def convert(self, ns_config, avi_config, input_dir):
http_profiles = ns_config.get('add ns httpProfile', {})
tcp_profiles = ns_config.get('add ns tcpProfile', {})
ssl_mappings = ns_config.get('bind ssl vserver', {})
ssl_profiles = ns_config.get('add ssl profile', {})
ssl_vs_mapping = ns_config.get('set ssl vserver', {})
ssl_key_and_cert = ns_config.get('add ssl certKey', {})
avi_config['ApplicationProfile'] = []
avi_config['NetworkProfile'] = []
avi_config["SSLKeyAndCertificate"] = []
avi_config["SSLProfile"] = []
avi_config["PKIProfile"] = []
LOG.debug("Conversion started for HTTP profiles")
for key in http_profiles.keys():
profile = http_profiles[key]
app_profile = self.convert_http_profile(profile)
if app_profile:
cmd = 'add ns httpProfile %s' % app_profile.get('name')
conv_status = ns_util.get_conv_status(profile, self.http_skip,
[], self.http_indirect)
ns_util.add_conv_status(cmd, conv_status, app_profile)
avi_config['ApplicationProfile'].append(app_profile)
LOG.debug("HTTP profiles conversion completed")
LOG.debug("Conversion started for TCP profiles")
for key in tcp_profiles.keys():
profile = tcp_profiles[key]
net_profile = self.convert_tcp_profile(profile)
if net_profile:
cmd = 'add ns tcpProfile %s' % net_profile.get('name')
conv_status = ns_util.get_conv_status(profile, self.tcp_skip,
[], self.tcp_indirect)
ns_util.add_conv_status(cmd, conv_status, net_profile)
avi_config['NetworkProfile'].append(net_profile)
LOG.debug("TCP profiles conversion completed")
LOG.debug("Conversion started for SSL profiles")
for key in ssl_vs_mapping.keys():
mapping = ssl_vs_mapping[key]
if not 'sslProfile' in mapping:
continue
ssl_profile_name = mapping.get('sslProfile')
ssl_profile = ssl_profiles.get(ssl_profile_name, None)
if ssl_profile:
avi_ssl_prof = self.convert_ssl_profile(ssl_profile)
obj = self.get_key_cert(ssl_mappings.get(key, []),
ssl_key_and_cert, input_dir, avi_ssl_prof)
avi_config["SSLProfile"].append(avi_ssl_prof)
if obj.get('cert', None):
avi_config["SSLKeyAndCertificate"].append(obj.get('cert'))
if obj.get('pki', None):
avi_config["PKIProfile"].append(obj.get('pki'))
LOG.debug("SSL profiles conversion completed")
def convert(self, ns_config, avi_config):
"""
Converts service or service groups bound to VS to avi Pool entity
:param ns_config: Netscaler parsed config
:param avi_config: Avi converted config
:return:
"""
groups = ns_config.get('bind lb vserver', {})
lb_vs_conf = ns_config.get('add lb vserver', {})
avi_config['Pool'] = []
for group_key in groups.keys():
try:
conv_status = []
group = groups.get(group_key)
# cmd = 'bind lb vserver %s' % group_key
# status = ns_util.get_conv_status(group, self.bind_lb_skipped,
# [], [])
# conv_status.append({'cmd': cmd, 'status': status})
name = '%s-pool' % group_key
servers = self.get_servers(ns_config, group, conv_status)
lb_vs = lb_vs_conf.get(group_key)
ns_algo = lb_vs.get('lbMethod', 'LEASTCONNECTION')
algo = ns_util.get_avi_lb_algorithm(ns_algo)
pool_obj = \
{
"name": name,
"servers": servers,
"lb_algorithm": algo
}
monitor_names = self.get_monitors(ns_config, group)
avi_monitors = avi_config["HealthMonitor"]
monitor_refs = []
for ref in monitor_names:
refs = [mon for mon in avi_monitors if mon['name'] == ref]
if refs:
monitor_refs.append(ref)
else:
LOG.warn('Health monitor %s not found in avi config' %
ref)
pool_obj["health_monitor_refs"] = list(set(monitor_refs))
avi_config['Pool'].append(pool_obj)
for status in conv_status:
ns_util.add_conv_status(status['cmd'], status['status'],
pool_obj)
except:
LOG.error('Error in bind lb vserver conversion bound to: %s' %
group_key,
exc_info=True)
def convert_ssl_profile(self, profile):
avi_ssl_prof = dict()
cmd = 'add ssl profile %s' % profile['attrs'][0]
avi_ssl_prof['name'] = profile['attrs'][0]
scn = profile.get('sendCloseNotify', 'NO')
scn = True if scn == 'YES' else False
avi_ssl_prof['send_close_notify'] = scn
accepted_versions = []
if profile.get('tls1', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1"})
if profile.get('tls11', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1_1"})
if profile.get('tls12', 'ENABLED') == 'ENABLED':
accepted_versions.append({"type": "SSL_VERSION_TLS1_2"})
avi_ssl_prof["accepted_versions"] = accepted_versions
conv_status = ns_util.get_conv_status(profile, self.ssl_prof_skip,
self.ssl_prof_indirect,
self.ssl_prof_na)
ns_util.add_conv_status(cmd, conv_status, avi_ssl_prof)
return avi_ssl_prof
def convert(self, ns_config, avi_config, input_dir):
LOG.debug("Conversion started for Health Monitors")
ns_monitors = ns_config.get('add lb monitor', {})
supported_types = ['PING', 'TCP', 'HTTP', 'DNS', 'USER', 'HTTP-ECV']
avi_config['HealthMonitor'] = []
for name in ns_monitors.keys():
cmd = 'add lb monitor %s' % name
ns_monitor = ns_monitors.get(name)
mon_type = ns_monitor['attrs'][1]
if not mon_type in supported_types:
ns_util.add_status_row(cmd, 'skipped')
LOG.warn('Monitor type %s not supported skipped:%s' %
(mon_type, name))
continue
avi_monitor = self.convert_monitor(ns_monitor, input_dir)
if not avi_monitor:
continue
conv_status = ns_util.get_conv_status(ns_monitor, self.skip_attrs,
self.na_attrs,
self.indirect_list)
ns_util.add_conv_status(cmd, conv_status, avi_monitor)
avi_config['HealthMonitor'].append(avi_monitor)
LOG.debug("Health monitor conversion completed")
def convert(self, ns_config, avi_config, vs_state):
lb_vs_conf = ns_config.get('add lb vserver', {})
avi_config['VirtualService'] = []
avi_config['ApplicationPersistenceProfile'] = []
supported_types = [
'HTTP', 'TCP', 'UDP', 'SSL', 'SSL_BRIDGE', 'SSL_TCP'
]
for key in lb_vs_conf.keys():
try:
LOG.debug('LB VS conversion started for: %s' % key)
lb_vs = lb_vs_conf[key]
type = lb_vs['attrs'][1]
cmd = 'add lb vserver %s' % key
if type not in supported_types:
LOG.warn('Unsupported type %s of LB VS: %s' % (type, key))
ns_util.add_status_row(cmd, 'skipped')
continue
enable_ssl = False
if type in ['SSL', 'SSL_BRIDGE', 'SSL_TCP']:
enable_ssl = True
vs_name = key
ip_addr = lb_vs['attrs'][2]
port = lb_vs['attrs'][3]
if vs_state == 'enable':
enabled = (lb_vs.get('state', 'ENABLED') == 'ENABLED')
else:
enabled = False
pool_name = '%s-pool' % vs_name
pool_ref = None
pool_obj = [
pool for pool in avi_config.get("Pool", [])
if pool['name'] == pool_name
]
if pool_obj:
pool_ref = pool_name
else:
LOG.warn('Pool not found in avi config for LB VS %s' % key)
redirect_url = lb_vs.get('redirectURL', None)
if redirect_url:
fail_action = {
"redirect": {
"status_code": "HTTP_REDIRECT_STATUS_CODE_302",
"host": redirect_url,
"protocol": "HTTP"
},
"type": "FAIL_ACTION_HTTP_REDIRECT"
}
if pool_obj:
pool_obj[0]["fail_action"] = fail_action
app_profile = 'admin:System-HTTP'
http_prof = lb_vs.get('httpProfileName', None)
if http_prof:
app_profile = http_prof
vs_obj = {
'name': vs_name,
'type': 'VS_TYPE_NORMAL',
'ip_address': {
'addr': ip_addr,
'type': 'V4'
},
'enabled': enabled,
'services': [{
'port': port,
'enable_ssl': enable_ssl
}],
'application_profile_ref': app_profile,
'pool_ref': pool_ref
}
persistenceType = lb_vs.get('persistenceType', '')
if pool_ref and persistenceType in self.supported_persist_types:
timeout = lb_vs.get('timeout', 2)
profile_name = '%s-persistance-profile' % vs_name
persist_profile = self.convert_persistance_prof(
persistenceType, timeout, profile_name)
avi_config['ApplicationPersistenceProfile'].append(
persist_profile)
self.update_pool_for_persist(avi_config, pool_ref,
profile_name)
elif not persistenceType == 'NONE':
LOG.warn('Persistance type %s not supported by Avi' %
persistenceType)
ntwk_prof = lb_vs.get('tcpProfileName', None)
if ntwk_prof:
vs_obj['network_profile_ref'] = ntwk_prof
avi_config['VirtualService'].append(vs_obj)
conv_status = ns_util.get_conv_status(lb_vs, self.skip_attrs,
self.na_attrs,
self.indirect_list)
ns_util.add_conv_status(cmd, conv_status, vs_obj)
if enable_ssl:
ssl_mappings = ns_config.get('bind ssl vserver', {})
ssl_bindings = ssl_mappings.get(key, [])
if isinstance(ssl_bindings, dict):
ssl_bindings = [ssl_bindings]
for mapping in ssl_bindings:
if 'CA' in mapping:
#TODO add ref of pki prof in app profile
pass
elif 'certkeyName' in mapping:
avi_ssl_ref = 'ssl_key_and_certificate_refs'
if not [
obj for obj in
avi_config['SSLKeyAndCertificate']
if obj['name'] == mapping['attrs'][0]
]:
LOG.warn(
'cannot find ssl key cert ref adding system default insted'
)
vs_obj[avi_ssl_ref] = [
'admin:System-Default-Cert'
]
continue
vs_obj[avi_ssl_ref] = mapping['attrs'][0]
ssl_vs_mapping = ns_config.get('set ssl vserver', {})
mapping = ssl_vs_mapping.get(key, None)
if mapping and 'sslProfile' in mapping:
vs_obj['ssl_profile_name'] = mapping.get('sslProfile')
LOG.debug('LB VS conversion completed for: %s' % key)
except:
LOG.error('Error in lb vs conversion for: %s' % key,
exc_info=True)
def convert(self, ns_config, avi_config, vs_state):
cs_vs_conf = ns_config.get('add cs vserver', {})
bindings = ns_config.get('bind cs vserver', {})
policy_lables = ns_config.get('bind cs policylabel', {})
policy_config = ns_config.get('add cs policy', {})
lbvs_avi_conf = avi_config['VirtualService']
lb_vs_mapped = []
cs_vs_list = []
avi_config['HTTPPolicySet'] = []
rule_index = 0
for cs_vs_index, key in enumerate(cs_vs_conf):
LOG.debug("Context Switch VS conversion started for: %s" % key)
lbvs_bindings = []
cs_vs = cs_vs_conf[key]
cmd = 'add cs vserver %s' % key
if not cs_vs['attrs'][1] in self.supported_types:
LOG.warn('Unsupported type %s of Context switch VS: %s' %
(cs_vs['attrs'][1], key))
ns_util.add_status_row(cmd, 'skipped')
continue
tt = cs_vs.get('targetType', None)
if tt and tt == 'GSLB':
LOG.warn(
'Unsupported target type %s of Context switch VS: %s' %
(cs_vs['attrs'][1], key))
ns_util.add_status_row(cmd, 'skipped')
vs_name = cs_vs['attrs'][0]
ip_addr = cs_vs['attrs'][2]
port = cs_vs['attrs'][3]
if port < int(port):
port = "1"
enable_ssl = False
if vs_state == 'enable':
enabled = (lb_vs.get('state', 'ENABLED') == 'ENABLED')
else:
enabled = False
if cs_vs['attrs'][1] == 'SSL':
enable_ssl = True
vs_obj = {
'name': vs_name,
'type': 'VS_TYPE_NORMAL',
'ip_address': {
'addr': ip_addr,
'type': 'V4'
},
'enabled': enabled,
'services': [{
'port': port,
'enable_ssl': enable_ssl
}]
}
http_prof = cs_vs.get('httpProfileName', None)
if http_prof:
vs_obj['application_profile_ref'] = http_prof,
ntwk_prof = cs_vs.get('tcpProfileName', None)
if ntwk_prof:
vs_obj['network_profile_ref'] = ntwk_prof
bind_conf_list = bindings.get(vs_name, None)
if not bind_conf_list:
continue
if isinstance(bind_conf_list, dict):
bind_conf_list = [bind_conf_list]
cs_vs_policies = []
default_pool = None
policy_name = ''
for bind_conf in bind_conf_list:
b_cmd = 'bind cs vserver %s' % vs_name
found = False
if len(bind_conf['attrs']) > 1:
lbvs_bindings.append(bind_conf['attrs'][1])
b_cmd += ' %s' % bind_conf['attrs'][1]
found = True
if 'policyName' in bind_conf:
policy_name = bind_conf['policyName']
b_cmd += ' -policyName %s' % policy_name
if 'targetLBVserver' in bind_conf:
lbvs_bindings.append(bind_conf['targetLBVserver'])
found = True
policy = policy_config[policy_name]
policy = copy.deepcopy(policy)
policy['targetLBVserver'] = bind_conf[
'targetLBVserver']
cs_vs_policies.append(policy)
if 'lbvserver' in bind_conf:
lbvs_bindings.append(bind_conf['lbvserver'])
b_cmd += ' -lbvserver %s' % bind_conf['lbvserver']
default_pool = bind_conf['lbvserver']
found = True
if 'invoke' in bind_conf:
parts = bind_conf['invoke'].split(' ')
if parts[0] != 'policylabel' or len(parts) < 2:
continue
before_len = size = len(lbvs_bindings)
self.get_target_vs_from_policy(policy_lables, parts[1],
lbvs_bindings)
if len(lbvs_bindings) > before_len:
found = True
conv_status = ns_util.get_conv_status(bind_conf,
self.bind_skipped, [],
[])
if found:
ns_util.add_conv_status(b_cmd, conv_status, None)
else:
ns_util.add_status_row(b_cmd, 'skipped')
LOG.debug("CS VS %s context switch between lb vs: %s" %
(key, lbvs_bindings))
for binding in lbvs_bindings:
lb_vs_obj = [
obj for obj in lbvs_avi_conf if obj['name'] == binding
]
if lb_vs_obj:
lb_vs_obj = lb_vs_obj[0]
else:
continue
lb_vs_mapped.append(lb_vs_obj)
lb_vs_obj = copy.deepcopy(lb_vs_obj)
lb_vs_obj.update(vs_obj)
vs_obj = lb_vs_obj
vs_obj.pop('pool_ref', None)
if default_pool:
vs_obj['pool_ref'] = '%s-pool' % default_pool
for cs_vs_policy in cs_vs_policies:
new_rule_index, policy = self.policy_converter(
cs_vs_policy, rule_index)
if policy:
http_policies = {
'index': 11,
'http_policy_set_ref': policy['name']
}
vs_obj['http_policies'] = []
vs_obj['http_policies'].append(http_policies)
avi_config['HTTPPolicySet'].append(policy)
p_cmd = 'add cs policy %s' % policy_name
policy_conv = policy_config.get(policy_name)
conv_status = ns_util.get_conv_status(
cs_vs_policy, self.skip_attrs, self.na_attrs, [])
ns_util.add_conv_status(p_cmd, conv_status, policy)
rule_index = new_rule_index
cs_vs_list.append(vs_obj)
conv_status = ns_util.get_conv_status(cs_vs, self.skip_attrs,
self.na_attrs, [])
ns_util.add_conv_status(cmd, conv_status, vs_obj)
LOG.debug("Context Switch VS conversion completed for: %s" % key)
vs_list = [obj for obj in lbvs_avi_conf if obj not in lb_vs_mapped]
vs_list += cs_vs_list
avi_config['VirtualService'] = vs_list
def get_key_cert(self, ssl_mappings, ssl_key_and_cert, input_dir,
avi_ssl_prof):
obj = dict()
ciphers = []
for mapping in ssl_mappings:
output = None
cmd = 'bind ssl vserver %s' % (mapping['attrs'][0])
if 'CA' in mapping.keys():
cmd += '-certkeyName %s -CA' % mapping.get('certkeyName')
key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
key_file_name = key_cert.get('key')
cert_file_name = key_cert.get('cert')
ca_str = None
crl_str = None
if key_file_name:
ca_str = ns_util.upload_file(input_dir + os.path.sep +
key_file_name)
if cert_file_name:
crl_str = ns_util.upload_file(input_dir + os.path.sep +
cert_file_name)
if ca_str:
pki_profile = dict()
pki_profile["ca_certs"] = [{'certificate': ca_str}]
crl_check = mapping.get('crlCheck', 'Optional')
if crl_check == 'Mandatory':
pki_profile['crl_check'] = True
else:
pki_profile['crl_check'] = False
if crl_str:
pki_profile["crls"] = [{'body': crl_str}]
pki_profile["name"] = key_cert['attrs'][0]
obj['pki'] = pki_profile
output = pki_profile
conv_status = ns_util.get_conv_status(key_cert,
self.add_key_cert_skip,
[], [])
kc_cmd = 'add ssl certKey %s' % key_cert['attrs'][0]
ns_util.add_conv_status(kc_cmd, conv_status, avi_ssl_prof)
elif 'certkeyName' in mapping.keys():
cmd += '-certkeyName %s' % mapping.get('certkeyName')
key_cert = ssl_key_and_cert.get(mapping.get('certkeyName'))
key_file_name = key_cert.get('key')
cert_file_name = key_cert.get('cert')
if key_file_name:
key_str = ns_util.upload_file(input_dir + os.path.sep +
key_file_name)
if cert_file_name:
cert_str = ns_util.upload_file(input_dir + os.path.sep +
cert_file_name)
if key_str and cert_str:
cert = {"certificate": cert_str}
ssl_kc_obj = {
'name': key_cert['attrs'][0],
'key': key_str,
'certificate': cert,
'key_passphrase': key_cert.get('password', '')
}
obj['cert'] = ssl_kc_obj
output = ssl_kc_obj
conv_status = ns_util.get_conv_status(key_cert,
self.add_key_cert_skip,
[], [])
kc_cmd = 'add ssl certKey %s' % key_cert['attrs'][0]
ns_util.add_conv_status(kc_cmd, conv_status, avi_ssl_prof)
elif 'cipherName' in mapping.keys():
cmd += '-cipherName %s' % mapping.get('cipherName')
ciphers.append(mapping['cipherName'])
output = avi_ssl_prof
else:
ns_util.add_status_row(cmd, 'skipped')
continue
conv_status = ns_util.get_conv_status(mapping,
self.bind_sslvs_skip, [], [])
ns_util.add_conv_status(cmd, conv_status, output)
avi_ssl_prof['accepted_ciphers'] = ':'.join(ciphers)
return obj