Merge pull request #33 from carlmontanari/checkpoint

added Checkpoint Cloudguard integration
carlmontanari · Jul 11, 2022 · 872bd6b · 872bd6b
2 parents 42e9777 + 1a4df23
commit 872bd6b
Show file tree

Hide file tree

Showing 12 changed files with 358 additions and 48 deletions.
diff --git a/README.md b/README.md
@@ -5,7 +5,7 @@
 
 ---
 
-boxen -- put your network operating systems in a box (or if you speak 🇩🇪, fight them! 🤣)! 
+boxen -- put your network operating systems in a box (or if you speak 🇩🇪, fight them! 🤣)!
 
 boxen is a cli tool written in Go that allows you to package your network operating systems neatly 
 into little... boxes (container images) so they are easily portable, and, most importantly, so you 
@@ -39,6 +39,8 @@ Please note that this is a work in progress... especially the documentation!
   - vSRX (tested with 17.3R2.10)
 - Palo Alto
   - PA-VM (tested with 10.0.6)
+- Checkpoint
+  - Cloudguard (tested with R81.10)
 
 Additional platforms can of course be added! 
 

diff --git a/boxen/assets/configs/checkpoint_cloudguard.template b/boxen/assets/configs/checkpoint_cloudguard.template
@@ -0,0 +1,5 @@
+lock database override
+set interface eth0 ipv4-address 10.0.0.15 subnet-mask 255.255.255.0
+set interface eth0 state on
+set ipv6-state on
+unlock database
diff --git a/boxen/assets/profiles/checkpoint_cloudguard.yaml b/boxen/assets/profiles/checkpoint_cloudguard.yaml
@@ -0,0 +1,31 @@
+---
+hardware:
+  memory: 8192
+  acceleration:
+    - kvm
+  serial_port_count: 1
+  nic_type: virtio-net-pci
+  nic_count: 8
+  nic_per_bus: 26
+advanced:
+  cpu:
+    emulation: host
+    cores: 4
+tcp_nat_ports:
+  - 22
+  - 23
+  - 257
+  - 443
+  - 830
+  - 4434
+  - 8211
+  - 18190
+  - 18191
+  - 18192
+  - 18210
+  - 18211
+  - 18221
+  - 18264
+  - 19009
+udp_nat_ports:
+  - 161
diff --git a/boxen/instance/qemulaunchcmd.go b/boxen/instance/qemulaunchcmd.go
@@ -123,17 +123,23 @@ func (i *Qemu) launchCmdCPU() []string {
 		cpuCmd = append(cpuCmd, []string{"-cpu", c.Emulation}...)
 	}
 
-	if c.Cores != 0 && c.Threads != 0 && c.Sockets != 0 {
+	if c.Cores != 0 {
 		if len(cpuCmd) == 0 {
 			cpuCmd = append(cpuCmd, []string{"-cpu", "max"}...)
 		}
 
-		cpuCmd = append(
-			cpuCmd,
-			[]string{
-				"-smp",
-				fmt.Sprintf("cores=%d,threads=%d,sockets=%d", c.Cores, c.Threads, c.Sockets),
-			}...)
+		if c.Threads != 0 && c.Sockets != 0 {
+			cpuCmd = append(
+				cpuCmd,
+				[]string{
+					"-smp",
+					fmt.Sprintf("cores=%d,threads=%d,sockets=%d", c.Cores, c.Threads, c.Sockets),
+				}...)
+		} else if c.Threads == 0 && c.Sockets == 0 {
+			cpuCmd = append(
+				cpuCmd,
+				[]string{"-smp", fmt.Sprint(c.Cores)}...)
+		}
 	}
 
 	return cpuCmd

diff --git a/boxen/platforms/checkpoint_cloudguard.go b/boxen/platforms/checkpoint_cloudguard.go
@@ -0,0 +1,220 @@
+package platforms
+
+import (
+	"fmt"
+	"time"
+
+	sopoptions "github.com/scrapli/scrapligo/driver/opoptions"
+
+	"github.com/carlmontanari/boxen/boxen/instance"
+)
+
+const (
+	CheckpointCloudguardDefaultUser = "admin"
+	CheckpointCloudguardDefaultPass = "admin"
+
+	CheckpointCloudguardScrapliPlatform = "https://gist.githubusercontent.com/hellt/1eee1024bc1cb3121aaeac199d48663a/raw/07caf0b024802da2dbb6fe17dbabcb26231b8cb6/checkpoint_cloudguard.yaml" // nolint:lll
+
+	checkpointCloudGuardDefaultBootTime = 720
+)
+
+type CheckpointCloudguard struct {
+	*instance.Qemu
+	*ScrapliConsole
+}
+
+func (p *CheckpointCloudguard) Package(
+	_, _ string,
+) (packageFiles, runFiles []string, err error) {
+	return nil, nil, err
+}
+
+func (p *CheckpointCloudguard) Install(opts ...instance.Option) error { // nolint:dupl
+	p.Loggers.Base.Info("install requested")
+
+	a, opts, err := setInstallArgs(opts...)
+	if err != nil {
+		return err
+	}
+
+	c := make(chan error, 1)
+	stop := make(chan bool, 1)
+
+	go func() { //nolint:dupl
+		err = p.Qemu.Start(opts...)
+		if err != nil {
+			c <- err
+		}
+
+		p.Loggers.Base.Debug("instance started, waiting for start ready state")
+
+		err = p.startReady()
+		if err != nil {
+			p.Loggers.Base.Criticalf("error waiting for start ready state: %s\n", err)
+
+			c <- err
+		}
+
+		p.Loggers.Base.Debug("start ready state acquired, logging in")
+
+		err = p.login(
+			&loginArgs{
+				username: CheckpointCloudguardDefaultUser,
+				password: CheckpointCloudguardDefaultPass,
+			},
+		)
+		if err != nil {
+			c <- err
+		}
+
+		p.Loggers.Base.Debug("log in complete")
+
+		if a.configLines != nil {
+			p.Loggers.Base.Debug("install config lines provided, executing scrapligo on open")
+
+			err = p.defOnOpen(p.c)
+			if err != nil {
+				p.Loggers.Base.Criticalf("error running scrapligo on open: %s\n", err)
+
+				c <- err
+			}
+
+			err = p.Config(a.configLines)
+			if err != nil {
+				p.Loggers.Base.Criticalf("error sending install config lines: %s\n", err)
+
+				c <- err
+			}
+		}
+
+		p.Loggers.Base.Debug("initial installation complete")
+
+		err = p.SaveConfig()
+		if err != nil {
+			p.Loggers.Base.Criticalf("error saving config: %s\n", err)
+
+			c <- err
+		}
+
+		// small delay ensuring config is saved nicely, without this extra sleep things just seem to
+		// not actually "save" despite the "save complete" or whatever output.
+		time.Sleep(5 * time.Second) // nolint:gomnd
+
+		c <- nil
+		stop <- true
+	}()
+
+	go p.WatchMainProc(c, stop)
+
+	err = <-c
+	if err != nil {
+		return err
+	}
+
+	p.Loggers.Base.Info("install complete, stopping instance")
+
+	return p.Stop(opts...)
+}
+
+func (p *CheckpointCloudguard) Start(opts ...instance.Option) error {
+	p.Loggers.Base.Info("start platform instance requested")
+
+	a, opts, err := setStartArgs(opts...)
+	if err != nil {
+		return err
+	}
+
+	err = p.Qemu.Start(opts...)
+	if err != nil {
+		return err
+	}
+
+	err = p.startReady()
+	if err != nil {
+		p.Loggers.Base.Criticalf("error waiting for start ready state: %s\n", err)
+
+		return err
+	}
+
+	if !a.prepareConsole {
+		p.Loggers.Base.Info("prepare console not requested, starting instance complete")
+
+		return nil
+	}
+
+	err = p.login(
+		&loginArgs{
+			username: CheckpointCloudguardDefaultUser,
+			password: CheckpointCloudguardDefaultPass,
+		},
+	)
+	if err != nil {
+		return err
+	}
+
+	err = p.defOnOpen(p.c)
+	if err != nil {
+		return err
+	}
+
+	p.Loggers.Base.Info("starting platform instance complete")
+
+	return nil
+}
+
+func (p *CheckpointCloudguard) startReady() error {
+	// openRetry doesn't do auth and doesn't call onOpen as it is set to nil somewhere before this
+	err := p.openRetry()
+	if err != nil {
+		return err
+	}
+
+	err = p.readUntil(
+		[]byte("This system is for authorized use only"),
+		getPlatformBootTimeout(PlatformTypeCheckpointCloudguard),
+	)
+
+	return err
+}
+
+func (p *CheckpointCloudguard) SaveConfig() error {
+	p.Loggers.Base.Info("save config requested")
+
+	_, err := p.c.SendCommand(
+		"save config",
+		sopoptions.WithTimeoutOps(
+			time.Duration(getPlatformSaveTimeout(PlatformTypeCheckpointCloudguard))*time.Second,
+		),
+	)
+
+	return err
+}
+
+func (p *CheckpointCloudguard) SetUserPass(usr, pwd string) error {
+	if usr == CheckpointCloudguardDefaultPass && pwd == CheckpointCloudguardDefaultPass {
+		p.Loggers.Base.Info("skipping user creation, since credentials match defaults for platform")
+		return nil
+	}
+
+	p.Loggers.Base.Infof("set user/password for user '%s' requested", usr)
+
+	return p.Config([]string{
+		fmt.Sprintf(
+			"add user %s uid 0 homedir /home/%s",
+			usr,
+			usr),
+		fmt.Sprintf(
+			"add rba user %s roles adminRole",
+			usr),
+		fmt.Sprintf(
+			"set user %s newpass %s",
+			usr,
+			pwd),
+	})
+}
+
+func (p *CheckpointCloudguard) SetHostname(h string) error {
+	p.Loggers.Base.Infof("set hostname '%s' requested", h)
+
+	return p.Config([]string{fmt.Sprintf("set hostname %s", h)})
+}
diff --git a/boxen/platforms/console.go b/boxen/platforms/console.go
@@ -82,7 +82,7 @@ func NewScrapliConsole(
 	}
 
 	con := &ScrapliConsole{
-		pT:        scrapliPlatform,
+		pT:        p.GetPlatformType(),
 		c:         c,
 		defOnOpen: c.OnOpen,
 		logger:    l.Base,

diff --git a/boxen/platforms/constants.go b/boxen/platforms/constants.go
@@ -6,22 +6,25 @@ const (
 	VendorJuniper    = "juniper"
 	VendorPaloAlto   = "paloalto"
 	VendorIPInfusion = "ipinfusion"
+	VendorCheckpoint = "checkpoint"
 
-	PlatformAristaVeos      = "veos"
-	PlatformCiscoCsr1000v   = "csr1000v"
-	PlatformCiscoXrv9k      = "xrv9k"
-	PlatformCiscoN9kv       = "n9kv"
-	PlatformJuniperVsrx     = "vsrx"
-	PlatformPaloAltoPanos   = "panos"
-	PlatformIPInfusionOcNOS = "ocnos"
+	PlatformAristaVeos           = "veos"
+	PlatformCiscoCsr1000v        = "csr1000v"
+	PlatformCiscoXrv9k           = "xrv9k"
+	PlatformCiscoN9kv            = "n9kv"
+	PlatformJuniperVsrx          = "vsrx"
+	PlatformPaloAltoPanos        = "panos"
+	PlatformIPInfusionOcNOS      = "ocnos"
+	PlatformCheckpointCloudguard = "cloudguard"
 
-	PlatformTypeAristaVeos      = "arista_veos"
-	PlatformTypeCiscoCsr1000v   = "cisco_csr1000v"
-	PlatformTypeCiscoXrv9k      = "cisco_xrv9k"
-	PlatformTypeCiscoN9kv       = "cisco_n9kv"
-	PlatformTypeJuniperVsrx     = "juniper_vsrx"
-	PlatformTypePaloAltoPanos   = "paloalto_panos"
-	PlatformTypeIPInfusionOcNOS = "ipinfusion_ocnos"
+	PlatformTypeAristaVeos           = "arista_veos"
+	PlatformTypeCiscoCsr1000v        = "cisco_csr1000v"
+	PlatformTypeCiscoXrv9k           = "cisco_xrv9k"
+	PlatformTypeCiscoN9kv            = "cisco_n9kv"
+	PlatformTypeJuniperVsrx          = "juniper_vsrx"
+	PlatformTypePaloAltoPanos        = "paloalto_panos"
+	PlatformTypeIPInfusionOcNOS      = "ipinfusion_ocnos"
+	PlatformTypeCheckpointCloudguard = "checkpoint_cloudguard"
 
 	NicE1000  = "e1000"
 	NicVirtio = "virtio-net-pci"