Generateur de confi de switch HP

6 years ago · d1b4f56913
parent a9ccc6ae82
commit d1b4f56913
4 changed files with 121 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 config.ini
 **/__pycache__/**
 **.list
+generated/*
--- a/generated/init.py
+++ b/generated/init.py
--- a/main.py
+++ b/main.py
@ -19,17 +19,62 @@ api_client = Re2oAPIClient(api_hostname, api_username, api_password)

 client_hostname = socket.gethostname().split('.', 1)[0]

+print("get switchs conf")
 all_switchs = api_client.list("switchs/ports-config/")
-
+all_vlans =  api_client.list("machines/vlan/")
+all_roles = api_client.list("machines/role/")

 # Création de l'environnement Jinja
 ENV = Environment(loader=FileSystemLoader('.'))

 # Import du fichier template dans une variable "template"
-template = ENV.get_template("templates/hp_test.tpl")
+template = ENV.get_template("templates/hp.tpl")

 # Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
-conf = template.render(switch=all_switchs[2])

-print(all_switchs[2])
+def preprocess(switch):
+    def add_to_vlans(vlans, vlan, port, tagged=True):
+        if not vlan['vlan_id'] in vlans:
+            if not tagged:
+                vlans[vlan['vlan_id']] = {'ports_untagged' : [str(port['port'])], 'ports_tagged' : [], 'name' : vlan['name']}
+            else:
+                vlans[vlan['vlan_id']] = {'ports_tagged' : [str(port['port'])], 'ports_untagged' : [], 'name' : vlan['name']}
+        else:
+            if not tagged:
+                vlans[vlan['vlan_id']]['ports_untagged'].append(str(port['port']))
+            else:
+                vlans[vlan['vlan_id']]['ports_tagged'].append(str(port['port']))
+
+    ra_guarded = []
+    loop_protected = []
+    vlans = dict()
+
+    for port in switch['ports']:
+        if port['get_port_profil']['loop_protect']:
+            loop_protected.append(str(port['port']))
+        if port['get_port_profil']['ra_guard']:
+            ra_guarded.append(str(port['port']))
+
+        if port['get_port_profil']['vlan_untagged']:
+            add_to_vlans(vlans, port['get_port_profil']['vlan_untagged'], port, tagged=False)
+        if port['get_port_profil']['vlan_tagged']:
+            for vlan in port['get_port_profil']['vlan_tagged']:
+                add_to_vlans(vlans, vlan, port)
+
+    arp_protect_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["arp_protect"]]
+    dhcp_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcp_snooping"]]
+    dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcpv6_snooping"]]
+    ntp_servers = [server["servers"] for server in all_roles if server["role_type"] == "ntp-server"][0]
+    log_servers = [server["servers"] for server in all_roles if server["role_type"] == "log-server"][0]
+
+    return {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers}
+
+print("gen tpl")
+conf = template.render(switch=all_switchs[2], additionals=preprocess(all_switchs[2]))
+
+for switch in all_switchs:
+    with open("generated/" + switch["short_name"] + ".conf", 'w+') as f:
+        f.write(template.render(switch=switch, additionals=preprocess(switch)))
+
+
 print(conf)
--- a/templates/hp_test.tpl
+++ b/templates/hp_test.tpl
@ -12,12 +12,58 @@ snmpv3 restricted-access
 snmpv3 user "crans"
 snmpv3 group ManagerPriv user "crans" sec-model ver3
 snmp-server community "public" Operator
+;--- Heure/date
+time timezone 60
+time daylight-time-rule Western-Europe
+{%- for server in additionals.ntp_servers %}
+{%- for interface in server.interface %}
+{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
+sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
+{%- if interface.ipv6 %}
+sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
+{%- endif %}
+{%- endif %}
+{%- endfor %}
+{%- endfor %}
 timesync sntp
 sntp unicast
 ;--- Misc ---
 console inactivity-timer 30
+;--- Logs ---
+{%- for server in additionals.log_servers %}
+{%- for interface in server.interface %}
+{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
+logging {{ interface.ipv4 }}
+{%- if interface.ipv6 %}
+logging {{ interface.ipv6.0.ipv6 }}
+{%- endif %}
+{%- endif %}
+{%- endfor %}
+{%- endfor %}
 ;--- IP du switch ---
 no ip default-gateway
+max-vlans 256
+{%- for id, vlan in additionals.vlans.items() %}
+vlan {{ id }}
+   name "{{ vlan["name"]|capitalize }}"
+   {%- if vlan["ports_tagged"] %}
+   tagged {{ vlan["ports_tagged"]|join(' ') }}
+   {%- endif %}
+   {%- if vlan["ports_untagged"] %}
+   untagged {{ vlan["ports_untagged"]|join(' ') }}
+   {%- endif %}
+   {%- if switch.subnet.0.vlan_id == id %}
+   ip address {{ switch.ipv4 }} {{ switch.subnet.0.netmask }}
+   {%- else %}
+   no ip address
+   {%- endif %}
+   {%- if switch.subnet.0.vlan_id == id %}
+   ipv6 address {{ switch.ipv6 }} {{ switch.subnet6.netmask }}
+   {%- else %}
+   no ipv6 enable
+   {%- endif %}
+exit
+{%- endfor %}
 ;--- Accès d'administration ---
 no telnet-server
 no web-management
@ -25,19 +71,41 @@ aaa authentication ssh login public-key none
 aaa authentication ssh enable public-key none
 ip ssh
 ip ssh filetransfer
-ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
+ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
 {%- if switch.subnet6 %}
-ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
+ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
 {%- endif %}
+{%- if additionals.loop_protected %}
 ;--- Protection contre les boucles ---
 loop-protect disable-timer 30
 loop-protect transmit-interval 3
+loop-protect {{ additionals.loop_protected|join(' ') }}
+{%- endif %}
 radius-server dyn-autz-port 3799
 ;--- Filtrage mac ---
 aaa port-access mac-based addr-format multi-colon
 ;--- Bricoles ---
 no cdp run
+{%- if additionals.dhcp_snooping_vlans %}
+;--- DHCP Snooping ---
+dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
 dhcp-snooping
+{%- endif %}
+{%- if additionals.arp_protect_vlans %}
+;--- ARP Protect ---
+arp-protect
+arp-protect vlan {{ additionals.arp_protect_vlans|join(' ') }}
+arp-protect validate src-mac dest-mac
+{%- endif %}
+{%- if additionals.dhcpv6_snooping_vlans %}
+;--- DHCPv6 Snooping ---
+dhcpv6-snooping vlan {{ additionals.dhcpv6_snooping_vlans|join(' ') }}
+dhcpv6-snooping
+{%- endif %}
+{%- if additionals.ra_guarded %}
+;--- RA guards ---
+ipv6 ra-guard ports {{ additionals.ra_guarded|join(' ')}}
+{%- endif %}
 ;--- Config des prises ---
 {%- for port in switch.ports %}
 {%- if port.get_port_profil.radius_type == "802.1X" %}
@ -61,7 +129,7 @@ interface {{ port.port }}
   {%- else %}
   disable
   {%- endif %}
-   name "{{ port.port }}"
+   name "{{ port.pretty_name }}"
   {%- if port.get_port_profil.flow_control %}
   flow control
   {%- endif %}