diff --git a/main.py b/main.py index 1b71287..46e6de9 100755 --- a/main.py +++ b/main.py @@ -4,6 +4,8 @@ import socket from re2oapi import Re2oAPIClient +from jinja2 import Environment, FileSystemLoader + config = ConfigParser() config.read('config.ini') @@ -11,40 +13,23 @@ api_hostname = config.get('Re2o', 'hostname') api_password = config.get('Re2o', 'password') api_username = config.get('Re2o', 'username') -def regen_dhcp(api_client): - host_mac_ip = {} - for hmi in api_client.list("dhcp/hostmacip/"): - if hmi['extension'] not in host_mac_ip.keys(): - host_mac_ip[hmi['extension']] = [] - host_mac_ip[hmi['extension']].append((hmi['hostname'], - hmi['mac_address'], - hmi['ipv4'])) - - template = ("host {hostname}{extension} {{\n" - " hardware ethernet {mac_address};\n" - " fixed-address {ipv4};\n" - "}}") - - for extension, hmi_list in host_mac_ip.items(): - dhcp_leases_content = '\n\n'.join(template.format( - hostname=hostname, - extension=extension, - mac_address=mac_address, - ipv4=ipv4 - ) for hostname, mac_address, ipv4 in hmi_list) - - filename = 'dhcp{extension}.list'.format(extension=extension) - with open(filename, 'w+') as f: - f.write(dhcp_leases_content) api_client = Re2oAPIClient(api_hostname, api_username, api_password) client_hostname = socket.gethostname().split('.', 1)[0] -for service in api_client.list("services/regen"): - #if service['hostname'] == client_hostname and \ - # service['service_name'] == 'dhcp' and \ - # service['need_regen']: - regen_dhcp(api_client) - api_client.patch(service['api_url'], data={'need_regen': False}) +all_switchs = api_client.list("switchs/ports-config/") + + +# Création de l'environnement Jinja +ENV = Environment(loader=FileSystemLoader('.')) + +# Import du fichier template dans une variable "template" +template = ENV.get_template("templates/hp_test.tpl") + +# Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template. +conf = template.render(switch=all_switchs[2]) + +print(all_switchs[2]) +print(conf) diff --git a/templates/hp_test.tpl b/templates/hp_test.tpl new file mode 100644 index 0000000..1ef99a8 --- /dev/null +++ b/templates/hp_test.tpl @@ -0,0 +1,86 @@ +; {{ switch.model.reference }}A Configuration Editor; Created on release #{{ firmware }} + +hostname "{{ switch.short_name }}" +; Generated on {{ date_gen }} by re2o +;--- Snmp --- +snmp-server contact "root@crans.org" +snmp-server location "{{ switch.switchbay.name }}" +;A faire à la main +snmpv3 enable +snmpv3 restricted-access +;snmpv3 user "initial" +snmpv3 user "crans" +snmpv3 group ManagerPriv user "crans" sec-model ver3 +snmp-server community "public" Operator +timesync sntp +sntp unicast +;--- Misc --- +console inactivity-timer 30 +;--- IP du switch --- +no ip default-gateway +;--- Accès d'administration --- +no telnet-server +no web-management +aaa authentication ssh login public-key none +aaa authentication ssh enable public-key none +ip ssh +ip ssh filetransfer +ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager +{%- if switch.subnet6 %} +ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager +{%- endif %} +;--- Protection contre les boucles --- +loop-protect disable-timer 30 +loop-protect transmit-interval 3 +radius-server dyn-autz-port 3799 +;--- Filtrage mac --- +aaa port-access mac-based addr-format multi-colon +;--- Bricoles --- +no cdp run +dhcp-snooping +;--- Config des prises --- +{%- for port in switch.ports %} +{%- if port.get_port_profil.radius_type == "802.1X" %} +aaa port-access authenticator {{ port.port }} +{%- if port.get_port_profil.mac_limit %} +aaa port-access authenticator {{ port.port }} client-limit {{ port.get_port_profil.mac_limit }} +{%- endif %} +aaa port-access authenticator {{ port.port }} logoff-period 3600 +{%- endif %} +{%- if port.get_port_profil.radius_type == "MAC-radius" %} +aaa port-access mac-based {{ port.port }} +{%- if port.get_port_profil.mac_limit %} +aaa port-access mac-based {{ port.port }} addr-limit {{ port.get_port_profil.mac_limit }} +{%- endif %} +aaa port-access mac-based {{ port.port }} logoff-period 3600 +aaa port-access mac-based {{ port.port }} unauth-vid 1 +{%- endif %} +interface {{ port.port }} + {%- if port.state %} + enable + {%- else %} + disable + {%- endif %} + name "{{ port.port }}" + {%- if port.get_port_profil.flow_control %} + flow control + {%- endif %} + {%- if not port.get_port_profil.dhcp_snooping %} + dhcp-snooping trust + {%- endif %} + {%- if not port.get_port_profil.arp_protect %} + arp-protect trust + {%- endif %} + {%- if not port.get_port_profil.dhcpv6_snooping %} + dhcpv6-snooping trust + {%- endif %} + no lacp +exit +{%- endfor %} +;--- Configuration comptabilisation RADIUS --- +aaa accounting network start-stop radius +aaa accounting session-id unique +aaa accounting update periodic 240 +;--- Filtre de protocole --- +filter multicast 01005e0000fb drop all +filter multicast 3333000000fb drop all