Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Dana_Traversie
Employee
Employee

Migrating objects using the R80 Web APIs, Python, and cpauto

Overview

This script shows how objects can be migrated from one R80 manager to another R80 or R80.10 manager programmatically using the R80 web APIs, Python, and cpauto.

Description

Script requires at least two R80/R80.10 managers with the web APIs enabled. The source manager should have some host and network objects defined for the demo to be useful.

The provided code is merely an example but is a viable pattern that can be reused for virtually all object types.

Instructions

Download the ZIP archive and run the enclosed Python script on a system that meets the following requirements:

  • Python and cpauto installed correctly
  • Network access to the source and destination R80 web API resources

For more information on cpauto: https://github.com/dana-at-cp/cpauto

Code Version

Code version 1.0.0

Tested on version

R80, API version 1.0

NOTICE: By using this sample code you agree to terms and conditions in this Not authorized to view the specified document 1042

...

8 Replies
Irek_Romaniuk
Participant

Looks pretty solid. Just tired it with my R80.10, getting connection error, please advice

[docker@nms02m ~]$ python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import cpauto
>>> cc=cpauto.CoreClient('root','password','10.254.253.110')
>>> r=cc.login()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/cpauto/core/sessions.py", line 196, in login
r = self.http_post('login', send_sid=False, payload=payload)
File "/usr/lib/python2.7/site-packages/cpauto/core/sessions.py", line 161, in http_post
raise ConnectionError('Connection error: ' + str(e))
cpauto.core.exceptions.ConnectionError: Connection error: HTTPSConnectionPool(host='10.254.253.110', port=443): Max retries exceeded with url: /web_api/login (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))
>>> r.status_code
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'r' is not defined

0 Kudos
Dana_Traversie
Employee
Employee

Hello Irek.

Try again with SSL certificate verification disabled:

>>> cc=cpauto.CoreClient('root','password','10.254.253.110',verify=False)

0 Kudos
Irek_Romaniuk
Participant

Thank you , I progressed a little further, getting Missing header error now ?

>>> cc=cpauto.CoreClient('root','password','10.254.253.110',verify=False)
>>> n = cpauto.Network(cc)
>>> r = n.add('Net_10.29.184.0/23', { 'subnet': '10.29.184.0', 'subnet-mask': '255.255.254.0' })
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
>>> r = cc.publish()
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
>>> r.status_code
400
>>> r.json()
{u'message': u'Missing header: [X-chkp-sid]', u'code': u'generic_err_missing_required_header'}

0 Kudos
Dana_Traversie
Employee
Employee

Hey https://community.checkpoint.com/people/iromaacad497a-dc2a-485a-9ac5-c7da8ab74009‌ ... it looks like you forgot to do cc.login() before attempting to create objects.

Irek_Romaniuk
Participant

now I finally got '200' response but can't find my network object in GUI...removed 'Unverified HTTPS request is being made' from output below

>>> r=cc.login()
>>> n=cpauto.Network(cc)
>>> r=n.add('net_1.1.1.0/23',{'subnet':'1.1.1.0','subnet-mask':'255.255.254.0'})
>>> r=cc.publish()
>>> r.status_code
200
>>> r.json()
{u'tasks': [{u'task-id': u'01234567-89ab-cdef-acb4-f3a1f5148efc', u'status': u'succeeded', u'progress-percentage': 100, u'task-name': u'Publish operation', u'task-details': [{u'revision': u'8cf71891-be04-4780-8519-5b12ed5d8bac', u'publishResponse': {u'numberOfPublishedChanges': 0}}], u'suppressed': False}]}

0 Kudos
Dana_Traversie
Employee
Employee

Hello Irek Romaniuk‌ ... I would check/print the HTTP status code after the network object add. I suspect that the object add returned a non-200 HTTP response.

You could also print the entire response object for more detail.

Irek_Romaniuk
Participant

Correct it returned 400 after he network object added

0 Kudos
John_Tammaro1
Contributor
Contributor

Is it possible to re-upload the zip file scripts.

I have tried several times to download but keep getting errors preventing me from unzipping using the default Windows 10 Zip client.

Thanks

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events