def getTACACSAccountingCfged(): """ @returns true if TACACS+ is configured as an accounting method and that there is a valid TACACS+ server configured. """ acct = [Mgmt.get_value("/aaa/cmd_audit_method/1/name"), Mgmt.get_value("/aaa/cmd_audit_method/2/name")] return ('tacacs+' in acct)
def getTACACSAuthorizationCfged(): """ @returns true if TACACS+ is configured as an authorization method and that there is a valid TACACS+ server configured. """ author = [Mgmt.get_value("/aaa/cmd_author_method/1/name"), Mgmt.get_value("/aaa/cmd_author_method/2/name")] return ('tacacs+' in author)
def __set_user_password(self, username, password): # XXX/jshilkaitis: lame, should be an action on the mgmtd side # XXX/jshilkaitis: why doesn't the framework do validation? valid_password = common.lc_password_validate(password) if not valid_password: # XXX/jshilkaitis: hardcode the reason for now, since we know # length is the only criterion, but that may not be true in the # future. raise ServiceError, 'Password must contain at least 6 characters' use_sha512 = Mgmt.get_value('/rbt/support/config/sha_password/enable') if use_sha512: crypted_password = common.sha_encrypt_password(False, password) else: crypted_password = common.ltc_encrypt_password(password) password_node_name = '/auth/passwd/user/%s/password' % username code, msg = Mgmt.set((password_node_name, 'string', crypted_password)) if code != 0: raise ServiceError, msg
def get_pfs_stats(self, start_time, end_time, share_name): """ get_pfs_stats(auth, start_time, end_time, share_name) -> [ [share size], [bytes received], [bytes sent] ] Fetch the system's PFS statistics. Parameters: start_time (datetime) - start of the stats query period end_time (datetime) - end of the stats query period share_name (string) - share whose stats are desired or 'all' for the sum of all shares Exceptions: get_pfs_statsFault - Datetime not in known format get_pfs_statsFault - Unknown share name """ if share_name == 'all': share_id = 0 else: share_id = Mgmt.get_value('/rbt/rcu/share/%s/config/id' % share_name) if share_id is None: raise ServiceError, 'Unknown share name: %s' % share_name return self.get_stats_internal('pfs', 3, start_time, end_time, share_id)
def getNTPAuthEnabled(): """ @returns true if any enabled NTP server has a valid key configured. """ auth_enabled = False ntp_hosts = Mgmt.get_pattern('/ntp/server/address/*') for host in ntp_hosts: key = Mgmt.get_value('/ntp/server/address/%s/key' % host[2]) enable = Mgmt.get_value('/ntp/server/address/%s/enable' % host[2]) if (key != '0') and (enable == 'true'): if Mgmt.get_value('/ntp/keys/%s' % key): auth_enabled = True break return auth_enabled
def is_memlock_enabled(): """! Queries mgmtd to determine if workstation memlock is turned on """ memlock_node = "/rbt/vsp/config/memlock/enable" memlocked = Mgmt.get_value(memlock_node) if not memlocked or memlocked == "": Logging.log(Logging.LOG_ERR, "Cannot determine if memlock is enabled") memlocked = "false" return memlocked == "true"
def get_node_value(node_name): """get value of a specified node takes one argument: node_name -> name of the node you want the value of returns: (value) -> value of the node_name """ import Mgmt value = Mgmt.get_value(node_name) return value
def is_interceptor_in_cluster(): RSI = '/rbt/sport/intercept' names = Mgmt.get_children(RSI + '/config/neighbor/name')[0] for name in names: is_interceptor = Mgmt.get_value(RSI + '/neighbor/' + \ name + '/is_interceptor') == 'true' if is_interceptor: return True return False;
def __start_sport(self): val = Mgmt.get_value('/pm/monitor/process/sport/state') if val is None: raise ServiceError, "Could not determine the service's state" if val != 'running': code, msg, bindings = Mgmt.action( '/rbt/sport/main/action/restart_service') if code != 0: raise ServiceError, msg
def get_rios_manage_esxi_ip(): """! Queries mgmtd for the current RiOS manage ESXi IP address and returns it Any callers of this function MUST have an open Mgmt GCL session If failed, the function returns None. """ current_rios_mgmt_esxi_ip_node = "/rbt/vsp/state/network/rios_manage_esxi/ip" current_rios_mgmt_esxi_ip = Mgmt.get_value(current_rios_mgmt_esxi_ip_node) if not current_rios_mgmt_esxi_ip or current_rios_mgmt_esxi_ip == "0.0.0.0": Logging.log(Logging.LOG_INFO, "Failed to get RiOS manage ESXi IP address") current_rios_mgmt_esxi_ip = None return current_rios_mgmt_esxi_ip
def getAuthenticationCfged(auth_method): """ @params auth_method: The authentication method to look for. local, radius or tacacs. @returns bool indicating whether the specified authentication method is configured. In the case of TACACS+ and RADIUS, true is only returned if the authentication method is configured AND a valid RADIUS/TACACS+ server is configured. """ auth = [Mgmt.get_value("/aaa/auth_method/1/name"), Mgmt.get_value("/aaa/auth_method/2/name"), Mgmt.get_value("/aaa/auth_method/3/name")] if auth_method == radius: configured = ('radius' in auth) elif auth_method == tacacs: configured = ('tacacs+' in auth) elif auth_method == local: configured = ('local' in auth) else: configured = False return configured
def get_debug_option(): """! Note: requires an existing Mgmt connection Returns either "release", "debug", "stats" """ node_name = "/rbt/vsp/config/esxi/vmx/debug_option" ret_option = "release" option = Mgmt.get_value(node_name) # If somehow the node does not exist, we'll assume the release binary if option: ret_option = option return ret_option
def get_rsp_vni_stats(self, start_time, end_time, opt_vni, side): """ get_rsp_vni_stats(auth, start_time, end_time, opt_vni, side) -> [ [ingress bytes], [egress bytes], [ingress packets], [egress packets] ] Fetch the system's RSP VNI statistics. Parameters: start_time (datetime) - start of the stats query period end_time (datetime) - end of the stats query period opt_vni (string) - name of vni whose stats are desired side (string) - side of the vni whose stats are desired (lan, wan, or pkg) Exceptions: get_rsp_vni_statsFault - Datetime not in known format get_rsp_vni_statsFault - Invalid optimization VNI side get_rsp_vni_statsFault - Invalid optimization VNI """ offset_dict = { 'lan' : 0, 'wan' : 10, 'pkg' : 20, } try: offset = offset_dict[side] except KeyError: raise ServiceError, '%s is not a valid optimization VNI side' % side id = Mgmt.get_value('/rbt/rsp2/state/vni/opt/%s/stats_id' % opt_vni) if id is None: raise ServiceError, '%s is not a valid optimization vni' % opt_vni vni_id = int(id) + offset return self.get_stats_internal('rsp', 4, start_time, end_time, vni_id)
def __stop_sport(self): val = Mgmt.get_value('/pm/monitor/process/sport/state') if val is None: raise ServiceError, "Could not determine the service's state" if val == 'running': code, msg, bindings = Mgmt.action( '/rbt/sport/status/action/unset_restart_needed') if code != 0: raise ServiceError, msg code, msg, bindings = Mgmt.action( '/pm/actions/terminate_process', ('process_name', 'string', 'sport')) if code != 0: raise ServiceError, msg
def get_alarm_status(self, alarm): """ get_alarm_status(auth, alarm) -> string Get an alarm's status. Parameters: alarm (string) - name of the alarm whose status will be returned Exceptions: get_alarm_statusFault - Alarm does not exist get_alarm_statusFault - Server Error. Contact Support. """ alarm = alarm.lower() alarm_enabled = Mgmt.get_value('/stats/config/alarm/%s/enable' % alarm) if alarm_enabled is None: raise ServiceError, 'Alarm %s does not exist' % alarm elif alarm_enabled == 'false': return 'disabled' elif alarm_enabled == 'true': # XXX/jshilkaitis: use mdc_iterate_binding_pattern one day, but # need to expose it first, and since it's non-trivial, I'm # punting on that for now. alarm_pfx = '/stats/state/alarm/' + alarm alarm_nodes = Mgmt.iterate(alarm_pfx, subtree=True) for node in alarm_nodes: if ((Mgmt.bn_name_pattern_match( node[0], alarm_pfx + '/node/*/rising/error') or Mgmt.bn_name_pattern_match( node[0], alarm_pfx + '/node/*/falling/error')) and node[2] == 'true'): return 'ERROR' else: raise ServiceError, 'Server error. Contact Support.' return 'ok'
def get_root_password(): """! Queries mgmtd for the encrypted root password for ESXi and then returns the decrypted password. Any callers of this function MUST have an open Mgmt GCL session """ # Mgmt nodes related to ESXi password rootpw_node = "/rbt/vsp/config/esxi/root/password" ret_password = None encrypted_str = Mgmt.get_value(rootpw_node) if encrypted_str: ret_password = decrypt_scrypt(context, encrypted_str) else: # If the root password is default empty string, node returns empty ret_password = "" return ret_password
def set_user_password(self, username, password): """ set_user_password(auth, username, password) -> None Modify the password of an existing user. Parameters: username (string) - username whose password will be modified password (string) - username's new password Exceptions: set_user_passwordFault - Cannot modify non-existent user set_user_passwordFault - Password must contain at least 6 characters set_user_passwordFault - Cannot modify another user's password """ existing_user = Mgmt.get_value('/auth/passwd/user/%s/password' % username) if existing_user is None: raise ServiceError, \ 'Cannot modify non-existent user "%s"' % username self.__set_user_password(username, password)
def __assert_alarm_exists(self, alarm): alarm_exists = Mgmt.get_value('/stats/config/alarm/%s/enable' % alarm) if alarm_exists is None: raise ServiceError, 'Alarm %s does not exist' % alarm
if options.verbose: print "Updating CRON config due to interval changes" do_install() elif minimal and minimal != options.min_interval: if options.verbose: print "Updating CRON config due to interval changes" do_install() # Command line & Config. Configuration settings (or defaults) come # from mgmt. The command line can override. HC = '/rbt/support/healthcheck' md_bool_map = {'true':True, 'false':False} try: Mgmt.open() enable_default=md_bool_map[Mgmt.get_value(HC + '/enable')] transport_default=Mgmt.get_value(HC + '/transport') url_default=Mgmt.get_value(HC + '/url') recipient_default=Mgmt.get_value(HC + '/recipient') proxy_default=Mgmt.get_value(HC + '/proxy') full_interval_default=Mgmt.get_value(HC + '/full_interval') min_interval_default=Mgmt.get_value(HC + '/min_interval') level_default=Mgmt.get_value(HC + '/level') Mgmt.close() except: # Mgmt cannot be accessed at boot so we muddle along with command # line only to allow the boot install. The first run after boot # will fix the scheduling to any user defined values or # md_support.xml defaults. enable_default=False transport_default='autosupport_gw'
def get_qos_stats(self, start_time, end_time, qos_class): """ get_passthrough_stats(auth, start_time, end_time, qos_class) -> [ [packets sent], [packets dropped], [bits sent], [bits dropped] ] Fetch the system's QoS statistics. Parameters: start_time (datetime) - start of the stats query period end_time (datetime) - end of the stats query period qos_class (string) - name of qos class whose stats are desired or 'all' Exceptions: get_qos_statsFault - Datetime not in known format get_qos_statsFault - QoS class does not exist get_qos_statsFault - Internal error. Failed to map class to id. """ classid = None # the default class is guaranteed to exist, so this is always safe check_rbm_permissions('/rbt/hfsc/config/class/default/params/classid', RBM_READ) if qos_class == 'all': classid = "0" # elif qos_class == 'unknown': # XXX/jshilkaitis: figure out how to deal with this # pass else: # convert class name to class id classid = Mgmt.get_value('/rbt/hfsc/config/class/%s/params/classid' % qos_class) if classid is None: raise ServiceError, 'QoS class "%s" does not exist' % qos_class check_rbm_permissions('/rbt/hfsc/action/get_family_ids', RBM_ACTION) # handle hierarchical QoS classes code, msg, bindings = Mgmt.action('/rbt/hfsc/action/get_family_ids', ('parent_id', 'uint16', classid)) if code != 0: raise ServiceError, 'Unable to map class name "%s" to class id.' \ % qos_class if bindings == {}: family_ids = classid else: family_ids = bindings['family_ids'] data_dict = {0:{}, 1:{}, 2:{}, 3:{}} # all datapoints with the same timestamp have equal durations gran_dict = {} # merge the datapoints for each class into a summary dict for cid in family_ids.split(','): stats_array = self.get_stats_internal('qos', 4, start_time, end_time, cid) for i in range(4): curr_dict = data_dict[i] sub_array = stats_array[i] for dp in sub_array: curr_dict[dp.time] = curr_dict.get(dp.time, 0) + dp.value gran_dict[dp.time] = dp.duration results = [] sorted_times = gran_dict.keys() sorted_times.sort() # turn the summary dict into a list of datapoints, sorted by time for i in range(4): curr_dict = data_dict[i] curr_result_array = [] for t in sorted_times: d = Datapoint() d.time = t d.value = curr_dict[t] d.duration = gran_dict[t] curr_result_array.append(d) results.append(curr_result_array) return results
def getBridgeInterfaceMTU(self, bridgeName): bn_node = "/rbt/vsp/state/interface/%s/bridged/interface/mtu" % bridgeName Mgmt.open() infMTU = Mgmt.get_value(bn_node) Mgmt.close() return infMTU