def CreateCustomerSlash56(description):
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMv6subnets = ipam.get('/subnets/432/first_subnet/56/')
# Das neue Netz wird angelegt
IPAMvlans = ipam.post('/subnets/432/first_subnet/56/',
{'description': description})
searchstring = '/subnets/cidr/' + IPAMv6subnets + '/'
v6Info = ipam.get(searchstring, {
'filter_by': 'sectionId',
'filter_value': 2,
})
v6Info = json.dumps(v6Info[0])
v6Info = json.loads(v6Info)
bluev6Id = v6Info['id']
return bluev6Id
def CreateExternVlan(vlanid, name, description, customcb3, customl3):
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipamurl = config.get('IPAM', 'url')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url=ipamurl,
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.post(
'/vlan/', {
'domainId': 3,
'name': name,
'number': vlanid,
'description': description,
'custom_CB3': customcb3,
'custom_L3': customl3,
'custom_VRF': 'Extern'
})
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'domainId',
'filter_value': 3,
})
for IPAMVlan in IPAMvlans:
current = int(IPAMVlan['number'])
if current == vlanid:
ipamid = IPAMVlan['vlanId']
return ipamid
def CLIGreen(bluevlanID):
"""Erstellen CLI fuer Fortimanager
Args:
bluevlanID (int): IPAM Vlan ID
cust (str): customer123 Bezeichnung
Returns:
str: Fortigate CLI fuer Blue
"""
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'vlanId',
'filter_value': bluevlanID,
})
intblue = IPAMvlans[0]['number']
return cfgblue
def get_ipam_subnets(username, password, server):
username = username
appcode = password
ipam = PhpIpamClient(
url=server,
app_id=username,
username=username,
password=appcode,
user_agent='snmpscanner', # custom user-agent header
ssl_verify=False)
all_subnets = list()
sections = ipam.get('/sections/')
for section in sections:
id = section["id"]
subnets = ""
try:
subnets = ipam.get(f"/sections/{id}/subnets")
except:
pass
for subnet in subnets:
net = subnetobj()
net.section_id = id
net.subnet_id = subnet["id"]
net.network = subnet["subnet"]
net.netmask = subnet["mask"]
net.name = subnet["description"]
net.ips = get_subnet_addresses(net, username, password, server)
all_subnets.append(net)
return all_subnets
def FortiRoutev4(bluevlanID, cust):
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'vlanId',
'filter_value': bluevlanID,
})
intblue = IPAMvlans[0]['number']
nummer = cust.replace('customer', '')
querystring = "/vlan/" + bluevlanID + "/subnets/"
blue = ipam.get(querystring)
for b in blue:
idb = b['id']
querystring = "/subnets/" + idb + "/addresses/"
bb = ipam.get(querystring)
for add in bb:
if add['hostname'] == 'AnycastGateway':
test = ipaddress.ip_address(add['ip'])
if isinstance(test, ipaddress.IPv4Address):
blueipv4 = add['ip']
if isinstance(test, ipaddress.IPv6Address):
blueipv6 = add['ip']
cfgblue = """
edit 0
set dst 185.213.35.0 255.255.255.0
set gateway %s
set device "cust%s_blue1"
next
""" % (blueipv4, nummer)
cfgblue2 = """
edit 0
set dst 100.64.247.0 255.255.255.0
set gateway %s
set device "cust%s_blue1"
next
""" % (blueipv4, nummer)
cfgblue = cfgblue + cfgblue2
return cfgblue
def NextFreeVlan(minimum, maximum):
"""[summary]
Args:
minimum (int): Freies VLAN suchen groesser als
maximum (int): Freies VLAN suchen kleiner als
Returns:
int: Freie VLAN Nummer
"""
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipamurl = config.get('IPAM', 'url')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url=ipamurl,
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'domainId',
'filter_value': 3,
})
networks = []
for IPAMVlan in IPAMvlans:
if int(IPAMVlan['number']) > minimum and int(
IPAMVlan['number']) < 4000:
networks.append(int(IPAMVlan['number']))
# Sortieren
networks = sorted(networks)
bluevlan = 0
# Lücke finden
last = minimum
for network in networks:
if network > minimum and network < 4000:
if (last + 1) == network:
last = network
elif (last + 1) != network:
bluevlan = last + 1
if bluevlan == 0:
return None
return bluevlan
def CreateNewSection(name, cust):
"""Erstellen neuer Section in Ipam
Args:
name (str): Kunden Name (z. B. Dokumental)
cust (str): Firewall vdom Name (z. B. customer023)
Returns:
str: Returnt neue Section id
"""
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
secname = name + " IPv4"
secdesc = cust + '_' + name
IPAMvlans = ipam.post(
'/sections/', {
'name': secname,
'description': secdesc,
'masterSection': '4',
'permissions': '{"2":"2","3":"1","4":"3"}',
'strictMode': '1',
'subnetOrdering': 'default',
'order': None,
'showVLAN': '1',
'showVRF': '1',
'showSupernetOnly': '1',
'DNS': None
})
searchstring = "/sections/"
sectionid = ipam.get(searchstring, {
'filter_by': 'name',
'filter_value': secname,
})
return sectionid[0]['id']
def handler(context, inputs):
global logging
setup_logger()
cert = None
try:
auth_credentials = get_auth_credentials(context, inputs)
username = auth_credentials["privateKeyId"]
password = auth_credentials["privateKey"]
#cert = get_cert(inputs)
phpIPAMProperties = get_properties(inputs)
appId = phpIPAMProperties["phpIPAM.appId"]
from phpipam_client import PhpIpamClient, GET, PATCH
logging.info("Preparing phpIPAM connection")
ipam = PhpIpamClient(
url=inputs["endpoint"]["endpointProperties"]["hostName"],
app_id=appId,
username=username,
password=password,
user_agent='vra-ipam', # custom user-agent header
)
for addressInfo in inputs["addressInfos"]:
updateIp(addressInfo, ipam)
except Exception as e:
logging.error(f"Unexpected error: {str(e)}")
return build_error_response("5000", str(e))
finally:
if cert is not None and type(cert) is str:
os.unlink(cert)
def CreateServiceVlan(vlanid, name, description):
"""[summary]
Args:
vlanid (int): VLAN ID
name (str): customer123 customer ID
description (str): Kunden Name
Returns:
[type]: [description]
"""
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipamurl = config.get('IPAM', 'url')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url=ipamurl,
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.post(
'/vlan/', {
'domainId': 3,
'name': name,
'number': vlanid,
'description': description,
'custom_CB3': 1,
'custom_L3': 1,
'custom_VRF': 'Service'
})
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'domainId',
'filter_value': 3,
})
for IPAMVlan in IPAMvlans:
current = int(IPAMVlan['number'])
if current == vlanid:
ipamid = IPAMVlan['vlanId']
return ipamid
def get_subnet_addresses(subnetobj, username, password, server):
username = username
appcode = password
ipam = PhpIpamClient(
url=server,
app_id=username,
username=username,
password=appcode,
user_agent='snmpscanner', # custom user-agent header
ssl_verify=False)
ips = list()
addresses = list()
try:
addresses = ipam.get(f"/subnets/{subnetobj.subnet_id}/addresses/")
except:
pass
for address in addresses:
ips.append(address["ip"])
return ips
def NewGreenSubnet():
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
for start in range(75, 100):
searchstring = "/subnets/search/10.113." + str(start) + ".0/24/"
bluev6Info = ipam.get(searchstring)
if bluev6Info == 0:
return start
def CreateRedSubnetv6(vlanid, description):
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMv6subnets = ipam.get('/subnets/915/first_subnet/64/')
v6subnet = IPAMv6subnets.split("/")
# Das neue Netz wird angelegt
IPAMvlans = ipam.post('/subnets/915/first_subnet/64/', {
'description': description,
'vlanId': vlanid
})
# Wir suchen uns die ID des Netzwerks
searchstring = '/subnets/cidr/' + IPAMv6subnets + '/'
bluev6Info = ipam.get(searchstring, {
'filter_by': 'sectionId',
'filter_value': 2,
})
bluev6Info = json.dumps(bluev6Info[0])
bluev6Info = json.loads(bluev6Info)
bluev6Id = bluev6Info['id']
searchstring = '/addresses/first_free/' + bluev6Id + '/'
IPAMvlans = ipam.post(searchstring, {
'description': 'NA',
'hostname': 'NA'
})
searchstring = '/addresses/first_free/' + bluev6Id + '/'
IPAMvlans = ipam.post(
searchstring, {
'description': 'AnycastGateway',
'hostname': 'AnycastGateway',
'deviceId': 83
})
searchstring = '/addresses/first_free/' + bluev6Id + '/'
IPAMvlans = ipam.post(searchstring, {
'description': 'Fortigate',
'hostname': 'Fortigate',
'deviceId': 84
})
return bluev6Id
def CreateGreenSubnetv4(vlanid, network, description):
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
subnet = "10.113." + str(network) + ".0"
IPAMsubnets = "10.113." + str(network) + ".0/24"
IPAMvlans = ipam.post(
'/subnets/', {
'subnet': subnet,
'mask': 24,
'sectionId': '1',
'description': description,
'vlanId': vlanid
})
searchstring = '/subnets/cidr/' + IPAMsubnets + '/'
redv4Info = ipam.get(searchstring, {
'filter_by': 'sectionId',
'filter_value': 1,
})
netid = redv4Info[0]['id']
searchstring = '/addresses/first_free/' + netid + '/'
IPAMvlans = ipam.post(searchstring, {
'description': 'Fortigate',
'hostname': 'Fortigate',
'deviceId': 84
})
return netid
def DCNML3VLAN(vrf, vlanid, description):
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
bluevlanID = vlanid
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'vlanId',
'filter_value': bluevlanID,
})
intblue = IPAMvlans[0]['number']
querystring = "/vlan/" + bluevlanID + "/subnets/"
blue = ipam.get(querystring)
for b in blue:
idb = b['id']
querystring = "/subnets/" + idb + "/addresses/"
bb = ipam.get(querystring)
for add in bb:
if add['hostname'] == 'AnycastGateway':
test = ipaddress.ip_address(add['ip'])
if isinstance(test, ipaddress.IPv4Address):
v4ip = add['ip'] + "/" + b['mask']
if isinstance(test, ipaddress.IPv6Address):
v6ip = add['ip'] + "/" + b['mask']
scriptstring = "& python c:/Temp/Git/Cisco/DCNM/new-l3vlan.py --v %s --i %s --n %s --a %s --b %s" % (
vrf, intblue, description, v4ip, v6ip)
return scriptstring
def create_address(ip, subnetId, username, password, server):
result = ""
username = username
appcode = password
ipam = PhpIpamClient(
url=server,
app_id=username,
username=username,
password=appcode,
user_agent='snmpscanner', # custom user-agent header
ssl_verify=False)
# read objecs
try:
ipam.post(f"/addresses/?subnetId={subnetId}&ip={ip}", {
'description': 'Added via SNMP',
'excludePing': 1
})
result = f"Created IP Address {ip} in subnet {subnetId}"
except phpipam_client.client.PhpIpamException as e:
if "IP address already exists" in str(e):
result = "IP Already Exists"
return result
async def List_all_subnet(self, url, username, password, app, api):
print("1")
import sys
print("2")
import warnings
print("3")
if not sys.warnoptions:
warnings.simplefilter("ignore")
from phpipam_client import PhpIpamClient
ipam = PhpIpamClient(
ssl_verify=False,
url=url,
app_id=app,
username=username,
password=password,
token=api,
user_agent='Splunk_lookup',
)
subnet = ipam.get('/subnets/')
info = []
for line in subnet:
if (isinstance(line['location'], list) or not line['location']):
location = 'N/A'
else:
location = line['location']["name"]
info.append([
line['subnet'],
str(line['mask']),
str(line['vlanId']),
str(line['description']),
str(location)
])
return info[0][0]
def ForcepointNew(customerID, kuerzel, vlanidorange, customerslash56):
namelang = customerID + "-" + kuerzel
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
querystring = "/vlan/" + vlanidorange + "/subnets/"
blue = ipam.get(querystring)
for b in blue:
idb = b['id']
querystring = "/subnets/" + idb + "/addresses/"
bb = ipam.get(querystring)
for add in bb:
if add['hostname'] == 'Fortigate':
test = ipaddress.ip_address(add['ip'])
if isinstance(test, ipaddress.IPv4Address):
v4iporange = add['ip']
if isinstance(test, ipaddress.IPv6Address):
v6iorange = add['ip']
querystring = "/subnets/" + customerslash56 + "/"
blue = ipam.get(querystring)
v6customer = blue['subnet'] + "/" + blue['mask']
scriptstring = "& python c:/Temp/Git/Forcepoint/new-customer.py --c %s --n %s --p %s" % (
namelang, v4iporange, v6customer)
return scriptstring
def handler(context, inputs):
global logging
setup_logger()
cert = None
try:
auth_credentials = get_auth_credentials(context, inputs)
username = auth_credentials["privateKeyId"]
password = auth_credentials["privateKey"]
#cert = get_cert(inputs)
phpIPAMProperties = get_properties(inputs)
appId = phpIPAMProperties["phpIPAM.appId"]
from phpipam_client import PhpIpamClient, GET, PATCH
logging.info("Preparing phpIPAM connection")
ipam = PhpIpamClient(
url=inputs["endpoint"]["endpointProperties"]["hostName"],
app_id=appId,
username=username,
password=password,
user_agent='vra-ipam', # custom user-agent header
)
allocation_result = []
try:
resource = inputs["resourceInfo"]
for allocation in inputs["ipAllocations"]:
allocation_result.append(
allocate(resource, allocation, context, inputs["endpoint"],
ipam))
except Exception as e:
try:
rollback(allocation_result, ipam)
except Exception as rollback_e:
logging.error(
f"Error during rollback of allocation result {str(allocation_result)}"
)
logging.error(rollback_e)
return build_error_response("5000", str(e))
assert len(allocation_result) > 0
return {"ipAllocations": allocation_result}
except Exception as e:
logging.error(f"Unexpected error: {str(e)}")
return build_error_response("5000", str(e))
finally:
if cert is not None and type(cert) is str:
os.unlink(cert)
def CreateRedSubnetv4(vlanid, description):
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMsubnets = ipam.get('/subnets/921/first_subnet/31/')
subnet = IPAMsubnets.split("/")
IPAMvlans = ipam.post(
'/subnets/', {
'subnet': subnet[0],
'mask': subnet[1],
'sectionId': '1',
'description': description,
'masterSubnetId': 921,
'vlanId': vlanid
})
searchstring = '/subnets/cidr/' + IPAMsubnets + '/'
redv4Info = ipam.get(searchstring, {
'filter_by': 'sectionId',
'filter_value': 1,
})
netid = redv4Info[0]['id']
searchstring = '/addresses/first_free/' + netid + '/'
IPAMvlans = ipam.post(
searchstring, {
'description': 'AnycastGateway',
'hostname': 'AnycastGateway',
'deviceId': 83
})
IPAMvlans = ipam.post(searchstring, {
'description': 'Fortigate',
'hostname': 'Fortigate',
'deviceId': 84
})
return netid
dcnmvrf = DCNMget(uri2, auth.serverip, token)
empty = ""
folder = os.path.join(os.environ['USERPROFILE'], "Script-Settings")
from configparser import ConfigParser
config = ConfigParser()
folder = folder.replace("\\", "/")
folder = folder + "/settings.ini"
config.read(folder)
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'domainId',
'filter_value': 3,
})
#{'vlanId': '2230', 'domainId': '3', 'name': 'DOP-LAB-DOP-INTERN', 'number': '844', 'description': None,
# 'editDate': None, 'customer_id': None, 'custom_vni': '1', 'custom_CB3': '1', 'custom_L3': '0', 'custom_VRF': None}
#
# Aus DCNM holen und in Class Object verwandeln
for dvrf in dcnmvrf:
sheet_name='IPv6')
max = len(ipv6data.index)
for x in range(0, max):
#print(ipv4data.iloc[x])
routesv6.append(
v6Route(x, ipv6data['IP_PREFIX'][x], ipv6data['NEXT_HOP_IP'][x],
ipv6data['VRF_NAME'][x], ipv6data['RNAME'][x],
ipv6data['TAG'][x]))
switches = []
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=dcnmuser,
ssl_verify=False,
password=dcnmpassword,
user_agent='myapiclient', # custom user-agent header
)
# Alle VLANs aus dem IPAM holen
FabIXN = ipam.get('/devices/', {
'filter_by': 'custom_Fabric',
'filter_value': 'DOP-FAB-DEIXN001',
})
FabCYO = ipam.get('/devices/', {
'filter_by': 'custom_Fabric',
'filter_value': 'DOP-FAB-DECYO001',
})
# Array um die Switche aufzunehmen
FabIXN = json.dumps(FabIXN)
idred = 0
idgreen = 0
idorange = 0
cfgbase = """
config vdom
edit %s
config system interface
""" % (cust)
# IPAM Abfragen und IP Informationen ziehen
# ipam Konfiguration
ipam = PhpIpamClient(
url=ipamurl,
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'domainId',
'filter_value': 3,
})
for IPAMVlan in IPAMvlans:
if int(IPAMVlan['number']) == intblue:
idblue = IPAMVlan['vlanId']
#if int(IPAMVlan['number']) == intgreen:
# idgreen = IPAMVlan['vlanId']
#if int(IPAMVlan['number']) == intred:
config.read('C:/Temp/Git/Cisco/DCNM/settings.ini')
dcnmuser = config.get('DCNM', 'dcnmuser')
dcnmpassword = config.get('DCNM', 'dcnmpassword')
dcnmserver = config.get('DCNM', 'dcnmserver')
url = config.get('IPAM', 'url')
switches = []
routesv4 = []
routesv6 = []
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=dcnmuser,
ssl_verify=False,
password=dcnmpassword,
user_agent='myapiclient', # custom user-agent header
)
"""
# Alle Devices aus dem IPAM holen
FabIXN = ipam.get('/devices/', {
'filter_by': 'custom_Fabric',
'filter_value': 'DOP-FAB-DEIXN001',
})
FabCYO = ipam.get('/devices/', {
'filter_by': 'custom_Fabric',
'filter_value': 'DOP-FAB-DECYO001',
})
# Array um die Devices aufzunehmen
FabIXN = json.dumps(FabIXN)
netzliste = []
# Get Token
token = getRestToken(auth.username, auth.password, auth.serverip)
networks = DCNMget(uri, auth.serverip, token)
empty = ""
ipamsettings = IPAMSetup()
ipam = PhpIpamClient(
url=ipamsettings.url,
app_id='network',
username=ipamsettings.ipamuser,
ssl_verify=False,
password=ipamsettings.ipampassword,
user_agent='myapiclient', # custom user-agent header
)
#IPAMvlans = ipam.patch('/vlan/2503', {
# 'name': 'FID_SDWorx_HB',
# 'custom_vni': '12345',
# 'custom_VRF': 'Boller',
# 'custom_CB3': '1',
# 'custom_L3': '1',
#})
#{'id': '30', 'hostname': 'DOP-SWL-DECYO004', 'ip': '10.110.126.16', 'type': '1', 'description': None, 'sections': '1;2',
# 'snmp_community': None, 'snmp_version': '0', 'snmp_port': '161', 'snmp_timeout': '1000', 'snmp_queries': None, 'snmp_v3_sec_level': 'none',
# 'snmp_v3_auth_protocol': 'none', 'snmp_v3_auth_pass': None, 'snmp_v3_priv_protocol': 'none', 'snmp_v3_priv_pass': None, 'snmp_v3_ctx_name': None,
# 'snmp_v3_ctx_engine_id': None, 'rack': '8', 'rack_start': '1', 'rack_size': '1', 'location': '1', 'editDate': '2021-12-20 08:47:06',
DIR_NET_LIST = '/opt/jobs/networks_list'
LOG_FILE_DIR = '/opt/jobs/mail_as.log'
LOG_LEVEL = logging.DEBUG
list_subnet = []
r = redis.StrictRedis(host="127.0.0.1",
charset="utf-8",
decode_responses=True,
port=6379,
db=0)
# API IPAM
ipam = PhpIpamClient(
url='http://10.3.1.2:8008',
app_id='app',
token='TOKEN',
username='******',
password='******',
encryption=False,
)
logging.basicConfig(level=LOG_LEVEL,
filename=LOG_FILE_DIR,
format='%(asctime)s:%(lineno)d - %(message)s')
# FIM
def get_redis(arg1):
ip_addr = str("ixdc_" + arg1 + "_flow_dump")
results = r.get(ip_addr)
return results
config.read('C:/Temp/Git/Cisco/DCNM/settings.ini')
dcnmuser = config.get('DCNM', 'dcnmuser')
dcnmpassword = config.get('DCNM', 'dcnmpassword')
dcnmserver = config.get('DCNM', 'dcnmserver')
######
# DCNM Token abholen
# token = getRestToken(dcnmuser, dcnmpassword, dcnmserver)
# ipam Konfiguration
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=dcnmuser,
ssl_verify=False,
password=dcnmpassword,
user_agent='myapiclient', # custom user-agent header
)
beginn = 3708
ende = 3800
for x in range(beginn, ende):
IPAMvlans = ipam.post(
'/vlan/', {
'domainId': 57,
'name': 'PLATZHALTER-DMZ',
'number': x,
'description': 'PLATZHALTER-DMZ'
})
def CLIRed(bluevlanID, cust):
"""Erstellen CLI fuer Fortimanager
Args:
bluevlanID (int): IPAM Vlan ID
cust (str): customer123 Bezeichnung
Returns:
str: Fortigate CLI fuer Blue
"""
config = ConfigParser()
config.read('C:/Temp/Git/Fortinet/Fortigate/settings.ini')
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'vlanId',
'filter_value': bluevlanID,
})
intblue = IPAMvlans[0]['number']
nummer = cust.replace('customer', '')
querystring = "/vlan/" + bluevlanID + "/subnets/"
blue = ipam.get(querystring)
for b in blue:
idb = b['id']
querystring = "/subnets/" + idb + "/addresses/"
bb = ipam.get(querystring)
for add in bb:
if add['hostname'] == 'Fortigate':
test = ipaddress.ip_address(add['ip'])
if isinstance(test, ipaddress.IPv4Address):
blueipv4 = add['ip'] + "/" + b['mask']
if isinstance(test, ipaddress.IPv6Address):
blueipv6 = add['ip'] + "/" + b['mask']
cfgred = """
edit "cust%s_red1"
set alias "cust%s_red-Extern"
set vdom "%s"
set status down
set ip %s
set allowaccess ping
config ipv6
set ip6-address %s
set ip6-allowaccess ping
end
set interface "Port-Channel13"
set vlanid %s
next
""" % (nummer, nummer, cust, blueipv4, blueipv6, intblue)
return cfgred
def handler(context, inputs):
global logging
setup_logger()
cert = None
try:
auth_credentials = get_auth_credentials(context, inputs)
username = auth_credentials["privateKeyId"]
password = auth_credentials["privateKey"]
phpIPAMProperties = get_properties(inputs)
appId = phpIPAMProperties["phpIPAM.appId"]
# cert = get_cert(inputs)
from phpipam_client import PhpIpamClient, GET, PATCH
logging.info("Preparing phpIPAM connection")
ipam = PhpIpamClient(
url=inputs["endpoint"]["endpointProperties"]["hostName"],
app_id=appId,
username=username,
password=password,
user_agent='vra-ipam', # custom user-agent header
)
sectionId = getSectionId(phpIPAMProperties["phpIPAM.sectionName"],
ipam)
# sectionId = "3"
subnets = ipam.get('/sections/' + sectionId + '/subnets')
ipRanges = []
for subnet in subnets:
if (subnet["allowRequests"] is "1"):
subnetPrefixLength = subnet["mask"]
cidr = subnet["subnet"] + "/" + subnetPrefixLength
network = ipaddress.IPv4Network(cidr)
startIpAddress = ipam.get('/subnets/' + subnet["id"] +
'/first_free/')
endIpAddress = str(network[-2])
# Build ipRange Object
ipRange = {}
ipRange["id"] = subnet["id"]
ipRange["name"] = cidr
ipRange["description"] = subnet["description"]
ipRange["startIPAddress"] = startIpAddress
ipRange["endIPAddress"] = endIpAddress
ipRange["ipVersion"] = 'IPv4'
if "gatewayId" in subnet:
gatewayIp = ipam.get("/addresses/" + subnet["gatewayId"] +
"/")
ipRange["gatewayAddress"] = gatewayIp["ip"]
if "nameservers" in subnet:
ipRange["dnsServerAddresses"] = subnet["nameservers"][
"namesrv1"].split(';')
ipRange["subnetPrefixLength"] = subnetPrefixLength
#ipRange["addressSpaceId"] = addressSpaceId
ipRange["domain"] = phpIPAMProperties["phpIPAM.domain"]
#ipRange["dnsSearchDomains"] = None
#ipRange["properties"] = None
#ipRange["tags"] = None
#logging.info(subnet["id"], cidr, subnet["description"], startIpAddress, endIpAddress, 'IPv4', addressSpaceId, gatewayAddress, subnetPrefixLength, dnsServerAddresses)
ipRanges.append(ipRange)
#logging.info(ipRanges)
result = {"ipRanges": ipRanges}
return result
except Exception as e:
return build_error_response("5000", str(e))
finally:
if cert is not None and type(cert) is str:
os.unlink(cert)
config.read('C:/Temp/Git/Cisco/DCNM/settings.ini')
dcnmuser = config.get('DCNM', 'dcnmuser')
dcnmpassword = config.get('DCNM', 'dcnmpassword')
dcnmserver = config.get('DCNM', 'dcnmserver')
######
# DCNM Token abholen
token = getRestToken(dcnmuser, dcnmpassword, dcnmserver)
# ipam Konfiguration
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=dcnmuser,
ssl_verify=False,
password=dcnmpassword,
user_agent='myapiclient', # custom user-agent header
)
# Ipam Abfrage definieren und auslösen
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'domainId',
'filter_value': 3,
})
# Abgefragte Daten aus IPAM verarbeitbar machen
IPAMvlans = json.dumps(IPAMvlans)
IPAMvlans = json.loads(IPAMvlans)
count = 0
ipamuser = config.get('IPAM', 'ipamuser')
ipampassword = config.get('IPAM', 'ipampassword')
ipamserver = config.get('IPAM', 'url')
######
servicename = customerName + '-Transfer-Service'
externname = customerName + '-Transfer-Extern'
# DCNM Token abholen
# token = getRestToken(dcnmuser, dcnmpassword, dcnmserver)
# ipam Konfiguration
ipam = PhpIpamClient(
url='https://ipam.consinto.com',
app_id='network',
username=ipamuser,
ssl_verify=False,
password=ipampassword,
user_agent='myapiclient', # custom user-agent header
)
# BLUE
# Blue braucht ein VLAN im Bereich 3000 - 3499
# Alle VLANs aus dem IPAM holen
IPAMvlans = ipam.get('/vlan/', {
'filter_by': 'domainId',
'filter_value': 3,
})
# Liste bauen der VLAN Nummern
for IPAMVlan in IPAMvlans: