diff options
| -rw-r--r-- | fap/README.md | 3 | ||||
| -rw-r--r-- | fap/database/README.md | 43 | ||||
| -rw-r--r-- | fap/httpd/README.md | 26 | ||||
| -rw-r--r-- | fap/httpd/ex2200.template | 29 | ||||
| -rw-r--r-- | fap/httpd/files/.gitignore | 3 | ||||
| -rw-r--r-- | fap/httpd/httpd_root/.htaccess | 3 | ||||
| -rw-r--r-- | fap/httpd/httpd_root/ex2200.template | 226 | ||||
| -rw-r--r-- | fap/httpd/httpd_root/x.php | 52 | ||||
| -rw-r--r-- | fap/httpd/server_http.py | 5 |
9 files changed, 338 insertions, 52 deletions
diff --git a/fap/README.md b/fap/README.md index af91c1b..f41e879 100644 --- a/fap/README.md +++ b/fap/README.md @@ -25,7 +25,8 @@ Example: <a href="dhcpd/terminal.log">dhcpd/terminal.log</a> # TODO -* Support for IPv6 management (in progress) +* DONE: Support for IPv6 management +* Process multiple HTTP request simultaneously * Support for only pushing JunOS image to switch - no config (for backup switches) * Try/catch on whole ethernet frame in DHCPD * Timestamps on each line in log both from DHCPD and HTTPD diff --git a/fap/database/README.md b/fap/database/README.md index e49ab91..c4cfde7 100644 --- a/fap/database/README.md +++ b/fap/database/README.md @@ -27,11 +27,12 @@ bootstrap=> \d switches mgmt_gw | character varying(15) | not null mgmt_vlan | smallint | not null last_config_fetch | integer | - current_mac | character varying(17) | default NULL::character varying + current_mac | character varying(17) | model | character varying(20) | - ztp_addr | character varying(15) | - ztp_cidr | smallint | - ztp_gw | character varying(15) | + traffic_vlan | integer | + mgmt_v6_cidr | smallint | + mgmt_v6_addr | character varying(35) | + mgmt_v6_gw | character varying(35) | Indexes: "switches_pkey" PRIMARY KEY, btree (id) ``` @@ -39,19 +40,19 @@ Indexes: **Sample content in DB** ``` -bootstrap=> select * from switches; - id | hostname | distro_name | distro_phy_port | mgmt_addr | mgmt_cidr | mgmt_gw | mgmt_vlan | last_config_fetch | current_mac | model | ztp_addr | ztp_cidr | ztp_gw | traffic_vlan -----+----------+-------------+-----------------+-----------+-----------+----------+-----------+-------------------+-------------------+-------+----------+----------+--------+-------------- - 23 | e-00-2 | rs1.sector0 | ge-0/0/2 | 10.0.0.12 | 24 | 10.0.0.1 | 666 | | | | | | | 102 - 25 | e-00-4 | rs1.sector0 | ge-0/0/4 | 10.0.0.14 | 24 | 10.0.0.1 | 666 | | | | | | | 104 - 27 | e-00-6 | rs1.sector0 | ge-0/0/6 | 10.0.0.16 | 24 | 10.0.0.1 | 666 | | | | | | | 106 - 26 | e-00-5 | rs1.sector0 | ge-0/0/5 | 10.0.0.15 | 24 | 10.0.0.1 | 666 | 1426539826 | 44:f4:77:69:5e:c1 | | | | | 105 - 24 | e-00-3 | rs1.sector0 | ge-0/0/3 | 10.0.0.13 | 24 | 10.0.0.1 | 666 | 1426535091 | 44:f4:77:69:49:81 | | | | | 103 - 22 | e-00-1 | rs1.sector0 | ge-0/0/1 | 10.0.0.11 | 24 | 10.0.0.1 | 666 | 1426535243 | 44:f4:77:68:f7:c1 | | | | | 101 - 30 | e-00-9 | rs1.sector0 | ge-0/0/9 | 10.0.0.19 | 24 | 10.0.0.1 | 666 | 1426539974 | 44:f4:77:68:b5:01 | | | | | 109 - 21 | e-00-0 | rs1.sector0 | ge-0/0/0 | 10.0.0.10 | 24 | 10.0.0.1 | 666 | 1426540122 | 44:f4:77:69:4c:c1 | | | | | 100 - 28 | e-00-7 | rs1.sector0 | ge-0/0/7 | 10.0.0.17 | 24 | 10.0.0.1 | 666 | 1426540272 | 44:f4:77:69:22:41 | | | | | 107 - 29 | e-00-8 | rs1.sector0 | ge-0/0/8 | 10.0.0.18 | 24 | 10.0.0.1 | 666 | 1426540272 | 44:f4:77:69:4f:c1 | | | | | 108 +bootstrap=> select * from switches order by hostname; + id | hostname | distro_name | distro_phy_port | mgmt_addr | mgmt_cidr | mgmt_gw | mgmt_vlan | last_config_fetch | current_mac | model | traffic_vlan | mgmt_v6_cidr | mgmt_v6_addr | mgmt_v6_gw +----+----------+-------------+-----------------+-----------+-----------+----------+-----------+-------------------+-------------------+-------+--------------+--------------+---------------------+------------------- + 21 | e-00-0 | rs1.sector0 | ge-0/0/0 | 10.0.0.10 | 24 | 10.0.0.1 | 666 | 1426608997 | 44:f4:77:69:51:41 | | 100 | 64 | 2a02:ed02:0666::100 | 2a02:ed02:0666::1 + 22 | e-00-1 | rs1.sector0 | ge-0/0/1 | 10.0.0.11 | 24 | 10.0.0.1 | 666 | 1426607722 | 44:f4:77:68:f7:c1 | | 101 | 64 | 2a02:ed02:0666::101 | 2a02:ed02:0666::1 + 23 | e-00-2 | rs1.sector0 | ge-0/0/2 | 10.0.0.12 | 24 | 10.0.0.1 | 666 | | | | 102 | 64 | 2a02:ed02:0666::102 | 2a02:ed02:0666::1 + 24 | e-00-3 | rs1.sector0 | ge-0/0/3 | 10.0.0.13 | 24 | 10.0.0.1 | 666 | 1426606900 | 44:f4:77:69:49:81 | | 103 | 64 | 2a02:ed02:0666::103 | 2a02:ed02:0666::1 + 25 | e-00-4 | rs1.sector0 | ge-0/0/4 | 10.0.0.14 | 24 | 10.0.0.1 | 666 | | | | 104 | 64 | 2a02:ed02:0666::104 | 2a02:ed02:0666::1 + 26 | e-00-5 | rs1.sector0 | ge-0/0/5 | 10.0.0.15 | 24 | 10.0.0.1 | 666 | 1426607987 | 44:f4:77:69:5e:c1 | | 105 | 64 | 2a02:ed02:0666::105 | 2a02:ed02:0666::1 + 27 | e-00-6 | rs1.sector0 | ge-0/0/6 | 10.0.0.16 | 24 | 10.0.0.1 | 666 | | | | 106 | 64 | 2a02:ed02:0666::106 | 2a02:ed02:0666::1 + 28 | e-00-7 | rs1.sector0 | ge-0/0/7 | 10.0.0.17 | 24 | 10.0.0.1 | 666 | 1426540295 | 44:f4:77:69:22:41 | | 107 | 64 | 2a02:ed02:0666::107 | 2a02:ed02:0666::1 + 29 | e-00-8 | rs1.sector0 | ge-0/0/8 | 10.0.0.18 | 24 | 10.0.0.1 | 666 | 1426608145 | 44:f4:77:69:4f:c1 | | 108 | 64 | 2a02:ed02:0666::108 | 2a02:ed02:0666::1 + 30 | e-00-9 | rs1.sector0 | ge-0/0/9 | 10.0.0.19 | 24 | 10.0.0.1 | 666 | 1426608293 | 44:f4:77:68:b5:01 | | 109 | 64 | 2a02:ed02:0666::109 | 2a02:ed02:0666::1 (10 rows) ``` @@ -102,10 +103,4 @@ values ## TODO -ALTER TABLE bootstrap ADD mgmt_v6_cidr smallint; -ALTER TABLE bootstrap ADD mgmt_v6_addr character varying(35); -ALTER TABLE bootstrap ADD mgmt_v6_gw character varying(35); - -Rename v4 column names to follow v6 scheme - -Delete ztp_* columns +* Rename v4 column names to follow v6 scheme diff --git a/fap/httpd/README.md b/fap/httpd/README.md new file mode 100644 index 0000000..73c5634 --- /dev/null +++ b/fap/httpd/README.md @@ -0,0 +1,26 @@ +# HTTPD + +Well, not working out quite as I've hoped (at least for now). + +Resorted to Apache2, PHP and Postgres for the HTTP. Apache starts at boot, so no action required to get the stack up and after installation. + +``` +j@lappie:~/git/tgmanage$ cat /etc/apache2/sites-enabled/000-default.conf +<VirtualHost *:80> + ServerAdmin webmaster@localhost + + DocumentRoot /home/j/git/tgmanage/fap/httpd/httpd_root/ + + <Directory /home/j/git/tgmanage/fap/httpd/httpd_root> + Options Indexes FollowSymLinks MultiViews + AllowOverride All + Order allow,deny + allow from all + </Directory> + + ErrorLog ${APACHE_LOG_DIR}/error.log + LogLevel warn + + CustomLog ${APACHE_LOG_DIR}/access.log combined +</VirtualHost> +``` diff --git a/fap/httpd/ex2200.template b/fap/httpd/ex2200.template index aa62ff2..3adcdf9 100644 --- a/fap/httpd/ex2200.template +++ b/fap/httpd/ex2200.template @@ -82,9 +82,8 @@ interfaces { family ethernet-switching { port-mode trunk; vlan { - members deltagere; + members [deltagere mgmt]; } - native-vlan-id mgmt; } } } @@ -101,6 +100,7 @@ interfaces { filter { input v6-mgmt; } + address $mgmt_v6_addr/$mgmt_v6_cidr; } } } @@ -162,29 +162,6 @@ firewall { } } -ethernet-switching-options { - secure-access-port { - interface edge-ports { - no-dhcp-trusted; - } - vlan deltagere { - arp-inspection; - examine-dhcp; - examine-dhcpv6; - neighbor-discovery-inspection; - ip-source-guard; - ipv6-source-guard; - dhcp-option82; - dhcpv6-option18 { - use-option-82; - } - } - ipv6-source-guard-sessions { - max-number 128; - } - } -} - protocols { sflow { sample-rate { @@ -240,7 +217,7 @@ routing-options { rib inet6.0 { static { route ::/0 { - next-hop 20a0:dead::beef; + next-hop $mgmt_v6_gw; } } } diff --git a/fap/httpd/files/.gitignore b/fap/httpd/files/.gitignore new file mode 100644 index 0000000..cec9082 --- /dev/null +++ b/fap/httpd/files/.gitignore @@ -0,0 +1,3 @@ +* + +!.gitignore diff --git a/fap/httpd/httpd_root/.htaccess b/fap/httpd/httpd_root/.htaccess new file mode 100644 index 0000000..17add11 --- /dev/null +++ b/fap/httpd/httpd_root/.htaccess @@ -0,0 +1,3 @@ +RewriteEngine on +RewriteRule ^files/(.+)$ x.php?mode=image&file=$1 [L] +RewriteRule ^tg-edge/(.+)$ x.php?mode=config&hostname=$1 [L] diff --git a/fap/httpd/httpd_root/ex2200.template b/fap/httpd/httpd_root/ex2200.template new file mode 100644 index 0000000..e7c99f7 --- /dev/null +++ b/fap/httpd/httpd_root/ex2200.template @@ -0,0 +1,226 @@ +system { + host-name <?php echo $c['hostname']; ?>; + auto-snapshot; + time-zone Europe/Oslo; + authentication-order [ tacplus password ]; + root-authentication { + encrypted-password "$1$v1xWD3zI$OhStP6PnpgIUO3RLtMmIJ/"; + } + name-server { + 1.1.1.1; + 2.2.2.2; + } + login { + user technet{ + uid 2000; + class super-user; + authentication { + encrypted-password "$1$v1xWD3zI$OhStP6PnpgIUO3RLtMmIJ/"; + } + } + } + services { + ssh { + root-login deny; + } + netconf { + ssh; + } + } + syslog { + user * { + any emergency; + } + file messages { + any notice; + authorization info; + } + file interactive-commands { + interactive-commands any; + } + } + ntp { + server 1.2.3.4; + server 2.3.4.5; + } +} + +chassis { + aggregated-devices { + ethernet { + device-count 1; + } + } +} + +interfaces { + interface-range edge-ports { + member-range ge-0/0/0 to ge-0/0/43; + unit 0 { + family ethernet-switching { + port-mode access; + vlan { + members deltagere; + } + } + } + } + interface-range core-ports { + member-range ge-0/0/44 to ge-0/0/47; + ether-options { + 802.3ad ae0; + } + } + ae0 { + description "Til <?php echo $c['distro_name']; ?> <?php echo $c['distro_phy_port']; ?>"; + aggregated-ether-options { + lacp { + active; + } + } + unit 0 { + family ethernet-switching { + port-mode trunk; + vlan { + members [deltagere mgmt]; + } + } + } + } + vlan { + unit <?php echo $c['mgmt_vlan']; ?> { + description "MGMT L3 interface"; + family inet { + filter { + input v4-mgmt; + } + address <?php echo $c['mgmt_addr'] . '/' . $c['mgmt_cidr']; ?>; + } + family inet6 { + filter { + input v6-mgmt; + } + address <?php echo $c['mgmt_v6_addr'] . '/' . $c['mgmt_v6_cidr']; ?>; + } + } + } +} +firewall { + family inet { + filter v4-mgmt { + term accept-noc { + from { + source-address { + 0.0.0.0/0; + } + } + then accept; + } + term accept-icmp { + from { + protocol icmp; + } + then { + accept; + } + } + term reject-all { + then { + log; + syslog; + reject; + } + } + } + } + family inet6 { + filter v6-mgmt { + term accept-noc { + from { + source-address { + ::/0; + } + } + then accept; + } + term accept-icmp { + from { + next-header icmp6; + } + then { + accept; + } + } + term reject-all { + then { + log; + syslog; + reject; + } + } + } + } +} + +protocols { + sflow { + sample-rate { + ingress 10000; + egress 10000; + } + collector 91.209.30.12; + interfaces edge-ports; + interfaces core-ports; + } + igmp-snooping { + vlan all { + version 3; + immediate-leave; + } + } + mld-snooping { + vlan all { + version 2; + immediate-leave; + } + } + rstp { + bridge-priority 8k; + interface edge-ports { + edge; + no-root-port; + } + } + lldp { + interface ae0.0 + } +} + +vlans { + deltagere { + vlan-id <?php echo $c['traffic_vlan']; ?>; + } + mgmt { + vlan-id <?php echo $c['mgmt_vlan']; ?>; + l3-interface vlan.<?php echo $c['mgmt_vlan']; ?>; + } +} + +routing-options { + rib inet.0 { + static { + route 0.0.0.0/0 { + next-hop <?php echo $c['mgmt_gw']; ?>; + } + } + } + rib inet6.0 { + static { + route ::/0 { + next-hop <?php echo $c['mgmt_v6_gw']; ?>; + } + } + } +} + + diff --git a/fap/httpd/httpd_root/x.php b/fap/httpd/httpd_root/x.php new file mode 100644 index 0000000..70607cc --- /dev/null +++ b/fap/httpd/httpd_root/x.php @@ -0,0 +1,52 @@ +<?php + if(isset($_GET['mode'])){ + if($_GET['mode'] === 'config'){ + # LASTE NED CONFIG + /* + header('Content-Description: File Transfer'); + header('Content-Type: application/octet-stream'); + header('Content-Disposition: attachment; filename='.basename($file)); + header('Content-Length: ' . filesize('../files/' . $_GET['file'])); + + + */ + + $dbconn = pg_connect("host=localhost dbname=bootstrap user=bootstrap password=asdf") + or die('Could not connect: ' . pg_last_error()); + + // Performing SQL query + $query = 'SELECT * FROM switches WHERE hostname = \'' . $_GET['hostname'] . '\''; + $result = pg_query($query) or die('Query failed: ' . pg_last_error()); + if(pg_num_rows($result) == 1){ + $c = pg_fetch_assoc($result); + include 'ex2200.template'; + }else{ + header("HTTP/1.0 404 Not Found"); + die(); + } + + }elseif($_GET['mode'] === 'image'){ + if(isset($_GET['file']) && is_readable('../files/' . $_GET['file'])){ + # SEND IMAGE + header('Content-Description: File Transfer'); + header('Content-Type: application/octet-stream'); + header('Content-Disposition: attachment; filename='.basename($file)); + header('Content-Length: ' . filesize('../files/' . $_GET['file'])); + readfile('../files/' . $_GET['file']); + }else{ + header("HTTP/1.1 404 Not Found"); + die(); + } + + } + } + /* + if(substr($_SERVER['REQUEST_URI'], 0, 7 === '/files/'){ + # Laste ned JunOS-fil + echo 'henter fil'; + }elseif(substr($_SERVER['REQUEST_URI'], 0, 9 === '/tg-edge/'){ + # Hente config fra Postgres + echo 'henter config'; + } + */ +?> diff --git a/fap/httpd/server_http.py b/fap/httpd/server_http.py index bc9ceea..a9ae74c 100644 --- a/fap/httpd/server_http.py +++ b/fap/httpd/server_http.py @@ -62,7 +62,10 @@ def main(): 'mgmt_cidr': row['mgmt_cidr'], 'mgmt_gw': row['mgmt_gw'], 'mgmt_vlan': row['mgmt_vlan'], - 'traffic_vlan': row['traffic_vlan'] + 'traffic_vlan': row['traffic_vlan'], + 'mgmt_v6_addr': row['mgmt_v6_addr'], + 'mgmt_v6_cidr': row['mgmt_v6_cidr'], + 'mgmt_v6_gw': row['mgmt_v6_gw'] } cur.execute("UPDATE switches SET last_config_fetch = '%s' WHERE hostname = '%s'" % (str(time.time()).split('.')[0], hostname)) # updated DB with last config fetch conn.commit() |