def create(cls,
name,
master_engine,
virtual_resource,
interfaces,
default_nat=False,
outgoing_intf=0,
domain_server_address=None,
enable_ospf=False,
ospf_profile=None,
**kwargs):
"""
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param boolean default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
:py:class:`smc.api.exceptions.LoadEngineFailed`: master engine not found
"""
virt_resource_href = None #need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed(
'Cannot find associated virtual resource for '
'VE named: {}. You must first create a virtual '
'resource for the master engine before you can associate '
'a virtual engine. Cannot add VE'.format(name))
new_interfaces = []
for interface in interfaces:
physical = VirtualPhysicalInterface()
physical.add_single_node_interface(
interface.get('interface_id'),
interface.get('address'),
interface.get('network_value'),
zone_ref=interface.get('zone_ref'))
#set auth request and outgoing on one of the interfaces
if interface.get('interface_id') == outgoing_intf:
intf = _interface_helper(physical.data)
intf.outgoing = True
intf.auth_request = True
new_interfaces.append(physical())
engine = Engine.create(
name=name,
node_type=cls.node_type,
physical_interfaces=new_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, #Isn't used in VE
nodes=1,
default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
engine.update(virtual_resource=virt_resource_href)
engine.pop('log_server_ref',
None) #Master Engine provides this service
href = search.element_entry_point('virtual_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='virtual_fw'))
else:
raise CreateEngineFailed('Could not create the virtual engine, '
'reason: {}'.format(result.msg))
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface=0,
log_server_ref=None,
default_nat=False,
reverse_connection=False,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False,
location_ref=None,
enable_ospf=False,
ospf_profile=None):
"""
Create a single layer 3 firewall with management interface and DNS
:param str name: name of firewall engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param str log_server_ref: (optional) href to log_server instance for fw
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean reverse_connection: should the NGFW be the mgmt initiator (used when behind NAT)
:param boolean default_nat: (optional) Whether to enable default NAT for outbound
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:param str location_ref: location href for engine if needed to contact SMC behind NAT
:param boolean enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
physical = PhysicalInterface()
physical.add_single_node_interface(
mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
reverse_connection=reverse_connection,
zone_ref=zone_ref)
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=[physical()],
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus,
default_nat=default_nat,
location_ref=location_ref,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
href = search.element_entry_point('single_fw')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_fw'))
else:
raise CreateEngineFailed('Could not create the engine, '
'reason: {}.'.format(result.msg, engine))
def exec_module(self, **kwargs):
for name, value in kwargs.items():
setattr(self, name, value)
failed = False
try:
engine = Engine.get(self.name)
msg = ''
# If policy is defined, run an upload on the policy
# TODO: Address situation where policy is queued for
# uninitialized engine and attempted twice. This will
# succeed but SMC 6.3 will return ''
if self.policy:
if self.wait_for_finish:
task = engine.upload(self.policy,
timeout=self.sleep,
wait_for_finish=True,
max_tries=self.max_tries)
while not task.done():
task.wait(self.sleep)
msg = task.last_message()
else:
task = engine.upload(self.policy)
if task.task.in_progress:
msg = 'Task upload currently in progress. Check the engine ' \
'facts to determine if any pending changes remain.'
else:
msg ='Task did not report positive status when starting. ' \
'Returned status was %s' % task.last_message()
failed = True
else: # A refresh of already installed policy
if engine.installed_policy:
if self.wait_for_finish:
task = engine.refresh(timeout=self.sleep,
wait_for_finish=True,
max_tries=self.max_tries)
while not task.done():
task.wait(self.sleep)
msg = task.last_message()
else:
if engine.installed_policy:
task = engine.refresh()
if task.task.in_progress:
msg = 'Task refresh currently in progress. Check the engine ' \
'facts to determine if any pending changes remain.'
else:
msg ='Task did not report positive status when starting. ' \
'Returned status was %s' % task.last_message()
failed = True
else:
msg = 'Engine does not currently have a policy assigned, you must ' \
'specify a policy to upload before refreshing policy.'
failed = True
self.results['msg'] = msg
except SMCException as err:
self.fail(msg=str(err), exception=traceback.format_exc())
self.results['failed'] = failed
return self.results
def create(cls,
name,
mgmt_ip,
mgmt_network,
mgmt_interface='0',
inline_interface='1-2',
logical_interface='default_eth',
log_server_ref=None,
domain_server_address=None,
zone_ref=None,
enable_antivirus=False,
enable_gti=False):
"""
Create a single IPS engine with management interface and inline pair
:param str name: name of ips engine
:param str mgmt_ip: ip address of management interface
:param str mgmt_network: management network in cidr format
:param int mgmt_interface: (optional) interface for management from SMC to fw
:param str inline_interface: interfaces to use for first inline pair
:param str logical_interface: (optional) logical_interface reference
:param str log_server_ref: (optional) href to log_server instance
:param list domain_server_address: (optional) DNS server addresses
:param str zone_ref: (optional) zone name for management interface (created if not found)
:param boolean enable_antivirus: (optional) Enable antivirus (required DNS)
:param boolean enable_gti: (optional) Enable GTI
:return: :py:class:`smc.core.engine.Engine`
:raises: :py:class:`smc.api.exceptions.CreateEngineFailed`: Failure to create with reason
"""
interfaces = []
physical = PhysicalInterface()
physical.add_node_interface(mgmt_interface,
mgmt_ip,
mgmt_network,
is_mgmt=True,
zone_ref=zone_ref)
intf_href = logical_intf_helper(logical_interface)
inline = PhysicalInterface()
inline.add_inline_interface(inline_interface, intf_href)
interfaces.append(physical())
interfaces.append(inline())
engine = Engine.create(name=name,
node_type=cls.node_type,
physical_interfaces=interfaces,
domain_server_address=domain_server_address,
log_server_ref=log_server_ref,
nodes=1,
enable_gti=enable_gti,
enable_antivirus=enable_antivirus)
href = search.element_entry_point('single_ips')
result = prepared_request(href=href, json=engine).create()
if result.href:
return Engine(name=name,
meta=Meta(name=name,
href=result.href,
type='single_ips'))
else:
raise CreateEngineFailed(
'Could not create the engine, reason: {}'.format(result.msg))
def create(cls, name, master_engine, virtual_resource,
interfaces, default_nat=False, outgoing_intf=0,
domain_server_address=None, enable_ospf=False,
ospf_profile=None, **kwargs):
"""
:param str name: Name of this layer 3 virtual engine
:param str master_engine: Name of existing master engine
:param str virtual_resource: name of pre-created virtual resource
:param list interfaces: dict of interface details
:param bool default_nat: Whether to enable default NAT for outbound
:param int outgoing_intf: outgoing interface for VE. Specifies interface number
:param list interfaces: interfaces mappings passed in
:param bool enable_ospf: whether to turn OSPF on within engine
:param str ospf_profile: optional OSPF profile to use on engine, by ref
:raises CreateEngineFailed: Failure to create with reason
:raises LoadEngineFailed: master engine not found
:return: :py:class:`smc.core.engine.Engine`
"""
virt_resource_href = None # need virtual resource reference
master_engine = Engine(master_engine)
for virt_resource in master_engine.virtual_resource.all():
if virt_resource.name == virtual_resource:
virt_resource_href = virt_resource.href
break
if not virt_resource_href:
raise CreateEngineFailed('Cannot find associated virtual resource for '
'VE named: {}. You must first create a virtual '
'resource for the master engine before you can associate '
'a virtual engine. Cannot add VE'.format(name))
new_interfaces = []
for interface in interfaces:
builder = InterfaceBuilder()
builder.interface_id = interface.get('interface_id')
builder.add_sni_only(interface.get('address'),
interface.get('network_value'))
builder.zone_ref = interface.get('zone_ref')
# set auth request and outgoing on one of the interfaces
if interface.get('interface_id') == outgoing_intf:
intf = extract_sub_interface(builder.data)
intf.update(outgoing=True, auth_request=True)
new_interfaces.append({'virtual_physical_interface': builder.data})
engine = super(Layer3VirtualEngine, cls)._create(
name=name,
node_type='virtual_fw_node',
physical_interfaces=new_interfaces,
domain_server_address=domain_server_address,
log_server_ref=None, # Isn't used in VE
nodes=1, default_nat=default_nat,
enable_ospf=enable_ospf,
ospf_profile=ospf_profile)
engine.update(virtual_resource=virt_resource_href)
# Master Engine provides this service
engine.pop('log_server_ref', None)
try:
return ElementCreator(cls, json=engine)
except CreateElementFailed as e:
raise CreateEngineFailed(e)