Generateur de confi de switch HP

This commit is contained in:
chirac 2018-07-08 19:13:58 +02:00
parent a9ccc6ae82
commit d1b4f56913
4 changed files with 121 additions and 7 deletions

1
.gitignore vendored
View file

@ -1,3 +1,4 @@
config.ini
**/__pycache__/**
**.list
generated/*

0
generated/__init__.py Normal file
View file

53
main.py
View file

@ -19,17 +19,62 @@ api_client = Re2oAPIClient(api_hostname, api_username, api_password)
client_hostname = socket.gethostname().split('.', 1)[0]
print("get switchs conf")
all_switchs = api_client.list("switchs/ports-config/")
all_vlans = api_client.list("machines/vlan/")
all_roles = api_client.list("machines/role/")
# Création de l'environnement Jinja
ENV = Environment(loader=FileSystemLoader('.'))
# Import du fichier template dans une variable "template"
template = ENV.get_template("templates/hp_test.tpl")
template = ENV.get_template("templates/hp.tpl")
# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
conf = template.render(switch=all_switchs[2])
print(all_switchs[2])
def preprocess(switch):
def add_to_vlans(vlans, vlan, port, tagged=True):
if not vlan['vlan_id'] in vlans:
if not tagged:
vlans[vlan['vlan_id']] = {'ports_untagged' : [str(port['port'])], 'ports_tagged' : [], 'name' : vlan['name']}
else:
vlans[vlan['vlan_id']] = {'ports_tagged' : [str(port['port'])], 'ports_untagged' : [], 'name' : vlan['name']}
else:
if not tagged:
vlans[vlan['vlan_id']]['ports_untagged'].append(str(port['port']))
else:
vlans[vlan['vlan_id']]['ports_tagged'].append(str(port['port']))
ra_guarded = []
loop_protected = []
vlans = dict()
for port in switch['ports']:
if port['get_port_profil']['loop_protect']:
loop_protected.append(str(port['port']))
if port['get_port_profil']['ra_guard']:
ra_guarded.append(str(port['port']))
if port['get_port_profil']['vlan_untagged']:
add_to_vlans(vlans, port['get_port_profil']['vlan_untagged'], port, tagged=False)
if port['get_port_profil']['vlan_tagged']:
for vlan in port['get_port_profil']['vlan_tagged']:
add_to_vlans(vlans, vlan, port)
arp_protect_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["arp_protect"]]
dhcp_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcp_snooping"]]
dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcpv6_snooping"]]
ntp_servers = [server["servers"] for server in all_roles if server["role_type"] == "ntp-server"][0]
log_servers = [server["servers"] for server in all_roles if server["role_type"] == "log-server"][0]
return {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers}
print("gen tpl")
conf = template.render(switch=all_switchs[2], additionals=preprocess(all_switchs[2]))
for switch in all_switchs:
with open("generated/" + switch["short_name"] + ".conf", 'w+') as f:
f.write(template.render(switch=switch, additionals=preprocess(switch)))
print(conf)

View file

@ -12,12 +12,58 @@ snmpv3 restricted-access
snmpv3 user "crans"
snmpv3 group ManagerPriv user "crans" sec-model ver3
snmp-server community "public" Operator
;--- Heure/date
time timezone 60
time daylight-time-rule Western-Europe
{%- for server in additionals.ntp_servers %}
{%- for interface in server.interface %}
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
{%- if interface.ipv6 %}
sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
timesync sntp
sntp unicast
;--- Misc ---
console inactivity-timer 30
;--- Logs ---
{%- for server in additionals.log_servers %}
{%- for interface in server.interface %}
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
logging {{ interface.ipv4 }}
{%- if interface.ipv6 %}
logging {{ interface.ipv6.0.ipv6 }}
{%- endif %}
{%- endif %}
{%- endfor %}
{%- endfor %}
;--- IP du switch ---
no ip default-gateway
max-vlans 256
{%- for id, vlan in additionals.vlans.items() %}
vlan {{ id }}
name "{{ vlan["name"]|capitalize }}"
{%- if vlan["ports_tagged"] %}
tagged {{ vlan["ports_tagged"]|join(' ') }}
{%- endif %}
{%- if vlan["ports_untagged"] %}
untagged {{ vlan["ports_untagged"]|join(' ') }}
{%- endif %}
{%- if switch.subnet.0.vlan_id == id %}
ip address {{ switch.ipv4 }} {{ switch.subnet.0.netmask }}
{%- else %}
no ip address
{%- endif %}
{%- if switch.subnet.0.vlan_id == id %}
ipv6 address {{ switch.ipv6 }} {{ switch.subnet6.netmask }}
{%- else %}
no ipv6 enable
{%- endif %}
exit
{%- endfor %}
;--- Accès d'administration ---
no telnet-server
no web-management
@ -25,19 +71,41 @@ aaa authentication ssh login public-key none
aaa authentication ssh enable public-key none
ip ssh
ip ssh filetransfer
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
{%- if switch.subnet6 %}
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
{%- endif %}
{%- if additionals.loop_protected %}
;--- Protection contre les boucles ---
loop-protect disable-timer 30
loop-protect transmit-interval 3
loop-protect {{ additionals.loop_protected|join(' ') }}
{%- endif %}
radius-server dyn-autz-port 3799
;--- Filtrage mac ---
aaa port-access mac-based addr-format multi-colon
;--- Bricoles ---
no cdp run
{%- if additionals.dhcp_snooping_vlans %}
;--- DHCP Snooping ---
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
dhcp-snooping
{%- endif %}
{%- if additionals.arp_protect_vlans %}
;--- ARP Protect ---
arp-protect
arp-protect vlan {{ additionals.arp_protect_vlans|join(' ') }}
arp-protect validate src-mac dest-mac
{%- endif %}
{%- if additionals.dhcpv6_snooping_vlans %}
;--- DHCPv6 Snooping ---
dhcpv6-snooping vlan {{ additionals.dhcpv6_snooping_vlans|join(' ') }}
dhcpv6-snooping
{%- endif %}
{%- if additionals.ra_guarded %}
;--- RA guards ---
ipv6 ra-guard ports {{ additionals.ra_guarded|join(' ')}}
{%- endif %}
;--- Config des prises ---
{%- for port in switch.ports %}
{%- if port.get_port_profil.radius_type == "802.1X" %}
@ -61,7 +129,7 @@ interface {{ port.port }}
{%- else %}
disable
{%- endif %}
name "{{ port.port }}"
name "{{ port.pretty_name }}"
{%- if port.get_port_profil.flow_control %}
flow control
{%- endif %}