Generateur de confi de switch HP
This commit is contained in:
chirac
parent
a9ccc6ae82
commit
d1b4f56913
4 changed files with 121 additions and 7 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
|
@ -1,3 +1,4 @@
|
|||
config.ini
|
||||
**/__pycache__/**
|
||||
**.list
|
||||
generated/*
|
||||
|
|
|
|||
0
generated/__init__.py
Normal file
0
generated/__init__.py
Normal file
53
main.py
53
main.py
|
|
@ -19,17 +19,62 @@ api_client = Re2oAPIClient(api_hostname, api_username, api_password)
|
|||
|
||||
client_hostname = socket.gethostname().split('.', 1)[0]
|
||||
|
||||
print("get switchs conf")
|
||||
all_switchs = api_client.list("switchs/ports-config/")
|
||||
|
||||
all_vlans = api_client.list("machines/vlan/")
|
||||
all_roles = api_client.list("machines/role/")
|
||||
|
||||
# Création de l'environnement Jinja
|
||||
ENV = Environment(loader=FileSystemLoader('.'))
|
||||
|
||||
# Import du fichier template dans une variable "template"
|
||||
template = ENV.get_template("templates/hp_test.tpl")
|
||||
template = ENV.get_template("templates/hp.tpl")
|
||||
|
||||
# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
|
||||
conf = template.render(switch=all_switchs[2])
|
||||
|
||||
print(all_switchs[2])
|
||||
def preprocess(switch):
|
||||
def add_to_vlans(vlans, vlan, port, tagged=True):
|
||||
if not vlan['vlan_id'] in vlans:
|
||||
if not tagged:
|
||||
vlans[vlan['vlan_id']] = {'ports_untagged' : [str(port['port'])], 'ports_tagged' : [], 'name' : vlan['name']}
|
||||
else:
|
||||
vlans[vlan['vlan_id']] = {'ports_tagged' : [str(port['port'])], 'ports_untagged' : [], 'name' : vlan['name']}
|
||||
else:
|
||||
if not tagged:
|
||||
vlans[vlan['vlan_id']]['ports_untagged'].append(str(port['port']))
|
||||
else:
|
||||
vlans[vlan['vlan_id']]['ports_tagged'].append(str(port['port']))
|
||||
|
||||
ra_guarded = []
|
||||
loop_protected = []
|
||||
vlans = dict()
|
||||
|
||||
for port in switch['ports']:
|
||||
if port['get_port_profil']['loop_protect']:
|
||||
loop_protected.append(str(port['port']))
|
||||
if port['get_port_profil']['ra_guard']:
|
||||
ra_guarded.append(str(port['port']))
|
||||
|
||||
if port['get_port_profil']['vlan_untagged']:
|
||||
add_to_vlans(vlans, port['get_port_profil']['vlan_untagged'], port, tagged=False)
|
||||
if port['get_port_profil']['vlan_tagged']:
|
||||
for vlan in port['get_port_profil']['vlan_tagged']:
|
||||
add_to_vlans(vlans, vlan, port)
|
||||
|
||||
arp_protect_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["arp_protect"]]
|
||||
dhcp_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcp_snooping"]]
|
||||
dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcpv6_snooping"]]
|
||||
ntp_servers = [server["servers"] for server in all_roles if server["role_type"] == "ntp-server"][0]
|
||||
log_servers = [server["servers"] for server in all_roles if server["role_type"] == "log-server"][0]
|
||||
|
||||
return {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers}
|
||||
|
||||
print("gen tpl")
|
||||
conf = template.render(switch=all_switchs[2], additionals=preprocess(all_switchs[2]))
|
||||
|
||||
for switch in all_switchs:
|
||||
with open("generated/" + switch["short_name"] + ".conf", 'w+') as f:
|
||||
f.write(template.render(switch=switch, additionals=preprocess(switch)))
|
||||
|
||||
|
||||
print(conf)
|
||||
|
|
|
|||
|
|
@ -12,12 +12,58 @@ snmpv3 restricted-access
|
|||
snmpv3 user "crans"
|
||||
snmpv3 group ManagerPriv user "crans" sec-model ver3
|
||||
snmp-server community "public" Operator
|
||||
;--- Heure/date
|
||||
time timezone 60
|
||||
time daylight-time-rule Western-Europe
|
||||
{%- for server in additionals.ntp_servers %}
|
||||
{%- for interface in server.interface %}
|
||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
||||
sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
|
||||
{%- if interface.ipv6 %}
|
||||
sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
timesync sntp
|
||||
sntp unicast
|
||||
;--- Misc ---
|
||||
console inactivity-timer 30
|
||||
;--- Logs ---
|
||||
{%- for server in additionals.log_servers %}
|
||||
{%- for interface in server.interface %}
|
||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
||||
logging {{ interface.ipv4 }}
|
||||
{%- if interface.ipv6 %}
|
||||
logging {{ interface.ipv6.0.ipv6 }}
|
||||
{%- endif %}
|
||||
{%- endif %}
|
||||
{%- endfor %}
|
||||
{%- endfor %}
|
||||
;--- IP du switch ---
|
||||
no ip default-gateway
|
||||
max-vlans 256
|
||||
{%- for id, vlan in additionals.vlans.items() %}
|
||||
vlan {{ id }}
|
||||
name "{{ vlan["name"]|capitalize }}"
|
||||
{%- if vlan["ports_tagged"] %}
|
||||
tagged {{ vlan["ports_tagged"]|join(' ') }}
|
||||
{%- endif %}
|
||||
{%- if vlan["ports_untagged"] %}
|
||||
untagged {{ vlan["ports_untagged"]|join(' ') }}
|
||||
{%- endif %}
|
||||
{%- if switch.subnet.0.vlan_id == id %}
|
||||
ip address {{ switch.ipv4 }} {{ switch.subnet.0.netmask }}
|
||||
{%- else %}
|
||||
no ip address
|
||||
{%- endif %}
|
||||
{%- if switch.subnet.0.vlan_id == id %}
|
||||
ipv6 address {{ switch.ipv6 }} {{ switch.subnet6.netmask }}
|
||||
{%- else %}
|
||||
no ipv6 enable
|
||||
{%- endif %}
|
||||
exit
|
||||
{%- endfor %}
|
||||
;--- Accès d'administration ---
|
||||
no telnet-server
|
||||
no web-management
|
||||
|
|
@ -25,19 +71,41 @@ aaa authentication ssh login public-key none
|
|||
aaa authentication ssh enable public-key none
|
||||
ip ssh
|
||||
ip ssh filetransfer
|
||||
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
|
||||
ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
|
||||
{%- if switch.subnet6 %}
|
||||
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
|
||||
ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
|
||||
{%- endif %}
|
||||
{%- if additionals.loop_protected %}
|
||||
;--- Protection contre les boucles ---
|
||||
loop-protect disable-timer 30
|
||||
loop-protect transmit-interval 3
|
||||
loop-protect {{ additionals.loop_protected|join(' ') }}
|
||||
{%- endif %}
|
||||
radius-server dyn-autz-port 3799
|
||||
;--- Filtrage mac ---
|
||||
aaa port-access mac-based addr-format multi-colon
|
||||
;--- Bricoles ---
|
||||
no cdp run
|
||||
{%- if additionals.dhcp_snooping_vlans %}
|
||||
;--- DHCP Snooping ---
|
||||
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
|
||||
dhcp-snooping
|
||||
{%- endif %}
|
||||
{%- if additionals.arp_protect_vlans %}
|
||||
;--- ARP Protect ---
|
||||
arp-protect
|
||||
arp-protect vlan {{ additionals.arp_protect_vlans|join(' ') }}
|
||||
arp-protect validate src-mac dest-mac
|
||||
{%- endif %}
|
||||
{%- if additionals.dhcpv6_snooping_vlans %}
|
||||
;--- DHCPv6 Snooping ---
|
||||
dhcpv6-snooping vlan {{ additionals.dhcpv6_snooping_vlans|join(' ') }}
|
||||
dhcpv6-snooping
|
||||
{%- endif %}
|
||||
{%- if additionals.ra_guarded %}
|
||||
;--- RA guards ---
|
||||
ipv6 ra-guard ports {{ additionals.ra_guarded|join(' ')}}
|
||||
{%- endif %}
|
||||
;--- Config des prises ---
|
||||
{%- for port in switch.ports %}
|
||||
{%- if port.get_port_profil.radius_type == "802.1X" %}
|
||||
|
|
@ -61,7 +129,7 @@ interface {{ port.port }}
|
|||
{%- else %}
|
||||
disable
|
||||
{%- endif %}
|
||||
name "{{ port.port }}"
|
||||
name "{{ port.pretty_name }}"
|
||||
{%- if port.get_port_profil.flow_control %}
|
||||
flow control
|
||||
{%- endif %}
|
||||
Loading…
Reference in a new issue