working version
This commit is contained in:
commit
a6abe24418
6 changed files with 48 additions and 100 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,4 +1,5 @@
|
||||||
config.ini
|
config.ini
|
||||||
**/__pycache__/**
|
**/__pycache__/**
|
||||||
**.list
|
**.list
|
||||||
|
generated/*
|
||||||
aliases_local
|
aliases_local
|
||||||
|
|
2
.gitmodules
vendored
2
.gitmodules
vendored
|
@ -1,3 +1,3 @@
|
||||||
[submodule "re2oapi"]
|
[submodule "re2oapi"]
|
||||||
path = re2oapi
|
path = re2oapi
|
||||||
url = https://gitlab.crans.org/nounous/re2o-re2oapi.git
|
url = https://gitlab.crans.org/nounous/re2o-re2oapi.git
|
||||||
|
|
|
@ -1,9 +1,12 @@
|
||||||
## Re2o - DHCP
|
## Re2o - Switchs config
|
||||||
|
|
||||||
This service uses Re2o API to generate DHCP leases files
|
This service uses Re2o API to generate Swicths config files
|
||||||
|
|
||||||
|
More info on https://gitlab.federez.net/re2o/switchs/wikis/home
|
||||||
|
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
* python3
|
* python3
|
||||||
|
* python3-jinja2
|
||||||
|
* python3-json
|
||||||
* requirements in https://gitlab.federez.net/re2o/re2oapi
|
* requirements in https://gitlab.federez.net/re2o/re2oapi
|
||||||
|
|
40
main.py
40
main.py
|
@ -6,6 +6,12 @@ from re2oapi import Re2oAPIClient
|
||||||
|
|
||||||
from jinja2 import Environment, FileSystemLoader
|
from jinja2 import Environment, FileSystemLoader
|
||||||
|
|
||||||
|
import requests
|
||||||
|
import base64
|
||||||
|
import json
|
||||||
|
from subprocess import call
|
||||||
|
import os.path
|
||||||
|
|
||||||
config = ConfigParser()
|
config = ConfigParser()
|
||||||
config.read('config.ini')
|
config.read('config.ini')
|
||||||
|
|
||||||
|
@ -13,23 +19,35 @@ api_hostname = config.get('Re2o', 'hostname')
|
||||||
api_password = config.get('Re2o', 'password')
|
api_password = config.get('Re2o', 'password')
|
||||||
api_username = config.get('Re2o', 'username')
|
api_username = config.get('Re2o', 'username')
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
api_client = Re2oAPIClient(api_hostname, api_username, api_password)
|
api_client = Re2oAPIClient(api_hostname, api_username, api_password)
|
||||||
|
|
||||||
client_hostname = socket.gethostname().split('.', 1)[0]
|
client_hostname = socket.gethostname().split('.', 1)[0]
|
||||||
|
|
||||||
all_switchs = api_client.list("switchs/ports-config/")
|
|
||||||
|
|
||||||
|
def generate(api_client):
|
||||||
|
all_users = api_client.list("localemail/users")
|
||||||
|
# Création de l'environnement Jinja
|
||||||
|
env = Environment(loader=FileSystemLoader('.'))
|
||||||
|
template = env.get_template('templates/list')
|
||||||
|
aliases_rendered = template.render(data=all_users)
|
||||||
|
|
||||||
# Création de l'environnement Jinja
|
fichier = open('generated/aliases','w')
|
||||||
ENV = Environment(loader=FileSystemLoader('.'))
|
|
||||||
|
|
||||||
# Import du fichier template dans une variable "template"
|
if os.path.isfile('aliases_local'): # if a local aliases file exist, add it's content at the beginning
|
||||||
template = ENV.get_template("templates/hp_test.tpl")
|
local = open('aliases_local','r')
|
||||||
|
for line in local.readlines():
|
||||||
|
fichier.write(line)
|
||||||
|
local.close()
|
||||||
|
|
||||||
# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
|
fichier.write(aliases_rendered)
|
||||||
conf = template.render(switch=all_switchs[2])
|
fichier.close()
|
||||||
|
|
||||||
print(all_switchs[2])
|
call(["/usr/bin/newaliases"]) # Update the aliases config file
|
||||||
print(conf)
|
call(["postfix", "reload"]) # force the reloading now
|
||||||
|
|
||||||
|
for service in api_client.list("services/regen/"):
|
||||||
|
if service['hostname'] == client_hostname and \
|
||||||
|
service['service_name'] == 'mail-server' and \
|
||||||
|
service['need_regen']:
|
||||||
|
generate(api_client)
|
||||||
|
api_client.patch(service['api_url'], data={'need_regen': False})
|
||||||
|
|
|
@ -1,86 +0,0 @@
|
||||||
; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }}
|
|
||||||
|
|
||||||
hostname "{{ switch.short_name }}"
|
|
||||||
; Generated on {{ date_gen }} by re2o
|
|
||||||
;--- Snmp ---
|
|
||||||
snmp-server contact "root@crans.org"
|
|
||||||
snmp-server location "{{ switch.switchbay.name }}"
|
|
||||||
;A faire à la main
|
|
||||||
snmpv3 enable
|
|
||||||
snmpv3 restricted-access
|
|
||||||
;snmpv3 user "initial"
|
|
||||||
snmpv3 user "crans"
|
|
||||||
snmpv3 group ManagerPriv user "crans" sec-model ver3
|
|
||||||
snmp-server community "public" Operator
|
|
||||||
timesync sntp
|
|
||||||
sntp unicast
|
|
||||||
;--- Misc ---
|
|
||||||
console inactivity-timer 30
|
|
||||||
;--- IP du switch ---
|
|
||||||
no ip default-gateway
|
|
||||||
;--- Accès d'administration ---
|
|
||||||
no telnet-server
|
|
||||||
no web-management
|
|
||||||
aaa authentication ssh login public-key none
|
|
||||||
aaa authentication ssh enable public-key none
|
|
||||||
ip ssh
|
|
||||||
ip ssh filetransfer
|
|
||||||
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
|
|
||||||
{%- if switch.subnet6 %}
|
|
||||||
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
|
|
||||||
{%- endif %}
|
|
||||||
;--- Protection contre les boucles ---
|
|
||||||
loop-protect disable-timer 30
|
|
||||||
loop-protect transmit-interval 3
|
|
||||||
radius-server dyn-autz-port 3799
|
|
||||||
;--- Filtrage mac ---
|
|
||||||
aaa port-access mac-based addr-format multi-colon
|
|
||||||
;--- Bricoles ---
|
|
||||||
no cdp run
|
|
||||||
dhcp-snooping
|
|
||||||
;--- Config des prises ---
|
|
||||||
{%- for port in switch.ports %}
|
|
||||||
{%- if port.get_port_profil.radius_type == "802.1X" %}
|
|
||||||
aaa port-access authenticator {{ port.port }}
|
|
||||||
{%- if port.get_port_profil.mac_limit %}
|
|
||||||
aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
|
|
||||||
{%- endif %}
|
|
||||||
aaa port-access authenticator {{ port.port }} logoff-period 3600
|
|
||||||
{%- endif %}
|
|
||||||
{%- if port.get_port_profil.radius_type == "MAC-radius" %}
|
|
||||||
aaa port-access mac-based {{ port.port }}
|
|
||||||
{%- if port.get_port_profil.mac_limit %}
|
|
||||||
aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
|
|
||||||
{%- endif %}
|
|
||||||
aaa port-access mac-based {{ port.port }} logoff-period 3600
|
|
||||||
aaa port-access mac-based {{ port.port }} unauth-vid 1
|
|
||||||
{%- endif %}
|
|
||||||
interface {{ port.port }}
|
|
||||||
{%- if port.state %}
|
|
||||||
enable
|
|
||||||
{%- else %}
|
|
||||||
disable
|
|
||||||
{%- endif %}
|
|
||||||
name "{{ port.port }}"
|
|
||||||
{%- if port.get_port_profil.flow_control %}
|
|
||||||
flow control
|
|
||||||
{%- endif %}
|
|
||||||
{%- if not port.get_port_profil.dhcp_snooping %}
|
|
||||||
dhcp-snooping trust
|
|
||||||
{%- endif %}
|
|
||||||
{%- if not port.get_port_profil.arp_protect %}
|
|
||||||
arp-protect trust
|
|
||||||
{%- endif %}
|
|
||||||
{%- if not port.get_port_profil.dhcpv6_snooping %}
|
|
||||||
dhcpv6-snooping trust
|
|
||||||
{%- endif %}
|
|
||||||
no lacp
|
|
||||||
exit
|
|
||||||
{%- endfor %}
|
|
||||||
;--- Configuration comptabilisation RADIUS ---
|
|
||||||
aaa accounting network start-stop radius
|
|
||||||
aaa accounting session-id unique
|
|
||||||
aaa accounting update periodic 240
|
|
||||||
;--- Filtre de protocole ---
|
|
||||||
filter multicast 01005e0000fb drop all
|
|
||||||
filter multicast 3333000000fb drop all
|
|
12
templates/list
Normal file
12
templates/list
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
# Liste d'association alias:addresse des users
|
||||||
|
|
||||||
|
|
||||||
|
{% for user in data -%}
|
||||||
|
{%- for alias in user.email_address -%}
|
||||||
|
{%- if user.local_email_redirect -%}
|
||||||
|
{{ alias.local_part }}:{{ user.email }}
|
||||||
|
{%- else -%}
|
||||||
|
{{ alias.local_part }}:{{ alias.user }}
|
||||||
|
{% endif %}
|
||||||
|
{%- endfor -%}
|
||||||
|
{%- endfor -%}
|
Loading…
Reference in a new issue