Utilise les réglages roles et topologie option pour reconfig les switchs

6 years ago · 3d7c9d98be
parent 7d7c7f2f13
commit 3d7c9d98be
2 changed files with 22 additions and 38 deletions
--- a/main.py
+++ b/main.py
@ -34,7 +34,7 @@ class Switch:
    def __init__(self):
        self.additionnal = None
        self.all_vlans = api_client.list("machines/vlan/")
-        self.all_roles = api_client.list("machines/role/")
+        self.settings = api_client.view("preferences/optionaltopologie/")
        # Import du fichier template dans une variable "template"
        self.hp_tpl = ENV.get_template("templates/hp.tpl")
        self.conf = None
@ -75,20 +75,16 @@ class Switch:
        dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["dhcpv6_snooping"]]
        igmp_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["igmp"]]
        mld_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["mld"]]
-        ntp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "ntp-server"][0]
-        log_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "log-server"][0]
-        dhcp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "dhcp"][0]
-        radius_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "radius-server"][0]
        ra_guarded = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['ra_guard']]
        loop_protected = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['loop_protect']]

-        self.additionals =  {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers, 'dhcp_servers' : dhcp_servers, 'radius_servers' : radius_servers, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans}
+        self.additionals =  {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans}


    def gen_conf_hp(self):
        """Génère la config pour ce switch hp"""
        self.preprocess_hp()
-        self.conf = self.hp_tpl.render(switch=self.switch, additionals=self.additionals)
+        self.conf = self.hp_tpl.render(switch=self.switch, settings=self.settings, additionals=self.additionals)

    def check_and_get_login(self):
        """Récupère les login/mdp du switch, renvoie false si ils sont indisponibles"""
@ -119,7 +115,7 @@ class Switch:
            "tftp_server_address": {"server_address":
                {"ip_address":
                    {"version":"IAV_IP_V4",
-                     "octets":"10.231.100.249"}}},
+                     "octets":self.settings["switchs_management_interface_ip"]}}},
        }
        # Nous lançons la requête de type POST.
        post_restore = requests.post(url_restore, data=json.dumps(data), headers=self.headers)
--- a/templates/hp.tpl
+++ b/templates/hp.tpl
@ -15,30 +15,22 @@ snmp-server community "public" Operator
 ;--- Heure/date
 time timezone 60
 time daylight-time-rule Western-Europe
-{%- for server in additionals.ntp_servers %}
-{%- for interface in server.interface %}
-{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
-sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
-{%- if interface.ipv6 %}
-sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
-{%- endif %}
-{%- endif %}
+{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %}
+sntp server priority {{ loop.index }} {{ ipv4 }} 4
 {%- endfor %}
+{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %}
+sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4
 {%- endfor %}
 timesync sntp
 sntp unicast
 ;--- Misc ---
 console inactivity-timer 30
 ;--- Logs ---
-{%- for server in additionals.log_servers %}
-{%- for interface in server.interface %}
-{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
-logging {{ interface.ipv4 }}
-{%- if interface.ipv6 %}
-logging {{ interface.ipv6.0.ipv6 }}
-{%- endif %}
-{%- endif %}
+{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %}
+logging {{ ipv4 }}
 {%- endfor %}
+{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %}
+logging {{ ipv6 }}
 {%- endfor %}
 ;--- IP du switch ---
 no ip default-gateway
@ -92,9 +84,11 @@ aaa authentication ssh login public-key none
 aaa authentication ssh enable public-key none
 ip ssh
 ip ssh filetransfer
-ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
-{%- if switch.subnet6 %}
-ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
+{%- if settings.switchs_management_utils.subnet %}
+ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager
+{%- endif %}
+{%- if settings.switchs_management_utils.subnet6 %}
+ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager
 {%- endif %}
 {%- if additionals.loop_protected %}
 ;--- Protection contre les boucles ---
@ -104,13 +98,9 @@ loop-protect {{ additionals.loop_protected|join(',') }}
 {%- endif %}
 ;--- Serveurs Radius 
 radius-server dead-time 2
-{%- for server in additionals.radius_servers %}
-{%- for interface in server.interface %}
-{%- if switch.subnet.0.vlan_id == interface.vlan_id %}
-radius-server host {{ interface.ipv4 }} key "{{ switch.get_radius_key_value }}"
-radius-server host {{ interface.ipv4 }} dyn-authorization
-{%- endif %}
-{%- endfor %}
+{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %}
+radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}"
+radius-server host {{ ipv4 }} dyn-authorization
 {%- endfor %}
 radius-server dyn-autz-port 3799
 ;--- Filtrage mac ---
@ -119,10 +109,8 @@ aaa port-access mac-based addr-format multi-colon
 no cdp run
 {%- if additionals.dhcp_snooping_vlans %}
 ;--- DHCP Snooping ---
-{%- for server in additionals.dhcp_servers %}
-{%- for interface in server.interface %}
-dhcp-snooping authorized-server {{ interface.ipv4 }}
-{%- endfor %}
+{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %}
+dhcp-snooping authorized-server {{ ipv4 }}
 {%- endfor %}
 dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
 dhcp-snooping