def get_snmp_with_auth(template_oids, ip, port, user_name, authen_protocol,
authen_password, priv_protocol, priv_password, timeout,
retries):
"""
:param template_oids:
:param ip:
:param port:
:param user_name:
:param authen_protocol:
:param authen_password:
:param priv_protocol:
:param priv_password:
:param timeout:
:param retries:
:return:
errorIndication, errorStatus, errorIndex, varBinds
"""
return next(
getCmd(
SnmpEngine(),
UsmUserData(
user_name,
authKey=process_password.decrypt_password(
empty_to_none(authen_password)),
privKey=process_password.decrypt_password(
empty_to_none(priv_password)),
authProtocol=AUTH_PROTOCOL[empty_to_none(authen_protocol)],
privProtocol=PRIV_PROTOCOL[empty_to_none(priv_protocol)]),
UdpTransportTarget((ip, port), timeout=timeout, retries=retries),
ContextData(), *template_oids))
def test_decrypt_password(self, mock_base64):
"""
:param :
:return:
"""
encoded = "MTIzNDU2"
mock_base64.b64decode.return_value.decode.return_value = '123456'
from common.process_password import decrypt_password # pylint:disable=import-error, no-name-in-module
actual = decrypt_password(encoded)
expected = "123456"
self.assertEqual(expected, actual)
mock_base64.b64decode.return_value.decode.assert_called_once()
def stop_anycast_service(server_ip, username, pwd):
"""
Stop Anycast service
"""
password = process_password.decrypt_password(pwd)
command = '/usr/local/bluecat/PsmClient node set anycast-enable=0'
output, error = run_ssh_cmd(server_ip, username, password, command)
if b'retcode=ok' in output:
g.user.logger.debug('BDDS %s successfully executed %s.' %
(server_ip, command))
else:
g.user.logger.error('BDDS %s failed to execute %s:\n%s' %
(server_ip, command, output + error))
g.user.logger.error(traceback.format_exc())
def is_check_available_server(server_ip, username, password):
"""
Check server available
:param server_ip: IP address of server
:param username: user name
:param password: password
:return:
[True]- boolean
[False]- boolean
"""
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
try:
pwd_decrypt = process_password.decrypt_password(password)
ssh.connect(server_ip, username=username,
password=pwd_decrypt, timeout=10)
ssh.close()
return True
except (OSError, NoValidConnectionsError) as exception:
g.user.logger.info('Not available for server IP : %s' % server_ip)
return False
def get_bulk_snmp(template_oid,
ip,
snmp_config_data,
timeout=1,
retries=0,
lexicographicMode=False):
"""[Get bulk Snmp]
Arguments:
template_oid {[string]} -- [OID]
ip {[string]} -- [ip of server(ex: 192.168.88.88)]
snmp_config_data {[type]} -- [snmp config get from config file]
Keyword Arguments:
timeout {int} -- [timeout in seconds] (default: {1})
retries {int} -- [Maximum number of request retries, 0 retries means just a single request.] (default: {0})
lexicographicMode {bool} -- [walk SNMP agent’s MIB till the end (if True),
otherwise (if False) stop iteration when all response MIB variables leave the scope of initial MIB variables in varBinds] (default: {False})
Raises:
KeyError: [snmp_version input wrong format. Not match in map_snmp_version]
KeyError: [property is not exist in snmp_config_data]
Returns:
[generator] -- [result generator data get by snmp]
"""
try:
snmp_version = snmp_config_data['snmp_version']
port = snmp_config_data['port']
if snmp_version == "v1" or snmp_version == "v2c":
snmp_community = snmp_config_data['snmp_community']
snmp_iter = bulkCmd(SnmpEngine(),
CommunityData(
snmp_community,
mpModel=map_snmp_version[snmp_version]),
UdpTransportTarget((ip, port),
timeout=timeout,
retries=retries),
ContextData(),
0,
10,
ObjectType(ObjectIdentity(template_oid)),
lexicographicMode=lexicographicMode)
elif snmp_version == "v3":
user_name = snmp_config_data['user_name']
auth_key = process_password.decrypt_password(
empty_to_none(snmp_config_data['authen_password']))
priv_key = process_password.decrypt_password(
empty_to_none(snmp_config_data['priv_password']))
auth_protocol = AUTH_PROTOCOL[empty_to_none(
snmp_config_data['authen_protocol'])]
priv_protocol = PRIV_PROTOCOL[empty_to_none(
snmp_config_data['priv_protocol'])]
snmp_iter = bulkCmd(SnmpEngine(),
UsmUserData(user_name,
authKey=auth_key,
privKey=priv_key,
authProtocol=auth_protocol,
privProtocol=priv_protocol),
UdpTransportTarget((ip, port),
timeout=timeout,
retries=retries),
ContextData(),
0,
10,
ObjectType(ObjectIdentity(template_oid)),
lexicographicMode=lexicographicMode)
else:
raise KeyError(
"'{}' wrong format snmp_version".format(snmp_version))
except KeyError as key_error:
raise KeyError("Can not find {} in snmp_config_data".format(key_error))
except Exception as ex:
raise ex
return snmp_iter
def configure_anycast(server_ip, server_ipv6, username, pwd, anycast_config):
"""
Config anycast
:param server_ip: server ip
:param username: username
:param password: password
:param anycast_config: configuration of anycast
:return:
"""
# Add SNMP enable here
password = process_password.decrypt_password(pwd)
cmd = 'node set snmp-enable=1'
run_psmclient_cmd(server_ip, username, password, cmd)
# Add anycast settings here
if anycast_config['anycast_protocol'] == 'ospfd':
if server_ipv6:
psm_overrides = set()
cmd = 'node get manual-override'
output = run_psmclient_cmd(server_ip, username, password, cmd)
m = re.match(r'manual-override=(.*)', output.decode('utf-8'))
if m:
psm_overrides = set(m.group(1).split(','))
# Disable manual-override for anycast, so that config files are generated
if 'anycast' in psm_overrides:
psm_overrides.remove('anycast')
cmd = 'node set manual-override=' + ','.join(psm_overrides)
run_psmclient_cmd(server_ip, username, password, cmd)
list_ipv4 = ','.join(anycast_config['anycast_ipv4'])
list_ipv6 = ','.join(anycast_config['anycast_ipv6'])
cmd = 'anycast set anycast-ipv4=' + list_ipv4 + ' anycast-ipv6=' + list_ipv6 + \
' service-ipv6=' + server_ipv6 + ' component=common vtysh-enable=1'
g.user.logger.debug(f'Setting anycast : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = f"anycast set area={anycast_config['ospf_area']} authenticate={anycast_config['ospf_authenticate']}\
component=ospfd dead-interval={anycast_config['ospf_dead_interval']} enabled=1 \
hello-interval={anycast_config['ospf_hello_interval']} password={process_password.decrypt_password(anycast_config['ospf_password'])} \
stub={anycast_config['ospf_stub']}"
g.user.logger.debug(f'Setting OSPF : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
# Temporarily enable anycast to write zebra and ospfv2 configuration files
cmd = 'node set anycast-enable=1'
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = 'node set anycast-enable=0'
run_psmclient_cmd(server_ip, username, password, cmd)
# Enable manual-override before adding OSPFv3
psm_overrides.add('anycast')
cmd = 'node set manual-override=' + ','.join(psm_overrides)
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = f"""
echo '! -- ospf6d.conf generated by Gateway NFV plug-in
debug ospf6 lsa unknown
!
interface eth0
ipv6 ospf6 hello-interval {anycast_config['ospfv3_hello_interval']}
ipv6 ospf6 dead-interval {anycast_config['ospfv3_dead_interval']}
ipv6 ospf6 network broadcast
!
router ospf6
router-id {server_ip}
area {anycast_config['ospfv3_area']} range {anycast_config['ospfv3_range']}
interface eth0 area {anycast_config['ospfv3_area']}
!
line vty
' > /etc/quagga/ospf6d.conf
chown quagga:quagga /etc/quagga/ospf6d.conf
chmod 644 /etc/quagga/ospf6d.conf
echo '# etc/quagga/daemons generated by Gateway NFV plug-in
# in practice, ospf6d setting is ignored by PSM
zebra=yes
ripd=no
ospfd=yes
bgpd=no
ospf6d=yes
isisd=no
ripngd=no
' > /etc/quagga/daemons
mkdir -p /etc/systemd/system/zebra.service.wants/
ln -sf /lib/systemd/system/ospf6d.service /etc/systemd/system/zebra.service.wants/
"""
output, error = run_ssh_cmd(server_ip, username, password, cmd)
g.user.logger.debug('BDDS %s executed command output: %s' %
(server_ip, output + error))
else:
list_ipv4 = ','.join(anycast_config['anycast_ipv4'])
cmd = 'anycast set anycast-ipv4=' + list_ipv4 + ' component=common vtysh-enable=1'
g.user.logger.debug(f'Setting anycast : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = f"anycast set area={anycast_config['ospf_area']} authenticate={anycast_config['ospf_authenticate']}\
component=ospfd dead-interval={anycast_config['ospf_dead_interval']} enabled=1 \
hello-interval={anycast_config['ospf_hello_interval']} password={process_password.decrypt_password(anycast_config['ospf_password'])} \
stub={anycast_config['ospf_stub']}"
g.user.logger.debug(f'Setting OSPF : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
elif anycast_config['anycast_protocol'] == 'bgp':
list_ipv4 = ','.join(anycast_config['anycast_ipv4'])
list_ipv6 = ','.join(anycast_config['anycast_ipv6'])
cmd = 'anycast set anycast-ipv4=' + list_ipv4 + ' anycast-ipv6=' + \
list_ipv6 + ' component=common vtysh-enable=1'
g.user.logger.debug(f'Setting anycast : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
if anycast_config['prefix_lists']:
prefix_lists = []
for item in anycast_config['prefix_lists']:
if item['type'] not in prefix_lists:
prefix_lists.append(item['type'])
prefix_lists = ','.join(prefix_lists)
cmd = f"anycast set asn={anycast_config['bgp_local_asn']} authenticate={anycast_config['bgp_command_line_interface']} \
password={process_password.decrypt_password(anycast_config['bgp_telnet_password'])} keepalive={anycast_config['bgp_keepalive_time']} \
holdtime={anycast_config['bgp_hold_time']} neighbors-ipv4={anycast_config['bgp_ipv4_address']} component=bgpd \
enabled=1 prefix-lists={prefix_lists} neighbors-ipv6={anycast_config['bgp_ipv6_address']}"
else:
cmd = f"anycast set asn={anycast_config['bgp_local_asn']} authenticate={anycast_config['bgp_command_line_interface']} \
password={process_password.decrypt_password(anycast_config['bgp_telnet_password'])} keepalive={anycast_config['bgp_keepalive_time']} \
holdtime={anycast_config['bgp_hold_time']} neighbors-ipv4={anycast_config['bgp_ipv4_address']} component=bgpd \
enabled=1 neighbors-ipv6={anycast_config['bgp_ipv6_address']}"
g.user.logger.debug(f'Setting BGP : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = f"anycast set asn={anycast_config['bgp_remote_asn_in_ipv4']} neighbor-ipv4={anycast_config['bgp_ipv4_address']} \
ebgp-multihop={anycast_config['bgp_ipv4_hop_limit']} next-hop-self={anycast_config['bgp_next_hop_self_ipv4']} \
component=bgpd password={process_password.decrypt_password(anycast_config['bgp_md5_ipv4'])}"
g.user.logger.debug(f'Continue Setting BGP : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = f"anycast set asn={anycast_config['bgp_remote_asn_in_ipv6']} neighbor-ipv6={anycast_config['bgp_ipv6_address']} \
ebgp-multihop={anycast_config['bgp_ipv6_hop_limit']} next-hop-self={anycast_config['bgp_next_hop_self_ipv6']} \
component=bgpd password={process_password.decrypt_password(anycast_config['bgp_md5_ipv6'])}"
run_psmclient_cmd(server_ip, username, password, cmd)
if anycast_config['prefix_lists']:
for item in anycast_config['prefix_lists']:
cmd = f"anycast set component=bgpd action={item['action']} network={item['network']} prefix-list={item['type']} seq=5"
g.user.logger.debug(f'Setting : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
elif anycast_config['anycast_protocol'] == 'rip':
list_ipv4 = ','.join(anycast_config['anycast_ipv4'])
cmd = 'anycast set anycast-ipv4=' + list_ipv4 + ' component=common vtysh-enable=1'
g.user.logger.debug(f'Setting anycast : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = f"anycast set authenticate={anycast_config['rip_authenticate']} component=ripd \
password={process_password.decrypt_password(anycast_config['rip_password'])} enabled=1"
g.user.logger.debug(f'Setting RIP : {cmd}')
run_psmclient_cmd(server_ip, username, password, cmd)
cmd = 'node set anycast-enable=1'
run_psmclient_cmd(server_ip, username, password, cmd)