Debut de conf , templates de switchs hp
This commit is contained in:
parent
979accb43f
commit
a9ccc6ae82
2 changed files with 102 additions and 31 deletions
47
main.py
47
main.py
|
@ -4,6 +4,8 @@ import socket
|
||||||
|
|
||||||
from re2oapi import Re2oAPIClient
|
from re2oapi import Re2oAPIClient
|
||||||
|
|
||||||
|
from jinja2 import Environment, FileSystemLoader
|
||||||
|
|
||||||
config = ConfigParser()
|
config = ConfigParser()
|
||||||
config.read('config.ini')
|
config.read('config.ini')
|
||||||
|
|
||||||
|
@ -11,40 +13,23 @@ api_hostname = config.get('Re2o', 'hostname')
|
||||||
api_password = config.get('Re2o', 'password')
|
api_password = config.get('Re2o', 'password')
|
||||||
api_username = config.get('Re2o', 'username')
|
api_username = config.get('Re2o', 'username')
|
||||||
|
|
||||||
def regen_dhcp(api_client):
|
|
||||||
host_mac_ip = {}
|
|
||||||
|
|
||||||
for hmi in api_client.list("dhcp/hostmacip/"):
|
|
||||||
if hmi['extension'] not in host_mac_ip.keys():
|
|
||||||
host_mac_ip[hmi['extension']] = []
|
|
||||||
host_mac_ip[hmi['extension']].append((hmi['hostname'],
|
|
||||||
hmi['mac_address'],
|
|
||||||
hmi['ipv4']))
|
|
||||||
|
|
||||||
template = ("host {hostname}{extension} {{\n"
|
|
||||||
" hardware ethernet {mac_address};\n"
|
|
||||||
" fixed-address {ipv4};\n"
|
|
||||||
"}}")
|
|
||||||
|
|
||||||
for extension, hmi_list in host_mac_ip.items():
|
|
||||||
dhcp_leases_content = '\n\n'.join(template.format(
|
|
||||||
hostname=hostname,
|
|
||||||
extension=extension,
|
|
||||||
mac_address=mac_address,
|
|
||||||
ipv4=ipv4
|
|
||||||
) for hostname, mac_address, ipv4 in hmi_list)
|
|
||||||
|
|
||||||
filename = 'dhcp{extension}.list'.format(extension=extension)
|
|
||||||
with open(filename, 'w+') as f:
|
|
||||||
f.write(dhcp_leases_content)
|
|
||||||
|
|
||||||
api_client = Re2oAPIClient(api_hostname, api_username, api_password)
|
api_client = Re2oAPIClient(api_hostname, api_username, api_password)
|
||||||
|
|
||||||
client_hostname = socket.gethostname().split('.', 1)[0]
|
client_hostname = socket.gethostname().split('.', 1)[0]
|
||||||
|
|
||||||
for service in api_client.list("services/regen"):
|
all_switchs = api_client.list("switchs/ports-config/")
|
||||||
#if service['hostname'] == client_hostname and \
|
|
||||||
# service['service_name'] == 'dhcp' and \
|
|
||||||
# service['need_regen']:
|
# Création de l'environnement Jinja
|
||||||
regen_dhcp(api_client)
|
ENV = Environment(loader=FileSystemLoader('.'))
|
||||||
api_client.patch(service['api_url'], data={'need_regen': False})
|
|
||||||
|
# Import du fichier template dans une variable "template"
|
||||||
|
template = ENV.get_template("templates/hp_test.tpl")
|
||||||
|
|
||||||
|
# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
|
||||||
|
conf = template.render(switch=all_switchs[2])
|
||||||
|
|
||||||
|
print(all_switchs[2])
|
||||||
|
print(conf)
|
||||||
|
|
86
templates/hp_test.tpl
Normal file
86
templates/hp_test.tpl
Normal file
|
@ -0,0 +1,86 @@
|
||||||
|
; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }}
|
||||||
|
|
||||||
|
hostname "{{ switch.short_name }}"
|
||||||
|
; Generated on {{ date_gen }} by re2o
|
||||||
|
;--- Snmp ---
|
||||||
|
snmp-server contact "root@crans.org"
|
||||||
|
snmp-server location "{{ switch.switchbay.name }}"
|
||||||
|
;A faire à la main
|
||||||
|
snmpv3 enable
|
||||||
|
snmpv3 restricted-access
|
||||||
|
;snmpv3 user "initial"
|
||||||
|
snmpv3 user "crans"
|
||||||
|
snmpv3 group ManagerPriv user "crans" sec-model ver3
|
||||||
|
snmp-server community "public" Operator
|
||||||
|
timesync sntp
|
||||||
|
sntp unicast
|
||||||
|
;--- Misc ---
|
||||||
|
console inactivity-timer 30
|
||||||
|
;--- IP du switch ---
|
||||||
|
no ip default-gateway
|
||||||
|
;--- Accès d'administration ---
|
||||||
|
no telnet-server
|
||||||
|
no web-management
|
||||||
|
aaa authentication ssh login public-key none
|
||||||
|
aaa authentication ssh enable public-key none
|
||||||
|
ip ssh
|
||||||
|
ip ssh filetransfer
|
||||||
|
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
|
||||||
|
{%- if switch.subnet6 %}
|
||||||
|
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
|
||||||
|
{%- endif %}
|
||||||
|
;--- Protection contre les boucles ---
|
||||||
|
loop-protect disable-timer 30
|
||||||
|
loop-protect transmit-interval 3
|
||||||
|
radius-server dyn-autz-port 3799
|
||||||
|
;--- Filtrage mac ---
|
||||||
|
aaa port-access mac-based addr-format multi-colon
|
||||||
|
;--- Bricoles ---
|
||||||
|
no cdp run
|
||||||
|
dhcp-snooping
|
||||||
|
;--- Config des prises ---
|
||||||
|
{%- for port in switch.ports %}
|
||||||
|
{%- if port.get_port_profil.radius_type == "802.1X" %}
|
||||||
|
aaa port-access authenticator {{ port.port }}
|
||||||
|
{%- if port.get_port_profil.mac_limit %}
|
||||||
|
aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
|
||||||
|
{%- endif %}
|
||||||
|
aaa port-access authenticator {{ port.port }} logoff-period 3600
|
||||||
|
{%- endif %}
|
||||||
|
{%- if port.get_port_profil.radius_type == "MAC-radius" %}
|
||||||
|
aaa port-access mac-based {{ port.port }}
|
||||||
|
{%- if port.get_port_profil.mac_limit %}
|
||||||
|
aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
|
||||||
|
{%- endif %}
|
||||||
|
aaa port-access mac-based {{ port.port }} logoff-period 3600
|
||||||
|
aaa port-access mac-based {{ port.port }} unauth-vid 1
|
||||||
|
{%- endif %}
|
||||||
|
interface {{ port.port }}
|
||||||
|
{%- if port.state %}
|
||||||
|
enable
|
||||||
|
{%- else %}
|
||||||
|
disable
|
||||||
|
{%- endif %}
|
||||||
|
name "{{ port.port }}"
|
||||||
|
{%- if port.get_port_profil.flow_control %}
|
||||||
|
flow control
|
||||||
|
{%- endif %}
|
||||||
|
{%- if not port.get_port_profil.dhcp_snooping %}
|
||||||
|
dhcp-snooping trust
|
||||||
|
{%- endif %}
|
||||||
|
{%- if not port.get_port_profil.arp_protect %}
|
||||||
|
arp-protect trust
|
||||||
|
{%- endif %}
|
||||||
|
{%- if not port.get_port_profil.dhcpv6_snooping %}
|
||||||
|
dhcpv6-snooping trust
|
||||||
|
{%- endif %}
|
||||||
|
no lacp
|
||||||
|
exit
|
||||||
|
{%- endfor %}
|
||||||
|
;--- Configuration comptabilisation RADIUS ---
|
||||||
|
aaa accounting network start-stop radius
|
||||||
|
aaa accounting session-id unique
|
||||||
|
aaa accounting update periodic 240
|
||||||
|
;--- Filtre de protocole ---
|
||||||
|
filter multicast 01005e0000fb drop all
|
||||||
|
filter multicast 3333000000fb drop all
|
Loading…
Reference in a new issue