From 7dc7d6abd89781586c8ef36d719bfb13b6016e50 Mon Sep 17 00:00:00 2001 From: Quentin WEPHRE Date: Fri, 17 Oct 2025 16:52:57 +0200 Subject: [PATCH] Restart iptables after proxy configuration --- Python/ssh_fabric_batch.py | 331 ++++++++++++++++++---------------- Python/ssh_fabric_batch_fw.py | 68 +++---- 2 files changed, 215 insertions(+), 184 deletions(-) diff --git a/Python/ssh_fabric_batch.py b/Python/ssh_fabric_batch.py index f823308..1fc225e 100644 --- a/Python/ssh_fabric_batch.py +++ b/Python/ssh_fabric_batch.py @@ -440,9 +440,9 @@ def write_remote_config_base64_sudo(c, remote_path, content, sudo_pass, user_own def main(): """Main function to parse arguments and orchestrate tasks.""" - ip_address_prefix = "10.81.60." # Grandpuits subnet - ip_address_range = list(range(193, 215)) # From 193 to 214 - # ip_address_range.append(85) # Add 85 after 74. + ip_address_prefix = "10.81.56." # DK2 subnet + ip_address_range = list(range(129, 145)) # From 129 to 144 (16 CUBEs) + # ip_address_range.append(72) # Add 85 after 74. hosts = [f"{ip_address_prefix}{suffix}" for suffix in ip_address_range] ssh_port = 11022 @@ -471,6 +471,7 @@ def main(): continue with Connection(host=host, user=ssh_user, port=ssh_port, connect_timeout=60, connect_kwargs=connect_args) as c: + try: print(f"Hostname:", end=" ", flush=True) result = execute_command(c, "hostname") @@ -481,171 +482,197 @@ def main(): continue try: - print(f"Checking Cloud configuration:", end=" ", flush=True) - result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password) - print(f"✅", end="\n", flush=True) + print(f"cURL:", end=" ", flush=True) + result = execute_command(c, "curl -m 15 -x https://10.81.35.126:8080 https://iot-ingest-ess-prod.azure-devices.net") + print(f"{result.strip()}", end="\n", flush=True) except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Cloud configuration check] Exception: {e}") + print(f"[cURL] Exception: {e}") continue - cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080") + # try: + # print(f"Hostname:", end=" ", flush=True) + # result = execute_command(c, "hostname") + # print(f"{result.strip()}", end="\n", flush=True) + # hostname = str.lower(result) + # except Exception as e: + # print(f"[Hostname] Exception: {e}") + # continue - print(f"Setting proxy configuration:", end="\n", flush=True) - result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True) - result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True) - result = result_proxy_host_port - cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080") + # try: + # print(f"Checking Cloud configuration:", end=" ", flush=True) + # result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Cloud configuration check] Exception: {e}") + # continue - response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower() - if response in ['y']: - print(f"Applying changes:", end=" ", flush=True) - try: - write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644") - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Proxy configuration] Exception: {e}") - continue - print(f"Checking Cloud configuration:", end=" ", flush=True) - try: - result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password) - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Proxy verification] Exception: {e}") - continue + # cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080") - cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080") - elif response in ['n']: - print(f"Not applying configuration...") - else: - print(f"Not applying configuration...") - continue + # print(f"Setting proxy configuration:", end="\n", flush=True) + # result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True) + # result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True) + # result_proxy_host_port_compression = set_config_field(result_proxy_host_port, "compression-enabled", "true", True) + # result = result_proxy_host_port + # cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080") - print(f"Disabling Cyber Check:", end=" ", flush=True) - try: - execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password) - execute_sudo_command(c, "mount -o remount,rw /", ssh_password) - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Disabling Cyber Check] Exception: {e}") - continue + # response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower() + # if response in ['y']: + # print(f"Applying changes:", end=" ", flush=True) + # try: + # write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644") + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Proxy configuration] Exception: {e}") + # continue + # print(f"Checking Cloud configuration:", end=" ", flush=True) + # try: + # result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Proxy verification] Exception: {e}") + # continue - print(f"Reading Cyber Check configuration:", end=" ", flush=True) - try: - result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password) - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Cyber Check configuration] Exception: {e}") - continue + # cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080") + # elif response in ['n']: + # print(f"Not applying configuration...") + # else: + # print(f"Not applying configuration...") + # continue - print(f"Checking cyber_check:", end=" ", flush=True) - try: - status = find_yaml_value(result, "cubeProcess.cyber_check") - if status == False: - print(f"✅", end="\n", flush=True) - else: - print(f"❌", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[cyber_check value] Exception: {e}") - continue + # print(f"Disabling Cyber Check:", end=" ", flush=True) + # try: + # execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password) + # execute_sudo_command(c, "mount -o remount,rw /", ssh_password) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Disabling Cyber Check] Exception: {e}") + # continue - print(f"Modifying cyber_check:", end=" ", flush=True) - modified_result = "" - try: - modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False) - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[cyber_check modification] Exception: {e}") - continue + # print(f"Reading Cyber Check configuration:", end=" ", flush=True) + # try: + # result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Cyber Check configuration] Exception: {e}") + # continue - print(f"Checking modified cyber_check:", end=" ", flush=True) - try: - status = find_yaml_value(modified_result, "cubeProcess.cyber_check") - if status == False: - print(f"✅", end="\n", flush=True) - else: - print(f"❌", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Modified cyber_check value] Exception: {e}") - continue + # print(f"Checking cyber_check:", end=" ", flush=True) + # try: + # status = find_yaml_value(result, "cubeProcess.cyber_check") + # if status == False: + # print(f"✅", end="\n", flush=True) + # else: + # print(f"❌", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[cyber_check value] Exception: {e}") + # continue - response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower() - if response in ['y']: - print(f"Applying changes:", end=" ", flush=True) - try: - write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644") - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[cyber_check configuration] Exception: {e}") - continue - print(f"Checking cyber_check configuration:", end=" ", flush=True) - try: - result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password) - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[cyber_check configuration] Exception: {e}") - continue - try: - status = find_yaml_value(result, "cubeProcess.cyber_check") - if status == False: - print(f"✅", end="\n", flush=True) - else: - print(f"❌", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Modified cyber_check configuration verification] Exception: {e}") - continue - elif response in ['n']: - print(f"Not applying configuration...") - else: - print(f"Not applying configuration...") - continue + # print(f"Modifying cyber_check:", end=" ", flush=True) + # modified_result = "" + # try: + # modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[cyber_check modification] Exception: {e}") + # continue + + # print(f"Checking modified cyber_check:", end=" ", flush=True) + # try: + # status = find_yaml_value(modified_result, "cubeProcess.cyber_check") + # if status == False: + # print(f"✅", end="\n", flush=True) + # else: + # print(f"❌", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Modified cyber_check value] Exception: {e}") + # continue + + # response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower() + # if response in ['y']: + # print(f"Applying changes:", end=" ", flush=True) + # try: + # write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644") + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[cyber_check configuration] Exception: {e}") + # continue + # print(f"Checking cyber_check configuration:", end=" ", flush=True) + # try: + # result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[cyber_check configuration] Exception: {e}") + # continue + # try: + # status = find_yaml_value(result, "cubeProcess.cyber_check") + # if status == False: + # print(f"✅", end="\n", flush=True) + # else: + # print(f"❌", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Modified cyber_check configuration verification] Exception: {e}") + # continue + # elif response in ['n']: + # print(f"Not applying configuration...") + # else: + # print(f"Not applying configuration...") + # continue - print(f"Firewall check:", end="\n", flush=True) - modified_result = "" - try: - result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password) - except Exception as e: - print(f"[Firewall reading] Exception: {e}") - continue - try: - modified_result = ensure_iptables_port_rule(result, 8080, 443) - except Exception as e: - print(f"[Firewall changes] Exception: {e}") - continue + # print(f"Firewall check:", end="\n", flush=True) + # modified_result = "" + # try: + # result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password) + # except Exception as e: + # print(f"[Firewall reading] Exception: {e}") + # continue + # try: + # modified_result = ensure_iptables_port_rule(result, 8080, 443) + # except Exception as e: + # print(f"[Firewall changes] Exception: {e}") + # continue - response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower() - if response in ['y']: - try: - write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600) - except Exception as e: - print(f"[Firewall configuration] Exception: {e}") - continue - elif response in ['n']: - print(f"Not applying configuration...") - else: - print(f"Not applying configuration...") - continue + # response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower() + # if response in ['y']: + # try: + # write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600) + # except Exception as e: + # print(f"[Firewall configuration] Exception: {e}") + # continue + # elif response in ['n']: + # print(f"Not applying configuration...") + # else: + # print(f"Not applying configuration...") + # continue - print(f"Restarting Cyber Check:", end=" ", flush=True) - try: - execute_sudo_command(c, "mount -o remount,ro /", ssh_password) - execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password) - print(f"✅", end="\n", flush=True) - except Exception as e: - print(f"❌", end="\n", flush=True) - print(f"[Restarting Cyber Check] Exception: {e}") - continue + # print(f"Restarting Cyber Check:", end=" ", flush=True) + # try: + # execute_sudo_command(c, "mount -o remount,ro /", ssh_password) + # execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Restarting Cyber Check] Exception: {e}") + # continue + + # try: + # execute_sudo_command(c, "systemctl restart iptables", ssh_password) + # print(f"✅", end="\n", flush=True) + # except Exception as e: + # print(f"❌", end="\n", flush=True) + # print(f"[Restart iptables] Exception: {e}") + # continue if __name__ == "__main__": main() \ No newline at end of file diff --git a/Python/ssh_fabric_batch_fw.py b/Python/ssh_fabric_batch_fw.py index 0d26d85..eeb7b89 100644 --- a/Python/ssh_fabric_batch_fw.py +++ b/Python/ssh_fabric_batch_fw.py @@ -39,46 +39,46 @@ def configure_moxa_firewall_pexpect(router_ip): print(f"\n>>> SUCCESSFULLY CONNECTED! Base prompt is: '{base_prompt}'") # --- Check for existing rules --- - # print("\n--- Checking for existing rules...") - # child.sendline("terminal length 0") - # child.expect(base_prompt) - # child.sendline("show running-config") - # child.expect(base_prompt) - # running_config = child.before + print("\n--- Checking for existing rules...") + child.sendline("terminal length 0") + child.expect(base_prompt) + child.sendline("show running-config") + child.expect(base_prompt) + running_config = child.before - # if "name proxy_retour" in running_config and "name proxy_aller" in running_config: - # print("--- Firewall rules already exist. No action needed.") - # child.sendline("exit") - # child.close() - # return + if "name proxy_retour" in running_config and "name proxy_aller" in running_config: + print("--- Firewall rules already exist. No action needed.") + child.sendline("exit") + child.close() + return - # print("--- Rules not found. Proceeding with configuration.") + print("--- Rules not found. Proceeding with configuration.") # --- Enter Configuration Mode --- - # print("\n>>> Entering configuration mode...") - # child.sendline("configure") - # config_prompt_re = r"\(config\)#\s*$" - # child.expect(config_prompt_re) + print("\n>>> Entering configuration mode...") + child.sendline("configure") + config_prompt_re = r"\(config\)#\s*$" + child.expect(config_prompt_re) # --- Apply Rule 1 --- - # print("\n>>> Applying Rule 1: proxy_retour") - # for cmd in FIREWALL_RULE_1_CMDS: - # child.sendline(cmd) - # child.expect([r"\(config-firewall\)#\s*$", config_prompt_re]) - # time.sleep(0.2) + print("\n>>> Applying Rule 1: proxy_retour") + for cmd in FIREWALL_RULE_1_CMDS: + child.sendline(cmd) + child.expect([r"\(config-firewall\)#\s*$", config_prompt_re]) + time.sleep(0.2) # --- Apply Rule 2 --- - # print("\n>>> Applying Rule 2: proxy_aller") - # for cmd in FIREWALL_RULE_2_CMDS: - # child.sendline(cmd) - # child.expect([r"\(config-firewall\)#\s*$", config_prompt_re]) - # time.sleep(0.2) + print("\n>>> Applying Rule 2: proxy_aller") + for cmd in FIREWALL_RULE_2_CMDS: + child.sendline(cmd) + child.expect([r"\(config-firewall\)#\s*$", config_prompt_re]) + time.sleep(0.2) # --- THE CORRECTED SAVE LOGIC --- # 1. Exit from configuration mode to return to the base prompt - # print("\n>>> Exiting configuration mode to save...") - # child.sendline("exit") - # child.expect(base_prompt) + print("\n>>> Exiting configuration mode to save...") + child.sendline("exit") + child.expect(base_prompt) # 2. Now, from the base prompt, issue the save command print("\n>>> Saving configuration...") @@ -99,8 +99,12 @@ def configure_moxa_firewall_pexpect(router_ip): print(f"\n!!! An unexpected error occurred: {e}") if __name__ == "__main__": - ip_prefix = "10.81.60." - ip_suffixes = list(range(194, 215)) + ip_prefix = "10.81.35." + ip_suffixes = list(range(74, 75)) + ip_suffixes.append(85) for suffix in ip_suffixes: router_ip = ip_prefix + str(suffix) - configure_moxa_firewall_pexpect(router_ip) \ No newline at end of file + print(f"Configuration of firewall {router_ip}...") + configure_moxa_firewall_pexpect(router_ip) + print(f"Done!") + answer = input(f"Continue?") \ No newline at end of file