durd / cp-pxgrid Goto Github PK

View Code? Open in Web Editor NEW

3.0 3.0 1.0 163 KB

Using Cisco pxGrid v2.0 to send identities to CheckPoint firewalls using Identity Awareness API

License: Apache License 2.0

Python 100.00%

cp-pxgrid's People

Contributors

Stargazers

Watchers

Forkers

emmanuellk

cp-pxgrid's Issues

systemd service

create systemd service:

restarts on non-zero exit
starts on boot

also create service that runs once and bulk-downloads pxgrid and sends to fw, or just use cron.

Include user auths

To enlarge the use-case, include user-authentications aswell.

Documentation

Write how to install cp-pxgrid, with systemd services/timers
Better documentation on creating certificates for pxgrid on ISE
Maybe less is more

error-handle failovers on subscription service

The pxgrid-primary was being rebooted and the pxgrid-service was being shutdown. I thought failover would have been kinda seamless except for the time it takes for pxgrid to failover to the new primary.

May  8 08:53:06 host python3[3664]: Traceback (most recent call last):
May  8 08:53:06 host python3[3664]:   File "/usr/local/cp-pxgrid/session_subscribe.cp.py", line 218, in <module>
May  8 08:53:06 host python3[3664]:     loop.run_until_complete(subscribe_task)
May  8 08:53:06 host python3[3664]:   File "/usr/lib/python3.7/asyncio/base_events.py", line 584, in run_until_complete
May  8 08:53:06 host python3[3664]:     return future.result()
May  8 08:53:06 host python3[3664]:   File "/usr/local/cp-pxgrid/session_subscribe.cp.py", line 71, in subscribe_loop
May  8 08:53:06 host python3[3664]:     message = json.loads(future.result())
May  8 08:53:06 host python3[3664]: asyncio.base_futures.InvalidStateError: Result is not set.
May  8 08:53:06 host systemd[1]: cp-pxgrid.service: Main process exited, code=exited, status=1/FAILURE
May  8 08:53:06 host systemd[1]: cp-pxgrid.service: Failed with result 'exit-code'.
May  8 08:53:16 host systemd[1]: Starting pxGrid <-> Checkpoint service that downloads last X hours of DB-changes...
May  8 08:53:16 host systemd[1]: cp-pxgrid.service: Service RestartSec=10s expired, scheduling restart.
May  8 08:53:16 host systemd[1]: cp-pxgrid.service: Scheduled restart job, restart counter is at 1.
May  8 08:53:16 host systemd[1]: Stopped tuned pxGrid <-> Checkpoint service.
May  8 08:53:16 host systemd[1]: Started tuned pxGrid <-> Checkpoint service.
May  8 08:53:22 host systemd[1]: cp-pxgrid-bulkdl.service: Succeeded.
May  8 08:53:22 host systemd[1]: Started pxGrid <-> Checkpoint service that downloads last X hours of DB-changes.

error-handle 404s etc from fw

No error-handling today which causes tracebacks in the logs. Should be handled in the functions cpia_add() and cpia_del().

Example exists in aiohttp documentation.

error-handle tracebacks from main function

when bulkdl cant access an ISE node it crashes with a traceback that is logged to /var/log/syslog. This was just before a patch upgrade. ISE primary had failed a backup, the backup had been reset. Not sure by button or by reboot of node.

Perhaps place the traceback in our syslog? At least try to figure out why it would have crashed. We hadn't started upgrading yet.

May  8 08:05:00 host systemd[1]: Starting pxGrid <-> Checkpoint service that downloads last X hours of DB-changes...
May  8 08:05:01 host CRON[36198]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
May  8 08:05:32 host python3[36196]: Traceback (most recent call last):
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/urllib/request.py", line 1317, in do_open
May  8 08:05:32 host python3[36196]:     encode_chunked=req.has_header('Transfer-encoding'))
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/http/client.py", line 1244, in request
May  8 08:05:32 host python3[36196]:     self._send_request(method, url, body, headers, encode_chunked)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/http/client.py", line 1290, in _send_request
May  8 08:05:32 host python3[36196]:     self.endheaders(body, encode_chunked=encode_chunked)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/http/client.py", line 1239, in endheaders
May  8 08:05:32 host python3[36196]:     self._send_output(message_body, encode_chunked=encode_chunked)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/http/client.py", line 1026, in _send_output
May  8 08:05:32 host python3[36196]:     self.send(msg)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/http/client.py", line 966, in send
May  8 08:05:32 host python3[36196]:     self.connect()
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/http/client.py", line 1399, in connect
May  8 08:05:32 host python3[36196]:     super().connect()
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/http/client.py", line 938, in connect
May  8 08:05:32 host python3[36196]:     (self.host,self.port), self.timeout, self.source_address)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/socket.py", line 727, in create_connection
May  8 08:05:32 host python3[36196]:     raise err
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/socket.py", line 716, in create_connection
May  8 08:05:32 host python3[36196]:     sock.connect(sa)
May  8 08:05:32 host python3[36196]: OSError: [Errno 101] Network is unreachable
May  8 08:05:32 host python3[36196]: During handling of the above exception, another exception occurred:
May  8 08:05:32 host python3[36196]: Traceback (most recent call last):
May  8 08:05:32 host python3[36196]:   File "/usr/local/cp-pxgrid/session_query_all.cp.py", line 175, in <module>
May  8 08:05:32 host python3[36196]:     while pxgrid.account_activate()['accountState'] != 'ENABLED':
May  8 08:05:32 host python3[36196]:   File "/usr/local/cp-pxgrid/pxgrid.py", line 38, in account_activate
May  8 08:05:32 host python3[36196]:     return self.send_rest_request('AccountActivate', payload)
May  8 08:05:32 host python3[36196]:   File "/usr/local/cp-pxgrid/pxgrid.py", line 29, in send_rest_request
May  8 08:05:32 host python3[36196]:     rest_response = opener.open(rest_request)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/urllib/request.py", line 525, in open
May  8 08:05:32 host python3[36196]:     response = self._open(req, data)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/urllib/request.py", line 543, in _open
May  8 08:05:32 host python3[36196]:     '_open', req)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/urllib/request.py", line 503, in _call_chain
May  8 08:05:32 host python3[36196]:     result = func(*args)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/urllib/request.py", line 1360, in https_open
May  8 08:05:32 host python3[36196]:     context=self._context, check_hostname=self._check_hostname)
May  8 08:05:32 host python3[36196]:   File "/usr/lib/python3.7/urllib/request.py", line 1319, in do_open
May  8 08:05:32 host python3[36196]:     raise URLError(err)
May  8 08:05:32 host python3[36196]: urllib.error.URLError: <urlopen error [Errno 101] Network is unreachable>
May  8 08:05:32 host systemd[1]: cp-pxgrid-bulkdl.service: Main process exited, code=exited, status=1/FAILURE
May  8 08:05:32 host systemd[1]: cp-pxgrid-bulkdl.service: Failed with result 'exit-code'.
May  8 08:05:32 host systemd[1]: Failed to start pxGrid <-> Checkpoint service that downloads last X hours of DB-changes.

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.