Migrating objects using the R80 Web APIs, Python, ...

Dana_Traversie · ‎2017-01-23

Overview

This script shows how objects can be migrated from one R80 manager to another R80 or R80.10 manager programmatically using the R80 web APIs, Python, and cpauto.

Description

Script requires at least two R80/R80.10 managers with the web APIs enabled. The source manager should have some host and network objects defined for the demo to be useful.

The provided code is merely an example but is a viable pattern that can be reused for virtually all object types.

Instructions

Download the ZIP archive and run the enclosed Python script on a system that meets the following requirements:

Python and cpauto installed correctly
Network access to the source and destination R80 web API resources

For more information on cpauto: https://github.com/dana-at-cp/cpauto

Code Version

Code version 1.0.0

Tested on version

R80, API version 1.0

NOTICE: By using this sample code you agree to terms and conditions in this Not authorized to view the specified document 1042

...

Irek_Romaniuk · ‎2017-07-31

Looks pretty solid. Just tired it with my R80.10, getting connection error, please advice

[docker@nms02m ~]$ python
Python 2.7.5 (default, Aug 2 2016, 04:20:16)
[GCC 4.8.5 20150623 (Red Hat 4.8.5-4)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import cpauto
>>> cc=cpauto.CoreClient('root','password','10.254.253.110')
>>> r=cc.login()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib/python2.7/site-packages/cpauto/core/sessions.py", line 196, in login
r = self.http_post('login', send_sid=False, payload=payload)
File "/usr/lib/python2.7/site-packages/cpauto/core/sessions.py", line 161, in http_post
raise ConnectionError('Connection error: ' + str(e))
cpauto.core.exceptions.ConnectionError: Connection error: HTTPSConnectionPool(host='10.254.253.110', port=443): Max retries exceeded with url: /web_api/login (Caused by SSLError(SSLError(1, u'[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:579)'),))
>>> r.status_code
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
NameError: name 'r' is not defined

Dana_Traversie · ‎2017-08-10

Hello Irek.

Try again with SSL certificate verification disabled:

>>> cc=cpauto.CoreClient('root','password','10.254.253.110',verify=False)

Irek_Romaniuk · ‎2017-08-12

Thank you , I progressed a little further, getting Missing header error now ?

>>> cc=cpauto.CoreClient('root','password','10.254.253.110',verify=False)
>>> n = cpauto.Network(cc)
>>> r = n.add('Net_10.29.184.0/23', { 'subnet': '10.29.184.0', 'subnet-mask': '255.255.254.0' })
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
>>> r = cc.publish()
/usr/lib/python2.7/site-packages/urllib3/connectionpool.py:858: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.io/en/latest/advanced-usage.html#ssl-warnings
InsecureRequestWarning)
>>> r.status_code
400
>>> r.json()
{u'message': u'Missing header: [X-chkp-sid]', u'code': u'generic_err_missing_required_header'}

Dana_Traversie · ‎2017-08-16

Hey https://community.checkpoint.com/people/iromaacad497a-dc2a-485a-9ac5-c7da8ab74009‌ ... it looks like you forgot to do cc.login() before attempting to create objects.

Irek_Romaniuk · ‎2017-08-22

now I finally got '200' response but can't find my network object in GUI...removed 'Unverified HTTPS request is being made' from output below

>>> r=cc.login()
>>> n=cpauto.Network(cc)
>>> r=n.add('net_1.1.1.0/23',{'subnet':'1.1.1.0','subnet-mask':'255.255.254.0'})
>>> r=cc.publish()
>>> r.status_code
200
>>> r.json()
{u'tasks': [{u'task-id': u'01234567-89ab-cdef-acb4-f3a1f5148efc', u'status': u'succeeded', u'progress-percentage': 100, u'task-name': u'Publish operation', u'task-details': [{u'revision': u'8cf71891-be04-4780-8519-5b12ed5d8bac', u'publishResponse': {u'numberOfPublishedChanges': 0}}], u'suppressed': False}]}

Dana_Traversie · ‎2017-08-22

Hello Irek Romaniuk‌ ... I would check/print the HTTP status code after the network object add. I suspect that the object add returned a non-200 HTTP response.

You could also print the entire response object for more detail.

Irek_Romaniuk · ‎2017-08-24

Correct it returned 400 after he network object added

John_Tammaro1 · ‎2017-08-31

Is it possible to re-upload the zip file scripts.

I have tried several times to download but keep getting errors preventing me from unzipping using the default Windows 10 Zip client.

Thanks