Utilise les réglages roles et topologie option pour reconfig les switchs

This commit is contained in:
chirac 2018-07-11 23:58:16 +02:00
parent 7d7c7f2f13
commit 3d7c9d98be
2 changed files with 22 additions and 38 deletions

12
main.py
View file

@ -34,7 +34,7 @@ class Switch:
def __init__(self): def __init__(self):
self.additionnal = None self.additionnal = None
self.all_vlans = api_client.list("machines/vlan/") self.all_vlans = api_client.list("machines/vlan/")
self.all_roles = api_client.list("machines/role/") self.settings = api_client.view("preferences/optionaltopologie/")
# Import du fichier template dans une variable "template" # Import du fichier template dans une variable "template"
self.hp_tpl = ENV.get_template("templates/hp.tpl") self.hp_tpl = ENV.get_template("templates/hp.tpl")
self.conf = None self.conf = None
@ -75,20 +75,16 @@ class Switch:
dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["dhcpv6_snooping"]] dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["dhcpv6_snooping"]]
igmp_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["igmp"]] igmp_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["igmp"]]
mld_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["mld"]] mld_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["mld"]]
ntp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "ntp-server"][0]
log_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "log-server"][0]
dhcp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "dhcp"][0]
radius_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "radius-server"][0]
ra_guarded = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['ra_guard']] ra_guarded = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['ra_guard']]
loop_protected = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['loop_protect']] loop_protected = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['loop_protect']]
self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers, 'dhcp_servers' : dhcp_servers, 'radius_servers' : radius_servers, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans} self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans}
def gen_conf_hp(self): def gen_conf_hp(self):
"""Génère la config pour ce switch hp""" """Génère la config pour ce switch hp"""
self.preprocess_hp() self.preprocess_hp()
self.conf = self.hp_tpl.render(switch=self.switch, additionals=self.additionals) self.conf = self.hp_tpl.render(switch=self.switch, settings=self.settings, additionals=self.additionals)
def check_and_get_login(self): def check_and_get_login(self):
"""Récupère les login/mdp du switch, renvoie false si ils sont indisponibles""" """Récupère les login/mdp du switch, renvoie false si ils sont indisponibles"""
@ -119,7 +115,7 @@ class Switch:
"tftp_server_address": {"server_address": "tftp_server_address": {"server_address":
{"ip_address": {"ip_address":
{"version":"IAV_IP_V4", {"version":"IAV_IP_V4",
"octets":"10.231.100.249"}}}, "octets":self.settings["switchs_management_interface_ip"]}}},
} }
# Nous lançons la requête de type POST. # Nous lançons la requête de type POST.
post_restore = requests.post(url_restore, data=json.dumps(data), headers=self.headers) post_restore = requests.post(url_restore, data=json.dumps(data), headers=self.headers)

View file

@ -15,30 +15,22 @@ snmp-server community "public" Operator
;--- Heure/date ;--- Heure/date
time timezone 60 time timezone 60
time daylight-time-rule Western-Europe time daylight-time-rule Western-Europe
{%- for server in additionals.ntp_servers %} {%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
{%- for interface in server.interface %} sntp server priority {{ loop.index }} {{ ipv4 }} 4
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
{%- if interface.ipv6 %}
sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
{%- endif %}
{%- endif %}
{%- endfor %} {%- endfor %}
{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
{%- endfor %} {%- endfor %}
timesync sntp timesync sntp
sntp unicast sntp unicast
;--- Misc --- ;--- Misc ---
console inactivity-timer 30 console inactivity-timer 30
;--- Logs --- ;--- Logs ---
{%- for server in additionals.log_servers %} {%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
{%- for interface in server.interface %} logging {{ ipv4 }}
{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
logging {{ interface.ipv4 }}
{%- if interface.ipv6 %}
logging {{ interface.ipv6.0.ipv6 }}
{%- endif %}
{%- endif %}
{%- endfor %} {%- endfor %}
{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
logging {{ ipv6 }}
{%- endfor %} {%- endfor %}
;--- IP du switch --- ;--- IP du switch ---
no ip default-gateway no ip default-gateway
@ -92,9 +84,11 @@ aaa authentication ssh login public-key none
aaa authentication ssh enable public-key none aaa authentication ssh enable public-key none
ip ssh ip ssh
ip ssh filetransfer ip ssh filetransfer
ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager {%- if settings.switchs_management_utils.subnet %}
{%- if switch.subnet6 %} ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager {%- endif %}
{%- if settings.switchs_management_utils.subnet6 %}
ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
{%- endif %} {%- endif %}
{%- if additionals.loop_protected %} {%- if additionals.loop_protected %}
;--- Protection contre les boucles --- ;--- Protection contre les boucles ---
@ -104,13 +98,9 @@ loop-protect {{ additionals.loop_protected|join(',') }}
{%- endif %} {%- endif %}
;--- Serveurs Radius ;--- Serveurs Radius
radius-server dead-time 2 radius-server dead-time 2
{%- for server in additionals.radius_servers %} {%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
{%- for interface in server.interface %} radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
{%- if switch.subnet.0.vlan_id == interface.vlan_id %} radius-server host {{ ipv4 }} dyn-authorization
radius-server host {{ interface.ipv4 }} key "{{ switch.get_radius_key_value }}"
radius-server host {{ interface.ipv4 }} dyn-authorization
{%- endif %}
{%- endfor %}
{%- endfor %} {%- endfor %}
radius-server dyn-autz-port 3799 radius-server dyn-autz-port 3799
;--- Filtrage mac --- ;--- Filtrage mac ---
@ -119,10 +109,8 @@ aaa port-access mac-based addr-format multi-colon
no cdp run no cdp run
{%- if additionals.dhcp_snooping_vlans %} {%- if additionals.dhcp_snooping_vlans %}
;--- DHCP Snooping --- ;--- DHCP Snooping ---
{%- for server in additionals.dhcp_servers %} {%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
{%- for interface in server.interface %} dhcp-snooping authorized-server {{ ipv4 }}
dhcp-snooping authorized-server {{ interface.ipv4 }}
{%- endfor %}
{%- endfor %} {%- endfor %}
dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }} dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
dhcp-snooping dhcp-snooping