osism 0.20250709.0__py3-none-any.whl → 0.20250804.0__py3-none-any.whl

osism/commands/sonic.py

@@ -9,9 +9,16 @@ from cliff.command import Command
 from loguru import logger
 import paramiko
 from prompt_toolkit import prompt
+from tabulate import tabulate
 
 from osism import utils
 from osism.tasks import netbox
+from osism.tasks.conductor.netbox import (
+    get_nb_device_query_list_sonic,
+    get_device_oob_ip,
+)
+from osism.tasks.conductor.sonic.constants import DEFAULT_SONIC_ROLES, SUPPORTED_HWSKUS
+from osism.utils.ssh import cleanup_ssh_known_hosts_for_node
 
 # Suppress paramiko logging messages globally
 logging.getLogger("paramiko").setLevel(logging.ERROR)
@@ -41,7 +48,15 @@ class SonicCommandBase(Command):
         if not hasattr(device, "local_context_data") or not device.local_context_data:
             logger.error(f"Device {hostname} has no local_context_data in NetBox")
             return None
-        return device.local_context_data
+
+        # Filter out keys that start with underscore
+        filtered_context = {
+            key: value
+            for key, value in device.local_context_data.items()
+            if not key.startswith("_")
+        }
+
+        return filtered_context
 
     def _save_config_context(self, config_context, hostname, today):
         """Save config context to local file"""
@@ -94,6 +109,13 @@ class SonicCommandBase(Command):
             return None
 
         ssh = paramiko.SSHClient()
+        # Load system host keys from centralized known_hosts file
+        try:
+            ssh.load_host_keys("/share/known_hosts")
+        except FileNotFoundError:
+            logger.debug(
+                "Centralized known_hosts file not found, creating empty host key store"
+            )
         ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
 
         try:
@@ -796,6 +818,14 @@ class Reset(SonicCommandBase):
                 logger.info("- Switch will need to be reinstalled after reset")
                 logger.info("- Connection will be terminated by the reboot")
 
+                # Clean up SSH known_hosts entries for the reset node
+                logger.info(f"Cleaning up SSH known_hosts entries for {hostname}")
+                result = cleanup_ssh_known_hosts_for_node(hostname)
+                if result:
+                    logger.info("- SSH known_hosts cleanup completed successfully")
+                else:
+                    logger.warning("- SSH known_hosts cleanup completed with warnings")
+
                 # Set provision_state to 'ztp' in NetBox
                 logger.info("Setting provision_state to 'ztp' in NetBox")
                 netbox.set_provision_state.delay(hostname, "ztp")
@@ -953,7 +983,7 @@ class Console(SonicCommandBase):
             logger.info(f"Connecting to {hostname} ({ssh_host}) via SSH console")
 
             # Execute SSH command using os.system to provide interactive terminal
-            ssh_command = f"ssh -i {ssh_key_path} -o StrictHostKeyChecking=no {ssh_username}@{ssh_host}"
+            ssh_command = f"ssh -i {ssh_key_path} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/share/known_hosts {ssh_username}@{ssh_host}"
 
             logger.info("Starting SSH session...")
             logger.info("To exit the console, type 'exit' or press Ctrl+D")
@@ -971,3 +1001,168 @@ class Console(SonicCommandBase):
         except Exception as e:
             logger.error(f"Error connecting to SONiC device {hostname}: {e}")
             return 1
+
+
+class List(Command):
+    """List SONiC switches with their details"""
+
+    def get_parser(self, prog_name):
+        parser = super(List, self).get_parser(prog_name)
+        parser.add_argument(
+            "device",
+            nargs="?",
+            type=str,
+            help="Optional device name to filter by (same as sonic sync parameter)",
+        )
+        return parser
+
+    def take_action(self, parsed_args):
+        device_name = parsed_args.device
+
+        try:
+            devices = []
+
+            if device_name:
+                # When specific device is requested, fetch it directly
+                try:
+                    device = utils.nb.dcim.devices.get(name=device_name)
+                    if device:
+                        # Check if device role matches allowed roles
+                        if device.role and device.role.slug in DEFAULT_SONIC_ROLES:
+                            devices.append(device)
+                            logger.debug(
+                                f"Found device: {device.name} with role: {device.role.slug}"
+                            )
+                        else:
+                            logger.warning(
+                                f"Device {device_name} has role '{device.role.slug if device.role else 'None'}' "
+                                f"which is not in allowed SONiC roles: {', '.join(DEFAULT_SONIC_ROLES)}"
+                            )
+                            return 1
+                    else:
+                        logger.error(f"Device {device_name} not found in NetBox")
+                        return 1
+                except Exception as e:
+                    logger.error(f"Error fetching device {device_name}: {e}")
+                    return 1
+            else:
+                # Get device query list from NETBOX_FILTER_CONDUCTOR_SONIC
+                nb_device_query_list = get_nb_device_query_list_sonic()
+
+                for nb_device_query in nb_device_query_list:
+                    # Query devices with the NETBOX_FILTER_CONDUCTOR_SONIC criteria
+                    for device in utils.nb.dcim.devices.filter(**nb_device_query):
+                        # Check if device role matches allowed roles
+                        if device.role and device.role.slug in DEFAULT_SONIC_ROLES:
+                            devices.append(device)
+                            logger.debug(
+                                f"Found device: {device.name} with role: {device.role.slug}"
+                            )
+
+            logger.info(f"Found {len(devices)} devices matching criteria")
+
+            # Prepare table data
+            table_data = []
+            headers = [
+                "Name",
+                "OOB IP",
+                "Primary IP",
+                "HWSKU",
+                "Version",
+                "Provision State",
+            ]
+
+            for device in devices:
+                # Get device name
+                device_name = device.name
+
+                # Get OOB IP address
+                oob_ip = "N/A"
+                try:
+                    oob_result = get_device_oob_ip(device)
+                    if oob_result:
+                        oob_ip = oob_result[0]  # Get just the IP address
+                except Exception as e:
+                    logger.debug(f"Could not get OOB IP for {device_name}: {e}")
+
+                # Get primary IP address
+                primary_ip = "N/A"
+                try:
+                    if device.primary_ip4:
+                        # Extract IP address from CIDR notation
+                        primary_ip = str(device.primary_ip4).split("/")[0]
+                    elif device.primary_ip6:
+                        # Extract IP address from CIDR notation
+                        primary_ip = str(device.primary_ip6).split("/")[0]
+                except Exception as e:
+                    logger.debug(f"Could not get primary IP for {device_name}: {e}")
+
+                # Get HWSKU and Version from sonic_parameters custom field
+                hwsku = "N/A"
+                version = "N/A"
+                try:
+                    if (
+                        hasattr(device, "custom_fields")
+                        and "sonic_parameters" in device.custom_fields
+                        and device.custom_fields["sonic_parameters"]
+                        and isinstance(device.custom_fields["sonic_parameters"], dict)
+                    ):
+                        sonic_params = device.custom_fields["sonic_parameters"]
+                        if "hwsku" in sonic_params and sonic_params["hwsku"]:
+                            hwsku = sonic_params["hwsku"]
+                        if "version" in sonic_params and sonic_params["version"]:
+                            version = sonic_params["version"]
+                except Exception as e:
+                    logger.debug(
+                        f"Could not extract sonic_parameters for {device_name}: {e}"
+                    )
+
+                # Determine provision state
+                provision_state = "Unknown"
+                try:
+                    if hwsku == "N/A":
+                        provision_state = "No HWSKU"
+                    elif hwsku not in SUPPORTED_HWSKUS:
+                        provision_state = "Unsupported HWSKU"
+                    else:
+                        # Use device status to determine provision state
+                        if device.status:
+                            status_value = (
+                                device.status.value
+                                if hasattr(device.status, "value")
+                                else str(device.status)
+                            )
+                            if status_value == "active":
+                                provision_state = "Provisioned"
+                            elif status_value == "staged":
+                                provision_state = "Staged"
+                            elif status_value == "planned":
+                                provision_state = "Planned"
+                            else:
+                                provision_state = status_value.title()
+                        else:
+                            provision_state = "No Status"
+                except Exception as e:
+                    logger.debug(
+                        f"Could not determine provision state for {device_name}: {e}"
+                    )
+
+                table_data.append(
+                    [device_name, oob_ip, primary_ip, hwsku, version, provision_state]
+                )
+
+            # Sort by device name
+            table_data.sort(key=lambda x: x[0])
+
+            # Print the table
+            if table_data:
+                print(tabulate(table_data, headers=headers, tablefmt="psql"))
+                print(f"\nTotal: {len(table_data)} devices")
+            else:
+                print("No SONiC devices found matching the criteria")
+
+            return 0
+
+        except Exception as e:
+            logger.error(f"Error listing SONiC devices: {e}")
+            return 1

osism/tasks/__init__.py

@@ -238,6 +238,49 @@ def handle_task(t, wait=True, format="log", timeout=3600):
                 f"osism wait --output --live --delay 2 {t.task_id}"
             )
             return 1
+        except KeyboardInterrupt:
+            logger.info(f"\nTask {t.task_id} interrupted by user (CTRL+C)")
+
+            # Prompt user for task revocation in interactive mode using prompt-toolkit
+            try:
+                from prompt_toolkit import prompt
+
+                # Use prompt-toolkit for better UX with yes/no options and default
+                response = (
+                    prompt(
+                        "Do you want to revoke the running task? [y/N]: ", default="n"
+                    )
+                    .strip()
+                    .lower()
+                )
+
+                if response in ["y", "yes"]:
+                    logger.info(f"Revoking task {t.task_id}...")
+                    if utils.revoke_task(t.task_id):
+                        logger.info(f"Task {t.task_id} has been revoked")
+                    else:
+                        logger.error(f"Failed to revoke task {t.task_id}")
+                else:
+                    logger.info(f"Task {t.task_id} continues running in background")
+                    logger.info(
+                        "Use this command to continue waiting for this task: "
+                        f"osism wait --output --live --delay 2 {t.task_id}"
+                    )
+            except KeyboardInterrupt:
+                # Handle second CTRL+C during prompt
+                logger.info(f"\nTask {t.task_id} continues running in background")
+                logger.info(
+                    "Use this command to continue waiting for this task: "
+                    f"osism wait --output --live --delay 2 {t.task_id}"
+                )
+            except EOFError:
+                # Handle EOF (e.g., when input is not available)
+                logger.info(f"Task {t.task_id} continues running in background")
+                logger.info(
+                    "Use this command to continue waiting for this task: "
+                    f"osism wait --output --live --delay 2 {t.task_id}"
+                )
+            return 1
 
     else:
         if format == "log":

osism/tasks/conductor/__init__.py

@@ -44,8 +44,8 @@ def sync_netbox(self, force_update=False):
 
 
 @app.task(bind=True, name="osism.tasks.conductor.sync_ironic")
-def sync_ironic(self, force_update=False):
-    _sync_ironic(self.request.id, get_ironic_parameters, force_update)
+def sync_ironic(self, node_name=None, force_update=False):
+    _sync_ironic(self.request.id, get_ironic_parameters, node_name, force_update)
 
 
 @app.task(bind=True, name="osism.tasks.conductor.sync_sonic")

osism/tasks/conductor/config.py

@@ -30,7 +30,7 @@ def get_configuration():
                     "image_source"
                 ]
                 if not validators.uuid(image_source) and not validators.url(
-                    image_source
+                    image_source, simple_host=True
                 ):
                     result = openstack.image_get(image_source)
                     if result:
@@ -46,7 +46,7 @@ def get_configuration():
                     "deploy_kernel"
                 ]
                 if not validators.uuid(deploy_kernel) and not validators.url(
-                    deploy_kernel
+                    deploy_kernel, simple_host=True
                 ):
                     result = openstack.image_get(deploy_kernel)
                     if result:
@@ -63,7 +63,7 @@ def get_configuration():
                     "deploy_ramdisk"
                 ]
                 if not validators.uuid(deploy_ramdisk) and not validators.url(
-                    deploy_ramdisk
+                    deploy_ramdisk, simple_host=True
                 ):
                     result = openstack.image_get(deploy_ramdisk)
                     if result:

osism/tasks/conductor/ironic.py

@@ -127,19 +127,41 @@ def _prepare_node_attributes(device, get_ironic_parameters):
     return node_attributes
 
 
-def sync_ironic(request_id, get_ironic_parameters, force_update=False):
-    osism_utils.push_task_output(
-        request_id,
-        "Starting NetBox device synchronisation with ironic\n",
-    )
+def sync_ironic(request_id, get_ironic_parameters, node_name=None, force_update=False):
+    if node_name:
+        osism_utils.push_task_output(
+            request_id,
+            f"Starting NetBox device synchronisation with ironic for node {node_name}\n",
+        )
+    else:
+        osism_utils.push_task_output(
+            request_id,
+            "Starting NetBox device synchronisation with ironic\n",
+        )
     devices = set()
     nb_device_query_list = get_nb_device_query_list_ironic()
     for nb_device_query in nb_device_query_list:
         devices |= set(netbox.get_devices(**nb_device_query))
 
+    # Filter devices by node_name if specified
+    if node_name:
+        devices = {dev for dev in devices if dev.name == node_name}
+        if not devices:
+            osism_utils.push_task_output(
+                request_id,
+                f"Node {node_name} not found in NetBox\n",
+            )
+            osism_utils.finish_task_output(request_id, rc=1)
+            return
+
     # NOTE: Find nodes in Ironic which are no longer present in NetBox and remove them
     device_names = {dev.name for dev in devices}
     nodes = openstack.baremetal_node_list()
+
+    # Filter nodes by node_name if specified
+    if node_name:
+        nodes = [node for node in nodes if node["Name"] == node_name]
+
     for node in nodes:
         osism_utils.push_task_output(
             request_id, f"Looking for {node['Name']} in NetBox\n"

osism/tasks/conductor/sonic/interface.py

@@ -419,6 +419,16 @@ def _extract_port_number_from_alias(alias):
     if not alias:
         return None
 
+    # Try to extract number from Eth54(Port54) format first
+    paren_match = re.search(r"Eth(\d+)\(Port(\d+)\)", alias)
+    if paren_match:
+        port_number = int(paren_match.group(1))
+        logger.debug(
+            f"Extracted port number {port_number} from Eth(Port) alias '{alias}'"
+        )
+        return port_number
+
+    # Fallback to number at end of alias
     match = re.search(r"(\d+)$", alias)
     if match:
         port_number = int(match.group(1))

osism/tasks/conductor/utils.py

@@ -75,8 +75,15 @@ def get_vault():
                 )
             ]
         )
-    except Exception:
-        logger.error("Unable to get vault secret. Dropping encrypted entries")
+    except ValueError as exc:
+        # Handle specific vault password configuration errors
+        logger.error(f"Vault password configuration error: {exc}")
+        logger.error("Please check your vault password setup in Redis")
+        vault = VaultLib()
+    except Exception as exc:
+        # Handle other errors (file access, decryption, etc.)
+        logger.error(f"Unable to get vault secret: {exc}")
+        logger.error("Dropping encrypted entries")
         vault = VaultLib()
     return vault
 

osism/utils/__init__.py

@@ -109,8 +109,18 @@ def get_ansible_vault_password():
         f = Fernet(key)
 
         encrypted_ansible_vault_password = redis.get("ansible_vault_password")
+        if encrypted_ansible_vault_password is None:
+            raise ValueError("Ansible vault password is not set in Redis")
+
         ansible_vault_password = f.decrypt(encrypted_ansible_vault_password)
-        return ansible_vault_password.decode("utf-8")
+        password = ansible_vault_password.decode("utf-8")
+
+        if not password or password.strip() == "":
+            raise ValueError(
+                "Ansible vault password is empty or contains only whitespace"
+            )
+
+        return password
     except Exception as exc:
         logger.error("Unable to get ansible vault password")
         raise exc
@@ -185,6 +195,29 @@ def finish_task_output(task_id, rc=None):
     redis.xadd(task_id, {"type": "action", "content": "quit"})
 
 
+def revoke_task(task_id):
+    """
+    Revoke a running Celery task.
+
+    Args:
+        task_id (str): The ID of the task to revoke
+
+    Returns:
+        bool: True if revocation was successful, False otherwise
+    """
+    try:
+        from celery import Celery
+        from osism.tasks import Config
+
+        app = Celery("task")
+        app.config_from_object(Config)
+        app.control.revoke(task_id, terminate=True)
+        return True
+    except Exception as e:
+        logger.error(f"Failed to revoke task {task_id}: {e}")
+        return False
+
+
 def create_redlock(key, auto_release_time=3600):
     """
     Create a Redlock instance with output suppression during initialization.