Merge pull request #468 from cglewis/master

closes #467; stubs for #465

Author: cglewis

README.md

@@ -77,16 +77,20 @@ export controller_pass=pass
 BCF is now configured and ready for use with Poseidon, continue on to the [Starting Poseidon using Vent](#starting-poseidon-using-vent) section.
 
 #### FAUCET Configuration
-Poseidon will connect to FAUCET using SSH, so you'll need to create an account that can SSH to the machine running FAUCET and that has rights to modify the configuration file `faucet.yaml` (currently Poseidon expects it to be in the default `/etc/ryu/faucet/faucet.yaml` location and `dps` must all be defined in this file for Poseidon to update the network posture correctly).  The easiest way to set these values so that Poseidon can use them is in environment variables like so (assuming the controller is running at `192.168.1.10`):
+Unless Poseidon and FAUCET are running on the same host, Poseidon will connect to FAUCET using SSH.  So you'll need to create an account that can SSH to the machine running FAUCET and that has rights to modify the configuration file `faucet.yaml` (currently Poseidon expects it to be in the default `/etc/ryu/faucet/faucet.yaml` location and `dps` must all be defined in this file for Poseidon to update the network posture correctly).  The easiest way to set these values so that Poseidon can use them is in environment variables like so (assuming the controller is running at `192.168.1.10`):
 
 ```
 export controller_type=faucet
 export controller_uri=192.168.1.10
 export controller_user=user
 export controller_pass=pass
+export controller_log_file=/var/log/ryu/faucet/faucet.log
+export controller_config_file=/etc/ryu/faucet/faucet.yaml
 export controller_mirror_ports='{"switch1":3}'  # a python dictionary of switch names (from faucet.yaml) and switch port numbers for mirroring to
 ```
 
+If Poseidon and FAUCET are running on the same host, only the `controller_type` and `controller_mirror_ports` need to be set.
+
 FAUCET is now configured and ready for use with Poseidon, continue on to the [Starting Poseidon using Vent](#starting-poseidon-using-vent) section.
 
 #### Starting Poseidon using Vent

helpers/run

@@ -9,6 +9,8 @@ docker run -it \
            -e controller_user=$controller_user \
            -e controller_pass=$controller_pass \
            -e controller_type=$controller_type \
+           -e controller_log_file=$controller_log_file \
+           -e controller_config_file=$controller_config_file \
            -e collector_nic=$collector_nic \
            -e controller_mirror_ports=$controller_mirror_ports \
            -e max_concurrent_reinvestigations=$max_concurrent_reinvestigations \

poseidon/poseidonMonitor/NorthBoundControllerAbstraction/UpdateSwitchState.py

@@ -44,11 +44,19 @@ def __init__(self):
         self.retval = {}
         self.times = 0
         self.owner = None
+
+        # settings for all controllers
         self.controller = {}
         self.controller['URI'] = None
         self.controller['USER'] = None
         self.controller['PASS'] = None
         self.controller['TYPE'] = None
+
+        # settings for FAUCET
+        self.controller['CONFIG_FILE'] = None
+        self.controller['LOG_FILE'] = None
+        self.controller['MIRROR_PORTS'] = None
+
         self.sdnc = None
         self.first_time = True
         self.endpoints = Endpoint_Wrapper()
@@ -82,19 +90,24 @@ def first_run(self):
                             self.controller['URI']))
             elif self.controller['TYPE'] == 'faucet':
                 try:
-                    self.controller['URI'] = str(
-                        self.mod_configuration['controller_uri'])
-                    # TODO set defaults if these are not set
-                    self.controller['USER'] = str(
-                        self.mod_configuration['controller_user'])
-                    self.controller['PASS'] = str(
-                        self.mod_configuration['controller_pass'])
-                    self.controller['CONFIG_FILE'] = str(
-                        self.mod_configuration['controller_config_file'])
-                    self.controller['LOG_FILE'] = str(
-                        self.mod_configuration['controller_log_file'])
-                    self.controller['MIRROR_PORTS'] = ast.literal_eval(
-                        self.mod_configuration['controller_mirror_ports'])
+                    if 'controller_uri' in self.mod_configuration:
+                        self.controller['URI'] = str(
+                            self.mod_configuration['controller_uri'])
+                    if 'controller_user' in self.mod_configuration:
+                        self.controller['USER'] = str(
+                            self.mod_configuration['controller_user'])
+                    if 'controller_pass' in self.mod_configuration:
+                        self.controller['PASS'] = str(
+                            self.mod_configuration['controller_pass'])
+                    if 'controller_config_file' in self.mod_configuration:
+                        self.controller['CONFIG_FILE'] = str(
+                            self.mod_configuration['controller_config_file'])
+                    if 'controller_log_file' in self.mod_configuration:
+                        self.controller['LOG_FILE'] = str(
+                            self.mod_configuration['controller_log_file'])
+                    if 'controller_mirror_ports' in self.mod_configuration:
+                        self.controller['MIRROR_PORTS'] = ast.literal_eval(
+                            self.mod_configuration['controller_mirror_ports'])
                     self.sdnc = FaucetProxy(host=self.controller['URI'],
                                             user=self.controller['USER'],
                                             pw=self.controller['PASS'],

poseidon/poseidonMonitor/NorthBoundControllerAbstraction/proxy/faucet/connection.py

@@ -31,7 +31,7 @@
 class Connection:
 
     def __init__(self,
-                 host,
+                 host=None,
                  user=None,
                  pw=None,
                  config_file=None,
@@ -45,23 +45,24 @@ def __init__(self,
         self.config_file = config_file
         self.log_file = log_file
         self.ssh = None
-        # ensure directories exist
-        self.config_dir = '/etc/ryu/faucet'
-        self.log_dir = '/var/log/ryu/faucet'
-        try:
-            if not os.path.exists(self.config_dir):
-                os.makedirs(self.config_dir)
-        except PermissionError:
-            self.config_dir = os.path.join(os.getcwd(), 'faucet')
-            if not os.path.exists(self.config_dir):
-                os.makedirs(self.config_dir)
-        try:
-            if not os.path.exists(self.log_dir):
-                os.makedirs(self.log_dir)
-        except PermissionError:
-            self.log_dir = os.path.join(os.getcwd(), 'faucet')
-            if not os.path.exists(self.log_dir):
-                os.makedirs(self.log_dir)
+        if self.host:
+            # ensure directories exist
+            self.config_dir = '/etc/ryu/faucet'
+            self.log_dir = '/var/log/ryu/faucet'
+            try:
+                if not os.path.exists(self.config_dir):
+                    os.makedirs(self.config_dir)
+            except PermissionError:
+                self.config_dir = os.path.join(os.getcwd(), 'faucet')
+                if not os.path.exists(self.config_dir):
+                    os.makedirs(self.config_dir)
+            try:
+                if not os.path.exists(self.log_dir):
+                    os.makedirs(self.log_dir)
+            except PermissionError:
+                self.log_dir = os.path.join(os.getcwd(), 'faucet')
+                if not os.path.exists(self.log_dir):
+                    os.makedirs(self.log_dir)
 
     def _connect(self):
         # TODO better logging
@@ -83,39 +84,47 @@ def exec_command(self, command):
 
     def receive_file(self, f_type):
         # TODO option to receive other files (config can be multiple files)
-        self._connect()
-        # TODO better logging
-        try:
-            scp = SCPClient(self.ssh.get_transport())
-            if f_type == 'config':
-                scp.get(self.config_file,
-                        local_path=os.path.join(self.config_dir,
-                                                'faucet.yaml'))
-            elif f_type == 'log':
-                scp.get(self.log_file,
-                        local_path=os.path.join(self.log_dir, 'faucet.log'))
-            else:
+        if self.host:
+            self._connect()
+            # TODO better logging
+            try:
+                scp = SCPClient(self.ssh.get_transport())
+                if f_type == 'config':
+                    scp.get(self.config_file,
+                            local_path=os.path.join(self.config_dir,
+                                                    'faucet.yaml'))
+                elif f_type == 'log':
+                    scp.get(self.log_file,
+                            local_path=os.path.join(self.log_dir,
+                                                    'faucet.log'))
+                else:
+                    pass
+                scp.close()
+            except Exception as e:  # pragma: no cover
                 pass
-            scp.close()
-        except Exception as e:  # pragma: no cover
-            pass
-        self._disconnect()
+            self._disconnect()
 
     def send_file(self, f_type):
         # TODO option to send other files (config can be multiple files)
-        self._connect()
-        # TODO better logging
-        try:
-            scp = SCPClient(self.ssh.get_transport())
-            if f_type == 'config':
-                scp.put(os.path.join(self.config_dir, 'faucet.yaml'),
-                        self.config_file)
-            elif f_type == 'log':
-                scp.put(os.path.join(self.log_dir, 'faucet.log'),
-                        self.log_file)
-            else:
+        if self.host:
+            self._connect()
+            # TODO better logging
+            try:
+                scp = SCPClient(self.ssh.get_transport())
+                if f_type == 'config':
+                    scp.put(os.path.join(self.config_dir, 'faucet.yaml'),
+                            self.config_file)
+                elif f_type == 'log':
+                    scp.put(os.path.join(self.log_dir, 'faucet.log'),
+                            self.log_file)
+                else:
+                    pass
+                scp.close()
+            except Exception as e:  # pragma: no cover
                 pass
-            scp.close()
-        except Exception as e:  # pragma: no cover
-            pass
-        self._disconnect()
+            self._disconnect()
+
+    def event_listener(self):
+        # TODO - if using an event adapter from FAUCET, such as rabbbitmq
+        event = None
+        return event

poseidon/poseidonMonitor/NorthBoundControllerAbstraction/proxy/faucet/faucet.py

@@ -32,7 +32,7 @@
 class FaucetProxy(Connection, Parser):
 
     def __init__(self,
-                 host,
+                 host=None,
                  user=None,
                  pw=None,
                  config_file=None,
@@ -65,10 +65,13 @@ def format_endpoints(data):
         return ret_list
 
     def get_endpoints(self):
-        self.receive_file('log')
         retval = []
 
-        mac_table = self.log(os.path.join(self.log_dir, 'faucet.log'))
+        if self.host:
+            self.receive_file('log')
+            mac_table = self.log(os.path.join(self.log_dir, 'faucet.log'))
+        else:
+            mac_table = self.log(self.log_file)
         module_logger.debug('get_endpoints found:')
         for mac in mac_table:
             if (mac_table[mac][0]['ip-address'] != 'None' and
@@ -116,20 +119,27 @@ def shutdown_ip(self, ip_addr, shutdown=True, mac_addr=None):
         shutdowns = []
         port = 0
         switch = None
-        self.receive_file('config')
-        if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
-                       'shutdown', int(port), switch):
-            self.send_file('config')
-        # TODO
+        if self.host:
+            self.receive_file('config')
+            if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
+                           'shutdown', int(port), switch):
+                self.send_file('config')
+        else:
+            self.config(self.config_file, 'shutdown', int(port), switch)
+        # TODO check if config was successfully updated
         return shutdowns
 
     def shutdown_endpoint(self):
         port = 0
         switch = None
-        self.receive_file('config')
-        if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
-                       'shutdown', int(port), switch):
-            self.send_file('config')
+        if self.host:
+            self.receive_file('config')
+            if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
+                           'shutdown', int(port), switch):
+                self.send_file('config')
+        else:
+            self.config(self.config_file, 'shutdown', int(port), switch)
+        # TODO check if config was successfully updated
 
     def get_highest(self):
         pass
@@ -138,32 +148,47 @@ def get_seq_by_ip(self):
         pass
 
     def mirror_ip(self, ip):
-        self.receive_file('log')
-        mac_table = self.log(os.path.join(self.log_dir, 'faucet.log'))
+        if self.host:
+            self.receive_file('log')
+            mac_table = self.log(os.path.join(self.log_dir, 'faucet.log'))
+        else:
+            mac_table = self.log(self.log_file)
         port = 0
         switch = None
         for mac in mac_table:
             if ip == mac_table[mac][0]['ip-address']:
                 port = mac_table[mac][0]['port']
                 switch = mac_table[mac][0]['segment']
         if port and switch:
-            self.receive_file('config')
-            if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
-                           'mirror', int(port), switch):
-                self.send_file('config')
+            if self.host:
+                self.receive_file('config')
+                if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
+                               'mirror', int(port), switch):
+                    self.send_file('config')
+            else:
+                self.config(self.config_file, 'mirror', int(port), switch)
+        # TODO check if config was successfully updated
 
     def unmirror_ip(self, ip):
         port = 0
         switch = None
-        self.receive_file('config')
-        if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
-                       'unmirror', int(port), switch):
-            self.send_file('config')
+        if self.host:
+            self.receive_file('config')
+            if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
+                           'unmirror', int(port), switch):
+                self.send_file('config')
+        else:
+            self.config(self.config_file, 'unmirror', int(port), switch)
+        # TODO check if config was successfully updated
 
     def mirror_traffic(self):
         port = 0
         switch = None
-        self.receive_file('config')
-        if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
-                       'mirror', int(port), switch):
-            self.send_file('config')
+        if self.host:
+            self.receive_file('config')
+            if self.config(os.path.join(self.config_dir, 'faucet.yaml'),
+                           'mirror', int(port), switch):
+                self.send_file('config')
+        else:
+            self.config(self.config_file, 'mirror', int(port), switch)
+        # TODO check if config was successfully updated