#! /usr/bin/env python # -*- coding: iso-8859-15 -*- # Copyright (C) Frédéric Pauget # Licence : GPLv2 """Ce script permet de lancer la reconfiguration des divers services Usage: %(prog)s options Les options possibles sont : \t%(options)s Les options avec = doivent être suivies d'un argument. Plusieurs arguments peuvent être founis pour une même option, les séparer par & """ import sys, signal, os, getopt sys.path.append('/usr/scripts/gestion') from ldap_crans import crans_ldap, hostname from lock import * from affich_tools import anim, cprint, OK from time import localtime, strftime, time, sleep import config from inspect import getargspec from syslog import * openlog("generate") # On vérifie que l'on est root if os.getuid() != 0: sys.stderr.write("Il faut être root\n") sys.exit(1) signal.signal(signal.SIGINT, signal.SIG_IGN) # Pas de Ctrl-C db = crans_ldap() make_lock('auto_generate', 'Big lock', nowait=1) class base_reconfigure: __service_develop = { 'macip': [ 'rouge-macip', 'zamok-macip', 'sable-macip', 'komaz-macip' ], 'droits': [ 'rouge-droits', 'ragnarok-droits' ], 'blacklist_upload': [ 'sable-blacklist_upload', 'komaz-blacklist' ], 'blacklist_p2p': [ 'sable-blacklist_p2p', 'komaz-blacklist' ], 'blacklist_autodisc_upload': [ 'sable-blacklist_autodisc_upload', 'komaz-blacklist'], 'blacklist_autodisc_p2p': [ 'sable-blacklist_autodisc_p2p', 'komaz-blacklist'], 'blacklist_bloq': [ 'komaz-blacklist', 'sable-blacklist_bloq' ], 'del_user': [ 'vert-del_user', 'rouge-del_user', 'zamok-del_user' ] } def __init__(self, to_do=None): if not to_do: if debug: print 'Lecture des services à redémarrer dans la base LDAP...' auto = True to_do = {} # Création de la liste de ce qu'il y a à faire for serv in db.services_to_restart(): # Services spéciaux portant sur plusieurs machines to_add = self.__service_develop.get(serv.nom, []) if to_add: for nom in to_add: for t in serv.start: db.services_to_restart(nom, serv.args, t) if time() > t: to_do[nom] = serv.args db.services_to_restart('-' + serv.nom) else: for t in serv.start: if time() > t: to_do[serv.nom] = serv.args break else: auto = False if debug: print 'Services à redémarrer imposés (non lecture de la base LDAP)' for serv, args in to_do.items(): # Au cas où le service porte sur plusieurs machines service = serv.replace('%s-' % hostname, '') if hasattr(self, service): # Le service est à reconfigurer sur cette machine db.services_to_restart('-%s' % serv) try: m = getattr(self, service) if len(getargspec(m)[0]) > 1: m(args) else: m() except: if auto: db.services_to_restart(serv, args) sys.stderr.write('%s :' % serv) import traceback traceback.print_exc() else: # Le service n'existe pas if debug: print "Le service %s n'est pas disponible sur %s" % (service, hostname) if debug: reste = db.services_to_restart() if reste: print "Reste à faire :" for s in reste: print '\t%s' % s else: print "Plus rien à faire" def _machines(self): """ Retourne les machines de la base étant 'à jour' """ return db.all_machines(graphic=True) def _do(self, service, machines=None): # Reconfiguration des services service.debug = debug if machines: service.machines = machines service.reconfigure() def macip(self, ips): import firewall cprint(u"Mise a jour correspondance MAC-IP", 'gras') eval("firewall.firewall_%s()" % hostname).mac_ip_maj(ips) class rouge(base_reconfigure): def autostatus(self): from autostatus import autostatus self._do(autostatus()) def dhcp(self): from gen_confs.dhcpd import dhcp self._do(dhcp(), self._machines()) def droits(self): from gen_confs.droits import droits_ldap self._do(droits_ldap()) def ML_ens(self, mails): from adherents import ML_ens self._do(ML_ens(mails)) def mail_modif(self, trucs): """ trucs est une liste de recherches à effectuer dans la base l'affichage des résultats formera le corps du mail """ from supervison import mail self._do(mail(trucs)) def mail_solde(self, modifs): from gen_confs.supervison import mail_solde self._do(mail_solde(modifs)) def switch(self, chambres): from gen_confs.switchs import switch self._do(switch(chambres)) def del_user(self, args): # Suppression des fichiers index de dovecot from adherents import del_user self._do(del_user(args)) def mail_valide(self, args): from adherents import mail_valide self._do(mail_valide(args)) def mail_ajout_droits(self, args): from adherents import mail_ajout_droits self._do(mail_ajout_droits(args)) class pgsql(base_reconfigure): def surveillance_exemptions(self): from gen_confs.surveillance import exemptions self._do(exemptions()) def surveillance_machines(self): from gen_confs.surveillance import machines self._do(machines(), self._machines()) class zamok(base_reconfigure): def del_user(self, args): # Suppression des fichies d'impression from adherents import del_user self._do(del_user(args)) class fx(base_reconfigure): def home(self, args): from adherents import home self._do(home(args)) def del_user(self, args): # Suppression du home et des mails from adherents import del_user self._do(del_user(args)) class komaz(base_reconfigure): def __fw(self): if not hasattr(self, '__real_fw'): from firewall import firewall_komaz self.__real_fw = firewall_komaz() return self.__real_fw def macip(self, ips): cprint(u"Mise a jour correspondance MAC-IP", 'gras') self.__fw().mac_ip_maj(ips) def ports(self, ips): self.__fw().port_maj(ips) def blacklist(self): self.__fw().blacklist() def classify(self, ips): self.__fw().classes_p2p_maj(ips) class sable(base_reconfigure): def dns(self): from gen_confs.bind import dns self._do(dns(), self._machines()) def bl_carte_etudiant(self): from gen_confs.squid import squid_carte self._do(squid_carte()) def bl_chbre_invalide(self): from gen_confs.squid import squid_chbre self._do(squid_chbre()) def blacklist_virus(self): from gen_confs.squid import squid_virus self._do(squid_virus()) def blacklist_warez(self): from gen_confs.squid import squid_warez self._do(squid_warez()) def blacklist_upload(self): from gen_confs.squid import squid_upload self._do(squid_upload()) def blacklist_p2p(self): from gen_confs.squid import squid_p2p self._do(squid_p2p()) def blacklist_autodisc_upload(self): from gen_confs.squid import squid_autodisc_upload self._do(squid_autodisc_upload()) def blacklist_autodisc_p2p(self): from gen_confs.squid import squid_autodisc_p2p self._do(squid_autodisc_p2p()) def blacklist_bloq(self): from gen_confs.squid import squid_bloq self._do(squid_bloq()) sila = sable class ragnarok(base_reconfigure): __restart_wifi_update = False def macip(self): # Surcharge car rien à faire ici pass def conf_wifi_ng(self): from gen_confs.wifi_ng import conf_wifi_ng bornes = None if os.getenv("BORNE"): bornes = os.getenv("BORNE").split(",") self._do(conf_wifi_ng(bornes)) def dhcp(self): from gen_confs.dhcpd import dhcp self._do(dhcp(), self._machines()) def droits(self): from gen_confs.droits import droits_openbsd self._do(droits_openbsd()) class vert(base_reconfigure): def home(self, args): from adherents import home self._do(home(args)) def del_user(self, args): from adherents import del_user self._do(del_user(args)) def mail_bienvenue(self, mails): from adherents import mail_bienvenue self._do(mail_bienvenue(mails)) class titanic(base_reconfigure): def dhcp(self): from gen_confs.dhcpd import dhcp self._do(dhcp(), self._machines()) signal.signal(signal.SIGINT, signal.SIG_DFL) # Comportement normal de Ctrl-C remove_lock('auto_generate') if __name__ == '__main__': openlog('generate', LOG_PID) for x in db.services_to_restart(): syslog(str(x)) classe = eval(hostname) args_autorises = ['quiet', 'remove=', 'add=', 'list', 'help', 'reconnect'] # Ajout aussi des arguments spécifiques à la machine for nom in dir(classe): if nom[0] != '_': if len(getargspec(getattr(classe, nom))[0]) > 1: nom += '=' args_autorises.append(nom) ##### Options fournies ? try: if len(sys.argv) > 1: options, arg = getopt.getopt(sys.argv[1:], 'h', args_autorises) else: options, arg = ([], '') except getopt.error, msg: sys.stderr.write('%s\n' % msg) sys.exit(255) debug = 1 # défaut to_do = {} for opt, val in options: if opt == '--quiet': debug = 0 elif opt == '--remove': for serv in val.split('&'): print 'Supression de %s' % serv db.services_to_restart('--%s' % serv) sys.exit(0) elif opt == '--list': print 'Services à redémarrer :' for s in db.services_to_restart(): print '\t%s' % s sys.exit(0) elif opt == '--reconnect': # Personnes à reconnecter print 'Recherche des personnes en fin de sanction...' c = db.search('blacklist=*') services = [] hier = time() - 24*3600 for a_reco in c['adherent'] + c['machine'] + c['club']: for bl in a_reco.blacklist(): fin, sanction = bl.split('$')[1:3] if fin > hier and sanction not in services: services.append(sanction) for s in services: print "Ajout de blacklist_%s pour reconfiguration" % s db.services_to_restart('blacklist_%s' % s) sys.exit(0) elif opt == '--add': # Ajout d'un item dans les services à redémarrer for serv in val.split('&'): if serv.find(',') != -1: serv, arg = serv.split(',', 1) arg = arg.split(',') else: arg = [] print 'Ajout de %s (%s)' % (serv, arg) db.services_to_restart(serv, arg) sys.exit(0) elif opt == '-h' or opt == '--help': print __doc__ % { 'prog': sys.argv[0].split('/')[-1], 'options': '--' + '\n\t--'.join(args_autorises) } sys.exit(0) elif len(opt) > 2 and opt[:2] == '--': to_do[opt[2:]] = val.split('&') # On fait ce qu'il y a à faire classe(to_do)