def set_file(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
file_in=None,
destination=None,
Domain='default',
overwrite=True,
web=False):
"""Uploads a file to the specified appliances
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-f, --file-in`: The path and filename of the file to upload
* `-d, --destination`: Should be the path and filename of the file
once uploaded to the DataPower **NOTE: file_out should contain
the filename ie. local:/test.txt**
* `-D, --Domain`: The domain to which to upload the file,
* `-N, --no-overwrite`: If specified this program will exit with an
error rather than overwrite a file
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
kwargs = {
'file_in': file_in,
'file_out': destination,
'domain': Domain,
'overwrite': overwrite
}
resp = env.perform_async_action('set_file', **kwargs)
if web:
return util.render_boolean_results_table(
resp, suffix="set_file"), util.render_history(env)
def set_file(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
file_in=None,
destination=None,
Domain='default',
overwrite=True,
web=False):
"""Uploads a file to the specified appliances
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-f, --file-in`: The path and filename of the file to upload
* `-d, --destination`: Should be the path and filename of the file
once uploaded to the DataPower **NOTE: file_out should contain
the filename ie. local:/test.txt**
* `-D, --Domain`: The domain to which to upload the file,
* `-N, --no-overwrite`: If specified this program will exit with an
error rather than overwrite a file
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
kwargs = {
'file_in': file_in,
'file_out': destination,
'domain': Domain,
'overwrite': overwrite}
resp = env.perform_async_action('set_file', **kwargs)
if web:
return util.render_boolean_results_table(
resp, suffix="set_file"), util.render_history(env)
def flush_aaa_cache(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
Domain="",
aaa_policy="",
web=False):
"""Flushes the AAA Cache of the specified aaa_policy in the
specified Domain.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-D, --Domain`: The domain where the aaa_policy resides
* `-A, --aaa-policy`: the AAAPolicy who's cache you would like to flush
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.accounts")
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
msg = "Attempting to flush AAA cache on {}".format(str(env.appliances))
logger.info(msg)
if not web:
print msg
kwargs = {"PolicyName": aaa_policy, 'domain': Domain}
responses = env.perform_action('FlushAAACache', **kwargs)
logger.debug("Responses received {}".format(str(responses)))
if not web:
for host, resp in responses.items():
print "{}\n{}".format(host, "=" * len(host))
pprint_xml(resp.xml)
else:
return util.render_boolean_results_table(
responses, suffix="flush_aaa_cache"), util.render_history(env)
def flush_rbm_cache(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
Domain="",
web=False):
"""Flush the RBM Cache in the specified Domain
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-D, --Domain`: The domain for which to flush the RBM Cache
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.accounts")
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
msg = "Attempting to flush RBM cache on {}".format(str(env.appliances))
logger.info(msg)
if not web:
print msg
responses = env.perform_action('FlushRBMCache', **{'domain': Domain})
logger.debug("Responses received {}".format(str(responses)))
if not web:
for host, resp in responses.items():
print "{}\n{}".format(host, "="*len(host))
pprint_xml(resp.xml)
else:
return util.render_boolean_results_table(
responses, suffix="flush_rbm_cache"), util.render_history(env)
def rollback_checkpoint(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
Domain="",
checkpoint_name="",
web=False):
"""Roll back the specified domain to the named checkpoint.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-D, --Domain`: The domain which to roll back
* `-C, --checkpoint_name`: The name of the checkpoint to roll back to
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.backups")
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
logger.info(
"Attempting to rollback checkpoint {} on {} in {} domain".format(
checkpoint_name,
str(env.appliances),
Domain))
resp = env.perform_action(
"RollbackCheckpoint", ChkName=checkpoint_name, domain=Domain)
logger.debug("Responses received: {}".format(str(resp)))
if web:
return (util.render_boolean_results_table(resp),
util.render_history(env))
def rollback_checkpoint(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
Domain="",
checkpoint_name="",
web=False):
"""Roll back the specified domain to the named checkpoint.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-D, --Domain`: The domain which to roll back
* `-C, --checkpoint_name`: The name of the checkpoint to roll back to
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.backups")
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
logger.info(
"Attempting to rollback checkpoint {} on {} in {} domain".format(
checkpoint_name, str(env.appliances), Domain))
resp = env.perform_action("RollbackCheckpoint",
ChkName=checkpoint_name,
domain=Domain)
logger.debug("Responses received: {}".format(str(resp)))
if web:
return (util.render_boolean_results_table(resp),
util.render_history(env))
def restore_secure_backup(appliances=[],
credentials=[],
timeout=1200,
no_check_hostname=False,
CryptoCertificate="",
location="",
validate_only=False,
web=False):
"""Restores a secure backup to the specified appliances.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-C, --CryptoCertificate`: The CryptoCertificate object with which
the secure backup was encrypted
* `-l, --location`: The location on the appliances where the SecureBackup
resides (This means that you will have to upload the secure backup
if you got it from MAST, external to the appliance)
* `-v, --validate-only`: If specified then the appliances will only attemp to
validate the backup instead of actually restoring it
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.backups")
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
logger.info("Attempting to restore Secure Backup on {}".format(
str(env.appliances)))
validate = "on" if validate_only else "off"
kwargs = {
"cred": CryptoCertificate,
"source": location,
"validate": validate
}
resp = env.perform_action("SecureRestore", **kwargs)
logger.debug("Responses received: {}".format(str(resp)))
if web:
return (util.render_boolean_results_table(resp),
util.render_history(env))
for host, msg in resp.items():
print host, '\n', "=" * len(host)
print msg
print
def get_secure_backup(appliances=[],
credentials=[],
timeout=1200,
no_check_hostname=False,
out_dir='tmp',
CryptoCertificate="",
destination='local:/raid0',
include_iscsi=False,
include_raid=False,
remove=True,
quiesce_before=True,
unquiesce_after=True,
quiesce_timeout=60,
web=False):
"""Performs a secure backup of the specified domain.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-o, --out-dir`: (NOT NEEDED IN WEB GUI) The directory (local) to store
the backup
* `-C, --CryptoCertificate`: The CryptoCertificate object to use to encrypt
the backup
* `-d, --destination`: The base location (on the appliance) to store
the backup
* `-i, --include-iscsi`: Whether to include the iscsi filesystem
* `-I, --include-raid`: Whether to include the RAID filesystem
* `-N, --no-remove`: If specified the backup will NOT be removed from
the DataPower
* `--no-quiesce-before`: If specified, the appliance will not be
quiesced before performing the secure backup
* `--no-unquiesce-after`: If specified, the appliance will not be
unquiesced after performing the secure backup
* `-q, --quiesce-timeout`: The timeout to wait before the appliance
attempts to quiesce
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.backups")
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
output = ""
if quiesce_before:
resp = {}
for appliance in env.appliances:
logger.info("Quiescing {} in preparation of Secure Backup".format(
appliance.hostname))
resp[appliance.hostname] = appliance.QuiesceDP(
timeout=quiesce_timeout)
logger.debug("Response received {}".format(
resp[appliance.hostname]))
if web:
output += util.render_boolean_results_table(
resp, suffix="Quiesce_appliance")
sleep(quiesce_timeout)
t = Timestamp()
if destination.endswith("/"):
destination = destination.rstrip("/")
destination = '%s/%s' % (destination, t.timestamp)
kwargs = {'Dir': destination, 'domain': 'default'}
logger.info("Creating directory {} on {} to store Secure Backup".format(
destination, str(env.appliances)))
resp = env.perform_async_action('CreateDir', **kwargs)
logger.debug("Responses received {}".format(str(resp)))
if web:
output += util.render_boolean_results_table(resp, suffix="CreateDir")
include_raid = 'on' if include_raid else 'off'
include_iscsi = 'on' if include_iscsi else 'off'
kwargs = {
'cert': CryptoCertificate,
'destination': destination,
'include_iscsi': include_iscsi,
'include_raid': include_raid
}
logger.info("Attempting to perform a Secure Backup on {}".format(
str(env.appliances)))
resp = env.perform_async_action('SecureBackup', **kwargs)
logger.debug("Responses received: {}".format(str(resp)))
if web:
output += util.render_boolean_results_table(resp,
suffix="SecureBackup")
if web:
results = {}
remove_results = {}
for appliance in env.appliances:
directory = os.path.join(out_dir, appliance.hostname, "SecureBackup",
t.timestamp)
start = time()
while not appliance.file_exists(
'{}/backupmanifest.xml'.format(destination), 'default'):
sleep(5)
if time() - start > timeout:
raise TimeoutError
logger.info("Attempting to retrieve Secure Backup from {}".format(
appliance.hostname))
appliance.copy_directory(destination, directory)
_directory = os.path.join(
directory,
destination.replace(":", "").replace("///", "/"))
try:
logger.info("Attempting to verify Secure Backup for {}".format(
appliance.hostname))
if appliance.verify_local_backup(_directory):
logger.info("Secure Backup integrity verified for {}".format(
appliance.hostname))
if web:
results[appliance.hostname] = "Succeeded"
else:
print '\t', appliance.hostname, " - ", "Succeeded"
if remove:
logger.info(
"Attempting to remove Secure Backup from appliance "
"{}".format(appliance.hostname))
_resp = appliance.RemoveDir(Dir=destination,
domain='default')
logger.debug("Response received: {}".format(_resp))
if web:
remove_results[appliance.hostname] = _resp
else:
logger.warn("Secure Backup for {} Corrupt!".format(
appliance.hostname))
if web:
results[appliance.hostname] = "Failed"
else:
print '\t', appliance.hostname, " - ", "Failed"
appliance.log_error('Verification of backup in %s failed' %
(_directory))
except:
if web:
results[appliance.hostname] = "Failed"
logger.exception(
"An unhandled exception occurred during execution.")
if web:
output += util.render_results_table(results,
suffix="verify-SecureBackup")
output += util.render_boolean_results_table(remove_results,
suffix="RemoveDir")
if unquiesce_after:
resp = {}
for appliance in env.appliances:
logger.info("Attempting to unquiesce {}".format(
str(appliance.hostname)))
resp[appliance.hostname] = appliance.UnquiesceDP()
logger.debug("Response received: {}".format(
resp[appliance.hostname]))
if web:
output += util.render_boolean_results_table(
resp, suffix="Unquiesce_appliance")
if web:
return output, util.render_history(env)
def delete_file(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
Domain="",
filename="",
backup=False,
out_dir="tmp",
web=False):
"""Deletes a file from the specified appliances
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-D, --Domain`: The domain from which to delete the file
* `-f, --filename`: The name of the file (on DataPower) you would
like to delete
* `-b, --backup`: Whether to backup the file before deleting
* `-o, --out-dir`: (NOT NEEDED IN THE WEB GUI)The directory you would like to
save the file to
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
if backup:
resp = {}
for appliance in env.appliances:
_out_dir = os.path.join(out_dir, appliance.hostname)
if not os.path.exists(_out_dir):
os.makedirs(_out_dir)
resp[appliance.hostname] = appliance.del_file(
filename=filename, domain=Domain,
backup=True, local_dir=_out_dir)
else:
resp = env.perform_action("del_file", filename=filename, domain=Domain)
if web:
return (
util.render_boolean_results_table(resp),
util.render_history(env))
for host, response in resp.items():
print host
print "=" * len(host)
if response:
print "Success"
else:
print "Error"
print
def add_group(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
save_config=False,
name=None,
access_policies=[],
web=False):
"""Adds a user group to the specified appliances.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-s, --save-config`: If specified the configuration on the appliances
will be saved
* `-N, --name`: The name of the group to add
* `-A, --access-policies`: The access policies which will be associated
with this group
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.accounts")
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
kwargs = {'name': name, 'access_policies': access_policies}
msg = "Adding group {} to {}".format(name, str(env.appliances))
logger.info(msg)
if not web:
print msg
resp = env.perform_async_action('add_group', **kwargs)
logger.debug("responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "="*len(host))
pprint_xml(resp.xml)
else:
output = util.render_boolean_results_table(resp, suffix="add_group")
if save_config:
kwargs = {'domain': 'default'}
msg = "Saving configuration in the default domain of {}".format(str(env.appliances))
logger.info(msg)
if not web:
print msg
resp = env.perform_async_action('SaveConfig', **kwargs)
logger.debug("Responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "="*len(host))
pprint_xml(resp.xml)
else:
output += util.render_boolean_results_table(
resp, suffix="save_config")
if web:
return output, util.render_history(env)
def change_password(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
save_config=False,
User="",
password="",
web=False):
"""Changes the specified user's password to the specified password.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-textpasswords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-s, --save-config`: If specified the configuration on the appliances will
be saved
* `-U, --User`: The name of the user whose password you are changing
* `-p, --password`: The new password for the specified user. NOTE: You may need to
place quotations around the argument passed if using special characters as these
might be incorrectly interpreted by your shell.
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.accounts")
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
msg = "Attempting to change password for {} on {}".format(User, str(env.appliances))
logger.info(msg)
if not web:
print msg
kwargs = {'username': User, 'password': password}
resp = env.perform_async_action('change_password', **kwargs)
logger.debug("Responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "="*len(host))
pprint_xml(resp.xml)
else:
output = util.render_boolean_results_table(
resp, suffix="change_password")
if save_config:
msg = "Attempting to save config of default domain on {}".format(str(env.appliances))
logger.info(msg)
if not web:
print msg
resp = env.perform_async_action('SaveConfig', **{'domain': 'default'})
logger.debug("Responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "="*len(host))
pprint_xml(resp.xml)
else:
output += util.render_boolean_results_table(
resp, suffix="save_config")
if web:
return output, util.render_history(env)
def restore_secure_backup(appliances=[],
credentials=[],
timeout=1200,
no_check_hostname=False,
CryptoCertificate="",
location="",
validate_only=False,
web=False):
"""Restores a secure backup to the specified appliances.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-C, --CryptoCertificate`: The CryptoCertificate object with which
the secure backup was encrypted
* `-l, --location`: The location on the appliances where the SecureBackup
resides (This means that you will have to upload the secure backup
if you got it from MAST, external to the appliance)
* `-v, --validate-only`: If specified then the appliances will only attemp to
validate the backup instead of actually restoring it
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.backups")
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
logger.info(
"Attempting to restore Secure Backup on {}".format(
str(env.appliances)))
validate = "on" if validate_only else "off"
kwargs = {"cred": CryptoCertificate,
"source": location,
"validate": validate}
resp = env.perform_action("SecureRestore", **kwargs)
logger.debug("Responses received: {}".format(str(resp)))
if web:
return (util.render_boolean_results_table(resp),
util.render_history(env))
for host, msg in resp.items():
print host, '\n', "=" * len(host)
print msg
print
def get_secure_backup(appliances=[],
credentials=[],
timeout=1200,
no_check_hostname=False,
out_dir='tmp',
CryptoCertificate="",
destination='local:/raid0',
include_iscsi=False,
include_raid=False,
remove=True,
quiesce_before=True,
unquiesce_after=True,
quiesce_timeout=60,
web=False):
"""Performs a secure backup of the specified domain.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-o, --out-dir`: (NOT NEEDED IN WEB GUI) The directory (local) to store
the backup
* `-C, --CryptoCertificate`: The CryptoCertificate object to use to encrypt
the backup
* `-d, --destination`: The base location (on the appliance) to store
the backup
* `-i, --include-iscsi`: Whether to include the iscsi filesystem
* `-I, --include-raid`: Whether to include the RAID filesystem
* `-N, --no-remove`: If specified the backup will NOT be removed from
the DataPower
* `--no-quiesce-before`: If specified, the appliance will not be
quiesced before performing the secure backup
* `--no-unquiesce-after`: If specified, the appliance will not be
unquiesced after performing the secure backup
* `-q, --quiesce-timeout`: The timeout to wait before the appliance
attempts to quiesce
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.backups")
check_hostname = not no_check_hostname
env = datapower.Environment(
appliances,
credentials,
timeout,
check_hostname=check_hostname)
output = ""
if quiesce_before:
resp = {}
for appliance in env.appliances:
logger.info(
"Quiescing {} in preparation of Secure Backup".format(
appliance.hostname))
resp[appliance.hostname] = appliance.QuiesceDP(
timeout=quiesce_timeout)
logger.debug(
"Response received {}".format(resp[appliance.hostname]))
if web:
output += util.render_boolean_results_table(
resp, suffix="Quiesce_appliance")
sleep(quiesce_timeout)
t = Timestamp()
if destination.endswith("/"):
destination = destination.rstrip("/")
destination = '%s/%s' % (destination, t.timestamp)
kwargs = {'Dir': destination, 'domain': 'default'}
logger.info(
"Creating directory {} on {} to store Secure Backup".format(
destination, str(env.appliances)))
resp = env.perform_async_action('CreateDir', **kwargs)
logger.debug("Responses received {}".format(str(resp)))
if web:
output += util.render_boolean_results_table(resp, suffix="CreateDir")
include_raid = 'on' if include_raid else 'off'
include_iscsi = 'on' if include_iscsi else 'off'
kwargs = {
'cert': CryptoCertificate,
'destination': destination,
'include_iscsi': include_iscsi,
'include_raid': include_raid}
logger.info(
"Attempting to perform a Secure Backup on {}".format(
str(env.appliances)))
resp = env.perform_async_action('SecureBackup', **kwargs)
logger.debug("Responses received: {}".format(str(resp)))
if web:
output += util.render_boolean_results_table(
resp, suffix="SecureBackup")
if web:
results = {}
remove_results = {}
for appliance in env.appliances:
directory = os.path.join(
out_dir,
appliance.hostname,
"SecureBackup",
t.timestamp)
start = time()
while not appliance.file_exists(
'{}/backupmanifest.xml'.format(
destination),
'default'):
sleep(5)
if time() - start > timeout:
raise TimeoutError
logger.info(
"Attempting to retrieve Secure Backup from {}".format(
appliance.hostname))
appliance.copy_directory(
destination,
directory)
_directory = os.path.join(
directory, destination.replace(":", "").replace("///", "/"))
try:
logger.info(
"Attempting to verify Secure Backup for {}".format(
appliance.hostname))
if appliance.verify_local_backup(_directory):
logger.info(
"Secure Backup integrity verified for {}".format(
appliance.hostname))
if web:
results[appliance.hostname] = "Succeeded"
else:
print '\t', appliance.hostname, " - ", "Succeeded"
if remove:
logger.info(
"Attempting to remove Secure Backup from appliance "
"{}".format(
appliance.hostname))
_resp = appliance.RemoveDir(
Dir=destination, domain='default')
logger.debug("Response received: {}".format(_resp))
if web:
remove_results[appliance.hostname] = _resp
else:
logger.warn(
"Secure Backup for {} Corrupt!".format(
appliance.hostname))
if web:
results[appliance.hostname] = "Failed"
else:
print '\t', appliance.hostname, " - ", "Failed"
appliance.log_error(
'Verification of backup in %s failed' % (_directory))
except:
if web:
results[appliance.hostname] = "Failed"
logger.exception(
"An unhandled exception occurred during execution.")
if web:
output += util.render_results_table(
results, suffix="verify-SecureBackup")
output += util.render_boolean_results_table(
remove_results, suffix="RemoveDir")
if unquiesce_after:
resp = {}
for appliance in env.appliances:
logger.info(
"Attempting to unquiesce {}".format(
str(appliance.hostname)))
resp[appliance.hostname] = appliance.UnquiesceDP()
logger.debug(
"Response received: {}".format(
resp[appliance.hostname]))
if web:
output += util.render_boolean_results_table(
resp, suffix="Unquiesce_appliance")
if web:
return output, util.render_history(env)
def delete_file(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
Domain="",
filename="",
backup=False,
out_dir="tmp",
web=False):
"""Deletes a file from the specified appliances
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-D, --Domain`: The domain from which to delete the file
* `-f, --filename`: The name of the file (on DataPower) you would
like to delete
* `-b, --backup`: Whether to backup the file before deleting
* `-o, --out-dir`: (NOT NEEDED IN THE WEB GUI)The directory you would like to
save the file to
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
if backup:
resp = {}
for appliance in env.appliances:
_out_dir = os.path.join(out_dir, appliance.hostname)
if not os.path.exists(_out_dir):
os.makedirs(_out_dir)
resp[appliance.hostname] = appliance.del_file(filename=filename,
domain=Domain,
backup=True,
local_dir=_out_dir)
else:
resp = env.perform_action("del_file", filename=filename, domain=Domain)
if web:
return (util.render_boolean_results_table(resp),
util.render_history(env))
for host, response in resp.items():
print host
print "=" * len(host)
if response:
print "Success"
else:
print "Error"
print
def add_group(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
save_config=False,
name=None,
access_policies=[],
web=False):
"""Adds a user group to the specified appliances.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-text passwords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-s, --save-config`: If specified the configuration on the appliances
will be saved
* `-N, --name`: The name of the group to add
* `-A, --access-policies`: The access policies which will be associated
with this group
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.accounts")
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
kwargs = {'name': name, 'access_policies': access_policies}
msg = "Adding group {} to {}".format(name, str(env.appliances))
logger.info(msg)
if not web:
print msg
resp = env.perform_async_action('add_group', **kwargs)
logger.debug("responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "=" * len(host))
pprint_xml(resp.xml)
else:
output = util.render_boolean_results_table(resp, suffix="add_group")
if save_config:
kwargs = {'domain': 'default'}
msg = "Saving configuration in the default domain of {}".format(
str(env.appliances))
logger.info(msg)
if not web:
print msg
resp = env.perform_async_action('SaveConfig', **kwargs)
logger.debug("Responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "=" * len(host))
pprint_xml(resp.xml)
else:
output += util.render_boolean_results_table(resp,
suffix="save_config")
if web:
return output, util.render_history(env)
def change_password(appliances=[],
credentials=[],
timeout=120,
no_check_hostname=False,
save_config=False,
User="",
password="",
web=False):
"""Changes the specified user's password to the specified password.
Parameters:
* `-a, --appliances`: The hostname(s), ip address(es), environment name(s)
or alias(es) of the appliances you would like to affect. For details
on configuring environments please see the comments in
`environments.conf` located in `$MAST_HOME/etc/default`. For details
on configuring aliases, please see the comments in `hosts.conf` located in
`$MAST_HOME/etc/default`. To pass multiple arguments to this parameter,
use multiple entries of the form `[-a appliance1 [-a appliance2...]]`
* `-c, --credentials`: The credentials to use for authenticating to the
appliances. Should be either one set to use for all appliances
or one set for each appliance. Credentials should be in the form
`username:password`. To pass multiple credentials to this parameter, use
multiple entries of the form `[-c credential1 [-c credential2...]]`.
When referencing multiple appliances with multiple credentials,
there must be a one-to-one correspondence of credentials to appliances:
`[-a appliance1 [-a appliance2...]] [-c credential1 [-c credential2...]]`
If you would prefer to not use plain-textpasswords,
you can use the output of `$ mast-system xor <username:password>`.
* `-t, --timeout`: The timeout in seconds to wait for a response from
an appliance for any single request. __NOTE__ Program execution may
halt if a timeout is reached.
* `-n, --no-check-hostname`: If specified SSL verification will be turned
off when sending commands to the appliances.
* `-s, --save-config`: If specified the configuration on the appliances will
be saved
* `-U, --User`: The name of the user whose password you are changing
* `-p, --password`: The new password for the specified user. NOTE: You may need to
place quotations around the argument passed if using special characters as these
might be incorrectly interpreted by your shell.
* `-w, --web`: __For Internel Use Only, will be removed in future versions.
DO NOT USE.__"""
logger = make_logger("mast.accounts")
check_hostname = not no_check_hostname
env = datapower.Environment(appliances,
credentials,
timeout,
check_hostname=check_hostname)
msg = "Attempting to change password for {} on {}".format(
User, str(env.appliances))
logger.info(msg)
if not web:
print msg
kwargs = {'username': User, 'password': password}
resp = env.perform_async_action('change_password', **kwargs)
logger.debug("Responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "=" * len(host))
pprint_xml(resp.xml)
else:
output = util.render_boolean_results_table(resp,
suffix="change_password")
if save_config:
msg = "Attempting to save config of default domain on {}".format(
str(env.appliances))
logger.info(msg)
if not web:
print msg
resp = env.perform_async_action('SaveConfig', **{'domain': 'default'})
logger.debug("Responses received {}".format(str(resp)))
if not web:
for host, resp in resp.items():
print "{}\n{}".format(host, "=" * len(host))
pprint_xml(resp.xml)
else:
output += util.render_boolean_results_table(resp,
suffix="save_config")
if web:
return output, util.render_history(env)