def tcpDumpsRunning(self):
result = self.doc.createElement('tcp-dumps-running')
self.doc.documentElement.appendChild(result)
allCaptures = []
# Look for all the running RiOS captures.
riosCaptures = Nodes.getMgmtSetEntries(self.mgmt, '/rbt/tcpdump/state/capture')
for name in riosCaptures:
allCaptures.append((name, 'RiOS', riosCaptures[name]['start']))
# Look for all the running hypervisor captures (for BOB).
if RVBDUtils.isBOB():
hostCaptures = Nodes.getMgmtSetEntries(self.mgmt, '/host/tcpdump/state/capture')
for name in hostCaptures:
allCaptures.append((name, 'Hypervisor', hostCaptures[name]['start']))
# Sort by the capture name (which is basically a timestamp).
allCaptures.sort(key=lambda x: x[0])
for capture in allCaptures:
dumpEl = self.doc.createElement('tcp-dump')
result.appendChild(dumpEl)
dumpEl.setAttribute('name', capture[0])
dumpEl.setAttribute('runningOn', capture[1])
dumpEl.setAttribute('start', capture[2])
dumpEl.setAttribute('internalName', '%s/%s' % (capture[0], capture[1]))
self.writeXmlDoc()
def snmpTrapReceivers(self):
table = self.getXmlTable(None, tagNames=('snmp-trap-receivers', 'receiver'))
table.open(self.request())
base = self.cmcPolicyRetarget('/snmp/trapsink/sink')
receivers = Nodes.getMgmtSetEntries(self.mgmt, base)
hosts = receivers.keys()
hosts.sort(FormUtils.alphanumericCompare)
for host in hosts:
receiver = receivers[host]
version = receiver.get('type')[len('trap-'):]
port = receiver.get('port')
if 'v3' == version:
user = receiver.get('username', '')
protocol = receiver.get('hash_function', '')
auth = receiver.get('sec_level', '')
authValue = (('auth' == auth) and 'Auth' or
('noauth' == auth) and 'No Auth' or
('authpriv' == auth) and 'AuthPriv')
# update the community/user to include privacy protocol and security level as authpriv
if authValue == 'AuthPriv':
privacyProtocol = receiver.get('privacy_protocol', '')
desc = 'user: %s, %s, %s, %s' % (user, protocol, authValue, privacyProtocol)
else:
desc = 'user: %s, %s, %s' % (user, protocol, authValue)
else:
desc = 'community: %s' % (receiver.get('community') or 'public')
table.addEntry(host=host,
version=version,
port=port,
desc=desc,
enabled=('true' == receiver['enable']) and 'enabled' or 'disabled')
table.close()
def snmpAcls(self):
base = self.cmcPolicyRetarget('/snmp/vacm/acls')
acls = Nodes.getMgmtSetEntries(self.mgmt, base)
ids = acls.keys()
ids.sort(lambda a, b: cmp(int(a), int(b)))
table = self.getXmlTable(None, tagNames=('policies', 'policy'))
table.open(self.request())
for id in ids:
acl = acls[id]
table.addEntry(id=id,
group_name=acl.get('group_name'),
sec_level=acl.get('sec_level'),
read_view=acl.get('read_view'))
table.close()
def snmpUsers(self):
base = self.cmcPolicyRetarget('/snmp/usm/users')
users = Nodes.getMgmtSetEntries(self.mgmt, base)
names = users.keys()
names.sort(FormUtils.alphanumericCompare)
table = self.getXmlTable(None, tagNames=('users', 'user'))
table.open(self.request())
for name in names:
user = users[name]
table.addEntry(name=name,
protocol=user.get('hash_function'),
key=user.get('auth_key'),
privacy=user.get('privacy_protocol'),
privacyKey=user.get('privacy_key'))
table.close()
def restAccessCodes(self):
mgmt = self.mgmt
result = self.doc.createElement('restAccessCodes')
path = self.cmcPolicyRetarget('/papi/config/code')
jtis = Nodes.getMgmtSetEntries(self.mgmt, path)
for jti, attribs in jtis.iteritems():
entryEl = self.doc.createElement('accessCode')
entryEl.setAttribute('jti', jti)
entryEl.setAttribute('owner', attribs['user'])
entryEl.setAttribute('desc', attribs['desc'])
entryEl.setAttribute('code', attribs['data'])
result.appendChild(entryEl)
self.doc.documentElement.appendChild(result)
self.writeXmlDoc()
def perProcessLogging(self):
# level -> pretty name map
levelOptions = {
'emerg': 'Emergency',
'alert': 'Alert',
'crit': 'Critical',
'err': 'Error',
'warning': 'Warning',
'notice': 'Notice',
'info': 'Info',
}
# filters <- {process: {..., 'level': level, ...}
base = self.cmcPolicyRetarget('/logging/syslog/config/filter/process')
filters = Nodes.getMgmtSetEntries(self.mgmt, base)
filterDescription = \
self.cmcPolicyRetarget('/logging/syslog/state/filter/process/%s/description')
# fetch pretty names
filterNameMap = self.mgmt.getMultiple(*[
filterDescription % k for k in filters.iterkeys()])
# filters <- [(prettyName, process, level), ...]
filters = [(filterNameMap.get(filterDescription % k) or k,
k, v.get('level'))
for k, v in filters.items()]
# Sort on prettyName, then process, then level.
filters.sort()
result = self.doc.createElement('perProcessLogging')
for prettyName, process, level in filters:
processFilter = self.doc.createElement('processFilter')
processFilter.setAttribute('prettyName', prettyName)
processFilter.setAttribute('process', process)
processFilter.setAttribute(
'level', levelOptions.get(level, level))
result.appendChild(processFilter)
self.doc.documentElement.appendChild(result)
self.writeXmlDoc()
def snmpAction(self):
base = self.cmcPolicyRetarget('/snmp/trapsink/sink')
userBase = self.cmcPolicyRetarget('/snmp/usm/users')
nameBase = self.cmcPolicyRetarget('/snmp/vacm/sec_names')
groupBase = self.cmcPolicyRetarget('/snmp/vacm/groups')
groupSpec = {'sec_name': 'string',
'sec_model': 'string'}
aclBase = self.cmcPolicyRetarget('/snmp/vacm/acls')
aclSpec = {'group_name': 'string',
'sec_level': 'string',
'read_view': 'string'}
id, val = FormUtils.getPrefixedField('controlReceiver_', self.fields)
if id:
self.mgmt.set(('%s/%s/enable' % (base, id), 'bool', ('enabled' == val) and 'true' or 'false'))
if 'addReceiver' in self.fields:
host = self.fields.get('addReceiver_host')
port = self.fields.get('addReceiver_port')
version = self.fields.get('addReceiver_version')
enable = self.fields.get('addReceiver_enable', 'false')
pre = '%s/%s' % (base, host)
nodes = [(pre + '/type', 'string', version),
(pre + '/enable', 'bool', enable)]
if port:
nodes += [(pre + '/port', 'uint16', port)]
if 'trap-v3' != version:
# version 1, version 2
community = self.fields.get('addReceiver_community', '')
nodes += [(pre + '/community', 'string', community)]
else:
# version 3
user = self.fields.get('addReceiver_user')
mode = self.fields.get('addReceiver_mode')
protocol = self.fields.get('addReceiver_protocol')
auth = self.fields.get('addReceiver_auth')
# key from the user, or derrived from the password
if 'password'== mode:
password = self.fields.get('addReceiver_password')
key = self.sendAction('/snmp/usm/actions/generate_auth_key',
('password', 'string', password),
('hash_function', 'string', protocol))
key = key.get('auth_key', '')
else:
key = self.fields.get('addReceiver_key')
nodes += [(pre + '/username', 'string', user),
(pre + '/hash_function', 'string', protocol),
(pre + '/auth_key', 'string', key),
(pre + '/sec_level', 'string', auth)]
# AuthPriv option of Security Level
if 'authpriv'== auth:
privacyMode = self.fields.get('addReceiver_privacyMode')
if 'authPrivacy'== privacyMode:
# Use the same key generated from authentication password or entered for authentication
privacyKey = key
elif 'password'== privacyMode:
# Generate key from privacy password entered by user
privacyPassword = self.fields.get('addReceiver_privacyPassword')
privacyKey = self.sendAction('/snmp/usm/actions/generate_auth_key',
('password', 'string', privacyPassword),
('hash_function', 'string', protocol))
privacyKey = privacyKey.get('auth_key', '')
elif 'key'== privacyMode:
# Use privacy key provided by the user
privacyKey = self.fields.get('addReceiver_privacyKey')
privacyProtocol = self.fields.get('addReceiver_privacyProtocol')
nodes += [(pre + '/privacy_protocol', 'string', privacyProtocol),
(pre + '/privacy_key', 'string', privacyKey)]
self.setNodes(*nodes)
elif 'removeReceivers' in self.fields:
FormUtils.deleteNodesFromConfigForm(self.mgmt, base, 'ck_', self.fields)
elif 'addSnmpUser' in self.fields:
name = self.fields.get('addSnmpUser_name')
protocol = self.fields.get('addSnmpUser_protocol')
if 'password'== self.fields.get('addSnmpUser_mode'):
password = self.fields.get('addSnmpUser_password')
key = self.sendAction('/snmp/usm/actions/generate_auth_key',
('password', 'string', password),
('hash_function', 'string', protocol))
key = key.get('auth_key', '')
else:
key = self.fields.get('addSnmpUser_key', '')
nodes = [('%s/%s' % (userBase, name), 'string', name),
('%s/%s/auth_key' % (userBase, name), 'string', key),
('%s/%s/hash_function' % (userBase, name), 'string', protocol)]
privacyOption = self.fields.get('addSnmpUser_privacyOption', 'false')
if 'true' == privacyOption:
# The user wishes to use the privacy feature, therefore checkbox is checked.
privacyProtocol = self.fields.get('addSnmpUser_privacyProtocol')
privacyMode = self.fields.get('addSnmpUser_privacyMode')
if 'authPrivacy' == privacyMode:
# Use the same key generated from authentication or entered for authentication
privacyKey = key
elif 'password' == privacyMode:
# Generate key from password entered for privacy
privacyPassword = self.fields.get('addSnmpUser_privacyPassword')
privacyKey = self.sendAction('/snmp/usm/actions/generate_auth_key',
('password', 'string', privacyPassword),
('hash_function', 'string', protocol))
privacyKey = privacyKey.get('auth_key', '')
elif 'key' == privacyMode:
# Use the privacy key provided by the user
privacyKey = self.fields.get('addSnmpUser_privacyKey')
elif 'false' == privacyOption:
# Privacy feature not to be used. Clear the privacy_key and privacy_protocol nodes
privacyKey = ''
privacyProtocol = ''
nodes += [('%s/%s/privacy_protocol' % (userBase, name), 'string', privacyProtocol),
('%s/%s/privacy_key' % (userBase, name), 'string', privacyKey)]
self.setNodes(*nodes)
elif 'removeSnmpUsers' in self.fields:
FormUtils.deleteNodesFromConfigForm(
self.mgmt, userBase, 'snmpUser_', self.fields)
elif 'addSecurityName' in self.fields:
name = self.fields.get('addSecurityName_name')
community = self.fields.get('addSecurityName_community')
ipBits = self.fields.get('addSecurityName_ip', ':')
if '/' not in ipBits:
return
ip, maskBits = ipBits.split('/')
self.setNodes(
('%s/%s' % (nameBase, name), 'string', name),
('%s/%s/community' % (nameBase, name), 'string', community),
('%s/%s/src/ip' % (nameBase, name), 'ipv6addr', ip),
('%s/%s/src/mask_len' % (nameBase, name), 'uint8', maskBits))
elif 'removeSecurityNames' in self.fields:
FormUtils.deleteNodesFromConfigForm(
self.mgmt, nameBase, 'secName_', self.fields)
elif 'addGroup' in self.fields:
name = self.fields.get('addGroup_name')
i = 0
while True:
model = self.fields.get('addSnmpGroup_secModel_%d' % i)
if 'editPolicy' in self.fields:
if model == 'usm':
user = self.fields.get('addSnmpGroupUsm_secName_%d' % i)
else:
user = self.fields.get('addSnmpGroup_secName_%d' % i)
else:
user = self.fields.get('addSnmpGroup_secName_%d' % i)
if not (user and model):
break
path = '%s/%s/grp_entry' % (groupBase, name)
Nodes.editNodeSequence(self.mgmt, path, groupSpec, 'add', -1,
{'sec_name': user,
'sec_model': model})
i += 1
elif 'removeGroups' in self.fields:
FormUtils.deleteNodesFromConfigForm(self.mgmt,
groupBase,
'group_',
self.fields)
elif 'addView' in self.fields:
name = self.fields.get('addView_name')
incField = self.fields.get('addView_includes')
# If the addView_includes/_excludes field is blank, then we want a blank list.
includes = incField and [inc.strip() for inc in incField.split('\n') if inc.strip() != ''] or []
excField = self.fields.get('addView_excludes')
excludes = excField and [exc.strip() for exc in excField.split('\n') if exc.strip() != ''] or []
viewBase = self.cmcPolicyRetarget('/snmp/vacm/views/%s' % name)
# Note: Because we don't call Nodes.deleteChildNodes here, adding a view with the
# same name as an existing view will append those OIDs, rather than overwriting
# the whole list of OIDs.
nodes = [(viewBase, 'string', name)] + \
[('%s/included/%s' % (viewBase, inc), 'string', inc) for inc in includes] + \
[('%s/excluded/%s' % (viewBase, exc), 'string', exc) for exc in excludes]
self.setNodes(*nodes)
elif 'editView' in self.fields:
name = self.fields.get('editView_name')
incField = self.fields.get('editView_includes')
# If the editView_includes/_excludes field is blank, then we want a blank list.
includes = incField and [inc.strip() for inc in incField.split('\n') if inc.strip() != ''] or []
excField = self.fields.get('editView_excludes')
excludes = excField and [exc.strip() for exc in excField.split('\n') if exc.strip() != ''] or []
viewBase = self.cmcPolicyRetarget('/snmp/vacm/views/%s' % name)
Nodes.deleteChildNodes(self.mgmt, viewBase + '/included')
Nodes.deleteChildNodes(self.mgmt, viewBase + '/excluded')
nodes = [('%s/included/%s' % (viewBase, inc), 'string', inc) for inc in includes] + \
[('%s/excluded/%s' % (viewBase, exc), 'string', exc) for exc in excludes]
self.setNodes(*nodes)
elif 'removeViews' in self.fields:
viewBase = self.cmcPolicyRetarget('/snmp/vacm/views')
FormUtils.deleteNodesFromConfigForm(self.mgmt,
viewBase,
'view_',
self.fields)
elif 'addAcl' in self.fields:
group = self.fields.get('addAcl_group')
auth = self.fields.get('addAcl_auth')
readView = self.fields.get('addAcl_readView')
# group/sec pairs must be unique, so if there's currently
# a group/sec like this one, we replace it
acls = Nodes.getMgmtSetEntries(self.mgmt, aclBase)
for k, v in acls.iteritems():
if (group == v.get('group_name')) and \
(auth == v.get('sec_level')):
Nodes.editNodeSequence(self.mgmt, aclBase, aclSpec, 'edit', int(k),
{'group_name': group,
'sec_level': auth,
'read_view': readView})
break;
else:
Nodes.editNodeSequence(self.mgmt, aclBase, aclSpec, 'add', -1,
{'group_name': group,
'sec_level': auth,
'read_view': readView})
elif 'removeAcls' in self.fields:
acls = FormUtils.getPrefixedFieldNames('acl_', self.fields)
Nodes.editNodeSequence(self.mgmt, aclBase, aclSpec, 'remove', map(int, acls))
