def create_http_policy(self, action, name): type = None httppolicyset = {} real_name = name name = "%s-httppolicyset" % name for action_list in self.parsed['action-list']: if action == action_list['action-list']: for desc in action_list['desc']: if 'ssl' in desc.keys(): type = 'ssl' if 'header' in desc.keys(): type = 'header' if type == 'ssl': httppolicyset = { "http_security_policy": [], "http_request_policy": { "rules": [ { "redirect_action": { "keep_query": True, "status_code": "HTTP_REDIRECT_STATUS_CODE_302", "protocol": "HTTPS", "port": 443 }, "is_internal_policy": False, "name": "rule1" } ] }, "name": name } update_excel('action-list', real_name, avi_obj=httppolicyset) return httppolicyset
def create_http_policy(self, action, name): type = None httppolicyset = {} real_name = name name = "%s-httppolicyset" % name for action_list in self.parsed['action-list']: if action == action_list['action-list']: for desc in action_list['desc']: if 'ssl' in desc.keys(): type = 'ssl' if 'header' in desc.keys(): type = 'header' if type == 'ssl': httppolicyset = { "http_security_policy": [], "http_request_policy": { "rules": [ { "redirect_action": { "keep_query": True, "status_code": "HTTP_REDIRECT_STATUS_CODE_302", "protocol": "HTTPS", "port": 443 }, "is_internal_policy": False, "name": "rule1" } ] }, "name": name } update_excel('action-list', real_name, avi_obj=httppolicyset) return httppolicyset
def create_redirect_http_policy(self, name, data): real_name = name name = "%s-httppolicyset" % name if data.get('code') not in ['301', '302', '307']: code = 'HTTP_REDIRECT_STATUS_CODE_301' else: code = 'HTTP_REDIRECT_STATUS_CODE_%s' % data.get('code') if data.get('location'): url = data.get('location') protocol = url.split('/')[0].replace(':', '') host = url.split('/')[2] path = '/'.join(url.split('/')[3:]) protocol = 'HTTP' port = 80 if protocol == 'https': protocol = 'HTTPS' port = 443 httppolicyset = { "http_security_policy": [], "http_request_policy": { "rules": [ { "redirect_action": { "protocol": protocol, "status_code": "HTTP_REDIRECT_STATUS_CODE_301", "host": { "tokens": [ { "str_value": host, "type": "URI_TOKEN_TYPE_STRING" } ], "type": "URI_PARAM_TYPE_TOKENIZED" }, "path": { "tokens": [ { "str_value": path, "type": "URI_TOKEN_TYPE_STRING" } ], "type": "URI_PARAM_TYPE_TOKENIZED" }, "port": port }, "enable": True, "name": 'rule1' } ] }, "name": name, } update_excel('action-list', real_name, avi_obj=httppolicyset) return httppolicyset
def create_redirect_http_policy(self, name, data): real_name = name name = "%s-httppolicyset" % name if data.get('code') not in ['301', '302', '307']: code = 'HTTP_REDIRECT_STATUS_CODE_301' else: code = 'HTTP_REDIRECT_STATUS_CODE_%s' % data.get('code') if data.get('location'): url = data.get('location') protocol = url.split('/')[0].replace(':', '') host = url.split('/')[2] path = '/'.join(url.split('/')[3:]) protocol = 'HTTP' port = 80 if protocol == 'https': protocol = 'HTTPS' port = 443 httppolicyset = { "http_security_policy": [], "http_request_policy": { "rules": [ { "redirect_action": { "protocol": protocol, "status_code": "HTTP_REDIRECT_STATUS_CODE_301", "host": { "tokens": [ { "str_value": host, "type": "URI_TOKEN_TYPE_STRING" } ], "type": "URI_PARAM_TYPE_TOKENIZED" }, "path": { "tokens": [ { "str_value": path, "type": "URI_TOKEN_TYPE_STRING" } ], "type": "URI_PARAM_TYPE_TOKENIZED" }, "port": port }, "enable": True, "name": 'rule1' } ] }, "name": name, } update_excel('action-list', real_name, avi_obj=httppolicyset) return httppolicyset
def server_converter(self, name, port): """ Server Conversion \n :param @name: Server name :param @port: Service Port * Get - the server name * Reply - with server avi object """ position = None if self.parsed.get('rserver', ''): for index, elem in enumerate(self.parsed['rserver']): if elem['host'] == name: position = index server_name = elem['host'] if position is None: LOG.warning("rserver %s not found ..".format(name)) return False details = self.parsed['rserver'][position] server_list = list() server = '' desc = '' enabled = False # server conversion for serv in details['desc']: # checking for ip address ,default port ? if 'ip address' in serv.keys(): server = serv['ip address'] # checking for desc if 'description' in serv.keys(): desc = serv['description'] # checking for server enabled or not ? if 'type' in serv.keys(): enabled = (True if serv['type'] == 'inservice' else False) if server != '': server_list.append({ "ip": { "addr": server, "type": "V4", }, "enabled": enabled, "description": desc, "port": port }) # Update Excel Sheet update_excel('rserver', server_name, avi_obj=server_list) return server_list
def server_converter(self, name, port): """ Server Conversion \n :param @name: Server name :param @port: Service Port * Get - the server name * Reply - with server avi object """ position = None if self.parsed.get('rserver', ''): for index, elem in enumerate(self.parsed['rserver']): if elem['host'] == name: position = index server_name = elem['host'] if position is None: LOG.warning("rserver %s not found ..".format(name)) return False details = self.parsed['rserver'][position] server_list = list() server = '' desc = '' enabled = False # server conversion for serv in details['desc']: # checking for ip address ,default port ? if 'ip address' in serv.keys(): server = serv['ip address'] # checking for desc if 'description' in serv.keys(): desc = serv['description'] # checking for server enabled or not ? if 'type' in serv.keys(): enabled = (True if serv['type'] == 'inservice' else False) if server != '': server_list.append({ "ip": { "addr": server, "type": "V4", }, "enabled": enabled, "description": desc, "port": port }) # Update Excel Sheet update_excel('rserver', server_name, avi_obj=server_list) return server_list
def virtual_service_conversion(self, data): self.data = data vs_list = list() cloned_pool_list = list() http_list = list() for policy_map in self.parsed.get('policy-map', ''): if policy_map.get('match', '') == 'multi-match': update_excel( 'policy-map', policy_map['policy-map'], status='Indirect') for cls in policy_map['desc']: if cls.get('class', []): policy_name = None ssl = [] ssl_cert = [] for obj in cls['class_desc']: if obj.get('loadbalance', '') == 'policy': policy_name = obj['type'] ssl_ref = [obj['type'] for ssl1 in data['SSLProfile'] if ssl1.get( 'name') == obj.get('type') and "ssl-proxy" in obj.keys()] if ssl_ref: ssl = self.common_utils.get_object_ref(ssl_ref[0], 'sslprofile', tenant=self.tenant) ssl_cert = self.common_utils.get_object_ref(ssl_ref[0], 'sslkeyandcertificate', tenant=self.tenant) if policy_name: vs, cloned_pool, http_policy_set, msg = \ self.virtual_service_conversion_policy( policy_name, data, ssl_profile=ssl, ssl_cert=ssl_cert) if vs: vs['enabled'] = False for class_dec in cls['class_desc']: if "loadbalance" in class_dec.keys(): if class_dec.get('type', []) == 'inservice' and\ self.enable_vs: vs['enabled'] = True # updating excel sheet update_excel( 'policy-map', vs['name'], avi_obj=vs) # updating object vs_list.append(vs) self.port_fix(vs_list) if cloned_pool: cloned_pool_list.append(cloned_pool) if http_policy_set: http_list.append(http_policy_set) else: update_excel('policy-map', cls['class'], status='Skipped', avi_obj=msg) else: update_excel( 'policy-map', cls['class'], status='Skipped', avi_obj='Policy is not in policy\'s class map') return vs_list, cloned_pool_list, http_list
def virtual_service_conversion(self, data): self.data = data vs_list = list() cloned_pool_list = list() http_list = list() for policy_map in self.parsed.get('policy-map', ''): if policy_map.get('match', '') == 'multi-match': update_excel( 'policy-map', policy_map['policy-map'], status='Indirect') for cls in policy_map['desc']: if cls.get('class', []): policy_name = None ssl = [] ssl_cert = [] for obj in cls['class_desc']: if obj.get('loadbalance', '') == 'policy': policy_name = obj['type'] ssl_ref = [obj['type'] for ssl1 in data['SSLProfile'] if ssl1.get( 'name') == obj.get('type') and "ssl-proxy" in obj.keys()] if ssl_ref: ssl = self.common_utils.get_object_ref(ssl_ref[0], 'sslprofile', tenant=self.tenant) ssl_cert = self.common_utils.get_object_ref(ssl_ref[0], 'sslkeyandcertificate', tenant=self.tenant) if policy_name: vs, cloned_pool, http_policy_set, msg = \ self.virtual_service_conversion_policy( policy_name, data, ssl_profile=ssl, ssl_cert=ssl_cert) if vs: vs['enabled'] = False for class_dec in cls['class_desc']: if "loadbalance" in class_dec.keys(): if class_dec.get('type', []) == 'inservice' and\ self.enable_vs: vs['enabled'] = True # updating excel sheet update_excel( 'policy-map', vs['name'], avi_obj=vs) # updating object vs_list.append(vs) self.port_fix(vs_list) if cloned_pool: cloned_pool_list.append(cloned_pool) if http_policy_set: http_list.append(http_policy_set) else: update_excel('policy-map', cls['class'], status='Skipped', avi_obj=msg) else: update_excel( 'policy-map', cls['class'], status='Skipped', avi_obj='Policy is not in policy\'s class map') return vs_list, cloned_pool_list, http_list
def server_converter(self, servers_list, use_port, server_port=[]): """ Server Conversion \n :param @name: Server name :param @port: Service Port * Get - the server name * Reply - with server avi object """ server_list = list() server = '' for server_name in servers_list: rserver, port = server_name.split(':') found_server = None if self.parsed.get('rserver', ''): found_server = [obj for obj in self.parsed['rserver'] if obj['host'] == rserver] if not found_server: LOG.warning("rserver %s not found ..".format(servers_list)) return False desc = '' enabled = (True if servers_list[server_name] == 'inservice' else False) # server conversion for serv in found_server[0]['desc']: # checking for ip address ,default port ? if 'ip address' in serv.keys(): server = serv['ip address'] # checking for desc if 'description' in serv.keys(): desc = serv['description'] if server != '': sp_str = '%s:%s' % (server, port) if sp_str not in server_port: server_port.append(sp_str) server_list.append({ "ip": { "addr": server, "type": "V4", }, "enabled": enabled, "description": desc, "port": port }) # Update Excel Sheet update_excel('rserver', server_name, avi_obj=server_list) return server_list
def vsvip_conversion(self): """vs vip take from virutal-server in class map""" vip_id = '0' vip_list = list() vip_obj_list = list() # get the number of vips available for class_map in self.parsed.get('class-map', ''): for address in class_map['desc']: if ("source-address" in address or "destination-address" in address): LOG.warning( 'source-address or destination-address in class map not' ' supported :%s' % class_map['class-map']) update_excel( 'class-map', class_map['class-map'], status='Skipped', avi_obj='source-address or destination-address' ' in class map not supported') break if "virtual-address" in address: vip = address['virtual-address'] if vip not in vip_list: vip_list.append(vip) # create vsvip object for vs_ip in vip_list: vip_name = "{}-vip".format(vs_ip) vip_obj_list.append({ "cloud_ref": self.cloud_ref, "vip": [{ "ip_address": { "type": "V4", "addr": vs_ip }, "vip_id": "0" }], "tenant_ref": self.tenant_ref, "name": vip_name }) return vip_obj_list
def vsvip_conversion(self): """vs vip take from virutal-server in class map""" vip_id = '0' vip_list = list() vip_obj_list = list() # get the number of vips available for class_map in self.parsed.get('class-map', ''): if 'match-all' not in class_map.values() and 'match-any' not in class_map.values(): LOG.warning('This type of class map not supported : %s' % class_map['class-map']) update_excel( 'class-map', class_map['class-map'], status='Skipped', avi_obj='This type of class map not supported') continue for address in class_map['desc']: if "source-address" in address or "destination-address" in address: LOG.warning( 'source-address or destination-address in class map not supported :%s' % class_map['class-map']) update_excel('class-map', class_map['class-map'], status='Skipped', avi_obj='source-address or destination-address in class map not supported') break if "virtual-address" in address: vip = address['virtual-address'] if vip not in vip_list: vip_list.append(vip) # create vsvip object for vs_ip in vip_list: vip_name = "{}-vip".format(vs_ip) vip_obj_list.append( { "cloud_ref": self.cloud_ref, "vip": [{ "ip_address": { "type": "V4", "addr": vs_ip }, "vip_id": "0" }], "tenant_ref": self.tenant_ref, "name": vip_name } ) return vip_obj_list
def crypto_chaingroup(self): """Add Root/Intermediate certificates to SSLKeyAndCertificates Object. :return: Certificate list for type CA. """ chaingroup_list = list() crypto_obj = self.parsed.get('crypto', '') #name = crypto[0]['chaingroup'] certificate_list = list() if not crypto_obj: return certificate_list certs = crypto_obj[0].get('cert', []) for cert_name in certs: ssl_c_obj = None cert = None ca_cert = None name = cert_name.split('.')[0] key_and_cert = None cert_file = cert_name cert_loc = '%s/%s' % (self.in_path, cert_name) if not os.path.isfile(cert_loc): cert_loc = None if cert_loc: cert = self.get_cert_obj(name, cert_file, self.in_path) if cert and name: ca_cert = { "type": "SSL_CERTIFICATE_TYPE_CA", "certificate": cert, "tenant_ref": self.tenant_ref, "name": name, } if ca_cert: certificate_list.append(ca_cert) for obj in crypto_obj: if obj.has_key("chaingroup"): name = obj["chaingroup"] if obj.has_key("csr-params"): name = obj["csr-params"] update_excel('crypto', name, avi_obj=obj) return certificate_list
def crypto_chaingroup(self): """Add Root/Intermediate certificates to SSLKeyAndCertificates Object. :return: Certificate list for type CA. """ chaingroup_list = list() crypto_obj = self.parsed.get('crypto', '') #name = crypto[0]['chaingroup'] certificate_list = list() if not crypto_obj: return certificate_list certs = crypto_obj[0].get('cert', []) for cert_name in certs: ssl_c_obj = None cert = None ca_cert = None name = cert_name.split('.')[0] key_and_cert = None cert_file = cert_name cert_loc = '%s/%s' % (self.in_path, cert_name) if not os.path.isfile(cert_loc): cert_loc = None if cert_loc: cert = self.get_cert_obj(name, cert_file, self.in_path) if cert and name: ca_cert = { "type": "SSL_CERTIFICATE_TYPE_CA", "certificate": cert, "tenant_ref": self.tenant_ref, "name": name, } if ca_cert: certificate_list.append(ca_cert) for obj in crypto_obj: if obj.has_key("chaingroup"): name = obj["chaingroup"] if obj.has_key("csr-params"): name = obj["csr-params"] update_excel('crypto', name, avi_obj=obj) return certificate_list
def app_persistance_conversion(self): """ App persistance conversion """ # persistance list persistance_list = list() persistance_type = 'PERSISTENCE_TYPE_CLIENT_IP_ADDRESS' for sticky in self.parsed.get('sticky', ''): if 'ip-netmask' in sticky: persistance_type = "PERSISTENCE_TYPE_CLIENT_IP_ADDRESS" if 'http-cookie' in sticky: persistance_type = 'PERSISTENCE_TYPE_HTTP_COOKIE' name = sticky.get('name', []) if not name: LOG.warning('Skipping Sticky... %s' % name) continue # default time out timeout = APP_PERSISTANCE_TIMEOUT for time_out in sticky['desc']: if 'timeout' in time_out.keys(): if int(time_out['timeout']) < 720 and int(time_out['timeout']) > 1: timeout = time_out['timeout'] persistance = { "name": name, "persistence_type": persistance_type, "tenant_ref": self.tenant_ref, "server_hm_down_recovery": "HM_DOWN_PICK_NEW_SERVER", "ip_persistence_profile": {} } if type == "PERSISTENCE_TYPE_CLIENT_IP_ADDRESS": persistance["ip_persistence_profile"] = { "ip_persistent_timeout": timeout } # Updating Excel Sheet update_excel('sticky', name, avi_obj=persistance) persistance_list.append(persistance) return persistance_list
def ssl_key_and_cert(self): key_list = list() for ssl in self.parsed.get('ssl-proxy', ''): key = None cert = None name = ssl['name'] key_and_cert = None for val in ssl['desc']: if val.get('key', ''): key_file = val['key'] key_loc = '%s/%s' % (self.in_path, val['key']) if not os.path.isfile(key_loc): key_loc = None if val.get('cert', ''): cert_file = val['cert'] cert_loc = '%s/%s' % (self.in_path, val['cert']) if not os.path.isfile(cert_loc): cert_loc = None if key_loc and cert_loc: key_and_cert = self.get_key_cert_obj(name, key_file, cert_file, self.in_path) else: key, cert = self.common_utils.create_self_signed_cert() if key and cert and name: key_and_cert = { "type": "SSL_CERTIFICATE_TYPE_VIRTUALSERVICE", "certificate": { "certificate": cert }, "tenant_ref": self.tenant_ref, "name": name, "key": key } if key_and_cert: key_list.append(key_and_cert) update_excel('ssl-proxy', name, avi_obj=key_list) return key_list
def ssl_key_and_cert(self): key_list = list() for ssl in self.parsed.get('ssl-proxy', ''): key = None cert = None key_loc = None name = ssl['name'] key_and_cert = None for val in ssl['desc']: if val.get('key', ''): key_file = val['key'] key_loc = '%s/%s' % (self.in_path, val['key']) if val.get('cert', ''): cert_file = val['cert'] cert_loc = '%s/%s' % (self.in_path, val['cert']) if not os.path.isfile(cert_loc): cert_loc = None if key_loc and cert_loc: key_and_cert = self.get_key_cert_obj(name, key_file, cert_file, self.in_path) else: key, cert = self.common_utils.create_self_signed_cert() if key and cert and name: key_and_cert = { "type": "SSL_CERTIFICATE_TYPE_VIRTUALSERVICE", "certificate": { "certificate": cert }, "tenant_ref": self.tenant_ref, "name": name, "key": key } if key_and_cert: key_list.append(key_and_cert) update_excel('ssl-proxy', name, avi_obj=key_list) return key_list
def virtual_service_conversion(self, data): self.data = data vs_list = list() cloned_pool_list = list() http_list = list() for policy_map in self.parsed.get('policy-map', ''): LOG.debug("Conversion started for policy-map: %s" % policy_map.get('name', policy_map.get('policy-map', ''))) # if policy_map.get('match', '') == 'multi-match': # update_excel( # 'policy-map', policy_map['policy-map'], status='Indirect') p_map_class = [ cls for cls in policy_map['desc'] if cls.get('class', []) ] for cls in p_map_class: policy_name, ssl, ssl_cert = self.get_ssl_refs(data, cls) if policy_name: vs, cloned_pool, http_policy_set, msg = \ self.virtual_service_conversion_policy( policy_name, data, ssl_profile=ssl, ssl_cert=ssl_cert) if vs: vs['enabled'] = self.get_vs_state(cls) # updating excel sheet update_excel('policy-map', vs['name'], avi_obj=vs) # updating object vs_list.append(vs) self.port_fix(vs_list) if cloned_pool: cloned_pool_list.append(cloned_pool) if http_policy_set: http_list.append(http_policy_set) else: update_excel('policy-map', cls['class'], status='Skipped', avi_obj=msg) else: update_excel( 'policy-map', cls['class'], status='Skipped', avi_obj='Policy is not in policy\'s class map') return vs_list, cloned_pool_list, http_list
def pool_conversion(self, data): """ Pool conversion over here Pool Contains: - servers """ default_port = "80" pool_list = list() for pool in self.parsed.get('serverfarm', ''): probe = None monitor_ref = None server = None temp_pool = dict() name = pool.get('host', '') app_persistance = self.find_app_persistance(name, data) app_ref = self.common_utils.get_object_ref( app_persistance, 'applicationpersistenceprofile', tenant=self.tenant) if app_persistance: temp_pool.update( {'application_persistence_profile_ref': app_ref}) skipped_list = list() server = [] for pools in pool['desc']: farm_set = set(pools.keys()) skipped_list_temp = list(farm_set.intersection(set(POOL_SKIP))) if skipped_list_temp: skipped_list.extend(skipped_list_temp) if "rserver" in pools.keys(): if 'port' in pools.keys(): use_port = pools['port'] server.extend( self.server_converter(pools['rserver'], use_port)) else: use_port = default_port server.extend( self.server_converter(pools['rserver'], use_port)) if data.get('HealthMonitor'): for hm in data['HealthMonitor']: if pools.get('probe') == hm['name']: probe = pools['probe'] if probe: monitor_ref = self.common_utils.get_object_ref( probe, 'healthmonitor', tenant=self.tenant) if server: pool_dict = { "lb_algorithm": "LB_ALGORITHM_ROUND_ROBIN", "name": name, "cloud_ref": self.cloud_ref, "tenant_ref": self.tenant_ref, "servers": server, "health_monitor_refs": [], "fail_action": { "type": "FAIL_ACTION_CLOSE_CONN" }, "description": None } if monitor_ref: pool_dict['health_monitor_refs'].append(monitor_ref) if self.vrf_ref: pool_dict['vrf_ref'] = self.vrf_ref temp_pool.update(pool_dict) # update excel sheet update_excel('serverfarm', name, avi_obj=temp_pool, skip=skipped_list) pool_list.append(temp_pool) return pool_list
def virtual_service_conversion_policy(self, name, data, ssl_profile=None, ssl_cert=None): global USED_POOLS port = None vs_ref = None port_end = None l4_type = None http_policy_ref = None http_policy_set = None msg = '' for policy_map in self.parsed['policy-map']: pool_obj = dict() temp_vs = dict() if policy_map.get('name') == name: name = policy_map['name'] pool = None original_pool_name = None pool_ref = None action = None vs_ref, port, ip, l4_type = self.get_vsref_and_port_from_class( name) if not vs_ref or port is None or not ip: msg = 'No vsvip, ip-port for policy-map {}'.format(name) continue # Excel Sheet Update for class update_excel('class-map', name, avi_obj="Refer Policy-map {}".format(name)) enable_ssl = (True if port == '443' else False) for class_dec in policy_map['desc']: for vsobj in class_dec['class_desc']: if 'action' in vsobj.keys(): action = vsobj['action'] if 'sticky-serverfarm' in vsobj.keys() or\ 'serverfarm' in vsobj.keys(): if 'sticky-serverfarm' in vsobj.keys(): stick_farm = vsobj['sticky-serverfarm'] for farm in self.parsed['sticky']: for farm_desc in farm['desc']: if farm_desc.get('serverfarm'): pool = farm_desc['serverfarm'] break if 'serverfarm' in vsobj.keys(): pool = vsobj['serverfarm'] original_pool_name = pool flag = 0 for pool_set in self.data['Pool']: if pool_set['name'] == original_pool_name: flag = 1 if flag == 0: pool = '' # if pool is already used do clone the pool and # having persistance profile if self.check_persistance(pool, data, l4_type): if pool in USED_POOLS: if self.clone_pool(name, pool, data): pool_obj = self.clone_pool( name, pool, data) pool = pool_obj['name'] USED_POOLS.append(pool) update_excel('class-map', pool, avi_obj="Refer " "Class Map : {}".format(name)) # finding the ips for vip ip_list = [ip] vip = [] for ip in ip_list: vip.append({ "ip_address": { "type": "V4", "addr": ip }, "vip_id": 0 }) if pool != '': pool_ref = self.common_utils.get_object_ref( pool, 'pool', tenant=self.tenant, cloud_name=self.cloud) if not pool: msg = 'No Pool configured for VS {}'.format(name) # continue if action: http_policy_set = self.create_http_policy(action, name) http_policy_ref = self.common_utils.get_object_ref(object_name=http_policy_set.get('name'), object_type='httppolicyset', tenant=self.tenant) else: for sfarm in self.parsed.get('serverfarm'): if sfarm['host'] == original_pool_name: for pools in sfarm['desc']: temp_pool_name = pools.get('rserver', []) for servers in self.parsed.get('rserver', []): if servers.get('host', []) == temp_pool_name: if len(servers) > 0 and len(servers['desc']) > 0 and \ "code" in servers.get('desc', [])[0].keys(): http_policy_set = self.create_redirect_http_policy( original_pool_name, servers['desc'][0]) http_policy_ref = self.common_utils.get_object_ref(object_name=http_policy_set['name'], object_type='httppolicyset', tenant=self.tenant) temp_vs = { "vsvip_ref": vs_ref, "enabled": False, "vs_datascripts": [], "vip": vip, "services": [{ "enable_ssl": enable_ssl, "port": port, }], "description": None, "name": name, "cloud_ref": self.cloud_ref, "tenant_ref": self.tenant_ref, "type": "VS_TYPE_NORMAL" } if self.segroup: segroup_ref = self.common_utils.get_object_ref(self.segroup, 'serviceenginegroup', tenant=self.tenant, cloud_name=self.cloud) temp_vs['se_group_ref'] = segroup_ref if pool_ref: temp_vs['pool_ref'] = pool_ref if l4_type: app_ref = self.common_utils.get_object_ref( 'System-L4-Application', 'applicationprofile', tenant='admin') nw_ref = None if l4_type == 'tcp': nw_ref = self.common_utils.get_object_ref( 'System-TCP-Proxy', 'networkprofile', tenant='admin') elif l4_type == 'udp': nw_ref = self.common_utils.get_object_ref( 'System-UDP-Fast-Path', 'networkprofile', tenant='admin') temp_vs['application_profile_ref'] = app_ref temp_vs['network_profile_ref'] = nw_ref if ssl_profile: temp_vs['ssl_profile_ref'] = ssl_profile if ssl_cert: temp_vs['ssl_key_and_certificate_refs'] = [ssl_cert] if self.vrf_ref: temp_vs['vrf_context_ref'] = self.vrf_ref if http_policy_ref: temp_vs['http_policy_set_ref'] = http_policy_ref return temp_vs, pool_obj, http_policy_set, msg return False, False, False, msg
def pool_conversion(self, data): """ Pool conversion over here Pool Contains: - servers """ default_port = "80" pool_list = list() for pool in self.parsed.get('serverfarm', ''): probe = None monitor_ref = None server = None temp_pool = dict() name = pool.get('host', '') app_persistance = self.find_app_persistance(name, data) app_ref = self.common_utils.get_object_ref(app_persistance, 'applicationpersistenceprofile', tenant=self.tenant) if app_persistance: temp_pool.update( { 'application_persistence_profile_ref': app_ref }) skipped_list = list() server = [] for pools in pool['desc']: farm_set = set(pools.keys()) skipped_list_temp = list(farm_set.intersection(set(POOL_SKIP))) if skipped_list_temp: skipped_list.extend(skipped_list_temp) if "rserver" in pools.keys(): if 'port' in pools.keys(): use_port = pools['port'] server.extend(self.server_converter(pools['rserver'], use_port)) else: use_port = default_port server.extend(self.server_converter(pools['rserver'], use_port)) if data.get('HealthMonitor'): for hm in data['HealthMonitor']: if pools.get('probe') == hm['name']: probe = pools['probe'] if probe: monitor_ref = self.common_utils.get_object_ref( probe, 'healthmonitor', tenant=self.tenant) if server: pool_dict = { "lb_algorithm": "LB_ALGORITHM_ROUND_ROBIN", "name": name, "cloud_ref": self.cloud_ref, "tenant_ref": self.tenant_ref, "servers": server, "health_monitor_refs": [ ], "fail_action": { "type": "FAIL_ACTION_CLOSE_CONN" }, "description": None } if monitor_ref: pool_dict['health_monitor_refs'].append(monitor_ref) if self.vrf_ref: pool_dict['vrf_ref'] = self.vrf_ref temp_pool.update(pool_dict) # update excel sheet update_excel('serverfarm', name, avi_obj=temp_pool, skip=skipped_list) pool_list.append(temp_pool) return pool_list
def healthmonitor_conversion(self): """ Health monitor conversion happens here """ # monitor list monitor_list = list() for health_monitor in self.parsed.get('probe', ''): receive_timeout = DEFAULT_TIMEOUT failed_checks = DEFAULT_FAILED_CHECKS send_interval = health_monitor.get('interval', DEFAULT_INTERVAL) if int(receive_timeout) > int(send_interval): if int(send_interval) != 0: receive_timeout = int(send_interval) - 1 else: receive_timeout = 0 # time_until_up = DEFAULT_TIME_UNTIL_UP successful_checks = DEFAULT_FAILED_CHECKS monitor = { "receive_timeout": receive_timeout, "name": health_monitor['name'], "tenant_ref": self.tenant_ref, "failed_checks": failed_checks, "send_interval": int(send_interval), "type": None, "successful_checks": successful_checks } if health_monitor['type'].strip() == 'icmp': monitor['type'] = 'HEALTH_MONITOR_PING' elif health_monitor['type'].strip() == 'tcp': monitor['type'] = 'HEALTH_MONITOR_TCP' extra_details = { "monitor_port": health_monitor.get('port', 80), "tcp_monitor": { "tcp_request": "", "tcp_response": "", "http_response": "", "maintenance_response": "" } } monitor.update(extra_details) elif health_monitor['type'].strip() == 'http': monitor['type'] = "HEALTH_MONITOR_HTTP" elif health_monitor['type'].strip() == 'https': monitor['type'] = "HEALTH_MONITOR_HTTPS" else: monitor['type'] == "HEALTH_MONITOR_PING" if health_monitor['type'].strip() == 'http' or health_monitor['type'].strip() == 'https': # for url if health_monitor.get('method', []) and health_monitor.get('url', []): request_url = "{} {}".format(health_monitor['method'], health_monitor['url']) else: request_url = health_monitor.get('url', []) # for response code response_code = [] if '20' in health_monitor.get('status', []): response_code.append('HTTP_2XX') if '30' in health_monitor.get('status', []): response_code.append('HTTP_3XX') if '40' in health_monitor.get('status', []): response_code.append('HTTP_4XX') if '50' in health_monitor.get('status', []): response_code.append('HTTP_5XX') if '*' in health_monitor.get('status', []): response_code.append('HTTP_ANY') # add any if no response code is there if response_code == []: response_code = ['HTTP_ANY'] if health_monitor.get('regex', []): response_code.append('HTTP_ANY') health_monitor_type = 'http_monitor' if health_monitor['type'] == 'https': health_monitor_type = 'https_monitor' extra_details = { health_monitor_type: { "maintenance_response": "", "http_request": request_url, "http_response_code": response_code, "http_response": "" } } monitor.update(extra_details) # Excel Sheet updating update_excel('probe', health_monitor['name'], avi_obj=monitor) monitor_list.append(monitor) return monitor_list
def healthmonitor_conversion(self): """ Health monitor conversion happens here """ # monitor list monitor_list = list() for health_monitor in self.parsed.get('probe', ''): receive_timeout = DEFAULT_TIMEOUT failed_checks = DEFAULT_FAILED_CHECKS send_interval = health_monitor.get('interval', DEFAULT_INTERVAL) if int(receive_timeout) > int(send_interval): if int(send_interval) != 0: receive_timeout = int(send_interval) - 1 else: receive_timeout = 0 # time_until_up = DEFAULT_TIME_UNTIL_UP successful_checks = DEFAULT_FAILED_CHECKS monitor = { "receive_timeout": receive_timeout, "name": health_monitor['name'], "tenant_ref": self.tenant_ref, "failed_checks": failed_checks, "send_interval": int(send_interval), "type": None, "successful_checks": successful_checks } if health_monitor['type'].strip() == 'icmp': monitor['type'] = 'HEALTH_MONITOR_PING' elif health_monitor['type'].strip() == 'tcp': monitor['type'] = 'HEALTH_MONITOR_TCP' extra_details = { "monitor_port": health_monitor.get('port', 80), "tcp_monitor": { "tcp_request": "", "tcp_response": "", "http_response": "", "maintenance_response": "" } } monitor.update(extra_details) elif health_monitor['type'].strip() == 'http': monitor['type'] = "HEALTH_MONITOR_HTTP" elif health_monitor['type'].strip() == 'https': monitor['type'] = "HEALTH_MONITOR_HTTPS" else: monitor['type'] == "HEALTH_MONITOR_PING" if health_monitor['type'].strip() == 'http' or health_monitor['type'].strip() == 'https': # for url if health_monitor.get('method', []) and health_monitor.get('url', []): request_url = "{} {}".format(health_monitor['method'], health_monitor['url']) elif health_monitor.get('header-value', []): request_url = "HEAD Host:{}".format(str(health_monitor['header-value']).replace('"','')) else: request_url = health_monitor.get('url', []) # for response code response_code = [] if '20' in health_monitor.get('status', []): response_code.append('HTTP_2XX') if '30' in health_monitor.get('status', []): response_code.append('HTTP_3XX') if '40' in health_monitor.get('status', []): response_code.append('HTTP_4XX') if '50' in health_monitor.get('status', []): response_code.append('HTTP_5XX') if '*' in health_monitor.get('status', []): response_code.append('HTTP_ANY') # add any if no response code is there if response_code == []: response_code = ['HTTP_ANY'] if health_monitor.get('regex', []): response_code.append('HTTP_ANY') health_monitor_type = 'http_monitor' server_response_data = health_monitor.get('status1', []) if health_monitor['type'] == 'https': health_monitor_type = 'https_monitor' extra_details = { health_monitor_type: { "maintenance_response": "", "client_request_data": request_url, "response_data": response_code, "server_response_data": server_response_data, "description": "", } } monitor.update(extra_details) # Excel Sheet updating update_excel('probe', health_monitor['name'], avi_obj=monitor) monitor_list.append(monitor) return monitor_list
def virtual_service_conversion_policy(self, name, data, ssl_profile=None, ssl_cert=None): global USED_POOLS ports = None vs_ref = None port_end = None l4_type = None http_policy_ref = None http_policy_set = None msg = '' for policy_map in self.parsed['policy-map']: pool_obj = dict() temp_vs = dict() if policy_map.get('name') == name: name = policy_map['name'] LOG.debug("Converting Policy %s" % name) pool = None original_pool_name = None pool_ref = None action = None vs_ref, ports, ip, l4_type = self.get_vsref_and_port_from_class( name) if not vs_ref or not ports or not ip: msg = 'No vsvip, ip-port for policy-map {}'.format(name) LOG.warn('Skipping VS %s as no vsvip or ip-port found for ' 'policy-map' % name) continue # Excel Sheet Update for class update_excel('class-map', name, avi_obj="Refer Policy-map {}".format(name)) for class_dec in policy_map['desc']: for vsobj in class_dec['class_desc']: if 'action' in vsobj.keys(): action = vsobj['action'] if 'sticky-serverfarm' in vsobj.keys() or\ 'serverfarm' in vsobj.keys(): if 'sticky-serverfarm' in vsobj.keys(): l4_type = None stick_farm = vsobj['sticky-serverfarm'] for farm in self.parsed['sticky']: for farm_desc in farm['desc']: if (farm['name'] == stick_farm and farm_desc.get('serverfarm')): pool = farm_desc['serverfarm'] original_pool_name = pool break if 'serverfarm' in vsobj.keys(): pool = vsobj['serverfarm'] original_pool_name = pool flag = 0 for pool_set in self.data['Pool']: if pool_set['name'] == original_pool_name: flag = 1 if flag == 0: pool = '' # if pool is already used do clone the pool and # having persistance profile if self.check_persistance(pool, data, l4_type): if pool in USED_POOLS: if self.clone_pool(name, pool, data): pool_obj = self.clone_pool( name, pool, data) pool = pool_obj['name'] USED_POOLS.append(pool) update_excel( 'class-map', pool, avi_obj="Refer Class Map : {}".format(name)) # finding the ips for vip ip_list = [ip] vip = [] for ip in ip_list: vip.append({ "ip_address": { "type": "V4", "addr": ip }, "vip_id": 0 }) if pool != '': pool_ref = self.common_utils.get_object_ref( pool, 'pool', tenant=self.tenant, cloud_name=self.cloud) if action: l4_type = None http_policy_set = self.create_http_policy(action, name) http_policy_ref = self.common_utils.get_object_ref( object_name=http_policy_set.get('name'), object_type='httppolicyset', tenant=self.tenant) else: sfarm_o = [ sfarm for sfarm in self.parsed.get('serverfarm') if sfarm['host'] == original_pool_name ] for sfarm in sfarm_o: for pools in sfarm['desc']: temp_pool_name = pools.get('rserver', []) for servers in self.parsed.get('rserver', []): if (servers.get('host', []) == temp_pool_name and len(servers) > 0 and len(servers['desc']) > 0 and "code" in servers.get('desc', [])[0].keys()): http_policy_set = self.create_redirect_http_policy( original_pool_name, servers['desc'][0]) http_policy_ref = self.common_utils.get_object_ref( object_name=http_policy_set['name'], object_type='httppolicyset', tenant=self.tenant) # rules for finding VS is l4 or l7 enable_ssl = (True if ssl_profile else False) if 443 in ports and not ssl_cert: l4_type = 'tcp' if http_policy_ref: http_policy_ref = None if not pool and not http_policy_ref: msg = 'No Pool or http policy configured for VS {}'.format( name) LOG.warn('Skipped VS %s as no pool or http policy found' % name) continue temp_vs = { "vsvip_ref": vs_ref, "enabled": False, "vs_datascripts": [], "services": [], "description": None, "name": name, "cloud_ref": self.cloud_ref, "tenant_ref": self.tenant_ref, "type": "VS_TYPE_NORMAL" } for port in ports: ssl_service = enable_ssl if enable_ssl and port == 80: ssl_service = False if isinstance(port, str) and '-' in port: service = { "enable_ssl": ssl_service, "port": port.split('-')[0], 'port_range_end': port.split('-')[1] } else: service = { "enable_ssl": ssl_service, "port": port, } temp_vs["services"].append(service) if self.segroup: segroup_ref = self.common_utils.get_object_ref( self.segroup, 'serviceenginegroup', tenant=self.tenant, cloud_name=self.cloud) temp_vs['se_group_ref'] = segroup_ref if pool_ref: temp_vs['pool_ref'] = pool_ref nw_ref = None if l4_type: app_ref = self.common_utils.get_object_ref( 'System-L4-Application', 'applicationprofile', tenant='admin') nw_ref = None if l4_type == 'tcp': nw_ref = self.common_utils.get_object_ref( 'System-TCP-Proxy', 'networkprofile', tenant='admin') elif l4_type == 'udp': nw_ref = self.common_utils.get_object_ref( 'System-UDP-Fast-Path', 'networkprofile', tenant='admin') elif enable_ssl: app_ref = self.common_utils.get_object_ref( 'System-Secure-HTTP', 'applicationprofile', tenant='admin') else: app_ref = self.common_utils.get_object_ref( 'System-HTTP', 'applicationprofile', tenant='admin') if not nw_ref: nw_ref = self.common_utils.get_object_ref( 'System-TCP-Proxy', 'networkprofile', tenant='admin') temp_vs['application_profile_ref'] = app_ref temp_vs['network_profile_ref'] = nw_ref if ssl_profile: temp_vs['ssl_profile_ref'] = ssl_profile if ssl_cert: temp_vs['ssl_key_and_certificate_refs'] = [ssl_cert] if self.vrf_ref: temp_vs['vrf_context_ref'] = self.vrf_ref if http_policy_ref: pol = {'index': 11, 'http_policy_set_ref': http_policy_ref} if not temp_vs.get('http_policies'): temp_vs['http_policies'] = [] else: ind = max([ pol_index['index'] for pol_index in temp_vs['http_policies'] ]) pol['index'] = ind + 1 temp_vs['http_policies'].append(pol) return temp_vs, pool_obj, http_policy_set, msg return False, False, False, msg
def virtual_service_conversion_policy(self, name, data, ssl_profile=None, ssl_cert=None): global USED_POOLS port = None vs_ref = None port_end = None l4_type = None http_policy_ref = None http_policy_set = None msg = '' for policy_map in self.parsed['policy-map']: pool_obj = dict() temp_vs = dict() if policy_map.get('name') == name: name = policy_map['name'] pool = None original_pool_name = None pool_ref = None action = None vs_ref, port, ip, l4_type = self.get_vsref_and_port_from_class( name) if not vs_ref or port is None or not ip: msg = 'No vsvip, ip-port for policy-map {}'.format(name) continue # Excel Sheet Update for class update_excel('class-map', name, avi_obj="Refer Policy-map {}".format(name)) enable_ssl = (True if port == '443' else False) for class_dec in policy_map['desc']: for vsobj in class_dec['class_desc']: if 'action' in vsobj.keys(): action = vsobj['action'] if 'sticky-serverfarm' in vsobj.keys() or\ 'serverfarm' in vsobj.keys(): if 'sticky-serverfarm' in vsobj.keys(): stick_farm = vsobj['sticky-serverfarm'] for farm in self.parsed['sticky']: for farm_desc in farm['desc']: if farm_desc.get('serverfarm'): pool = farm_desc['serverfarm'] break if 'serverfarm' in vsobj.keys(): pool = vsobj['serverfarm'] original_pool_name = pool flag = 0 for pool_set in self.data['Pool']: if pool_set['name'] == original_pool_name: flag = 1 if flag == 0: pool = '' # if pool is already used do clone the pool and # having persistance profile if self.check_persistance(pool, data, l4_type): if pool in USED_POOLS: if self.clone_pool(name, pool, data): pool_obj = self.clone_pool( name, pool, data) pool = pool_obj['name'] USED_POOLS.append(pool) update_excel('class-map', pool, avi_obj="Refer " "Class Map : {}".format(name)) # finding the ips for vip ip_list = [ip] vip = [] for ip in ip_list: vip.append({ "ip_address": { "type": "V4", "addr": ip }, "vip_id": 0 }) if pool != '': pool_ref = self.common_utils.get_object_ref( pool, 'pool', tenant=self.tenant, cloud_name=self.cloud) if not pool: msg = 'No Pool configured for VS {}'.format(name) # continue if action: http_policy_set = self.create_http_policy(action, name) http_policy_ref = self.common_utils.get_object_ref(object_name=http_policy_set.get('name'), object_type='httppolicyset', tenant=self.tenant) else: for sfarm in self.parsed.get('serverfarm'): if sfarm['host'] == original_pool_name: for pools in sfarm['desc']: temp_pool_name = pools.get('rserver', []) for servers in self.parsed.get('rserver', []): if servers.get('host', []) == temp_pool_name: if len(servers) > 0 and len(servers['desc']) > 0 and \ "code" in servers.get('desc', [])[0].keys(): http_policy_set = self.create_redirect_http_policy( original_pool_name, servers['desc'][0]) http_policy_ref = self.common_utils.get_object_ref(object_name=http_policy_set['name'], object_type='httppolicyset', tenant=self.tenant) temp_vs = { "vsvip_ref": vs_ref, "enabled": False, "vs_datascripts": [], "vip": vip, "services": [{ "enable_ssl": enable_ssl, "port": port, }], "description": None, "name": name, "cloud_ref": self.cloud_ref, "tenant_ref": self.tenant_ref, "type": "VS_TYPE_NORMAL" } if self.segroup: segroup_ref = self.common_utils.get_object_ref(self.segroup, 'serviceenginegroup', tenant=self.tenant, cloud_name=self.cloud) temp_vs['segroup_ref'] = segroup_ref if pool_ref: temp_vs['pool_ref'] = pool_ref if l4_type: app_ref = self.common_utils.get_object_ref( 'System-L4-Application', 'applicationprofile', tenant='admin') nw_ref = None if l4_type == 'tcp': nw_ref = self.common_utils.get_object_ref( 'System-TCP-Proxy', 'networkprofile', tenant='admin') elif l4_type == 'udp': nw_ref = self.common_utils.get_object_ref( 'System-UDP-Fast-Path', 'networkprofile', tenant='admin') temp_vs['application_profile_ref'] = app_ref temp_vs['network_profile_ref'] = nw_ref if ssl_profile: temp_vs['ssl_profile_ref'] = ssl_profile if ssl_cert: temp_vs['ssl_key_and_certificate_refs'] = [ssl_cert] if self.vrf_ref: temp_vs['vrf_context_ref'] = self.vrf_ref if http_policy_ref: temp_vs['http_policy_set_ref'] = http_policy_ref return temp_vs, pool_obj, http_policy_set, msg return False, False, False, msg