mirror/checktheroads-hyperglass-frr
1
0
Fork 0
mirror of https://github.com/checktheroads/hyperglass-frr.git synced 2024-05-11 05:55:16 +00:00
Code Releases Activity

full rewrite and structural change + readme

Browse Source
This commit is contained in:
checktheroads
2019-05-30 17:57:54 -07:00
parent ef1bd36994
commit 3d2ab8b799
13 changed files with 789 additions and 148 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+124
View File
@@ -0,0 +1,124 @@
# hyperglass-frr
hyperglass-frr is a restful API for the FRRouting stack, for use by [Hyperglass](https://github.com/checktheroads/hyperglass). hyperglass-frr ingests a HTTP POST with JSON data and constructs 1 of 5 shell commands to run based on the passed parameters. For example:
```json
{
"cmd": "ping",
"afi": "ipv4",
"source": "192.0.2.1",
"target": "1.1.1.1"
}
```
Would construct (by default) `ping -4 -c 5 -I 192.0.2.1 1.1.1.1`, execute the command, and return the output as a string. For BGP commands, FRRouting's `vtysh` is used to get the output. For example:
```json
{
"cmd": "bgp_route",
"afi": "ipv6",
"target": "2606:4700:4700::/48"
}
```
Would construct (by default) `vtysh -u -c "show bgp ipv6 unicast 2606:4700:4700::/48"`, execute the command, and return the output as a string.
## Installation
Currently, hyperglass-frr has only been tested on Ubuntu Server 18.04. A sample systemd service file is included to run hyperglass-frr as a service.
### Clone the repository
```console
$ cd /opt/
$ git clone https://github.com/checktheroads/hyperglass-frr
```
### Install requirements
```console
$ cd /opt/hyperglass-frr/
$ pip3 install -r requirements.txt
```
### Create service account
```console
# useradd hyperglass-frr
# usermod -a -G frrvty hyperglass-frr
```
### Install systemd service
```console
# cp /opt/hyperglass-frr/hyperglass-frr.service.example /etc/systemd/system/hyperglass-frr.service
# systemctl daemon-reload
# systemctl enable hyperglass-frr
```
### Generate API Key
```console
$ cd /opt/hyperglass-frr
$ python3 manage.py generatekey
Your API Key is: B3K1ckWUpwNyFU1F
Your Key Hash is: $pbkdf2-sha256$29000$9T5njNFaS6lVag1B6H2vFQ$mLEbQD5kOAgjfZZ1zEVlrke6wE8vBEHzK.zI.7MOAVo
```
Copy the API Key, in this example `B3K1ckWUpwNyFU1F` and add it to your configuration.toml:
```toml
[api]
# listen_addr = "*"
# port = 8080
key = "B3K1ckWUpwNyFU1F"
```
If needed, you can uncomment the `listen_addr` or `port` varibales if you need to define a specific listen address or TCP port for hyperglass-frr to run on. For exmaple:
```toml
[api]
listen_addr = "10.0.1.1"
port = 8001
key = "B3K1ckWUpwNyFU1F"
```
In Hyperglass, configure `devices.toml` to use the Key Hash (in this example `$pbkdf2-sha256$29000$9T5njNFaS6lVag1B6H2vFQ$mLEbQD5kOAgjfZZ1zEVlrke6wE8vBEHzK.zI.7MOAVo`) as your FRRouting device's password:
```toml
[router.'router1']
address = "10.0.0.1"
asn = "65000"
src_addr_ipv4 = "192.0.2.1"
src_addr_ipv6 = "2001:db8::1"
credential = "frr_api_router1"
location = "pop1"
name = "router1.pop1"
display_name = "POP 1"
port = "8080"
type = "frr"
proxy = ""
[credential.'frr_api_router1']
username = "frr"
password = "$pbkdf2-sha256$29000$9T5njNFaS6lVag1B6H2vFQ$mLEbQD5kOAgjfZZ1zEVlrke6wE8vBEHzK.zI.7MOAVo"
```
## Start hyperglass-frr
```console
# systemctl restart hyperglass-frr
# systemctl status hyperglass-frr
```
## Test
hyperglass-frr should now be active, and you can run a simple test to verify that it is working apart from your main hyperglass implementation:
```python
import json
import requests
query = '{"cmd": "bgp_route", "afi": "ipv4", "target": "1.1.1.0/24"}'
query_json = json.dumps(query)
headers = {'Content-Type': 'application/json', 'X-API-Key': '$pbkdf2-sha256$29000$m9M6R.j9HwMgJGRs7f0/Jw$5HERwfOIn3P0U/M9t5t04SmgRmTzk3435Lr0duqz07w'}
url = "http://192.168.15.130:8080/frr"
output = requests.post(url, headers=headers, data=query_json)
print(output.text)
```
__init__.py
View File
configuration.py.example
-10
View File
@@ -1,10 +0,0 @@
#!/usr/bin/env python3
# IP Address for FRRouting API to lisen on
api_listen_addr = "*"
# Port for FRRouting API to listen on
api_port = 8080
# Fill in API Key Hash from `manage.py generatekey`
api_key = ""
execute/__init__.py
-88
View File
@@ -1,88 +0,0 @@
#!/usr/bin/env python3
import subprocess
from logzero import logger
def frr_bgp_route(afi, target):
command = f"show bgp {afi} unicast {target}"
frr_output = subprocess.check_output(["vtysh", "-u", "-c", command])
return frr_output
def frr_bgp_dualstack(query):
cmd = query["cmd"]
target = query["target"]
if cmd == "bgp_community":
command4 = f"show bgp ipv4 unicast community {target}"
command6 = f"show bgp ipv6 unicast community {target}"
frr_output = subprocess.check_output(
["vtysh", "-u", "-c", command4, "-c", command6]
)
return frr_output
elif cmd == "bgp_aspath":
command4 = f"show bgp ipv4 unicast regexp {target}"
command6 = f"show bgp ipv6 unicast regexp {target}"
frr_output = subprocess.check_output(
["vtysh", "-u", "-c", command4, "-c", command6]
)
return frr_output
def linux_ping(query):
afi = query["afi"]
source = query["source"]
target = query["target"]
if afi == "ipv4":
output = subprocess.check_output(
["ping", "-4", "-c", "5", "-I", source, target]
)
return output
elif afi == "ipv6":
output = subprocess.check_output(
["ping", "-6", "-c", "5", "-I", source, target]
)
return output
def linux_traceroute(query):
afi = query["afi"]
source = query["source"]
target = query["target"]
if afi == "ipv4":
output = subprocess.check_output(
["traceroute", "-4", "-w", "1", "-q", "1", "-s", source, target]
)
return output
elif afi == "ipv6":
output = subprocess.check_output(
["traceroute", "-6", "-w", "1", "-q", "1", "-s", source, target]
)
return output
def execute(query):
query_type = type(query)
cmd = query["cmd"]
if cmd in ["bgp_route"]:
try:
return frr_bgp_route(query["afi"], query["target"]), 200
except:
raise
return f"Error running FRRouting command: {query}", 501
elif cmd in ["bgp_community", "bgp_aspath"]:
try:
return frr_bgp_dualstack(query), 200
except:
raise
return f"Error running FRRouting command: {query}", 501
elif cmd in ["ping"]:
try:
return linux_ping(query), 200
except:
return f"Error: {query}", 501
elif cmd in ["traceroute"]:
try:
return linux_traceroute(query), 200
except:
return f"Error: {query}", 501
hyperglass-frr.service.example
+3 -3
View File
@@ -3,10 +3,10 @@ Description=Hyperglass FRR API
After=network.target
[Service]
User=hyperglass-frr-api
Group=hyperglass-frr-api
User=hyperglass-frr
Group=hyperglass-frr
WorkingDirectory=/opt/hyperglass-frr
ExecStart=/usr/bin/env python3 /opt/hyperglass-frr/hyperglass_frr.py
ExecStart=/usr/bin/python3 /opt/hyperglass-frr/hyperglass_frr.py
[Install]
WantedBy=multi-user.target
hyperglass_frr.py
-40
View File
@@ -1,40 +0,0 @@
#!/usr/bin/env python3
import json
from waitress import serve
from logzero import logger
from passlib.hash import pbkdf2_sha256
from flask import Flask, request, Response, jsonify, flash
import configuration
import execute
app = Flask(__name__)
api_listen_addr = getattr(configuration, "api_listen_addr", "*")
api_port = getattr(configuration, "api_port", 8080)
api_key = getattr(configuration, "api_key")
@app.route("/frr", methods=["POST"])
def frr():
headers = request.headers
api_key_hash = headers.get("X-Api-Key")
if pbkdf2_sha256.verify(api_key, api_key_hash) is True:
try:
logger.debug(f"Validation of API key passed. Hash: {api_key_hash}")
query_json = request.get_json()
query = json.loads(query_json)
frr_response = execute.execute(query)
frr_output = frr_response[0]
frr_status = frr_response[1]
return Response(frr_output, frr_status)
except:
raise
else:
logger.error(f"Validation of API key failed. Hash: {api_key_hash}")
return jsonify({"message": "Error: Unauthorized"}), 401
if __name__ == "__main__":
serve(app, host=api_listen_addr, port=api_port)
hyperglass_frr/.pylintrc
+570
View File
@@ -0,0 +1,570 @@
[MASTER]
# A comma-separated list of package or module names from where C extensions may
# be loaded. Extensions are loading into the active Python interpreter and may
# run arbitrary code.
extension-pkg-whitelist=
# Add files or directories to the blacklist. They should be base names, not
# paths.
ignore=CVS
# Add files or directories matching the regex patterns to the blacklist. The
# regex matches against base names, not paths.
ignore-patterns=
# Python code to execute, usually for sys.path manipulation such as
# pygtk.require().
#init-hook=
# Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
# number of processors available to use.
jobs=1
# Control the amount of potential inferred values when inferring a single
# object. This can help the performance when dealing with large functions or
# complex, nested conditions.
limit-inference-results=100
# List of plugins (as comma separated values of python modules names) to load,
# usually to register additional checkers.
load-plugins=
# Pickle collected data for later comparisons.
persistent=yes
# Specify a configuration file.
#rcfile=
# When enabled, pylint would attempt to guess common misconfiguration and emit
# user-friendly hints instead of false-positive error messages.
suggestion-mode=yes
# Allow loading of arbitrary C extensions. Extensions are imported into the
# active Python interpreter and may run arbitrary code.
unsafe-load-any-extension=no
[MESSAGES CONTROL]
# Only show warnings with the listed confidence levels. Leave empty to show
# all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
confidence=
# Disable the message, report, category or checker with the given id(s). You
# can either give multiple identifiers separated by comma (,) or put this
# option multiple times (only on the command line, not in the configuration
# file where it should appear only once). You can also use "--disable=all" to
# disable everything first and then reenable specific checks. For example, if
# you want to run only the similarities checker, you can use "--disable=all
# --enable=similarities". If you want to run only the classes checker, but have
# no Warning level messages displayed, use "--disable=all --enable=classes
# --disable=W".
disable=print-statement,
parameter-unpacking,
unpacking-in-except,
old-raise-syntax,
backtick,
long-suffix,
old-ne-operator,
old-octal-literal,
import-star-module-level,
non-ascii-bytes-literal,
raw-checker-failed,
bad-inline-option,
locally-disabled,
file-ignored,
suppressed-message,
useless-suppression,
deprecated-pragma,
use-symbolic-message-instead,
apply-builtin,
basestring-builtin,
buffer-builtin,
cmp-builtin,
coerce-builtin,
execfile-builtin,
file-builtin,
long-builtin,
raw_input-builtin,
reduce-builtin,
standarderror-builtin,
unicode-builtin,
xrange-builtin,
coerce-method,
delslice-method,
getslice-method,
setslice-method,
no-absolute-import,
old-division,
dict-iter-method,
dict-view-method,
next-method-called,
metaclass-assignment,
indexing-exception,
raising-string,
reload-builtin,
oct-method,
hex-method,
nonzero-method,
cmp-method,
input-builtin,
round-builtin,
intern-builtin,
unichr-builtin,
map-builtin-not-iterating,
zip-builtin-not-iterating,
range-builtin-not-iterating,
filter-builtin-not-iterating,
using-cmp-argument,
eq-without-hash,
div-method,
idiv-method,
rdiv-method,
exception-message-attribute,
invalid-str-codec,
sys-max-int,
bad-python3-import,
deprecated-string-function,
deprecated-str-translate-call,
deprecated-itertools-function,
deprecated-types-field,
next-method-defined,
dict-items-not-iterating,
dict-keys-not-iterating,
dict-values-not-iterating,
deprecated-operator-function,
deprecated-urllib-function,
xreadlines-attribute,
deprecated-sys-function,
exception-escape,
comprehension-escape
# Enable the message, report, category or checker with the given id(s). You can
# either give multiple identifier separated by comma (,) or put this option
# multiple time (only on the command line, not in the configuration file where
# it should appear only once). See also the "--disable" option for examples.
enable=c-extension-no-member
[REPORTS]
# Python expression which should return a note less than 10 (10 is the highest
# note). You have access to the variables errors warning, statement which
# respectively contain the number of errors / warnings messages and the total
# number of statements analyzed. This is used by the global evaluation report
# (RP0004).
evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
# Template used to display messages. This is a python new-style format string
# used to format the message information. See doc for all details.
#msg-template=
# Set the output format. Available formats are text, parseable, colorized, json
# and msvs (visual studio). You can also give a reporter class, e.g.
# mypackage.mymodule.MyReporterClass.
output-format=text
# Tells whether to display a full report or only the messages.
reports=no
# Activate the evaluation score.
score=yes
[REFACTORING]
# Maximum number of nested blocks for function / method body
max-nested-blocks=5
# Complete name of functions that never returns. When checking for
# inconsistent-return-statements if a never returning function is called then
# it will be considered as an explicit return statement and no message will be
# printed.
never-returning-functions=sys.exit
[LOGGING]
# Format style used to check logging format string. `old` means using %
# formatting, while `new` is for `{}` formatting.
logging-format-style=new
# Logging modules to check that the string format arguments are in logging
# function parameter format.
logging-modules=logging
[SPELLING]
# Limits count of emitted suggestions for spelling mistakes.
max-spelling-suggestions=4
# Spelling dictionary name. Available dictionaries: none. To make it working
# install python-enchant package..
spelling-dict=
# List of comma separated words that should not be checked.
spelling-ignore-words=
# A path to a file that contains private dictionary; one word per line.
spelling-private-dict-file=
# Tells whether to store unknown words to indicated private dictionary in
# --spelling-private-dict-file option instead of raising a message.
spelling-store-unknown-words=no
[MISCELLANEOUS]
# List of note tags to take in consideration, separated by a comma.
notes=FIXME,
XXX,
TODO
[TYPECHECK]
# List of decorators that produce context managers, such as
# contextlib.contextmanager. Add to this list to register other decorators that
# produce valid context managers.
contextmanager-decorators=contextlib.contextmanager
# List of members which are set dynamically and missed by pylint inference
# system, and so shouldn't trigger E1101 when accessed. Python regular
# expressions are accepted.
generated-members=
# Tells whether missing members accessed in mixin class should be ignored. A
# mixin class is detected if its name ends with "mixin" (case insensitive).
ignore-mixin-members=yes
# Tells whether to warn about missing members when the owner of the attribute
# is inferred to be None.
ignore-none=yes
# This flag controls whether pylint should warn about no-member and similar
# checks whenever an opaque object is returned when inferring. The inference
# can return multiple potential results while evaluating a Python object, but
# some branches might not be evaluated, which results in partial inference. In
# that case, it might be useful to still emit no-member and other checks for
# the rest of the inferred objects.
ignore-on-opaque-inference=yes
# List of class names for which member attributes should not be checked (useful
# for classes with dynamically set attributes). This supports the use of
# qualified names.
ignored-classes=optparse.Values,thread._local,_thread._local
# List of module names for which member attributes should not be checked
# (useful for modules/projects where namespaces are manipulated during runtime
# and thus existing member attributes cannot be deduced by static analysis. It
# supports qualified module names, as well as Unix pattern matching.
ignored-modules=
# Show a hint with possible names when a member name was not found. The aspect
# of finding the hint is based on edit distance.
missing-member-hint=yes
# The minimum edit distance a name should have in order to be considered a
# similar match for a missing member name.
missing-member-hint-distance=1
# The total number of similar names that should be taken in consideration when
# showing a hint for a missing member.
missing-member-max-choices=1
[VARIABLES]
# List of additional names supposed to be defined in builtins. Remember that
# you should avoid defining new builtins when possible.
additional-builtins=
# Tells whether unused global variables should be treated as a violation.
allow-global-unused-variables=yes
# List of strings which can identify a callback function by name. A callback
# name must start or end with one of those strings.
callbacks=cb_,
_cb
# A regular expression matching the name of dummy variables (i.e. expected to
# not be used).
dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
# Argument names that match this expression will be ignored. Default to name
# with leading underscore.
ignored-argument-names=_.*|^ignored_|^unused_
# Tells whether we should check for unused import in __init__ files.
init-import=no
# List of qualified module names which can have objects that can redefine
# builtins.
redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
[FORMAT]
# Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
expected-line-ending-format=
# Regexp for a line that is allowed to be longer than the limit.
ignore-long-lines=^\s*(# )?<?https?://\S+>?$
# Number of spaces of indent required inside a hanging or continued line.
indent-after-paren=4
# String used as indentation unit. This is usually " " (4 spaces) or "\t" (1
# tab).
indent-string=' '
# Maximum number of characters on a single line.
max-line-length=100
# Maximum number of lines in a module.
max-module-lines=1000
# List of optional constructs for which whitespace checking is disabled. `dict-
# separator` is used to allow tabulation in dicts, etc.: {1 : 1,\n222: 2}.
# `trailing-comma` allows a space between comma and closing bracket: (a, ).
# `empty-line` allows space-only lines.
no-space-check=trailing-comma,
dict-separator
# Allow the body of a class to be on the same line as the declaration if body
# contains single statement.
single-line-class-stmt=no
# Allow the body of an if to be on the same line as the test if there is no
# else.
single-line-if-stmt=no
[SIMILARITIES]
# Ignore comments when computing similarities.
ignore-comments=yes
# Ignore docstrings when computing similarities.
ignore-docstrings=yes
# Ignore imports when computing similarities.
ignore-imports=no
# Minimum lines number of a similarity.
min-similarity-lines=4
[BASIC]
# Naming style matching correct argument names.
argument-naming-style=any
# Regular expression matching correct argument names. Overrides argument-
# naming-style.
#argument-rgx=
# Naming style matching correct attribute names.
attr-naming-style=any
# Regular expression matching correct attribute names. Overrides attr-naming-
# style.
#attr-rgx=
# Bad variable names which should always be refused, separated by a comma.
bad-names=foo,
bar,
baz,
toto,
tutu,
tata
# Naming style matching correct class attribute names.
class-attribute-naming-style=any
# Regular expression matching correct class attribute names. Overrides class-
# attribute-naming-style.
#class-attribute-rgx=
# Naming style matching correct class names.
class-naming-style=any
# Regular expression matching correct class names. Overrides class-naming-
# style.
#class-rgx=
# Naming style matching correct constant names.
const-naming-style=any
# Regular expression matching correct constant names. Overrides const-naming-
# style.
#const-rgx=
# Minimum line length for functions/classes that require docstrings, shorter
# ones are exempt.
docstring-min-length=-1
# Naming style matching correct function names.
function-naming-style=any
# Regular expression matching correct function names. Overrides function-
# naming-style.
#function-rgx=
# Good variable names which should always be accepted, separated by a comma.
good-names=i,
j,
k,
ex,
Run,
_
# Include a hint for the correct naming format with invalid-name.
include-naming-hint=no
# Naming style matching correct inline iteration names.
inlinevar-naming-style=any
# Regular expression matching correct inline iteration names. Overrides
# inlinevar-naming-style.
#inlinevar-rgx=
# Naming style matching correct method names.
method-naming-style=any
# Regular expression matching correct method names. Overrides method-naming-
# style.
#method-rgx=
# Naming style matching correct module names.
module-naming-style=any
# Regular expression matching correct module names. Overrides module-naming-
# style.
#module-rgx=
# Colon-delimited sets of names that determine each other's naming style when
# the name regexes allow several styles.
name-group=
# Regular expression which should only match function or class names that do
# not require a docstring.
no-docstring-rgx=^_
# List of decorators that produce properties, such as abc.abstractproperty. Add
# to this list to register other decorators that produce valid properties.
# These decorators are taken in consideration only for invalid-name.
property-classes=abc.abstractproperty
# Naming style matching correct variable names.
variable-naming-style=any
# Regular expression matching correct variable names. Overrides variable-
# naming-style.
#variable-rgx=
[STRING]
# This flag controls whether the implicit-str-concat-in-sequence should
# generate a warning on implicit string concatenation in sequences defined over
# several lines.
check-str-concat-over-line-jumps=no
[IMPORTS]
# Allow wildcard imports from modules that define __all__.
allow-wildcard-with-all=no
# Analyse import fallback blocks. This can be used to support both Python 2 and
# 3 compatible code, which means that the block might have code that exists
# only in one or another interpreter, leading to false positives when analysed.
analyse-fallback-blocks=no
# Deprecated modules which should not be used, separated by a comma.
deprecated-modules=optparse,tkinter.tix
# Create a graph of external dependencies in the given file (report RP0402 must
# not be disabled).
ext-import-graph=
# Create a graph of every (i.e. internal and external) dependencies in the
# given file (report RP0402 must not be disabled).
import-graph=
# Create a graph of internal dependencies in the given file (report RP0402 must
# not be disabled).
int-import-graph=
# Force import order to recognize a module as part of the standard
# compatibility libraries.
known-standard-library=
# Force import order to recognize a module as part of a third party library.
known-third-party=enchant
[CLASSES]
# List of method names used to declare (i.e. assign) instance attributes.
defining-attr-methods=__init__,
__new__,
setUp
# List of member names, which should be excluded from the protected access
# warning.
exclude-protected=_asdict,
_fields,
_replace,
_source,
_make
# List of valid names for the first argument in a class method.
valid-classmethod-first-arg=cls
# List of valid names for the first argument in a metaclass class method.
valid-metaclass-classmethod-first-arg=cls
[DESIGN]
# Maximum number of arguments for function / method.
max-args=5
# Maximum number of attributes for a class (see R0902).
max-attributes=7
# Maximum number of boolean expressions in an if statement.
max-bool-expr=5
# Maximum number of branch for function / method body.
max-branches=12
# Maximum number of locals for function / method body.
max-locals=15
# Maximum number of parents for a class (see R0901).
max-parents=7
# Maximum number of public methods for a class (see R0904).
max-public-methods=20
# Maximum number of return / yield for function / method body.
max-returns=6
# Maximum number of statements in function / method body.
max-statements=50
# Minimum number of public methods for a class (see R0903).
min-public-methods=2
[EXCEPTIONS]
# Exceptions that will emit a warning when being caught. Defaults to
# "BaseException, Exception".
overgeneral-exceptions=BaseException,
Exception
hyperglass_frr/__init__.py
+4
View File
@@ -0,0 +1,4 @@
"""hyperglass_frr is an FRRouting API designed for use with the Hyperglass looking glass"""
from hyperglass_frr import execute
from hyperglass_frr import configuration
hyperglass_frr/configuration.toml
+18
View File
@@ -0,0 +1,18 @@
[api]
# listen_addr = "*"
# port = 8080
key = "1234"
[commands.ipv4]
bgp_route = "show bgp ipv4 unicast {target}"
bgp_community = "show bgp ipv4 unicast community {target}"
bgp_aspath = "show bgp ipv4 unicast regexp {target}"
ping = "ping -4 -c 5 -I {source} {target}"
traceroute = "traceroute -4 -w 1 -q 1 -s {source} {target}"
[commands.ipv6]
bgp_route = "show bgp ipv6 unicast {target}"
bgp_community = "show bgp ipv6 unicast community {target}"
bgp_aspath = "show bgp ipv6 unicast regexp {target}"
ping = "ping -6 -c 5 -I {source} {target}"
traceroute = "traceroute -6 -w 1 -q 1 -s {source} {target}"
hyperglass_frr/execute.py
+26
View File
@@ -0,0 +1,26 @@
"""
Execute the constructed command
"""
# Module Imports
import subprocess
from logzero import logger
# Project Imports
from hyperglass_frr import configuration
def execute(query):
"""Gets constructed command string and runs the command via subprocess"""
cmd = query.get("cmd")
try:
c = configuration.command(query)
if cmd in ["bgp_route", "bgp_community", "bgp_aspath"]:
output = subprocess.check_output(c.vtysh())
return (output, 200)
if cmd in ["ping", "traceroute"]:
output = subprocess.check_output(c.is_split())
return (output, 200)
except subprocess.CalledProcessError as e:
msg = "Error running query for %s. Error: %s" % (query, e)
logger.error(msg)
return (msg, 501)
hyperglass_frr/hyperglass_frr.py
Executable
+39
View File
@@ -0,0 +1,39 @@
"""API Controller"""
# Module Imports
import json
from waitress import serve
from logzero import logger
from passlib.hash import pbkdf2_sha256
from flask import Flask, request, Response, jsonify
# Project Imports
from hyperglass_frr import execute
from hyperglass_frr import configuration
app = Flask(__name__)
api = configuration.api()
@app.route("/frr", methods=["POST"])
def frr():
"""
Main Flask route ingests JSON parameters and API key hash from hyperglass and passes it to
execute module for execution
"""
headers = request.headers
api_key_hash = headers.get("X-Api-Key")
# Verify API key hash against plain text value in configuration.py
if pbkdf2_sha256.verify(api["key"], api_key_hash) is True:
query_json = request.get_json()
query = json.loads(query_json)
frr_response = execute.execute(query)
return Response(frr_response[0], frr_response[1])
msg = "Validation of API key failed. Hash: %s" % api_key_hash
logger.error(msg)
return jsonify({"message": "Error: Unauthorized"}), 401
# Simple Waitress WSGI implementation
if __name__ == "__main__":
serve(app, host=api["listen_addr"], port=api["port"])
manage.py
+2 -5
View File
@@ -1,14 +1,11 @@
#!/usr/bin/env python3
import os
import sys
import click
import random
import string
from logzero import logger
from passlib.hash import pbkdf2_sha256
import hyperglass_frr
from hyperglass_frr import hyperglass_frr
@click.group()
@@ -19,7 +16,7 @@ def main():
@main.command()
def testserver():
try:
hyperglass_frr.app.run(host="0.0.0.0", debug=True, port=80)
hyperglass_frr.app.run(host="0.0.0.0", debug=True, port=8080)
logger.error("Started test server.")
except:
logger.error("Failed to start test server.")
requirements.txt
+3 -2
View File
@@ -1,5 +1,6 @@
toml
click
logzero
flask
waitress
logzero
passlib
waitress