def del_worker_me(master_prim, node_name):
# (1) remove node with k8s_delete_node ms / primary master
k8s_delete_node_data = {
"object_id": "123",
"node_name": node_name,
}
k8s_delete_node_ms = {"k8s_delete_node": {"123": k8s_delete_node_data}}
order = Order(master_prim)
order.command_execute('CREATE', k8s_delete_node_ms, timeout=300)
backup_id = me['id']
# (1) kubeadm init on master first
# stub here - actually k8s master nodes should be selected according to the user input
k8s_kubeadm_init_data = {
"object_id": "123",
"lb_ip": list(context['vms'][2].values())[0]['internal'],
"lb_port": "6443",
}
k8s_kubeadm_init_ms = {"k8s_kubeadm_init": {"123": k8s_kubeadm_init_data}}
Orchestration.update_asynchronous_task_details(*async_update_list,
f'k8s-node-1: Provisioning')
try:
order = Order(str(master_id))
order.command_execute('CREATE', k8s_kubeadm_init_ms, timeout=400)
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
Orchestration.update_asynchronous_task_details(
*async_update_list, f'Master Initiated: k8s-node-1')
# (2) get params from master first
# k8s_get_token
k8s_get_token = {'k8s_get_token': {'': {'object_id': 'kubeamd'}}}
try:
order = Order(str(master_id))
order.command_execute('IMPORT', k8s_get_token)
data_1 = json.loads(order.content)
data_1 = json.loads(data_1['message'])
"object_id": "123",
"k8s_m_1_ip": list(context['vms'][0].values())[0]['internal'],
"k8s_m_2_ip": list(context['vms'][1].values())[0]['internal'],
}
k8s_ha_proxy_ms = {"k8s_ha_proxy": {"123": k8s_ha_proxy_data}}
# (2) get short ME id
me_id = context['proxy_host'][3:]
# (3) install package on certain me
Orchestration.update_asynchronous_task_details(
*async_update_list,
f'haproxy installation: {Device(device_id=me_id).name}')
try:
order = Order(me_id)
order.command_execute('CREATE', k8s_package_management_ms, timeout=300)
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
time.sleep(10)
# (4) configure and start proxy
try:
order = Order(me_id)
order.command_execute('CREATE', k8s_ha_proxy_ms)
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
ret = MSA_API.process_content('ENDED', f'Loadbalancer prepared.', context,
True)
print(ret)
context = Variables.task_call(dev_var)
# read the ID of the selected managed entity
device_id = context['device']
# extract the database ID
devicelongid = device_id[-3:]
# build the Microservice JSON params for the CREATE
micro_service_vars_array = {
"playbook_path":
"/opt/playbooks/linux_firewall_creation.yml",
"extra_vars":
"\"dport=" + context['dst_port'] + " ip=" + context['src_ip'] + "\""
}
playbook = {"AnsiblePlaybook": {"": micro_service_vars_array}}
# call the CREATE for simple_firewall MS for each device
order = Order(devicelongid)
order.command_execute('CREATE', playbook)
# convert dict object into json
content = json.loads(order.content)
order.command_synchronize(10)
# check if the response is OK
print(
order.process_content(
'ENDED', 'STATUS: {content["status"]}, \
MESSAGE: {content["message"]}', context,
True))
"vpn": "true",
"application_control": "true",
"ips": "true",
"content_awareness": "true",
"url_filtering": "true",
"anti_virus": "true",
"anti_bot": "true",
"anti_spam": "true",
"threat_emulation": "true",
"threat_extraction": "true"
}
gateway = {"Gateway": {object_id: micro_service_vars_array}}
# call the CREATE for simple_firewall MS for each device
order = Order(devicelongid)
order.command_execute('CREATE', gateway)
# convert dict object into json
content = json.loads(order.content)
# check if the response is OK
if order.response.ok:
# ret = MSA_API.process_content('ENDED',
# f'STATUS: {content["status"]}, \
# MESSAGE: {content["message"]}',
# context, True)
ret = MSA_API.process_content(
'ENDED', f'STATUS: {content["status"]}, \
MESSAGE: Gateway {object_id}', context,
True)
else:
order.command_objects_instances_by_id('k8_pods_list', pod_name)
response = json.loads(order.content)
return response['k8_pods_list'][pod_name]['namespace']
if __name__ == "__main__":
# remove metrics pods
info_message('Removing service pods...')
for device in device_id_list:
d_name = Device(device_id=device).name
info_message(f'Removing service pods: {d_name}...')
order = Order(device)
# syncronize first
k8_pods_list = {'k8_pods_list': {'': {}}}
order.command_execute('IMPORT', k8_pods_list)
order.command_objects_instances('k8_pods_list')
pods_list = json.loads(order.content)
for pod in pods_list:
if get_pod_ns(pod) == context['service_namespace']:
info_message(f'Removing service pods: {d_name} {pod}...')
order.command_execute('DELETE', {'k8_pods_list': pod})
# remove all applications from user_namespace
info_message(f'Removing user apps: {target_device_name}...')
order = Order(target_device_id)
# syncronize first
k8_pods_list = {'k8_pods_list': {'': {}}}
order.command_execute('IMPORT', k8_pods_list)
order.command_objects_instances('k8_pods_list')
ms_instances = json.loads(order.content)
from msa_sdk.variables import Variables
from msa_sdk.msa_api import MSA_API
from msa_sdk.order import Order
dev_var = Variables()
dev_var.add('id', var_type='Integer')
dev_var.add('device_id', var_type='Device')
context = Variables.task_call(dev_var)
short_device_id = context['device_id'][-3:]
context['short_device_id'] = short_device_id
ms_sdwan_ipsec_start = {context['id']: {"object_id": context['id']}}
context['ms_sdwan_ipsec_start'] = ms_sdwan_ipsec_start
try:
order = Order(context['short_device_id'])
order.command_execute('CREATE',
{"sdwan_ipsec_start": ms_sdwan_ipsec_start})
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
ret = MSA_API.process_content('ENDED', f'Take IPsec control.', context, True)
print(ret)
device_id = context['k8s_api'][3:]
k8_pods_list = {'k8_pods_list': {'': {'object_id': ''}}}
try:
Orchestration.update_asynchronous_task_details(*async_update_list,
f'Sync in progress...')
order = Order(str(device_id))
order.command_synchronize(timeout=60)
Orchestration.update_asynchronous_task_details(*async_update_list,
f'Syncronized.')
time.sleep(2)
Orchestration.update_asynchronous_task_details(*async_update_list,
f'Check in progress...')
order.command_execute('IMPORT', k8_pods_list)
data = json.loads(order.content)
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
if 'message' in data.keys():
container_list = json.loads(data['message'])['k8_pods_list'].keys()
else:
container_list = []
if 'nginx' in container_list:
Orchestration.update_asynchronous_task_details(
*async_update_list, f'Undefined resource found: nginx')
context['wf_name'] = 'WARNING'
ret = MSA_API.process_content('WARNING',
context, True)
print(ret)
exit()
except HTTPError as http_err:
ret = MSA_API.process_content('WARNING',
f'HTTP error occured: {http_err}',
context, True)
print(ret)
exit()
k8s_create_service_account_2 = {'k8s_create_service_account': {'0':{'object_id': 'token'}}}
try:
order = Order(str(context['master_id']))
order.command_synchronize(timeout=60)
time.sleep(2)
order.command_execute('IMPORT', k8s_create_service_account_2)
data_5 = json.loads(order.content)
data_5 = json.loads(data_5['message'])
except Exception as e:
ret = MSA_API.process_content('FAILED',
f'ERROR: {str(e)}',
context, True)
print(ret)
if 'token' in data_5['k8s_create_service_account'].keys():
k8s_token = data_5['k8s_create_service_account']['token']['token']
else:
ret = MSA_API.process_content('WARNING',
f'Token not found: {k8s_token}',
context, True)
print(ret)
from msa_sdk.variables import Variables
from msa_sdk.msa_api import MSA_API
from msa_sdk.order import Order
dev_var = Variables()
context = Variables.task_call()
try:
order = Order(context['short_device_id'])
order.command_execute(
'DELETE', {"sdwan_ipsec_start": context['ms_sdwan_ipsec_start']})
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
ret = MSA_API.process_content('ENDED', f'Take IPsec control.', context, True)
print(ret)
import json
from msa_sdk.variables import Variables
from msa_sdk.msa_api import MSA_API
from msa_sdk.order import Order
context = Variables.task_call()
device_id_list = context["device_id_list"]
device_ip_list = context["device_ip_list"]
ms_vars_dict_list = context["ms_vars_dict_list"]
metrics = {}
for device in device_id_list.values():
device_metrics = []
for ip in device_ip_list.values():
order = Order(device)
order.command_execute('IMPORT', {'k8s_log': {'':{'pod_name':ip.replace(".","-")}}})
data = json.loads(order.content.decode())
# strip unnecessary fields
device_metrics.append(json.loads(data['message']))
metrics[device] = device_metrics
context['metrics'] = metrics
ret = MSA_API.process_content('ENDED', f'Metrics collected', context, True)
print(ret)
from msa_sdk.variables import Variables
from msa_sdk.msa_api import MSA_API
from msa_sdk.order import Order
dev_var = Variables()
context = Variables.task_call()
# (2) secrets
try:
order = Order(context["left_device_id"])
order.command_execute("CREATE", context["sdwan_ipsec_secret_left"])
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
try:
order = Order(context["right_device_id"])
order.command_execute('CREATE', context["sdwan_ipsec_secret_right"])
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
ret = MSA_API.process_content('ENDED', f'Secrets Created.', context, True)
print(ret)
# extract the database ID
devicelongid = device_id[-3:]
# build the Microservice JSON params for the CREATE
micro_service_vars_array = {"object_id": context['id'],
"src_ip": context['src_ip'],
"dst_port": context['dst_port']
}
object_id = context['id']
simple_firewall = {"simple_firewall": {object_id: micro_service_vars_array}}
# call the CREATE for simple_firewall MS for each device
order = Order(devicelongid)
order.command_execute('CREATE', simple_firewall)
# convert dict object into json
content = json.loads(order.content)
# check if the response is OK
if order.response.ok:
if 'rules' in context.keys():
num = len(context['rules'])
else:
context['rules'] = {}
num = 0
context['rules'][num] = {}
context['rules'][num]['delete'] = False
pod_name + \
'/' + \
'log'
}
}
}
return logs_ms_data
if __name__ == "__main__":
metrics = {}
info_message('Collecting metrics from devices...')
for device in device_id_list:
d_name = Device(device_id=device).name
info_message(f'Collecting metrics from devices: {d_name}...')
device_metrics = []
for ip in device_ip_list:
order = Order(device)
order.command_execute('IMPORT', get_logs_ms(ip.replace(".","-")))
data = json.loads(order.content)
# strip unnecessary fields
# device_metrics.append(json.loads(data['message']))
device_metrics.append(data)
metrics[device] = device_metrics
info_message(f'Collecting metrics from devices: {d_name} done.')
ret = MSA_API.process_content('ENDED', f'Metrics collected.', context, True)
print(ret)
from msa_sdk.variables import Variables
from msa_sdk.msa_api import MSA_API
from msa_sdk.order import Order
dev_var = Variables()
context = Variables.task_call()
# (4) cryptomap
try:
order = Order(context["left_device_id"])
order.command_execute("CREATE",
context["sdwan_ipsec_conf_crypto_map_left"])
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
try:
order = Order(context["right_device_id"])
order.command_execute('CREATE',
context["sdwan_ipsec_conf_crypto_map_right"])
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
ret = MSA_API.process_content('ENDED', f'IPsec Crypto_map Created.', context,
True)
print(ret)
from msa_sdk.variables import Variables
from msa_sdk.msa_api import MSA_API
from msa_sdk.order import Order
dev_var = Variables()
context = Variables.task_call()
# left device cleanup
try:
order = Order(context["left_device_id"])
order.command_execute("DELETE", {"sdwan_loopback": context['id']})
order.command_execute("DELETE", {"sdwan_ipsec_secret": context['id']})
order.command_execute("DELETE", {"sdwan_ipsec_conf": context['id']})
order.command_execute("DELETE",
{"sdwan_ipsec_conf_cryptomap": context['id']})
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
# right device cleanup
try:
order = Order(context["right_device_id"])
order.command_execute("DELETE", {"sdwan_loopback": context['id']})
order.command_execute("DELETE", {"sdwan_ipsec_secret": context['id']})
order.command_execute("DELETE", {"sdwan_ipsec_conf": context['id']})
order.command_execute("DELETE",
{"sdwan_ipsec_conf_cryptomap": context['id']})
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
#Remove IP addresses from CE-PE links
Orchestration.update_asynchronous_task_details(*async_update_list,
'Configuring CE device... ')
for interface, connection in ce_connections.items():
#Create oreder object for PE
pe_order_list.append(Order(connection['neighbour']['device_id']))
response = pe_order_list[-1].command_synchronize(300)
Orchestration.update_asynchronous_task_details(
*async_update_list,
'Configuring CE device... Clean up IP address on link toward {}... '.
format(connection['neighbour']['device']))
#Clean up IP address on CE link
ms_dict = {ms_router_interface: {interface: {'object_id': interface}}}
CeOrderObject.command_execute('UPDATE', ms_dict)
Orchestration.update_asynchronous_task_details(
*async_update_list,
'Configuring CE device... Clean up IP address on link toward {}... OK'.
format(connection['neighbour']['device']))
CeOrderObject.command_synchronize(300)
Orchestration.update_asynchronous_task_details(
*async_update_list,
'Configuring CE device... Clean up IP address on CE device internal link... '
)
#Configure IP address on CE internal interface
ms_dict = {
ms_router_interface: {
ce_internal_interface_name: {
'object_id': ce_internal_interface_name
except Exception as e:
ret = MSA_API.process_content('FAILED',
f'ERROR: {str(e)}',
context, True)
print(ret)
Orchestration.update_asynchronous_task_details(*async_update_list,
f'Master Initiated: k8s-node-1')
'''
# (2) get params from master first
# k8s_get_token
k8s_get_token = {'k8s_get_token': {'': {'object_id': 'kubeamd'}}}
try:
order = Order(str(master_id))
order.command_execute('IMPORT', k8s_get_token)
data_1 = json.loads(order.content)
data_1 = json.loads(data_1['message'])
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
Orchestration.update_asynchronous_task_details(*async_update_list,
f'k8s-node-1: Token retrieved')
# k8s_get_key
k8s_get_key = {'k8s_get_key': {'': {'object_id': ''}}}
try:
order = Order(str(master_id))
order.command_execute('IMPORT', k8s_get_key)
data_2 = json.loads(order.content)
device_list = search.content
device_list = json.loads(device_list)
worker_id_list = []
master = context['vm_name'] + '-1'
backup = context['vm_name'] + '-2'
# add all vms that are not k8s masters to the list
for me in device_list:
if me['name'] != (master and backup):
worker_id_list.append(me['id'])
# (4) kubeadm loop on workers
Orchestration.update_asynchronous_task_details(*async_update_list,
f'Worker nodes processing...')
for me in worker_id_list:
try:
order = Order(str(me))
order.command_execute('CREATE',
context['k8s_join_worker'],
timeout=300)
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context,
True)
print(ret)
Orchestration.update_asynchronous_task_details(*async_update_list,
f'Worker Initiated: {me}')
ret = MSA_API.process_content('ENDED', 'K8S cluster ready - Enjoy!', context,
True)
print(ret)
device_id = context['device']
object_id = context['gateway']
profile = context['profile']
# extract the database ID
devicelongid = device_id[3:]
# build the Microservice JSON params for IMPORT
#{"Gateway":"0"}
#micro_service_vars_array = {"object_id":object_id}
gateway = {"Gateway": "0"}
# call the CREATE for simple_firewall MS for each device
order = Order(devicelongid)
order.command_execute('IMPORT', gateway)
# convert dict object into json
content = json.loads(order.content)
# check if the response is OK
if order.response.ok:
ret = MSA_API.process_content(
'ENDED', f'STATUS: {content["status"]}, \
MESSAGE: {profile} activated on {object_id}',
context, True)
else:
ret = MSA_API.process_content(
'FAILED', f'Import failed \
- {order.content}', context, True)
from msa_sdk.variables import Variables
from msa_sdk.msa_api import MSA_API
from msa_sdk.order import Order
dev_var = Variables()
context = Variables.task_call()
# (1) loopback
try:
'''check if loopback already exists'''
# order = Order(left_device_id)
# order.command_execute('IMPORT', {"sdwan_loopback": context["id"]})
order = Order(context["left_device_id"])
order.command_execute("CREATE", context["sdwan_loopback_left"])
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
try:
order = Order(context["right_device_id"])
order.command_execute('CREATE', context["sdwan_loopback_right"])
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context, True)
print(ret)
ret = MSA_API.process_content('ENDED', f'Loopbacks Created.', context, True)
print(ret)
context['site_asn'] = site_asn
#Update ASN for site in IPAM
site_object = IpamOrderObject.command_objects_instances_by_id(
ms_ipam_site, site)[ms_ipam_site][site]
ms_dict = {
ms_ipam_site: {
site: {
'object_id': site,
'asn': site_asn,
'slug': site_object['slug'],
'status': site_object['status']
}
}
}
IpamOrderObject.command_execute('UPDATE', ms_dict)
Orchestration.update_asynchronous_task_details(
*async_update_list, 'Retrieve AS number for the site... OK')
time.sleep(3)
#Retrieve info about connected device
Orchestration.update_asynchronous_task_details(
*async_update_list, 'Retrieve info about connected device... ')
ce_connections = dict()
objects_list = IpamOrderObject.command_objects_instances(
ms_interface_connection)
for connection in objects_list:
connection_object = IpamOrderObject.command_objects_instances_by_id(
ms_interface_connection,
connection)[ms_interface_connection][connection]
print(ret)
exit()
# (1) prepare data for k8s_pre_requirements microservice
k8s_pre_requirements_data = {"object_id": "123"}
k8s_pre_requirements_ms = {
"k8s_pre_requirements": {
"123": k8s_pre_requirements_data
}
}
device_list = context['vm_id_list_new']
# deploy required packages
for me in device_list:
Orchestration.update_asynchronous_task_details(
*async_update_list, f'k8s software installation: \
{Device(device_id=me).name}'
)
try:
order = Order(me)
order.command_execute('CREATE', k8s_pre_requirements_ms, timeout=300)
except Exception as e:
ret = MSA_API.process_content('FAILED', f'ERROR: {str(e)}', context,
True)
print(ret)
ret = MSA_API.process_content('ENDED',
f'K8S software installed on {device_list}.',
context, True)
print(ret)
"application_control": "true",
"ips": "true",
"content_awareness": "true",
"url_filtering": "true",
"anti_virus": "true",
"anti_bot": "true",
"anti_spam": "true",
"threat_emulation": "true",
"threat_extraction": "true"
}
gateway = {"Gateway": {object_id: micro_service_vars_array}}
# call the CREATE for simple_firewall MS for each device
order = Order(devicelongid)
order.command_execute('UPDATE', gateway)
# convert dict object into json
content = json.loads(order.content)
# check if the response is OK
if order.response.ok:
ret = MSA_API.process_content(
'ENDED', f'STATUS: {content["status"]}, \
MESSAGE: Profile {profile}', context, True)
else:
ret = MSA_API.process_content(
'FAILED', f'Gateway update failed \
- {order.content}', context, True)
print(ret)