a10.py modification for PEP476, updated REDME.md

2024-05-26 16:16:09 +02:00 · 2017-03-18 17:39:23 +00:00 · 2017-03-18 17:39:23 +00:00 · fdd37b3140
parent c9f4960c6b
commit fdd37b3140
3 changed files with 25 additions and 10 deletions
--- a/src/a10_plugin/README.md
+++ b/src/a10_plugin/README.md
@ -4,6 +4,7 @@

  1. A10 Thunder TPS with AXAPIv3. More information on AXAPIv3: https://www.a10networks.com/resources/glossary/axapi-custom-management.
  2. Network topology is Asymmetric Reactive with BGP as the routing Protocol. A10 Thunder TPS peers with the upstream router. 
+  3. TPS contains base config under /fastnetmon/src/a10_plugin/configs/tps_base_config_vX.txt for base glid, zone-template, and ddos protection rate-interval, etc. 

 ##Overview:
 
@ -16,10 +17,18 @@

 ##Configuration Steps: 

-  1. Configure the fastnetmon_a10_xx.py script as the executed script under /etc/fastnetmon.conf, i.e. notify_script_path=<path>/fastnetmon_a10_v0.2.py.
+  0. If this is a brand new TPS with no prior 'ddos dst zone' config, do a quick dummy zone config and remove it: 
+```
+TH3030S-1(config)#ddos dst zone dummy
+TH3030S-1(config-ddos zone)#exit
+TH3030S-1(config)#no ddos dst zone dummy
+TH3030S-1(config)#end
+TH3030S-1#
+```
+  1. Configure the fastnetmon_a10_xx.py script as the executed script under /etc/fastnetmon.conf, i.e. notify_script_path=<path>/fastnetmon_a10_v0.3.py.
  2. Please note that we have various versions of ban actions depending on your topology, such as integration of aGalaxy. 
  3. Alternatively place all files in a directory that is reachable by FastNetMon and indicate it as the executed script in /etc/fastnetmon.conf.
-  4. Make sure both Python scripts are executable, i.e. "chmod +x a10.py fastnetmon_a10_v0.2.py"
+  4. Make sure both Python scripts are executable, i.e. "chmod +x a10.py fastnetmon_a10_v0.3.py"

 ##Please modify the following in the fastnetmon_a10_v[xx].py script 

@ -35,7 +44,7 @@ Example Usage:
 - Ban action: 

 ```
-a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "ban"
+a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.3.py "10.10.10.10" "outgoing" "111111" "ban"

 TH4435-1#show ddos dst zone all-entries
 Legend (Rate/Limit): 'U'nlimited, 'E'xceeded, '-' Not applicable
@ -55,13 +64,17 @@ TH4435#sh ip bgp neighbors <upstream router IP> advertised-routes

 - Unban action: 

-a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.2.py "10.10.10.10" "outgoing" "111111" "unban"
+a10-ubuntu3:~/fastnetmon/src/a10_plugin$ sudo python fastnetmon_a10_v0.3.py "10.10.10.10" "outgoing" "111111" "unban"

 ```
 TH4435-1#sh ip bgp neighbors <upstream router IP> advertised-routes
 TH4435-1#
 ```

+## Notes
+
+  1. In a10.py, SSL ssl._create_unverified_context() was used. Please see PEP476 for details.
+ 



--- a/src/a10_plugin/a10.py
+++ b/src/a10_plugin/a10.py
@ -1,10 +1,10 @@

 #
-# v0.1 
+# v0.2
 # ericc@a10networks.com
 #

-import json, urllib2
+import json, urllib2, ssl

 def axapi_auth(host, username, password):
    base_uri = 'https://'+host
@ -15,26 +15,28 @@ def axapi_auth(host, username, password):


 def axapi_action(uri, payload='', signature='', method='POST'):
+    # PEP476  2.7.9+ / 3.4.3+ cert check
+    new_context = ssl._create_unverified_context()
    try:
        if method == 'POST':
            req = urllib2.Request(uri)
            req.add_header('content-type', 'application/json')
            if signature:
                req.add_header('Authorization', 'A10 {0}'.format(signature))
-            response = urllib2.urlopen(req, json.dumps(payload))
+            response = urllib2.urlopen(req, json.dumps(payload), context=new_context)
        elif method == 'GET':
            req = urllib2.Request(uri)
            req.add_header('content-type', 'application/json')
            if signature:
                req.add_header('Authorization', 'A10 {0}'.format(signature))
-            response = urllib2.urlopen(req)
+            response = urllib2.urlopen(req, context=new_context)
        elif method == 'DELETE':
            req = urllib2.Request(uri)
            req.add_header('content-type', 'application/json')
            req.get_method = lambda: 'DELETE'
            if signature:
                req.add_header('Authorization', 'A10 {0}'.format(signature))
-            response = urllib2.urlopen(req)
+            response = urllib2.urlopen(req, context=new_context)
        return response.read()
    except Exception as e:
        raise 
--- a/src/a10_plugin/fastnetmon_a10_v0.3.py
+++ b/src/a10_plugin/fastnetmon_a10_v0.3.py
@ -34,7 +34,7 @@ logger.info(" - " . join(sys.argv))


 # A10 Mitigator Information
-mitigator_ip = "192.168.199.152"
+mitigator_ip = "192.168.199.150"
 zone_name = client_ip_as_string + "_zone"
 ip_addr = client_ip_as_string
 mitigator_base_url, signature = axapi_auth(mitigator_ip, "admin", "a10")