-
Notifications
You must be signed in to change notification settings - Fork 15
/
Copy pathconf2yaml.py
381 lines (305 loc) · 13.6 KB
/
conf2yaml.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
#!/usr/bin/env python
from ciscoconfparse import CiscoConfParse
from os import walk, makedirs, listdir
from os.path import isfile, join, splitext, exists
import re, yaml, sys, pprint
# Explicitly specify entry point for clarity's sake
def main():
# Permit limited configuration via command-line args
debug = False # Debug YAML to console defaults to off: enable with --debug
root_path = 'configurations/' # Root dir is 'configurations': modify with --root="mydir"
domain = 'nwid.bris.ac.uk' # Default domain is 'nwid.bris.ac.uk': modify with --domain="mydomain"
if (len(sys.argv) > 1):
for arg in sys.argv:
if arg == '--debug':
debug = True
if arg[:6] == '--root':
head, sep, directory_value = arg.partition('=')
if directory_value != '':
root_path = directory_value.replace('"', '') + '/'
if arg[:8] == '--domain':
head, sep, domain_value = arg.partition('=')
if domain_value != '':
domain = domain_value.replace('"', '')
subdirs = walk(root_path).next()[1] # obtain all subdirectories
subdirs.append('') # add root directory
# Parse all files in all subdirectories
for subdir in subdirs:
files = [filename for filename in listdir(root_path + subdir) if isfile(join(root_path + subdir, filename))]
for filename in files:
if filename != '.gitignore': # Do not parse .gitignores
input = CiscoConfParse(root_path + subdir + '/' + filename) # Get our CiscoConfParse-formatted input
output_yaml = convert_to_yaml(input) # Parse input config into output YAML
output_path = 'yaml/' + root_path + subdir
print('Outputting ' + output_path + splitext(filename)[0] + '.' + domain + '.yml YAML')
write_output_yaml_to_file(output_yaml, output_path, filename, domain) # Write our YAML to disk
if (debug): # If debug mode specified output YAML to console
print(output_path + splitext(filename)[0] + '.' + domain + '.yml YAML Output:')
print output_yaml
# The workhorse function that reads the Cisco config and returns our output config object
def convert_to_yaml(input_config):
output_config = {} # Create master dict for output data
# switch stacks
stacks = input_config.find_objects(r'switch [0-9]+ provision (.*)')
if stacks:
output_config['switch_stack'] = []
for line in stacks:
stack = line.re_match(r'switch [0-9]+ provision (.*)')
output_config['switch_stack'].append(stack)
# Interfaces
interfaces = input_config.find_objects(r'interface') # Create interfaces object
if interfaces:
output_config['interfaces'] = [] # Create list of interfaces
for interface in interfaces:
# dict for this particular interface
interface_dict = {}
# Insert interface name
interface_name = interface.re_match(r'^interface (\S+)$')
if interface_name:
interface_dict['name'] = interface_name
# switchport
# Find list of interfaces with "switchport" config
switchport_interfaces = interface.re_search_children(r'switchport')
if switchport_interfaces:
# Create switchport dict if it does not yet exist
if not 'switchport' in interface_dict:
interface_dict['switchport'] = {}
for line in switchport_interfaces:
# access vlan
access_vlan = line.re_match(r' switchport access vlan (\S+)')
if access_vlan:
interface_dict['switchport']['access_vlan'] = access_vlan
# switchport mode
switchport_mode = line.re_match(r'^ switchport mode (\S+)$')
if switchport_mode:
interface_dict['switchport']['mode'] = switchport_mode
# port-security
port_sec = line.re_search(r'^ switchport port-security$')
if port_sec:
interface_dict['switchport']['port_security'] = True
# switchport trunk
switchport_trunk = line.re_search(r'^ switchport trunk.*$')
if switchport_trunk:
# Create the trunk dict if it does not yet exist
if not 'trunk' in interface_dict['switchport']:
interface_dict['switchport']['trunk'] = {}
# native vlan
native_vlan = line.re_match(r'^ switchport trunk native vlan (\S+)$')
if native_vlan:
interface_dict['switchport']['trunk']['native_vlan'] = native_vlan
# allowed vlan
allowed_vlan = line.re_match(r'^ switchport trunk allowed vlan (\S+)$')
if allowed_vlan:
interface_dict['switchport']['trunk']['allowed_vlan'] = allowed_vlan
# trunk encapsulation
encapsulation = line.re_match(r'^ switchport trunk encapsulation (.+)$')
if encapsulation:
interface_dict['switchport']['trunk']['encapsulation'] = encapsulation
# spanning-tree
spanning_tree = interface.re_search_children(r'spanning-tree')
if spanning_tree:
# Create spanning-tree dict if it does not yet exist
if not 'spanning_tree' in interface_dict:
interface_dict['spanning_tree'] = {}
for line in spanning_tree:
# portfast
portfast = line.re_search(r'^ spanning-tree portfast$')
if portfast:
interface_dict['spanning_tree']['portfast'] = True
# guard_root
guard_root = line.re_search(r'^ spanning-tree guard root$')
if guard_root:
interface_dict['spanning_tree']['guard_root'] = True
# ip
ip = interface.re_search_children(r'^ ip ')
if ip:
# Create ip dict if it does not yet exist
if not 'ip' in interface_dict:
interface_dict['ip'] = {}
for line in ip:
# ip address
ip_address = line.re_match(r'^ ip address (.*)$')
if ip_address:
interface_dict['ip']['address'] = ip_address
# ip access_group
access_group = re.match('^ ip access-group (\S+) (\S+)$', line.text)
if access_group:
# Create access_group sub-dict if it does not yet exist
if not 'access_group' in interface_dict['ip']:
interface_dict['ip']['access_group'] = {}
interface_dict['ip']['access_group'][access_group.group(1)] = access_group.group(2)
# ip dhcp snooping trust
dhcp_snooping_trust = line.re_search(r'^ ip dhcp snooping trust$')
if dhcp_snooping_trust:
interface_dict['ip']['dhcp_snooping_trust'] = True
# no ip
no_ip = interface.re_search_children(r'^ no ip ')
if no_ip:
# Create ip dict if it does not yet exist
if not 'ip' in interface_dict:
interface_dict['ip'] = {}
for line in no_ip:
# no ip address
no_ip = line.re_search(r'^ no ip address$')
if no_ip:
interface_dict['ip']['ip_address_disable'] = True
# no ip route cache
no_route_cache = line.re_search(r'^ no ip route-cache$')
if no_route_cache:
interface_dict['ip']['route_cache_disable'] = True
# no ip mroute-cache
no_mroute_cache = line.re_search(r'^ no ip mroute-cache$')
if no_mroute_cache:
interface_dict['ip']['mroute_cache_disable'] = True
# ipv6
ipv6 = interface.re_search_children(r'^ ipv6 ')
if ipv6:
if not 'ipv6' in interface_dict:
interface_dict['ipv6'] = []
for line in ipv6:
# ra guard
ra_guard = line.re_search(r'^ ipv6 nd raguard$')
if ra_guard:
interface_dict['ipv6'].append('ra_guard')
# ipv6 snooping
ra_guard = line.re_search(r'^ ipv6 snooping$')
if ra_guard:
interface_dict['ipv6'].append('ipv6_snooping')
# ipv6 dhcp guard
ra_guard = line.re_search(r'^ ipv6 dhcp guard$')
if ra_guard:
interface_dict['ipv6'].append('ipv6_dhcp_guard')
# misc
misc = interface.re_search_children(r'.*')
if misc:
for line in misc:
# description
interface_description = line.re_match(r'^ description (\S+)$')
if interface_description:
interface_dict['description'] = interface_description
# power inline police
power_inline_police = line.re_search(r'^ power inline police$')
if power_inline_police:
interface_dict['power_inline_police'] = True
# cdp disable
cdp_disable = line.re_search(r'^ no cdp enable$')
if cdp_disable:
interface_dict['cdp_disable'] = True
# shutdown
shutdown = line.re_search(r'^ shutdown$')
if shutdown:
interface_dict['shutdown'] = True
# vrf forwarding
vrf = line.re_match(r'^ vrf forwarding (.+)$')
if vrf:
interface_dict['vrf'] = vrf
# negotiation
negotiation = line.re_match(r'^ negotiation (.+)$')
if negotiation:
interface_dict['negotiation'] = negotiation
# keepalive disable
keepalive_disable = line.re_search(r'^ no keepalive$')
if keepalive_disable:
interface_dict['keepalive_disable'] = True
# Append the completed interface dict to the interfaces list
output_config['interfaces'].append(interface_dict)
# IP Config Elements
ip_config = input_config.find_objects(r'ip')
if ip_config:
# Create ip dict if it does not yet exist
if not 'ip' in output_config:
output_config['ip'] = {}
for line in ip_config:
# ip dhcp snooping
dhcp_snooping = line.re_search(r'^ip dhcp snooping$')
if dhcp_snooping:
output_config['ip']['dhcp_snooping'] = True
# ip default gateway
default_gateway = line.re_match(r'^ip default-gateway (\S+)$')
if default_gateway:
output_config['ip']['default_gateway'] = default_gateway
# Banner
banner = input_config.find_blocks(r'banner')
if banner:
# Create banner dict if it does not yet exist
if not 'banner' in output_config:
output_config['banner'] = []
for line in banner:
first_line = re.search(r'^banner motd (.*)$', line)
if first_line:
output_config['banner'].append(first_line.group(1))
else:
output_config['banner'].append(line)
# acl
acl = input_config.find_blocks(r'access-list')
if acl:
if not 'acl' in output_config:
output_config['acl'] = []
for line in acl:
acl_line = re.search(r'^access-list 10 permit (172.*)$', line)
if acl_line:
output_config['acl'].append(acl_line.group(1))
# snmp-server
snmp = input_config.find_blocks(r'snmp-server')
if snmp:
# Create snmp dict if it does not yet exist
if not 'snmp' in output_config:
output_config['snmp'] = {}
for line in snmp:
# community string
snmp_community = re.match(r'^snmp-server community (\S+)', line)
if snmp_community:
output_config['snmp']['community'] = snmp_community.group(1)
# location
snmp_location = re.match(r'^snmp-server location (.*)$', line)
if snmp_location:
output_config['snmp']['location'] = snmp_location.group(1)
# contact
snmp_contact = re.match(r'^snmp-server contact (.*)$', line)
if snmp_contact:
output_config['snmp']['contact'] = snmp_contact.group(1)
# vtp
vtp = input_config.find_lines(r'vtp')
if vtp:
vtp_mode = re.match(r'vtp mode (\S+)',vtp[0])
if vtp_mode:
output_config['vtp_mode'] = vtp_mode.group(1)
# vlans
vlans = input_config.find_objects('^vlan [0-9]+')
if vlans:
# Create vlans dict if it does not yet exist
if not 'vlans' in output_config:
output_config['vlans'] = []
for vlan in vlans:
vlan_dict = {}
# vlan number
vlan_number = re.match('^vlan ([0-9]+)$', vlan.text)
if vlan_number:
vlan_dict['number'] = vlan_number.group(1)
# vlan name
vlan_name = vlan.re_search_children(r'name')
if vlan_name:
name = vlan_name[0].re_match(r' name (\S+)')
vlan_dict['name'] = name
# Append the completed vlan dict
output_config['vlans'].append(vlan_dict)
# certificates
certificate_chain = input_config.find_lines('^crypto pki certificate chain')
if certificate_chain:
for line in certificate_chain:
certificate_chain_search = re.match('^crypto pki certificate chain (\S+)', line)
output_config['crypto_chain_id'] = certificate_chain_search.group(1)
# radius server config
radius_servers = input_config.find_objects('radius server')
if radius_servers:
output_config['dot1x'] = True
return yaml.dump(output_config, default_flow_style = 0, explicit_start = 1)
def write_output_yaml_to_file(output_yaml, output_path, filename, domain):
# Make sure the directory we're trying to write to exists. Create it if it doesn't
if not exists(output_path):
makedirs(output_path)
# Write foo.yml to the subdir in yaml/root_path that corresponds to where we got the input file
with open(output_path + splitext(filename)[0] + '.' + domain + '.yml', 'w') as outfile:
outfile.write(output_yaml)
if __name__ == '__main__':
main()