Restart iptables after proxy configuration
This commit is contained in:
Quentin WEPHRE
@@ -440,9 +440,9 @@ def write_remote_config_base64_sudo(c, remote_path, content, sudo_pass, user_own
|
||||
|
||||
def main():
|
||||
"""Main function to parse arguments and orchestrate tasks."""
|
||||
ip_address_prefix = "10.81.60." # Grandpuits subnet
|
||||
ip_address_range = list(range(193, 215)) # From 193 to 214
|
||||
# ip_address_range.append(85) # Add 85 after 74.
|
||||
ip_address_prefix = "10.81.56." # DK2 subnet
|
||||
ip_address_range = list(range(129, 145)) # From 129 to 144 (16 CUBEs)
|
||||
# ip_address_range.append(72) # Add 85 after 74.
|
||||
hosts = [f"{ip_address_prefix}{suffix}" for suffix in ip_address_range]
|
||||
|
||||
ssh_port = 11022
|
||||
@@ -471,6 +471,7 @@ def main():
|
||||
continue
|
||||
|
||||
with Connection(host=host, user=ssh_user, port=ssh_port, connect_timeout=60, connect_kwargs=connect_args) as c:
|
||||
|
||||
try:
|
||||
print(f"Hostname:", end=" ", flush=True)
|
||||
result = execute_command(c, "hostname")
|
||||
@@ -481,171 +482,197 @@ def main():
|
||||
continue
|
||||
|
||||
try:
|
||||
print(f"Checking Cloud configuration:", end=" ", flush=True)
|
||||
result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
|
||||
print(f"✅", end="\n", flush=True)
|
||||
print(f"cURL:", end=" ", flush=True)
|
||||
result = execute_command(c, "curl -m 15 -x https://10.81.35.126:8080 https://iot-ingest-ess-prod.azure-devices.net")
|
||||
print(f"{result.strip()}", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Cloud configuration check] Exception: {e}")
|
||||
print(f"[cURL] Exception: {e}")
|
||||
continue
|
||||
|
||||
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
|
||||
# try:
|
||||
# print(f"Hostname:", end=" ", flush=True)
|
||||
# result = execute_command(c, "hostname")
|
||||
# print(f"{result.strip()}", end="\n", flush=True)
|
||||
# hostname = str.lower(result)
|
||||
# except Exception as e:
|
||||
# print(f"[Hostname] Exception: {e}")
|
||||
# continue
|
||||
|
||||
print(f"Setting proxy configuration:", end="\n", flush=True)
|
||||
result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True)
|
||||
result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True)
|
||||
result = result_proxy_host_port
|
||||
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
|
||||
# try:
|
||||
# print(f"Checking Cloud configuration:", end=" ", flush=True)
|
||||
# result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Cloud configuration check] Exception: {e}")
|
||||
# continue
|
||||
|
||||
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
|
||||
if response in ['y']:
|
||||
print(f"Applying changes:", end=" ", flush=True)
|
||||
try:
|
||||
write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644")
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Proxy configuration] Exception: {e}")
|
||||
continue
|
||||
print(f"Checking Cloud configuration:", end=" ", flush=True)
|
||||
try:
|
||||
result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Proxy verification] Exception: {e}")
|
||||
continue
|
||||
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
|
||||
|
||||
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
|
||||
elif response in ['n']:
|
||||
print(f"Not applying configuration...")
|
||||
else:
|
||||
print(f"Not applying configuration...")
|
||||
continue
|
||||
# print(f"Setting proxy configuration:", end="\n", flush=True)
|
||||
# result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True)
|
||||
# result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True)
|
||||
# result_proxy_host_port_compression = set_config_field(result_proxy_host_port, "compression-enabled", "true", True)
|
||||
# result = result_proxy_host_port
|
||||
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
|
||||
|
||||
print(f"Disabling Cyber Check:", end=" ", flush=True)
|
||||
try:
|
||||
execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password)
|
||||
execute_sudo_command(c, "mount -o remount,rw /", ssh_password)
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Disabling Cyber Check] Exception: {e}")
|
||||
continue
|
||||
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
|
||||
# if response in ['y']:
|
||||
# print(f"Applying changes:", end=" ", flush=True)
|
||||
# try:
|
||||
# write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644")
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Proxy configuration] Exception: {e}")
|
||||
# continue
|
||||
# print(f"Checking Cloud configuration:", end=" ", flush=True)
|
||||
# try:
|
||||
# result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Proxy verification] Exception: {e}")
|
||||
# continue
|
||||
|
||||
print(f"Reading Cyber Check configuration:", end=" ", flush=True)
|
||||
try:
|
||||
result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Cyber Check configuration] Exception: {e}")
|
||||
continue
|
||||
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
|
||||
# elif response in ['n']:
|
||||
# print(f"Not applying configuration...")
|
||||
# else:
|
||||
# print(f"Not applying configuration...")
|
||||
# continue
|
||||
|
||||
print(f"Checking cyber_check:", end=" ", flush=True)
|
||||
try:
|
||||
status = find_yaml_value(result, "cubeProcess.cyber_check")
|
||||
if status == False:
|
||||
print(f"✅", end="\n", flush=True)
|
||||
else:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[cyber_check value] Exception: {e}")
|
||||
continue
|
||||
# print(f"Disabling Cyber Check:", end=" ", flush=True)
|
||||
# try:
|
||||
# execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password)
|
||||
# execute_sudo_command(c, "mount -o remount,rw /", ssh_password)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Disabling Cyber Check] Exception: {e}")
|
||||
# continue
|
||||
|
||||
print(f"Modifying cyber_check:", end=" ", flush=True)
|
||||
modified_result = ""
|
||||
try:
|
||||
modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False)
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[cyber_check modification] Exception: {e}")
|
||||
continue
|
||||
# print(f"Reading Cyber Check configuration:", end=" ", flush=True)
|
||||
# try:
|
||||
# result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Cyber Check configuration] Exception: {e}")
|
||||
# continue
|
||||
|
||||
print(f"Checking modified cyber_check:", end=" ", flush=True)
|
||||
try:
|
||||
status = find_yaml_value(modified_result, "cubeProcess.cyber_check")
|
||||
if status == False:
|
||||
print(f"✅", end="\n", flush=True)
|
||||
else:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Modified cyber_check value] Exception: {e}")
|
||||
continue
|
||||
# print(f"Checking cyber_check:", end=" ", flush=True)
|
||||
# try:
|
||||
# status = find_yaml_value(result, "cubeProcess.cyber_check")
|
||||
# if status == False:
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# else:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[cyber_check value] Exception: {e}")
|
||||
# continue
|
||||
|
||||
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
|
||||
if response in ['y']:
|
||||
print(f"Applying changes:", end=" ", flush=True)
|
||||
try:
|
||||
write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644")
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[cyber_check configuration] Exception: {e}")
|
||||
continue
|
||||
print(f"Checking cyber_check configuration:", end=" ", flush=True)
|
||||
try:
|
||||
result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[cyber_check configuration] Exception: {e}")
|
||||
continue
|
||||
try:
|
||||
status = find_yaml_value(result, "cubeProcess.cyber_check")
|
||||
if status == False:
|
||||
print(f"✅", end="\n", flush=True)
|
||||
else:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Modified cyber_check configuration verification] Exception: {e}")
|
||||
continue
|
||||
elif response in ['n']:
|
||||
print(f"Not applying configuration...")
|
||||
else:
|
||||
print(f"Not applying configuration...")
|
||||
continue
|
||||
# print(f"Modifying cyber_check:", end=" ", flush=True)
|
||||
# modified_result = ""
|
||||
# try:
|
||||
# modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[cyber_check modification] Exception: {e}")
|
||||
# continue
|
||||
|
||||
# print(f"Checking modified cyber_check:", end=" ", flush=True)
|
||||
# try:
|
||||
# status = find_yaml_value(modified_result, "cubeProcess.cyber_check")
|
||||
# if status == False:
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# else:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Modified cyber_check value] Exception: {e}")
|
||||
# continue
|
||||
|
||||
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
|
||||
# if response in ['y']:
|
||||
# print(f"Applying changes:", end=" ", flush=True)
|
||||
# try:
|
||||
# write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644")
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[cyber_check configuration] Exception: {e}")
|
||||
# continue
|
||||
# print(f"Checking cyber_check configuration:", end=" ", flush=True)
|
||||
# try:
|
||||
# result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[cyber_check configuration] Exception: {e}")
|
||||
# continue
|
||||
# try:
|
||||
# status = find_yaml_value(result, "cubeProcess.cyber_check")
|
||||
# if status == False:
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# else:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Modified cyber_check configuration verification] Exception: {e}")
|
||||
# continue
|
||||
# elif response in ['n']:
|
||||
# print(f"Not applying configuration...")
|
||||
# else:
|
||||
# print(f"Not applying configuration...")
|
||||
# continue
|
||||
|
||||
|
||||
print(f"Firewall check:", end="\n", flush=True)
|
||||
modified_result = ""
|
||||
try:
|
||||
result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password)
|
||||
except Exception as e:
|
||||
print(f"[Firewall reading] Exception: {e}")
|
||||
continue
|
||||
try:
|
||||
modified_result = ensure_iptables_port_rule(result, 8080, 443)
|
||||
except Exception as e:
|
||||
print(f"[Firewall changes] Exception: {e}")
|
||||
continue
|
||||
# print(f"Firewall check:", end="\n", flush=True)
|
||||
# modified_result = ""
|
||||
# try:
|
||||
# result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password)
|
||||
# except Exception as e:
|
||||
# print(f"[Firewall reading] Exception: {e}")
|
||||
# continue
|
||||
# try:
|
||||
# modified_result = ensure_iptables_port_rule(result, 8080, 443)
|
||||
# except Exception as e:
|
||||
# print(f"[Firewall changes] Exception: {e}")
|
||||
# continue
|
||||
|
||||
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
|
||||
if response in ['y']:
|
||||
try:
|
||||
write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600)
|
||||
except Exception as e:
|
||||
print(f"[Firewall configuration] Exception: {e}")
|
||||
continue
|
||||
elif response in ['n']:
|
||||
print(f"Not applying configuration...")
|
||||
else:
|
||||
print(f"Not applying configuration...")
|
||||
continue
|
||||
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
|
||||
# if response in ['y']:
|
||||
# try:
|
||||
# write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600)
|
||||
# except Exception as e:
|
||||
# print(f"[Firewall configuration] Exception: {e}")
|
||||
# continue
|
||||
# elif response in ['n']:
|
||||
# print(f"Not applying configuration...")
|
||||
# else:
|
||||
# print(f"Not applying configuration...")
|
||||
# continue
|
||||
|
||||
print(f"Restarting Cyber Check:", end=" ", flush=True)
|
||||
try:
|
||||
execute_sudo_command(c, "mount -o remount,ro /", ssh_password)
|
||||
execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password)
|
||||
print(f"✅", end="\n", flush=True)
|
||||
except Exception as e:
|
||||
print(f"❌", end="\n", flush=True)
|
||||
print(f"[Restarting Cyber Check] Exception: {e}")
|
||||
continue
|
||||
# print(f"Restarting Cyber Check:", end=" ", flush=True)
|
||||
# try:
|
||||
# execute_sudo_command(c, "mount -o remount,ro /", ssh_password)
|
||||
# execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Restarting Cyber Check] Exception: {e}")
|
||||
# continue
|
||||
|
||||
# try:
|
||||
# execute_sudo_command(c, "systemctl restart iptables", ssh_password)
|
||||
# print(f"✅", end="\n", flush=True)
|
||||
# except Exception as e:
|
||||
# print(f"❌", end="\n", flush=True)
|
||||
# print(f"[Restart iptables] Exception: {e}")
|
||||
# continue
|
||||
|
||||
if __name__ == "__main__":
|
||||
main()
|
||||
@@ -39,46 +39,46 @@ def configure_moxa_firewall_pexpect(router_ip):
|
||||
print(f"\n>>> SUCCESSFULLY CONNECTED! Base prompt is: '{base_prompt}'")
|
||||
|
||||
# --- Check for existing rules ---
|
||||
# print("\n--- Checking for existing rules...")
|
||||
# child.sendline("terminal length 0")
|
||||
# child.expect(base_prompt)
|
||||
# child.sendline("show running-config")
|
||||
# child.expect(base_prompt)
|
||||
# running_config = child.before
|
||||
print("\n--- Checking for existing rules...")
|
||||
child.sendline("terminal length 0")
|
||||
child.expect(base_prompt)
|
||||
child.sendline("show running-config")
|
||||
child.expect(base_prompt)
|
||||
running_config = child.before
|
||||
|
||||
# if "name proxy_retour" in running_config and "name proxy_aller" in running_config:
|
||||
# print("--- Firewall rules already exist. No action needed.")
|
||||
# child.sendline("exit")
|
||||
# child.close()
|
||||
# return
|
||||
if "name proxy_retour" in running_config and "name proxy_aller" in running_config:
|
||||
print("--- Firewall rules already exist. No action needed.")
|
||||
child.sendline("exit")
|
||||
child.close()
|
||||
return
|
||||
|
||||
# print("--- Rules not found. Proceeding with configuration.")
|
||||
print("--- Rules not found. Proceeding with configuration.")
|
||||
|
||||
# --- Enter Configuration Mode ---
|
||||
# print("\n>>> Entering configuration mode...")
|
||||
# child.sendline("configure")
|
||||
# config_prompt_re = r"\(config\)#\s*$"
|
||||
# child.expect(config_prompt_re)
|
||||
print("\n>>> Entering configuration mode...")
|
||||
child.sendline("configure")
|
||||
config_prompt_re = r"\(config\)#\s*$"
|
||||
child.expect(config_prompt_re)
|
||||
|
||||
# --- Apply Rule 1 ---
|
||||
# print("\n>>> Applying Rule 1: proxy_retour")
|
||||
# for cmd in FIREWALL_RULE_1_CMDS:
|
||||
# child.sendline(cmd)
|
||||
# child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
|
||||
# time.sleep(0.2)
|
||||
print("\n>>> Applying Rule 1: proxy_retour")
|
||||
for cmd in FIREWALL_RULE_1_CMDS:
|
||||
child.sendline(cmd)
|
||||
child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
|
||||
time.sleep(0.2)
|
||||
|
||||
# --- Apply Rule 2 ---
|
||||
# print("\n>>> Applying Rule 2: proxy_aller")
|
||||
# for cmd in FIREWALL_RULE_2_CMDS:
|
||||
# child.sendline(cmd)
|
||||
# child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
|
||||
# time.sleep(0.2)
|
||||
print("\n>>> Applying Rule 2: proxy_aller")
|
||||
for cmd in FIREWALL_RULE_2_CMDS:
|
||||
child.sendline(cmd)
|
||||
child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
|
||||
time.sleep(0.2)
|
||||
|
||||
# --- THE CORRECTED SAVE LOGIC ---
|
||||
# 1. Exit from configuration mode to return to the base prompt
|
||||
# print("\n>>> Exiting configuration mode to save...")
|
||||
# child.sendline("exit")
|
||||
# child.expect(base_prompt)
|
||||
print("\n>>> Exiting configuration mode to save...")
|
||||
child.sendline("exit")
|
||||
child.expect(base_prompt)
|
||||
|
||||
# 2. Now, from the base prompt, issue the save command
|
||||
print("\n>>> Saving configuration...")
|
||||
@@ -99,8 +99,12 @@ def configure_moxa_firewall_pexpect(router_ip):
|
||||
print(f"\n!!! An unexpected error occurred: {e}")
|
||||
|
||||
if __name__ == "__main__":
|
||||
ip_prefix = "10.81.60."
|
||||
ip_suffixes = list(range(194, 215))
|
||||
ip_prefix = "10.81.35."
|
||||
ip_suffixes = list(range(74, 75))
|
||||
ip_suffixes.append(85)
|
||||
for suffix in ip_suffixes:
|
||||
router_ip = ip_prefix + str(suffix)
|
||||
configure_moxa_firewall_pexpect(router_ip)
|
||||
print(f"Configuration of firewall {router_ip}...")
|
||||
configure_moxa_firewall_pexpect(router_ip)
|
||||
print(f"Done!")
|
||||
answer = input(f"Continue?")
|
||||
Reference in New Issue
Block a user