def add_status(self, name, skipped_attr, member_skipped, skipped_monitors, converted_objs, user_ignore, skipped_servers): skipped = [] conv_status = dict() conv_status['user_ignore'] = [] if skipped_attr: p_ignore = user_ignore.get('pool', []) conv_status['user_ignore'] = [val for val in skipped_attr if val in p_ignore] skipped_attr = [attr for attr in skipped_attr if attr not in p_ignore] if skipped_attr: skipped.append(skipped_attr) if member_skipped: m_ignore = user_ignore.get('members', []) if m_ignore: ms_new = [] um_list = [] for obj in member_skipped: um_skipped = dict() um_skipped[obj.keys()[0]] = \ [val for val in obj[obj.keys()[0]] if val in m_ignore] temp = [val for val in obj[obj.keys()[0]] if val not in m_ignore] if um_skipped[um_skipped.keys()[0]]: um_list.append(um_skipped) if temp: ms_new.append({obj.keys()[0]: temp}) conv_status['user_ignore'].append(um_list) if ms_new: skipped.append(ms_new) else: skipped.append(member_skipped) if skipped_monitors and not user_ignore.get('monitor', None): skipped.append({"monitor": skipped_monitors}) if skipped_servers: skipped.append({"server": skipped_servers}) conv_status['skipped'] = skipped status = conv_const.STATUS_SUCCESSFUL if skipped: status = conv_const.STATUS_PARTIAL conv_status['status'] = status conv_utils.add_conv_status('pool', None, name, conv_status, converted_objs)
def convert_cookie(self, name, profile, skipped, tenant): method = profile.get('cookie mode', 'insert') if not method == 'insert': LOG.warn("Skipped cookie method not supported for profile '%s' " % name) conv_utils.add_conv_status('persistence', 'cookie', name, 'skipped') return None #supported_attr = ["cookie name", "mode", "defaults from", "cookie mode", #"cookie hash offset", "cookie hash length", #"cookie expiration"] skipped += [ attr for attr in profile.keys() if attr not in self.supported_attr ] cookie_name = profile.get("cookie name", name + ':-cookie') if not cookie_name: LOG.error("Missing Required field cookie name in: %s", name) conv_utils.add_status_row('profile', 'persist-cookie', name, final.STATUS_SKIPPED) return None timeout = profile.get("cookie expiration", '1') if timeout == 'immediate': timeout = '0' parent_obj = super(PersistenceConfigConvV10, self) if 'd ' in timeout: timeout = timeout.replace('d ', ':') elif 'd' in timeout: timeout = timeout.replace('d', '') timeout = parent_obj.convert_timeout(timeout) persist_profile = { "name": name, "app_cookie_persistence_profile": { "prst_hdr_name": cookie_name, "timeout": timeout }, "server_hm_down_recovery": "HM_DOWN_PICK_NEW_SERVER", "persistence_type": "PERSISTENCE_TYPE_APP_COOKIE", } persist_profile['tenant_ref'] = conv_utils.get_object_ref( tenant, 'tenant') return persist_profile
def convert_cookie(self, name, profile, skipped, tenant): method = profile.get('cookie mode', 'insert') if not method == 'insert': LOG.warn("Skipped cookie method not supported for profile '%s' " % name) conv_utils.add_conv_status('persistence', 'cookie', name, 'skipped') return None #supported_attr = ["cookie name", "mode", "defaults from", "cookie mode", #"cookie hash offset", "cookie hash length", #"cookie expiration"] skipped += [attr for attr in profile.keys() if attr not in self.supported_attr] cookie_name = profile.get("cookie name", name+':-cookie') if not cookie_name: LOG.error("Missing Required field cookie name in: %s", name) conv_utils.add_status_row('profile', 'persist-cookie', name, final.STATUS_SKIPPED) return None timeout = profile.get("cookie expiration", '1') if timeout == 'immediate': timeout = '0' parent_obj = super(PersistenceConfigConvV10, self) if 'd ' in timeout: timeout = timeout.replace('d ', ':') elif 'd' in timeout: timeout = timeout.replace('d', '') timeout = parent_obj.convert_timeout(timeout) persist_profile = { "name": name, "app_cookie_persistence_profile": { "prst_hdr_name": cookie_name, "timeout": timeout }, "server_hm_down_recovery": "HM_DOWN_PICK_NEW_SERVER", "persistence_type": "PERSISTENCE_TYPE_APP_COOKIE", } persist_profile['tenant_ref'] = conv_utils.get_object_ref( tenant, 'tenant') return persist_profile
def convert_vs(self, vs_name, f5_vs, vs_state, avi_config, snat_config, user_ignore, tenant_ref, cloud_name, controller_version): tenant, vs_name = conv_utils.get_tenant_ref(vs_name) if not tenant_ref == 'admin': tenant = tenant_ref hash_profiles = avi_config.get('hash_algorithm', []) description = f5_vs.get("description", None) skipped = [key for key in f5_vs.keys() if key not in self.supported_attr] enabled = (vs_state == 'enable') if enabled: enabled = False if "disabled" in f5_vs.keys() else True profiles = f5_vs.get("profiles", {}) ssl_vs, ssl_pool = conv_utils.get_vs_ssl_profiles(profiles, avi_config, self.prefix) oc_prof = False for prof in profiles: if prof in avi_config.get('OneConnect', []): oc_prof = True app_prof, f_host, realm, policy_set = conv_utils.get_vs_app_profiles( profiles, avi_config, tenant, self.prefix, oc_prof) if not app_prof: LOG.warning('Profile type not supported by Avi Skipping VS : %s' % vs_name) conv_utils.add_status_row('virtual', None, vs_name, final.STATUS_SKIPPED) return None ntwk_prof = conv_utils.get_vs_ntwk_profiles(profiles, avi_config, self.prefix) # If one connect profile is not assigned to f5 VS and avi app profile # assigned to VS has connection_multiplexing_enabled value True then # clone profile and make connection_multiplexing_enabled as False pool_ref = f5_vs.get("pool", None) app_prof_obj = [obj for obj in avi_config['ApplicationProfile'] if obj['name'] == app_prof[0]] cme = True app_prof_type = None if app_prof_obj: app_prof_type = app_prof_obj[0].get('type') if app_prof_type == 'APPLICATION_PROFILE_TYPE_HTTP': cme = app_prof_obj[0]['http_profile'].get( 'connection_multiplexing_enabled', False) if not (cme or oc_prof): # Check if already cloned profile present app_prof_cmd = [obj for obj in avi_config['ApplicationProfile'] if obj['name'] == '%s-cmd' % app_prof[0]] if app_prof_cmd: app_prof[0] = app_prof_cmd[0]['name'] else: app_prof_cmd = copy.deepcopy(app_prof_obj[0]) app_prof_cmd['name'] = '%s-cmd' % app_prof_cmd['name'] app_prof_cmd['connection_multiplexing_enabled'] = False avi_config['ApplicationProfile'].append(app_prof_cmd) app_prof[0] = app_prof_cmd['name'] enable_ssl = False if ssl_vs: enable_ssl = True destination = f5_vs.get("destination", None) d_tenant, destination = conv_utils.get_tenant_ref(destination) # if destination is not present then skip vs. services_obj, ip_addr, vsvip_ref, vrf_ref = conv_utils.get_service_obj( destination, avi_config, enable_ssl, controller_version, tenant, cloud_name, self.prefix, vs_name) # Added Check for if port is no digit skip vs. if not services_obj and not ip_addr and not vsvip_ref: LOG.debug("Skipped: Virtualservice: %s" % vs_name) conv_utils.add_status_row('virtual', None, vs_name, final.STATUS_SKIPPED) return is_pool_group = False if pool_ref: p_tenant, pool_ref = conv_utils.get_tenant_ref(pool_ref) # TODO: need to revisit after shared pool support implemented pool_ref, is_pool_group = conv_utils.clone_pool_if_shared( pool_ref, avi_config, vs_name, tenant, p_tenant, cloud_name=cloud_name, prefix=self.prefix) if ssl_pool: if is_pool_group: conv_utils.add_ssl_to_pool_group(avi_config, pool_ref, ssl_pool[0], tenant) conv_utils.remove_http_mon_from_pool_group( avi_config, pool_ref, tenant) else: conv_utils.add_ssl_to_pool(avi_config['Pool'], pool_ref, ssl_pool[0], tenant) conv_utils.remove_http_mon_from_pool( avi_config, pool_ref, tenant) else: # TODO Remove this once controller support this scenario. if is_pool_group: conv_utils.remove_https_mon_from_pool_group( avi_config, pool_ref, tenant) else: conv_utils.remove_https_mon_from_pool( avi_config, pool_ref, tenant) persist_ref = self.get_persist_ref(f5_vs) if persist_ref: avi_persistence = avi_config.get( 'ApplicationPersistenceProfile', []) if is_pool_group: pool_updated = conv_utils.update_pool_group_for_persist( avi_config, pool_ref, persist_ref, hash_profiles, avi_persistence, tenant) else: pool_updated = conv_utils.update_pool_for_persist( avi_config['Pool'], pool_ref, persist_ref, hash_profiles, avi_persistence, tenant) if not pool_updated: skipped.append("persist") LOG.warning( "persist profile %s not found for vs:%s" % (persist_ref, vs_name)) if f_host: conv_utils.update_pool_for_fallback( f_host, avi_config['Pool'], pool_ref) ip_addr = ip_addr.strip() matches = re.findall('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', ip_addr) if not matches or ip_addr == '0.0.0.0': LOG.warning('Avi does not support IPv6 : %s. ' 'Generated random ipv4 for vs: %s' % (ip_addr, vs_name)) vs_name += '-needs-ipv6-ip' ip_addr = ".".join(map(str, ( random.randint(0, 255) for _ in range(4)))) # VIP object for virtual service vip = { 'ip_address': { 'addr': ip_addr, 'type': 'V4' }, 'vip_id': 0 } vs_obj = { 'name': vs_name, 'description': description, 'type': 'VS_TYPE_NORMAL', 'enabled': enabled, 'cloud_ref': conv_utils.get_object_ref( cloud_name, 'cloud', tenant=tenant), 'services': services_obj, 'application_profile_ref': app_prof[0], 'vs_datascripts': [], 'tenant_ref': conv_utils.get_object_ref(tenant, 'tenant') } if vrf_ref: vs_obj['vrf_context_ref'] = vrf_ref if parse_version(controller_version) >= parse_version('17.1'): vs_obj['vip'] = [vip] vs_obj['vsvip_ref'] = vsvip_ref else: vs_obj['ip_address'] = vip['ip_address'] vs_ds_rules = None if 'rules' in f5_vs: if isinstance(f5_vs['rules'], basestring): vs_ds_rules = [f5_vs['rules']] else: vs_ds_rules = f5_vs['rules'].keys() for index, rule in enumerate(vs_ds_rules): # converted _sys_https_redirect data script to rule in # http policy if rule == '_sys_https_redirect': # Added prefix for objects if self.prefix: policy_name = self.prefix + '-' + rule + '-' + vs_name else: policy_name = rule + '-' + vs_name policy = { "name": policy_name, "http_request_policy": { "rules": [ { "index": 1, "redirect_action": { "keep_query": True, "status_code": "HTTP_REDIRECT_STATUS_CODE_302", "protocol": "HTTPS", "port": 443 }, "enable": True, "name": policy_name + "-Redirect", "match": { "protocol": { "protocols": "HTTP", "match_criteria": "IS_IN" } } } ] }, 'tenant_ref': conv_utils.get_object_ref(tenant, 'tenant'), "is_internal_policy": False } http_policies = { 'index': 11, 'http_policy_set_ref': conv_utils.get_object_ref(policy_name, 'httppolicyset', tenant=tenant) } vs_obj['http_policies'] = [] vs_obj['http_policies'].append(http_policies) avi_config['HTTPPolicySet'].append(policy) if is_pool_group: vs_obj['pool_group_ref'] = conv_utils.get_object_ref( pool_ref, 'poolgroup', tenant=tenant, cloud_name=cloud_name) elif pool_ref: vs_obj['pool_ref'] = conv_utils.get_object_ref( pool_ref, 'pool', tenant=tenant, cloud_name=cloud_name) self.convert_translate_port(avi_config, f5_vs, app_prof[0], pool_ref, skipped) conn_limit = int(f5_vs.get(self.connection_limit, '0')) if conn_limit > 0: vs_obj["performance_limits"] = { "max_concurrent_connections": conn_limit } rate_limit = int(f5_vs.get('rate-limit', '0')) if rate_limit > 0: vs_obj["connections_rate_limit"] = { "count": rate_limit } if realm: vs_obj['client_auth'] = realm if policy_set: vs_obj['http_policies'] = policy_set source = f5_vs.get('source', '0.0.0.0/0') if '%' in source: s_parts = source.split('%') elif '/' in source: s_parts = source.split('/') else: s_parts = [source] if not s_parts[0] == '0.0.0.0': parts = source.split('/') if '%' in parts[0]: parts[0] = parts[0].split('%')[0] mask = 24 if len(parts) > 1: mask = parts[1] policy_name = ('vs-%s-ns' % vs_name) policy = conv_utils.create_network_security_rule( policy_name, parts[0], mask, tenant) avi_config['NetworkSecurityPolicy'].append(policy) vs_obj['network_security_policy_ref'] = conv_utils.get_object_ref( policy_name, 'networksecuritypolicy', tenant=tenant) # Checking snat conversion flag and snat info for creating snat ip object snat = f5_vs.get("source-address-translation", {}) snat_pool_name = snat.get("pool", f5_vs.get("snatpool", None)) snat_pool = snat_config.pop(snat_pool_name, None) if snat_pool: if self.con_snatpool: LOG.debug("Converting the snat as input flag and snat information is set") snat_list = conv_utils.get_snat_list_for_vs(snat_pool) if len(snat_list) > 32: vs_obj["snat_ip"] = snat_list[0:32] LOG.warning( 'Ignore the snat IPs, its count is beyond 32 for vs : %s' % vs_name) else: vs_obj["snat_ip"] = snat_list conv_status = {'status': final.STATUS_SUCCESSFUL} message = 'Mapped indirectly to VS -> SNAT IP Address' conv_utils.add_conv_status('snatpool', '', snat_pool_name, conv_status, message) else: LOG.debug("Skipped: snat conversion as input flag is not set for vs : %s" % vs_name) skipped.append("source-address-translation" if f5_vs.get( "source-address-translation") else "snatpool" if f5_vs.get( "snatpool") else None) if ntwk_prof: vs_obj['network_profile_ref'] = ntwk_prof[0] if enable_ssl: vs_obj['ssl_profile_ref'] = ssl_vs[0]["profile"] if ssl_vs[0]["cert"]: vs_obj['ssl_key_and_certificate_refs'] = [ssl_vs[0]["cert"]] if ssl_vs[0]["pki"] and app_prof[0] != "http": app_profiles = [obj for obj in avi_config["ApplicationProfile"] if obj['name'] == conv_utils.get_name_from_ref(app_prof[0])] if app_profiles[0]["type"] == \ 'APPLICATION_PROFILE_TYPE_HTTP': app_profiles[0]["http_profile"][ "ssl_client_certificate_mode"] = ssl_vs[0]["mode"] app_profiles[0]["http_profile"]["pki_profile_ref"] = \ ssl_vs[0]["pki"] # Added code to skipped L4 VS if pool or pool group not present if vs_obj['application_profile_ref']: app_profile_name = \ str(vs_obj['application_profile_ref']).split( '&name=')[1] application_profile_obj = \ [obj for obj in avi_config['ApplicationProfile'] if obj['name'] == app_profile_name] if application_profile_obj and application_profile_obj[0]['type'] \ == 'APPLICATION_PROFILE_TYPE_L4': if not 'pool_ref' and not 'pool_group_ref' in vs_obj: LOG.debug("Failed to convert L4 VS dont have " "pool or pool group ref: %s" % vs_name) conv_utils.add_status_row('virtual', None, vs_name, final.STATUS_SKIPPED) return for attr in self.ignore_for_value: ignore_val = self.ignore_for_value[attr] actual_val = f5_vs.get(attr, None) if not actual_val: continue if isinstance(ignore_val, str) and actual_val == ignore_val: skipped.remove(attr) elif isinstance(ignore_val, list) and actual_val in ignore_val: skipped.remove(attr) conv_status = dict() conv_status['user_ignore'] = [val for val in skipped if val in user_ignore] if vs_ds_rules: skipped_rules = [rule for rule in vs_ds_rules if rule != '_sys_https_redirect'] if skipped_rules: skipped.append('rules: %s' % skipped_rules) conv_status['na_list'] = [val for val in skipped if val in self.vs_na_attr] skipped = [attr for attr in skipped if attr not in self.vs_na_attr] skipped = [attr for attr in skipped if attr not in user_ignore] conv_status['skipped'] = skipped status = final.STATUS_SUCCESSFUL if skipped: status = final.STATUS_PARTIAL conv_status['status'] = status conv_utils.add_conv_status('virtual', None, vs_name, conv_status, vs_obj) return vs_obj
def convert_monitor(self, f5_monitor, key, monitor_config, input_dir, user_ignore, tenant_ref, avi_config, cloud_name, controller_version): monitor_type, name = self.get_name_type(f5_monitor, key) skipped = [val for val in f5_monitor.keys() if val not in self.supported_attributes] indirect = copy.deepcopy(self.indirect_mappings) timeout = int(f5_monitor.get("timeout", conv_const.DEFAULT_TIMEOUT)) interval = int(f5_monitor.get("interval", conv_const.DEFAULT_INTERVAL)) time_until_up = int(f5_monitor.get(self.tup, conv_const.DEFAULT_TIME_UNTIL_UP)) # Fixed Successful interval and failed checks failed_checks = int(timeout/interval) successful_checks = conv_const.DEFAULT_FAILED_CHECKS if time_until_up > 0: successful_checks = int(time_until_up/interval) successful_checks = 1 \ if successful_checks == 0 else successful_checks description = f5_monitor.get("description", None) monitor_dict = dict() tenant, name = conv_utils.get_tenant_ref(name) # Added prefix for objects if self.prefix: name = self.prefix + '-' + name if tenant_ref != 'admin': tenant = tenant_ref monitor_dict['tenant_ref'] = conv_utils.get_object_ref(tenant, 'tenant') monitor_dict["name"] = name monitor_dict["receive_timeout"] = interval-1 monitor_dict["failed_checks"] = failed_checks monitor_dict["send_interval"] = interval monitor_dict["successful_checks"] = successful_checks if description: monitor_dict["description"] = description # transparent : Only flag if destination or port are set, else ignore transparent = f5_monitor.get("transparent", 'disabled') transparent = False if transparent == 'disabled' else True destination = f5_monitor.get(self.dest_key, '*:*') if destination in ['*', '*:0']: destination = '*:*' f5_monitor[self.dest_key] = destination if not transparent or destination == '*:*': if 'transparent' in skipped: indirect.append('transparent') ignore_for_defaults = {} defaults = self.get_default_monitor(monitor_type, monitor_config) if defaults: ignore_for_defaults = copy.deepcopy(defaults) ignore_for_defaults.update(self.ignore) u_ignore = [] na_list = [] if monitor_type == "http": u_ignore = user_ignore.get("http", []) na_list = self.na_http skipped = self.convert_http(monitor_dict, f5_monitor, skipped) elif monitor_type == "https": na_list = self.na_https u_ignore = user_ignore.get("https", []) skipped = self.convert_https( monitor_dict, f5_monitor, skipped, avi_config, tenant_ref, input_dir, cloud_name, controller_version) elif monitor_type == "dns": na_list = self.na_dns u_ignore = user_ignore.get("dns", []) if f5_monitor.get('qname', None) and (not f5_monitor.get( 'qname') == 'none'): skipped = self.convert_dns(monitor_dict, f5_monitor, skipped) ignore_for_defaults.update({'qtype': 'a'}) else: LOG.warning('No value for mandatory field query_name, skipped ' 'DNS Monitor %s' % key) conv_utils.add_status_row('monitor', monitor_type, name, conv_const.STATUS_SKIPPED) return None elif monitor_type in ["tcp", "tcp_half_open", "tcp-half-open"]: na_list = self.na_tcp u_ignore = user_ignore.get("tcp", []) skipped = self.convert_tcp(monitor_dict, f5_monitor, skipped, monitor_type) elif monitor_type == "udp": na_list = self.na_udp u_ignore = user_ignore.get("udp", []) skipped = self.convert_udp(monitor_dict, f5_monitor, skipped) elif monitor_type in ["icmp", "gateway-icmp", "gateway_icmp"]: na_list = self.na_icmp u_ignore = user_ignore.get("icmp", []) u_ignore += user_ignore.get("gateway-icmp", []) u_ignore += user_ignore.get("gateway_icmp", []) skipped = self.convert_icmp(monitor_dict, f5_monitor, skipped) elif monitor_type == "external": na_list = self.na_external u_ignore = user_ignore.get("external", []) skipped = self.convert_external(monitor_dict, f5_monitor, skipped, input_dir, name) if monitor_dict.get('error', False): return [] conv_status = conv_utils.get_conv_status( skipped, indirect, ignore_for_defaults, f5_monitor, u_ignore, na_list) conv_utils.add_conv_status('monitor', monitor_type, name, conv_status, monitor_dict) return monitor_dict
def convert(self, f5_config, avi_config, user_ignore, tenant_ref): avi_config['hash_algorithm'] = [] converted_objs = [] f5_persistence_dict = f5_config.get('persistence') user_ignore = user_ignore.get('persistence', {}) for key in f5_persistence_dict.keys(): persist_mode = None name = None skipped = [] try: persist_mode, name = key.split(" ") LOG.debug("Converting persistence profile: %s" % name) profile = f5_persistence_dict[key] prof_conv = ProfileConfigConv() profile = prof_conv.update_with_default_profile( persist_mode, profile, f5_persistence_dict, name) tenant, name = conv_utils.get_tenant_ref(name) if tenant_ref != 'admin': tenant = tenant_ref # TODO: Should be enabled after controller app cookie issue is fixed # if persist_mode == "cookie": # persist_profile = self.convert_cookie(name, profile, # skipped, tenant) # if not persist_profile: # continue # u_ignore = user_ignore.get('cookie', []) if persist_mode == "ssl": persist_profile = self.convert_ssl( name, profile, skipped, self.indirect, tenant) u_ignore = user_ignore.get('ssl', []) elif persist_mode == "source-addr": persist_profile = self.convert_source_addr( name, profile, skipped, tenant) u_ignore = user_ignore.get('source-addr', []) elif persist_mode == "hash": avi_config['hash_algorithm'].append(name) skipped = profile.keys() LOG.warn('hash-persistence profile %s will be mapped ' 'indirectly to Pool -> Load Balance Algorithm' % name) conv_status = { 'status': conv_const.STATUS_PARTIAL, 'skipped': skipped } msg = 'Indirectly mapped to Pool -> Load Balance Algorithm' conv_utils.add_conv_status( 'profile', "hash-persistence", name, conv_status, msg) continue else: LOG.warning( 'persist mode not supported skipping conversion: %s' % name) self.update_conv_status_for_skip(persist_mode, name) continue if not persist_profile: continue # code to merge applicaation persistence profile. if self.object_merge_check: conv_utils.update_skip_duplicates(persist_profile, avi_config['ApplicationPersistenceProfile'], 'app_per_profile', converted_objs, name, None) self.app_per_count += 1 else: avi_config["ApplicationPersistenceProfile"].append( persist_profile) ignore_for_defaults = {"app-service": "none", "mask": "none"} conv_status = conv_utils.get_conv_status( skipped, self.indirect, ignore_for_defaults, profile, u_ignore) self.update_conversion_status(conv_status, persist_mode, name, persist_profile) except: LOG.error("Failed to convert persistance profile : %s" % key, exc_info=True) self.update_conv_status_for_error(name, persist_mode, key) count = len(avi_config["ApplicationPersistenceProfile"]) LOG.debug("Converted %s persistence profiles" % count) f5_config.pop('persistence')
def update_conversion_status(self, conv_status, persist_mode, name, persist_profile): conv_utils.add_conv_status('profile', 'persist', name, conv_status, persist_profile) LOG.debug("Conversion successful for persistence profile: %s" % name)
def convert_vs(self, vs_name, f5_vs, vs_state, avi_config, snat_config, user_ignore, tenant_ref, cloud_name, controller_version): tenant, vs_name = conv_utils.get_tenant_ref(vs_name) if not tenant_ref == 'admin': tenant = tenant_ref hash_profiles = avi_config.get('hash_algorithm', []) description = f5_vs.get("description", None) skipped = [ key for key in f5_vs.keys() if key not in self.supported_attr ] enabled = (vs_state == 'enable') if enabled: enabled = False if "disabled" in f5_vs.keys() else True profiles = f5_vs.get("profiles", {}) ssl_vs, ssl_pool = conv_utils.get_vs_ssl_profiles( profiles, avi_config, self.prefix) oc_prof = False for prof in profiles: if prof in avi_config.get('OneConnect', []): oc_prof = True app_prof, f_host, realm, policy_set = conv_utils.get_vs_app_profiles( profiles, avi_config, tenant, self.prefix, oc_prof) if not app_prof: LOG.warning('Profile type not supported by Avi Skipping VS : %s' % vs_name) conv_utils.add_status_row('virtual', None, vs_name, final.STATUS_SKIPPED) return None ntwk_prof = conv_utils.get_vs_ntwk_profiles(profiles, avi_config, self.prefix) # If one connect profile is not assigned to f5 VS and avi app profile # assigned to VS has connection_multiplexing_enabled value True then # clone profile and make connection_multiplexing_enabled as False pool_ref = f5_vs.get("pool", None) app_prof_obj = [ obj for obj in avi_config['ApplicationProfile'] if obj['name'] == app_prof[0] ] cme = True app_prof_type = None if app_prof_obj: app_prof_type = app_prof_obj[0].get('type') if app_prof_type == 'APPLICATION_PROFILE_TYPE_HTTP': cme = app_prof_obj[0]['http_profile'].get( 'connection_multiplexing_enabled', False) if not (cme or oc_prof): # Check if already cloned profile present app_prof_cmd = [ obj for obj in avi_config['ApplicationProfile'] if obj['name'] == '%s-cmd' % app_prof[0] ] if app_prof_cmd: app_prof[0] = app_prof_cmd[0]['name'] else: app_prof_cmd = copy.deepcopy(app_prof_obj[0]) app_prof_cmd['name'] = '%s-cmd' % app_prof_cmd['name'] app_prof_cmd['connection_multiplexing_enabled'] = False avi_config['ApplicationProfile'].append(app_prof_cmd) app_prof[0] = app_prof_cmd['name'] enable_ssl = False if ssl_vs: enable_ssl = True destination = f5_vs.get("destination", None) d_tenant, destination = conv_utils.get_tenant_ref(destination) # if destination is not present then skip vs. services_obj, ip_addr, vsvip_ref, vrf_ref = conv_utils.get_service_obj( destination, avi_config, enable_ssl, controller_version, tenant, cloud_name, self.prefix, vs_name) # Added Check for if port is no digit skip vs. if not services_obj and not ip_addr and not vsvip_ref: LOG.debug("Skipped: Virtualservice: %s" % vs_name) conv_utils.add_status_row('virtual', None, vs_name, final.STATUS_SKIPPED) return is_pool_group = False if pool_ref: p_tenant, pool_ref = conv_utils.get_tenant_ref(pool_ref) # TODO: need to revisit after shared pool support implemented pool_ref, is_pool_group = conv_utils.clone_pool_if_shared( pool_ref, avi_config, vs_name, tenant, p_tenant, cloud_name=cloud_name, prefix=self.prefix) if ssl_pool: if is_pool_group: conv_utils.add_ssl_to_pool_group(avi_config, pool_ref, ssl_pool[0], tenant) conv_utils.remove_http_mon_from_pool_group( avi_config, pool_ref, tenant) else: conv_utils.add_ssl_to_pool(avi_config['Pool'], pool_ref, ssl_pool[0], tenant) conv_utils.remove_http_mon_from_pool( avi_config, pool_ref, tenant) else: # TODO Remove this once controller support this scenario. if is_pool_group: conv_utils.remove_https_mon_from_pool_group( avi_config, pool_ref, tenant) else: conv_utils.remove_https_mon_from_pool( avi_config, pool_ref, tenant) persist_ref = self.get_persist_ref(f5_vs) if persist_ref: avi_persistence = avi_config.get( 'ApplicationPersistenceProfile', []) if is_pool_group: pool_updated = conv_utils.update_pool_group_for_persist( avi_config, pool_ref, persist_ref, hash_profiles, avi_persistence, tenant) else: pool_updated = conv_utils.update_pool_for_persist( avi_config['Pool'], pool_ref, persist_ref, hash_profiles, avi_persistence, tenant) if not pool_updated: skipped.append("persist") LOG.warning("persist profile %s not found for vs:%s" % (persist_ref, vs_name)) if f_host: conv_utils.update_pool_for_fallback(f_host, avi_config['Pool'], pool_ref) ip_addr = ip_addr.strip() matches = re.findall('^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$', ip_addr) if not matches or ip_addr == '0.0.0.0': LOG.warning('Avi does not support IPv6 : %s. ' 'Generated random ipv4 for vs: %s' % (ip_addr, vs_name)) vs_name += '-needs-ipv6-ip' ip_addr = ".".join( map(str, (random.randint(0, 255) for _ in range(4)))) # VIP object for virtual service vip = {'ip_address': {'addr': ip_addr, 'type': 'V4'}, 'vip_id': 0} vs_obj = { 'name': vs_name, 'description': description, 'type': 'VS_TYPE_NORMAL', 'enabled': enabled, 'cloud_ref': conv_utils.get_object_ref(cloud_name, 'cloud', tenant=tenant), 'services': services_obj, 'application_profile_ref': app_prof[0], 'vs_datascripts': [], 'tenant_ref': conv_utils.get_object_ref(tenant, 'tenant') } if vrf_ref: vs_obj['vrf_context_ref'] = vrf_ref if parse_version(controller_version) >= parse_version('17.1'): vs_obj['vip'] = [vip] vs_obj['vsvip_ref'] = vsvip_ref else: vs_obj['ip_address'] = vip['ip_address'] vs_ds_rules = None if 'rules' in f5_vs: if isinstance(f5_vs['rules'], basestring): vs_ds_rules = [f5_vs['rules']] else: vs_ds_rules = f5_vs['rules'].keys() for index, rule in enumerate(vs_ds_rules): # converted _sys_https_redirect data script to rule in # http policy if rule == '_sys_https_redirect': # Added prefix for objects if self.prefix: policy_name = self.prefix + '-' + rule + '-' + vs_name else: policy_name = rule + '-' + vs_name policy = { "name": policy_name, "http_request_policy": { "rules": [{ "index": 1, "redirect_action": { "keep_query": True, "status_code": "HTTP_REDIRECT_STATUS_CODE_302", "protocol": "HTTPS", "port": 443 }, "enable": True, "name": policy_name + "-Redirect", "match": { "protocol": { "protocols": "HTTP", "match_criteria": "IS_IN" } } }] }, 'tenant_ref': conv_utils.get_object_ref(tenant, 'tenant'), "is_internal_policy": False } http_policies = { 'index': 11, 'http_policy_set_ref': conv_utils.get_object_ref(policy_name, 'httppolicyset', tenant=tenant) } vs_obj['http_policies'] = [] vs_obj['http_policies'].append(http_policies) avi_config['HTTPPolicySet'].append(policy) if is_pool_group: vs_obj['pool_group_ref'] = conv_utils.get_object_ref( pool_ref, 'poolgroup', tenant=tenant, cloud_name=cloud_name) elif pool_ref: vs_obj['pool_ref'] = conv_utils.get_object_ref( pool_ref, 'pool', tenant=tenant, cloud_name=cloud_name) self.convert_translate_port(avi_config, f5_vs, app_prof[0], pool_ref, skipped) conn_limit = int(f5_vs.get(self.connection_limit, '0')) if conn_limit > 0: vs_obj["performance_limits"] = { "max_concurrent_connections": conn_limit } rate_limit = int(f5_vs.get('rate-limit', '0')) if rate_limit > 0: vs_obj["connections_rate_limit"] = {"count": rate_limit} if realm: vs_obj['client_auth'] = realm if policy_set: vs_obj['http_policies'] = policy_set source = f5_vs.get('source', '0.0.0.0/0') if '%' in source: s_parts = source.split('%') elif '/' in source: s_parts = source.split('/') else: s_parts = [source] if not s_parts[0] == '0.0.0.0': parts = source.split('/') if '%' in parts[0]: parts[0] = parts[0].split('%')[0] mask = 24 if len(parts) > 1: mask = parts[1] policy_name = ('vs-%s-ns' % vs_name) policy = conv_utils.create_network_security_rule( policy_name, parts[0], mask, tenant) avi_config['NetworkSecurityPolicy'].append(policy) vs_obj['network_security_policy_ref'] = conv_utils.get_object_ref( policy_name, 'networksecuritypolicy', tenant=tenant) # Checking snat conversion flag and snat info for creating snat ip object snat = f5_vs.get("source-address-translation", {}) snat_pool_name = snat.get("pool", f5_vs.get("snatpool", None)) snat_pool = snat_config.pop(snat_pool_name, None) if snat_pool: if self.con_snatpool: LOG.debug( "Converting the snat as input flag and snat information is set" ) snat_list = conv_utils.get_snat_list_for_vs(snat_pool) if len(snat_list) > 32: vs_obj["snat_ip"] = snat_list[0:32] LOG.warning( 'Ignore the snat IPs, its count is beyond 32 for vs : %s' % vs_name) else: vs_obj["snat_ip"] = snat_list conv_status = {'status': final.STATUS_SUCCESSFUL} message = 'Mapped indirectly to VS -> SNAT IP Address' conv_utils.add_conv_status('snatpool', '', snat_pool_name, conv_status, message) else: LOG.debug( "Skipped: snat conversion as input flag is not set for vs : %s" % vs_name) skipped.append("source-address-translation" if f5_vs.get( "source-address-translation") else "snatpool" if f5_vs. get("snatpool") else None) if ntwk_prof: vs_obj['network_profile_ref'] = ntwk_prof[0] if enable_ssl: vs_obj['ssl_profile_ref'] = ssl_vs[0]["profile"] if ssl_vs[0]["cert"]: vs_obj['ssl_key_and_certificate_refs'] = [ssl_vs[0]["cert"]] if ssl_vs[0]["pki"] and app_prof[0] != "http": app_profiles = [ obj for obj in avi_config["ApplicationProfile"] if obj['name'] == conv_utils.get_name_from_ref(app_prof[0]) ] if app_profiles[0]["type"] == \ 'APPLICATION_PROFILE_TYPE_HTTP': app_profiles[0]["http_profile"][ "ssl_client_certificate_mode"] = ssl_vs[0]["mode"] app_profiles[0]["http_profile"]["pki_profile_ref"] = \ ssl_vs[0]["pki"] # Added code to skipped L4 VS if pool or pool group not present if vs_obj['application_profile_ref']: app_profile_name = \ str(vs_obj['application_profile_ref']).split( '&name=')[1] application_profile_obj = \ [obj for obj in avi_config['ApplicationProfile'] if obj['name'] == app_profile_name] if application_profile_obj and application_profile_obj[0]['type'] \ == 'APPLICATION_PROFILE_TYPE_L4': if not 'pool_ref' and not 'pool_group_ref' in vs_obj: LOG.debug("Failed to convert L4 VS dont have " "pool or pool group ref: %s" % vs_name) conv_utils.add_status_row('virtual', None, vs_name, final.STATUS_SKIPPED) return for attr in self.ignore_for_value: ignore_val = self.ignore_for_value[attr] actual_val = f5_vs.get(attr, None) if not actual_val: continue if isinstance(ignore_val, str) and actual_val == ignore_val: skipped.remove(attr) elif isinstance(ignore_val, list) and actual_val in ignore_val: skipped.remove(attr) conv_status = dict() conv_status['user_ignore'] = [ val for val in skipped if val in user_ignore ] if vs_ds_rules: skipped_rules = [ rule for rule in vs_ds_rules if rule != '_sys_https_redirect' ] if skipped_rules: skipped.append('rules: %s' % skipped_rules) conv_status['na_list'] = [ val for val in skipped if val in self.vs_na_attr ] skipped = [attr for attr in skipped if attr not in self.vs_na_attr] skipped = [attr for attr in skipped if attr not in user_ignore] conv_status['skipped'] = skipped status = final.STATUS_SUCCESSFUL if skipped: status = final.STATUS_PARTIAL conv_status['status'] = status conv_utils.add_conv_status('virtual', None, vs_name, conv_status, vs_obj) return vs_obj
def convert(self, f5_config, avi_config, user_ignore, tenant_ref): avi_config['hash_algorithm'] = [] converted_objs = [] f5_persistence_dict = f5_config.get('persistence') user_ignore = user_ignore.get('persistence', {}) for key in f5_persistence_dict.keys(): persist_mode = None name = None skipped = [] try: persist_mode, name = key.split(" ") LOG.debug("Converting persistence profile: %s" % name) profile = f5_persistence_dict[key] prof_conv = ProfileConfigConv() profile = prof_conv.update_with_default_profile( persist_mode, profile, f5_persistence_dict, name) tenant, name = conv_utils.get_tenant_ref(name) if tenant_ref != 'admin': tenant = tenant_ref # TODO: Should be enabled after controller app cookie issue is fixed # if persist_mode == "cookie": # persist_profile = self.convert_cookie(name, profile, # skipped, tenant) # if not persist_profile: # continue # u_ignore = user_ignore.get('cookie', []) if persist_mode == "ssl": persist_profile = self.convert_ssl(name, profile, skipped, self.indirect, tenant) u_ignore = user_ignore.get('ssl', []) elif persist_mode == "source-addr": persist_profile = self.convert_source_addr( name, profile, skipped, tenant) u_ignore = user_ignore.get('source-addr', []) elif persist_mode == "hash": avi_config['hash_algorithm'].append(name) skipped = profile.keys() LOG.warn('hash-persistence profile %s will be mapped ' 'indirectly to Pool -> Load Balance Algorithm' % name) conv_status = { 'status': conv_const.STATUS_PARTIAL, 'skipped': skipped } msg = 'Indirectly mapped to Pool -> Load Balance Algorithm' conv_utils.add_conv_status('profile', "hash-persistence", name, conv_status, msg) continue else: LOG.warning( 'persist mode not supported skipping conversion: %s' % name) self.update_conv_status_for_skip(persist_mode, name) continue if not persist_profile: continue # code to merge applicaation persistence profile. if self.object_merge_check: conv_utils.update_skip_duplicates( persist_profile, avi_config['ApplicationPersistenceProfile'], 'app_per_profile', converted_objs, name, None) self.app_per_count += 1 else: avi_config["ApplicationPersistenceProfile"].append( persist_profile) ignore_for_defaults = {"app-service": "none", "mask": "none"} conv_status = conv_utils.get_conv_status( skipped, self.indirect, ignore_for_defaults, profile, u_ignore) self.update_conversion_status(conv_status, persist_mode, name, persist_profile) except: LOG.error("Failed to convert persistance profile : %s" % key, exc_info=True) self.update_conv_status_for_error(name, persist_mode, key) count = len(avi_config["ApplicationPersistenceProfile"]) LOG.debug("Converted %s persistence profiles" % count) f5_config.pop('persistence')