Debut de conf , templates de switchs hp
This commit is contained in:
chirac
parent
979accb43f
commit
a9ccc6ae82
2 changed files with 102 additions and 31 deletions
47
main.py
47
main.py
|
|
@ -4,6 +4,8 @@ import socket
|
|||
|
||||
from re2oapi import Re2oAPIClient
|
||||
|
||||
from jinja2 import Environment, FileSystemLoader
|
||||
|
||||
config = ConfigParser()
|
||||
config.read('config.ini')
|
||||
|
||||
|
|
@ -11,40 +13,23 @@ api_hostname = config.get('Re2o', 'hostname')
|
|||
api_password = config.get('Re2o', 'password')
|
||||
api_username = config.get('Re2o', 'username')
|
||||
|
||||
def regen_dhcp(api_client):
|
||||
host_mac_ip = {}
|
||||
|
||||
for hmi in api_client.list("dhcp/hostmacip/"):
|
||||
if hmi['extension'] not in host_mac_ip.keys():
|
||||
host_mac_ip[hmi['extension']] = []
|
||||
host_mac_ip[hmi['extension']].append((hmi['hostname'],
|
||||
hmi['mac_address'],
|
||||
hmi['ipv4']))
|
||||
|
||||
template = ("host {hostname}{extension} {{\n"
|
||||
" hardware ethernet {mac_address};\n"
|
||||
" fixed-address {ipv4};\n"
|
||||
"}}")
|
||||
|
||||
for extension, hmi_list in host_mac_ip.items():
|
||||
dhcp_leases_content = '\n\n'.join(template.format(
|
||||
hostname=hostname,
|
||||
extension=extension,
|
||||
mac_address=mac_address,
|
||||
ipv4=ipv4
|
||||
) for hostname, mac_address, ipv4 in hmi_list)
|
||||
|
||||
filename = 'dhcp{extension}.list'.format(extension=extension)
|
||||
with open(filename, 'w+') as f:
|
||||
f.write(dhcp_leases_content)
|
||||
|
||||
api_client = Re2oAPIClient(api_hostname, api_username, api_password)
|
||||
|
||||
client_hostname = socket.gethostname().split('.', 1)[0]
|
||||
|
||||
for service in api_client.list("services/regen"):
|
||||
#if service['hostname'] == client_hostname and \
|
||||
# service['service_name'] == 'dhcp' and \
|
||||
# service['need_regen']:
|
||||
regen_dhcp(api_client)
|
||||
api_client.patch(service['api_url'], data={'need_regen': False})
|
||||
all_switchs = api_client.list("switchs/ports-config/")
|
||||
|
||||
|
||||
# Création de l'environnement Jinja
|
||||
ENV = Environment(loader=FileSystemLoader('.'))
|
||||
|
||||
# Import du fichier template dans une variable "template"
|
||||
template = ENV.get_template("templates/hp_test.tpl")
|
||||
|
||||
# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
|
||||
conf = template.render(switch=all_switchs[2])
|
||||
|
||||
print(all_switchs[2])
|
||||
print(conf)
|
||||
|
|
|
|||
86
templates/hp_test.tpl
Normal file
86
templates/hp_test.tpl
Normal file
|
|
@ -0,0 +1,86 @@
|
|||
; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }}
|
||||
|
||||
hostname "{{ switch.short_name }}"
|
||||
; Generated on {{ date_gen }} by re2o
|
||||
;--- Snmp ---
|
||||
snmp-server contact "root@crans.org"
|
||||
snmp-server location "{{ switch.switchbay.name }}"
|
||||
;A faire à la main
|
||||
snmpv3 enable
|
||||
snmpv3 restricted-access
|
||||
;snmpv3 user "initial"
|
||||
snmpv3 user "crans"
|
||||
snmpv3 group ManagerPriv user "crans" sec-model ver3
|
||||
snmp-server community "public" Operator
|
||||
timesync sntp
|
||||
sntp unicast
|
||||
;--- Misc ---
|
||||
console inactivity-timer 30
|
||||
;--- IP du switch ---
|
||||
no ip default-gateway
|
||||
;--- Accès d'administration ---
|
||||
no telnet-server
|
||||
no web-management
|
||||
aaa authentication ssh login public-key none
|
||||
aaa authentication ssh enable public-key none
|
||||
ip ssh
|
||||
ip ssh filetransfer
|
||||
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
|
||||
{%- if switch.subnet6 %}
|
||||
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
|
||||
{%- endif %}
|
||||
;--- Protection contre les boucles ---
|
||||
loop-protect disable-timer 30
|
||||
loop-protect transmit-interval 3
|
||||
radius-server dyn-autz-port 3799
|
||||
;--- Filtrage mac ---
|
||||
aaa port-access mac-based addr-format multi-colon
|
||||
;--- Bricoles ---
|
||||
no cdp run
|
||||
dhcp-snooping
|
||||
;--- Config des prises ---
|
||||
{%- for port in switch.ports %}
|
||||
{%- if port.get_port_profil.radius_type == "802.1X" %}
|
||||
aaa port-access authenticator {{ port.port }}
|
||||
{%- if port.get_port_profil.mac_limit %}
|
||||
aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
|
||||
{%- endif %}
|
||||
aaa port-access authenticator {{ port.port }} logoff-period 3600
|
||||
{%- endif %}
|
||||
{%- if port.get_port_profil.radius_type == "MAC-radius" %}
|
||||
aaa port-access mac-based {{ port.port }}
|
||||
{%- if port.get_port_profil.mac_limit %}
|
||||
aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
|
||||
{%- endif %}
|
||||
aaa port-access mac-based {{ port.port }} logoff-period 3600
|
||||
aaa port-access mac-based {{ port.port }} unauth-vid 1
|
||||
{%- endif %}
|
||||
interface {{ port.port }}
|
||||
{%- if port.state %}
|
||||
enable
|
||||
{%- else %}
|
||||
disable
|
||||
{%- endif %}
|
||||
name "{{ port.port }}"
|
||||
{%- if port.get_port_profil.flow_control %}
|
||||
flow control
|
||||
{%- endif %}
|
||||
{%- if not port.get_port_profil.dhcp_snooping %}
|
||||
dhcp-snooping trust
|
||||
{%- endif %}
|
||||
{%- if not port.get_port_profil.arp_protect %}
|
||||
arp-protect trust
|
||||
{%- endif %}
|
||||
{%- if not port.get_port_profil.dhcpv6_snooping %}
|
||||
dhcpv6-snooping trust
|
||||
{%- endif %}
|
||||
no lacp
|
||||
exit
|
||||
{%- endfor %}
|
||||
;--- Configuration comptabilisation RADIUS ---
|
||||
aaa accounting network start-stop radius
|
||||
aaa accounting session-id unique
|
||||
aaa accounting update periodic 240
|
||||
;--- Filtre de protocole ---
|
||||
filter multicast 01005e0000fb drop all
|
||||
filter multicast 3333000000fb drop all
|
||||
Loading…
Reference in a new issue