build01

m4h3 · Nov 23, 2016 · 298c934 · 298c934
1 parent 5f1dd1b
commit 298c934
Show file tree

Hide file tree

Showing 4 changed files with 49 additions and 43 deletions.
diff --git a/deploy/common.py b/deploy/common.py
@@ -19,16 +19,16 @@ def __new__(cls, prompt, default, required=False): # @ReservedAssignment
 
 # Main NGFW Prompts. Attribute name maps to YML heading
 NGFW = [{'name' : Field(prompt='Enter a name', default='awsfirewall', required=True)},
-        {'dns': Field(prompt='Enter DNS servers, comma seperated', default=None)},
+        {'dns': Field(prompt='Enter DNS servers, comma seperated (required for AV/GTI)', default=None)},
         {'location': Field(prompt='Enter location for NGFW', default=obtain_locations)},
         {'firewall_policy': Field(prompt='Enter firewall policy', default=obtain_fwpolicy)},
-        {'vpn': Field(prompt='Assign VPN policy', default='False')},
+        {'vpn': Field(prompt='Assign VPN policy (optional)', default='False')},
         {'default_nat': Field(prompt='Use default NAT', default='True')},
         {'antivirus': Field(prompt='Enable antivirus', default='False')},
         {'gti': Field(prompt='Enable GTI', default='False')}]
 
 # Optional VPN prompts if VPN is specified
-OPT_VPN = [{'vpn_policy': Field(prompt='Enter VPN policy (optional)', default=obtain_vpnpolicy)},
+OPT_VPN = [{'vpn_policy': Field(prompt='Enter VPN policy', default=obtain_vpnpolicy)},
            {'vpn_role': Field(prompt='VPN role (central|satellite)', default='central')}]
 
 # SMC credential info

diff --git a/deploy/ngfw.py b/deploy/ngfw.py
@@ -4,7 +4,7 @@
 import logging
 from smc.elements.helpers import location_helper
 from smc.vpn.policy import VPNPolicy
-from smc.elements.other import ContactAddress
+from smc.elements.other import prepare_contact_address
 from smc.core.engines import Layer3Firewall
 from smc.api.exceptions import TaskRunFailed, NodeCommandFailed, LicenseError,\
     LoadEngineFailed, ElementNotFound, LoadPolicyFailed, MissingRequiredInput
@@ -64,7 +64,7 @@ def __call__(self, interfaces, default_gateway):
                                                                     address, 
                                                                     network_value)
         logger.info('Created NGFW')
-        
+
         self.engine = engine.reload()
         #Enable VPN on external interface if policy provided
         if self.vpn_policy:
@@ -107,7 +107,8 @@ def add_contact_address(self, elastic_ip):
         """
         for interface in self.engine.interface.all():
             if interface.name == 'Interface 0':
-                contact_address = ContactAddress(elastic_ip, location='Default')
+                contact_address = prepare_contact_address(elastic_ip, 
+                                                          location='Default')
                 interface.add_contact_address(contact_address,
                                               self.engine.etag)
 
@@ -128,36 +129,6 @@ def initial_contact(self):
                 logger.error(msg)
                 self.has_errors.append(msg)
             return userdata
-
-    def monitor_status(self, step=10):
-        """
-        Monitor NGFW initialization. See :py:class:`smc.core.node.NodeStatus` for
-        more information on statuses or attributes to monitor/
-        
-        :param step: sleep interval
-        """
-        logger.info('Waiting for NGFW to fully initialize...')
-        desired_status = 'Online'
-        import time
-        try:
-            while True:
-                for node in self.engine.nodes:
-                    current = node.status()
-                    if current.status != desired_status:
-                        logger.info('Status: {}, Config status: {}, State: {}'
-                                    .format(current.status, 
-                                            current.configuration_status,
-                                            current.state))
-                    else:
-                        logger.info('Initialization complete. Installed policy: {}, '
-                                    'Version: {}, State: {}'
-                                    .format(current.installed_policy,
-                                            current.version,
-                                            current.state))
-                        return           
-                time.sleep(step)
-        except KeyboardInterrupt:
-            pass
 
     def rollback(self):
         """
@@ -182,6 +153,30 @@ def rollback(self):
             logger.error('Failed loading engine, rollback failed: %s', e)
         except ElementNotFound as e:
             logger.error('Failed finding VPN Policy: %s', e)
+
+def monitor_status(engine=None, status='No Policy Installed', 
+                   step=10):
+        """
+        Monitor NGFW initialization. See :py:class:`smc.core.node.NodeStatus` for
+        more information on statuses or attributes to monitor/
+        
+        :param step: sleep interval
+        """
+        desired_status = status
+        import time
+        try:
+            while True:
+                node = engine.nodes[0]
+                current = node.status()
+                if current.status != desired_status:
+                    yield 'NGFW status: {}, waiting..'.format(current.status)
+                else:
+                    break
+                time.sleep(step)
+            yield 'Initialization complete. Version: {}, State: {}'\
+                  .format(current.version, current.state)
+        except KeyboardInterrupt:
+            pass
 
 def obtain_vpnpolicy():
     """
@@ -208,6 +203,10 @@ def obtain_locations():
     return [location.name for location in describe_location()]
 
 def validate(ngfw):
+    """
+    Validate that settings provided are valid objects in SMC before anything
+    is kicked off to AWS
+    """
     if not ngfw.firewall_policy in obtain_fwpolicy():
         raise LoadPolicyFailed('Firewall policy not found, name provided: {}'
                                .format(ngfw.firewall_policy))

diff --git a/deploy/launcher.py → deploy/ngfw_launcher.py b/deploy/launcher.py → deploy/ngfw_launcher.py
@@ -3,6 +3,7 @@
 
 @author: davidlepage
 '''
+from deploy.ngfw import monitor_status
 '''
 Stonesoft NGFW configurator for AWS instance deployment with auto-engine creation.
 There are two example use cases that can be leveraged to generate NGFW automation into AWS:
@@ -165,7 +166,6 @@
     # Verify AMI is valid
     ec2.meta.client.describe_images(ImageIds=[awscfg.ngfw_ami])
 
-    sys.exit(1)
     '''
     Use Case 1: Create entire VPC and deploy NGFW
     ---------------------------------------------
@@ -204,19 +204,20 @@
         # Create the NGFW
         ngfw(interfaces, gateway)
         userdata = ngfw.initial_contact()
+        ngfw.add_contact_address(vpc.elastic_ip)
 
         instance = vpc.launch(key_pair=awscfg.aws_keypair, 
                               userdata=userdata, 
                               imageid=awscfg.ngfw_ami,
                               instance_type=awscfg.aws_instance_type)
 
-        ngfw.add_contact_address(vpc.elastic_ip)
+        #ngfw.add_contact_address(vpc.elastic_ip)
         ngfw.engine.rename('{} ({})'.format(instance.id, vpc.availability_zone))
-        ngfw.queue_policy()
+        #ngfw.queue_policy()
 
         for message in waiter(instance, 'running'):
             logger.info(message)
-
+        
         if awscfg.aws_client and awscfg.aws_client_ami:
             spin_up_host(awscfg.aws_keypair, vpc, awscfg.aws_instance_type, 
                          awscfg.aws_client_ami)
@@ -226,7 +227,13 @@
 
         logger.info('To connect to your AWS instance, execute the command: '
                     'ssh -i {}.pem aws@{}'.format(instance.key_name, vpc.elastic_ip))
-
+
+        logger.info('Waiting for NGFW to do initial contact...')
+        for msg in monitor_status(ngfw.engine, status='No Policy Installed'):
+            logger.info(msg)
+
+        ngfw.queue_policy()
+
         import time
         start_time = time.time()
 
@@ -237,8 +244,7 @@
         if ngfw.has_errors:
             print 'Errors were returned, manual intervention will be required: {}'\
             .format(ngfw.has_errors)
-        #else:
-        #    ngfw.monitor_status()
+
         print("--- %s seconds ---" % (time.time() - start_time))
 
     except (botocore.exceptions.ClientError, CreateEngineFailed) as e:

diff --git a/setup.py b/setup.py
@@ -12,6 +12,7 @@ def readme():
       author_email='dwlepage70@gmail.com',
       license='Apache 2.0',
       packages=['deploy'],
+      scripts=['ngfw-launcher'],
       install_requires=[
           'smc-python>=0.3.8',
           'boto3',