forked from MissionCriticalCloud/cloudstackOps
-
Notifications
You must be signed in to change notification settings - Fork 0
/
listAdvisories.py
executable file
·308 lines (258 loc) · 11.2 KB
/
listAdvisories.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
#!/usr/bin/python
# Copyright 2016, Leaseweb Technologies BV
#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Script to list potential fixes.
# Nuno Tavares - [email protected]
import time
import sys
import getopt
from cloudstackops import lswcloudstackopsbase
from cloudstackops import lswcloudstackops
from cloudstackops import lswcloudstackopsssh
import os.path
from random import choice
from prettytable import PrettyTable
# Function to handle our arguments
def debug(level, args):
if DEBUG>=level:
print args
opFilters = { 'safetylevel': lswcloudstackops.LswCloudStackOps.SAFETY_BEST, 'deep': False, 'live': False }
def handleArguments(argv):
global DEBUG
DEBUG = 0
global DRYRUN
DRYRUN = 1
global configProfileName
configProfileName = ''
global command
command = 'list'
global plainDisplay
plainDisplay = 0
global PLATFORM
PLATFORM = None
global SEND_EMAIL
SEND_EMAIL = False
# Usage message
help = "Usage: ./" + os.path.basename(__file__) + ' [options] ' + \
'\n --config-profile -c <profile>\t\tSpecify the CloudMonkey profile name to get the credentials from (or specify in ./config file)' + \
'\n --plain-display\t\t\tEnable plain display, no pretty tables' + \
'\n --repair\t\t\t\tApply suggested actions - at Safe/Best level' + \
'\n' + \
'\n Modifiers:' + \
'\n --exec\tDisable dry-run mode. You\'l need this to perform changes to the platform.' + \
'\n --debug\tEnable debug mode. Use it multiple times to increase verbosity' + \
'\n --live\tPerform live scan. By default, quick mode is used (using deferred/cached collection methods)' + \
'\n --deep\tEnable further tests that usually produces a lot of results. For a list of tests, use -h with this option' + \
'\n --email\tSend Repair Report by email' + \
'\n' + \
'\n Filters:' + \
'\n -n \t\tScan networks (incl. VPCs)' + \
'\n -r \t\tScan routerVMs' + \
'\n -i \t\tScan instances' + \
'\n -s \t\tScan systemVMs' + \
'\n -H \t\tScan hypervisors' + \
'\n -t \t\tScan resource usage' + \
'\n -C \t\tScan configuration for errors' + \
'\n --all \tReport all assets of the selected types, independently of the presence of advisory' + \
'\n --safety <safety> \tFilter out advisories that are not at the specified safety level (default: ' + lswcloudstackopsbase.LswCloudStackOpsBase.translateSafetyLevel(opFilters['safetylevel']) + ')'
try:
opts, args = getopt.getopt(
argv, "hc:nriHtsC", [
"config-profile=", "debug", "exec", "deep", "live", "plain-display", "all", "repair", "safety=", 'email' ])
except getopt.GetoptError as e:
print "Error: " + str(e)
print help
sys.exit(2)
if len(opts) == 0:
print help
sys.exit(2)
helpRequested = False
for opt, arg in opts:
if opt == '-h':
helpRequested = True
elif opt in ("-c", "--config-profile"):
configProfileName = arg
PLATFORM = configProfileName
elif opt in ("--debug"):
if DEBUG==2:
DEBUG = 1
else:
DEBUG = 2
elif opt in ["--exec"]:
DRYRUN = 0
elif opt in ["--email"]:
SEND_EMAIL = True
elif opt in ["--repair"]:
command = 'repair'
elif opt in ["--live"]:
opFilters['live'] = True
elif opt in ["--deep"]:
opFilters['deep'] = True
elif opt in ["--plain-display"]:
plainDisplay = 1
elif opt in ["-n"]:
opFilters['networks'] = True
elif opt in ["-r"]:
opFilters['routers'] = True
elif opt in ["-i"]:
opFilters['instances'] = True
elif opt in ["-H"]:
opFilters['host'] = True
elif opt in ["--t"]:
opFilters['resources'] = True
elif opt in ["-s"]:
opFilters['systemvms'] = True
elif opt in ["-C"]:
opFilters['config'] = True
elif opt in ["--all"]:
opFilters['all'] = True
elif opt in ["--safety"]:
safety = lswcloudstackopsbase.LswCloudStackOpsBase.translateSafetyLevelString(arg)
if safety != None:
opFilters['safetylevel'] = safety
opFilters['safetylevel_set'] = True
def printHelpTests():
print
print "List of tests available"
t = PrettyTable(["Scope", "Level", "Symptom / Probe / Detection", "Detection", "Recovery"])
t.align["Symptom / Probe / Detection"] = "l"
if plainDisplay == 1:
t.border = False
t.header = False
t.padding_width = 1
t.add_row([ "network", "Normal", "Flag restart_required", True, True ])
t.add_row([ "network", "Normal", "Redundancy state inconsistency (needs -r)", True, True ])
t.add_row([ "router", "Normal", "Redundancy state", True, True ])
t.add_row([ "router", "Normal", "Output of check_routervms.py is non-zero (dmesg,swap,resolv,ping,fs,disk,password)", True, True ])
t.add_row([ "router", "Deep", "Checks if router is running with the latest systemvm template version", True, True ])
t.add_row([ "router", "Normal", "Checks if router has requiresUpgrade flag on", True, True ])
t.add_row([ "router", "Deep", "Checks if router is based on the same package version than management (router.cloudstackversion)", True, True ])
t.add_row([ "instance", "Normal", "Try to assess instance read-only state", True, False ])
t.add_row([ "instance", "Normal", "Queries libvirt usage records for abusers (CPU, I/O, etc)", True, False ])
t.add_row([ "hypervisor", "Normal", "Agent state (version, conn state)", True, False ])
t.add_row([ "hypervisor", "Normal", "Load average", True, False ])
t.add_row([ "hypervisor", "Normal", "Conntrack abusers", True, False ])
t.add_row([ "hypervisor", "Normal", "check_libvirt_storage.sh correct functioning", True, False ])
t.add_row([ "systemvm", "Normal", "Output of check_appliance.py is non-zero (dmesg,swap,resolv,ping,fs,disk,websockify)", True, True ])
t.add_row([ "systemvm", "Deep", "Checks if systemvm is running with the latest systemvm template version", True, True ])
t.add_row([ "config", "Normal", "Checks parts of configuration (incl. Zone definitions) for problems", True, False ])
print t
if helpRequested:
if opFilters['deep']:
printHelpTests()
else:
print help
sys.exit()
if PLATFORM==None:
print "No platform is specified. Please use the -c option."
sys.exit(1)
# Default to cloudmonkey default config file
if len(configProfileName) == 0:
configProfileName = "config"
# Parse arguments
if __name__ == "__main__":
handleArguments(sys.argv[1:])
debug(2, 'Command line args: ' + str(sys.argv))
# Init our class
c = lswcloudstackops.LswCloudStackOps(DEBUG, DRYRUN)
ssh = lswcloudstackopsssh.LswCloudStackOpsSSH(DEBUG, DRYRUN)
c.ssh = ssh
c.assignSshObject(ssh)
c.setManagementServer( "mgt01." + PLATFORM )
c.setFilters(opFilters)
if DEBUG > 0:
print "# Warning: Debug mode is enabled!"
if DRYRUN == 1:
print "# Warning: dry-run mode is enabled, not running any commands!"
# make credentials file known to our class
c.configProfileName = configProfileName
# Init the CloudStack API
c.initCloudStackAPI()
if DEBUG == 1:
print "API address: " + c.apiurl
print "ApiKey: " + c.apikey
print "SecretKey: " + c.secretkey
def cmdListAdvisories():
results = c.getAdvisories()
# import pprint
# pp = pprint.PrettyPrinter(indent=4)
# pp.pprint(networkData)
# Empty line
print
t = PrettyTable(["#", "Platf", "Type", "Name", "ID", "Domain", "Action", "SafetyLevel", "Comment"])
t.align["Comment"] = "l"
if plainDisplay == 1:
t.border = False
t.header = False
t.padding_width = 1
counter = 0
for a in results:
counter = counter + 1
t.add_row([counter, configProfileName, a['asset_type'], a['name'], a['id'], a['domain'], a['adv_action'], lswcloudstackopsbase.LswCloudStackOpsBase.translateSafetyLevel(a['adv_safetylevel']), a['adv_comment']])
# Display table
print t
if SEND_EMAIL and counter>0:
if not c.errors_to:
print "Warning: Skipping mailing due to missing e-mail address."
templatefile = open(
"email_template/advisoriesReport.txt",
"r")
emailbody = templatefile.read()
emailbody = emailbody.replace("PLATFORM", PLATFORM)
emailbody = emailbody.replace("ADVISORIES_REPORT", str(t))
emailbody = emailbody.replace("COMMAND_LINE", str(sys.argv))
templatefile.close()
msgSubject = '[' + PLATFORM + '] listAdvisories Report'
# Notify admin
c.sendMail(c.mail_from, c.errors_to, msgSubject, emailbody)
def cmdRepair():
debug(2, "cmdRepair : begin")
results = c.runRepair()
print
t = PrettyTable(["#", "Type", "Name", "ID", "Domain", "Action", "Result", "Comment"])
t.align["Comment"] = "l"
if plainDisplay == 1:
t.border = False
t.header = False
t.padding_width = 1
counter = 0
for a in results:
counter = counter + 1
t.add_row([counter, a['asset_type'], a['name'], a['id'], a['domain'], a['adv_action'], a['repair_code'], a['repair_msg']])
print t
if SEND_EMAIL and counter>0:
if not c.errors_to:
print "Warning: Skipping mailing due to missing e-mail address."
templatefile = open(
"email_template/advisoriesRepairReport.txt",
"r")
emailbody = templatefile.read()
emailbody = emailbody.replace("PLATFORM", PLATFORM)
emailbody = emailbody.replace("REPAIR_REPORT", str(t))
emailbody = emailbody.replace("COMMAND_LINE", str(sys.argv))
templatefile.close()
msgSubject = '[' + PLATFORM + '] listAdvisories Repair Report'
# Notify admin
c.sendMail(c.mail_from, c.errors_to, msgSubject, emailbody)
debug(2, "cmdRepair : end")
print "Applying filter: safetylevel == %s" % lswcloudstackopsbase.LswCloudStackOpsBase.translateSafetyLevel(opFilters['safetylevel'])
if command == 'list':
cmdListAdvisories()
elif command == 'repair':
cmdRepair()