fabfile.py
# -*- coding: utf-8 -*
import re
from fabric.api import *
from fabric.operations import run, put
from fabric.colors import *
env.user = "nsroot"
disable_sslv3_dir = "/var/tmp/disable_sslv3/"
disable_nsip_commands_file = "disable_nsip.conf"
# commands
# S0: Precheck disable NSIP SSLv3
s0_show_internal_service_cmd = "show service -internal | grep 'SSL\|RPC'"
save_conf_cmd = "save conf"
def _set_list(path):
try:
hostfile = open(path, 'r')
hosts = [ line.strip() for line in hostfile.readlines() ]
return hosts
except Exception, e:
err_msg = str(e.messag)
print('error when reading hosts list: %s' % err_msg)
finally:
hostfile.close()
def log(msg):
logfile=open("./output.txt","a+")
logfile.write(msg + "\n")
logfile.close()
def cr(msg):
crfile=open("./cr.txt","a+")
crfile.write(msg + "\n")
crfile.close()
# S0: Precheck
@task
@hosts(_set_list('./list'))
def step_0_check_ssl_status():
with settings(warn_only=True):
log("----------------------------------------------------\n")
log("\n" + env.host + " SSL status:\n")
internal_service = run(s0_show_internal_service_cmd, shell=False)
internal_service_list = re.split('\t', internal_service)
del internal_service_list[0]
for i in internal_service_list:
service_name = re.split(' +', i)
show_cmd = "show ssl service " + service_name[0] + " | grep 'Internal\|TLS'"
log(run(show_cmd, shell=False))
# S1: Disable SSLv3
@task
@hosts(_set_list('./list'))
def step_1_run_disable_command():
with settings(warn_only=True):
log("----------------------------------------------------\n")
log("\n" + env.host + " Disable SSLv3:\n")
internal_service = run(s0_show_internal_service_cmd, shell=False)
internal_service_list = re.split('\t', internal_service)
del internal_service_list[0]
for i in internal_service_list:
service_name = re.split(' +', i)
disable_cmd = "set ssl service " + service_name[0] + " -ssl3 DISABLED"
log(disable_cmd)
run(disable_cmd, shell=False)
log(run(save_conf_cmd, shell=False))
# S2: Enable SSLv3
@task
@hosts(_set_list('./list'))
def step_2_run_enable_command():
with settings(warn_only=True):
log("----------------------------------------------------\n")
log("\n" + env.host + " Enable SSLv3:\n")
internal_service = run(s0_show_internal_service_cmd, shell=False)
internal_service_list = re.split('\t', internal_service)
del internal_service_list[0]
for i in internal_service_list:
service_name = re.split(' +', i)
enable_cmd = "set ssl service " + service_name[0] + " -ssl3 ENABLED"
log(enable_cmd)
run(enable_cmd, shell=False)
run(save_conf_cmd, shell=False)
# S3: Write Action Plan
@task
@hosts(_set_list('./list'))
def step_3_write_action_plan():
with settings(warn_only=True):
cr("\nAction plan\n")
cr("#on " + env.host)
internal_service = run(s0_show_internal_service_cmd, shell=False)
internal_service_list = re.split('\t', internal_service)
del internal_service_list[0]
for i in internal_service_list:
service_name = re.split(' +', i)
disable_cmd = "set ssl service " + service_name[0] + " -ssl3 DISABLED"
cr(disable_cmd)
cr(save_conf_cmd)
# S4: Write Rollback Plan
@task
@hosts(_set_list('./list'))
def step_4_write_rollback_plan():
with settings(warn_only=True):
cr("\nRollback plan\n")
cr("#on " + env.host)
internal_service = run(s0_show_internal_service_cmd, shell=False)
internal_service_list = re.split('\t', internal_service)
del internal_service_list[0]
for i in internal_service_list:
service_name = re.split(' +', i)
enable_cmd = "set ssl service " + service_name[0] + " -ssl3 ENABLED"
cr(enable_cmd)
cr(save_conf_cmd)
# S5: Write Verification Plan
@task
@hosts(_set_list('./list'))
def step_5_write_verification_plan():
with settings(warn_only=True):
cr("\nVerification plan\n")
cr("#on " + env.host)
internal_service = run(s0_show_internal_service_cmd, shell=False)
internal_service_list = re.split('\t', internal_service)
del internal_service_list[0]
for i in internal_service_list:
service_name = re.split(' +', i)
show_cmd = "show ssl service " + service_name[0] + " | grep 'Internal\|TLS'"
cr(show_cmd)