예제 #1
0
    def convert_ns_service(self, ns_service, ns_servers, ns_dns):
        """
        This function defines that convert netscalar backend servers of service
        :param ns_service: Object of service
        :param ns_servers: List of servers are to be bind to service
        :param ns_dns: List of dns add rec
        :return: Return the servers
        """

        attrs = ns_service.get('attrs')
        server = ns_servers.get(attrs[1])
        if not server:
            return []
        ns_add_server_command = 'add server'
        status = ns_util.get_conv_status(
            server, self.nsservice_server_skip, [], [],
            user_ignore_val=self.nsservice_server_user_ignore)
        ns_add_server_complete_command = \
            ns_util.get_netscalar_full_command(ns_add_server_command, server)
        ip_addr = server['attrs'][1]
        enabled = True
        state = server.get('state', 'ENABLED')
        if not state == 'ENABLED':
            enabled = False
        port = attrs[3]
        if port in ("*", "0"):
            port = "1"
        ip_addr = str(ip_addr).lower()
        if ip_addr in ns_dns:
            if isinstance(ns_dns[ip_addr], list):
                ip_addr = ns_dns[ip_addr][0]['attrs'][1]
            elif isinstance(ns_dns[ip_addr], dict):
                ip_addr = ns_dns[ip_addr]['attrs'][1]

        matches = re.findall('[0-9]+.[[0-9]+.[0-9]+.[0-9]+', ip_addr)
        if not matches:
            # Skipped this server if it does not have an Ip
            ns_util.add_status_row(
                server['line_no'], ns_add_server_command, server['attrs'][0],
                ns_add_server_complete_command, STATUS_INCOMPLETE_CONFIGURATION)
            LOG.warning('Not found IP of server : %s' %
                        ns_add_server_complete_command)
            return []
        server_obj = {
            'ip': {
                'addr': ip_addr,
                'type': 'V4'
            },
            'port': port,
            'enabled': enabled
        }
        # Successful this server if it has an IP
        ns_util.add_conv_status(
            server['line_no'], ns_add_server_command, server['attrs'][0],
            ns_add_server_complete_command, status, server_obj)
        return server_obj
예제 #2
0
    def convert(self, monitor_config, input_dir=''):
        """
        This functions defines that convert health monitor
        :param ns_config: Dict of netscalar commands
        :param avi_config: Dict of AVI
        :param input_dir: Input dir for command_code
        :param tenant_ref: Tenant
        :param cloud_ref: Cloud ref
        :return: None
        """
        netscalar_command = 'add lb monitor'
        LOG.debug("Conversion started for Health Monitors")
        supported_types = ['PING', 'TCP', 'HTTP', 'DNS', 'USER', 'HTTP-ECV']

        ns_monitor_complete_command = \
            ns_util.get_netscalar_full_command(netscalar_command,
                                               monitor_config)
        ns_monitor_type = monitor_config['attrs'][1]
        name = monitor_config['attrs'][0]
        if ns_monitor_type not in supported_types:
            # Skipped health monitor if type is not supported
            ns_util.add_status_row(monitor_config['line_no'],
                                   netscalar_command, name,
                                   ns_monitor_complete_command,
                                   STATUS_EXTERNAL_MONITOR)
            LOG.warning('Monitor type %s not supported skipped:%s' %
                        (ns_monitor_type, name))
            return
        gslb_monitor = self.convert_monitor(monitor_config, input_dir,
                                            netscalar_command,
                                            ns_monitor_complete_command)
        if not gslb_monitor:
            return
        # Add summery of this lb vs in CSV/report
        conv_status = ns_util.get_conv_status(
            monitor_config,
            self.monitor_skip_attrs,
            self.monitor_na_attrs,
            self.monitor_indirect_list,
            ignore_for_val=self.monitor_ignore_vals)
        ns_util.add_conv_status(monitor_config['line_no'], netscalar_command,
                                name, ns_monitor_complete_command, conv_status,
                                gslb_monitor)
        # avi_config['HealthMonitor'].append(avi_monitor)
        LOG.debug("Health monitor conversion completed : %s" % name)
        return gslb_monitor
예제 #3
0
    def convert(self, monitor_config, input_dir=''):
        """
        This functions defines that convert health monitor
        :param ns_config: Dict of netscalar commands
        :param avi_config: Dict of AVI
        :param input_dir: Input dir for command_code
        :param tenant_ref: Tenant
        :param cloud_ref: Cloud ref
        :return: None
        """
        netscalar_command = 'add lb monitor'
        LOG.debug("Conversion started for Health Monitors")
        supported_types = ['PING', 'TCP', 'HTTP', 'DNS', 'USER', 'HTTP-ECV']

        ns_monitor_complete_command = \
            ns_util.get_netscalar_full_command(netscalar_command,
                                               monitor_config)
        ns_monitor_type = monitor_config['attrs'][1]
        name = monitor_config['attrs'][0]
        if ns_monitor_type not in supported_types:
            # Skipped health monitor if type is not supported
            ns_util.add_status_row(monitor_config['line_no'], netscalar_command,
                                   name, ns_monitor_complete_command,
                                   STATUS_EXTERNAL_MONITOR)
            LOG.warning('Monitor type %s not supported skipped:%s' %
                     (ns_monitor_type, name))
            return
        gslb_monitor = self.convert_monitor(monitor_config, input_dir,
                                           netscalar_command,
                                           ns_monitor_complete_command)
        if not gslb_monitor:
            return
        # Add summery of this lb vs in CSV/report
        conv_status = ns_util.get_conv_status(
            monitor_config, self.monitor_skip_attrs, self.monitor_na_attrs,
            self.monitor_indirect_list,
            ignore_for_val=self.monitor_ignore_vals)
        ns_util.add_conv_status(monitor_config['line_no'], netscalar_command,
                                name, ns_monitor_complete_command,
                                conv_status, gslb_monitor)
        # avi_config['HealthMonitor'].append(avi_monitor)
        LOG.debug("Health monitor conversion completed : %s" % name)
        return gslb_monitor
예제 #4
0
    def convert(self, ns_config, avi_config, input_dir):
        """
        This functions defines that convert health monitor
        :param ns_config: Dict of netscalar commands
        :param avi_config: Dict of AVI
        :param input_dir: Input dir for command_code
        :return: None
        """
        netscalar_command = 'add lb monitor'
        LOG.debug("Conversion started for Health Monitors")
        ns_monitors = ns_config.get('add lb monitor', {})
        for name in ns_monitors.keys():
            ns_monitor = ns_monitors.get(name)
            ns_monitor_complete_command = \
                ns_util.get_netscalar_full_command(netscalar_command,
                                                   ns_monitor)
            ns_monitor_type = ns_monitor['attrs'][1]
            if ns_monitor_type not in self.ns_monitor_types_supported:
                # Skipped health monitor if type is not supported
                avi_monitor = self.convert_monitor(
                    ns_monitor, input_dir, netscalar_command,
                    ns_monitor_complete_command)
                if not avi_monitor:
                    continue

                avi_monitor['name'] = '%s-%s' % (avi_monitor['name'], 'dummy')
                avi_monitor["type"] = "HEALTH_MONITOR_EXTERNAL"
                ext_monitor = {
                    "command_code": "",
                }
                avi_monitor["external_monitor"] = ext_monitor
                avi_config['HealthMonitor'].append(avi_monitor)
                ns_util.add_status_row(ns_monitor['line_no'],
                                       netscalar_command, name,
                                       ns_monitor_complete_command,
                                       STATUS_EXTERNAL_MONITOR)
                LOG.warning('Monitor type %s not supported created dummy '
                            'external monitor:%s' % (ns_monitor_type, name))
                continue
            avi_monitor = self.convert_monitor(ns_monitor, input_dir,
                                               netscalar_command,
                                               ns_monitor_complete_command)
            if not avi_monitor:
                continue
            # Add summery of this lb vs in CSV/report
            conv_status = ns_util.get_conv_status(
                ns_monitor,
                self.monitor_skip_attrs,
                self.monitor_na_attrs,
                self.monitor_indirect_list,
                ignore_for_val=self.monitor_ignore_vals,
                user_ignore_val=self.user_ignore)
            ns_util.add_conv_status(ns_monitor['line_no'], netscalar_command,
                                    name, ns_monitor_complete_command,
                                    conv_status, avi_monitor)
            if self.object_merge_check:
                # Check health monitor is duplicate of other
                # health monitor then skipped this health
                # monitor and increment of count of
                # monitor_merge_count
                dup_of = ns_util.update_skip_duplicates(
                    avi_monitor, avi_config['HealthMonitor'], 'health_monitor',
                    merge_object_mapping, avi_monitor['name'], ns_monitor_type,
                    self.prefix)
                if dup_of:
                    self.monitor_merge_count += 1
                else:
                    avi_config['HealthMonitor'].append(avi_monitor)
            else:
                avi_config['HealthMonitor'].append(avi_monitor)
            LOG.debug("Health monitor conversion completed : %s" % name)
예제 #5
0
    def convert_monitor(self, ns_monitor, input_dir, netscalar_command,
                        ns_monitor_complete_command):
        """
        This functions defines that convert netscalar health monitor to AVI
        health monitor object
        :param ns_monitor: Object of health monitor
        :param input_dir: Input dir for command_code
        :param netscalar_command: Netscalar command for XL sheet status
        :param ns_monitor_complete_command: Full command for XL sheet status
        :return: health monitor object
        """

        avi_monitor = dict()
        try:
            mon_name = ns_monitor['attrs'][0]
            # Added prefix for objects
            if self.prefix:
                mon_name = self.prefix + '-' + mon_name
            LOG.debug('Conversion started for monitor %s' % mon_name)
            avi_monitor["name"] = str(mon_name).strip().replace(" ", "_")
            avi_monitor["tenant_ref"] = self.tenant_ref
            avi_monitor["receive_timeout"] = ns_monitor.get('resptimeout', 2)
            avi_monitor["failed_checks"] = ns_monitor.get('failureRetries', 3)
            interval = ns_monitor.get('interval', '5')
            if 'MIN' in interval.upper():
                match_obj = re.findall('[0-9]+',
                                       ns_monitor.get('interval', '5'))
                interval = int(match_obj[0]) * 60
            avi_monitor["send_interval"] = str(interval)
            if ns_monitor.get('destPort'):
                avi_monitor['monitor_port'] = ns_monitor.get('destPort')
            avi_monitor["successful_checks"] = ns_monitor.get(
                'successRetries', 1)

            mon_type = ns_monitor['attrs'][1]

            if mon_type == 'PING':
                avi_monitor["type"] = "HEALTH_MONITOR_PING"
            elif mon_type == 'TCP':
                avi_monitor["type"] = "HEALTH_MONITOR_TCP"
            elif mon_type == 'TCP-ECV':
                avi_monitor["type"] = "HEALTH_MONITOR_TCP"
                send = ns_monitor.get("send", None)
                if send:
                    send = send.replace('"', '')
                response = ns_monitor.get('recv', None)
                if response:
                    response = response.replace('"', '')
                avi_monitor["tcp_monitor"] = {
                    "tcp_request": send,
                    "tcp_response": response,
                    "tcp_half_open": False
                }
            elif mon_type == 'HTTP':
                avi_monitor["type"] = "HEALTH_MONITOR_HTTP"
                send = ns_monitor.get('httpRequest', None)
                if send:
                    send = send.replace('"', '')
                resp_code = ns_monitor.get('respCode', None)
                if resp_code:
                    resp_code = ns_util.get_avi_resp_code(resp_code)
                avi_monitor["http_monitor"] = {
                    "http_request": send,
                    "http_response_code": resp_code
                }
            elif mon_type == 'HTTP-ECV':
                avi_monitor["type"] = "HEALTH_MONITOR_HTTP"
                send = ns_monitor.get("send", None)
                if send:
                    send = send.replace('"', '')
                response = ns_monitor.get('recv', None)
                if response:
                    response = response.replace('"', '')
                avi_monitor["http_monitor"] = {
                    "http_request": send,
                    "http_response_code": ["HTTP_ANY"],
                    "http_response": response
                }
            elif mon_type == 'DNS':
                avi_monitor["type"] = "HEALTH_MONITOR_DNS"
            elif mon_type == 'USER':
                avi_monitor["type"] = "HEALTH_MONITOR_EXTERNAL"
                file_name = ns_monitor.get('scriptName')
                cmd_code = ns_util.upload_file(input_dir + os.path.sep +
                                               file_name)
                if not cmd_code:
                    skipped_status = 'File not found %s : %s' % \
                                     (input_dir + os.path.sep + file_name,
                                      ns_monitor_complete_command)
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(ns_monitor['line_no'],
                                           netscalar_command,
                                           avi_monitor["name"],
                                           ns_monitor_complete_command,
                                           STATUS_MISSING_FILE, skipped_status)
                    return None
                ext_monitor = {
                    "command_code": cmd_code,
                    "command_parameters": ns_monitor.get("scriptArgs", None)
                }
                avi_monitor["external_monitor"] = ext_monitor

            LOG.debug('Successfully converted monitor %s' % mon_name)
        except:
            LOG.error('Error converting monitor %s', exc_info=True)
        return avi_monitor
예제 #6
0
    def convert(self, ns_config, avi_config, vs_state):
        """
        This function defines that it convert netscalar cs vs config to vs
        config of AVI
        :param ns_config: It is dict of all netscalar commands which are
        supported by AVI
        :param avi_config: It is dict of AVI output config
        :param vs_state: state of vs
        :return: None
        """
        policy_converter = PolicyConverter(
            self.tenant_name, self.cloud_name, self.tenant_ref, self.cloud_ref,
            self.csvs_bind_skipped, self.csvs_na_attrs, self.csvs_ignore_vals,
            self.csvs_bind_user_ignore, self.prefix)
        cs_vs_conf = ns_config.get('add cs vserver', {})
        bindings = ns_config.get('bind cs vserver', {})
        lbvs_avi_conf = avi_config['VirtualService']
        lb_vs_mapped = []
        cs_vs_list = []
        avi_config['StringGroup'] = []
        avi_config['VirtualService'] = ns_util.remove_duplicate_objects(
            'VirtualService', avi_config['VirtualService'])
        for cs_vs_index, key in enumerate(cs_vs_conf):
            LOG.debug("Context Switch VS conversion started for: %s" % key)
            lbvs_bindings = []
            cs_vs = cs_vs_conf[key]
            ns_add_cs_vserver_command = 'add cs vserver'
            ns_add_cs_vserver_complete_command = \
                ns_util.get_netscalar_full_command(ns_add_cs_vserver_command,
                                                   cs_vs)
            # Skipped this CS VS if it has type which are not supported
            if not cs_vs['attrs'][1] in self.csvs_supported_types:
                skipped_status = 'Skipped:Unsupported type %s of Context ' \
                                 'switch VS: %s' % (cs_vs['attrs'][1], key)
                LOG.warning(skipped_status)
                ns_util.add_status_row(cs_vs['line_no'],
                                       ns_add_cs_vserver_command, key,
                                       ns_add_cs_vserver_complete_command,
                                       STATUS_SKIPPED, skipped_status)
                continue
            tt = cs_vs.get('targetType', None)
            if tt and tt == 'GSLB':
                skipped_status = 'Skipped:Unsupported target type %s of ' \
                                 'Context switch VS: %s' % (cs_vs['attrs'][1],
                                                            key)
                LOG.warning(skipped_status)
                # Skipped this CS VS if targetType is GSLB
                ns_util.add_status_row(cs_vs['line_no'],
                                       ns_add_cs_vserver_command,
                                       key, ns_add_cs_vserver_complete_command,
                                       STATUS_SKIPPED, skipped_status)
            vs_name = cs_vs['attrs'][0]
            ip_addr = cs_vs['attrs'][2]
            port = cs_vs['attrs'][3]

            enable_ssl = False
            if vs_state == 'enable':
                enabled = (cs_vs.get('state', 'ENABLED') == 'ENABLED')
            else:
                enabled = False

            if cs_vs['attrs'][1] == 'SSL':
                enable_ssl = True
            updated_vs_name = re.sub('[:]', '-', vs_name)
            # Added prefix for objects
            if self.prefix:
                updated_vs_name = self.prefix + '-' + updated_vs_name
            # Regex to check Vs has IPV6 address if yes the Skipped
            if re.findall(ns_constants.IPV6_Address, ip_addr) \
                    or ip_addr == '0.0.0.0':
                skipped_status = "Skipped:Invalid VIP %s" \
                                 % ns_add_cs_vserver_command
                LOG.warning(skipped_status)
                ns_util.add_status_row(
                    cs_vs['line_no'], ns_add_cs_vserver_command,
                    key, ns_add_cs_vserver_complete_command, STATUS_SKIPPED,
                    skipped_status)
                continue

            # VIP object for virtual service
            vip = {
                'ip_address': {
                    'addr': ip_addr,
                    'type': 'V4'
                },
                'vip_id': 0
            }
            vs_obj = {
                'name': updated_vs_name,
                'tenant_ref': self.tenant_ref,
                'cloud_ref': self.cloud_ref,
                'type': 'VS_TYPE_NORMAL',
                'enabled': enabled,
                'services': []
            }
            if parse_version(self.controller_version) >= parse_version('17.1'):
                vs_obj['vip'] = [vip]
            else:
                vs_obj['ip_address'] = vip['ip_address']

            service = {'port': port, 'enable_ssl': enable_ssl}
            if port in ("0", "*"):
                service['port'] = "1"
                service['port_range_end'] = "65535"
            vs_obj['services'].append(service)

            http_prof = cs_vs.get('httpProfileName', None)
            if http_prof:
                # Added prefix for objects
                if self.prefix:
                    http_prof = self.prefix + '-' + http_prof
                # Get the merge application profile name
                if self.object_merge_check:
                    http_prof = merge_object_mapping['app_profile'].get(
                        http_prof, http_prof)
                if ns_util.object_exist('ApplicationProfile', http_prof,
                                        avi_config):
                    LOG.info('Conversion successful: Added application profile '
                             '%s for %s' % (http_prof, updated_vs_name))
                    http_prof_ref = \
                        ns_util.get_object_ref(http_prof,
                                               OBJECT_TYPE_APPLICATION_PROFILE,
                                               self.tenant_name)
                    vs_obj['application_profile_ref'] = http_prof_ref
                    clttimeout = cs_vs.get('cltTimeout', None)
                    if clttimeout:
                        ns_util.add_clttimeout_for_http_profile(http_prof,
                                                                avi_config,
                                                                clttimeout)
                        clt_cmd = ns_add_cs_vserver_command + ' cltTimeout %s' \
                                                              % clttimeout
                        LOG.info('Conversion successful : %s' % clt_cmd)
                else:
                    LOG.warning("%s application profile doesn't exist for "
                                "%s vs" % (http_prof, updated_vs_name))
            ntwk_prof = cs_vs.get('tcpProfileName', None)
            if ntwk_prof:
                # Added prefix for objects
                if self.prefix:
                    ntwk_prof = self.prefix + '-' + ntwk_prof
                # Get the merge network profile name
                if self.object_merge_check:
                    ntwk_prof = merge_object_mapping['network_profile'].get(
                        ntwk_prof, ntwk_prof)
                if ns_util.object_exist('NetworkProfile', ntwk_prof,
                                        avi_config):
                    LOG.info('Conversion successful: Added network profile %s '
                             'for %s' % (ntwk_prof, updated_vs_name))
                    ntwk_prof_ref = \
                        ns_util.get_object_ref(ntwk_prof,
                                               OBJECT_TYPE_NETWORK_PROFILE,
                                               self.tenant_name)
                    vs_obj['network_profile_ref'] = ntwk_prof_ref
                else:
                    vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                        'System-TCP-Proxy', 'networkprofile', tenant='admin')
                    LOG.error('Error: Not found Network profile %s for %s' %
                              (ntwk_prof, updated_vs_name))

            if not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS':
                vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                    'System-DNS', 'applicationprofile', tenant='admin')
                vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                    'System-UDP-Per-Pkt', 'networkprofile', tenant='admin')
            elif not http_prof and (cs_vs['attrs'][1]).upper() == 'UDP':
                vs_obj[
                    'application_profile_ref'] = ns_util.get_object_ref(
                    'System-L4-Application', 'applicationprofile',
                    tenant='admin')
                vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                    'System-UDP-Fast-Path', 'networkprofile', tenant='admin')
            elif not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS_TCP':
                vs_obj[
                    'application_profile_ref'] = ns_util.get_object_ref(
                    'System-L4-Application', 'applicationprofile',
                    tenant='admin')
                vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                    'System-TCP-Proxy', 'networkprofile', tenant='admin')
            elif not http_prof and (cs_vs['attrs'][1]).upper() == 'SSL':
                vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                    'System-Secure-HTTP', 'applicationprofile',
                    tenant='admin')
            bind_conf_list = bindings.get(vs_name, None)
            if not bind_conf_list:
                continue
            if isinstance(bind_conf_list, dict):
                bind_conf_list = [bind_conf_list]
            default_pool_group = None
            lb_vserver_bind_conf = None

            if enable_ssl:
                ssl_mappings = ns_config.get('bind ssl vserver', {})
                ssl_bindings = ssl_mappings.get(key, [])
                if isinstance(ssl_bindings, dict):
                    ssl_bindings = [ssl_bindings]
                for mapping in ssl_bindings:
                    if 'CA' in mapping:
                        pki_ref = mapping['attrs'][0]
                        # Added prefix for objects
                        if self.prefix:
                            pki_ref = self.prefix + '-' + pki_ref
                        if self.object_merge_check:
                            pki_ref = merge_object_mapping[
                                'pki_profile'].get(pki_ref)
                        if [pki_profile for pki_profile in
                            avi_config["PKIProfile"] if
                            pki_profile['name'] == pki_ref]:
                            pki_ref = \
                                ns_util.get_object_ref(pki_ref,
                                                       OBJECT_TYPE_PKI_PROFILE,
                                                       self.tenant_name)
                            app_profile_with_pki_profile = \
                                ns_util.update_application_profile(
                                    http_prof, pki_ref, self.tenant_ref,
                                    updated_vs_name, avi_config)
                            app_profile_name = \
                                app_profile_with_pki_profile['name']
                            # Get the merge application profile name
                            if self.object_merge_check:
                                dup_of = ns_util.update_skip_duplicates(
                                    app_profile_with_pki_profile, avi_config[
                                    'ApplicationProfile'], 'app_profile',
                                    merge_object_mapping, app_profile_name,
                                    'HTTP', self.prefix)
                                if dup_of:
                                    app_merge_count['count'] += 1
                                    app_profile_name = \
                                        merge_object_mapping['app_profile'].get(
                                            app_profile_name)
                                else:
                                    avi_config["ApplicationProfile"].append(
                                        app_profile_with_pki_profile)
                            else:
                                avi_config["ApplicationProfile"].append(
                                    app_profile_with_pki_profile)
                            app_profile_with_pki_profile_ref = \
                                ns_util.get_object_ref(app_profile_name,
                                    OBJECT_TYPE_APPLICATION_PROFILE,
                                    self.tenant_name)
                            vs_obj['application_profile_ref'] = \
                                app_profile_with_pki_profile_ref
                            LOG.info(
                                'Added: %s PKI profile %s' % (pki_ref, key))
                    elif 'certkeyName' in mapping:
                        avi_ssl_ref = 'ssl_key_and_certificate_refs'
                        ckname = mapping['certkeyName']
                        # Added prefix for objects
                        if self.prefix:
                            ckname = self.prefix + '-' + ckname
                        if [obj for obj in avi_config['SSLKeyAndCertificate']
                            if obj['name'] == ckname]:
                            updated_ssl_ref = \
                                ns_util.get_object_ref(ckname,
                                    OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                    self.tenant_name)
                            vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                        elif [obj for obj in avi_config['SSLKeyAndCertificate']
                              if obj['name'] == ckname + '-dummy']:
                            updated_ssl_ref = \
                                ns_util.get_object_ref(ckname + '-dummy',
                                    OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                    self.tenant_name)
                            vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                        else:
                            LOG.warning(
                                'Could not find ssl key cert, so adding '
                                'default cert as system default insted')
                            vs_obj[avi_ssl_ref] = [ns_util.get_object_ref(
                                'System-Default-Cert', 'sslkeyandcertificate',
                                'admin')]
                            continue

                        vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                ssl_vs_mapping = ns_config.get('set ssl vserver', {})
                mapping = ssl_vs_mapping.get(key, None)
                ssl_profile_name = re.sub('[:]', '-', key)
                # Added prefix for objects
                if self.prefix:
                    ssl_profile_name = self.prefix + '-' + ssl_profile_name
                # Get the merge ssl profile name
                if self.object_merge_check:
                    ssl_profile_name = merge_object_mapping['ssl_profile'].get(
                        ssl_profile_name, None)
                if mapping and [ssl_profile for ssl_profile in
                                avi_config["SSLProfile"] if
                                ssl_profile['name'] == ssl_profile_name]:
                    updated_ssl_profile_ref = ns_util.get_object_ref(
                        ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
                        self.tenant_name)
                    # Changed ssl profile name to ssl profile ref.
                    vs_obj['ssl_profile_ref'] = updated_ssl_profile_ref
                    LOG.debug('Added: %s SSL profile %s' % (key, key))

            for bind_conf in bind_conf_list:
                if 'lbvserver' in bind_conf:
                    lbvs_bindings.append(bind_conf['lbvserver'])
                    default_pool_group = bind_conf['lbvserver']
                    lb_vserver_bind_conf = bind_conf

            LOG.debug("CS VS %s context switch between lb vs: %s" %
                      (key, lbvs_bindings))

            case_sensitive = False \
                if cs_vs.get('caseSensitive', '') == 'OFF' else True
            # Convert netscalar policy to AVI http policy set
            policy = policy_converter.convert(
                bind_conf_list, ns_config, avi_config, tmp_used_pool_group_ref,
                redirect_pools, 'bind cs vserver', case_sensitive)

            for binding in lbvs_bindings:
                if self.prefix:
                    binding = '%s-%s' % (self.prefix, binding)
                lb_vs_obj = [obj for obj in lbvs_avi_conf
                             if obj['name'] == binding]

                if lb_vs_obj:
                    lb_vs_obj = lb_vs_obj[0]
                    lb_vs_mapped.append(lb_vs_obj)
                    lb_vs_obj = copy.deepcopy(lb_vs_obj)
                    lb_vs_obj.update(vs_obj)
                    vs_obj = lb_vs_obj
                else:
                    policy_vs = [obj for obj in avi_config['Lbvs']
                                 if binding in obj and obj[binding].get(
                            'redirect_url', None)]
                    if policy_vs:
                        redirect_rule = {
                            'index': 999,
                            'redirect_action': {
                                'keep_query': True,
                                'status_code': "HTTP_REDIRECT_STATUS_CODE_302",
                                'host': {
                                    'tokens': [{
                                        'str_value': policy_vs[0][
                                            binding]['redirect_url'],
                                        'type': "URI_TOKEN_TYPE_HOST",
                                        'start_index': 0,
                                        'end_index': 65535
                                    }],
                                    'type': "URI_PARAM_TYPE_TOKENIZED"
                                },
                                'protocol': "HTTPS",
                                'port': 443
                            },
                            'enable': True,
                            "name": '%s-default-redirect' % updated_vs_name
                        }
                        if policy and policy.get('http_request_policy', None):
                            policy['http_request_policy']['rules'].append(
                                redirect_rule)
                        elif policy:
                            policy['http_request_policy']['rules'] = [
                                redirect_rule]
                        else:
                            policy ={
                                'name': "vs-%s-HTTP-Policy-Set"
                                        % updated_vs_name,
                                'tenant_ref': self.tenant_ref,
                                'http_request_policy': {
                                    'rules': [redirect_rule]
                                },
                                'is_internal_policy': False
                            }
                        ns_util.update_status_target_lb_vs_to_indirect(binding)
                    else:
                        continue
            vs_obj.pop('pool_group_ref', None)

            # TODO move duplicate code for adding policy to vs in ns_util
            # Add the http policy set reference to VS in AVI
            if policy:
                # Added fix for same policy refferred in multiple vs
                policy['name'] = policy['name'] + updated_vs_name
                if policy['name'] in tmp_policy_ref:
                    # clone the http policy set if it is referenced to other VS
                    policy = ns_util.clone_http_policy_set(
                        policy, updated_vs_name, avi_config, self.tenant_name,
                        self.cloud_name, userprefix=self.prefix)
                updated_http_policy_ref = \
                    ns_util.get_object_ref(policy['name'],
                                           OBJECT_TYPE_HTTP_POLICY_SET,
                                           self.tenant_name)

                tmp_policy_ref.append(policy['name'])
                http_policies = {
                    'index': 11,
                    'http_policy_set_ref': updated_http_policy_ref
                }
                vs_obj['http_policies'] = []
                vs_obj['http_policies'].append(http_policies)
                avi_config['HTTPPolicySet'].append(policy)

            # Add reference of pool group to VS
            if default_pool_group:
                pool_group_ref = '%s-poolgroup' % default_pool_group
                updated_pool_group_ref = re.sub('[:]', '-', pool_group_ref)
                # Added prefix for objects
                if self.prefix:
                    updated_pool_group_ref = self.prefix + '-' + \
                                             updated_pool_group_ref
                pools = [pool_group['name'] for pool_group in
                         avi_config['PoolGroup']
                         if pool_group['name'] == updated_pool_group_ref]
                if pools:
                    ns_util.update_status_target_lb_vs_to_indirect(
                        default_pool_group)
                    # clone the pool group if it is referenced to other VS ot
                    # http policy set
                    if updated_pool_group_ref in tmp_used_pool_group_ref:
                        updated_pool_group_ref = ns_util.clone_pool_group(
                            updated_pool_group_ref, vs_name, avi_config,
                            self.tenant_name, self.cloud_name,
                            userprefix=self.prefix)
                    avi_pool_group_ref = ns_util.get_object_ref(
                        updated_pool_group_ref, OBJECT_TYPE_POOL_GROUP,
                        self.tenant_name, self.cloud_name)
                    vs_obj['pool_group_ref'] = avi_pool_group_ref
                    tmp_used_pool_group_ref.append(updated_pool_group_ref)
            if lb_vserver_bind_conf:
                bind_cs_vserver_command = 'bind cs vserver'
                bind_cs_vserver_complete_command = ns_util. \
                    get_netscalar_full_command(bind_cs_vserver_command,
                                               lb_vserver_bind_conf)
                LOG.debug('Conversion successful : %s' %
                          bind_cs_vserver_complete_command)
                conv_status = ns_util.get_conv_status(
                    bind_conf, self.csvs_bind_skipped, [], [],
                    user_ignore_val=self.csvs_bind_user_ignore)
                ns_util.add_conv_status(
                    lb_vserver_bind_conf['line_no'], bind_cs_vserver_command,
                    lb_vserver_bind_conf['attrs'][0],
                    bind_cs_vserver_complete_command, conv_status, vs_obj)
            # Verify that this cs vs has share the same VIP of another vs
            # If yes then skipped this cs vs
            is_shared = ns_util.is_shared_same_vip(
                vs_obj, cs_vs_list, avi_config, self.tenant_name,
                self.cloud_name, self.tenant_ref, self.cloud_ref,
                self.controller_version, self.prefix)
            if is_shared:
                skipped_status = 'Skipped: %s Same vip shared by another ' \
                                 'virtual service' % vs_name
                LOG.warning(skipped_status)
                ns_util.add_status_row(
                    cs_vs['line_no'], ns_add_cs_vserver_command, key,
                    ns_add_cs_vserver_complete_command, STATUS_SKIPPED,
                    skipped_status)
                continue
            cs_vs_list.append(vs_obj)
            # Add summery of this cs vs in CSV/report
            conv_status = ns_util.get_conv_status(
                cs_vs, self.csvs_skip_attrs, self.csvs_na_attrs, [],
                ignore_for_val=self.csvs_ignore_vals,
                user_ignore_val=self.csvs_user_ignore)
            ns_util.add_conv_status(
                cs_vs['line_no'], ns_add_cs_vserver_command,
                key, ns_add_cs_vserver_complete_command, conv_status, vs_obj)
            LOG.debug("Context Switch VS conversion completed for: %s" % key)
        vs_list = [obj for obj in lbvs_avi_conf if obj not in lb_vs_mapped]
        vs_list += cs_vs_list
        avi_config['VirtualService'] = vs_list
        ns_util.get_vs_if_shared_vip(avi_config, self.controller_version)
        # Update the index value of all policy rules as per their priority
        ns_util.set_rules_index_for_http_policy_set(avi_config)
        ns_util.clean_virtual_service_from_avi_config(
            avi_config, self.controller_version)
예제 #7
0
    def convert(self, ns_config, avi_config):
        """
        Converts service or service groups bound to VS to avi Pool entity
        :param ns_config: Netscaler parsed config
        :param avi_config: Avi converted config
        :param tenant_ref: Tenant
        :param cloud_ref: Cloud ref
        :return: None
        """

        used_pool_ref = []
        groups = ns_config.get('bind lb vserver', {})
        lb_vs_conf = ns_config.get('add lb vserver', {})
        avi_config['PoolGroup'] = []
        set_lb_groups = ns_config.get('set lb group', {})
        bind_lb_groups = ns_config.get('bind lb group', {})

        ns_bind_lb_vserver_command = 'bind lb vserver'

        # Conversion set ssl service netscalar commands to pool in AVI
        self.service_convert(ns_config, avi_config)
        ns_dns = ns_config.get('add dns addRec', {})
        for dns_key in ns_dns:
            dns_obj = ns_dns.get(dns_key, [])
            if isinstance(dns_obj, dict):
                dns_obj = [dns_obj]
            ns_dns_command = 'add dns addRec'
            for element in dns_obj:
                ns_dns_complate_command = ns_util.get_netscalar_full_command(
                    ns_dns_command, element)
                # Add status indirect to all add dns addRec netscalar commands
                # which are indirectly converted to AVI
                ns_util.add_status_row(
                    element['line_no'], ns_dns_command, dns_key,
                    ns_dns_complate_command, STATUS_INDIRECT)

        for group_key in groups:
            try:
                if not group_key:
                    skipped_status = 'Skipped: No bind lb vserver found. ' \
                                     'Skipped pool' % group_key
                    LOG.warning(skipped_status)
                        # Skipped service if could not found bind lb vs
                    ns_util.add_status_row(
                        None, ns_bind_lb_vserver_command, group_key, None,
                        STATUS_SKIPPED, skipped_status)
                    continue

                group = groups.get(group_key)
                if isinstance(group, dict):
                    group = [group]
                lb_vs = lb_vs_conf.get(group_key)
                ns_bind_lb_vserver_complete_command = \
                    ns_util.get_netscalar_full_command(
                        ns_bind_lb_vserver_command, group[0])
                if not lb_vs:
                    for element in group:
                        # Skipped service if could not found add lb vs
                        skipped_status = 'Skipped: No add lb vserver found. ' \
                                         'Skipped pool %s' % element['attrs'][0]
                        ns_bind_lb_vserver_complete_command = \
                            ns_util.get_netscalar_full_command(
                                ns_bind_lb_vserver_command, element)
                        ns_util.add_status_row(
                            element['line_no'], ns_bind_lb_vserver_command,
                            element['attrs'][0],
                            ns_bind_lb_vserver_complete_command,
                            STATUS_INCOMPLETE_CONFIGURATION)
                        LOG.warning(skipped_status)
                    continue
                ns_algo = lb_vs.get('lbMethod', 'LEASTCONNECTION')
                algo = ns_util.get_avi_lb_algorithm(ns_algo)
                pg_members = []
                for element in group:
                    if len(element['attrs']) < 2:
                        # Skipped this service if it doen not have any server
                        continue
                    full_cmd = ns_util.get_netscalar_full_command(
                        ns_bind_lb_vserver_command, element)
                    service = element['attrs'][1]
                    pool_name = re.sub('[:]', '-', service + '-pool')
                    # Added prefix for objects
                    if self.prefix:
                        pool_name = self.prefix + '-' + pool_name
                    pool = [pool for pool in avi_config['Pool']
                            if pool['name'] == pool_name]
                    if pool:
                        if pool_name in used_pool_ref:
                            pool_name = ns_util.clone_pool(
                                pool_name, group_key, avi_config,
                                userprefix=self.prefix)
                        pool[0]['lb_algorithm'] = algo
                        updated_pool_ref = ns_util.get_object_ref(
                            pool_name, OBJECT_TYPE_POOL, self.tenant_name,
                            self.cloud_name)
                        pg_members.append({'pool_ref': updated_pool_ref})
                        used_pool_ref.append(pool_name)
                        LOG.info('Conversion successful : %s' % full_cmd)
                        # Add summery of add server in CSV/report
                        conv_status = ns_util.get_conv_status(
                            element, self.nsservice_bind_lb_skipped, [], [],
                            ignore_for_val=self.nsservice_bind_lb_ignore_val,
                            user_ignore_val=self.nsservice_bind_lb_user_ignore)
                        ns_util.add_conv_status(
                            element['line_no'], ns_bind_lb_vserver_command,
                            element['attrs'][0], full_cmd, conv_status, pool[0])
                    else:
                        # Skipped add server if pool not found in AVI
                        skipped_status = 'Skipped :Pool is not created %s' \
                                         % element['attrs'][0]
                        LOG.warning(skipped_status)
                        ns_util.add_status_row(
                            element['line_no'], ns_bind_lb_vserver_command,
                            element['attrs'][0], full_cmd, STATUS_SKIPPED,
                            skipped_status)

                pg_name = group_key + '-poolgroup'
                pg_name = re.sub('[:]', '-', pg_name)
                # Added prefix for objects
                if self.prefix:
                    pg_name = self.prefix + '-' + pg_name
                if pg_members:
                    pool_group = {
                        'name': pg_name,
                        'members': pg_members,
                        'tenant_ref': self.tenant_ref,
                        'cloud_ref': self.cloud_ref
                    }
                    avi_config['PoolGroup'].append(pool_group)

            except Exception as e:
                LOG.error('Error in bind lb vserver conversion bound to: %s' %
                          group_key, exc_info=True)

        # Support for set lb group and bind lb group
        for set_lb_group_key in set_lb_groups:
            set_lb_group = set_lb_groups.get(set_lb_group_key)
            set_lb_group_mappings = bind_lb_groups.get(set_lb_group['attrs'][0],
                                                       [])
            persistenceType = set_lb_group.get('persistenceType', '')
            profile_name = '%s-persistance-profile' % set_lb_group['attrs'][0]
            ns_set_lb_group_command = 'set lb group'
            ns_set_lb_group_complate_command = \
                ns_util.get_netscalar_full_command(ns_set_lb_group_command,
                                                   set_lb_group)
            # Added prefix before object
            if self.prefix:
                profile_name = self.prefix + '-' + profile_name
            if persistenceType in self.lbvs_supported_persist_types:
                application_persistence_profile = \
                    ns_util.convert_persistance_prof(set_lb_group, profile_name,
                                                     self.tenant_ref)
                app_persist_profile_name = \
                    application_persistence_profile['name']
                if self.object_merge_check:
                    dup_of = ns_util.update_skip_duplicates(
                        application_persistence_profile, avi_config[
                            'ApplicationPersistenceProfile'],
                        'app_persist_profile', merge_object_mapping,
                        app_persist_profile_name, persistenceType, self.prefix)
                    if dup_of:
                        app_per_merge_count['count'] += 1
                        app_persist_profile_name = merge_object_mapping[
                            'app_persist_profile'].get(
                            app_persist_profile_name, None)
                    else:
                        avi_config['ApplicationPersistenceProfile'].append(
                            application_persistence_profile)
                else:
                    avi_config['ApplicationPersistenceProfile'].append(
                        application_persistence_profile)
                application_persistence_profile_ref = \
                    ns_util.get_object_ref(app_persist_profile_name,
                        OBJECT_TYPE_APPLICATION_PERSISTENCE_PROFILE,
                        self.tenant_name)

                # Added status successful in CSV/report if application
                # persistence profile create
                ns_util.add_status_row(
                    set_lb_group['line_no'], ns_set_lb_group_command,
                    set_lb_group['attrs'][0], ns_set_lb_group_complate_command,
                    STATUS_SUCCESSFUL, application_persistence_profile)
            else:
                skipped_status = 'Skipped:Persistance type %s not ' \
                                 'supported by Avi' % persistenceType
                LOG.warning(skipped_status)
                # Skipped set lb group if type perstistence profile not
                # supported by AVI
                ns_util.add_status_row(
                    set_lb_group['line_no'], ns_set_lb_group_command,
                    set_lb_group['attrs'][0], ns_set_lb_group_complate_command,
                    STATUS_SKIPPED, skipped_status)
                continue

            if isinstance(set_lb_group_mappings, dict):
                set_lb_group_mappings = [set_lb_group_mappings]
            for bind_lb_group in set_lb_group_mappings:
                ns_bind_lb_group_command = 'bind lb group'
                ns_bind_lb_group_complate_command = \
                    ns_util.get_netscalar_full_command(ns_bind_lb_group_command,
                                                       bind_lb_group)
                pool_group_name = bind_lb_group['attrs'][1] + '-poolgroup'
                # Added prefix for objects
                if self.prefix:
                    pool_group_name = self.prefix + '-' + pool_group_name
                pool_group = [pool_group for pool_group in
                              avi_config['PoolGroup'] if pool_group['name'] ==
                              pool_group_name]
                # Skipped if pool group not found in AVI
                if not pool_group:
                    skipped_status = "Skipped: Pool group not found" \
                                     % bind_lb_group['attrs'][1]
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(
                        bind_lb_group['line_no'], ns_bind_lb_group_command,
                        bind_lb_group['attrs'][0],
                        ns_bind_lb_group_complate_command,
                        STATUS_SKIPPED, skipped_status)
                    continue
                for pool_member in pool_group[0]['members']:
                    pool_name = \
                        pool_member['pool_ref'].split('&')[1].split('=')[1]
                    pool = [pool for pool in avi_config['Pool']
                            if pool['name'] == pool_name]
                    if pool:
                        pool[0]['application_persistence_profile_ref'] = \
                            application_persistence_profile_ref
                        # add successful statusin CSV/report for bind lb group
                        # updated pool with application perstistence profile ref
                        ns_util.add_status_row(
                            bind_lb_group['line_no'], ns_bind_lb_group_command,
                            bind_lb_group['attrs'][0],
                            ns_bind_lb_group_complate_command,
                            STATUS_SUCCESSFUL, pool_group[0])
예제 #8
0
    def get_key_cert(self, ssl_mappings, ssl_key_and_cert, input_dir,
                     avi_ssl_prof, ns_config, bind_ssl_cmd):
        """
        This function defines that convert PKI, SSL, and sslkeyandcert profiles
        :param ssl_mappings: List of bind ssl
        :param ssl_key_and_cert: Object of ssl key and cert
        :param input_dir: path of input dir which keeps key and cert
        :param avi_ssl_prof: Object of ssl profile
        :param ns_config: dict of netscalar commands
        :param bind_ssl_cmd: list of binding ssl
        :return: key and cert/ ssl profile/PKI profile
        """

        obj = dict()
        ciphers = []
        for mapping in ssl_mappings:
            key_passphrase = None
            output = None
            bind_ssl_full_cmd = ns_util.get_netscalar_full_command(
                bind_ssl_cmd, mapping)
            bind_ssl_success = False
            skipped_status = None
            if 'policyName' in mapping.keys():
                skipped_status = 'Not supported: %s' % bind_ssl_full_cmd
                LOG.warning(skipped_status)
                ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
                                       mapping['attrs'][0], bind_ssl_full_cmd,
                                       STATUS_COMMAND_NOT_SUPPORTED)
                continue
            elif 'CA' in mapping.keys():
                key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
                if not key_cert or mapping['attrs'][0] in tmp_pki_profile_list:
                    continue
                key_file_name = key_cert.get('key')
                cert_file_name = key_cert.get('cert')
                ca_str = None
                crl_str = None
                netscalar_cmd = 'add ssl certKey'
                full_cmd = ns_util.get_netscalar_full_command(
                    netscalar_cmd, key_cert)
                if not (key_file_name and cert_file_name):
                    skipped_status = 'Missing key or cert file: %s' \
                                     % full_cmd
                    LOG.warning(skipped_status)
                    # Add skipped status in CSV/report for ssl cert key
                    ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
                                           key_cert['attrs'][0], full_cmd,
                                           STATUS_MISSING_FILE, skipped_status)
                    skipped_status = 'Missing key or cert file: %s' % \
                                     bind_ssl_full_cmd
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
                                           mapping['attrs'][0],
                                           bind_ssl_full_cmd,
                                           STATUS_MISSING_FILE, skipped_status)
                    continue
                if key_file_name:
                    ca_str = ns_util.upload_file(input_dir + os.path.sep +
                                                 key_file_name)
                if cert_file_name:
                    crl_str = ns_util.upload_file(input_dir + os.path.sep +
                                                  cert_file_name)
                if ca_str:
                    pki_profile = dict()
                    pki_profile["ca_certs"] = [{'certificate': ca_str}]
                    crl_check = mapping.get('crlCheck', 'Optional')
                    if crl_check == 'Mandatory':
                        pki_profile['crl_check'] = True
                    else:
                        pki_profile['crl_check'] = False
                    if crl_str:
                        pki_profile["crls"] = [{'body': crl_str}]
                    pki_name = mapping['attrs'][0]
                    # Added prefix for objects
                    if self.prefix:
                        pki_name = self.prefix + '-' + pki_name
                    pki_profile["name"] = pki_name
                    pki_profile["tenant_ref"] = self.tenant_ref
                    obj['pki'] = pki_profile
                    output = pki_profile
                    bind_ssl_success = True
                    LOG.info('Conversion successful: %s' % full_cmd)
                    conv_status = ns_util.get_conv_status(
                        key_cert,
                        self.profile_add_key_cert_skip, [], [],
                        user_ignore_val=self.profile_add_key_cert_user_ignore)
                    # Add summery in CSV/report for PKI
                    ns_util.add_conv_status(key_cert['line_no'], netscalar_cmd,
                                            key_cert['attrs'][0], full_cmd,
                                            conv_status, obj['pki'])
                    tmp_pki_profile_list.append(pki_profile["name"])
                else:
                    skipped_status = 'Missing key or cert file: %s' % full_cmd
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
                                           key_cert['attrs'][0], full_cmd,
                                           STATUS_MISSING_FILE, skipped_status)
                    skipped_status = 'Missing key or cert file: %s' % \
                                     bind_ssl_full_cmd
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
                                           mapping['attrs'][0],
                                           bind_ssl_full_cmd,
                                           STATUS_MISSING_FILE, skipped_status)
                    continue

            elif 'certkeyName' in mapping.keys():
                key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
                if not key_cert:
                    continue
                netscalar_cmd = 'add ssl certKey'
                full_cmd = ns_util.get_netscalar_full_command(
                    netscalar_cmd, key_cert)
                key_file_name = key_cert.get('key')
                cert_file_name = key_cert.get('cert')
                if '/' in key_file_name:
                    key_file_name = str(key_file_name).split('/')[-1].strip(
                        '"')
                if key_file_name and cert_file_name:
                    cert = ns_util.upload_file(input_dir + os.path.sep +
                                               cert_file_name)
                    key = ns_util.upload_file(input_dir + os.path.sep +
                                              key_file_name)
                is_key_protected = False
                if key:
                    # Check kay is passphrase protected or not
                    is_key_protected = ns_util.is_certificate_key_protected(
                        input_dir + os.path.sep + key_file_name)

                if cert and key:
                    cert_date = c.load_certificate(
                        c.FILETYPE_PEM,
                        file(input_dir + os.path.sep + cert_file_name).read())
                    expiry_date = datetime.strptime(cert_date.get_notAfter(),
                                                    "%Y%m%d%H%M%SZ")
                    present_date = datetime.now()
                    if expiry_date < present_date:
                        LOG.warning("Certificate %s is expired creating self "
                                    "signed cert." % cert_file_name)
                        cert, key = None, None

                key_passphrase = None
                # Get the key passphrase for key_file
                if self.netscalar_passphrase_keys:
                    key_passphrase = self.netscalar_passphrase_keys.get(
                        key_file_name, None)
                # if key is protected and does not find passphrase key
                # then none the key
                if is_key_protected and not key_passphrase:
                    key = None
                if not cert or not key:
                    name = key_cert['attrs'][0] + '-dummy'
                else:
                    name = key_cert['attrs'][0]
                # Added prefix for objects
                if self.prefix:
                    name = self.prefix + '-' + name

                # Skipped this certificate if already exist
                if name in tmp_ssl_key_and_cert_list:
                    ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
                                           key_cert['attrs'][0], full_cmd,
                                           STATUS_INDIRECT)
                    ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
                                           mapping['attrs'][0],
                                           bind_ssl_full_cmd, STATUS_INDIRECT)
                    continue
                # Generate dummy cert and key
                if not cert or not key:
                    key, cert = ns_util.create_self_signed_cert()
                    LOG.warning('Create self cerificate and key for : %s' %
                                name)
                ssl_kc_obj = None
                if key and cert:
                    cert = {"certificate": cert}
                    ssl_kc_obj = {
                        'name': name,
                        'key': key,
                        'certificate': cert,
                        'type': 'SSL_CERTIFICATE_TYPE_VIRTUALSERVICE',
                        'tenant_ref': self.tenant_ref
                    }
                    # set the key passphrase for ssl key and certificate object
                    if key_passphrase:
                        ssl_kc_obj['key_passphrase'] = key_passphrase
                    tmp_ssl_key_and_cert_list.append(name)
                    obj['cert'] = ssl_kc_obj
                    output = ssl_kc_obj
                    # Add ssummery in CSV/report for ssl service
                    ns_util.add_status_row(key_cert['line_no'], netscalar_cmd,
                                           key_cert['attrs'][0], full_cmd,
                                           STATUS_INDIRECT)
                    bind_ssl_success = True
                else:
                    skipped_status = 'Skipped: Key and certificate not ' \
                                     'generated : %s' % full_cmd
            elif 'cipherName' in mapping.keys():
                ciphers_keys = self.get_ciphers(mapping['cipherName'],
                                                ns_config)
                ciphers += ciphers_keys
                ciphers = list(set(ciphers))
                obj['accepted_ciphers'] = ':'.join(ciphers)
                bind_ssl_success = True
                output = obj
                if not obj['accepted_ciphers']:
                    skipped_status = 'Skipped:Does not get any ciphers : %s' \
                                     % bind_ssl_full_cmd
            elif 'eccCurveName' in mapping.keys():
                LOG.warning('Indirect : %s' % bind_ssl_full_cmd)
                # Add indirect status in CSV/report for bind ssl service
                ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
                                       mapping['attrs'][0], bind_ssl_full_cmd,
                                       STATUS_INDIRECT)
                continue

            conv_status = ns_util.get_conv_status(
                mapping,
                self.profile_bind_sslvs_skip, [], [],
                user_ignore_val=self.profile_bind_sslvs_user_ignore)
            if not bind_ssl_success:
                LOG.warning(skipped_status)
                # Add skipped status in CSV/report for bind ssl service
                ns_util.add_status_row(mapping['line_no'], bind_ssl_cmd,
                                       mapping['attrs'][0], bind_ssl_full_cmd,
                                       STATUS_SKIPPED, skipped_status)
                continue

            LOG.info('Conversion successful: %s' % bind_ssl_full_cmd)
            # Add successful status in CSV/report for ssl service
            ns_util.add_conv_status(mapping['line_no'], bind_ssl_cmd,
                                    mapping['attrs'][0], bind_ssl_full_cmd,
                                    conv_status, output)

        return obj
예제 #9
0
    def get_service_montor(self, service_name, bind_ns_service, avi_config):
        """
        This function defines that return the list of health monitor references
        which is bind to service
        :param service_name: Name of service
        :param bind_ns_service: List of bind services
        :param avi_config: Dict of avi config
        :return: Return the list of monitor ref
        """

        monitor_refs = []
        bind_service = bind_ns_service.get(service_name, None)
        bind_service_command = 'bind service'
        if bind_service:
            if isinstance(bind_service, dict):
                bind_service = [bind_service]
            for service in bind_service:
                full_bind_service_command = \
                    ns_util.get_netscalar_full_command(bind_service_command,
                                                       service)
                if service and service.get('monitorName', None):
                    monitor_name = service.get('monitorName')
                    # Added prefix for objects
                    if self.prefix:
                        monitor_name = self.prefix + '-' + monitor_name
                    if self.object_merge_check:
                        # Get the merge health monitor name
                        monitor_name = merge_object_mapping[
                            'health_monitor'].get(monitor_name, None)
                    monitor = [monitor for monitor in avi_config['HealthMonitor']
                            if monitor['name'] == monitor_name]
                    if not monitor:
                        monitor_name = '%s-%s' %(monitor_name, 'dummy')
                        monitor = [monitor for monitor in
                                   avi_config['HealthMonitor']
                                   if monitor['name'] == monitor_name]

                    if not monitor:
                        skipped_status = 'External Monitor : Not supported ' \
                                         'Health monitor %s' % \
                                         full_bind_service_command
                        LOG.warning(skipped_status)
                        ns_util.add_status_row(
                            service['line_no'], bind_service_command,
                            service_name, full_bind_service_command,
                            STATUS_EXTERNAL_MONITOR, skipped_status)
                        continue
                    monitor_refs.append(monitor_name)
                    LOG.info('Conversion successful : %s' %
                             full_bind_service_command)
                    # Successful if health monitor found in AVI
                    ns_util.add_status_row(
                        service['line_no'], bind_service_command, service_name,
                        full_bind_service_command, STATUS_SUCCESSFUL,
                        service.get('monitorName'))
                else:
                    skipped_status = 'Skipped : Not found Health monitor %s' \
                                     % full_bind_service_command
                    LOG.warning(skipped_status)
                    # Skipped if health monitor not found in AVI
                    ns_util.add_status_row(
                        service['line_no'], bind_service_command, service_name,
                        full_bind_service_command, STATUS_SKIPPED,
                        skipped_status)
        return monitor_refs
예제 #10
0
    def convert(self, ns_config, avi_config, vs_state):
        """
        This function defines that it convert netscalar cs vs config to vs
        config of AVI
        :param ns_config: It is dict of all netscalar commands which are
        supported by AVI
        :param avi_config: It is dict of AVI output config
        :param vs_state: state of vs
        :return: None
        """
        policy_converter = PolicyConverter(
            self.tenant_name, self.cloud_name, self.tenant_ref, self.cloud_ref,
            self.csvs_bind_skipped, self.csvs_na_attrs, self.csvs_ignore_vals,
            self.csvs_bind_user_ignore, self.prefix)
        cs_vs_conf = ns_config.get('add cs vserver', {})
        bindings = ns_config.get('bind cs vserver', {})
        lbvs_avi_conf = avi_config['VirtualService']
        lb_vs_mapped = []
        cs_vs_list = []
        avi_config['StringGroup'] = []
        avi_config['VirtualService'] = ns_util.remove_duplicate_objects(
            'VirtualService', avi_config['VirtualService'])
        for cs_vs_index, key in enumerate(cs_vs_conf):
            LOG.debug("Context Switch VS conversion started for: %s" % key)
            lbvs_bindings = []
            cs_vs = cs_vs_conf[key]
            ns_add_cs_vserver_command = 'add cs vserver'
            ns_add_cs_vserver_complete_command = \
                ns_util.get_netscalar_full_command(ns_add_cs_vserver_command,
                                                   cs_vs)
            # Skipped this CS VS if it has type which are not supported
            if not cs_vs['attrs'][1] in self.csvs_supported_types:
                skipped_status = 'Skipped:Unsupported type %s of Context ' \
                                 'switch VS: %s' % (cs_vs['attrs'][1], key)
                LOG.warning(skipped_status)
                ns_util.add_status_row(cs_vs['line_no'],
                                       ns_add_cs_vserver_command, key,
                                       ns_add_cs_vserver_complete_command,
                                       STATUS_SKIPPED, skipped_status)
                continue
            tt = cs_vs.get('targetType', None)
            if tt and tt == 'GSLB':
                skipped_status = 'Skipped:Unsupported target type %s of ' \
                                 'Context switch VS: %s' % (cs_vs['attrs'][1],
                                                            key)
                LOG.warning(skipped_status)
                # Skipped this CS VS if targetType is GSLB
                ns_util.add_status_row(cs_vs['line_no'],
                                       ns_add_cs_vserver_command, key,
                                       ns_add_cs_vserver_complete_command,
                                       STATUS_SKIPPED, skipped_status)
            vs_name = cs_vs['attrs'][0]
            ip_addr = cs_vs['attrs'][2]
            port = cs_vs['attrs'][3]

            enable_ssl = False
            if vs_state == 'enable':
                enabled = (cs_vs.get('state', 'ENABLED') == 'ENABLED')
            else:
                enabled = False

            if cs_vs['attrs'][1] == 'SSL':
                enable_ssl = True
            updated_vs_name = re.sub('[:]', '-', vs_name)
            # Added prefix for objects
            if self.prefix:
                updated_vs_name = self.prefix + '-' + updated_vs_name
            # Regex to check Vs has IPV6 address if yes the Skipped
            if re.findall(ns_constants.IPV6_Address, ip_addr) \
                    or ip_addr == '0.0.0.0':
                skipped_status = "Skipped:Invalid VIP %s" \
                                 % ns_add_cs_vserver_command
                LOG.warning(skipped_status)
                ns_util.add_status_row(cs_vs['line_no'],
                                       ns_add_cs_vserver_command, key,
                                       ns_add_cs_vserver_complete_command,
                                       STATUS_SKIPPED, skipped_status)
                continue

            # VIP object for virtual service
            vip = {'ip_address': {'addr': ip_addr, 'type': 'V4'}, 'vip_id': 0}
            vs_obj = {
                'name': updated_vs_name,
                'tenant_ref': self.tenant_ref,
                'cloud_ref': self.cloud_ref,
                'type': 'VS_TYPE_NORMAL',
                'enabled': enabled,
                'services': []
            }
            if parse_version(self.controller_version) >= parse_version('17.1'):
                vs_obj['vip'] = [vip]
            else:
                vs_obj['ip_address'] = vip['ip_address']

            service = {'port': port, 'enable_ssl': enable_ssl}
            if port in ("0", "*"):
                service['port'] = "1"
                service['port_range_end'] = "65535"
            vs_obj['services'].append(service)

            http_prof = cs_vs.get('httpProfileName', None)
            if http_prof:
                # Added prefix for objects
                if self.prefix:
                    http_prof = self.prefix + '-' + http_prof
                # Get the merge application profile name
                if self.object_merge_check:
                    http_prof = merge_object_mapping['app_profile'].get(
                        http_prof, http_prof)
                if ns_util.object_exist('ApplicationProfile', http_prof,
                                        avi_config):
                    LOG.info(
                        'Conversion successful: Added application profile '
                        '%s for %s' % (http_prof, updated_vs_name))
                    http_prof_ref = \
                        ns_util.get_object_ref(http_prof,
                                               OBJECT_TYPE_APPLICATION_PROFILE,
                                               self.tenant_name)
                    vs_obj['application_profile_ref'] = http_prof_ref
                    clttimeout = cs_vs.get('cltTimeout', None)
                    if clttimeout:
                        ns_util.add_clttimeout_for_http_profile(
                            http_prof, avi_config, clttimeout)
                        clt_cmd = ns_add_cs_vserver_command + ' cltTimeout %s' \
                                                              % clttimeout
                        LOG.info('Conversion successful : %s' % clt_cmd)
                else:
                    LOG.warning("%s application profile doesn't exist for "
                                "%s vs" % (http_prof, updated_vs_name))
            ntwk_prof = cs_vs.get('tcpProfileName', None)
            if ntwk_prof:
                # Added prefix for objects
                if self.prefix:
                    ntwk_prof = self.prefix + '-' + ntwk_prof
                # Get the merge network profile name
                if self.object_merge_check:
                    ntwk_prof = merge_object_mapping['network_profile'].get(
                        ntwk_prof, ntwk_prof)
                if ns_util.object_exist('NetworkProfile', ntwk_prof,
                                        avi_config):
                    LOG.info('Conversion successful: Added network profile %s '
                             'for %s' % (ntwk_prof, updated_vs_name))
                    ntwk_prof_ref = \
                        ns_util.get_object_ref(ntwk_prof,
                                               OBJECT_TYPE_NETWORK_PROFILE,
                                               self.tenant_name)
                    vs_obj['network_profile_ref'] = ntwk_prof_ref
                else:
                    vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                        'System-TCP-Proxy', 'networkprofile', tenant='admin')
                    LOG.error('Error: Not found Network profile %s for %s' %
                              (ntwk_prof, updated_vs_name))

            if not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS':
                vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                    'System-DNS', 'applicationprofile', tenant='admin')
                vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                    'System-UDP-Per-Pkt', 'networkprofile', tenant='admin')
            elif not http_prof and (cs_vs['attrs'][1]).upper() == 'UDP':
                vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                    'System-L4-Application',
                    'applicationprofile',
                    tenant='admin')
                vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                    'System-UDP-Fast-Path', 'networkprofile', tenant='admin')
            elif not http_prof and (cs_vs['attrs'][1]).upper() == 'DNS_TCP':
                vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                    'System-L4-Application',
                    'applicationprofile',
                    tenant='admin')
                vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                    'System-TCP-Proxy', 'networkprofile', tenant='admin')
            elif not http_prof and (cs_vs['attrs'][1]).upper() == 'SSL':
                vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                    'System-Secure-HTTP', 'applicationprofile', tenant='admin')
            bind_conf_list = bindings.get(vs_name, None)
            if not bind_conf_list:
                continue
            if isinstance(bind_conf_list, dict):
                bind_conf_list = [bind_conf_list]
            default_pool_group = None
            lb_vserver_bind_conf = None

            if enable_ssl:
                ssl_mappings = ns_config.get('bind ssl vserver', {})
                ssl_bindings = ssl_mappings.get(key, [])
                if isinstance(ssl_bindings, dict):
                    ssl_bindings = [ssl_bindings]
                for mapping in ssl_bindings:
                    if 'CA' in mapping:
                        pki_ref = mapping['attrs'][0]
                        # Added prefix for objects
                        if self.prefix:
                            pki_ref = self.prefix + '-' + pki_ref
                        if self.object_merge_check:
                            pki_ref = merge_object_mapping['pki_profile'].get(
                                pki_ref)
                        if [
                                pki_profile
                                for pki_profile in avi_config["PKIProfile"]
                                if pki_profile['name'] == pki_ref
                        ]:
                            pki_ref = \
                                ns_util.get_object_ref(pki_ref,
                                                       OBJECT_TYPE_PKI_PROFILE,
                                                       self.tenant_name)
                            app_profile_with_pki_profile = \
                                ns_util.update_application_profile(
                                    http_prof, pki_ref, self.tenant_ref,
                                    updated_vs_name, avi_config)
                            app_profile_name = \
                                app_profile_with_pki_profile['name']
                            # Get the merge application profile name
                            if self.object_merge_check:
                                dup_of = ns_util.update_skip_duplicates(
                                    app_profile_with_pki_profile,
                                    avi_config['ApplicationProfile'],
                                    'app_profile', merge_object_mapping,
                                    app_profile_name, 'HTTP', self.prefix)
                                if dup_of:
                                    app_merge_count['count'] += 1
                                    app_profile_name = \
                                        merge_object_mapping['app_profile'].get(
                                            app_profile_name)
                                else:
                                    avi_config["ApplicationProfile"].append(
                                        app_profile_with_pki_profile)
                            else:
                                avi_config["ApplicationProfile"].append(
                                    app_profile_with_pki_profile)
                            app_profile_with_pki_profile_ref = \
                                ns_util.get_object_ref(app_profile_name,
                                    OBJECT_TYPE_APPLICATION_PROFILE,
                                    self.tenant_name)
                            vs_obj['application_profile_ref'] = \
                                app_profile_with_pki_profile_ref
                            LOG.info('Added: %s PKI profile %s' %
                                     (pki_ref, key))
                    elif 'certkeyName' in mapping:
                        avi_ssl_ref = 'ssl_key_and_certificate_refs'
                        ckname = mapping['certkeyName']
                        # Added prefix for objects
                        if self.prefix:
                            ckname = self.prefix + '-' + ckname
                        if [
                                obj
                                for obj in avi_config['SSLKeyAndCertificate']
                                if obj['name'] == ckname
                        ]:
                            updated_ssl_ref = \
                                ns_util.get_object_ref(ckname,
                                    OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                    self.tenant_name)
                            vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                        elif [
                                obj
                                for obj in avi_config['SSLKeyAndCertificate']
                                if obj['name'] == ckname + '-dummy'
                        ]:
                            updated_ssl_ref = \
                                ns_util.get_object_ref(ckname + '-dummy',
                                    OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                    self.tenant_name)
                            vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                        else:
                            LOG.warning(
                                'Could not find ssl key cert, so adding '
                                'default cert as system default insted')
                            vs_obj[avi_ssl_ref] = [
                                ns_util.get_object_ref('System-Default-Cert',
                                                       'sslkeyandcertificate',
                                                       'admin')
                            ]
                            continue

                        vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                ssl_vs_mapping = ns_config.get('set ssl vserver', {})
                mapping = ssl_vs_mapping.get(key, None)
                ssl_profile_name = re.sub('[:]', '-', key)
                # Added prefix for objects
                if self.prefix:
                    ssl_profile_name = self.prefix + '-' + ssl_profile_name
                # Get the merge ssl profile name
                if self.object_merge_check:
                    ssl_profile_name = merge_object_mapping['ssl_profile'].get(
                        ssl_profile_name, None)
                if mapping and [
                        ssl_profile for ssl_profile in avi_config["SSLProfile"]
                        if ssl_profile['name'] == ssl_profile_name
                ]:
                    updated_ssl_profile_ref = ns_util.get_object_ref(
                        ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
                        self.tenant_name)
                    # Changed ssl profile name to ssl profile ref.
                    vs_obj['ssl_profile_ref'] = updated_ssl_profile_ref
                    LOG.debug('Added: %s SSL profile %s' % (key, key))

            for bind_conf in bind_conf_list:
                if 'lbvserver' in bind_conf:
                    lbvs_bindings.append(bind_conf['lbvserver'])
                    default_pool_group = bind_conf['lbvserver']
                    lb_vserver_bind_conf = bind_conf

            LOG.debug("CS VS %s context switch between lb vs: %s" %
                      (key, lbvs_bindings))

            case_sensitive = False \
                if cs_vs.get('caseSensitive', '') == 'OFF' else True
            # Convert netscalar policy to AVI http policy set
            policy = policy_converter.convert(
                bind_conf_list, ns_config, avi_config, tmp_used_pool_group_ref,
                redirect_pools, 'bind cs vserver', case_sensitive)

            for binding in lbvs_bindings:
                if self.prefix:
                    binding = '%s-%s' % (self.prefix, binding)
                lb_vs_obj = [
                    obj for obj in lbvs_avi_conf if obj['name'] == binding
                ]

                if lb_vs_obj:
                    lb_vs_obj = lb_vs_obj[0]
                    lb_vs_mapped.append(lb_vs_obj)
                    lb_vs_obj = copy.deepcopy(lb_vs_obj)
                    lb_vs_obj.update(vs_obj)
                    vs_obj = lb_vs_obj
                else:
                    policy_vs = [
                        obj for obj in avi_config['Lbvs'] if binding in obj
                        and obj[binding].get('redirect_url', None)
                    ]
                    if policy_vs:
                        redirect_rule = {
                            'index': 999,
                            'redirect_action': {
                                'keep_query': True,
                                'status_code': "HTTP_REDIRECT_STATUS_CODE_302",
                                'host': {
                                    'tokens': [{
                                        'str_value':
                                        policy_vs[0][binding]['redirect_url'],
                                        'type':
                                        "URI_TOKEN_TYPE_HOST",
                                        'start_index':
                                        0,
                                        'end_index':
                                        65535
                                    }],
                                    'type':
                                    "URI_PARAM_TYPE_TOKENIZED"
                                },
                                'protocol': "HTTPS",
                                'port': 443
                            },
                            'enable': True,
                            "name": '%s-default-redirect' % updated_vs_name
                        }
                        if policy and policy.get('http_request_policy', None):
                            policy['http_request_policy']['rules'].append(
                                redirect_rule)
                        elif policy:
                            policy['http_request_policy']['rules'] = [
                                redirect_rule
                            ]
                        else:
                            policy = {
                                'name':
                                "vs-%s-HTTP-Policy-Set" % updated_vs_name,
                                'tenant_ref': self.tenant_ref,
                                'http_request_policy': {
                                    'rules': [redirect_rule]
                                },
                                'is_internal_policy': False
                            }
                        ns_util.update_status_target_lb_vs_to_indirect(binding)
                    else:
                        continue
            vs_obj.pop('pool_group_ref', None)

            # TODO move duplicate code for adding policy to vs in ns_util
            # Add the http policy set reference to VS in AVI
            if policy:
                # Added fix for same policy refferred in multiple vs
                policy['name'] = policy['name'] + updated_vs_name
                if policy['name'] in tmp_policy_ref:
                    # clone the http policy set if it is referenced to other VS
                    policy = ns_util.clone_http_policy_set(
                        policy,
                        updated_vs_name,
                        avi_config,
                        self.tenant_name,
                        self.cloud_name,
                        userprefix=self.prefix)
                updated_http_policy_ref = \
                    ns_util.get_object_ref(policy['name'],
                                           OBJECT_TYPE_HTTP_POLICY_SET,
                                           self.tenant_name)

                tmp_policy_ref.append(policy['name'])
                http_policies = {
                    'index': 11,
                    'http_policy_set_ref': updated_http_policy_ref
                }
                vs_obj['http_policies'] = []
                vs_obj['http_policies'].append(http_policies)
                avi_config['HTTPPolicySet'].append(policy)

            # Add reference of pool group to VS
            if default_pool_group:
                pool_group_ref = '%s-poolgroup' % default_pool_group
                updated_pool_group_ref = re.sub('[:]', '-', pool_group_ref)
                # Added prefix for objects
                if self.prefix:
                    updated_pool_group_ref = self.prefix + '-' + \
                                             updated_pool_group_ref
                pools = [
                    pool_group['name']
                    for pool_group in avi_config['PoolGroup']
                    if pool_group['name'] == updated_pool_group_ref
                ]
                if pools:
                    ns_util.update_status_target_lb_vs_to_indirect(
                        default_pool_group)
                    # clone the pool group if it is referenced to other VS ot
                    # http policy set
                    if updated_pool_group_ref in tmp_used_pool_group_ref:
                        updated_pool_group_ref = ns_util.clone_pool_group(
                            updated_pool_group_ref,
                            vs_name,
                            avi_config,
                            self.tenant_name,
                            self.cloud_name,
                            userprefix=self.prefix)
                    avi_pool_group_ref = ns_util.get_object_ref(
                        updated_pool_group_ref, OBJECT_TYPE_POOL_GROUP,
                        self.tenant_name, self.cloud_name)
                    vs_obj['pool_group_ref'] = avi_pool_group_ref
                    tmp_used_pool_group_ref.append(updated_pool_group_ref)
            if lb_vserver_bind_conf:
                bind_cs_vserver_command = 'bind cs vserver'
                bind_cs_vserver_complete_command = ns_util. \
                    get_netscalar_full_command(bind_cs_vserver_command,
                                               lb_vserver_bind_conf)
                LOG.debug('Conversion successful : %s' %
                          bind_cs_vserver_complete_command)
                conv_status = ns_util.get_conv_status(
                    bind_conf,
                    self.csvs_bind_skipped, [], [],
                    user_ignore_val=self.csvs_bind_user_ignore)
                ns_util.add_conv_status(lb_vserver_bind_conf['line_no'],
                                        bind_cs_vserver_command,
                                        lb_vserver_bind_conf['attrs'][0],
                                        bind_cs_vserver_complete_command,
                                        conv_status, vs_obj)
            # Verify that this cs vs has share the same VIP of another vs
            # If yes then skipped this cs vs
            is_shared = ns_util.is_shared_same_vip(
                vs_obj, cs_vs_list, avi_config, self.tenant_name,
                self.cloud_name, self.tenant_ref, self.cloud_ref,
                self.controller_version, self.prefix)
            if is_shared:
                skipped_status = 'Skipped: %s Same vip shared by another ' \
                                 'virtual service' % vs_name
                LOG.warning(skipped_status)
                ns_util.add_status_row(cs_vs['line_no'],
                                       ns_add_cs_vserver_command, key,
                                       ns_add_cs_vserver_complete_command,
                                       STATUS_SKIPPED, skipped_status)
                continue
            cs_vs_list.append(vs_obj)
            # Add summery of this cs vs in CSV/report
            conv_status = ns_util.get_conv_status(
                cs_vs,
                self.csvs_skip_attrs,
                self.csvs_na_attrs, [],
                ignore_for_val=self.csvs_ignore_vals,
                user_ignore_val=self.csvs_user_ignore)
            ns_util.add_conv_status(cs_vs['line_no'],
                                    ns_add_cs_vserver_command, key,
                                    ns_add_cs_vserver_complete_command,
                                    conv_status, vs_obj)
            LOG.debug("Context Switch VS conversion completed for: %s" % key)
        vs_list = [obj for obj in lbvs_avi_conf if obj not in lb_vs_mapped]
        vs_list += cs_vs_list
        avi_config['VirtualService'] = vs_list
        ns_util.get_vs_if_shared_vip(avi_config, self.controller_version)
        # Update the index value of all policy rules as per their priority
        ns_util.set_rules_index_for_http_policy_set(avi_config)
        ns_util.clean_virtual_service_from_avi_config(avi_config,
                                                      self.controller_version)
예제 #11
0
    def service_convert(self, ns_config, avi_config):
        """
        This function is defines that convert service to pool
        :param ns_config: Dict of netscalar commands
        :param avi_config: Dict of AVI
        :return: None
        """

        used_pool_ref = []
        avi_config['Pool'] = []
        ns_services = ns_config.get('add service', {})
        bind_service_group = ns_config.get('bind serviceGroup', {})
        ns_servers = ns_config.get('add server', {})
        ns_dns = ns_config.get('add dns addRec', {})
        bind_ns_service = ns_config.get('bind service', {})
        ns_service_groups = ns_config.get('add serviceGroup', {})
        set_ssl_service_group = ns_config.get('set ssl serviceGroup', {})
        set_ssl_service = ns_config.get('set ssl service', {})
        bind_ssl_service = ns_config.get('bind ssl service', {})
        bind_ssl_service_group = ns_config.get('bind ssl serviceGroup', {})

        for key in ns_services:
            service = ns_services.get(key, {})
            service_command = 'add service'
            service_name = key
            service_netscalar_full_command = \
                ns_util.get_netscalar_full_command(service_command, service)
            server = self.convert_ns_service(service, ns_servers, ns_dns)
            if not server:
                LOG.warning('Skipped:No server found %s' %
                            service_netscalar_full_command)
                # Skipped service if No sserver node
                ns_util.add_status_row(
                    service['line_no'], service_command, service_name,
                    service_netscalar_full_command,
                    STATUS_INCOMPLETE_CONFIGURATION)
                continue
            pool_name = re.sub('[:]', '-', service_name + '-pool')
            # Addded prefix for objects
            if self.prefix:
                pool_name = self.prefix + '-' + pool_name
            pool_obj = {
                'name': pool_name,
                'servers': [server],
                'health_monitor_refs': [],
                'tenant_ref': self.tenant_ref,
                'cloud_ref': self.cloud_ref
            }
            # Add health monitor reference to pool
            monitor_refs = self.get_service_montor(service_name,
                                                   bind_ns_service, avi_config)
            if monitor_refs:
                pool_obj['health_monitor_refs'] = list(set(monitor_refs))
            ssl_service = set_ssl_service.get(key, None)
            if ssl_service:
                bind_ssl_service_conf = bind_ssl_service.get(key, [])
                if isinstance(bind_ssl_service_conf, dict):
                    bind_ssl_service_conf = [bind_ssl_service_conf]
                for service_conf in bind_ssl_service_conf:
                    if service_conf.get('CA', None):
                        # Added prefix for objects
                        pkiname = self.prefix + '-' + service_conf['CA'] if \
                            self.prefix else service_conf['CA']
                        if self.object_merge_check:
                            pkiname = merge_object_mapping['pki_profile'].get(
                                pkiname, None)
                        if [pki for pki in avi_config['PKIProfile']
                             if pki['name'] == pkiname]:
                            updated_pki_ref = ns_util.get_object_ref(pkiname,
                                    OBJECT_TYPE_PKI_PROFILE, self.tenant_name)
                            pool_obj['pki_profile_ref'] = updated_pki_ref
                    if service_conf.get('certkeyName', None):
                        # Added prefix for objects
                        certname = self.prefix + '-' + \
                                   service_conf['certkeyName'] if \
                                    self.prefix else service_conf['certkeyName']
                        if [key_cert for key_cert in avi_config[
                            'SSLKeyAndCertificate'] if key_cert[
                            'name'] == certname]:
                            ssl_key_cert_ref = ns_util.get_object_ref(certname,
                                OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                                    self.tenant_name)
                            pool_obj['ssl_key_and_certificate_ref'] = \
                                ssl_key_cert_ref
                        elif [key_cert for key_cert in avi_config[
                            'SSLKeyAndCertificate'] if key_cert[
                            'name'] == certname + '-dummy']:
                            ssl_key_cert_ref = ns_util.get_object_ref(
                                certname + '-dummy',
                                OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                                               self.tenant_name)
                            pool_obj['ssl_key_and_certificate_ref'] = \
                                ssl_key_cert_ref
                ssl_profile_name = re.sub('[:]', '-', key)
                # Added prefix for objects
                if self.prefix:
                    ssl_profile_name = self.prefix + '-' + ssl_profile_name
                if self.object_merge_check:
                    # Get the merge ssl profile name
                    ssl_profile_name = merge_object_mapping['ssl_profile'].get(
                        ssl_profile_name, None)
                if [ssl_prof for ssl_prof in avi_config['SSLProfile']
                    if ssl_prof['name'] == ssl_profile_name]:
                    updated_ssl_profile_ref = ns_util.get_object_ref(
                        ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
                        self.tenant_name)
                    pool_obj['ssl_profile_ref'] = updated_ssl_profile_ref
                if pool_obj.get('pki_profile_ref', None) or \
                        pool_obj.get('ssl_key_and_certificate_ref', None) or \
                        pool_obj.get('ssl_profile_ref', None):
                    # Remove health monitor reference of http type if pool has
                    # ssl profile or pki profile or ssl cert key
                    ns_util.remove_http_mon_from_pool(avi_config, pool_obj)
            if len(pool_obj['health_monitor_refs']) > 6:
                pool_obj['health_monitor_refs'] = \
                    pool_obj['health_monitor_refs'][:6]
            if pool_obj['health_monitor_refs']:
                updated_health_monitor_ref = []
                for health_monitor_ref in pool_obj['health_monitor_refs']:
                    updated_health_monitor_ref.append(
                        ns_util.get_object_ref(
                            health_monitor_ref, OBJECT_TYPE_HEALTH_MONITOR,
                            self.tenant_name))
                pool_obj['health_monitor_refs'] = updated_health_monitor_ref

            avi_config['Pool'].append(pool_obj)
            LOG.warning('Conversion successful: %s' %
                        service_netscalar_full_command)
            # Add summery of this service in CSV/report
            conv_status = ns_util.get_conv_status(
                service, self.nsservice_bind_lb_skipped, [], [],
                user_ignore_val=self.nsservice_bind_lb_user_ignore)
            ns_util.add_conv_status(
                service['line_no'], service_command, service_name,
                service_netscalar_full_command, conv_status, pool_obj)

        for group_key in ns_service_groups:
            service_group_command = 'add serviceGroup'
            service_group = ns_service_groups.get(group_key, {})
            service_group_name = group_key
            service_group_netscalar_full_command = \
                ns_util.get_netscalar_full_command(
                    service_group_command, service_group)
            bind_groups = bind_service_group.get(service_group['attrs'][0], [])
            servers, monitor_ref = self.convert_ns_service_group(
                bind_groups, ns_servers, ns_dns, avi_config)
            if not servers:
                LOG.warning('Skipped:No server found %s' %
                            service_group_netscalar_full_command)
                # Skipped this service group if No server found
                ns_util.add_status_row(
                    service_group['line_no'], service_group_command,
                    service_group_name, service_group_netscalar_full_command,
                    STATUS_INCOMPLETE_CONFIGURATION)
                continue

            pool_name = re.sub('[:]', '-', service_group_name + '-pool')
            # Added prefix for objects
            if self.prefix:
                pool_name = self.prefix + '-' + pool_name
            pool_obj = {
                'name': pool_name,
                'servers': servers,
                'health_monitor_refs': [],
                'tenant_ref': self.tenant_ref,
                'cloud_ref': self.cloud_ref
            }

            # Add health monitor reference to pool
            if monitor_ref and [monitor for monitor in
                                avi_config['HealthMonitor']
                                if monitor['name'] == monitor_ref]:

                pool_obj['health_monitor_refs'].append(monitor_ref)

            ssl_service_group = set_ssl_service_group.get(group_key, None)
            if ssl_service_group:
                bind_ssl_service_group_conf = \
                    bind_ssl_service_group.get(group_key, [])
                if isinstance(bind_ssl_service_group_conf, dict):
                    bind_ssl_service_group_conf = [bind_ssl_service_group_conf]
                for ssl_service_conf in bind_ssl_service_group_conf:
                    if ssl_service_conf.get('CA', None):
                        # Added prefix for objects
                        pkiname = self.prefix + '-' + ssl_service_conf['CA'] \
                                    if self.prefix else ssl_service_conf['CA']
                        if self.object_merge_check:
                            pkiname = merge_object_mapping['pki_profile'].get(
                                pkiname, None)
                        if [pki for pki in avi_config['PKIProfile']
                                 if pki['name'] == pkiname]:
                            updated_pki_ref = ns_util.get_object_ref(pkiname,
                            OBJECT_TYPE_PKI_PROFILE, self.tenant_name)
                            pool_obj['pki_profile_ref'] = updated_pki_ref
                    if ssl_service_conf.get('certkeyName', None):
                        certname = self.prefix + '-' + \
                                   service_conf['certkeyName'] if \
                            self.prefix else service_conf.get['certkeyName']
                        if [key_cert for key_cert in avi_config[
                            'SSLKeyAndCertificate'] if key_cert['name'] ==
                                certname]:
                            ssl_key_cert_ref = ns_util.get_object_ref(certname,
                                        OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                                            self.tenant_name)
                            pool_obj['ssl_key_and_certificate_ref'] = \
                                ssl_key_cert_ref
                        elif [key_cert for key_cert in avi_config[
                            'SSLKeyAndCertificate'] if key_cert[
                                  'name'] == certname + '-dummy']:
                            ssl_key_cert_ref = ns_util.get_object_ref(
                                certname + '-dummy',
                                OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                self.tenant_name)
                            pool_obj['ssl_key_and_certificate_ref'] = \
                                ssl_key_cert_ref
                ssl_profile_name = re.sub('[:]', '-', group_key)
                # Added prefix for objects
                if self.prefix:
                    ssl_profile_name = self.prefix + '-' + ssl_profile_name
                if self.object_merge_check:
                    # Get the merge ssl profile name
                    ssl_profile_name = merge_object_mapping['ssl_profile'].get(
                        ssl_profile_name, None)
                if [ssl_prof for ssl_prof in avi_config['SSLProfile']
                    if ssl_prof['name'] == ssl_profile_name]:
                    updated_ssl_profile_ref = ns_util.get_object_ref(
                        ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
                        self.tenant_name)
                    pool_obj['ssl_profile_ref'] = updated_ssl_profile_ref
                if pool_obj.get('pki_profile_ref', None) or \
                        pool_obj.get('ssl_key_and_certificate_ref', None) or \
                        pool_obj.get('ssl_profile_ref', None):
                    # Remove health monitor reference of http type if pool has
                    # ssl profile or pki profile or ssl cert key
                    ns_util.remove_http_mon_from_pool(avi_config, pool_obj)
            if len(pool_obj['health_monitor_refs']) > 6:
                pool_obj['health_monitor_refs'] = \
                    pool_obj['health_monitor_refs'][:6]

            if pool_obj['health_monitor_refs']:
                if pool_obj['health_monitor_refs']:
                    updated_health_monitor_ref = []
                    for health_monitor_ref in pool_obj['health_monitor_refs']:
                        updated_health_monitor_ref.append(
                            ns_util.get_object_ref(
                                health_monitor_ref, OBJECT_TYPE_HEALTH_MONITOR,
                                self.tenant_name))
                    pool_obj['health_monitor_refs'] = updated_health_monitor_ref

            avi_config['Pool'].append(pool_obj)
            LOG.warning('Conversion successful: %s' %
                        service_group_netscalar_full_command)
            # Add summery of this service group in CSV/report
            conv_status = ns_util.get_conv_status(
                service_group, self.nsservice_bind_lb_skipped, [], [],
                user_ignore_val=self.nsservice_bind_lb_user_ignore)
            ns_util.add_conv_status(
                service_group['line_no'], service_group_command,
                service_group_name, service_group_netscalar_full_command,
                conv_status, pool_obj)
예제 #12
0
    def get_ciphers(self, cipher, ns_config):
        """
        This function is define to get the ssl ciphers
        :param cipher: cipher name
        :param ns_config: netscalar configuration
        :return: list of ciphers
        """

        cipher_config = ns_config.get('add ssl cipher', {})
        cipher_mapping = ns_config.get('bind ssl cipher', {})
        lb_cipher = cipher_config.get(cipher, None)
        bind_ciphers = cipher_mapping.get(cipher, None)
        add_ssl_cipher_command = 'add ssl cipher'
        bind_ssl_cipher_command = 'bind ssl cipher'
        # added default ssl ciphers
        if not (lb_cipher and bind_ciphers):
            return ['AES:3DES:RC4']
        ciphers = []
        full_add_ssl_cipher_command = \
            ns_util.get_netscalar_full_command(add_ssl_cipher_command,
                                               lb_cipher)
        LOG.info('Conversion successful: %s' % full_add_ssl_cipher_command)
        # Add Successful status in CSV/report for add ssl cipher
        ns_util.add_status_row(lb_cipher['line_no'], add_ssl_cipher_command,
                               cipher, full_add_ssl_cipher_command,
                               STATUS_SUCCESSFUL, None)
        if isinstance(bind_ciphers, dict):
            bind_ciphers = [bind_ciphers]
        for bind_cipher in bind_ciphers:
            full_bind_ssl_cipher_command = ns_util. \
                get_netscalar_full_command(bind_ssl_cipher_command, bind_cipher)
            if bind_cipher.get('cipherName', None):
                not_supported_open_ssl_cipher = \
                    self.non_supported_netscaler_to_open_ssl_cipher. \
                        get(bind_cipher['cipherName'], None)
                if not_supported_open_ssl_cipher:
                    # Skipped ssl cipher which AVI does not support
                    skipped_status = \
                        'Skipped: ssl cipher does not supported by avi: %s' \
                        % full_bind_ssl_cipher_command
                    LOG.warning(skipped_status)
                    # Add skipped status in xlsx/report for add ssl cipher
                    ns_util.add_status_row(
                        bind_cipher['line_no'], bind_ssl_cipher_command, cipher,
                        full_bind_ssl_cipher_command, STATUS_INDIRECT,
                        skipped_status)
                    continue

                supported_open_ssl_cipher = \
                    self.supported_netscaler_to_open_ssl_cipher. \
                        get(bind_cipher['cipherName'], None)
                if supported_open_ssl_cipher:
                    avi_cipher = {'accepted_ciphers': supported_open_ssl_cipher}
                    ciphers.append(supported_open_ssl_cipher)
                    LOG.info('Conversion successful: %s' %
                             full_bind_ssl_cipher_command)
                    # Add Successful status in CSV/report for add ssl cipher
                    ns_util.add_status_row(bind_cipher['line_no'],
                                           bind_ssl_cipher_command, cipher,
                                           full_bind_ssl_cipher_command,
                                           STATUS_SUCCESSFUL, avi_cipher)
                else:
                    # Skipped ssl cipher if cipher is None
                    skipped_status = 'Skipped: Cipher not match in avi: %s' \
                                     % full_bind_ssl_cipher_command
                    LOG.warning(skipped_status)
                    # Add skipped status in xlsx/report for add ssl cipher
                    ns_util.add_status_row(
                        bind_cipher['line_no'], bind_ssl_cipher_command, cipher,
                        full_bind_ssl_cipher_command, STATUS_SKIPPED,
                        skipped_status)

            else:
                skipped_status = 'Skipped: Does not get any ciphers: %s' \
                                 % full_bind_ssl_cipher_command
                LOG.warning(skipped_status)
                # Add skipped status in CSV/report for add ssl cipher
                ns_util.add_status_row(
                    bind_cipher['line_no'], bind_ssl_cipher_command, cipher,
                    full_bind_ssl_cipher_command, STATUS_SKIPPED,
                    skipped_status)

        if not ciphers:
            return [cipher]

        return ciphers
예제 #13
0
    def get_key_cert(self, ssl_mappings, ssl_key_and_cert, input_dir,
                     avi_ssl_prof, ns_config, bind_ssl_cmd):
        """
        This function defines that convert PKI, SSL, and sslkeyandcert profiles
        :param ssl_mappings: List of bind ssl
        :param ssl_key_and_cert: Object of ssl key and cert
        :param input_dir: path of input dir which keeps key and cert
        :param avi_ssl_prof: Object of ssl profile
        :param ns_config: dict of netscalar commands
        :param bind_ssl_cmd: list of binding ssl
        :return: key and cert/ ssl profile/PKI profile
        """

        obj = dict()
        ciphers = []
        for mapping in ssl_mappings:
            key_passphrase = None
            output = None
            bind_ssl_full_cmd = ns_util.get_netscalar_full_command(bind_ssl_cmd,
                                                                   mapping)
            bind_ssl_success = False
            skipped_status = None
            if 'policyName' in mapping.keys():
                skipped_status = 'Not supported: %s' % bind_ssl_full_cmd
                LOG.warning(skipped_status)
                ns_util.add_status_row(
                    mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
                    bind_ssl_full_cmd, STATUS_COMMAND_NOT_SUPPORTED)
                continue
            elif 'CA' in mapping.keys():
                key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
                if not key_cert or mapping['attrs'][0] in tmp_pki_profile_list:
                    continue
                key_file_name = key_cert.get('key')
                cert_file_name = key_cert.get('cert')
                ca_str = None
                crl_str = None
                netscalar_cmd = 'add ssl certKey'
                full_cmd = ns_util.get_netscalar_full_command(netscalar_cmd,
                                                              key_cert)
                if not (key_file_name and cert_file_name):
                    skipped_status = 'Missing key or cert file: %s' \
                                     % full_cmd
                    LOG.warning(skipped_status)
                    # Add skipped status in CSV/report for ssl cert key
                    ns_util.add_status_row(
                        key_cert['line_no'], netscalar_cmd,
                        key_cert['attrs'][0], full_cmd, STATUS_MISSING_FILE,
                        skipped_status)
                    skipped_status = 'Missing key or cert file: %s' % \
                                     bind_ssl_full_cmd
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(
                        mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
                        bind_ssl_full_cmd, STATUS_MISSING_FILE, skipped_status)
                    continue
                if key_file_name:
                    ca_str = ns_util.upload_file(
                        input_dir + os.path.sep + key_file_name)
                if cert_file_name:
                    crl_str = ns_util.upload_file(
                        input_dir + os.path.sep + cert_file_name)
                if ca_str:
                    pki_profile = dict()
                    pki_profile["ca_certs"] = [{'certificate': ca_str}]
                    crl_check = mapping.get('crlCheck', 'Optional')
                    if crl_check == 'Mandatory':
                        pki_profile['crl_check'] = True
                    else:
                        pki_profile['crl_check'] = False
                    if crl_str:
                        pki_profile["crls"] = [{'body': crl_str}]
                    pki_name = mapping['attrs'][0]
                    # Added prefix for objects
                    if self.prefix:
                        pki_name = self.prefix + '-' + pki_name
                    pki_profile["name"] = pki_name
                    pki_profile["tenant_ref"] = self.tenant_ref
                    obj['pki'] = pki_profile
                    output = pki_profile
                    bind_ssl_success = True
                    LOG.info('Conversion successful: %s' % full_cmd)
                    conv_status = ns_util.get_conv_status(
                        key_cert, self.profile_add_key_cert_skip, [], [],
                        user_ignore_val=self.profile_add_key_cert_user_ignore)
                    # Add summery in CSV/report for PKI
                    ns_util.add_conv_status(
                        key_cert['line_no'], netscalar_cmd,
                        key_cert['attrs'][0], full_cmd, conv_status, obj['pki'])
                    tmp_pki_profile_list.append(pki_profile["name"])
                else:
                    skipped_status = 'Missing key or cert file: %s' % full_cmd
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(
                        key_cert['line_no'], netscalar_cmd,
                        key_cert['attrs'][0], full_cmd, STATUS_MISSING_FILE,
                        skipped_status)
                    skipped_status = 'Missing key or cert file: %s' % \
                                     bind_ssl_full_cmd
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(
                        mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
                        bind_ssl_full_cmd, STATUS_MISSING_FILE, skipped_status)
                    continue

            elif 'certkeyName' in mapping.keys():
                key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
                if not key_cert:
                    continue
                netscalar_cmd = 'add ssl certKey'
                full_cmd = ns_util.get_netscalar_full_command(netscalar_cmd,
                                                              key_cert)
                key_file_name = key_cert.get('key')
                cert_file_name = key_cert.get('cert')
                if '/' in key_file_name:
                    key_file_name = str(key_file_name).split('/')[-1].strip('"')
                if key_file_name and cert_file_name:
                    cert = ns_util.upload_file(
                        input_dir + os.path.sep + cert_file_name)
                    key = ns_util.upload_file(
                        input_dir + os.path.sep + key_file_name)
                is_key_protected = False
                if key:
                    # Check kay is passphrase protected or not
                    is_key_protected = ns_util.is_certificate_key_protected(
                        input_dir + os.path.sep + key_file_name)

                if cert and key:
                    cert_date = c.load_certificate(c.FILETYPE_PEM,
                                                   file(input_dir + os.path.sep
                                                        + cert_file_name).read())
                    expiry_date = datetime.strptime(cert_date.get_notAfter(),
                                                    "%Y%m%d%H%M%SZ")
                    present_date = datetime.now()
                    if expiry_date < present_date:
                        LOG.warning("Certificate %s is expired creating self "
                                    "signed cert." % cert_file_name)
                        cert, key = None, None

                key_passphrase = None
                # Get the key passphrase for key_file
                if self.netscalar_passphrase_keys:
                    key_passphrase = self.netscalar_passphrase_keys.get(
                        key_file_name, None)
                # if key is protected and does not find passphrase key
                # then none the key
                if is_key_protected and not key_passphrase:
                    key = None
                if not cert or not key:
                    name = key_cert['attrs'][0] + '-dummy'
                else:
                    name = key_cert['attrs'][0]
                # Added prefix for objects
                if self.prefix:
                    name = self.prefix + '-' + name

                # Skipped this certificate if already exist
                if name in tmp_ssl_key_and_cert_list:
                    ns_util.add_status_row(
                        key_cert['line_no'], netscalar_cmd,
                        key_cert['attrs'][0], full_cmd, STATUS_INDIRECT)
                    ns_util.add_status_row(
                        mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
                        bind_ssl_full_cmd, STATUS_INDIRECT)
                    continue
                # Generate dummy cert and key
                if not cert or not key:
                    key, cert = ns_util.create_self_signed_cert()
                    LOG.warning('Create self cerificate and key for : %s' % name)
                ssl_kc_obj = None
                if key and cert:
                    cert = {"certificate": cert}
                    ssl_kc_obj = {
                        'name': name,
                        'key': key,
                        'certificate': cert,
                        'type': 'SSL_CERTIFICATE_TYPE_VIRTUALSERVICE',
                        'tenant_ref': self.tenant_ref
                    }
                    # set the key passphrase for ssl key and certificate object
                    if key_passphrase:
                        ssl_kc_obj['key_passphrase'] = key_passphrase
                    tmp_ssl_key_and_cert_list.append(name)
                    obj['cert'] = ssl_kc_obj
                    output = ssl_kc_obj
                    # Add ssummery in CSV/report for ssl service
                    ns_util.add_status_row(
                        key_cert['line_no'], netscalar_cmd,
                        key_cert['attrs'][0], full_cmd, STATUS_INDIRECT)
                    bind_ssl_success = True
                else:
                    skipped_status = 'Skipped: Key and certificate not ' \
                                     'generated : %s' % full_cmd
            elif 'cipherName' in mapping.keys():
                ciphers_keys = self.get_ciphers(mapping['cipherName'],
                                                ns_config)
                ciphers += ciphers_keys
                ciphers = list(set(ciphers))
                obj['accepted_ciphers'] = ':'.join(ciphers)
                bind_ssl_success = True
                output = obj
                if not obj['accepted_ciphers']:
                    skipped_status = 'Skipped:Does not get any ciphers : %s' \
                                     % bind_ssl_full_cmd
            elif 'eccCurveName' in mapping.keys():
                LOG.warning('Indirect : %s' % bind_ssl_full_cmd)
                # Add indirect status in CSV/report for bind ssl service
                ns_util.add_status_row(
                    mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
                    bind_ssl_full_cmd, STATUS_INDIRECT)
                continue

            conv_status = ns_util.get_conv_status(
                mapping, self.profile_bind_sslvs_skip, [], [],
                user_ignore_val=self.profile_bind_sslvs_user_ignore)
            if not bind_ssl_success:
                LOG.warning(skipped_status)
                # Add skipped status in CSV/report for bind ssl service
                ns_util.add_status_row(
                    mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
                    bind_ssl_full_cmd, STATUS_SKIPPED, skipped_status)
                continue

            LOG.info('Conversion successful: %s' % bind_ssl_full_cmd)
            # Add successful status in CSV/report for ssl service
            ns_util.add_conv_status(
                mapping['line_no'], bind_ssl_cmd, mapping['attrs'][0],
                bind_ssl_full_cmd, conv_status, output)

        return obj
예제 #14
0
    def get_ciphers(self, cipher, ns_config):
        """
        This function is define to get the ssl ciphers
        :param cipher: cipher name
        :param ns_config: netscalar configuration
        :return: list of ciphers
        """

        cipher_config = ns_config.get('add ssl cipher', {})
        cipher_mapping = ns_config.get('bind ssl cipher', {})
        lb_cipher = cipher_config.get(cipher, None)
        bind_ciphers = cipher_mapping.get(cipher, None)
        add_ssl_cipher_command = 'add ssl cipher'
        bind_ssl_cipher_command = 'bind ssl cipher'
        # added default ssl ciphers
        if not (lb_cipher and bind_ciphers):
            return ['AES:3DES:RC4']
        ciphers = []
        full_add_ssl_cipher_command = \
            ns_util.get_netscalar_full_command(add_ssl_cipher_command,
                                               lb_cipher)
        LOG.info('Conversion successful: %s' % full_add_ssl_cipher_command)
        # Add Successful status in CSV/report for add ssl cipher
        ns_util.add_status_row(lb_cipher['line_no'], add_ssl_cipher_command,
                               cipher, full_add_ssl_cipher_command,
                               STATUS_SUCCESSFUL, None)
        if isinstance(bind_ciphers, dict):
            bind_ciphers = [bind_ciphers]
        for bind_cipher in bind_ciphers:
            full_bind_ssl_cipher_command = ns_util. \
                get_netscalar_full_command(bind_ssl_cipher_command, bind_cipher)
            if bind_cipher.get('cipherName', None):
                not_supported_open_ssl_cipher = \
                    self.non_supported_netscaler_to_open_ssl_cipher. \
                        get(bind_cipher['cipherName'], None)
                if not_supported_open_ssl_cipher:
                    # Skipped ssl cipher which AVI does not support
                    skipped_status = \
                        'Skipped: ssl cipher does not supported by avi: %s' \
                        % full_bind_ssl_cipher_command
                    LOG.warning(skipped_status)
                    # Add skipped status in xlsx/report for add ssl cipher
                    ns_util.add_status_row(bind_cipher['line_no'],
                                           bind_ssl_cipher_command, cipher,
                                           full_bind_ssl_cipher_command,
                                           STATUS_INDIRECT, skipped_status)
                    continue

                supported_open_ssl_cipher = \
                    self.supported_netscaler_to_open_ssl_cipher. \
                        get(bind_cipher['cipherName'], None)
                if supported_open_ssl_cipher:
                    avi_cipher = {
                        'accepted_ciphers': supported_open_ssl_cipher
                    }
                    ciphers.append(supported_open_ssl_cipher)
                    LOG.info('Conversion successful: %s' %
                             full_bind_ssl_cipher_command)
                    # Add Successful status in CSV/report for add ssl cipher
                    ns_util.add_status_row(bind_cipher['line_no'],
                                           bind_ssl_cipher_command, cipher,
                                           full_bind_ssl_cipher_command,
                                           STATUS_SUCCESSFUL, avi_cipher)
                else:
                    # Skipped ssl cipher if cipher is None
                    skipped_status = 'Skipped: Cipher not match in avi: %s' \
                                     % full_bind_ssl_cipher_command
                    LOG.warning(skipped_status)
                    # Add skipped status in xlsx/report for add ssl cipher
                    ns_util.add_status_row(bind_cipher['line_no'],
                                           bind_ssl_cipher_command, cipher,
                                           full_bind_ssl_cipher_command,
                                           STATUS_SKIPPED, skipped_status)

            else:
                skipped_status = 'Skipped: Does not get any ciphers: %s' \
                                 % full_bind_ssl_cipher_command
                LOG.warning(skipped_status)
                # Add skipped status in CSV/report for add ssl cipher
                ns_util.add_status_row(bind_cipher['line_no'],
                                       bind_ssl_cipher_command, cipher,
                                       full_bind_ssl_cipher_command,
                                       STATUS_SKIPPED, skipped_status)

        if not ciphers:
            return [cipher]

        return ciphers
예제 #15
0
    def convert_monitor(self, ns_monitor, input_dir, netscalar_command,
                        ns_monitor_complete_command):
        """
        This functions defines that convert netscalar health monitor to AVI
        health monitor object
        :param ns_monitor: Object of health monitor
        :param input_dir: Input dir for command_code
        :param netscalar_command: Netscalar command for XL sheet status
        :param ns_monitor_complete_command: Full command for XL sheet status
        :return: health monitor object
        """

        avi_monitor = dict()
        try:
            mon_name = ns_monitor['attrs'][0]
            # Added prefix for objects
            if self.prefix:
                mon_name = self.prefix + '-' + mon_name
            LOG.debug('Conversion started for monitor %s' % mon_name)
            avi_monitor["name"] = str(mon_name).strip().replace(" ", "_")
            avi_monitor["tenant_ref"] = self.tenant_ref
            avi_monitor["receive_timeout"] = ns_monitor.get('resptimeout', 2)
            avi_monitor["failed_checks"] = ns_monitor.get('failureRetries', 3)
            interval = ns_monitor.get('interval', '5')
            if 'MIN' in interval.upper():
                match_obj = re.findall('[0-9]+', ns_monitor.get(
                    'interval', '5'))
                interval = int(match_obj[0]) * 60
            avi_monitor["send_interval"] = str(interval)
            if ns_monitor.get('destPort'):
                avi_monitor['monitor_port'] = ns_monitor.get('destPort')
            avi_monitor["successful_checks"] = ns_monitor.get(
                'successRetries', 1)

            mon_type = ns_monitor['attrs'][1]

            if mon_type == 'PING':
                avi_monitor["type"] = "HEALTH_MONITOR_PING"
            elif mon_type == 'TCP':
                avi_monitor["type"] = "HEALTH_MONITOR_TCP"
            elif mon_type == 'TCP-ECV':
                avi_monitor["type"] = "HEALTH_MONITOR_TCP"
                send = ns_monitor.get("send", None)
                if send:
                    send = send.replace('"', '')
                response = ns_monitor.get('recv', None)
                if response:
                    response = response.replace('"', '')
                avi_monitor["tcp_monitor"] = {
                    "tcp_request": send,
                    "tcp_response": response,
                    "tcp_half_open": False
                }
            elif mon_type == 'HTTP':
                avi_monitor["type"] = "HEALTH_MONITOR_HTTP"
                send = ns_monitor.get('httpRequest', None)
                if send:
                    send = send.replace('"', '')
                resp_code = ns_monitor.get('respCode', None)
                if resp_code:
                    resp_code = ns_util.get_avi_resp_code(resp_code)
                avi_monitor["http_monitor"] = {
                    "http_request": send,
                    "http_response_code": resp_code
                }
            elif mon_type == 'HTTP-ECV':
                avi_monitor["type"] = "HEALTH_MONITOR_HTTP"
                send = ns_monitor.get("send", None)
                if send:
                    send = send.replace('"', '')
                response = ns_monitor.get('recv', None)
                if response:
                    response = response.replace('"', '')
                avi_monitor["http_monitor"] = {
                    "http_request": send,
                    "http_response_code": ["HTTP_ANY"],
                    "http_response": response
                }
            elif mon_type == 'DNS':
                avi_monitor["type"] = "HEALTH_MONITOR_DNS"
            elif mon_type == 'USER':
                avi_monitor["type"] = "HEALTH_MONITOR_EXTERNAL"
                file_name = ns_monitor.get('scriptName')
                cmd_code = ns_util.upload_file(
                    input_dir + os.path.sep + file_name)
                if not cmd_code:
                    skipped_status = 'File not found %s : %s' % \
                                     (input_dir + os.path.sep + file_name,
                                      ns_monitor_complete_command)
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(
                        ns_monitor['line_no'], netscalar_command,
                        avi_monitor["name"], ns_monitor_complete_command,
                        STATUS_MISSING_FILE, skipped_status)
                    return None
                ext_monitor = {
                    "command_code": cmd_code,
                    "command_parameters": ns_monitor.get("scriptArgs", None)
                }
                avi_monitor["external_monitor"] = ext_monitor

            LOG.debug('Successfully converted monitor %s' % mon_name)
        except:
            LOG.error('Error converting monitor %s', exc_info=True)
        return avi_monitor
예제 #16
0
    def convert_ns_service_group(self, ns_service_group, ns_servers,
                                 ns_dns, avi_config):
        """
        This function defines that returns the monitor ref and servers
        :param ns_service_group: Object of service group
        :param ns_servers: List of servers
        :param ns_dns: list of dns addrec
        :return: servers and monitor ref
        """

        servers = []
        monitor_name = None
        if isinstance(ns_service_group, dict):
            ns_service_group = [ns_service_group]

        for server_binding in ns_service_group:
            attrs = server_binding.get('attrs')
            ns_bind_service_group_command = 'bind serviceGroup'
            group_status = \
                ns_util.get_conv_status(
                    server_binding, self.nsservice_bind_sg_skip, [], [],
                    user_ignore_val=self.nsservice_bind_sg_user_ignore)
            ns_bind_service_group_complete_command = \
                ns_util.get_netscalar_full_command(
                    ns_bind_service_group_command, server_binding)
            if server_binding.get('monitorName', None):
                monitor_name = server_binding.get('monitorName')
                # Added prefix for objects
                if self.prefix:
                    monitor_name = self.prefix + '-' + monitor_name
                if self.object_merge_check:
                    # Get the merge health monitor name
                    monitor_name = merge_object_mapping['health_monitor'].get(
                        monitor_name, None)
                monitor = [monitor for monitor in avi_config['HealthMonitor']
                           if monitor['name'] == monitor_name]
                if monitor:
                    # Add summery of service group in CSV/report
                    ns_util.add_conv_status(
                        server_binding['line_no'], ns_bind_service_group_command,
                        attrs[0], ns_bind_service_group_complete_command,
                        group_status, monitor[0])
                else:
                    LOG.warning('External Health monitor: %s' %
                                ns_bind_service_group_complete_command)
                    # Skipped bind service group if doen not server
                    ns_util.add_status_row(
                        server_binding['line_no'], ns_bind_service_group_command,
                        attrs[0], ns_bind_service_group_complete_command,
                        STATUS_EXTERNAL_MONITOR)

                continue

            server = ns_servers.get(attrs[1])
            if not server:
                # Skipped bind service group if doen not server
                ns_util.add_status_row(
                    server_binding['line_no'], ns_bind_service_group_command,
                    attrs[0], ns_bind_service_group_complete_command,
                    STATUS_INCOMPLETE_CONFIGURATION)
                LOG.error('Skipped server : %s' %
                          ns_bind_service_group_complete_command)
                continue

            ns_add_server_command = 'add server'
            ns_add_server_complete_command = \
                ns_util.get_netscalar_full_command(
                    ns_add_server_command, server)
            status = ns_util.get_conv_status(
                server, self.nsservice_server_skip, [], [],
                user_ignore_val=self.nsservice_server_user_ignore)
            ip_addr = server['attrs'][1]
            if ip_addr in ns_dns:
                if isinstance(ns_dns[ip_addr], list):
                    ip_addr = ns_dns[ip_addr][0]['attrs'][1]
                elif isinstance(ns_dns[ip_addr], dict):
                    ip_addr = ns_dns[ip_addr]['attrs'][1]
            enabled = True
            state = server.get('state', 'ENABLED')
            if not state == 'ENABLED':
                enabled = False
            port = attrs[2]
            if port in ("*", "0"):
                port = "1"
            matches = re.findall('[0-9]+.[[0-9]+.[0-9]+.[0-9]+', ip_addr)
            server_obj = {
                'ip': {
                    'addr': ip_addr,
                    'type': 'V4'
                },
                'port': port,
                'enabled': enabled,
                'health_monitor': server_binding.get('monitorName')

            }
            if not matches:
                # Skipped this server if it does not have an Ip
                ns_util.add_status_row(
                    server['line_no'], ns_add_server_command, server['attrs'][0],
                    ns_add_server_complete_command,
                    STATUS_INCOMPLETE_CONFIGURATION)
                LOG.warning('Not found IP of server : %s %s' %
                            (ns_add_server_command, attrs[1]))
                ns_util.add_status_row(
                    server_binding['line_no'], ns_bind_service_group_command,
                    attrs[0], ns_bind_service_group_complete_command,
                    STATUS_INCOMPLETE_CONFIGURATION)
                LOG.error('Skipped server : %s' %
                          ns_bind_service_group_complete_command)
                server_obj = None
            if server_obj:
                servers.append(server_obj)
                # Add summery of add server in CSV/report
                ns_util.add_conv_status(
                    server['line_no'], ns_add_server_command, server['attrs'][0],
                    ns_add_server_complete_command, status, server_obj)
                # Add summery of service group in CSV/report
                ns_util.add_conv_status(
                    server_binding['line_no'], ns_bind_service_group_command,
                    attrs[0], ns_bind_service_group_complete_command,
                    group_status, server_obj)
        return servers, monitor_name
예제 #17
0
    def convert(self, ns_config, avi_config, input_dir):
        """
        This functions defines that convert health monitor
        :param ns_config: Dict of netscalar commands
        :param avi_config: Dict of AVI
        :param input_dir: Input dir for command_code
        :return: None
        """
        netscalar_command = 'add lb monitor'
        LOG.debug("Conversion started for Health Monitors")
        ns_monitors = ns_config.get('add lb monitor', {})
        for name in ns_monitors.keys():
            ns_monitor = ns_monitors.get(name)
            ns_monitor_complete_command = \
                ns_util.get_netscalar_full_command(netscalar_command,
                                                   ns_monitor)
            ns_monitor_type = ns_monitor['attrs'][1]
            if ns_monitor_type not in self.ns_monitor_types_supported:
                # Skipped health monitor if type is not supported
                avi_monitor = self.convert_monitor(
                     ns_monitor, input_dir, netscalar_command,
                    ns_monitor_complete_command)
                if not avi_monitor:
                    continue

                avi_monitor['name'] = '%s-%s' % (avi_monitor['name'], 'dummy')
                avi_monitor["type"] = "HEALTH_MONITOR_EXTERNAL"
                ext_monitor = {
                    "command_code": "",
                }
                avi_monitor["external_monitor"] = ext_monitor
                avi_config['HealthMonitor'].append(avi_monitor)
                ns_util.add_status_row(
                    ns_monitor['line_no'], netscalar_command,
                    name, ns_monitor_complete_command, STATUS_EXTERNAL_MONITOR)
                LOG.warning('Monitor type %s not supported created dummy '
                            'external monitor:%s' %
                            (ns_monitor_type, name))
                continue
            avi_monitor = self.convert_monitor(
                 ns_monitor, input_dir, netscalar_command,
                 ns_monitor_complete_command)
            if not avi_monitor:
                continue
            # Add summery of this lb vs in CSV/report
            conv_status = ns_util.get_conv_status(
                ns_monitor, self.monitor_skip_attrs, self.monitor_na_attrs,
                self.monitor_indirect_list,
                ignore_for_val=self.monitor_ignore_vals,
                user_ignore_val=self.user_ignore)
            ns_util.add_conv_status(
                ns_monitor['line_no'], netscalar_command, name,
                ns_monitor_complete_command, conv_status, avi_monitor)
            if self.object_merge_check:
                # Check health monitor is duplicate of other
                # health monitor then skipped this health
                # monitor and increment of count of
                # monitor_merge_count
                dup_of = ns_util.update_skip_duplicates(
                    avi_monitor, avi_config['HealthMonitor'], 'health_monitor',
                    merge_object_mapping, avi_monitor['name'], ns_monitor_type,
                    self.prefix)
                if dup_of:
                    self.monitor_merge_count += 1
                else:
                    avi_config['HealthMonitor'].append(avi_monitor)
            else:
                avi_config['HealthMonitor'].append(avi_monitor)
            LOG.debug("Health monitor conversion completed : %s" % name)
예제 #18
0
    def convert(self, ns_config, avi_config, vs_state):
        """
        This function defines that it convert netscalar lb vs config to vs
        config of AVI
        :param ns_config: It is dict of all netscalar commands which are
        supported by AVI
        :param avi_config: It is dict of AVI output config
        :param vs_state: state of vs
        :return: None
        """
        lb_vs_conf = ns_config.get('add lb vserver', {})
        bind_lb_vs_config = ns_config.get('bind lb vserver', {})
        avi_config['VirtualService'] = []
        avi_config['Lbvs'] = []
        tmp_avi_config['VirtualService'] = []
        avi_config['HTTPPolicySet'] = []
        if parse_version(self.controller_version) >= parse_version('17.1'):
            avi_config['VsVip'] = []
        supported_types = ['HTTP', 'TCP', 'UDP', 'SSL', 'SSL_BRIDGE',
                           'SSL_TCP', 'DNS', 'DNS_TCP']

        policy_converter = PolicyConverter(
            self.tenant_name, self.cloud_name, self.tenant_ref, self.cloud_ref,
            self.lbvs_skip_attrs, self.lbvs_na_attrs, self.lbvs_ignore_vals,
            self.lbvs_user_ignore, self.prefix)
        tmp_policy_ref = []
        for key in lb_vs_conf.keys():
            try:
                LOG.debug('LB VS conversion started for: %s' % key)
                lb_vs = lb_vs_conf[key]
                type = lb_vs['attrs'][1]
                cmd = 'add lb vserver'
                full_cmd = ns_util.get_netscalar_full_command(cmd, lb_vs)
                # Skipped this lb vs if it has type which are not supported
                if type not in supported_types:
                    skipped_status = 'Skipped:Unsupported type %s of LB VS: ' \
                                     '%s' % (type, key)
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(
                        lb_vs['line_no'], cmd, key, full_cmd, STATUS_SKIPPED,
                        skipped_status)
                    continue
                enable_ssl = False
                if type in ['SSL', 'SSL_BRIDGE', 'SSL_TCP']:
                    enable_ssl = True
                vs_name = key
                ip_addr = lb_vs['attrs'][2]
                port = lb_vs['attrs'][3]

                if vs_state == 'enable':
                    enabled = (lb_vs.get('state', 'ENABLED') == 'ENABLED')
                else:
                    enabled = False

                pool_group_name = '%s-poolgroup' % vs_name
                # Added prefix for objects
                if self.prefix:
                    pool_group_name = self.prefix + '-' + pool_group_name
                pool_group_name = re.sub('[:]', '-', pool_group_name)
                pool_group = [pool_group for pool_group in
                              avi_config.get("PoolGroup", [])
                              if pool_group['name'] == pool_group_name]
                pool_group_ref = None
                if pool_group:
                    pool_group_ref = pool_group_name
                redirect_url = lb_vs.get('redirectURL', None)
                backup_server = lb_vs.get('backupVServer', None)
                updated_vs_name = re.sub('[:]', '-', vs_name)
                # Added prefix for objects
                if self.prefix:
                    updated_vs_name = self.prefix + '-' + updated_vs_name
                # # Regex to check Vs has IPV6 address if yes the Skipped
                # if re.findall(ns_constants.IPV6_Address, ip_addr) or \
                #                 ip_addr == '0.0.0.0':
                #     if redirect_url:
                #         redirect_dict = {updated_vs_name: redirect_url}
                #         avi_config['Lbvs'].append(redirect_dict)
                #     if backup_server:
                #         backup_server_name = {}
                #     skipped_status = "Skipped:Invalid VIP %s" % full_cmd
                #     LOG.warning(skipped_status)
                #     ns_util.add_status_row(
                #         lb_vs['line_no'], cmd, key, full_cmd, STATUS_SKIPPED,
                #         skipped_status)
                #     continue

                # VIP object for virtual service
                vip = {
                    'ip_address': {
                        'addr': ip_addr,
                        'type': 'V4'
                    },
                    'vip_id': 0
                }

                vs_obj = {
                    'name': updated_vs_name,
                    'type': 'VS_TYPE_NORMAL',
                    'tenant_ref': self.tenant_ref,
                    'cloud_ref': self.cloud_ref,
                    'enabled': enabled,
                    'services': [],
                }
                if parse_version(self.controller_version) >= \
                        parse_version('17.1'):
                    vs_obj['vip'] = [vip]
                else:
                    vs_obj['ip_address'] = vip['ip_address']
                bind_conf_list = bind_lb_vs_config.get(key, None)
                # Skipped this lb vs if it do not have any bind lb vserver
                if (not bind_conf_list) and (not redirect_url):
                    continue
                if isinstance(bind_conf_list, dict):
                    bind_conf_list = [bind_conf_list]

                policy = None

                if bind_conf_list:
                    # Convert netscalar policy to AVI http policy set
                    policy = policy_converter.convert(
                        bind_conf_list, ns_config, avi_config, [],
                        redirect_pools, 'bind lb vserver', True)
                # TODO move duplicate code for adding policy to vs in ns_util
                # Convert netscalar policy to AVI http policy set
                if policy:
                    if policy['name'] in tmp_policy_ref:
                        policy = ns_util.clone_http_policy_set(
                            policy, updated_vs_name, avi_config,
                            self.tenant_name, self.cloud_name,
                            userprefix=self.prefix)
                    tmp_policy_ref.append(policy['name'])
                    updated_http_policy_ref = ns_util.get_object_ref(
                        policy['name'], OBJECT_TYPE_HTTP_POLICY_SET,
                        self.tenant_name)
                    http_policies = {
                        'index': 11,
                        'http_policy_set_ref': updated_http_policy_ref
                    }
                    vs_obj['http_policies'] = []
                    vs_obj['http_policies'].append(http_policies)
                    avi_config['HTTPPolicySet'].append(policy)

                http_prof = lb_vs.get('httpProfileName', None)
                if http_prof:
                    # Added prefix for objects
                    if self.prefix:
                        http_prof = self.prefix + '-' + http_prof
                    # Get the merge application profile name
                    if self.object_merge_check:
                        http_prof = merge_object_mapping['app_profile'].get(
                            http_prof, http_prof)
                    if ns_util.object_exist('ApplicationProfile', http_prof,
                                            avi_config):
                        LOG.info(
                            'Conversion successful: Added application profile '
                            '%s for %s' % (http_prof, updated_vs_name))
                        http_prof_ref = \
                            ns_util.get_object_ref(http_prof,
                                                   OBJECT_TYPE_APPLICATION_PROFILE,
                                                   self.tenant_name)
                        vs_obj['application_profile_ref'] = http_prof_ref
                        clttimeout = lb_vs.get('cltTimeout', None)
                        if clttimeout:
                            ns_util.add_clttimeout_for_http_profile(
                                http_prof, avi_config, clttimeout)
                            clt_cmd = cmd + '%s cltTimeout %s' % (key,
                                                                  clttimeout)
                            LOG.info('Conversion successful : %s' % clt_cmd)
                    else:
                        LOG.warning("%s application profile doesn't exist for "
                                    "%s vs" %(http_prof, updated_vs_name))

                elif not http_prof and (lb_vs['attrs'][1]).upper() == 'DNS':
                    vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                        'System-DNS', 'applicationprofile', tenant='admin')
                    vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                        'System-UDP-Per-Pkt', 'networkprofile', tenant='admin')
                elif not http_prof and (lb_vs['attrs'][1]).upper() == 'UDP':
                    vs_obj[
                        'application_profile_ref'] = ns_util.get_object_ref(
                        'System-L4-Application', 'applicationprofile',
                        tenant='admin')
                    vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                        'System-UDP-Fast-Path', 'networkprofile',
                        tenant='admin')
                elif not http_prof and (lb_vs['attrs'][1]).upper() == 'DNS_TCP':
                    vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                        'System-L4-Application', 'applicationprofile',
                        tenant='admin')
                    vs_obj['network_profile_ref'] = ns_util.get_object_ref(
                        'System-TCP-Proxy', 'networkprofile', tenant='admin')
                elif not http_prof and (lb_vs['attrs'][1]).upper() == 'SSL':
                    vs_obj['application_profile_ref'] = ns_util.get_object_ref(
                        'System-Secure-HTTP', 'applicationprofile',
                        tenant='admin')

                if pool_group:
                    # clone the pool group if it is referenced to other
                    # VS ot http policy set
                    if pool_group_ref in used_pool_group_ref:
                        pool_group_ref = ns_util.clone_pool_group(
                            pool_group_ref, vs_name, avi_config,
                            self.tenant_name, self.cloud_name,
                            userprefix=self.prefix)
                    pool_group_ref = re.sub('[:]', '-', pool_group_ref)
                    used_pool_group_ref.append(pool_group_ref)
                    updated_pool_group = [pg for pg in
                                          avi_config.get('PoolGroup', [])
                                          if pg['name'] == pool_group_ref]

                    vs_obj['pool_group_ref'] = ns_util.get_object_ref(
                        pool_group_ref, OBJECT_TYPE_POOL_GROUP,
                        self.tenant_name, self.cloud_name)
                    pool_group = updated_pool_group[0]

                # Update fail cation of pool as FAIL_ACTION_HTTP_REDIRECT in AVI
                # if lb vs has redirect url
                if redirect_url:
                    fail_action = ns_util.get_redirect_fail_action(redirect_url)
                    if pool_group:
                        pool_group["fail_action"] = fail_action

                backup_configured = False
                if backup_server:

                    # Add backup pool of poolgroup if this lb vs has an ip
                    # backup vserver
                    try:
                        backup_pool_group_ref = backup_server + '-poolgroup'
                        backup_pool_group_ref = re.sub('[:]', '-',
                                                       backup_pool_group_ref)
                        # Added prefix for objects
                        if self.prefix:
                            backup_pool_group_ref = self.prefix + '-' + \
                                                    backup_pool_group_ref
                        backup_pool_group = [
                            pg for pg in avi_config.get("PoolGroup", [])
                            if pg['name'] == backup_pool_group_ref]

                        backup_pool_ref = ns_util.get_name(
                            backup_pool_group[0]['members'][0]['pool_ref']
                        )
                        # Added backupvserver to poolgroup
                        new_backup_pool_ref = ns_util.clone_pool(
                            backup_pool_ref, pool_group['name'], avi_config,
                            userprefix=self.prefix)
                        new_backup_pool_ref = ns_util.get_object_ref(
                            new_backup_pool_ref, OBJECT_TYPE_POOL,
                            self.tenant_name, self.cloud_name)
                        backup_pool = {
                            'type': 'FAIL_ACTION_BACKUP_POOL',
                            'backup_pool': {
                                'backup_pool_ref': new_backup_pool_ref
                            }
                        }
                        pool_group['fail_action'] = backup_pool
                        backup_configured = True
                    except Exception as e:
                        # Skipped lb vs if backup pool is found in AVI
                        LOG.error('No Backup pool found: %s' % full_cmd)
                        ns_util.add_status_row(lb_vs['line_no'], cmd, key,
                                               full_cmd, STATUS_INDIRECT)
                        continue
                elif ip_addr == "0.0.0.0" and not redirect_url and not \
                        backup_server:
                    # Skipped lb vs if it has ip 0.0.0.0 and does not have
                    # backup pool and redirect url
                    if pool_group:
                        ns_util.add_status_row(lb_vs['line_no'], cmd, key,
                                               full_cmd, STATUS_INDIRECT)
                        LOG.warning(
                            '%s %s Skipped VS, Service point to %s server'
                            ' and not have redirect action and backup '
                            'vserver' % (cmd, key, ip_addr)
                        )
                    else:
                        msg = ('%s %s Skipped VS, Invalid VIP %s and do not '
                               'have service assigned, redirect action and  '
                               'backup vserver' % (cmd, key, ip_addr))
                        ns_util.add_status_row(lb_vs['line_no'], cmd, key,
                                               full_cmd, STATUS_SKIPPED,
                                               avi_object=msg)
                        LOG.warning(msg)

                    continue
                # Regex to check Vs has IPV6 address if yes the Skipped
                if re.findall(ns_constants.IPV6_Address, ip_addr) \
                        or ip_addr == '0.0.0.0':
                    # Added condition to handel redirect_url and backupvserver
                    if redirect_url:
                        redirect_dict = {
                            updated_vs_name:
                                {
                                    "redirect_url": redirect_url
                                }
                        }
                        avi_config['Lbvs'].append(redirect_dict)
                    if backup_server:
                        backup_server_name = {
                            updated_vs_name:
                                {
                                    "backupvserver":
                                        pool_group['name']
                                }
                        }
                        avi_config['Lbvs'].append(backup_server_name)
                    vs_conv_status = STATUS_SKIPPED
                    if backup_configured:
                        vs_conv_status = STATUS_INDIRECT
                    skipped_status = "Skipped:Invalid VIP %s" % full_cmd
                    LOG.warning(skipped_status)
                    ns_util.add_status_row(
                        lb_vs['line_no'], cmd, key, full_cmd, vs_conv_status,
                        skipped_status)
                    continue

                service = {'port': port, 'enable_ssl': enable_ssl}
                if port in ("0", "*"):
                    service['port'] = "1"
                    service['port_range_end'] = "65535"
                vs_obj['services'].append(service)

                persistence_type = lb_vs.get('persistenceType', '')
                if pool_group_ref and persistence_type in \
                        self.lbvs_supported_persist_types:

                    profile_name = '%s-persistance-profile' % vs_name
                    # Added prefix for objects
                    if self.prefix:
                        profile_name = self.prefix + '-' + profile_name
                    persist_profile = \
                        ns_util.convert_persistance_prof(lb_vs, profile_name,
                                                         self.tenant_ref)
                    persist_profile_name = persist_profile['name']
                    if self.object_merge_check:
                        dup_of = ns_util.update_skip_duplicates(persist_profile,
                                avi_config['ApplicationPersistenceProfile'],
                            'app_persist_profile', merge_object_mapping,
                            persist_profile_name, persistence_type, self.prefix)
                        if dup_of:
                            app_per_merge_count['count'] += 1
                            persist_profile_name = merge_object_mapping[
                                'app_persist_profile'].get(
                                persist_profile_name, None)
                        else:
                            avi_config['ApplicationPersistenceProfile'].append(
                                persist_profile)
                    else:
                        avi_config['ApplicationPersistenceProfile'].append(
                            persist_profile)
                    self.update_pool_for_persist(avi_config, pool_group,
                                                 persist_profile_name)
                elif not persistence_type == 'NONE':
                    LOG.warning('Persistance type %s not supported by Avi' %
                                persistence_type)
                ntwk_prof = lb_vs.get('tcpProfileName', None)
                if ntwk_prof:
                    # Added prefix for objects
                    if self.prefix:
                        ntwk_prof = self.prefix + '-' + ntwk_prof
                    # Get the merge network profile name
                    if self.object_merge_check:
                        ntwk_prof = merge_object_mapping['network_profile'].get(
                            ntwk_prof, ntwk_prof)
                    if ns_util.object_exist('NetworkProfile', ntwk_prof,
                                            avi_config):
                        LOG.info('Conversion successful: Added network profile '
                                 '%s for %s' % (ntwk_prof, updated_vs_name))
                        ntwk_prof_ref = \
                            ns_util.get_object_ref(ntwk_prof,
                                                   OBJECT_TYPE_NETWORK_PROFILE,
                                                   self.tenant_name)
                        vs_obj['network_profile_ref'] = ntwk_prof_ref
                    else:
                        LOG.warning("%s netwrok profile doesn't exist for "
                                    "%s vs" %(ntwk_prof, updated_vs_name))
                if redirect_url and not pool_group:
                    redirect_pools.update({vs_obj['name']: redirect_url})
                    ns_util.create_http_policy_set_for_redirect_url(
                        vs_obj, redirect_url, avi_config, self.tenant_name,
                        self.tenant_ref)
                if redirect_url:
                    if parse_version(self.controller_version) >= parse_version(
                            '17.1'):
                        ns_util.create_update_vsvip(
                            ip_addr, avi_config['VsVip'], self.tenant_ref,
                            self.cloud_ref, prefix=self.prefix)
                        # Added prefix for objects
                        if self.prefix:
                            ip_addr = self.prefix + '-' + ip_addr
                        updated_vsvip_ref = ns_util.get_object_ref(
                            ip_addr + '-vsvip', 'vsvip', self.tenant_name,
                            self.cloud_name)
                        vs_obj['vsvip_ref'] = updated_vsvip_ref
                    avi_config['VirtualService'].append(vs_obj)
                    tmp_avi_config['VirtualService'].append(vs_obj)
                    # Marked redirect url as status indirect
                    ns_util.add_status_row(lb_vs['line_no'], cmd, key,
                                           full_cmd, STATUS_INDIRECT, vs_obj)
                else:
                    # Verify that this lb vs has share the same VIP of another
                    # vs If yes then skipped this lb vs
                    is_shared = ns_util.is_shared_same_vip(
                        vs_obj, avi_config['VirtualService'], avi_config,
                        self.tenant_name, self.cloud_name, self.tenant_ref,
                        self.cloud_ref, self.controller_version, self.prefix)
                    if is_shared:
                        skipped_status = 'Skipped: %s Same vip shared by ' \
                                         'another virtual service' % vs_name
                        LOG.warning(skipped_status)
                        ns_util.add_status_row(lb_vs['line_no'], cmd, key,
                                               full_cmd, STATUS_SKIPPED,
                                               skipped_status)
                        continue
                    avi_config['VirtualService'].append(vs_obj)
                    # Add summery of this lb vs in CSV/report
                    conv_status = ns_util.get_conv_status(
                        lb_vs, self.lbvs_skip_attrs, self.lbvs_na_attrs,
                        self.lbvs_indirect_list,
                        ignore_for_val=self.lbvs_ignore_vals,
                        user_ignore_val=self.lbvs_user_ignore)
                    ns_util.add_conv_status(lb_vs['line_no'], cmd, key,
                                            full_cmd, conv_status, vs_obj)
                if enable_ssl:
                    ssl_mappings = ns_config.get('bind ssl vserver', {})
                    ssl_bindings = ssl_mappings.get(key, [])
                    if isinstance(ssl_bindings, dict):
                        ssl_bindings = [ssl_bindings]
                    for mapping in ssl_bindings:
                        if 'CA' in mapping:
                            pki_ref = mapping['attrs'][0]
                            # Added prefix for objects
                            if self.prefix:
                                pki_ref = self.prefix + '-' + pki_ref
                            if self.object_merge_check:
                                pki_ref = merge_object_mapping[
                                    'pki_profile'].get(pki_ref)
                            if [pki_profile for pki_profile in
                                avi_config["PKIProfile"] if
                                pki_profile['name'] == pki_ref]:
                                pki_ref = ns_util.get_object_ref(
                                    pki_ref, OBJECT_TYPE_PKI_PROFILE,
                                    self.tenant_name)
                                app_profile_with_pki_profile = \
                                    ns_util.update_application_profile(
                                        http_prof, pki_ref, self.tenant_ref,
                                        updated_vs_name, avi_config)
                                app_profile_name = \
                                    app_profile_with_pki_profile['name']
                                # Get the merge application profile name
                                if self.object_merge_check:
                                    dup_of = ns_util.update_skip_duplicates(
                                        app_profile_with_pki_profile,
                                        avi_config['ApplicationProfile'],
                                        'app_profile', merge_object_mapping,
                                        app_profile_name, 'HTTP', self.prefix)
                                    if dup_of:
                                        app_merge_count['count'] += 1
                                        app_profile_name = \
                                            merge_object_mapping[
                                                'app_profile'].get(
                                                app_profile_name)
                                    else:
                                        avi_config["ApplicationProfile"].append(
                                            app_profile_with_pki_profile)
                                else:
                                    avi_config["ApplicationProfile"].append(
                                        app_profile_with_pki_profile)
                                app_profile_with_pki_profile_ref = \
                                    ns_util.get_object_ref(app_profile_name,
                                            OBJECT_TYPE_APPLICATION_PROFILE,
                                                           self.tenant_name)
                                vs_obj['application_profile_ref'] = \
                                    app_profile_with_pki_profile_ref
                                LOG.info(
                                    'Added: %s PKI profile %s' % (pki_ref, key))
                        elif 'certkeyName' in mapping:
                            avi_ssl_ref = 'ssl_key_and_certificate_refs'
                            ckname = mapping['certkeyName']
                            if self.prefix:
                                ckname = self.prefix + '-' + ckname
                            if [obj for obj in
                                avi_config['SSLKeyAndCertificate']
                                if obj['name'] == ckname]:
                                updated_ssl_ref = ns_util.get_object_ref(ckname,
                                    OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                    self.tenant_name)
                                vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                            elif [obj for obj in
                                  avi_config['SSLKeyAndCertificate']
                                  if obj['name'] == ckname + '-dummy']:
                                updated_ssl_ref = ns_util.get_object_ref(
                                    ckname + '-dummy',
                                    OBJECT_TYPE_SSL_KEY_AND_CERTIFICATE,
                                    self.tenant_name)
                                vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                            else:
                                LOG.warning(
                                    'Could not find ssl key cert, so adding '
                                    'default cert as system default insted')
                                vs_obj[avi_ssl_ref] = [ns_util.get_object_ref(
                                    'System-Default-Cert',
                                    'sslkeyandcertificate', 'admin')]
                                continue
                            vs_obj[avi_ssl_ref] = [updated_ssl_ref]
                    ssl_vs_mapping = ns_config.get('set ssl vserver', {})
                    mapping = ssl_vs_mapping.get(key, None)
                    ssl_profile_name = re.sub('[:]', '-', key)
                    # Added prefix for objects
                    if self.prefix:
                        ssl_profile_name = self.prefix + '-' + ssl_profile_name
                    # Get the merge ssl profile name
                    if self.object_merge_check:
                        ssl_profile_name = \
                            merge_object_mapping['ssl_profile'].get(
                                ssl_profile_name, None)
                    if mapping and [ssl_profile for ssl_profile in
                                    avi_config["SSLProfile"] if
                                    ssl_profile['name'] == ssl_profile_name]:
                        updated_ssl_profile_ref = ns_util.get_object_ref(
                            ssl_profile_name, OBJECT_TYPE_SSL_PROFILE,
                            self.tenant_name)
                        # Changed ssl profile name to ssl profile ref.
                        vs_obj['ssl_profile_ref'] = updated_ssl_profile_ref
                        LOG.debug('Added: %s SSL profile %s' % (key, key))

                LOG.debug('LB VS conversion completed for: %s' % key)
            except:
                LOG.error('Error in lb vs conversion for: %s' %
                          key, exc_info=True)