def main(argv): debug_level = 0 mylogger = rtclogger.LOGGER("AMPeventDetails", debug_level, "") try: dbconn = rtcdb.RTCDB() dbresult = dbconn.getXconfig("iseconfig") creds = json.loads(dbresult["configstring"]) ISE_SERVER = creds["ise_server"] ISE_USERNAME = creds["ise_username"] PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"] PXGRID_CLIENT_KEY = creds["pxgrid_client_key"] PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"] PXGRID_SERVER_CERT = creds["pxgrid_server_cert"] PXGRID_NODENAME = creds["pxgrid_nodename"] if "pxgrid_password" in creds: PXGRID_PASSWORD = creds["pxgrid_password"] else: PXGRID_PASSWORD = "" if 'REQUEST_METHOD' in os.environ: debug = False else: debug = True # print("connecting to ....{} {} {}".format(ISE_SERVER,ISE_USERNAME,ISE_PASSWORD)) i = cats.ISE_PXGRID(server=ISE_SERVER, password=PXGRID_PASSWORD, debug=debug, logfile="", clientcert=PXGRID_CLIENT_CERT, clientkey=PXGRID_CLIENT_KEY, clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD, servercert=PXGRID_SERVER_CERT, nodename=PXGRID_NODENAME) # i = cats.ISE_PXGRID(server=ISE_SERVER,username=ISE_USERNAME,password=ISE_PASSWORD,debug=True,logfile="") rsp = i.getSessions() # print(str(rsp)) rsp.update({"rtcResult": "OK"}) except Exception as err: rsp = {"rtcResult": mylogger.exception_info(err)} print("Content-type:application/json\n\n") print(json.dumps(rsp))
def __init__(self,name,thresholdLogLevel,logfilename): try: threading.Thread.__init__(self) self.logthreshold = thresholdLogLevel self.logger = rtclogger.LOGGER(name,thresholdLogLevel,logfilename) self.logger.log_debug(0,"starting {} thread with log level {}".format(name,str(thresholdLogLevel))) self.db = rtcdb.RTCDB() dbresult = self.db.getConfig("rtcconfig") self.rtcConfig = json.loads(dbresult["configstring"]) self.threshold = self.rtcConfig["rtcThreshold"] dbresult = self.db.getConfig("iseconfig") creds = json.loads(dbresult["configstring"]) ISE_SERVER = creds["ise_server"] ISE_USERNAME = creds["ise_username"] ISE_PASSWORD = creds["ise_password"] if "pxgrid_password" in creds: PXGRID_PASSWORD = creds["pxgrid_password"] else: PXGRID_PASSWORD = "" PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"] PXGRID_CLIENT_KEY = creds["pxgrid_client_key"] PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"] PXGRID_SERVER_CERT = creds["pxgrid_server_cert"] PXGRID_NODENAME = creds["pxgrid_nodename"] self.pxgrid = cats.ISE_PXGRID(server=ISE_SERVER,clientcert=PXGRID_CLIENT_CERT,clientkey=PXGRID_CLIENT_KEY,clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD,servercert=PXGRID_SERVER_CERT,nodename=PXGRID_NODENAME,password=PXGRID_PASSWORD,debug=False,logfile="") self.ise_anc = cats.ISE_ANC(ISE_SERVER,ISE_USERNAME,ISE_PASSWORD,debug=False) self.ancpolicy = self.rtcConfig["rtcPolicyName"] dbresultAMP = self.db.getXconfig("ampconfig") credsAMP = json.loads(dbresultAMP["configstring"]) AMP_cloud = "us" AMP_api_client_id = credsAMP["amp_api_client_id"] AMP_api_key = credsAMP["amp_api_key"] self.amp = cats.AMP(cloud=AMP_cloud,api_client_id=AMP_api_client_id,api_key=AMP_api_key,debug=False,logfile="") except Exception as err: self.logger.log_debug(0,self.logger.exception_info(err))
def main(argv): # todo - # input validation is for wimps # print("Content-type:application/json\n\n") try: debug_level = 4 mylogger = rtclogger.LOGGER("Config ", debug_level, "") order = str(sys.stdin.read()) ppost = json.loads(order) table = ppost["table"] post = ppost["post"] debugmsg = "" dbconn = rtcdb.RTCDB() if table == "iseconfig": mylogger.log_debug(0, json.dumps(post)) if post["pxgrid_client_cert"]: post.update({"pxgrid_password": ""}) else: debugmsg = "not post client cert and iseconfig" ''' password based auth for ise may need to retrieve password if not already stored''' dbresult = dbconn.getXconfig("iseconfig") if dbresult["rtcResult"] == "OK": configstring = dbresult["configstring"] iseconfig = json.loads(configstring) if not "pxgrid_password" in iseconfig: debugmsg = debugmsg + " not pxgrid password" i = cats.ISE_PXGRID(server=post["ise_server"], nodename=post["pxgrid_nodename"], description="", debug=True, logfile="/tmp/rtc.log") password = i.getPassword() debugmsg = debugmsg + "password is " + password i.activate() post.update({"pxgrid_password": password}) else: rsp = { "rtcResult": "DB ERROR", "info": debugmsg + dbresult["info"] } print(json.dumps(rsp)) return dbresult = dbconn.updateXconfig(table, json.dumps(post)) if dbresult["rtcResult"] == "OK": dbresult = dbconn.getXconfig(table) if dbresult["rtcResult"] == "OK": configstring = dbresult["configstring"] rsp = {"rtcResult": "OK"} rsp.update({"configstring": configstring}) else: rsp = {"rtcResult": "DB ERROR" + debugmsg} else: rsp = { "rtcResult": "DB ERROR", "info": debugmsg + dbresult["info"] } print(json.dumps(rsp)) except Exception as err: result = { "result": "Error", "info": "some error {} table {} post {} {}".format( mylogger.exception_info(err), table, post, debugmsg) } print(json.dumps(result))
def main(argv): ISE_SERVER = "" ISE_PASSWORD = "" PXGRID_CLIENT_CERT = "" PXGRID_CLIENT_KEY = "" PXGRID_CLIENT_KEY_PASSWORD = "" PXGRID_SERVER_CERT = "" PXGRID_NODENAME = "" mac = "" ip = "" debug = False password = "" nodename2 = "" certauth = False description = "" server2 = "" password2 = "" jsonfile = "iseconfig.json" operation = "getsessions" try: opts, args = getopt.getopt(argv, "hcdp:i:m:n:t:j:s:o:") for opt, arg in opts: if opt == '-h': print_help() sys.exit(2) if opt == ("-d"): debug = True if opt == ("-c"): certauth = True if opt == ("-i"): ip = arg if opt == ("-m"): mac = arg if opt == ("-n"): nodename2 = arg if opt == ("-t"): description = arg if opt == ("-j"): jsonfile = arg if opt == ("-s"): server2 = arg if opt == ("-p"): password = arg if opt == ("-o"): operation = arg found = False for o in OPERATIONS: if operation == o["name"]: found = True if not found: raise ValueError except Exception as err: print("Error in syntax") print_help() sys.exit(2) try: try: print("opening config file {}".format(jsonfile)) creds = json.loads(open(jsonfile).read()) ISE_SERVER = creds["ise_server"] PXGRID_PASSWORD = creds["ise_password"] PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"] PXGRID_CLIENT_KEY = creds["pxgrid_client_key"] PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"] PXGRID_SERVER_CERT = creds["pxgrid_server_cert"] PXGRID_NODENAME = creds["pxgrid_nodename"] except Exception as e: print( "unable to open jsonfile {}, continuing (will only work for password based auth)" .format(jsonfile)) # override file config options for ise server and nodename if server2: ISE_SERVER = server2 if nodename2: PXGRID_NODENAME = nodename2 if not ISE_SERVER: print("No ISE server specified, nor in file or with -s option") print_help() sys.exit(2) if certauth: if debug: print("NODE {} CLIENT CERT {} KEY {} SERVER CERT {}".format( PXGRID_NODENAME, PXGRID_CLIENT_CERT, PXGRID_CLIENT_KEY, PXGRID_SERVER_CERT)) if PXGRID_NODENAME and PXGRID_CLIENT_CERT and PXGRID_CLIENT_KEY and PXGRID_CLIENT_KEY_PASSWORD and PXGRID_SERVER_CERT: i = cats.ISE_PXGRID( server=ISE_SERVER, nodename=PXGRID_NODENAME, clientcert=PXGRID_CLIENT_CERT, clientkey=PXGRID_CLIENT_KEY, clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD, servercert=PXGRID_SERVER_CERT, description=description, debug=debug, logfile="") ## i.activate seems to be necessary once for the node name for cert based auth i.activate() else: print( "Not all options for cert auth specified in json file, see -h for help" ) sys.exit(2) else: print("not cert auth") if PXGRID_NODENAME: i = cats.ISE_PXGRID(server=ISE_SERVER, nodename=PXGRID_NODENAME, password=password, description=description, debug=debug, logfile="") password = i.getPassword() print("password is {}".format(password)) i.activate() else: print( "Nodename must be specified for password based auth, see -h for help" ) sys.exit(2) if operation == "getsessions": rsp = i.getSessions(ip=ip, mac=mac) if operation == "getbindings": rsp = i.getBindings() if operation == "getsecuritygroups": rsp = i.getSecurityGroups() if operation == "getsecuritygroupacls": rsp = i.getSecurityGroupACLs() if operation == "getprofiles": rsp = i.getProfiles() if operation == "getfailures": rsp = i.getFailures() print(json.dumps(rsp, indent=4, sort_keys=True)) print("password used was {}".format(password)) except Exception as err: print("ERROR") print(exception_info(err)) print("ERROR")
def main(argv): ### default never log,change this if needed debug_level = 0 mylogger = rtclogger.LOGGER("getHosts", debug_level, "") try: if 'REQUEST_METHOD' in os.environ: ### this is called as CGI script and we should avoid printouts debug = False post = str(sys.stdin.read()) temp = json.loads(post) recurring = temp["recurring"] else: ### this is called via CLI for troubleshooting recurring = "True" debug = True dbconn = rtcdb.RTCDB() rsp = dbconn.getHosts() hosts = rsp["items"] mylogger.log_debug(7, json.dumps(hosts)) dbresult = dbconn.getXconfig("iseconfig") creds = json.loads(dbresult["configstring"]) i = None if "ise_server" in creds: ISE_SERVER = creds["ise_server"] ISE_USERNAME = creds["ise_username"] ISE_PASSWORD = creds["ise_password"] if "pxgrid_password" in creds: PXGRID_PASSWORD = creds["pxgrid_password"] else: PXGRID_PASSWORD = "" PXGRID_CLIENT_CERT = creds["pxgrid_client_cert"] PXGRID_CLIENT_KEY = creds["pxgrid_client_key"] PXGRID_CLIENT_KEY_PASSWORD = creds["pxgrid_client_key_pw"] PXGRID_SERVER_CERT = creds["pxgrid_server_cert"] PXGRID_NODENAME = creds["pxgrid_nodename"] i = cats.ISE_PXGRID(server=ISE_SERVER, debug=debug, logfile="", clientcert=PXGRID_CLIENT_CERT, clientkey=PXGRID_CLIENT_KEY, clientkeypassword=PXGRID_CLIENT_KEY_PASSWORD, servercert=PXGRID_SERVER_CERT, nodename=PXGRID_NODENAME, password=PXGRID_PASSWORD) anc = cats.ISE_ANC(ISE_SERVER, ISE_USERNAME, ISE_PASSWORD, debug=debug, logfile="") dbresult = dbconn.getXconfig("ampconfig") creds = json.loads(dbresult["configstring"]) a = None if "amp_api_client_id" in creds: API_CLIENT_ID = creds["amp_api_client_id"] API_KEY = creds["amp_api_key"] a = cats.AMP(cloud="us", api_client_id=API_CLIENT_ID, api_key=API_KEY, debug=debug, logfile="") for h in hosts: mylogger.log_debug(7, "Host is ".format(json.dumps(h))) if i: try: mylogger.log_debug(7, "getting sessions for " + h["mac"]) rsp = i.getSessions(mac=h["mac"]) mylogger.log_debug( 7, "pxgrid rsp {}".format(json.dumps(rsp))) h.update({"ise": rsp}) except Exception as err: mylogger.log_debug( 2, "ise sessions " + mylogger.exception_info(err)) h.update({"ise": {}}) else: h.update({"ise": {}}) if a: try: # is this the same rsp as gotten from getsessions?!?! ip = rsp["ipAddresses"][0] rsp = a.computers(internal_ip=ip) mylogger.log_debug(7, "AMP resp" + json.dumps(rsp)) h.update({"amp": rsp}) except Exception as err: mylogger.log_debug( 1, "amp exception" + mylogger.exception_info(err)) h.update({"amp": {}}) else: h.update({"amp": {}}) if anc: try: mylogger.log_debug(7, "reading ISE ANC for " + h["mac"]) rsp = anc.macPolicy(h["mac"]) h.update({"ancpolicy": rsp["policy"]}) except Exception as err: h.update({"ancpolicy": ""}) mylogger.log_debug( 1, "ise anc exception" + mylogger.exception_info(err)) else: h.update({"ancpolicy": ""}) # get all the rtcEvent for this host try: rsp = dbconn.getAMPevents(h["mac"]) h.update({"ampevents": rsp}) except Exception as err: h.update({"ampevents": {}}) mylogger.log_debug( 1, "ampevents exception" + mylogger.exception_info(err)) try: rsp = dbconn.getSWevents(h["mac"]) h.update({"swevents": rsp}) except Exception as err: h.update({"swevents": {}}) try: rsp = dbconn.getUMBevents(h["mac"]) h.update({"umbevents": rsp}) except Exception as err: h.update({"umbevents": {}}) mylogger.log_debug( 1, "umbevents exception" + mylogger.exception_info(err)) rsp = {"rtcResult": "OK"} rsp.update({"items": hosts}) rsp.update({"recurring": recurring}) except Exception as err: rsp = {"rtcResult": mylogger.exception_info(err)} print("Content-type:application/json\n\n") print(json.dumps(rsp))