-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathtwist-policy.py
374 lines (319 loc) · 15 KB
/
twist-policy.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
#!/opt/opsware/agent/bin/python
# HPSA Policy based on pytwist library
# 20170214, Ing. Ondrej DURAS (dury)
# ~/prog/HPSA-Utilities/twist-policy.py
#ISSUE:
# WARNING: Could not load agent config file from:\
# /etc/opt/opsware/agent/agent.args
# [Errno 13] Permission denied: \
# '/etc/opt/opsware/agent/agent.args'
#SOLUTION:
# chmod 644 /etc/opt/opsware/agent/agent.args
## MANUAL ############################################################# {{{ 1
VERSION = 2017.022102
MANUAL = r"""
NAME: HPSA Software Policy Management Utility
FILE: twist-policy.py
DESCRIPTION:
Allows to manage HPSA software policies onto server.
Script works in one of a few modes.
- list all software policies found on HPSA MESH
- list policies applicable onto server (platform)
- list applied/attached software policies onto server
- apply & remediate software policy onto server
- install package/s onto server
- uninstall package/s from the server
- remove policy from the server
USAGE:
./twist-policy -list "linux%"
./twist-policy -detail "linux patch%"
./twist-policy -compliant "linux" -on 1234567
./twist-policy -compliant 1234 -on myserver1
./twist-policy -compliant "%" -on myserver1
./twist-policy -compliant "%" -platform "%linux%"
./twist-policy -is "linux" -on 1234567
./twist-policy -policies -on myserver1
./twist-policy -attach "linux patch%" -on myserver1
./twist-policy -attach 1234 -on myserver1 -force
./twist-policy -install "linux patch%" -on myserver1
./twist-policy -uninstall "linux patch%" -on myserver1
./twist-policy -remove 1234 -on 1234567 -timeout 30
./twist-policy -remove 1234 -on 1234567 -force
PARAMETERS:
-list - complete or filtered list of software policies
-getoid - provides ObjectID of ONE Software Policy for scipts
-detail - details related to ONE particular software policy
-compliant - filtered list of software policies compliant to server
-platform - particular platform of compliancy (replaces a server)
-is - filtered list of software policies applied already on server
-on - ONE server defined by Hostname, HPSA Name or Object ID
-name - HPSA name of the affected server
-oid - HPSA ObjectID of affected server
-host - HostName of the affected server
-addr - IP address of the server
-server - any of above server search related (it's the same than -on)
-policies - list of all software policies applied on the server
-attach - adds the software policy to a server
-install - installs software policy related packages onto server
-uninstall - uninstall software policy related packes from server
-remove - removes ONE whole software policy from the server
-force - does not ask in case of intrusive action (install/attach)
-timeout - timeout of SOAP session in seconds
"""
MANUAL += "VERSION: %s\n" % (VERSION)
####################################################################### }}} 1
## INTERFACE ########################################################## {{{ 1
import sys
import os
import time
import inspect
import pprint
sys.path.append("/opt/opsware/agent/pylibs")
sys.path.append("/opt/opsware/pylibs")
from pwa import *
from pytwist import *
from pytwist.com.opsware.search import Filter
from pytwist.com.opsware.server import ServerRef
from pytwist.com.opsware.script import ServerScriptJobArgs
#from pytwist.com.opsware.script import *
SEARCH_NAME = "" # server HPSA canonnical name
SEARCH_HOST = "" # server configured HostName
SEARCH_ADDR = "" # primary server management IP address
SEARCH_OID = "" # server HPSA ObjectIP
SEARCH_ALL = "" # Any of above
POLICY_NAME = "" # HPSA script referenced by name
POLICY_OID = "" # HPSA script referenced by OID
# modes of the script operation
MODE_LIST = 0 # listing all/filtered policies
MODE_GETOID = 0 # provides one policy ObjectID
MODE_DETAIL = 0 # list particular ONE policy in detail
MODE_CHECK = 0 # check whether a a policy is compliant to server
MODE_SHOW = 0 # shows a (filtered) list of attached policies
MODE_ATTACH = 0 # attach and remediate a policy onto server
MODE_INST = 0 # install software - troubleshooting purposes only
MODE_UNIN = 0 # uninstall software - troubleshooting purposes only
MODE_REMOVE = 0 # remove policy from from the server (server from policy in practice)
MODE_FORCE = 0 # causes the intrusive actions will be proceeded without confirmation
MODE_DEBUG = "" # troubleshooting /verbose mode
MODE_DUMP = 0 # troubleshoot data structures
MODE_REF = 0 # server is referenced name/IP
MODE_OID = 0 # server is referenced by OID
hJobStatus = [
'ABORTED','ACTIVE','CANCELED','DELETED','FAILURE',
'PENDING','SUCCESS','UNKNOWN','WARNING','TAMPERED','STALE',
'BLOCKED','RECURRING','EXPIRED','ZOMBIE','TERMINATING',
'TERMINATED' ]
if len(sys.argv) < 2:
print MANUAL
sys.exit()
for idx in range(1,len(sys.argv)):
argx = sys.argv[idx]
if re.match("-+na",argx): idx +=1; SEARCH_NAME = sys.argv[idx]; MODE_REF = 1; continue # --name <HPSA_NAME>
if re.match("-+ho",argx): idx +=1; SEARCH_HOST = sys.argv[idx]; MODE_REF = 1; continue # --host <HOSTNAME>
if re.match("-+ip",argx): idx +=1; SEARCH_ADDR = sys.argv[idx]; MODE_REF = 1; continue # -ip / -addr <IP_ADDRESS>
if re.match("-+ad",argx): idx +=1; SEARCH_ADDR = sys.argv[idx]; MODE_REF = 1; continue # -ip / -addr <IP_ADDRESS>
if re.match("-+se",argx): idx +=1; SEARCH_ALL = sys.argv[idx]; MODE_REF = 1; continue # --server / --serach / -on <NAME/IP>
if re.match("-+on",argx): idx +=1; SEARCH_ALL = sys.argv[idx]; MODE_REF = 1; continue # --server / --serach / -on <NAME/IP>
if re.match("-+oi",argx): idx +=1; SEARCH_OID = sys.argv[idx]; MODE_OID = 1; continue # --oid <HPSA_ObjectID>
if re.match("-+du",argx): MODE_DUMP = 1; continue # --dump
if re.match("-+l",argx ): idx +=1; POLICY_NAME = sys.argv[idx]; MODE_LIST= 1; continue # --list
if re.match("-+det",argx): MODE_DETAIL = 1; continue # --debug
if re.match("-+che",argx): MODE_CHECK = 1; continue # --check / whether the policy is compliant to the server
if re.match("-+sh",argx): MODE_SHOW = 1; continue # --show / shows a list of attached policies
if re.match("-+showall",argx):MODE_SHOW = 1; POLICY_NAME = "%"; continue # --showall / shows a list of attached policies
if re.match("-+att",argx): idx +=1; POLICY_NAME = sys.argv[idx]; MODE_ATTACH=1;continue # --attach / --policy <Name/OID>
if re.match("-+policy$",argx):idx +=1; POLICY_NAME = sys.argv[idx]; MODE_ATTACH=1;continue # --policy / --attach <Name/OID>
if re.match("-+policy-?name", argx): idx +=1; POLICY_NAME = sys.argv[idx]; continue # --policy-name <Policy_Name>
if re.match("-+policy-?oid", argx): idx +=1; POLICY_OID = sys.argv[idx]; continue # --policy-oid <Policy_OID>
if re.match("-+ins",argx): idx +=1; POLICY_NAME = sys.argv[idx]; MODE_INST=1; continue # --install <Policy_Name/OID>
if re.match("-+uni",argx): idx +=1; POLICY_NAME = sys.argv[idx]; MODE_UNIN=1; continue # --uninstall <Policy_Name/OID>
if re.match("-+rem",argx): idx +=1; POLICY_NAME = sys.argv[idx]; MODE_REMOVE=1;continue # --remove <Policy_Name/OID>
if re.match("-+del",argx): idx +=1; POLICY_NAME = sys.argv[idx]; MODE_REMOVE=1;continue # --remove <Policy_Name/OID>
# to ensure the line: script <OID = <Script_Name>
if not (MODE_LIST or MODE_DETAIL):
MODE_LIST = 1
# solving grammar of policy reference
if re.match("^[0-9]+$",POLICY_NAME):
POLICY_OID = POLICY_NAME; SCRIP_NAME = ""
if re.match(".*[^0-9].*",POLICY_OID):
POLICY_NAME = POLICY_OID; POLICY_OID = ""
####################################################################### }}} 1
## HPSA Query / Twist based / initial steps ########################### {{{ 1
# Credentials
try:
USER=pwaLogin('hpsa')
PASS=pwaPassword('hpsa')
if not (USER and PASS):
sys.stderr.write("#- ENV[CRED_HPSA] not found #1 !\n")
sys.exit(1)
#(USER,PASS)=os.environ['CRED_HPSA'].split('%',1)
#print("#: USER='%s' PASS='%s'" % (USER,PASS))
except:
sys.stderr.write("#- ENV[CRED_HPSA] not found #2 !\n")
sys.exit(1)
# Twist session
ts=twistserver.TwistServer()
ts.authenticate(USER,PASS)
policyservice = ts.swmgmt.SoftwarePolicyService
jobservice = ts.job.JobService
####################################################################### }}} 1
## handleJob(job) ##################################################### {{{ 1
def handleJob(job):
global MODE_LIST, MODE_DETAIL, MODE_DUMP
global jobservice
# displaying job details
if MODE_LIST:
print "job %d = %s" % (job.id,job.name)
elif MODE_DETAIL:
print "Job OID ............... " + str(job.id)
print "Job Long ID ........... " + str(job.idAsLong)
print "Job Name .............. " + job.name
print "Job Type .............. " + job.secureResourceTypeName
elif MODE_DUMP:
pprint.pprint(inspect.getmembers(job))
print "========================================"
# job in progress
count = 0
status = 1
while status == 1:
info = jobservice.getJobInfoVO(job)
status = info.status
count += 1
time.sleep(1)
print "%3d ... %s(%d) Job=%d Server=%d" \
% (count,hJobStatus[status],status,job.id,server.id)
# basic results when finished (all kinds of processes)
print "== Result =============================="
print "Status ................ %s(%d)" % (hJobStatus[status],status)
print "Job Type .............. %s" % (info.type)
print "Description ........... %s" % (info.description)
print "Script Start .......... " + time.strftime("%Y-%m-%d %H:%M:%S",time.gmtime(info.startDate))
print "Script End ............ " + time.strftime("%Y-%m-%d %H:%M:%S",time.gmtime(info.endDate))
print "Reason for Blocked .... %s" % (info.blockedReason)
print "Reason for Canceled ... %s" % (info.canceledReason)
print "Schedule .............. %s" % (info.schedule)
print "Notification .......... %s" % (info.notification)
print "Duration .............. %d seconds " % (int(info.endDate - info.startDate))
####################################################################### }}} 1
## Query to find Policy/ies ########################################### {{{ 1
pol_filter = Filter()
if POLICY_NAME:
pol_filter.expression='SoftwarePolicyVO.name like "%s"' % (POLICY_NAME)
elif POLICY_OID:
pol_filter.expression='software_policy_folder_id = %s' % (POLICY_OID)
else:
sys.stderr.write("#- None policy refference (Name/Oid) given !\n")
sys.exit(1)
policies = policyservice.findSoftwarePolicyRefs(pol_filter)
if len(policies) < 1:
sys.stderr.write("#- None Software Policy found !\n")
sys.exit(1)
for policy in policies:
if MODE_LIST and (not MODE_DETAIL):
print "policy %d = %s" % (policy.id, policy.name)
if MODE_DETAIL:
vo = policyservice.getSoftwarePolicyVO(policy)
print "Policy name ............ " + str(vo.name)
print "Locked ................. " + str(vo.locked)
print "Life Cycle ............. " + str(vo.lifecycle)
print "Template ............... " + str(vo.template)
print "Manual Uninstall ....... " + str(vo.manualUninstall)
print "Software Policy Type ... " + str(vo.softwarePolicyType)
print "createdDate ............ " + time.strftime("%Y-%m-%d %H:%M:%S",time.gmtime(vo.createdDate))
print "createdBy .............. " + str(vo.createdBy)
print "modifiedDate ........... " + time.strftime("%Y-%m-%d %H:%M:%S",time.gmtime(vo.modifiedDate))
print "modifiedBy ............. " + str(vo.modifiedBy)
print "Description ............ " + str(vo.description)
print "========================================"
if MODE_DUMP:
vo = policyservice.getSoftwarePolicyVO(policy)
pprint.pprint(inspect.getmembers(vo))
if len(policies) > 1:
sys.stderr.write("#- More than one Policy found !\n")
sys.exit(1)
####################################################################### }}} 1
## Query to find Server/s ############################################# {{{ 1
# Query to HPSA
servers=[]
if MODE_REF:
filter=Filter()
if SEARCH_NAME:
filter.expression='ServerVO.name like "%s"' % (SEARCH_NAME)
if SEARCH_HOST:
filter.expression='ServerVO.hostName like "%s"' % (SEARCH_HOSTNAME)
if SEARCH_ADDR:
filter.expression='((device_interface_ip = "%s") | ' \
'(device_management_ip = "%s"))' % (SEARCH_ADDR,SEARCH_ADDR)
if SEARCH_ALL:
filter.expression='((ServerVO.name like "%s") | ' \
'(ServerVO.hostName like "%s") | ' \
'(device_interface_ip = "%s") | ' \
'(device_management_ip = "%s"))' \
% (SEARCH_ALL,SEARCH_ALL,SEARCH_ALL,SEARCH_ALL)
serverservice = ts.server.ServerService
servers = serverservice.findServerRefs(filter)
elif MODE_OID:
serverservice = ts.server.ServerService
server=ServerRef(SEARCH_OID)
servers=[server]
# Displaying response
if len(servers) < 1:
sys.stderr.write("#- None server found !\n")
sys.exit(3)
for server in servers:
#pprint.pprint(inspect.getmembers(vo))
#pprint.pprint(inspect.getmembers(script))
if MODE_DETAIL:
vo = serverservice.getServerVO(server)
print "Server Name ........... " + vo.name
print "Management IP ......... " + vo.managementIP
print "HPSA Object ID ........ " + str(server.id)
print "OS Version ............ " + vo.osVersion
print "Customer .............. " + vo.customer.name
print "Platforms"
for plax in vo.platforms:
print " %s = %s" % (plax.id,plax.name)
print ""
elif MODE_DUMP:
vo = serverservice.getServerVO(server)
pprint.pprint(inspect.getmembers(vo))
else:
print "server %d = %s" % (server.id,server.name)
if len(servers) > 1:
sys.stderr.write("#- More than one Server found !\n")
sys.exit(1)
####################################################################### }}} 1
## Attaching / Detaching SwPolicy ##################################### {{{ 1
if MODE_REMOVE:
# the job query
print "Detaching policy..."
job = None
try:
policyservice.detachFromPolicies(policies,servers)
job = policyservice.startRemediateNow(policies,server)
except:
sys.stderr.write("#- Job has not been created !\n")
sys.stderr.write("#- " + str(sys.exc_info()[0]) + "\n")
#sys.exit(1)
if job: handleJob(job)
print "Removing Policy Association ..."
try:
policyservice.removePolicyAssociations(policies,servers)
except:
sys.stderr.write("#- Policy Association not removed !\n")
sys.stderr.write("#- " + str(sys.exc_info()[0]) + "\n")
sys.exit(1)
print "Policy Association removed."
if MODE_ATTACH:
# the job query
print "Attaching policy..."
try:
policyservice.attachToPolicies(policies,servers)
job = policyservice.startRemediateNow(policies,server)
except:
sys.stderr.write("#- Job has not been created !\n")
sys.stderr.write("#- " + str(sys.exc_info()[0]) + "\n")
sys.exit(1)
handleJob(job)
####################################################################### }}} 1
# --- end ---