def tcpDumpsRunning(self): result = self.doc.createElement('tcp-dumps-running') self.doc.documentElement.appendChild(result) allCaptures = [] # Look for all the running RiOS captures. riosCaptures = Nodes.getMgmtSetEntries(self.mgmt, '/rbt/tcpdump/state/capture') for name in riosCaptures: allCaptures.append((name, 'RiOS', riosCaptures[name]['start'])) # Look for all the running hypervisor captures (for BOB). if RVBDUtils.isBOB(): hostCaptures = Nodes.getMgmtSetEntries(self.mgmt, '/host/tcpdump/state/capture') for name in hostCaptures: allCaptures.append((name, 'Hypervisor', hostCaptures[name]['start'])) # Sort by the capture name (which is basically a timestamp). allCaptures.sort(key=lambda x: x[0]) for capture in allCaptures: dumpEl = self.doc.createElement('tcp-dump') result.appendChild(dumpEl) dumpEl.setAttribute('name', capture[0]) dumpEl.setAttribute('runningOn', capture[1]) dumpEl.setAttribute('start', capture[2]) dumpEl.setAttribute('internalName', '%s/%s' % (capture[0], capture[1])) self.writeXmlDoc()
def snmpTrapReceivers(self): table = self.getXmlTable(None, tagNames=('snmp-trap-receivers', 'receiver')) table.open(self.request()) base = self.cmcPolicyRetarget('/snmp/trapsink/sink') receivers = Nodes.getMgmtSetEntries(self.mgmt, base) hosts = receivers.keys() hosts.sort(FormUtils.alphanumericCompare) for host in hosts: receiver = receivers[host] version = receiver.get('type')[len('trap-'):] port = receiver.get('port') if 'v3' == version: user = receiver.get('username', '') protocol = receiver.get('hash_function', '') auth = receiver.get('sec_level', '') authValue = (('auth' == auth) and 'Auth' or ('noauth' == auth) and 'No Auth' or ('authpriv' == auth) and 'AuthPriv') # update the community/user to include privacy protocol and security level as authpriv if authValue == 'AuthPriv': privacyProtocol = receiver.get('privacy_protocol', '') desc = 'user: %s, %s, %s, %s' % (user, protocol, authValue, privacyProtocol) else: desc = 'user: %s, %s, %s' % (user, protocol, authValue) else: desc = 'community: %s' % (receiver.get('community') or 'public') table.addEntry(host=host, version=version, port=port, desc=desc, enabled=('true' == receiver['enable']) and 'enabled' or 'disabled') table.close()
def snmpAcls(self): base = self.cmcPolicyRetarget('/snmp/vacm/acls') acls = Nodes.getMgmtSetEntries(self.mgmt, base) ids = acls.keys() ids.sort(lambda a, b: cmp(int(a), int(b))) table = self.getXmlTable(None, tagNames=('policies', 'policy')) table.open(self.request()) for id in ids: acl = acls[id] table.addEntry(id=id, group_name=acl.get('group_name'), sec_level=acl.get('sec_level'), read_view=acl.get('read_view')) table.close()
def snmpUsers(self): base = self.cmcPolicyRetarget('/snmp/usm/users') users = Nodes.getMgmtSetEntries(self.mgmt, base) names = users.keys() names.sort(FormUtils.alphanumericCompare) table = self.getXmlTable(None, tagNames=('users', 'user')) table.open(self.request()) for name in names: user = users[name] table.addEntry(name=name, protocol=user.get('hash_function'), key=user.get('auth_key'), privacy=user.get('privacy_protocol'), privacyKey=user.get('privacy_key')) table.close()
def restAccessCodes(self): mgmt = self.mgmt result = self.doc.createElement('restAccessCodes') path = self.cmcPolicyRetarget('/papi/config/code') jtis = Nodes.getMgmtSetEntries(self.mgmt, path) for jti, attribs in jtis.iteritems(): entryEl = self.doc.createElement('accessCode') entryEl.setAttribute('jti', jti) entryEl.setAttribute('owner', attribs['user']) entryEl.setAttribute('desc', attribs['desc']) entryEl.setAttribute('code', attribs['data']) result.appendChild(entryEl) self.doc.documentElement.appendChild(result) self.writeXmlDoc()
def perProcessLogging(self): # level -> pretty name map levelOptions = { 'emerg': 'Emergency', 'alert': 'Alert', 'crit': 'Critical', 'err': 'Error', 'warning': 'Warning', 'notice': 'Notice', 'info': 'Info', } # filters <- {process: {..., 'level': level, ...} base = self.cmcPolicyRetarget('/logging/syslog/config/filter/process') filters = Nodes.getMgmtSetEntries(self.mgmt, base) filterDescription = \ self.cmcPolicyRetarget('/logging/syslog/state/filter/process/%s/description') # fetch pretty names filterNameMap = self.mgmt.getMultiple(*[ filterDescription % k for k in filters.iterkeys()]) # filters <- [(prettyName, process, level), ...] filters = [(filterNameMap.get(filterDescription % k) or k, k, v.get('level')) for k, v in filters.items()] # Sort on prettyName, then process, then level. filters.sort() result = self.doc.createElement('perProcessLogging') for prettyName, process, level in filters: processFilter = self.doc.createElement('processFilter') processFilter.setAttribute('prettyName', prettyName) processFilter.setAttribute('process', process) processFilter.setAttribute( 'level', levelOptions.get(level, level)) result.appendChild(processFilter) self.doc.documentElement.appendChild(result) self.writeXmlDoc()
def snmpAction(self): base = self.cmcPolicyRetarget('/snmp/trapsink/sink') userBase = self.cmcPolicyRetarget('/snmp/usm/users') nameBase = self.cmcPolicyRetarget('/snmp/vacm/sec_names') groupBase = self.cmcPolicyRetarget('/snmp/vacm/groups') groupSpec = {'sec_name': 'string', 'sec_model': 'string'} aclBase = self.cmcPolicyRetarget('/snmp/vacm/acls') aclSpec = {'group_name': 'string', 'sec_level': 'string', 'read_view': 'string'} id, val = FormUtils.getPrefixedField('controlReceiver_', self.fields) if id: self.mgmt.set(('%s/%s/enable' % (base, id), 'bool', ('enabled' == val) and 'true' or 'false')) if 'addReceiver' in self.fields: host = self.fields.get('addReceiver_host') port = self.fields.get('addReceiver_port') version = self.fields.get('addReceiver_version') enable = self.fields.get('addReceiver_enable', 'false') pre = '%s/%s' % (base, host) nodes = [(pre + '/type', 'string', version), (pre + '/enable', 'bool', enable)] if port: nodes += [(pre + '/port', 'uint16', port)] if 'trap-v3' != version: # version 1, version 2 community = self.fields.get('addReceiver_community', '') nodes += [(pre + '/community', 'string', community)] else: # version 3 user = self.fields.get('addReceiver_user') mode = self.fields.get('addReceiver_mode') protocol = self.fields.get('addReceiver_protocol') auth = self.fields.get('addReceiver_auth') # key from the user, or derrived from the password if 'password'== mode: password = self.fields.get('addReceiver_password') key = self.sendAction('/snmp/usm/actions/generate_auth_key', ('password', 'string', password), ('hash_function', 'string', protocol)) key = key.get('auth_key', '') else: key = self.fields.get('addReceiver_key') nodes += [(pre + '/username', 'string', user), (pre + '/hash_function', 'string', protocol), (pre + '/auth_key', 'string', key), (pre + '/sec_level', 'string', auth)] # AuthPriv option of Security Level if 'authpriv'== auth: privacyMode = self.fields.get('addReceiver_privacyMode') if 'authPrivacy'== privacyMode: # Use the same key generated from authentication password or entered for authentication privacyKey = key elif 'password'== privacyMode: # Generate key from privacy password entered by user privacyPassword = self.fields.get('addReceiver_privacyPassword') privacyKey = self.sendAction('/snmp/usm/actions/generate_auth_key', ('password', 'string', privacyPassword), ('hash_function', 'string', protocol)) privacyKey = privacyKey.get('auth_key', '') elif 'key'== privacyMode: # Use privacy key provided by the user privacyKey = self.fields.get('addReceiver_privacyKey') privacyProtocol = self.fields.get('addReceiver_privacyProtocol') nodes += [(pre + '/privacy_protocol', 'string', privacyProtocol), (pre + '/privacy_key', 'string', privacyKey)] self.setNodes(*nodes) elif 'removeReceivers' in self.fields: FormUtils.deleteNodesFromConfigForm(self.mgmt, base, 'ck_', self.fields) elif 'addSnmpUser' in self.fields: name = self.fields.get('addSnmpUser_name') protocol = self.fields.get('addSnmpUser_protocol') if 'password'== self.fields.get('addSnmpUser_mode'): password = self.fields.get('addSnmpUser_password') key = self.sendAction('/snmp/usm/actions/generate_auth_key', ('password', 'string', password), ('hash_function', 'string', protocol)) key = key.get('auth_key', '') else: key = self.fields.get('addSnmpUser_key', '') nodes = [('%s/%s' % (userBase, name), 'string', name), ('%s/%s/auth_key' % (userBase, name), 'string', key), ('%s/%s/hash_function' % (userBase, name), 'string', protocol)] privacyOption = self.fields.get('addSnmpUser_privacyOption', 'false') if 'true' == privacyOption: # The user wishes to use the privacy feature, therefore checkbox is checked. privacyProtocol = self.fields.get('addSnmpUser_privacyProtocol') privacyMode = self.fields.get('addSnmpUser_privacyMode') if 'authPrivacy' == privacyMode: # Use the same key generated from authentication or entered for authentication privacyKey = key elif 'password' == privacyMode: # Generate key from password entered for privacy privacyPassword = self.fields.get('addSnmpUser_privacyPassword') privacyKey = self.sendAction('/snmp/usm/actions/generate_auth_key', ('password', 'string', privacyPassword), ('hash_function', 'string', protocol)) privacyKey = privacyKey.get('auth_key', '') elif 'key' == privacyMode: # Use the privacy key provided by the user privacyKey = self.fields.get('addSnmpUser_privacyKey') elif 'false' == privacyOption: # Privacy feature not to be used. Clear the privacy_key and privacy_protocol nodes privacyKey = '' privacyProtocol = '' nodes += [('%s/%s/privacy_protocol' % (userBase, name), 'string', privacyProtocol), ('%s/%s/privacy_key' % (userBase, name), 'string', privacyKey)] self.setNodes(*nodes) elif 'removeSnmpUsers' in self.fields: FormUtils.deleteNodesFromConfigForm( self.mgmt, userBase, 'snmpUser_', self.fields) elif 'addSecurityName' in self.fields: name = self.fields.get('addSecurityName_name') community = self.fields.get('addSecurityName_community') ipBits = self.fields.get('addSecurityName_ip', ':') if '/' not in ipBits: return ip, maskBits = ipBits.split('/') self.setNodes( ('%s/%s' % (nameBase, name), 'string', name), ('%s/%s/community' % (nameBase, name), 'string', community), ('%s/%s/src/ip' % (nameBase, name), 'ipv6addr', ip), ('%s/%s/src/mask_len' % (nameBase, name), 'uint8', maskBits)) elif 'removeSecurityNames' in self.fields: FormUtils.deleteNodesFromConfigForm( self.mgmt, nameBase, 'secName_', self.fields) elif 'addGroup' in self.fields: name = self.fields.get('addGroup_name') i = 0 while True: model = self.fields.get('addSnmpGroup_secModel_%d' % i) if 'editPolicy' in self.fields: if model == 'usm': user = self.fields.get('addSnmpGroupUsm_secName_%d' % i) else: user = self.fields.get('addSnmpGroup_secName_%d' % i) else: user = self.fields.get('addSnmpGroup_secName_%d' % i) if not (user and model): break path = '%s/%s/grp_entry' % (groupBase, name) Nodes.editNodeSequence(self.mgmt, path, groupSpec, 'add', -1, {'sec_name': user, 'sec_model': model}) i += 1 elif 'removeGroups' in self.fields: FormUtils.deleteNodesFromConfigForm(self.mgmt, groupBase, 'group_', self.fields) elif 'addView' in self.fields: name = self.fields.get('addView_name') incField = self.fields.get('addView_includes') # If the addView_includes/_excludes field is blank, then we want a blank list. includes = incField and [inc.strip() for inc in incField.split('\n') if inc.strip() != ''] or [] excField = self.fields.get('addView_excludes') excludes = excField and [exc.strip() for exc in excField.split('\n') if exc.strip() != ''] or [] viewBase = self.cmcPolicyRetarget('/snmp/vacm/views/%s' % name) # Note: Because we don't call Nodes.deleteChildNodes here, adding a view with the # same name as an existing view will append those OIDs, rather than overwriting # the whole list of OIDs. nodes = [(viewBase, 'string', name)] + \ [('%s/included/%s' % (viewBase, inc), 'string', inc) for inc in includes] + \ [('%s/excluded/%s' % (viewBase, exc), 'string', exc) for exc in excludes] self.setNodes(*nodes) elif 'editView' in self.fields: name = self.fields.get('editView_name') incField = self.fields.get('editView_includes') # If the editView_includes/_excludes field is blank, then we want a blank list. includes = incField and [inc.strip() for inc in incField.split('\n') if inc.strip() != ''] or [] excField = self.fields.get('editView_excludes') excludes = excField and [exc.strip() for exc in excField.split('\n') if exc.strip() != ''] or [] viewBase = self.cmcPolicyRetarget('/snmp/vacm/views/%s' % name) Nodes.deleteChildNodes(self.mgmt, viewBase + '/included') Nodes.deleteChildNodes(self.mgmt, viewBase + '/excluded') nodes = [('%s/included/%s' % (viewBase, inc), 'string', inc) for inc in includes] + \ [('%s/excluded/%s' % (viewBase, exc), 'string', exc) for exc in excludes] self.setNodes(*nodes) elif 'removeViews' in self.fields: viewBase = self.cmcPolicyRetarget('/snmp/vacm/views') FormUtils.deleteNodesFromConfigForm(self.mgmt, viewBase, 'view_', self.fields) elif 'addAcl' in self.fields: group = self.fields.get('addAcl_group') auth = self.fields.get('addAcl_auth') readView = self.fields.get('addAcl_readView') # group/sec pairs must be unique, so if there's currently # a group/sec like this one, we replace it acls = Nodes.getMgmtSetEntries(self.mgmt, aclBase) for k, v in acls.iteritems(): if (group == v.get('group_name')) and \ (auth == v.get('sec_level')): Nodes.editNodeSequence(self.mgmt, aclBase, aclSpec, 'edit', int(k), {'group_name': group, 'sec_level': auth, 'read_view': readView}) break; else: Nodes.editNodeSequence(self.mgmt, aclBase, aclSpec, 'add', -1, {'group_name': group, 'sec_level': auth, 'read_view': readView}) elif 'removeAcls' in self.fields: acls = FormUtils.getPrefixedFieldNames('acl_', self.fields) Nodes.editNodeSequence(self.mgmt, aclBase, aclSpec, 'remove', map(int, acls))