1
|
|
2
|
|
3
|
from arv.lib.usezephir import *
|
4
|
from arv.lib.sw_config_apply import db_apply, ipsec_conf_apply
|
5
|
from arv.db.edge import *
|
6
|
from arv.db.node import *
|
7
|
from arv.db.initialize import initialize_database, commit_database ,rollback_database
|
8
|
from creole import cert
|
9
|
from arv.config import CACert
|
10
|
import sys
|
11
|
import traceback
|
12
|
if len(sys.argv) <= 1:
|
13
|
print 'Usage : CreateARVNodeConfWithZephirId.py <IdZ>'
|
14
|
sys.exit(1)
|
15
|
|
16
|
idz=sys.argv[1]
|
17
|
|
18
|
zephir = Zephir(user='admin-eole',password='xxxxxxxxxxxxxxxxxxx')
|
19
|
|
20
|
initialize_database()
|
21
|
|
22
|
credential = open(cert.ca_file, 'r').read()
|
23
|
credauth = get_credential_auth(credential=credential)
|
24
|
ca_toulouse = get_credential_auth(credential=CACert)
|
25
|
|
26
|
tmpl_sphynx = get_tmpl_node_by_name(u'Sphynx')
|
27
|
sphynx = tmpl_sphynx.nodes[0]
|
28
|
sphynx_extr = sphynx.get_extremities()[0]
|
29
|
sphynx_cert = sphynx.get_credentials()[1]
|
30
|
|
31
|
tmpl_amon = get_tmpl_node_by_name(u'Etablissement')
|
32
|
data_amon=zephir.get_etab_server(id_server=idz)
|
33
|
tmpl_amon_vertices = tmpl_amon.vertices
|
34
|
|
35
|
if data_amon['module_actuel'] != 136 and data_amon['module_actuel'] != 122 and data_amon['module_actuel'] != 28:
|
36
|
print "ceci n'est pas l'id d'un amon 2.4 !!! " + str(data_amon['module_actuel'])
|
37
|
rollback_database()
|
38
|
sys.exit(1)
|
39
|
|
40
|
|
41
|
try:
|
42
|
tmplconnect = get_tmpl_connects()[0]
|
43
|
except:
|
44
|
rollback_database()
|
45
|
print traceback.format_exc()
|
46
|
print "rollback_database and quit"
|
47
|
sys.exit(1)
|
48
|
|
49
|
|
50
|
if data_amon['libelle'] == 'pf-amon':
|
51
|
print "renommer le amon de pf-amon a pf-amon-RNE dans zephir et relancer le script"
|
52
|
rollback_database()
|
53
|
sys.exit(1)
|
54
|
|
55
|
|
56
|
amon = None
|
57
|
amons=get_nodes()
|
58
|
for a in amons:
|
59
|
if a.id_zephir == data_amon['id']:
|
60
|
print "amon " + str(a.name) + " trouvé sur le sphynx"
|
61
|
amon = a
|
62
|
break
|
63
|
|
64
|
|
65
|
if amon == None:
|
66
|
try:
|
67
|
print "amon non existant sur sphynx : création de " + str(data_amon['libelle'])
|
68
|
amon = tmpl_amon.add_node(name=data_amon['libelle'],uai=data_amon['rne'],id_zephir=data_amon['id'])
|
69
|
except:
|
70
|
print "problème pour créer le amon"
|
71
|
rollback_database()
|
72
|
sys.exit(1)
|
73
|
|
74
|
rne = amon.uai
|
75
|
amon.version = u'2.4'
|
76
|
|
77
|
if len(amon.get_extremities()) > 0:
|
78
|
amon_extr = amon.get_extremities()[0]
|
79
|
else:
|
80
|
try:
|
81
|
ip_eth0 = zephir.get_var(uai=data_amon['rne'],name=data_amon['libelle'],var='adresse_ip_eth0')
|
82
|
amon_extr = amon.add_extremity(pub_ip=data_amon['ip_publique'],priv_ip=ip_eth0)
|
83
|
except:
|
84
|
print "problème pour recuperer l'ip publique du amon"
|
85
|
rollback_database()
|
86
|
sys.exit(1)
|
87
|
|
88
|
|
89
|
if amon_extr == None:
|
90
|
print "Ip Publique amon introuvable"
|
91
|
rollback_database()
|
92
|
sys.exit(1)
|
93
|
|
94
|
|
95
|
try:
|
96
|
amon_credential = open('/root/certifsAgriates/' + str(rne) + '/' + str(rne) + '-01.pem', 'r').read()
|
97
|
amon_privkey = open('/root/certifsAgriates/' + str(rne) + '/' + str(rne) + '-01.key', 'r').read()
|
98
|
except:
|
99
|
print "probleme pour lire les certificats"
|
100
|
rollback_database()
|
101
|
sys.exit(1)
|
102
|
|
103
|
key_password='xxxxxxxxxxxxxxxxxxx'
|
104
|
|
105
|
try:
|
106
|
amon_cert= get_credential_auth(credential=amon_credential)
|
107
|
print "certificat amon existant"
|
108
|
if amon_cert == None:
|
109
|
amon_cert = amon.import_credential(private_key=amon_privkey,credential=amon_credential,passwd=key_password)
|
110
|
except:
|
111
|
print traceback.format_exc()
|
112
|
rollback_database()
|
113
|
sys.exit(1)
|
114
|
|
115
|
if amon_cert == None:
|
116
|
print traceback.format_exc()
|
117
|
print "probleme de certificat amon "
|
118
|
rollback_database()
|
119
|
sys.exit(1)
|
120
|
|
121
|
|
122
|
ip_network = zephir.get_var(uai=data_amon['rne'],name=data_amon['libelle'],var='adresse_network_eth1')
|
123
|
ip_netmask = zephir.get_var(uai=data_amon['rne'],name=data_amon['libelle'],var='adresse_netmask_eth1')
|
124
|
ip_netw_secure = zephir.get_var(uai=data_amon['rne'],name=data_amon['libelle'],var='netw_secure')
|
125
|
ip_mask_secure = zephir.get_var(uai=data_amon['rne'],name=data_amon['libelle'],var='mask_secure')
|
126
|
|
127
|
try:
|
128
|
subnet_admin = tmpl_amon_vertices[0]
|
129
|
amon_admin = subnet_admin.add_vertex(amon,ip1=ip_network,ip2=ip_netmask)
|
130
|
if ip_netw_secure != None:
|
131
|
subnet_reseaux_Peda = tmpl_amon_vertices[1]
|
132
|
amon_subnet_reseaux_Peda = subnet_reseaux_Peda.add_vertex(amon,ip1=ip_netw_secure,ip2=ip_mask_secure)
|
133
|
else:
|
134
|
|
135
|
pass
|
136
|
except:
|
137
|
rollback_database()
|
138
|
print traceback.format_exc()
|
139
|
print "problème pour recuperer les reseaux"
|
140
|
sys.exit(1)
|
141
|
|
142
|
|
143
|
try:
|
144
|
conn = None
|
145
|
for t in tmplconnect.connects:
|
146
|
if t.tail_node.name == amon.name:
|
147
|
conn = t
|
148
|
print "connexions existantes"
|
149
|
break
|
150
|
except:
|
151
|
rollback_database()
|
152
|
print traceback.format_exc()
|
153
|
print "rollback_database and quit"
|
154
|
sys.exit(1)
|
155
|
|
156
|
|
157
|
if conn == None:
|
158
|
amon_sph_connect = tmplconnect.add_connect(tail_node=amon,head_node=sphynx,tail_extr=amon_extr,head_extr=sphynx_extr,tail_cred=amon_cert,head_cred=sphynx_cert,leftsendcert='never')
|
159
|
try:
|
160
|
for e in tmplconnect.tmpl_edges:
|
161
|
e.add_edge(amon_sph_connect)
|
162
|
except:
|
163
|
rollback_database()
|
164
|
print traceback.format_exc()
|
165
|
print "rollback_database and quit"
|
166
|
sys.exit(1)
|
167
|
else:
|
168
|
|
169
|
t.mod_head_cred(sphynx_cert)
|
170
|
t.mod_head_extr(sphynx_extr)
|
171
|
t.mod_tail_cred(amon_cert)
|
172
|
t.mod_tail_extr(amon_extr)
|
173
|
t.leftsendcert = u'never'
|
174
|
|
175
|
|
176
|
commit_database()
|
177
|
|
178
|
|
179
|
ipsec_conf_apply(zephir=zephir)
|
180
|
print " Vous pouvez faire un active-rvp sur ce amon"
|