Debut de conf , templates de switchs hp

This commit is contained in:
chirac 2018-07-02 10:40:45 +02:00
parent 979accb43f
commit a9ccc6ae82
2 changed files with 102 additions and 31 deletions

47
main.py
View file

@ -4,6 +4,8 @@ import socket
from re2oapi import Re2oAPIClient from re2oapi import Re2oAPIClient
from jinja2 import Environment, FileSystemLoader
config = ConfigParser() config = ConfigParser()
config.read('config.ini') config.read('config.ini')
@ -11,40 +13,23 @@ api_hostname = config.get('Re2o', 'hostname')
api_password = config.get('Re2o', 'password') api_password = config.get('Re2o', 'password')
api_username = config.get('Re2o', 'username') api_username = config.get('Re2o', 'username')
def regen_dhcp(api_client):
host_mac_ip = {}
for hmi in api_client.list("dhcp/hostmacip/"):
if hmi['extension'] not in host_mac_ip.keys():
host_mac_ip[hmi['extension']] = []
host_mac_ip[hmi['extension']].append((hmi['hostname'],
hmi['mac_address'],
hmi['ipv4']))
template = ("host {hostname}{extension} {{\n"
" hardware ethernet {mac_address};\n"
" fixed-address {ipv4};\n"
"}}")
for extension, hmi_list in host_mac_ip.items():
dhcp_leases_content = '\n\n'.join(template.format(
hostname=hostname,
extension=extension,
mac_address=mac_address,
ipv4=ipv4
) for hostname, mac_address, ipv4 in hmi_list)
filename = 'dhcp{extension}.list'.format(extension=extension)
with open(filename, 'w+') as f:
f.write(dhcp_leases_content)
api_client = Re2oAPIClient(api_hostname, api_username, api_password) api_client = Re2oAPIClient(api_hostname, api_username, api_password)
client_hostname = socket.gethostname().split('.', 1)[0] client_hostname = socket.gethostname().split('.', 1)[0]
for service in api_client.list("services/regen"): all_switchs = api_client.list("switchs/ports-config/")
#if service['hostname'] == client_hostname and \
# service['service_name'] == 'dhcp' and \
# service['need_regen']: # Création de l'environnement Jinja
regen_dhcp(api_client) ENV = Environment(loader=FileSystemLoader('.'))
api_client.patch(service['api_url'], data={'need_regen': False})
# Import du fichier template dans une variable "template"
template = ENV.get_template("templates/hp_test.tpl")
# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
conf = template.render(switch=all_switchs[2])
print(all_switchs[2])
print(conf)

86
templates/hp_test.tpl Normal file
View file

@ -0,0 +1,86 @@
; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }}
hostname "{{ switch.short_name }}"
; Generated on {{ date_gen }} by re2o
;--- Snmp ---
snmp-server contact "root@crans.org"
snmp-server location "{{ switch.switchbay.name }}"
;A faire à la main
snmpv3 enable
snmpv3 restricted-access
;snmpv3 user "initial"
snmpv3 user "crans"
snmpv3 group ManagerPriv user "crans" sec-model ver3
snmp-server community "public" Operator
timesync sntp
sntp unicast
;--- Misc ---
console inactivity-timer 30
;--- IP du switch ---
no ip default-gateway
;--- Accès d'administration ---
no telnet-server
no web-management
aaa authentication ssh login public-key none
aaa authentication ssh enable public-key none
ip ssh
ip ssh filetransfer
ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
{%- if switch.subnet6 %}
ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
{%- endif %}
;--- Protection contre les boucles ---
loop-protect disable-timer 30
loop-protect transmit-interval 3
radius-server dyn-autz-port 3799
;--- Filtrage mac ---
aaa port-access mac-based addr-format multi-colon
;--- Bricoles ---
no cdp run
dhcp-snooping
;--- Config des prises ---
{%- for port in switch.ports %}
{%- if port.get_port_profil.radius_type == "802.1X" %}
aaa port-access authenticator {{ port.port }}
{%- if port.get_port_profil.mac_limit %}
aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }}
{%- endif %}
aaa port-access authenticator {{ port.port }} logoff-period 3600
{%- endif %}
{%- if port.get_port_profil.radius_type == "MAC-radius" %}
aaa port-access mac-based {{ port.port }}
{%- if port.get_port_profil.mac_limit %}
aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }}
{%- endif %}
aaa port-access mac-based {{ port.port }} logoff-period 3600
aaa port-access mac-based {{ port.port }} unauth-vid 1
{%- endif %}
interface {{ port.port }}
{%- if port.state %}
enable
{%- else %}
disable
{%- endif %}
name "{{ port.port }}"
{%- if port.get_port_profil.flow_control %}
flow control
{%- endif %}
{%- if not port.get_port_profil.dhcp_snooping %}
dhcp-snooping trust
{%- endif %}
{%- if not port.get_port_profil.arp_protect %}
arp-protect trust
{%- endif %}
{%- if not port.get_port_profil.dhcpv6_snooping %}
dhcpv6-snooping trust
{%- endif %}
no lacp
exit
{%- endfor %}
;--- Configuration comptabilisation RADIUS ---
aaa accounting network start-stop radius
aaa accounting session-id unique
aaa accounting update periodic 240
;--- Filtre de protocole ---
filter multicast 01005e0000fb drop all
filter multicast 3333000000fb drop all