Generateur de confi de switch HP

2018-07-08 19:13:58 +02:00 · 2018-07-08 19:13:58 +02:00 · d1b4f56913
commit d1b4f56913
parent a9ccc6ae82
4 changed files with 121 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 config.ini
 **/__pycache__/**
 **.list
 generated/*
--- a/generated/init.py
+++ b/generated/init.py
--- a/main.py
+++ b/main.py
@ -19,17 +19,62 @@ api_client = Re2oAPIClient(api_hostname, api_username, api_password)
 client_hostname = socket.gethostname().split('.', 1)[0]
 print("get switchs conf")
 all_switchs = api_client.list("switchs/ports-config/")
-
+all_vlans =  api_client.list("machines/vlan/")
 all_roles = api_client.list("machines/role/")
 # Création de l'environnement Jinja
 ENV = Environment(loader=FileSystemLoader('.'))
 # Import du fichier template dans une variable "template"
-template = ENV.get_template("templates/hp_test.tpl")
+template = ENV.get_template("templates/hp.tpl")
 # Création du template final avec les valeurs contenues dans le dictionnaire "valeurs" - Ces valeurs sont positionnées dans un objet "temp", qui sera utilisé par le moteur, et que l'on retrouve dans le template.
 conf = template.render(switch=all_switchs[2])
-print(all_switchs[2])
+def preprocess(switch):
    def add_to_vlans(vlans, vlan, port, tagged=True):
        if not vlan['vlan_id'] in vlans:
            if not tagged:
                vlans[vlan['vlan_id']] = {'ports_untagged' : [str(port['port'])], 'ports_tagged' : [], 'name' : vlan['name']}
            else:
                vlans[vlan['vlan_id']] = {'ports_tagged' : [str(port['port'])], 'ports_untagged' : [], 'name' : vlan['name']}
        else:
            if not tagged:
                vlans[vlan['vlan_id']]['ports_untagged'].append(str(port['port']))
            else:
                vlans[vlan['vlan_id']]['ports_tagged'].append(str(port['port']))
    ra_guarded = []
    loop_protected = []
    vlans = dict()
    for port in switch['ports']:
        if port['get_port_profil']['loop_protect']:
            loop_protected.append(str(port['port']))
        if port['get_port_profil']['ra_guard']:
            ra_guarded.append(str(port['port']))
        if port['get_port_profil']['vlan_untagged']:
            add_to_vlans(vlans, port['get_port_profil']['vlan_untagged'], port, tagged=False)
        if port['get_port_profil']['vlan_tagged']:
            for vlan in port['get_port_profil']['vlan_tagged']:
                add_to_vlans(vlans, vlan, port)
    arp_protect_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["arp_protect"]]
    dhcp_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcp_snooping"]]
    dhcpv6_snooping_vlans = [vlan["vlan_id"] for vlan in all_vlans if vlan["dhcpv6_snooping"]]
    ntp_servers = [server["servers"] for server in all_roles if server["role_type"] == "ntp-server"][0]
    log_servers = [server["servers"] for server in all_roles if server["role_type"] == "log-server"][0]
    return {'ra_guarded' : ra_guarded, 'loop_protected' : loop_protected, 'vlans' : vlans, 'arp_protect_vlans' : arp_protect_vlans, 'dhcp_snooping_vlans' : dhcp_snooping_vlans, 'dhcpv6_snooping_vlans' : dhcpv6_snooping_vlans, 'ntp_servers': ntp_servers, 'log_servers': log_servers}
 print("gen tpl")
 conf = template.render(switch=all_switchs[2], additionals=preprocess(all_switchs[2]))
 for switch in all_switchs:
    with open("generated/" + switch["short_name"] + ".conf", 'w+') as f:
        f.write(template.render(switch=switch, additionals=preprocess(switch)))
 print(conf)
--- a/templates/hp_test.tpl
+++ b/templates/hp_test.tpl
@ -12,12 +12,58 @@ snmpv3 restricted-access
 snmpv3 user "crans"
 snmpv3 group ManagerPriv user "crans" sec-model ver3
 snmp-server community "public" Operator
 ;--- Heure/date
 time timezone 60
 time daylight-time-rule Western-Europe
 {%- for server in additionals.ntp_servers %}
 {%- for interface in server.interface %}
 {%- if switch.subnet.0.vlan_id == interface.vlan_id %}
 sntp server priority {{ loop.index }} {{ interface.ipv4 }} 4
 {%- if interface.ipv6 %}
 sntp server priority {{ loop.index + 1 }} {{ interface.ipv6.0.ipv6 }} 4
 {%- endif %}
 {%- endif %}
 {%- endfor %}
 {%- endfor %}
 timesync sntp
 sntp unicast
 ;--- Misc ---
 console inactivity-timer 30
 ;--- Logs ---
 {%- for server in additionals.log_servers %}
 {%- for interface in server.interface %}
 {%- if switch.subnet.0.vlan_id == interface.vlan_id %}
 logging {{ interface.ipv4 }}
 {%- if interface.ipv6 %}
 logging {{ interface.ipv6.0.ipv6 }}
 {%- endif %}
 {%- endif %}
 {%- endfor %}
 {%- endfor %}
 ;--- IP du switch ---
 no ip default-gateway
 max-vlans 256
 {%- for id, vlan in additionals.vlans.items() %}
 vlan {{ id }}
   name "{{ vlan["name"]|capitalize }}"
   {%- if vlan["ports_tagged"] %}
   tagged {{ vlan["ports_tagged"]|join(' ') }}
   {%- endif %}
   {%- if vlan["ports_untagged"] %}
   untagged {{ vlan["ports_untagged"]|join(' ') }}
   {%- endif %}
   {%- if switch.subnet.0.vlan_id == id %}
   ip address {{ switch.ipv4 }} {{ switch.subnet.0.netmask }}
   {%- else %}
   no ip address
   {%- endif %}
   {%- if switch.subnet.0.vlan_id == id %}
   ipv6 address {{ switch.ipv6 }} {{ switch.subnet6.netmask }}
   {%- else %}
   no ipv6 enable
   {%- endif %}
 exit
 {%- endfor %}
 ;--- Accès d'administration ---
 no telnet-server
 no web-management
@ -25,19 +71,41 @@ aaa authentication ssh login public-key none
 aaa authentication ssh enable public-key none
 ip ssh
 ip ssh filetransfer
-ip authorized-managers {{ switch.subnet.0.network }} {{switch.subnet.0.netmask }} access manager
+ip authorized-managers {{ switch.subnet.0.network }} {{ switch.subnet.0.netmask }} access manager
 {%- if switch.subnet6 %}
-ipv6 authorized-managers {{ switch.subnet6.network }} {{switch.subnet6.netmask }} access manager
+ipv6 authorized-managers {{ switch.subnet6.network }} {{ switch.subnet6.netmask }} access manager
 {%- endif %}
 {%- if additionals.loop_protected %}
 ;--- Protection contre les boucles ---
 loop-protect disable-timer 30
 loop-protect transmit-interval 3
 loop-protect {{ additionals.loop_protected|join(' ') }}
 {%- endif %}
 radius-server dyn-autz-port 3799
 ;--- Filtrage mac ---
 aaa port-access mac-based addr-format multi-colon
 ;--- Bricoles ---
 no cdp run
 {%- if additionals.dhcp_snooping_vlans %}
 ;--- DHCP Snooping ---
 dhcp-snooping vlan {{ additionals.dhcp_snooping_vlans|join(' ') }}
 dhcp-snooping
 {%- endif %}
 {%- if additionals.arp_protect_vlans %}
 ;--- ARP Protect ---
 arp-protect
 arp-protect vlan {{ additionals.arp_protect_vlans|join(' ') }}
 arp-protect validate src-mac dest-mac
 {%- endif %}
 {%- if additionals.dhcpv6_snooping_vlans %}
 ;--- DHCPv6 Snooping ---
 dhcpv6-snooping vlan {{ additionals.dhcpv6_snooping_vlans|join(' ') }}
 dhcpv6-snooping
 {%- endif %}
 {%- if additionals.ra_guarded %}
 ;--- RA guards ---
 ipv6 ra-guard ports {{ additionals.ra_guarded|join(' ')}}
 {%- endif %}
 ;--- Config des prises ---
 {%- for port in switch.ports %}
 {%- if port.get_port_profil.radius_type == "802.1X" %}
@ -61,7 +129,7 @@ interface {{ port.port }}
   {%- else %}
   disable
   {%- endif %}
-   name "{{ port.port }}"
+   name "{{ port.pretty_name }}"
   {%- if port.get_port_profil.flow_control %}
   flow control
   {%- endif %}