username, session.password)
se.execute_command("sudo reboot")
se.wait_node_up(se_ip)
se.close()
_wait_for_se_oper_status(session, oper_status="OPER_DOWN", interval=2)
_wait_for_se_oper_status(session, oper_status="OPER_UP", interval=2)
def _scp_file(remote_ip, username, password, src, dest, remote_to_local=True):
client = Linux(remote_ip, username, password)
scpClient = SCPClient(client.child.get_transport(), socket_timeout=60.0)
try:
if remote_to_local:
scpClient.get(src, dest)
else:
scpClient.put(src, dest)
except Exception as e:
raise Exception("Exception: %s" % e)
def _verify_hsm_files_on_se(se_ip, user='******', password='******'):
se = Linux(se_ip, user, password)
verify_keycert_cmd = "ls /etc/luna/cert/client/"
keycert_files = [
file.strip() for file in se.execute_command(verify_keycert_cmd)
]
if [x for x in keycert_files if not re.search(r'\d+\.?(Key)?\.pem', x)]:
# Expect pem files only
raise Exception(
"Expected key certs /etc/luna/cert/client/ not found on se")
verify_chrystoki_cmd = "ls /etc/Chrystoki.conf"
verify_chrystoki_resp = se.execute_command(verify_chrystoki_cmd)
if not "/etc/Chrystoki.conf" == verify_chrystoki_resp[0].strip():
raise Exception("Expected /etc/Chrystoki.conf not found on controller")
verify_safenet_cmd = "ls /usr/safenet/lunaclient/"
verify_safenet_resp = se.execute_command(verify_safenet_cmd)
if verify_safenet_resp[0].find("No such file or directory") >= 0:
raise Exception(
"Directory /usr/safenet/lunaclient/ not found on controller")
LOG.debug("HSM files verified successfully on se %s" % se_ip)
def _verify_hsmpkg_uploaded_on_vm(vm_ip,
timeout=60,
interval=5,
user='******',
password='******'):
vm = Linux(vm_ip, user, password)
while timeout > 0:
hsmpkg_verify_resp = vm.execute_command("ls /var/lib/avi/hsmpackages/")
if hsmpkg_verify_resp:
for line in hsmpkg_verify_resp:
if "safenet.tar" == line.strip():
LOG.debug(
"/var/lib/avi/hsmpackages/safenet.tar verified successfully on VM %s"
% vm_ip)
return
time.sleep(interval)
timeout -= interval
else:
LOG.error("/var/lib/avi/hsmpackages/safenet.tar not found on VM %s" %
vm_ip)
raise Exception(
"/var/lib/avi/hsmpackages/safenet.tar not found on VM %s" % vm_ip)
vm.close()
def cleanup_hsm_package(session, username="******", password="******"):
controller_ips = _get_controller_ips(session)
controller = Linux(controller_ips[0], username, password)
hsm_uninstall_cmd = "sudo /opt/avi/scripts/hsmpackage_install.sh --all --uninstall"
controller.execute_command(hsm_uninstall_cmd)
def _verify_hsm_configuration_on_vm(session,
vm_ip,
hsmgrp_name,
is_se=False,
ha=False,
user='******',
password='******',
tenant='admin'):
vm = Linux(vm_ip, user, password)
if is_se:
verify_cmd = '/usr/safenet/lunaclient/bin/vtl verify'
else:
verify_cmd = 'sudo /opt/avi/scripts/safenet.py -p %s -i %s -c "/usr/safenet/lunaclient/bin/vtl verify" -t %s'\
% (hsmgrp_name, vm_ip, tenant)
verify_resp = vm.execute_command(verify_cmd)
for line in verify_resp:
if "Error: Unable to find any Luna SA slots/partitions among registered server" in line:
LOG.error(
"Error: Unable to find any Luna SA slots/partitions among registered server"
)
raise Exception(
"Error: Unable to find any Luna SA slots/partitions among registered server"
)
LOG.debug("HSM group verified successfully")
if is_se:
listslots_cmd = '/usr/safenet/lunaclient/bin/vtl listslots'
else:
listslots_cmd = 'sudo /opt/avi/scripts/safenet.py -p %s -i %s -c ' \
'"/usr/safenet/lunaclient/bin/vtl listslots" -t %s' % (hsmgrp_name, vm_ip, tenant)
listslots_resp = vm.execute_command(listslots_cmd)
if not ha:
hsm_server_ips = _get_hsm_server_ips(session, hsmgrp_name)
for hsm_server in range(0, len(hsm_server_ips)):
for line in listslots_resp:
if "LunaNet Slot" in line:
listslots_resp.remove(line)
break
else:
raise Exception(
"HSM group listslots verification failed. Expected %d servers, got %d"
% (len(hsm_server_ips), hsm_server))
else:
for line in listslots_resp:
if "HA Virtual Card Slot" in line:
break
else:
raise Exception("HSM group listslots verification failed.")
if is_se:
#haadmin_show_cmd = '/usr/safenet/lunaclient/bin/vtl haadmin show'
haadmin_show_cmd = '/usr/safenet/lunaclient/bin/lunacm -q hagroup listgroups'
else:
haadmin_show_cmd = 'sudo /opt/avi/scripts/safenet.py -p %s -i %s -c ' \
'"/usr/safenet/lunaclient/bin/lunacm -q hagroup listgroups" -t %s' % (hsmgrp_name, vm_ip, tenant)
haadmin_show_resp = vm.execute_command(haadmin_show_cmd)
print haadmin_show_resp
for line in haadmin_show_resp:
#if line.find("HA Group and Member Information") >= 0:
if line.find("Group Members") >= 0:
if not ha:
raise Exception(
"HA Group and Member Information found on controller before configuring HA"
)
else:
break
else:
if ha:
raise Exception("HSM group haadmin show verification failed")
LOG.debug("HSM group listslots verified successfully on vm %s" % vm_ip)