def convert(self, ns_config, avi_config, input_dir): http_profiles = ns_config.get('add ns httpProfile', {}) tcp_profiles = ns_config.get('add ns tcpProfile', {}) ssl_mappings = ns_config.get('bind ssl vserver', {}) ssl_profiles = ns_config.get('add ssl profile', {}) ssl_vs_mapping = ns_config.get('set ssl vserver', {}) ssl_key_and_cert = ns_config.get('add ssl certKey', {}) avi_config['ApplicationProfile'] = [] avi_config['NetworkProfile'] = [] avi_config["SSLKeyAndCertificate"] = [] avi_config["SSLProfile"] = [] avi_config["PKIProfile"] = [] LOG.debug("Conversion started for HTTP profiles") for key in http_profiles.keys(): profile = http_profiles[key] app_profile = self.convert_http_profile(profile) if app_profile: cmd = 'add ns httpProfile %s' % app_profile.get('name') conv_status = ns_util.get_conv_status(profile, self.http_skip, [], self.http_indirect) ns_util.add_conv_status(cmd, conv_status, app_profile) avi_config['ApplicationProfile'].append(app_profile) LOG.debug("HTTP profiles conversion completed") LOG.debug("Conversion started for TCP profiles") for key in tcp_profiles.keys(): profile = tcp_profiles[key] net_profile = self.convert_tcp_profile(profile) if net_profile: cmd = 'add ns tcpProfile %s' % net_profile.get('name') conv_status = ns_util.get_conv_status(profile, self.tcp_skip, [], self.tcp_indirect) ns_util.add_conv_status(cmd, conv_status, net_profile) avi_config['NetworkProfile'].append(net_profile) LOG.debug("TCP profiles conversion completed") LOG.debug("Conversion started for SSL profiles") for key in ssl_vs_mapping.keys(): mapping = ssl_vs_mapping[key] if not 'sslProfile' in mapping: continue ssl_profile_name = mapping.get('sslProfile') ssl_profile = ssl_profiles.get(ssl_profile_name, None) if ssl_profile: avi_ssl_prof = self.convert_ssl_profile(ssl_profile) obj = self.get_key_cert(ssl_mappings.get(key, []), ssl_key_and_cert, input_dir, avi_ssl_prof) avi_config["SSLProfile"].append(avi_ssl_prof) if obj.get('cert', None): avi_config["SSLKeyAndCertificate"].append(obj.get('cert')) if obj.get('pki', None): avi_config["PKIProfile"].append(obj.get('pki')) LOG.debug("SSL profiles conversion completed")
def convert(self, ns_config, avi_config): """ Converts service or service groups bound to VS to avi Pool entity :param ns_config: Netscaler parsed config :param avi_config: Avi converted config :return: """ groups = ns_config.get('bind lb vserver', {}) lb_vs_conf = ns_config.get('add lb vserver', {}) avi_config['Pool'] = [] for group_key in groups.keys(): try: conv_status = [] group = groups.get(group_key) # cmd = 'bind lb vserver %s' % group_key # status = ns_util.get_conv_status(group, self.bind_lb_skipped, # [], []) # conv_status.append({'cmd': cmd, 'status': status}) name = '%s-pool' % group_key servers = self.get_servers(ns_config, group, conv_status) lb_vs = lb_vs_conf.get(group_key) ns_algo = lb_vs.get('lbMethod', 'LEASTCONNECTION') algo = ns_util.get_avi_lb_algorithm(ns_algo) pool_obj = \ { "name": name, "servers": servers, "lb_algorithm": algo } monitor_names = self.get_monitors(ns_config, group) avi_monitors = avi_config["HealthMonitor"] monitor_refs = [] for ref in monitor_names: refs = [mon for mon in avi_monitors if mon['name'] == ref] if refs: monitor_refs.append(ref) else: LOG.warn('Health monitor %s not found in avi config' % ref) pool_obj["health_monitor_refs"] = list(set(monitor_refs)) avi_config['Pool'].append(pool_obj) for status in conv_status: ns_util.add_conv_status(status['cmd'], status['status'], pool_obj) except: LOG.error('Error in bind lb vserver conversion bound to: %s' % group_key, exc_info=True)
def convert_ssl_profile(self, profile): avi_ssl_prof = dict() cmd = 'add ssl profile %s' % profile['attrs'][0] avi_ssl_prof['name'] = profile['attrs'][0] scn = profile.get('sendCloseNotify', 'NO') scn = True if scn == 'YES' else False avi_ssl_prof['send_close_notify'] = scn accepted_versions = [] if profile.get('tls1', 'ENABLED') == 'ENABLED': accepted_versions.append({"type": "SSL_VERSION_TLS1"}) if profile.get('tls11', 'ENABLED') == 'ENABLED': accepted_versions.append({"type": "SSL_VERSION_TLS1_1"}) if profile.get('tls12', 'ENABLED') == 'ENABLED': accepted_versions.append({"type": "SSL_VERSION_TLS1_2"}) avi_ssl_prof["accepted_versions"] = accepted_versions conv_status = ns_util.get_conv_status(profile, self.ssl_prof_skip, self.ssl_prof_indirect, self.ssl_prof_na) ns_util.add_conv_status(cmd, conv_status, avi_ssl_prof) return avi_ssl_prof
def convert(self, ns_config, avi_config, input_dir): LOG.debug("Conversion started for Health Monitors") ns_monitors = ns_config.get('add lb monitor', {}) supported_types = ['PING', 'TCP', 'HTTP', 'DNS', 'USER', 'HTTP-ECV'] avi_config['HealthMonitor'] = [] for name in ns_monitors.keys(): cmd = 'add lb monitor %s' % name ns_monitor = ns_monitors.get(name) mon_type = ns_monitor['attrs'][1] if not mon_type in supported_types: ns_util.add_status_row(cmd, 'skipped') LOG.warn('Monitor type %s not supported skipped:%s' % (mon_type, name)) continue avi_monitor = self.convert_monitor(ns_monitor, input_dir) if not avi_monitor: continue conv_status = ns_util.get_conv_status(ns_monitor, self.skip_attrs, self.na_attrs, self.indirect_list) ns_util.add_conv_status(cmd, conv_status, avi_monitor) avi_config['HealthMonitor'].append(avi_monitor) LOG.debug("Health monitor conversion completed")
def convert(self, ns_config, avi_config, vs_state): lb_vs_conf = ns_config.get('add lb vserver', {}) avi_config['VirtualService'] = [] avi_config['ApplicationPersistenceProfile'] = [] supported_types = [ 'HTTP', 'TCP', 'UDP', 'SSL', 'SSL_BRIDGE', 'SSL_TCP' ] for key in lb_vs_conf.keys(): try: LOG.debug('LB VS conversion started for: %s' % key) lb_vs = lb_vs_conf[key] type = lb_vs['attrs'][1] cmd = 'add lb vserver %s' % key if type not in supported_types: LOG.warn('Unsupported type %s of LB VS: %s' % (type, key)) ns_util.add_status_row(cmd, 'skipped') continue enable_ssl = False if type in ['SSL', 'SSL_BRIDGE', 'SSL_TCP']: enable_ssl = True vs_name = key ip_addr = lb_vs['attrs'][2] port = lb_vs['attrs'][3] if vs_state == 'enable': enabled = (lb_vs.get('state', 'ENABLED') == 'ENABLED') else: enabled = False pool_name = '%s-pool' % vs_name pool_ref = None pool_obj = [ pool for pool in avi_config.get("Pool", []) if pool['name'] == pool_name ] if pool_obj: pool_ref = pool_name else: LOG.warn('Pool not found in avi config for LB VS %s' % key) redirect_url = lb_vs.get('redirectURL', None) if redirect_url: fail_action = { "redirect": { "status_code": "HTTP_REDIRECT_STATUS_CODE_302", "host": redirect_url, "protocol": "HTTP" }, "type": "FAIL_ACTION_HTTP_REDIRECT" } if pool_obj: pool_obj[0]["fail_action"] = fail_action app_profile = 'admin:System-HTTP' http_prof = lb_vs.get('httpProfileName', None) if http_prof: app_profile = http_prof vs_obj = { 'name': vs_name, 'type': 'VS_TYPE_NORMAL', 'ip_address': { 'addr': ip_addr, 'type': 'V4' }, 'enabled': enabled, 'services': [{ 'port': port, 'enable_ssl': enable_ssl }], 'application_profile_ref': app_profile, 'pool_ref': pool_ref } persistenceType = lb_vs.get('persistenceType', '') if pool_ref and persistenceType in self.supported_persist_types: timeout = lb_vs.get('timeout', 2) profile_name = '%s-persistance-profile' % vs_name persist_profile = self.convert_persistance_prof( persistenceType, timeout, profile_name) avi_config['ApplicationPersistenceProfile'].append( persist_profile) self.update_pool_for_persist(avi_config, pool_ref, profile_name) elif not persistenceType == 'NONE': LOG.warn('Persistance type %s not supported by Avi' % persistenceType) ntwk_prof = lb_vs.get('tcpProfileName', None) if ntwk_prof: vs_obj['network_profile_ref'] = ntwk_prof avi_config['VirtualService'].append(vs_obj) conv_status = ns_util.get_conv_status(lb_vs, self.skip_attrs, self.na_attrs, self.indirect_list) ns_util.add_conv_status(cmd, conv_status, vs_obj) if enable_ssl: ssl_mappings = ns_config.get('bind ssl vserver', {}) ssl_bindings = ssl_mappings.get(key, []) if isinstance(ssl_bindings, dict): ssl_bindings = [ssl_bindings] for mapping in ssl_bindings: if 'CA' in mapping: #TODO add ref of pki prof in app profile pass elif 'certkeyName' in mapping: avi_ssl_ref = 'ssl_key_and_certificate_refs' if not [ obj for obj in avi_config['SSLKeyAndCertificate'] if obj['name'] == mapping['attrs'][0] ]: LOG.warn( 'cannot find ssl key cert ref adding system default insted' ) vs_obj[avi_ssl_ref] = [ 'admin:System-Default-Cert' ] continue vs_obj[avi_ssl_ref] = mapping['attrs'][0] ssl_vs_mapping = ns_config.get('set ssl vserver', {}) mapping = ssl_vs_mapping.get(key, None) if mapping and 'sslProfile' in mapping: vs_obj['ssl_profile_name'] = mapping.get('sslProfile') LOG.debug('LB VS conversion completed for: %s' % key) except: LOG.error('Error in lb vs conversion for: %s' % key, exc_info=True)
def convert(self, ns_config, avi_config, vs_state): cs_vs_conf = ns_config.get('add cs vserver', {}) bindings = ns_config.get('bind cs vserver', {}) policy_lables = ns_config.get('bind cs policylabel', {}) policy_config = ns_config.get('add cs policy', {}) lbvs_avi_conf = avi_config['VirtualService'] lb_vs_mapped = [] cs_vs_list = [] avi_config['HTTPPolicySet'] = [] rule_index = 0 for cs_vs_index, key in enumerate(cs_vs_conf): LOG.debug("Context Switch VS conversion started for: %s" % key) lbvs_bindings = [] cs_vs = cs_vs_conf[key] cmd = 'add cs vserver %s' % key if not cs_vs['attrs'][1] in self.supported_types: LOG.warn('Unsupported type %s of Context switch VS: %s' % (cs_vs['attrs'][1], key)) ns_util.add_status_row(cmd, 'skipped') continue tt = cs_vs.get('targetType', None) if tt and tt == 'GSLB': LOG.warn( 'Unsupported target type %s of Context switch VS: %s' % (cs_vs['attrs'][1], key)) ns_util.add_status_row(cmd, 'skipped') vs_name = cs_vs['attrs'][0] ip_addr = cs_vs['attrs'][2] port = cs_vs['attrs'][3] if port < int(port): port = "1" enable_ssl = False if vs_state == 'enable': enabled = (lb_vs.get('state', 'ENABLED') == 'ENABLED') else: enabled = False if cs_vs['attrs'][1] == 'SSL': enable_ssl = True vs_obj = { 'name': vs_name, 'type': 'VS_TYPE_NORMAL', 'ip_address': { 'addr': ip_addr, 'type': 'V4' }, 'enabled': enabled, 'services': [{ 'port': port, 'enable_ssl': enable_ssl }] } http_prof = cs_vs.get('httpProfileName', None) if http_prof: vs_obj['application_profile_ref'] = http_prof, ntwk_prof = cs_vs.get('tcpProfileName', None) if ntwk_prof: vs_obj['network_profile_ref'] = ntwk_prof bind_conf_list = bindings.get(vs_name, None) if not bind_conf_list: continue if isinstance(bind_conf_list, dict): bind_conf_list = [bind_conf_list] cs_vs_policies = [] default_pool = None policy_name = '' for bind_conf in bind_conf_list: b_cmd = 'bind cs vserver %s' % vs_name found = False if len(bind_conf['attrs']) > 1: lbvs_bindings.append(bind_conf['attrs'][1]) b_cmd += ' %s' % bind_conf['attrs'][1] found = True if 'policyName' in bind_conf: policy_name = bind_conf['policyName'] b_cmd += ' -policyName %s' % policy_name if 'targetLBVserver' in bind_conf: lbvs_bindings.append(bind_conf['targetLBVserver']) found = True policy = policy_config[policy_name] policy = copy.deepcopy(policy) policy['targetLBVserver'] = bind_conf[ 'targetLBVserver'] cs_vs_policies.append(policy) if 'lbvserver' in bind_conf: lbvs_bindings.append(bind_conf['lbvserver']) b_cmd += ' -lbvserver %s' % bind_conf['lbvserver'] default_pool = bind_conf['lbvserver'] found = True if 'invoke' in bind_conf: parts = bind_conf['invoke'].split(' ') if parts[0] != 'policylabel' or len(parts) < 2: continue before_len = size = len(lbvs_bindings) self.get_target_vs_from_policy(policy_lables, parts[1], lbvs_bindings) if len(lbvs_bindings) > before_len: found = True conv_status = ns_util.get_conv_status(bind_conf, self.bind_skipped, [], []) if found: ns_util.add_conv_status(b_cmd, conv_status, None) else: ns_util.add_status_row(b_cmd, 'skipped') LOG.debug("CS VS %s context switch between lb vs: %s" % (key, lbvs_bindings)) for binding in lbvs_bindings: lb_vs_obj = [ obj for obj in lbvs_avi_conf if obj['name'] == binding ] if lb_vs_obj: lb_vs_obj = lb_vs_obj[0] else: continue lb_vs_mapped.append(lb_vs_obj) lb_vs_obj = copy.deepcopy(lb_vs_obj) lb_vs_obj.update(vs_obj) vs_obj = lb_vs_obj vs_obj.pop('pool_ref', None) if default_pool: vs_obj['pool_ref'] = '%s-pool' % default_pool for cs_vs_policy in cs_vs_policies: new_rule_index, policy = self.policy_converter( cs_vs_policy, rule_index) if policy: http_policies = { 'index': 11, 'http_policy_set_ref': policy['name'] } vs_obj['http_policies'] = [] vs_obj['http_policies'].append(http_policies) avi_config['HTTPPolicySet'].append(policy) p_cmd = 'add cs policy %s' % policy_name policy_conv = policy_config.get(policy_name) conv_status = ns_util.get_conv_status( cs_vs_policy, self.skip_attrs, self.na_attrs, []) ns_util.add_conv_status(p_cmd, conv_status, policy) rule_index = new_rule_index cs_vs_list.append(vs_obj) conv_status = ns_util.get_conv_status(cs_vs, self.skip_attrs, self.na_attrs, []) ns_util.add_conv_status(cmd, conv_status, vs_obj) LOG.debug("Context Switch VS conversion completed for: %s" % key) vs_list = [obj for obj in lbvs_avi_conf if obj not in lb_vs_mapped] vs_list += cs_vs_list avi_config['VirtualService'] = vs_list
def get_key_cert(self, ssl_mappings, ssl_key_and_cert, input_dir, avi_ssl_prof): obj = dict() ciphers = [] for mapping in ssl_mappings: output = None cmd = 'bind ssl vserver %s' % (mapping['attrs'][0]) if 'CA' in mapping.keys(): cmd += '-certkeyName %s -CA' % mapping.get('certkeyName') key_cert = ssl_key_and_cert.get(mapping.get('certkeyName')) key_file_name = key_cert.get('key') cert_file_name = key_cert.get('cert') ca_str = None crl_str = None if key_file_name: ca_str = ns_util.upload_file(input_dir + os.path.sep + key_file_name) if cert_file_name: crl_str = ns_util.upload_file(input_dir + os.path.sep + cert_file_name) if ca_str: pki_profile = dict() pki_profile["ca_certs"] = [{'certificate': ca_str}] crl_check = mapping.get('crlCheck', 'Optional') if crl_check == 'Mandatory': pki_profile['crl_check'] = True else: pki_profile['crl_check'] = False if crl_str: pki_profile["crls"] = [{'body': crl_str}] pki_profile["name"] = key_cert['attrs'][0] obj['pki'] = pki_profile output = pki_profile conv_status = ns_util.get_conv_status(key_cert, self.add_key_cert_skip, [], []) kc_cmd = 'add ssl certKey %s' % key_cert['attrs'][0] ns_util.add_conv_status(kc_cmd, conv_status, avi_ssl_prof) elif 'certkeyName' in mapping.keys(): cmd += '-certkeyName %s' % mapping.get('certkeyName') key_cert = ssl_key_and_cert.get(mapping.get('certkeyName')) key_file_name = key_cert.get('key') cert_file_name = key_cert.get('cert') if key_file_name: key_str = ns_util.upload_file(input_dir + os.path.sep + key_file_name) if cert_file_name: cert_str = ns_util.upload_file(input_dir + os.path.sep + cert_file_name) if key_str and cert_str: cert = {"certificate": cert_str} ssl_kc_obj = { 'name': key_cert['attrs'][0], 'key': key_str, 'certificate': cert, 'key_passphrase': key_cert.get('password', '') } obj['cert'] = ssl_kc_obj output = ssl_kc_obj conv_status = ns_util.get_conv_status(key_cert, self.add_key_cert_skip, [], []) kc_cmd = 'add ssl certKey %s' % key_cert['attrs'][0] ns_util.add_conv_status(kc_cmd, conv_status, avi_ssl_prof) elif 'cipherName' in mapping.keys(): cmd += '-cipherName %s' % mapping.get('cipherName') ciphers.append(mapping['cipherName']) output = avi_ssl_prof else: ns_util.add_status_row(cmd, 'skipped') continue conv_status = ns_util.get_conv_status(mapping, self.bind_sslvs_skip, [], []) ns_util.add_conv_status(cmd, conv_status, output) avi_ssl_prof['accepted_ciphers'] = ':'.join(ciphers) return obj