crans/scripts
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
scripts/gestion/gen_confs/generate.py
Valentin Samir 977d281c56 [firewall_new,config,firewall6,generate,ipt] On rediriges les machines blacklisté vers routeur 
Ignore-this: fc33fe2ea8d2c37c48b52d3e70443231
Pour ça, generate doit regénérer la chaine BLACKLIST_SOFT du firewall pour tout type de blacklist.
On on utilise plus le squid de sable, on néttoie les fonctions en question dans generate.
Pour rediriger vers routeur, un utilise le nginx de komaz comme relais, cf commit du 09/11/2012.

darcs-hash:20121111154240-3a55a-6d7b39b7797ff6950f18e436d7cfd187f31c4656.gz
2012-11-11 16:42:40 +01:00

413 lines
13 KiB
Python
Raw Blame History

#! /usr/bin/env python
# -*- coding: iso-8859-15 -*-
# Copyright (C) Frédéric Pauget
# Licence : GPLv2
"""Ce script permet de lancer la reconfiguration des divers services
Usage: %(prog)s options
Les options possibles sont :
\t%(options)s
Les options avec = doivent être suivies d'un argument. Plusieurs
arguments peuvent être founis pour une même option, les séparer par &
"""
import sys, signal, os, getopt
sys.path.append('/usr/scripts/gestion')
from ldap_crans import crans_ldap, hostname
from lock import *
from affich_tools import anim, cprint, OK
from time import localtime, strftime, time, sleep
import config
import midtools
from inspect import getargspec
from syslog import *
import platform
openlog("generate")
# On vérifie que l'on est root
if os.getuid() != 0:
sys.stderr.write("Il faut être root\n")
sys.exit(1)
signal.signal(signal.SIGINT, signal.SIG_IGN) # Pas de Ctrl-C
db = crans_ldap()
make_lock('auto_generate', 'Big lock', nowait=1)
class base_reconfigure:
__service_develop = {
'macip': [ 'redisdead-macip', 'zamok-macip', 'sable-macip', 'komaz-macip', 'gordon-macip',
'routeur-macip' ],
# 'droits': [ 'rouge-droits', 'ragnarok-droits' ],
'bl_carte_etudiant':['komaz-blacklist'],
'bl_chbre_invalide':['komaz-blacklist'],
'blacklist_mail_invalide':['komaz-blacklist'],
'blacklist_virus':['komaz-blacklist'],
'blacklist_warez':['komaz-blacklist'],
'blacklist_upload': ['komaz-blacklist', 'zamok-blacklist' ],
'blacklist_p2p': ['komaz-blacklist', 'zamok-blacklist' ],
'blacklist_autodisc_virus':['komaz-blacklist'],
'blacklist_autodisc_upload': ['komaz-blacklist', 'zamok-blacklist'],
'blacklist_autodisc_p2p': ['komaz-blacklist', 'zamok-blacklist'],
'blacklist_bloq': [ 'komaz-blacklist', 'zamok-blacklist', 'dns' ],
'del_user': [ 'daath-del_user', 'owl-del_user', 'zamok-del_user' ]
}
def __init__(self, to_do=None):
if not to_do:
if debug:
print 'Lecture des services à redémarrer dans la base LDAP...'
auto = True
to_do = {}
# Création de la liste de ce qu'il y a à faire
for serv in db.services_to_restart():
# Services spéciaux portant sur plusieurs machines
to_add = self.__service_develop.get(serv.nom, [])
if to_add:
for nom in to_add:
for t in serv.start:
db.services_to_restart(nom, serv.args, t)
if time() > t:
to_do[nom] = serv.args
db.services_to_restart('-' + serv.nom)
else:
for t in serv.start:
if time() > t:
to_do[serv.nom] = serv.args
break
else:
auto = False
if debug:
print 'Services à redémarrer imposés (non lecture de la base LDAP)'
for serv, args in to_do.items():
# Au cas où le service porte sur plusieurs machines
service = serv.replace('%s-' % hostname, '')
if hasattr(self, service):
# Le service est à reconfigurer sur cette machine
db.services_to_restart('-%s' % serv)
try:
m = getattr(self, service)
if len(getargspec(m)[0]) > 1:
m(args)
else:
m()
except:
if auto:
db.services_to_restart(serv, args)
sys.stderr.write('%s :' % serv)
import traceback
traceback.print_exc()
else:
# Le service n'existe pas
if debug:
print "Le service %s n'est pas disponible sur %s" % (service, hostname)
if debug:
reste = db.services_to_restart()
if reste:
print "Reste à faire :"
for s in reste:
try:
print '\t%s' % s
except UnicodeDecodeError:
print '\t%s: non imprimable' % s.nom
else:
print "Plus rien à faire"
def _machines(self):
""" Retourne les machines de la base étant 'à jour' """
return db.all_machines(graphic=True)
def _do(self, service, machines=None):
# Reconfiguration des services
service.debug = debug
if machines:
service.machines = machines
service.reconfigure()
def macip(self, ips):
if platform.dist()[1] >= '6':
import firewall_new
firewall = firewall_new
else:
import firewall
cprint(u"Mise a jour correspondance MAC-IP", 'gras')
eval("firewall.firewall_%s()" % hostname).mac_ip_maj(ips)
class redisdead(base_reconfigure):
def droits(self):
from gen_confs.droits import droits_ldap
self._do(droits_ldap())
def desabonner_ml(self, args):
from gen_confs.droits import desabonner_ml
d = desabonner_ml()
d.args = args
self._do(d)
def ML_ens(self, mails):
from adherents import ML_ens
self._do(ML_ens(mails))
def mail_ajout_droits(self, args):
from adherents import mail_ajout_droits
self._do(mail_ajout_droits(args))
def mail_modif(self, trucs):
"""
trucs est une liste de recherches à effectuer dans la base
l'affichage des résultats formera le corps du mail
"""
from supervison import mail
self._do(mail(trucs))
def mail_solde(self, modifs):
from gen_confs.supervison import mail_solde
self._do(mail_solde(modifs))
class owl(base_reconfigure):
def del_user(self, args):
# Suppression des fichiers index de dovecot
from adherents import del_user
self._do(del_user(args))
class pgsql(base_reconfigure):
def surveillance_exemptions(self):
from gen_confs.surveillance import exemptions
self._do(exemptions())
def surveillance_machines(self):
from gen_confs.surveillance import machines
self._do(machines(), self._machines())
class zamok(base_reconfigure):
def del_user(self, args):
# Suppression des fichies d'impression
from adherents import del_user
self._do(del_user(args))
def blacklist(self):
from firewall import firewall_zamok
firewall_zamok().blacklist()
class daath(base_reconfigure):
def home(self, args):
from adherents import home
self._do(home(args))
def del_user(self, args):
# Suppression du home et des mails
from adherents import del_user
self._do(del_user(args))
def mail_bienvenue(self, mails):
from adherents import mail_bienvenue
self._do(mail_bienvenue(mails))
class komaz(base_reconfigure):
def __fw(self):
if not hasattr(self, '__real_fw'):
from firewall_new import firewall_komaz
self.__real_fw = firewall_komaz()
return self.__real_fw
# Mimétisme de ma part -- xhub
def __fw6(self):
if not hasattr(self, '__real_fw6'):
from firewall6 import Update
self.__real_fw6 = Update()
return self.__real_fw6
def macip(self, ips):
cprint(u"Mise a jour correspondance MAC-IP", 'gras')
self.__fw().mac_ip_maj(ips)
self.__fw6().macs([], 6)
def ports(self, ips):
self.__fw().port_maj(ips)
#self.__fw6().ports(map(self.midt.from_ipv4, ips), 6)
def blacklist(self):
self.__fw().blacklist()
self.__fw6().blacklist(6)
def classify(self, ips):
self.__fw().classes_p2p_maj(ips)
class dyson(base_reconfigure):
def autostatus(self):
from autostatus import autostatus
self._do(autostatus())
def dhcp(self):
from gen_confs.dhcpd_new import dhcp
self._do(dhcp(), self._machines())
class dhcp(base_reconfigure):
def dhcp(self):
from gen_confs.dhcpd_new import dhcp
self._do(dhcp(), self._machines())
class sable(base_reconfigure):
def dhcp(self):
from gen_confs.dhcpd_new import dhcp
self._do(dhcp(), self._machines())
def dns(self):
from gen_confs.bind import dns
self._do(dns(), self._machines())
def macip(self, ips):
from firewall_new import firewall_sable
firewall_sable().mac_ip_maj(ips)
class ovh(base_reconfigure):
def dns(self):
from gen_confs.bind import dns
self._do(dns(), self._machines())
class charybde(base_reconfigure):
def dns(self):
from gen_confs.bind import dns
self._do(dns(), self._machines())
class routeur(base_reconfigure):
def dns(self):
from gen_confs.bind import dns
self._do(dns(), self._machines())
class ragnarok(base_reconfigure):
__restart_wifi_update = False
def macip(self):
# Surcharge car rien à faire ici
pass
def conf_wifi_ng(self):
from gen_confs.wifi_ng import conf_wifi_ng
bornes = None
if os.getenv("BORNE"):
bornes = os.getenv("BORNE").split(",")
self._do(conf_wifi_ng(bornes))
def dhcp(self):
from gen_confs.dhcpd import dhcp
self._do(dhcp(), self._machines())
def droits(self):
from gen_confs.droits import droits_openbsd
self._do(droits_openbsd())
class gordon(base_reconfigure) :
def dhcp(self):
from gen_confs.dhcpd_new import dhcp
self._do(dhcp(), self._machines())
class titanic(base_reconfigure):
def dhcp(self):
from gen_confs.dhcpd_new import dhcp
self._do(dhcp(), self._machines())
signal.signal(signal.SIGINT, signal.SIG_DFL) # Comportement normal de Ctrl-C
remove_lock('auto_generate')
if __name__ == '__main__':
openlog('generate', LOG_PID)
for x in db.services_to_restart():
try:
syslog(str(x))
except UnicodeDecodeError:
syslog("%s: non imprimable" % x.nom)
classe = eval(hostname)
args_autorises = ['quiet', 'remove=', 'add=', 'list', 'help', 'reconnect']
# Ajout aussi des arguments spécifiques à la machine
for nom in dir(classe):
if nom[0] != '_':
if len(getargspec(getattr(classe, nom))[0]) > 1:
nom += '='
args_autorises.append(nom)
##### Options fournies ?
try:
if len(sys.argv) > 1:
options, arg = getopt.getopt(sys.argv[1:], 'h', args_autorises)
else:
options, arg = ([], '')
except getopt.error, msg:
sys.stderr.write('%s\n' % msg)
sys.exit(255)
debug = 1 # défaut
to_do = {}
for opt, val in options:
if opt == '--quiet':
debug = 0
elif opt == '--remove':
for serv in val.split('&'):
print 'Supression de %s' % serv
db.services_to_restart('--%s' % serv)
sys.exit(0)
elif opt == '--list':
print 'Services à redémarrer :'
for s in db.services_to_restart():
try:
print '\t%s' % s
except UnicodeDecodeError:
print '\t%s: non imprimable' % s.nom
sys.exit(0)
elif opt == '--reconnect':
# Personnes à reconnecter
print 'Recherche des personnes en fin de sanction...'
c = db.search('blacklist=*')
services = []
hier = time() - 24*3600
for a_reco in c['adherent'] + c['machine'] + c['club']:
for bl in a_reco.blacklist():
fin, sanction = bl.split('$')[1:3]
if fin > hier and sanction not in services:
services.append(sanction)
for s in services:
print "Ajout de blacklist_%s pour reconfiguration" % s
db.services_to_restart('blacklist_%s' % s)
sys.exit(0)
elif opt == '--add':
# Ajout d'un item dans les services à redémarrer
for serv in val.split('&'):
if serv.find(',') != -1:
serv, arg = serv.split(',', 1)
arg = arg.split(',')
else:
arg = []
print 'Ajout de %s (%s)' % (serv, arg)
db.services_to_restart(serv, arg)
sys.exit(0)
elif opt == '-h' or opt == '--help':
print __doc__ % { 'prog': sys.argv[0].split('/')[-1],
'options': '--' + '\n\t--'.join(args_autorises) }
sys.exit(0)
elif len(opt) > 2 and opt[:2] == '--':
to_do[opt[2:]] = val.split('&')
# On fait ce qu'il y a à faire
classe(to_do)
Reference in a new issue View git blame Copy permalink