Utilise les réglages roles et topologie option pour reconfig les switchs
This commit is contained in:
chirac
parent
7d7c7f2f13
commit
3d7c9d98be
2 changed files with 22 additions and 38 deletions
12
main.py
12
main.py
|
|
@ -34,7 +34,7 @@ class Switch:
|
||||||
def __init__(self):
|
def __init__(self):
|
||||||
self.additionnal = None
|
self.additionnal = None
|
||||||
self.all_vlans = api_client.list("machines/vlan/")
|
self.all_vlans = api_client.list("machines/vlan/")
|
||||||
self.all_roles = api_client.list("machines/role/")
|
self.settings = api_client.view("preferences/optionaltopologie/")
|
||||||
# Import du fichier template dans une variable "template"
|
# Import du fichier template dans une variable "template"
|
||||||
self.hp_tpl = ENV.get_template("templates/hp.tpl")
|
self.hp_tpl = ENV.get_template("templates/hp.tpl")
|
||||||
self.conf = None
|
self.conf = None
|
||||||
|
|
@ -75,20 +75,16 @@ class Switch:
|
||||||
dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["dhcpv6_snooping"]]
|
dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["dhcpv6_snooping"]]
|
||||||
igmp_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["igmp"]]
|
igmp_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["igmp"]]
|
||||||
mld_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["mld"]]
|
mld_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["mld"]]
|
||||||
ntp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "ntp-server"][0]
|
|
||||||
log_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "log-server"][0]
|
|
||||||
dhcp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "dhcp"][0]
|
|
||||||
radius_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "radius-server"][0]
|
|
||||||
ra_guarded = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['ra_guard']]
|
ra_guarded = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['ra_guard']]
|
||||||
loop_protected = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['loop_protect']]
|
loop_protected = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['loop_protect']]
|
||||||
|
|
||||||
self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers, 'dhcp_servers' : dhcp_servers, 'radius_servers' : radius_servers, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans}
|
self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans}
|
||||||
|
|
||||||
|
|
||||||
def gen_conf_hp(self):
|
def gen_conf_hp(self):
|
||||||
"""Génère la config pour ce switch hp"""
|
"""Génère la config pour ce switch hp"""
|
||||||
self.preprocess_hp()
|
self.preprocess_hp()
|
||||||
self.conf = self.hp_tpl.render(switch=self.switch, additionals=self.additionals)
|
self.conf = self.hp_tpl.render(switch=self.switch, settings=self.settings, additionals=self.additionals)
|
||||||
|
|
||||||
def check_and_get_login(self):
|
def check_and_get_login(self):
|
||||||
"""Récupère les login/mdp du switch, renvoie false si ils sont indisponibles"""
|
"""Récupère les login/mdp du switch, renvoie false si ils sont indisponibles"""
|
||||||
|
|
@ -119,7 +115,7 @@ class Switch:
|
||||||
"tftp_server_address": {"server_address":
|
"tftp_server_address": {"server_address":
|
||||||
{"ip_address":
|
{"ip_address":
|
||||||
{"version":"IAV_IP_V4",
|
{"version":"IAV_IP_V4",
|
||||||
"octets":"10.231.100.249"}}},
|
"octets":self.settings["switchs_management_interface_ip"]}}},
|
||||||
}
|
}
|
||||||
# Nous lançons la requête de type POST.
|
# Nous lançons la requête de type POST.
|
||||||
post_restore = requests.post(url_restore, data=json.dumps(data), headers=self.headers)
|
post_restore = requests.post(url_restore, data=json.dumps(data), headers=self.headers)
|
||||||
|
|
|
||||||
|
|
@ -15,30 +15,22 @@ snmp-server community "public" Operator
|
||||||
;--- Heure/date
|
;--- Heure/date
|
||||||
time timezone 60
|
time timezone 60
|
||||||
time daylight-time-rule Western-Europe
|
time daylight-time-rule Western-Europe
|
||||||
{%- for server in additionals.ntp_servers %}
|
{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
|
||||||
{%- for interface in server.interface %}
|
sntp server priority {{ loop.index }} {{ ipv4 }} 4
|
||||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
|
||||||
sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
|
|
||||||
{%- if interface.ipv6 %}
|
|
||||||
sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif %}
|
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
|
||||||
|
sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
timesync sntp
|
timesync sntp
|
||||||
sntp unicast
|
sntp unicast
|
||||||
;--- Misc ---
|
;--- Misc ---
|
||||||
console inactivity-timer 30
|
console inactivity-timer 30
|
||||||
;--- Logs ---
|
;--- Logs ---
|
||||||
{%- for server in additionals.log_servers %}
|
{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
|
||||||
{%- for interface in server.interface %}
|
logging {{ ipv4 }}
|
||||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
|
||||||
logging {{ interface.ipv4 }}
|
|
||||||
{%- if interface.ipv6 %}
|
|
||||||
logging {{ interface.ipv6.0.ipv6 }}
|
|
||||||
{%- endif %}
|
|
||||||
{%- endif %}
|
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
|
||||||
|
logging {{ ipv6 }}
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
;--- IP du switch ---
|
;--- IP du switch ---
|
||||||
no ip default-gateway
|
no ip default-gateway
|
||||||
|
|
@ -92,9 +84,11 @@ aaa authentication ssh login public-key none
|
||||||
aaa authentication ssh enable public-key none
|
aaa authentication ssh enable public-key none
|
||||||
ip ssh
|
ip ssh
|
||||||
ip ssh filetransfer
|
ip ssh filetransfer
|
||||||
ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
|
{%- if settings.switchs_management_utils.subnet %}
|
||||||
{%- if switch.subnet6 %}
|
ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
|
||||||
ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
|
{%- endif %}
|
||||||
|
{%- if settings.switchs_management_utils.subnet6 %}
|
||||||
|
ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
{%- if additionals.loop_protected %}
|
{%- if additionals.loop_protected %}
|
||||||
;--- Protection contre les boucles ---
|
;--- Protection contre les boucles ---
|
||||||
|
|
@ -104,13 +98,9 @@ loop-protect {{ additionals.loop_protected|join(',') }}
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
;--- Serveurs Radius
|
;--- Serveurs Radius
|
||||||
radius-server dead-time 2
|
radius-server dead-time 2
|
||||||
{%- for server in additionals.radius_servers %}
|
{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
|
||||||
{%- for interface in server.interface %}
|
radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
|
||||||
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
|
radius-server host {{ ipv4 }} dyn-authorization
|
||||||
radius-server host {{ interface.ipv4 }} key "{{ switch.get_radius_key_value }}"
|
|
||||||
radius-server host {{ interface.ipv4 }} dyn-authorization
|
|
||||||
{%- endif %}
|
|
||||||
{%- endfor %}
|
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
radius-server dyn-autz-port 3799
|
radius-server dyn-autz-port 3799
|
||||||
;--- Filtrage mac ---
|
;--- Filtrage mac ---
|
||||||
|
|
@ -119,10 +109,8 @@ aaa port-access mac-based addr-format multi-colon
|
||||||
no cdp run
|
no cdp run
|
||||||
{%- if additionals.dhcp_snooping_vlans %}
|
{%- if additionals.dhcp_snooping_vlans %}
|
||||||
;--- DHCP Snooping ---
|
;--- DHCP Snooping ---
|
||||||
{%- for server in additionals.dhcp_servers %}
|
{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
|
||||||
{%- for interface in server.interface %}
|
dhcp-snooping authorized-server {{ ipv4 }}
|
||||||
dhcp-snooping authorized-server {{ interface.ipv4 }}
|
|
||||||
{%- endfor %}
|
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
|
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
|
||||||
dhcp-snooping
|
dhcp-snooping
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue