working version

.gitignore

@@ -1,4 +1,5 @@
 config.ini
 **/__pycache__/**
 **.list
+generated/*
 aliases_local

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "re2oapi"]
 	path = re2oapi
-        url = https://gitlab.crans.org/nounous/re2o-re2oapi.git
+    url = https://gitlab.crans.org/nounous/re2o-re2oapi.git

README.md

@@ -1,9 +1,12 @@
-## Re2o - DHCP
+## Re2o - Switchs config
 
-This service uses Re2o API to generate DHCP leases files
+This service uses Re2o API to generate Swicths config files
 
+More info on https://gitlab.federez.net/re2o/switchs/wikis/home
 
 ## Requirements
 
 * python3
+* python3-jinja2
+* python3-json
 * requirements in https://gitlab.federez.net/re2o/re2oapi

main.py

@@ -6,6 +6,12 @@ from re2oapi import Re2oAPIClient
 
 from jinja2 import Environment, FileSystemLoader
 
+import requests
+import base64
+import json
+from subprocess import call
+import os.path
+
 config = ConfigParser()
 config.read('config.ini')
 
@@ -13,23 +19,35 @@ api_hostname = config.get('Re2o', 'hostname')
 api_password = config.get('Re2o', 'password')
 api_username = config.get('Re2o', 'username')
 
-
-
 api_client = Re2oAPIClient(api_hostname, api_username, api_password)
 
 client_hostname = socket.gethostname().split('.', 1)[0]
 
-all_switchs = api_client.list("switchs/ports-config/")
 
+def generate(api_client):
+    all_users = api_client.list("localemail/users")
+    # Création de l'environnement Jinja
+    env = Environment(loader=FileSystemLoader('.'))
+    template = env.get_template('templates/list')
+    aliases_rendered = template.render(data=all_users)
+
+    fichier = open('generated/aliases','w')
 
-# Création de l'environnement Jinja
-ENV = Environment(loader=FileSystemLoader('.'))
+    if os.path.isfile('aliases_local'): #  if a local aliases file exist, add it's content at the beginning
+        local = open('aliases_local','r')
+        for line in local.readlines():
+            fichier.write(line)
+        local.close()
 
-# Import du fichier template dans une variable "template"
-template = ENV.get_template("templates/hp_test.tpl")
+    fichier.write(aliases_rendered)
+    fichier.close()
 
-# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
-conf = template.render(switch=all_switchs[2])
+    call(["/usr/bin/newaliases"]) #  Update the aliases config file
+    call(["postfix", "reload"]) #  force the reloading now
 
-print(all_switchs[2])
-print(conf)
+for service in api_client.list("services/regen/"):
+    if service['hostname'] == client_hostname and \
+        service['service_name'] == 'mail-server' and \
+        service['need_regen']:
+        generate(api_client)
+        api_client.patch(service['api_url'], data={'need_regen': False})

templates/hp_test.tpl

@@ -1,86 +0,0 @@
-; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }}
-
-hostname "{{ switch.short_name }}"
-; Generated on {{ date_gen }} by re2o
-;--- Snmp ---
-snmp-server contact "root@crans.org"
-snmp-server location "{{ switch.switchbay.name }}"
-;A faire à la main
-snmpv3 enable
-snmpv3 restricted-access
-;snmpv3 user "initial"
-snmpv3 user "crans"
-snmpv3 group ManagerPriv user "crans" sec-model ver3
-snmp-server community "public" Operator
-timesync sntp
-sntp unicast
-;--- Misc ---
-console inactivity-timer 30
-;--- IP du switch ---
-no ip default-gateway
-;--- Accès d'administration ---
-no telnet-server
-no web-management
-aaa authentication ssh login public-key none
-aaa authentication ssh enable public-key none
-ip ssh
-ip ssh filetransfer
-ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
-{%- if switch.subnet6 %}
-ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
-{%- endif %}
-;--- Protection contre les boucles ---
-loop-protect disable-timer 30
-loop-protect transmit-interval 3
-radius-server dyn-autz-port 3799
-;--- Filtrage mac ---
-aaa port-access mac-based addr-format multi-colon
-;--- Bricoles ---
-no cdp run
-dhcp-snooping
-;--- Config des prises ---
-{%- for port in switch.ports %}
-{%- if port.get_port_profil.radius_type == "802.1X" %}
-aaa port-access authenticator {{ port.port }}
-{%- if port.get_port_profil.mac_limit %}
-aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
-{%- endif %}
-aaa port-access authenticator {{ port.port }} logoff-period 3600
-{%- endif %}
-{%- if port.get_port_profil.radius_type == "MAC-radius" %}
-aaa port-access mac-based {{ port.port }}
-{%- if port.get_port_profil.mac_limit %}
-aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
-{%- endif %}
-aaa port-access mac-based {{ port.port }} logoff-period 3600
-aaa port-access mac-based {{ port.port }} unauth-vid 1
-{%- endif %}
-interface {{ port.port }}
-   {%- if port.state %}
-   enable
-   {%- else %}
-   disable
-   {%- endif %}
-   name "{{ port.port }}"
-   {%- if port.get_port_profil.flow_control %}
-   flow control
-   {%- endif %}
-   {%- if not port.get_port_profil.dhcp_snooping %}
-   dhcp-snooping trust
-   {%- endif %}
-   {%- if not port.get_port_profil.arp_protect %}
-   arp-protect trust
-   {%- endif %}
-   {%- if not port.get_port_profil.dhcpv6_snooping %}
-   dhcpv6-snooping trust
-   {%- endif %}
-   no lacp
-exit
-{%- endfor %}
-;--- Configuration comptabilisation RADIUS ---
-aaa accounting network start-stop radius
-aaa accounting session-id unique
-aaa accounting update periodic 240
-;--- Filtre de protocole ---
-filter multicast 01005e0000fb drop all
-filter multicast 3333000000fb drop all

templates/list

@@ -0,0 +1,12 @@
+# Liste d'association alias:addresse des users
+ 
+ 
+{%  for user in data -%}
+{%- for alias in user.email_address -%}
+{%- if user.local_email_redirect -%}
+{{ alias.local_part }}:{{ user.email }}
+{%- else -%}
+{{ alias.local_part }}:{{ alias.user }}
+{% endif %}
+{%- endfor -%}
+{%- endfor -%}