| Zack Williams | caf0566 | 2020-10-09 19:52:40 -0700 | [diff] [blame] | 1 | #!/usr/bin/env python3 |
| 2 | |
| 3 | # SPDX-FileCopyrightText: © 2020 Open Networking Foundation <support@opennetworking.org> |
| 4 | # SPDX-License-Identifier: Apache-2.0 |
| 5 | |
| 6 | # netbox_edgeconfig.py |
| 7 | # given a s |
| 8 | |
| 9 | from __future__ import absolute_import |
| 10 | |
| 11 | import argparse |
| 12 | import json |
| 13 | import logging |
| 14 | import netaddr |
| 15 | import os |
| 16 | import re |
| 17 | import ssl |
| 18 | import urllib.parse |
| 19 | import urllib.request |
| 20 | from ruamel import yaml |
| 21 | |
| 22 | # create shared logger |
| 23 | logging.basicConfig() |
| 24 | logger = logging.getLogger("nbec") |
| 25 | |
| 26 | # global dict of jsonpath expressions -> compiled jsonpath parsers, as |
| 27 | # reparsing expressions in each loop results in 100x longer execution time |
| 28 | jpathexpr = {} |
| 29 | |
| 30 | # headers to pass, set globally |
| 31 | headers = [] |
| 32 | |
| 33 | # settings |
| 34 | settings = {} |
| 35 | |
| 36 | # cached data from API |
| 37 | device_interface_cache = {} |
| 38 | device_services_cache = {} |
| 39 | interface_mac_cache = {} |
| 40 | |
| 41 | |
| 42 | def parse_nb_args(): |
| 43 | """ |
| 44 | parse CLI arguments |
| 45 | """ |
| 46 | |
| 47 | parser = argparse.ArgumentParser(description="NetBox Edge Config") |
| 48 | |
| 49 | # Positional args |
| 50 | parser.add_argument( |
| 51 | "settings", |
| 52 | type=argparse.FileType("r"), |
| 53 | help="YAML ansible inventory file w/NetBox API token", |
| 54 | ) |
| 55 | |
| 56 | parser.add_argument( |
| 57 | "--debug", action="store_true", help="Print additional debugging information" |
| 58 | ) |
| 59 | |
| 60 | return parser.parse_args() |
| 61 | |
| 62 | |
| 63 | def json_api_get( |
| 64 | url, |
| 65 | headers, |
| 66 | data=None, |
| 67 | trim_prefix=False, |
| 68 | allow_failure=False, |
| 69 | validate_certs=False, |
| 70 | ): |
| 71 | """ |
| 72 | Call JSON API endpoint, return data as a dict |
| 73 | """ |
| 74 | |
| 75 | logger.debug("json_api_get url: %s", url) |
| 76 | |
| 77 | # if data included, encode it as JSON |
| 78 | if data: |
| 79 | data_enc = str(json.dumps(data)).encode("utf-8") |
| 80 | |
| 81 | request = urllib.request.Request(url, data=data_enc, method="POST") |
| 82 | request.add_header("Content-Type", "application/json; charset=UTF-8") |
| 83 | else: |
| 84 | request = urllib.request.Request(url) |
| 85 | |
| 86 | # add headers tuples |
| 87 | for header in headers: |
| 88 | request.add_header(*header) |
| 89 | |
| 90 | try: |
| 91 | |
| 92 | if validate_certs: |
| 93 | response = urllib.request.urlopen(request) |
| 94 | |
| 95 | else: |
| 96 | ctx = ssl.create_default_context() |
| 97 | ctx.check_hostname = False |
| 98 | ctx.verify_mode = ssl.CERT_NONE |
| 99 | |
| 100 | response = urllib.request.urlopen(request, context=ctx) |
| 101 | |
| 102 | except urllib.error.HTTPError: |
| 103 | # asking for data that doesn't exist results in a 404, just return nothing |
| 104 | if allow_failure: |
| 105 | return None |
| 106 | logger.exception("Server encountered an HTTPError at URL: '%s'", url) |
| 107 | except urllib.error.URLError: |
| 108 | logger.exception("An URLError occurred at URL: '%s'", url) |
| 109 | else: |
| 110 | # docs: https://docs.python.org/3/library/json.html |
| 111 | jsondata = response.read() |
| 112 | logger.debug("API response: %s", jsondata) |
| 113 | |
| 114 | try: |
| 115 | data = json.loads(jsondata) |
| 116 | except json.decoder.JSONDecodeError: |
| 117 | # allow return of no data |
| 118 | if allow_failure: |
| 119 | return None |
| 120 | logger.exception("Unable to decode JSON") |
| 121 | else: |
| 122 | logger.debug("JSON decoded: %s", data) |
| 123 | |
| 124 | return data |
| 125 | |
| 126 | |
| 127 | def create_dns_zone(extension, devs): |
| 128 | # Checks for dns entries |
| 129 | |
| 130 | a_recs = {} # PTR records created by inverting this |
| 131 | cname_recs = {} |
| 132 | srv_recs = {} |
| 133 | ns_recs = [] |
| 134 | txt_recs = {} |
| 135 | |
| 136 | # scan through devs and look for dns_name, if not, make from name and |
| 137 | # extension |
| 138 | for name, value in devs.items(): |
| 139 | |
| 140 | # add DNS entries for every DHCP host if there's a DHCP range |
| 141 | # DHCP addresses are of the form dhcp###.extension |
| 142 | if name == "prefix_dhcp": |
| 143 | for ip in netaddr.IPNetwork(value["dhcp_range"]).iter_hosts(): |
| 144 | a_recs["dhcp%03d" % (ip.words[3])] = str(ip) |
| 145 | |
| 146 | continue |
| 147 | |
| 148 | # require DNS names to only use ASCII characters (alphanumeric, lowercase, with dash/period) |
| 149 | # _'s are used in SRV/TXT records, but in general use aren't recommended |
| 150 | dns_name = re.sub("[^a-z0-9.-]", "-", name, 0, re.ASCII) |
| 151 | |
| 152 | # Add as an A record (and inverse, PTR record), only if it's a new name |
| 153 | if dns_name not in a_recs: |
| 154 | a_recs[dns_name] = value["ip4"] |
| 155 | else: |
| 156 | # most likely a data entry error |
| 157 | logger.warning( |
| 158 | "Duplicate DNS name '%s' for devices at IP: '%s' and '%s', ignoring", |
| 159 | dns_name, |
| 160 | a_recs[dns_name], |
| 161 | value["ip4"], |
| 162 | ) |
| 163 | continue |
| 164 | |
| 165 | # if a DNS name is given as a part of the IP address, it's viewed as a CNAME |
| 166 | if value["dns_name"]: |
| 167 | |
| 168 | if re.search("%s$" % extension, value["dns_name"]): |
| 169 | |
| 170 | # strip off the extension, and add as a CNAME |
| 171 | dns_cname = value["dns_name"].split(".%s" % extension)[0] |
| 172 | |
| 173 | elif "." in value["dns_name"]: |
| 174 | logger.warning( |
| 175 | "Device '%s' has a IP assigned DNS name '%s' outside the prefix extension: '%s', ignoring", |
| 176 | name, |
| 177 | value["dns_name"], |
| 178 | extension, |
| 179 | ) |
| 180 | continue |
| 181 | |
| 182 | else: |
| 183 | dns_cname = value["dns_name"] |
| 184 | |
| 185 | if dns_cname == dns_name: |
| 186 | logger.warning( |
| 187 | "DNS Name field '%s' is identical to device name '%s', ignoring", |
| 188 | value["dns_name"], |
| 189 | dns_name, |
| 190 | ) |
| 191 | else: |
| 192 | cname_recs[dns_cname] = "%s.%s." % (dns_name, extension) |
| 193 | |
| 194 | # Add services as cnames, and possibly ns records |
| 195 | for svc in value["services"]: |
| 196 | |
| 197 | # only add service if it uses the IP of the host |
| 198 | if value["ip4"] in svc["ip4s"]: |
| 199 | cname_recs[svc["name"]] = "%s.%s." % (dns_name, extension) |
| 200 | |
| 201 | if svc["port"] == 53 and svc["protocol"] == "udp": |
| 202 | ns_recs.append("%s.%s." % (dns_name, extension)) |
| 203 | |
| 204 | return { |
| 205 | "a": a_recs, |
| 206 | "cname": cname_recs, |
| 207 | "ns": ns_recs, |
| 208 | "srv": srv_recs, |
| 209 | "txt": txt_recs, |
| 210 | } |
| 211 | |
| 212 | |
| 213 | def create_dhcp_subnet(prefix, prefix_search, devs): |
| 214 | # makes DHCP subnet information |
| 215 | |
| 216 | subnet = {} |
| 217 | |
| 218 | subnet["subnet"] = prefix |
| 219 | subnet["dns_search"] = [prefix_search] |
| 220 | |
| 221 | hosts = [] |
| 222 | dns_servers = [] |
| 223 | |
| 224 | for name, value in devs.items(): |
| 225 | |
| 226 | # handle a DHCP range |
| 227 | if name == "prefix_dhcp": |
| 228 | subnet["range"] = value["dhcp_range"] |
| 229 | continue |
| 230 | |
| Zack Williams | 70ae827 | 2020-12-03 09:54:59 -0700 | [diff] [blame] | 231 | # handle a router reservation |
| 232 | if name == "router": |
| 233 | subnet["routers"] = value["ip4"] |
| 234 | continue |
| 235 | |
| Zack Williams | caf0566 | 2020-10-09 19:52:40 -0700 | [diff] [blame] | 236 | # has a MAC address, and it's not null |
| 237 | if "macaddr" in value and value["macaddr"]: |
| 238 | |
| 239 | hosts.append( |
| 240 | { |
| 241 | "name": name, |
| 242 | "ip_addr": value["ip4"], |
| 243 | "mac_addr": value["macaddr"].lower(), |
| 244 | } |
| 245 | ) |
| 246 | |
| 247 | # Add dns based on service entries |
| 248 | if "services" in value: |
| 249 | for svc in value["services"]: |
| 250 | |
| 251 | # add DNS server |
| 252 | if svc["port"] == 53 and svc["protocol"] == "udp": |
| 253 | dns_servers.append(value["ip4"]) |
| 254 | |
| 255 | # add tftp server |
| 256 | if svc["port"] == 69 and svc["protocol"] == "udp": |
| 257 | subnet["tftpd_server"] = value["ip4"] |
| 258 | |
| 259 | subnet["hosts"] = hosts |
| 260 | subnet["dns_servers"] = dns_servers |
| 261 | |
| 262 | return subnet |
| 263 | |
| 264 | |
| 265 | def find_dhcpd_interface(prefix, devs): |
| 266 | # DHCPd interface is first usable IP in range |
| 267 | |
| 268 | first_ip = str(netaddr.IPAddress(netaddr.IPNetwork(prefix).first + 1)) |
| 269 | |
| 270 | for name, value in devs.items(): |
| 271 | if value["ip4"] == first_ip: |
| 272 | return value["iface"] |
| 273 | |
| 274 | |
| 275 | def get_device_services(device_id, filters=""): |
| 276 | |
| 277 | if device_id in device_services_cache: |
| 278 | return device_services_cache[device_id] |
| 279 | |
| 280 | # get services info |
| 281 | url = "%s%s" % ( |
| 282 | settings["api_endpoint"], |
| 283 | "api/ipam/services/?device_id=%s%s" % (device_id, filters), |
| 284 | ) |
| 285 | |
| 286 | raw_svcs = json_api_get(url, headers, validate_certs=settings["validate_certs"]) |
| 287 | |
| 288 | services = [] |
| 289 | |
| 290 | for rsvc in raw_svcs["results"]: |
| 291 | |
| 292 | svc = {} |
| 293 | |
| 294 | svc["name"] = rsvc["name"] |
| 295 | svc["description"] = rsvc["description"] |
| 296 | svc["port"] = rsvc["port"] |
| 297 | svc["protocol"] = rsvc["protocol"]["value"] |
| 298 | svc["ip4s"] = [] |
| 299 | |
| 300 | for ip in rsvc["ipaddresses"]: |
| 301 | svc["ip4s"].append(str(netaddr.IPNetwork(ip["address"]).ip)) |
| 302 | |
| 303 | services.append(svc) |
| 304 | |
| 305 | device_services_cache[device_id] = services |
| 306 | return services |
| 307 | |
| 308 | |
| 309 | def get_interface_mac_addr(interface_id): |
| 310 | # return a mac addres, or None if undefined |
| 311 | if interface_id in interface_mac_cache: |
| 312 | return interface_mac_cache[interface_id] |
| 313 | |
| 314 | # get the interface info |
| 315 | url = "%s%s" % (settings["api_endpoint"], "api/dcim/interfaces/%s/" % interface_id) |
| 316 | |
| 317 | iface = json_api_get(url, headers, validate_certs=settings["validate_certs"]) |
| 318 | |
| 319 | if iface["mac_address"]: |
| 320 | interface_mac_cache[interface_id] = iface["mac_address"] |
| 321 | return iface["mac_address"] |
| 322 | |
| 323 | interface_mac_cache[interface_id] = None |
| 324 | return None |
| 325 | |
| 326 | |
| 327 | def get_device_interfaces(device_id, filters=""): |
| 328 | |
| 329 | if device_id in device_interface_cache: |
| 330 | return device_interface_cache[device_id] |
| 331 | |
| 332 | url = "%s%s" % ( |
| 333 | settings["api_endpoint"], |
| 334 | "api/dcim/interfaces/?device_id=%s%s&mgmt_only=true" % (device_id, filters), |
| 335 | ) |
| 336 | |
| 337 | logger.debug("raw_ifaces_url: %s", url) |
| 338 | |
| 339 | raw_ifaces = json_api_get(url, headers, validate_certs=settings["validate_certs"]) |
| 340 | |
| 341 | logger.debug("raw_ifaces: %s", raw_ifaces) |
| 342 | |
| 343 | ifaces = [] |
| 344 | |
| 345 | for raw_iface in raw_ifaces["results"]: |
| 346 | |
| 347 | iface = {} |
| 348 | |
| 349 | iface["name"] = raw_iface["name"] |
| 350 | iface["macaddr"] = raw_iface["mac_address"] |
| 351 | iface["mgmt_only"] = raw_iface["mgmt_only"] |
| 352 | iface["description"] = raw_iface["description"] |
| 353 | |
| 354 | if raw_iface["count_ipaddresses"]: |
| 355 | url = "%s%s" % ( |
| 356 | settings["api_endpoint"], |
| 357 | "api/ipam/ip-addresses/?interface_id=%s" % raw_iface["id"], |
| 358 | ) |
| 359 | |
| 360 | raw_ip = json_api_get( |
| 361 | url, headers, validate_certs=settings["validate_certs"] |
| 362 | ) |
| 363 | |
| 364 | iface["ip4"] = str(netaddr.IPNetwork(raw_ip["results"][0]["address"]).ip) |
| 365 | |
| 366 | ifaces.append(iface) |
| 367 | |
| 368 | device_interface_cache[device_id] = ifaces |
| 369 | return ifaces |
| 370 | |
| 371 | |
| 372 | def get_prefix_devices(prefix, filters=""): |
| 373 | |
| 374 | # get all devices in a prefix |
| 375 | url = "%s%s" % ( |
| 376 | settings["api_endpoint"], |
| 377 | "api/ipam/ip-addresses/?parent=%s%s" % (prefix, filters), |
| 378 | ) |
| 379 | |
| 380 | raw_ips = json_api_get(url, headers, validate_certs=settings["validate_certs"]) |
| 381 | |
| 382 | logger.debug("raw_ips: %s", raw_ips) |
| 383 | |
| 384 | devs = {} |
| 385 | |
| 386 | # iterate by IP, sorted |
| 387 | for ip in sorted(raw_ips["results"], key=lambda k: k["address"]): |
| 388 | |
| 389 | logger.debug("ip: %s", ip) |
| 390 | |
| 391 | # if it's a DHCP range, add that range to the dev list as prefix_dhcp |
| 392 | if ip["status"]["value"] == "dhcp": |
| 393 | devs["prefix_dhcp"] = {"dhcp_range": ip["address"]} |
| 394 | continue |
| 395 | |
| Zack Williams | 70ae827 | 2020-12-03 09:54:59 -0700 | [diff] [blame] | 396 | # if it's a reserved IP |
| 397 | if ip["status"]["value"] == "reserved": |
| 398 | res = {} |
| 399 | |
| 400 | res["type"] = "reserved" |
| 401 | res["description"] = ip["description"] |
| 402 | res["ip4"] = str(netaddr.IPNetwork(ip["address"]).ip) |
| 403 | res["dns_name"] = ip["dns_name"] if "dns_name" in ip else "None" |
| 404 | res["services"] = {} |
| 405 | |
| 406 | resname = res["description"].lower().split(" ")[0] |
| 407 | |
| 408 | devs[resname] = res |
| 409 | continue |
| 410 | |
| Zack Williams | caf0566 | 2020-10-09 19:52:40 -0700 | [diff] [blame] | 411 | dev = {} |
| 412 | |
| Zack Williams | 70ae827 | 2020-12-03 09:54:59 -0700 | [diff] [blame] | 413 | dev["type"] = "device" |
| Zack Williams | caf0566 | 2020-10-09 19:52:40 -0700 | [diff] [blame] | 414 | dev["ip4"] = str(netaddr.IPNetwork(ip["address"]).ip) |
| 415 | dev["macaddr"] = get_interface_mac_addr(ip["assigned_object"]["id"]) |
| 416 | |
| 417 | ifaces = get_device_interfaces(ip["assigned_object"]["device"]["id"]) |
| 418 | |
| 419 | if ifaces and dev["ip4"] == ifaces[0]["ip4"]: # this is a mgmt IP |
| 420 | devname = "%s-%s" % ( |
| 421 | ip["assigned_object"]["device"]["name"].lower().split(".")[0], |
| 422 | ifaces[0]["name"], |
| 423 | ) |
| 424 | dev["iface"] = ip["assigned_object"]["name"] |
| 425 | dev["dns_name"] = "" |
| 426 | dev["services"] = [] |
| 427 | |
| 428 | else: # this is a primary IP |
| 429 | |
| 430 | name = ip["assigned_object"]["device"]["name"] |
| 431 | devname = name.lower().split(".")[0] |
| 432 | |
| 433 | dev["iface"] = ip["assigned_object"]["name"] |
| 434 | dev["dns_name"] = ip["dns_name"] if "dns_name" in ip else "None" |
| 435 | dev["services"] = get_device_services(ip["assigned_object"]["device"]["id"]) |
| 436 | |
| 437 | # fix multihomed devices in same IP range |
| 438 | # FIXME: Does not handle > 2 connections properly |
| 439 | if devname in devs: |
| 440 | devs["%s-1" % devname] = devs.pop(devname) |
| 441 | devs["%s-2" % devname] = dev |
| 442 | else: |
| 443 | devs[devname] = dev |
| 444 | |
| 445 | return devs |
| 446 | |
| 447 | |
| 448 | def get_prefix_data(prefix): |
| 449 | |
| 450 | # get all devices in a prefix |
| 451 | url = "%s%s" % (settings["api_endpoint"], "api/ipam/prefixes/?prefix=%s" % prefix) |
| 452 | |
| 453 | raw_prefix = json_api_get(url, headers, validate_certs=settings["validate_certs"]) |
| 454 | |
| 455 | logger.debug("raw_prefix: %s", raw_prefix) |
| 456 | |
| 457 | return raw_prefix["results"][0] |
| 458 | |
| 459 | |
| 460 | # main function that calls other functions |
| 461 | if __name__ == "__main__": |
| 462 | |
| 463 | args = parse_nb_args() |
| 464 | |
| 465 | # only print log messages if debugging |
| 466 | if args.debug: |
| 467 | logger.setLevel(logging.DEBUG) |
| 468 | else: |
| 469 | logger.setLevel(logging.INFO) |
| 470 | |
| 471 | # load settings from yaml file |
| 472 | settings = yaml.safe_load(args.settings.read()) |
| 473 | |
| 474 | yaml_out = {} |
| 475 | |
| 476 | # load default config |
| 477 | with open( |
| 478 | os.path.join( |
| 479 | os.path.dirname(os.path.realpath(__file__)), "base_edgeconfig.yaml" |
| 480 | ) |
| 481 | ) as defconfig: |
| 482 | yaml_out = yaml.safe_load(defconfig) |
| 483 | |
| 484 | logger.debug("settings: %s" % settings) |
| 485 | |
| 486 | # global, so this isn't run multiple times |
| 487 | headers = [ |
| 488 | ("Authorization", "Token %s" % settings["token"]), |
| 489 | ] |
| 490 | |
| 491 | # create structure from extracted data |
| 492 | dns_zones = {} |
| 493 | dns_rev_zones = {} |
| 494 | dhcpd_subnets = [] |
| 495 | dhcpd_interfaces = [] |
| 496 | devs_per_prefix = {} |
| 497 | |
| 498 | for prefix in settings["ip_prefixes"]: |
| 499 | |
| 500 | prefix_data = get_prefix_data(prefix) |
| 501 | |
| 502 | prefix_domain_extension = prefix_data["description"] |
| 503 | |
| 504 | devs = get_prefix_devices(prefix) |
| 505 | |
| 506 | devs_per_prefix[prefix] = devs |
| 507 | |
| 508 | dns_zones[prefix_domain_extension] = create_dns_zone( |
| 509 | prefix_domain_extension, devs |
| 510 | ) |
| 511 | |
| 512 | dns_zones[prefix_domain_extension]["ip_range"] = prefix |
| 513 | |
| 514 | dhcpd_subnets.append(create_dhcp_subnet(prefix, prefix_domain_extension, devs)) |
| 515 | |
| 516 | dhcpd_if = find_dhcpd_interface(prefix, devs) |
| 517 | |
| 518 | if dhcpd_if not in dhcpd_interfaces: |
| 519 | dhcpd_interfaces.append(dhcpd_if) |
| 520 | |
| 521 | yaml_out.update( |
| 522 | { |
| 523 | "dns_zones": dns_zones, |
| 524 | "dns_rev_zones": dns_rev_zones, |
| 525 | "dhcpd_subnets": dhcpd_subnets, |
| 526 | "dhcpd_interfaces": dhcpd_interfaces, |
| Zack Williams | 70ae827 | 2020-12-03 09:54:59 -0700 | [diff] [blame] | 527 | # "devs_per_prefix": devs_per_prefix, # useful when debugging |
| Zack Williams | caf0566 | 2020-10-09 19:52:40 -0700 | [diff] [blame] | 528 | } |
| 529 | ) |
| 530 | |
| 531 | print(yaml.safe_dump(yaml_out, indent=2)) |