qwphr/ess-moxa-configuration-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restart iptables after proxy configuration

Browse Source
This commit is contained in:
Quentin WEPHRE
2025-10-17 16:52:57 +02:00
parent ebc9eecef8
commit 7dc7d6abd8
2 changed files with 215 additions and 184 deletions
Download Patch File Download Diff File Expand all files Collapse all files

331
Python/ssh_fabric_batch.py
View File

@@ -440,9 +440,9 @@ def write_remote_config_base64_sudo(c, remote_path, content, sudo_pass, user_own
def main():
"""Main function to parse arguments and orchestrate tasks."""
ip_address_prefix = "10.81.60." # Grandpuits subnet
ip_address_range = list(range(193, 215)) # From 193 to 214
# ip_address_range.append(85) # Add 85 after 74.
ip_address_prefix = "10.81.56." # DK2 subnet
ip_address_range = list(range(129, 145)) # From 129 to 144 (16 CUBEs)
# ip_address_range.append(72) # Add 85 after 74.
hosts = [f"{ip_address_prefix}{suffix}" for suffix in ip_address_range]
ssh_port = 11022
@@ -471,6 +471,7 @@ def main():
continue
with Connection(host=host, user=ssh_user, port=ssh_port, connect_timeout=60, connect_kwargs=connect_args) as c:
try:
print(f"Hostname:", end=" ", flush=True)
result = execute_command(c, "hostname")
@@ -481,171 +482,197 @@ def main():
continue
try:
print(f"Checking Cloud configuration:", end=" ", flush=True)
result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
print(f"", end="\n", flush=True)
print(f"cURL:", end=" ", flush=True)
result = execute_command(c, "curl -m 15 -x https://10.81.35.126:8080 https://iot-ingest-ess-prod.azure-devices.net")
print(f"{result.strip()}", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Cloud configuration check] Exception: {e}")
print(f"[cURL] Exception: {e}")
continue
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
# try:
# print(f"Hostname:", end=" ", flush=True)
# result = execute_command(c, "hostname")
# print(f"{result.strip()}", end="\n", flush=True)
# hostname = str.lower(result)
# except Exception as e:
# print(f"[Hostname] Exception: {e}")
# continue
print(f"Setting proxy configuration:", end="\n", flush=True)
result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True)
result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True)
result = result_proxy_host_port
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
# try:
# print(f"Checking Cloud configuration:", end=" ", flush=True)
# result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Cloud configuration check] Exception: {e}")
# continue
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
if response in ['y']:
print(f"Applying changes:", end=" ", flush=True)
try:
write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644")
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Proxy configuration] Exception: {e}")
continue
print(f"Checking Cloud configuration:", end=" ", flush=True)
try:
result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Proxy verification] Exception: {e}")
continue
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
elif response in ['n']:
print(f"Not applying configuration...")
else:
print(f"Not applying configuration...")
continue
# print(f"Setting proxy configuration:", end="\n", flush=True)
# result_proxy_host = set_config_field(result, "proxy-host", "10.81.35.126", True)
# result_proxy_host_port = set_config_field(result_proxy_host, "proxy-port", "8080", True)
# result_proxy_host_port_compression = set_config_field(result_proxy_host_port, "compression-enabled", "true", True)
# result = result_proxy_host_port
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
print(f"Disabling Cyber Check:", end=" ", flush=True)
try:
execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password)
execute_sudo_command(c, "mount -o remount,rw /", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Disabling Cyber Check] Exception: {e}")
continue
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
# if response in ['y']:
# print(f"Applying changes:", end=" ", flush=True)
# try:
# write_remote_config_sudo(c, "/etc/cube/config-azure.properties", result, ssh_password, "cube", "root", "644")
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Proxy configuration] Exception: {e}")
# continue
# print(f"Checking Cloud configuration:", end=" ", flush=True)
# try:
# result = read_remote_config_sudo(c, "/etc/cube/config-azure.properties", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Proxy verification] Exception: {e}")
# continue
print(f"Reading Cyber Check configuration:", end=" ", flush=True)
try:
result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Cyber Check configuration] Exception: {e}")
continue
# cloud_configuration_check(hostname, result, "iot-ingest-ess-prod.azure-devices.net", "10.81.35.126", "8080")
# elif response in ['n']:
# print(f"Not applying configuration...")
# else:
# print(f"Not applying configuration...")
# continue
print(f"Checking cyber_check:", end=" ", flush=True)
try:
status = find_yaml_value(result, "cubeProcess.cyber_check")
if status == False:
print(f"", end="\n", flush=True)
else:
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check value] Exception: {e}")
continue
# print(f"Disabling Cyber Check:", end=" ", flush=True)
# try:
# execute_sudo_command(c, "systemctl stop cube-monit.service", ssh_password)
# execute_sudo_command(c, "mount -o remount,rw /", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Disabling Cyber Check] Exception: {e}")
# continue
print(f"Modifying cyber_check:", end=" ", flush=True)
modified_result = ""
try:
modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check modification] Exception: {e}")
continue
# print(f"Reading Cyber Check configuration:", end=" ", flush=True)
# try:
# result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Cyber Check configuration] Exception: {e}")
# continue
print(f"Checking modified cyber_check:", end=" ", flush=True)
try:
status = find_yaml_value(modified_result, "cubeProcess.cyber_check")
if status == False:
print(f"", end="\n", flush=True)
else:
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Modified cyber_check value] Exception: {e}")
continue
# print(f"Checking cyber_check:", end=" ", flush=True)
# try:
# status = find_yaml_value(result, "cubeProcess.cyber_check")
# if status == False:
# print(f"✅", end="\n", flush=True)
# else:
# print(f"❌", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check value] Exception: {e}")
# continue
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
if response in ['y']:
print(f"Applying changes:", end=" ", flush=True)
try:
write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644")
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check configuration] Exception: {e}")
continue
print(f"Checking cyber_check configuration:", end=" ", flush=True)
try:
result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[cyber_check configuration] Exception: {e}")
continue
try:
status = find_yaml_value(result, "cubeProcess.cyber_check")
if status == False:
print(f"", end="\n", flush=True)
else:
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Modified cyber_check configuration verification] Exception: {e}")
continue
elif response in ['n']:
print(f"Not applying configuration...")
else:
print(f"Not applying configuration...")
continue
# print(f"Modifying cyber_check:", end=" ", flush=True)
# modified_result = ""
# try:
# modified_result = set_yaml_value(result, "cubeProcess.cyber_check", False)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check modification] Exception: {e}")
# continue
# print(f"Checking modified cyber_check:", end=" ", flush=True)
# try:
# status = find_yaml_value(modified_result, "cubeProcess.cyber_check")
# if status == False:
# print(f"✅", end="\n", flush=True)
# else:
# print(f"❌", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Modified cyber_check value] Exception: {e}")
# continue
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
# if response in ['y']:
# print(f"Applying changes:", end=" ", flush=True)
# try:
# write_remote_config_base64_sudo(c, "/etc/cube-default/configfile_monit.yaml", modified_result, ssh_password, "root", "root", "644")
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check configuration] Exception: {e}")
# continue
# print(f"Checking cyber_check configuration:", end=" ", flush=True)
# try:
# result = read_remote_config_sudo(c, "/etc/cube-default/configfile_monit.yaml", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[cyber_check configuration] Exception: {e}")
# continue
# try:
# status = find_yaml_value(result, "cubeProcess.cyber_check")
# if status == False:
# print(f"✅", end="\n", flush=True)
# else:
# print(f"❌", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Modified cyber_check configuration verification] Exception: {e}")
# continue
# elif response in ['n']:
# print(f"Not applying configuration...")
# else:
# print(f"Not applying configuration...")
# continue
print(f"Firewall check:", end="\n", flush=True)
modified_result = ""
try:
result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password)
except Exception as e:
print(f"[Firewall reading] Exception: {e}")
continue
try:
modified_result = ensure_iptables_port_rule(result, 8080, 443)
except Exception as e:
print(f"[Firewall changes] Exception: {e}")
continue
# print(f"Firewall check:", end="\n", flush=True)
# modified_result = ""
# try:
# result = read_remote_config_sudo(c, "/etc/iptables/iptables-cube.rules", ssh_password)
# except Exception as e:
# print(f"[Firewall reading] Exception: {e}")
# continue
# try:
# modified_result = ensure_iptables_port_rule(result, 8080, 443)
# except Exception as e:
# print(f"[Firewall changes] Exception: {e}")
# continue
response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
if response in ['y']:
try:
write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600)
except Exception as e:
print(f"[Firewall configuration] Exception: {e}")
continue
elif response in ['n']:
print(f"Not applying configuration...")
else:
print(f"Not applying configuration...")
continue
# response = input(f"Apply the change on {hostname.strip()}? (y)es or (n)o, anything else to cancel - ").lower()
# if response in ['y']:
# try:
# write_remote_config_base64_sudo(c, "/etc/iptables/iptables-cube.rules", modified_result, ssh_password, "root", "root", 600)
# except Exception as e:
# print(f"[Firewall configuration] Exception: {e}")
# continue
# elif response in ['n']:
# print(f"Not applying configuration...")
# else:
# print(f"Not applying configuration...")
# continue
print(f"Restarting Cyber Check:", end=" ", flush=True)
try:
execute_sudo_command(c, "mount -o remount,ro /", ssh_password)
execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password)
print(f"", end="\n", flush=True)
except Exception as e:
print(f"", end="\n", flush=True)
print(f"[Restarting Cyber Check] Exception: {e}")
continue
# print(f"Restarting Cyber Check:", end=" ", flush=True)
# try:
# execute_sudo_command(c, "mount -o remount,ro /", ssh_password)
# execute_sudo_command(c, "systemctl start cube-monit.service", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Restarting Cyber Check] Exception: {e}")
# continue
# try:
# execute_sudo_command(c, "systemctl restart iptables", ssh_password)
# print(f"✅", end="\n", flush=True)
# except Exception as e:
# print(f"❌", end="\n", flush=True)
# print(f"[Restart iptables] Exception: {e}")
# continue
if __name__ == "__main__":
main()

66
Python/ssh_fabric_batch_fw.py
View File

@@ -39,46 +39,46 @@ def configure_moxa_firewall_pexpect(router_ip):
print(f"\n>>> SUCCESSFULLY CONNECTED! Base prompt is: '{base_prompt}'")
# --- Check for existing rules ---
# print("\n--- Checking for existing rules...")
# child.sendline("terminal length 0")
# child.expect(base_prompt)
# child.sendline("show running-config")
# child.expect(base_prompt)
# running_config = child.before
print("\n--- Checking for existing rules...")
child.sendline("terminal length 0")
child.expect(base_prompt)
child.sendline("show running-config")
child.expect(base_prompt)
running_config = child.before
# if "name proxy_retour" in running_config and "name proxy_aller" in running_config:
# print("--- Firewall rules already exist. No action needed.")
# child.sendline("exit")
# child.close()
# return
if "name proxy_retour" in running_config and "name proxy_aller" in running_config:
print("--- Firewall rules already exist. No action needed.")
child.sendline("exit")
child.close()
return
# print("--- Rules not found. Proceeding with configuration.")
print("--- Rules not found. Proceeding with configuration.")
# --- Enter Configuration Mode ---
# print("\n>>> Entering configuration mode...")
# child.sendline("configure")
# config_prompt_re = r"\(config\)#\s*$"
# child.expect(config_prompt_re)
print("\n>>> Entering configuration mode...")
child.sendline("configure")
config_prompt_re = r"\(config\)#\s*$"
child.expect(config_prompt_re)
# --- Apply Rule 1 ---
# print("\n>>> Applying Rule 1: proxy_retour")
# for cmd in FIREWALL_RULE_1_CMDS:
# child.sendline(cmd)
# child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
# time.sleep(0.2)
print("\n>>> Applying Rule 1: proxy_retour")
for cmd in FIREWALL_RULE_1_CMDS:
child.sendline(cmd)
child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
time.sleep(0.2)
# --- Apply Rule 2 ---
# print("\n>>> Applying Rule 2: proxy_aller")
# for cmd in FIREWALL_RULE_2_CMDS:
# child.sendline(cmd)
# child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
# time.sleep(0.2)
print("\n>>> Applying Rule 2: proxy_aller")
for cmd in FIREWALL_RULE_2_CMDS:
child.sendline(cmd)
child.expect([r"\(config-firewall\)#\s*$", config_prompt_re])
time.sleep(0.2)
# --- THE CORRECTED SAVE LOGIC ---
# 1. Exit from configuration mode to return to the base prompt
# print("\n>>> Exiting configuration mode to save...")
# child.sendline("exit")
# child.expect(base_prompt)
print("\n>>> Exiting configuration mode to save...")
child.sendline("exit")
child.expect(base_prompt)
# 2. Now, from the base prompt, issue the save command
print("\n>>> Saving configuration...")
@@ -99,8 +99,12 @@ def configure_moxa_firewall_pexpect(router_ip):
print(f"\n!!! An unexpected error occurred: {e}")
if __name__ == "__main__":
ip_prefix = "10.81.60."
ip_suffixes = list(range(194, 215))
ip_prefix = "10.81.35."
ip_suffixes = list(range(74, 75))
ip_suffixes.append(85)
for suffix in ip_suffixes:
router_ip = ip_prefix + str(suffix)
print(f"Configuration of firewall {router_ip}...")
configure_moxa_firewall_pexpect(router_ip)
print(f"Done!")
answer = input(f"Continue?")