From 3d7c9d98be772fa52e10d867e6817fb67a0857a4 Mon Sep 17 00:00:00 2001 From: chirac Date: Wed, 11 Jul 2018 23:58:16 +0200 Subject: [PATCH] =?UTF-8?q?Utilise=20les=20r=C3=A9glages=20roles=20et=20to?= =?UTF-8?q?pologie=20option=20pour=20reconfig=20les=20switchs?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- main.py | 12 ++++-------- templates/hp.tpl | 48 ++++++++++++++++++------------------------------ 2 files changed, 22 insertions(+), 38 deletions(-) diff --git a/main.py b/main.py index 63a5416..4d71553 100755 --- a/main.py +++ b/main.py @@ -34,7 +34,7 @@ class Switch: def __init__(self): self.additionnal = None self.all_vlans = api_client.list("machines/vlan/") - self.all_roles = api_client.list("machines/role/") + self.settings = api_client.view("preferences/optionaltopologie/") # Import du fichier template dans une variable "template" self.hp_tpl = ENV.get_template("templates/hp.tpl") self.conf = None @@ -75,20 +75,16 @@ class Switch: dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["dhcpv6_snooping"]] igmp_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["igmp"]] mld_vlans = [vlan["vlan_id"] for vlan in self.all_vlans if vlan["mld"]] - ntp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "ntp-server"][0] - log_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "log-server"][0] - dhcp_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "dhcp"][0] - radius_servers = [server["servers"] for server in self.all_roles if server["role_type"] == "radius-server"][0] ra_guarded = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['ra_guard']] loop_protected = [str(port['port']) for port in self.switch['ports'] if port['get_port_profil']['loop_protect']] - self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers, 'dhcp_servers' : dhcp_servers, 'radius_servers' : radius_servers, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans} + self.additionals = {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'igmp_vlans' : igmp_vlans, 'mld_vlans': mld_vlans} def gen_conf_hp(self): """Génère la config pour ce switch hp""" self.preprocess_hp() - self.conf = self.hp_tpl.render(switch=self.switch, additionals=self.additionals) + self.conf = self.hp_tpl.render(switch=self.switch, settings=self.settings, additionals=self.additionals) def check_and_get_login(self): """Récupère les login/mdp du switch, renvoie false si ils sont indisponibles""" @@ -119,7 +115,7 @@ class Switch: "tftp_server_address": {"server_address": {"ip_address": {"version":"IAV_IP_V4", - "octets":"10.231.100.249"}}}, + "octets":self.settings["switchs_management_interface_ip"]}}}, } # Nous lançons la requête de type POST. post_restore = requests.post(url_restore, data=json.dumps(data), headers=self.headers) diff --git a/templates/hp.tpl b/templates/hp.tpl index 72b1463..98150cc 100644 --- a/templates/hp.tpl +++ b/templates/hp.tpl @@ -15,30 +15,22 @@ snmp-server community "public" Operator ;--- Heure/date time timezone 60 time daylight-time-rule Western-Europe -{%- for server in additionals.ntp_servers %} -{%- for interface in server.interface %} -{%- if switch.subnet.0.vlan_id == interface.vlan_id %} -sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4 -{%- if interface.ipv6 %} -sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4 -{%- endif %} -{%- endif %} +{%- for ipv4 in settings.switchs_management_utils.ntp_servers.ipv4 %} +sntp server priority {{ loop.index }} {{ ipv4 }} 4 {%- endfor %} +{%- for ipv6 in settings.switchs_management_utils.ntp_servers.ipv6 %} +sntp server priority {{ loop.index + settings.switchs_management_utils.ntp_servers.ipv4|length }} {{ ipv6 }} 4 {%- endfor %} timesync sntp sntp unicast ;--- Misc --- console inactivity-timer 30 ;--- Logs --- -{%- for server in additionals.log_servers %} -{%- for interface in server.interface %} -{%- if switch.subnet.0.vlan_id == interface.vlan_id %} -logging {{ interface.ipv4 }} -{%- if interface.ipv6 %} -logging {{ interface.ipv6.0.ipv6 }} -{%- endif %} -{%- endif %} +{%- for ipv4 in settings.switchs_management_utils.log_servers.ipv4 %} +logging {{ ipv4 }} {%- endfor %} +{%- for ipv6 in settings.switchs_management_utils.log_servers.ipv6 %} +logging {{ ipv6 }} {%- endfor %} ;--- IP du switch --- no ip default-gateway @@ -92,9 +84,11 @@ aaa authentication ssh login public-key none aaa authentication ssh enable public-key none ip ssh ip ssh filetransfer -ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager -{%- if switch.subnet6 %} -ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager +{%- if settings.switchs_management_utils.subnet %} +ip authorized-managers {{ settings.switchs_management_utils.subnet.0.network }} {{ settings.switchs_management_utils.subnet.0.netmask }} access manager +{%- endif %} +{%- if settings.switchs_management_utils.subnet6 %} +ipv6 authorized-managers {{ settings.switchs_management_utils.subnet6.network }} {{ settings.switchs_management_utils.subnet6.netmask }} access manager {%- endif %} {%- if additionals.loop_protected %} ;--- Protection contre les boucles --- @@ -104,13 +98,9 @@ loop-protect {{ additionals.loop_protected|join(',') }} {%- endif %} ;--- Serveurs Radius radius-server dead-time 2 -{%- for server in additionals.radius_servers %} -{%- for interface in server.interface %} -{%- if switch.subnet.0.vlan_id == interface.vlan_id %} -radius-server host {{ interface.ipv4 }} key "{{ switch.get_radius_key_value }}" -radius-server host {{ interface.ipv4 }} dyn-authorization -{%- endif %} -{%- endfor %} +{%- for ipv4 in settings.switchs_management_utils.radius_servers.ipv4 %} +radius-server host {{ ipv4 }} key "{{ switch.get_radius_key_value }}" +radius-server host {{ ipv4 }} dyn-authorization {%- endfor %} radius-server dyn-autz-port 3799 ;--- Filtrage mac --- @@ -119,10 +109,8 @@ aaa port-access mac-based addr-format multi-colon no cdp run {%- if additionals.dhcp_snooping_vlans %} ;--- DHCP Snooping --- -{%- for server in additionals.dhcp_servers %} -{%- for interface in server.interface %} -dhcp-snooping authorized-server {{ interface.ipv4 }} -{%- endfor %} +{%- for ipv4 in settings.switchs_management_utils.dhcp_servers.ipv4 %} +dhcp-snooping authorized-server {{ ipv4 }} {%- endfor %} dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }} dhcp-snooping