Utilise les réglages roles et topologie option pour reconfig les switchs
This commit is contained in:
chirac
parent
7d7c7f2f13
commit
3d7c9d98be
2 changed files with 22 additions and 38 deletions
12
main.py
12
main.py
|
|
@ -34,7 +34,7 @@ class Switch:
|
|||
def __init__(self):
|
||||
self.additionnal = None
|
||||
self.all_vlans = api_client.list("machines/vlan/")
|
||||
self.all_roles = api_client.list("machines/role/")
|
||||
self.settings = api_client.view("preferences/optionaltopologie/")
|
||||
# Import du fichier template dans une variable "template"
|
||||
self.hp_tpl = ENV.get_template("templates/hp.tpl")
|
||||
self.conf = None
|
||||
|
|
@ -75,20 +75,16 @@ class Switch:
|
|||
dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["dhcpv6_snooping"]]
|
||||
igmp_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["igmp"]]
|
||||
mld_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["mld"]]
|
||||
ntp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "ntp-server"][0]
|
||||
log_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "log-server"][0]
|
||||
dhcp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "dhcp"][0]
|
||||
radius_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "radius-server"][0]
|
||||
ra_guarded = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['ra_guard']]
|
||||
loop_protected = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['loop_protect']]
|
||||
|
||||
self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers, 'dhcp_servers' : dhcp_servers, 'radius_servers' : radius_servers, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans}
|
||||
self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans}
|
||||
|
||||
|
||||
def gen_conf_hp(self):
|
||||
"""Génère la config pour ce switch hp"""
|
||||
self.preprocess_hp()
|
||||
self.conf = self.hp_tpl.render(switch=self.switch, additionals=self.additionals)
|
||||
self.conf = self.hp_tpl.render(switch=self.switch, settings=self.settings, additionals=self.additionals)
|
||||
|
||||
def check_and_get_login(self):
|
||||
"""Récupère les login/mdp du switch, renvoie false si ils sont indisponibles"""
|
||||
|
|
@ -119,7 +115,7 @@ class Switch:
|
|||
"tftp_server_address": {"server_address":
|
||||
{"ip_address":
|
||||
{"version":"IAV_IP_V4",
|
||||
"octets":"10.231.100.249"}}},
|
||||
"octets":self.settings["switchs_management_interface_ip"]}}},
|
||||
}
|
||||
# Nous lançons la requête de type POST.
|
||||
post_restore = requests.post(url_restore, data=json.dumps(data), headers=self.headers)
|
||||
|
|
|
|||
|
|
@ -15,30 +15,22 @@ snmp-server community "public" Operator
|
|||
;--- Heure/date
|
||||
time timezone 60
|
||||
time daylight-time-rule Western-Europe
|
||||
{%- for server in additionals.ntp_servers %}
|
||||
{%- for interface in server.interface %}
|
||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
||||
sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
|
||||
{%- if interface.ipv6 %}
|
||||
sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
|
||||
sntp server priority {{ loop.index }} {{ ipv4 }} 4
|
||||
{%- endfor %}
|
||||
{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
|
||||
sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
|
||||
{%- endfor %}
|
||||
timesync sntp
|
||||
sntp unicast
|
||||
;--- Misc ---
|
||||
console inactivity-timer 30
|
||||
;--- Logs ---
|
||||
{%- for server in additionals.log_servers %}
|
||||
{%- for interface in server.interface %}
|
||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
||||
logging {{ interface.ipv4 }}
|
||||
{%- if interface.ipv6 %}
|
||||
logging {{ interface.ipv6.0.ipv6 }}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
|
||||
logging {{ ipv4 }}
|
||||
{%- endfor %}
|
||||
{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
|
||||
logging {{ ipv6 }}
|
||||
{%- endfor %}
|
||||
;--- IP du switch ---
|
||||
no ip default-gateway
|
||||
|
|
@ -92,9 +84,11 @@ aaa authentication ssh login public-key none
|
|||
aaa authentication ssh enable public-key none
|
||||
ip ssh
|
||||
ip ssh filetransfer
|
||||
ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
|
||||
{%- if switch.subnet6 %}
|
||||
ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
|
||||
{%- if settings.switchs_management_utils.subnet %}
|
||||
ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
|
||||
{%- endif %}
|
||||
{%- if settings.switchs_management_utils.subnet6 %}
|
||||
ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
|
||||
{%- endif %}
|
||||
{%- if additionals.loop_protected %}
|
||||
;--- Protection contre les boucles ---
|
||||
|
|
@ -104,13 +98,9 @@ loop-protect {{ additionals.loop_protected|join(',') }}
|
|||
{%- endif %}
|
||||
;--- Serveurs Radius
|
||||
radius-server dead-time 2
|
||||
{%- for server in additionals.radius_servers %}
|
||||
{%- for interface in server.interface %}
|
||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
||||
radius-server host {{ interface.ipv4 }} key "{{ switch.get_radius_key_value }}"
|
||||
radius-server host {{ interface.ipv4 }} dyn-authorization
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
|
||||
radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
|
||||
radius-server host {{ ipv4 }} dyn-authorization
|
||||
{%- endfor %}
|
||||
radius-server dyn-autz-port 3799
|
||||
;--- Filtrage mac ---
|
||||
|
|
@ -119,10 +109,8 @@ aaa port-access mac-based addr-format multi-colon
|
|||
no cdp run
|
||||
{%- if additionals.dhcp_snooping_vlans %}
|
||||
;--- DHCP Snooping ---
|
||||
{%- for server in additionals.dhcp_servers %}
|
||||
{%- for interface in server.interface %}
|
||||
dhcp-snooping authorized-server {{ interface.ipv4 }}
|
||||
{%- endfor %}
|
||||
{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
|
||||
dhcp-snooping authorized-server {{ ipv4 }}
|
||||
{%- endfor %}
|
||||
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
|
||||
dhcp-snooping
|
||||
|
|
|
|||
Loading…
Reference in a new issue