Merge pull request #27 from jerewill-cisco/1.3.1

1.3.1
jerewill-cisco · Aug 3, 2022 · b3cf2a0 · b3cf2a0
2 parents d1ca72c + d701462
commit b3cf2a0
Show file tree

Hide file tree

Showing 6 changed files with 367 additions and 53 deletions.
diff --git a/README.md b/README.md
diff --git a/images/add_intersight.png b/images/add_intersight.png
diff --git a/input_module_intersight.py b/input_module_intersight.py
@@ -60,6 +60,8 @@ def get_checkpoint(type):
                 f"{account_name}_last_{type}_record")
             helper.log_debug(
                 f"{s} | Checkpoint value for {type} records is {state}")
+            if (state == None or state == "None"):
+                raise Exception("State is none")
             return state
         except:
             # set the state if it's not set
@@ -215,7 +217,9 @@ def write_splunk(index, source, sourcetype, data):
         state = get_checkpoint('audit')
         # get the audit records
         RESPONSE = r_intersight(
-            f"{endpoint}?$orderby=ModTime%20asc&$filter=ModTime%20gt%20{state}")
+            f"{endpoint}?$inlinecount=allpages&$orderby=ModTime%20asc&$filter=ModTime%20gt%20{state}")
+        helper.log_info(
+            f"{s} | Found {RESPONSE.json()['Count']} audit records to retrieve")
         # process the audit records
         for data in RESPONSE.json()['Results']:
             # pop things we don't need
@@ -252,8 +256,9 @@ def write_splunk(index, source, sourcetype, data):
         state = get_checkpoint('alarm')
         # Let's get the alarm records
         RESPONSE = r_intersight(
-            f"{endpoint}?$orderby=ModTime%20asc&$filter=ModTime%20gt%20{state}")
-
+            f"{endpoint}?$inlinecount=allpages&$orderby=ModTime%20asc&$filter=ModTime%20gt%20{state}")
+        helper.log_info(
+            f"{s} | Found {RESPONSE.json()['Count']} alarm records to retrieve")
         # Process the alarm records
         for data in RESPONSE.json()['Results']:
             data = pop(['AffectedMo', 'Ancestors', 'Owners', 'PermissionResources',
@@ -331,6 +336,8 @@ def write_splunk(index, source, sourcetype, data):
     ###
     # Compute Inventory
     ###
+
+    # Servers
     endpoint = "compute/PhysicalSummaries"
     if 'compute' in opt_inventory and doInventory:
         helper.log_debug(f"{s} | Retrieving Compute Inventory Records")
@@ -347,11 +354,14 @@ def write_splunk(index, source, sourcetype, data):
                 f"{endpoint}?$expand=RegisteredDevice($select=ClaimedByUserName,ClaimedTime,ConnectionStatusLastChangeTime,ConnectionStatus,CreateTime,ReadOnly)&$top={results_per_page}&$skip={str(i)}")
             for data in RESPONSE.json()['Results']:
                 data = pop(
-                    ['Ancestors', 'PermissionResources', 'Owners', 'DomainGroupMoid', 'ClassId', 'FaultSummary', 'EquipmentChassis', 'InventoryDeviceInfo', 'KvmVendor', 'ObjectType', 'ScaledMode', 'Rn', 'SharedScope'], data)
+                    ['Ancestors', 'Parent', 'Uuid', 'HardwareUuid', 'TopologyScanStatus', 'PermissionResources', 'Owners', 'DomainGroupMoid', 'ClassId', 'FaultSummary', 'Personality', 'InventoryDeviceInfo', 'KvmVendor', 'ObjectType', 'ScaledMode', 'Rn', 'SharedScope'], data)
                 data['RegisteredDevice'] = pop(
                     ['ClassId', 'ObjectType'], data['RegisteredDevice'])
                 data['AlarmSummary'] = pop(
                     ['ClassId', 'ObjectType'], data['AlarmSummary'])
+                if data['EquipmentChassis'] != None:
+                    data['EquipmentChassis'] = pop(
+                        ['ClassId', 'ObjectType', 'link'], data['EquipmentChassis'])
                 write_splunk(index, account_name,
                              'cisco:intersight:computePhysicalSummaries', data)
                 # try to get HCL data also
@@ -373,6 +383,48 @@ def write_splunk(index, source, sourcetype, data):
                         helper.log_debug(
                             f"{s} | HCL for {data['Moid']} not found")
 
+    # Chassis
+    endpoint = "equipment/Chasses"
+    if 'compute' in opt_inventory and doInventory:
+        helper.log_debug(f"{s} | Retrieving Chassis Inventory Records")
+        doChassis = check_intersight(endpoint)
+
+    if 'compute' in opt_inventory and doInventory and doChassis:
+        RESPONSE = r_intersight(f"{endpoint}?$count=True")
+        count = RESPONSE.json()['Count']
+        helper.log_info(
+            f"{s} | Found {str(count)} chassis inventory records to retrieve")
+        results_per_page = 10  # adjust the number of results we pull per API call
+        for i in range(0, count, results_per_page):
+            RESPONSE = r_intersight(
+                f"{endpoint}?$top={results_per_page}&$skip={str(i)}&$expand=Siocs($select=ConnectionPath,ConnectionStatus,Dn,Model,OperState,Serial,SystemIoControllerId),Ioms($select=ConnectionPath,ConnectionStatus,Dn,Model,ModuleId,OperReason,OperState,Serial,Side,Version,Vid),FanControl($select=Mode),Fanmodules($select=Model,OperState,OperReason),PsuControl($select=Redundancy),Psus($select=Model,OperReason,OperState,PsuId,PsuInputSrc,PsuWattage,Voltage),ExpanderModules($select=Dn,Model,ModuleId,OperReason,OperState,Serial),PowerControlState($select=ExtendedPowerCapacity,AllocatedPower,GridMaxPower,MaxRequiredPower,MinRequiredPower,N1MaxPower,N2MaxPower,NonRedundantMaxPower,PowerRebalancing,PowerSaveMode)")
+            for data in RESPONSE.json()['Results']:
+                data = pop(['Ancestors', 'ClassId', 'DeviceMoId', 'DomainGroupMoid', 'FaultSummary', 'InventoryDeviceInfo', 'Sasexpanders', 'StorageEnclosures',
+                           'LocatorLed', 'ObjectType', 'Owners', 'PermissionResources', 'RegisteredDevice', 'SharedScope', 'VirtualDriveContainer'], data)
+                for x in range(0, len(data['Blades'])):
+                    data['Blades'][x] = pop(
+                        ['ClassId', 'ObjectType', 'link'], data['Blades'][x])
+                for x in range(0, len(data['Fanmodules'])):
+                    data['Fanmodules'][x] = pop(
+                        ['ClassId', 'ObjectType', 'Moid'], data['Fanmodules'][x])
+                for x in range(0, len(data['Ioms'])):
+                    data['Ioms'][x] = pop(
+                        ['ClassId', 'ObjectType', 'Moid'], data['Ioms'][x])
+                for x in range(0, len(data['Siocs'])):
+                    data['Siocs'][x] = pop(
+                        ['ClassId', 'ObjectType', 'Moid'], data['Siocs'][x])
+                for x in range(0, len(data['ExpanderModules'])):
+                    data['ExpanderModules'][x] = pop(
+                        ['ClassId', 'ObjectType', 'Moid'], data['ExpanderModules'][x])
+                for x in range(0, len(data['Psus'])):
+                    data['Psus'][x] = pop(
+                        ['ClassId', 'ObjectType', 'Moid'], data['Psus'][x])
+                for x in ['AlarmSummary', 'PsuControl', 'FanControl', 'PowerControlState']:
+                    data[x] = pop(['ClassId', 'ObjectType', 'Moid'], data[x])
+                length = len(json.dumps(data))
+                write_splunk(
+                    index, account_name, 'cisco:intersight:equipmentChassis', data)
+
     if not 'compute' in opt_inventory:
         helper.log_debug(
             f"{s} | Compute was not selected in the Inventory configuration")
@@ -484,7 +536,7 @@ def write_splunk(index, source, sourcetype, data):
                 f"{endpoint}?$expand=Encryption($select=State),License,RegisteredDevice($select=ClaimedByUserName,ClaimedTime,ConnectionStatusLastChangeTime,ConnectionStatus,CreateTime,ReadOnly)&$top={results_per_page}&$skip={str(i)}")
             for data in RESPONSE.json()['Results']:
                 data = pop(['Alarm', 'Ancestors', 'ChildClusters', 'DomainGroupMoid', 'ClassId', 'Owners', 'ObjectType', 'PermissionResources',
-                           'StorageContainers', 'SharedScope', 'Nodes', 'Health', 'ParentCluster', 'Volumes'], data)
+                           'StorageContainers', 'SharedScope', 'Nodes', 'Health', 'ParentCluster', 'Volumes', 'StorageClientIpPools', 'StorageClientVrf'], data)
                 data['License'] = pop(
                     ['Ancestors', 'Cluster', 'Owners', 'DomainGroupMoid', 'PermissionResources', 'RegisteredDevice'], data['License'])
                 data['RegisteredDevice'] = pop(
@@ -668,7 +720,8 @@ def write_splunk(index, source, sourcetype, data):
     # NetApp Storage VMs
     endpoint = "storage/NetAppStorageVms"
     if 'netapp' in opt_inventory and doInventory:
-        helper.log_debug(f"{s} | Retrieving NetApp Storage VM Inventory Records")
+        helper.log_debug(
+            f"{s} | Retrieving NetApp Storage VM Inventory Records")
         doNetAppStorageVms = check_intersight(endpoint)
 
     if 'netapp' in opt_inventory and doInventory and doNetAppStorageVms:
@@ -742,7 +795,7 @@ def write_splunk(index, source, sourcetype, data):
             RESPONSE = r_intersight(
                 f"{endpoint}?$expand=RegisteredDevice($select=ClaimedByUserName,ClaimedTime,ConnectionStatusLastChangeTime,ConnectionStatus,CreateTime,ReadOnly)&$top={results_per_page}&$skip={str(i)}")
             for data in RESPONSE.json()['Results']:
-                data = pop(['Ancestors', 'DomainGroupMoid', 'ClassId', 'DeviceMoId', 'Owners',
+                data = pop(['Ancestors', 'DomainGroupMoid', 'ClassId', 'DeviceMoId', 'Owners', 'ProtectionGroup',
                            'ObjectType', 'PermissionResources', 'SharedScope', 'Uuid'], data)
                 for x in ['RegisteredDevice', 'StorageUtilization']:
                     data[x] = pop(['ClassId', 'ObjectType'], data[x])

diff --git a/splunk_em.py b/splunk_em.py
@@ -24,7 +24,7 @@ def get_arg(self, arg_name):
         if arg_name == 'validate_ssl':
             return True
         if arg_name == 'enable_aaa_audit_records':
-            return False
+            return True
         if arg_name == 'enable_alarms':
             return True
         if arg_name == 'inventory_interval':

diff --git a/splunkbase/details.md b/splunkbase/details.md
@@ -10,6 +10,7 @@ The Add-on leverages the [Cisco Intersight RESTful API](https://intersight.com/a
 | Alarms | [cond/Alarms][2] | cisco:intersight:condAlarms |
 | Advisories | [tam/AdvisoryInstances][3] | cisco:intersight:tamAdvisoryInstances |
 | Compute | [compute/PhysicalSummaries][4] | cisco:intersight:computePhysicalSummaries |
+| Compute | [equipment/Chasses][26] | cisco:intersight:equipmentChassis |
 | Compute | [cond/HclStatuses][9] | cisco:intersight:condHclStatuses |
 | Contract | [asset/DeviceContractStatusInformations][10] | cisco:intersight:assetDeviceContractInformations |
 | Hitachi | [storage/HitachiArrays][19] | cisco:intersight:storageHitachiClusters |
@@ -57,6 +58,7 @@ The Add-on leverages the [Cisco Intersight RESTful API](https://intersight.com/a
 [23]: https://intersight.com/apidocs/apirefs/api/v1/license/LicenseInfos/model/
 [24]: https://intersight.com/apidocs/apirefs/api/v1/hyperflex/Licenses/model/
 [25]: https://intersight.com/apidocs/apirefs/api/v1/storage/NetAppStorageVms/model/
+[26]: https://intersight.com/apidocs/apirefs/api/v1/equipment/Chasses/model/
 
 Further documentation, sample searches, and known issues are all available at [the Github repository](https://github.com/jerewill-cisco/intersight-splunk-addon).
 

diff --git a/splunkbase/releasenotes.md b/splunkbase/releasenotes.md
@@ -1,5 +1,11 @@
 # Cisco Intersight Add-on for Splunk Release Notes
 
+## 1.3.1 - 3 August 2022
+
+- Found a serious bug in checkpointing that might cause Audit Logs and Alerts to never be retrieved for an input
+- Additional pruning for cisco:intersight:computePhysicalSummaries and a few other items
+- Added cisco:intersight:equipmentChassis to Compute inventory
+
 ## 1.3.0 - 28 July 2022
 
 >New Inventory types are not automatically added to existing configurations.  Please review your input configurations after upgrading to enable the new options.