qwphr/ess-moxa-configuration-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restart iptables after proxy configuration

Browse Source
This commit is contained in:
Quentin WEPHRE
2025-10-17 16:52:57 +02:00
parent ebc9eecef8
commit 7dc7d6abd8
2 changed files with 215 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

331
Python/ssh_fabric_batch.py
View File

@@ -440,9 +440,9 @@ def write_remote_config_base64_sudo(c, remote_path, content, sudo_pass, user_own
def main():
"""Main function to parse arguments and orchestrate tasks."""
ip_address_prefix = "10.81.60." # Grandpuits subnet
ip_address_range = list(range(193, 215)) # From 193 to 214
# ip_address_range.append(85) # Add 85 after 74.
ip_address_prefix = "10.81.56." # DK2 subnet
ip_address_range = list(range(129, 145)) # From 129 to 144 (16 CUBEs)
# ip_address_range.append(72) # Add 85 after 74.
hosts = [f"{ip_address_prefix}{suffix}" for suffix in ip_address_range]
ssh_port = 11022
@@ -471,6 +471,7 @@ def main():
continue
with Connection(host=host, user=ssh_user, port=ssh_port, connect_timeout=60, connect_kwargs=connect_args) as c:
try:
print(f"Hostname:", end=" ", flush=True)
result = execute_command(c, "hostname")
@@ -481,171 +482,197 @@ def main():
continue
try:
print(f"Checking Cloud configuration:", end=" ", flush=True)
result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
print(f"", end="\n", flush=True)
print(f"cURL:", end=" ", flush=True)
result = execute_command(c, "curl -m 15 -x https://10.81.35.126:8080 https://iot-ingest-ess-prod.azure-devices.net")
print(f"{result.strip()}", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Cloud configuration check] Exception: {e}")
print(f"[cURL] Exception: {e}")
continue
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
# try:
# print(f"Hostname:", end=" ", flush=True)
# result = execute_command(c, "hostname")
# print(f"{result.strip()}", end="\n", flush=True)
# hostname = str.lower(result)
# except Exception as e:
# print(f"[Hostname] Exception: {e}")
# continue
print(f"Setting proxy configuration:", end="\n", flush=True)
result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True)
result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True)
result = result_proxy_host_port
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
# try:
# print(f"Checking Cloud configuration:", end=" ", flush=True)
# result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Cloud configuration check] Exception: {e}")
# continue
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
if response in ['y']:
print(f"Applying changes:", end=" ", flush=True)
try:
write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644")
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Proxy configuration] Exception: {e}")
continue
print(f"Checking Cloud configuration:", end=" ", flush=True)
try:
result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Proxy verification] Exception: {e}")
continue
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
elif response in ['n']:
print(f"Not applying configuration...")
else:
print(f"Not applying configuration...")
continue
# print(f"Setting proxy configuration:", end="\n", flush=True)
# result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True)
# result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True)
# result_proxy_host_port_compression = set_config_field(result_proxy_host_port, "compression-enabled", "true", True)
# result = result_proxy_host_port
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
print(f"Disabling Cyber Check:", end=" ", flush=True)
try:
execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password)
execute_sudo_command(c, "mount -o remount,rw /", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Disabling Cyber Check] Exception: {e}")
continue
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
# if response in ['y']:
# print(f"Applying changes:", end=" ", flush=True)
# try:
# write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644")
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Proxy configuration] Exception: {e}")
# continue
# print(f"Checking Cloud configuration:", end=" ", flush=True)
# try:
# result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Proxy verification] Exception: {e}")
# continue
print(f"Reading Cyber Check configuration:", end=" ", flush=True)
try:
result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Cyber Check configuration] Exception: {e}")
continue
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
# elif response in ['n']:
# print(f"Not applying configuration...")
# else:
# print(f"Not applying configuration...")
# continue
print(f"Checking cyber_check:", end=" ", flush=True)
try:
status = find_yaml_value(result, "cubeProcess.cyber_check")
if status == False:
print(f"", end="\n", flush=True)
else:
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check value] Exception: {e}")
continue
# print(f"Disabling Cyber Check:", end=" ", flush=True)
# try:
# execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password)
# execute_sudo_command(c, "mount -o remount,rw /", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Disabling Cyber Check] Exception: {e}")
# continue
print(f"Modifying cyber_check:", end=" ", flush=True)
modified_result = ""
try:
modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check modification] Exception: {e}")
continue
# print(f"Reading Cyber Check configuration:", end=" ", flush=True)
# try:
# result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Cyber Check configuration] Exception: {e}")
# continue
print(f"Checking modified cyber_check:", end=" ", flush=True)
try:
status = find_yaml_value(modified_result, "cubeProcess.cyber_check")
if status == False:
print(f"", end="\n", flush=True)
else:
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Modified cyber_check value] Exception: {e}")
continue
# print(f"Checking cyber_check:", end=" ", flush=True)
# try:
# status = find_yaml_value(result, "cubeProcess.cyber_check")
# if status == False:
# print(f"✅", end="\n", flush=True)
# else:
# print(f"❌", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check value] Exception: {e}")
# continue
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
if response in ['y']:
print(f"Applying changes:", end=" ", flush=True)
try:
write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644")
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check configuration] Exception: {e}")
continue
print(f"Checking cyber_check configuration:", end=" ", flush=True)
try:
result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check configuration] Exception: {e}")
continue
try:
status = find_yaml_value(result, "cubeProcess.cyber_check")
if status == False:
print(f"", end="\n", flush=True)
else:
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Modified cyber_check configuration verification] Exception: {e}")
continue
elif response in ['n']:
print(f"Not applying configuration...")
else:
print(f"Not applying configuration...")
continue
# print(f"Modifying cyber_check:", end=" ", flush=True)
# modified_result = ""
# try:
# modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check modification] Exception: {e}")
# continue
# print(f"Checking modified cyber_check:", end=" ", flush=True)
# try:
# status = find_yaml_value(modified_result, "cubeProcess.cyber_check")
# if status == False:
# print(f"✅", end="\n", flush=True)
# else:
# print(f"❌", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Modified cyber_check value] Exception: {e}")
# continue
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
# if response in ['y']:
# print(f"Applying changes:", end=" ", flush=True)
# try:
# write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644")
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check configuration] Exception: {e}")
# continue
# print(f"Checking cyber_check configuration:", end=" ", flush=True)
# try:
# result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check configuration] Exception: {e}")
# continue
# try:
# status = find_yaml_value(result, "cubeProcess.cyber_check")
# if status == False:
# print(f"✅", end="\n", flush=True)
# else:
# print(f"❌", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Modified cyber_check configuration verification] Exception: {e}")
# continue
# elif response in ['n']:
# print(f"Not applying configuration...")
# else:
# print(f"Not applying configuration...")
# continue
print(f"Firewall check:", end="\n", flush=True)
modified_result = ""
try:
result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password)
except Exception as e:
print(f"[Firewall reading] Exception: {e}")
continue
try:
modified_result = ensure_iptables_port_rule(result, 8080, 443)
except Exception as e:
print(f"[Firewall changes] Exception: {e}")
continue
# print(f"Firewall check:", end="\n", flush=True)
# modified_result = ""
# try:
# result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password)
# except Exception as e:
# print(f"[Firewall reading] Exception: {e}")
# continue
# try:
# modified_result = ensure_iptables_port_rule(result, 8080, 443)
# except Exception as e:
# print(f"[Firewall changes] Exception: {e}")
# continue
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
if response in ['y']:
try:
write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600)
except Exception as e:
print(f"[Firewall configuration] Exception: {e}")
continue
elif response in ['n']:
print(f"Not applying configuration...")
else:
print(f"Not applying configuration...")
continue
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
# if response in ['y']:
# try:
# write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600)
# except Exception as e:
# print(f"[Firewall configuration] Exception: {e}")
# continue
# elif response in ['n']:
# print(f"Not applying configuration...")
# else:
# print(f"Not applying configuration...")
# continue
print(f"Restarting Cyber Check:", end=" ", flush=True)
try:
execute_sudo_command(c, "mount -o remount,ro /", ssh_password)
execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Restarting Cyber Check] Exception: {e}")
continue
# print(f"Restarting Cyber Check:", end=" ", flush=True)
# try:
# execute_sudo_command(c, "mount -o remount,ro /", ssh_password)
# execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Restarting Cyber Check] Exception: {e}")
# continue
# try:
# execute_sudo_command(c, "systemctl restart iptables", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Restart iptables] Exception: {e}")
# continue
if __name__ == "__main__":
main()