diff --git a/README.md b/README.md index db5169b..e111b0b 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,29 @@ +ros 批量配置脚本 + +## 项目说明 + +这是一个半自动的批量配置脚本,用于按需批量配置 ros 服务,目前适用于极狐与极光的配置 + +脚本通过 ssl 方式连接到 ros 服务,在使用前需要下载 ros 的证书到 certs 目录下 + +**项目结构** +``` +ros +├── certs ros 服务的证书,在配置 csv 中 cert 列的根目录是这里 +├── scripts ros 服务中的脚本,在配置脚本时会读取并写入 ros 配置 +├── templates ros 服务的模板镜像 +├── config.jh.bak.csv 极狐的配置参考表 +├── config.jg.bak.csv 极光的配置参考表 +├── config.csv 需要执行配置的表 +├── steps.py 所有配置函数 +└── main.py 主程序,执行 `steps.py` 中的配置函数 +``` + ## 使用说明 -一、上传 ros 镜像,位置在 `templates` 目录下 +1. 上传 ros 镜像,位置在 `templates` 目录下 -二、为 ros 配置公网 IP 与网关,并重置 mac 地址 +2. 为 ros 配置公网 IP 与网关,并重置 mac 地址 ``` /ip/address/set 0 address=公网地址/掩码 @@ -10,9 +31,13 @@ /interface/ethernet/reset-mac-address wan ``` -三、将需要部署的 ros 配置条目从 `config.bak.csv` 中复制到 `config.csv` +3. 将需要部署的 ros 配置条目从 `config.jh.bak.csv` 或 `config.jg.bak.csv` 中复制到 `config.csv`(没有的话创建一个) -四、执行 `main.py` +> `config.jh.bak.csv` 与 `config.jg.bak.csv` 中是所有 ros 配置项的完整记录 + +4. 检查并按需调整 `main.py` 脚本开头定义的参数 + +5. 执行 `main.py` ## 部署流程 diff --git a/config.jh.bak.csv b/config.jh.bak.csv index a74fdf3..1bfc72b 100644 --- a/config.jh.bak.csv +++ b/config.jh.bak.csv @@ -1,6 +1,6 @@ index,name,code,gateway,public,mask,private,domain,cert -0,混拨1,hh1,43.226.58.1,43.226.58.7,24,192.168.98.3,hh,jh/7.crt -0,混拨2,hh2,43.226.58.1,43.226.58.8,24,192.168.98.2,hh,server.crt +1,混拨2,hh2,43.226.58.1,43.226.58.8,24,192.168.98.2,hh,jh/8.crt +2,混拨3,hh3,43.226.58.1,43.226.58.7,24,192.168.98.3,hh,jh/7.crt 1,宣城,ahxc215,43.226.58.1,43.226.58.10,24,192.168.99.1,ahxc,jh/10.crt 2,宿州,ahsz216,43.226.58.1,43.226.58.11,24,192.168.99.2,ahsz,jh/11.crt 3,阜阳,ahfy225,43.226.58.1,43.226.58.12,24,192.168.99.3,ahfy,jh/12.crt diff --git a/main.py b/main.py index aa15f10..d9e8bff 100644 --- a/main.py +++ b/main.py @@ -21,24 +21,22 @@ pip install librouteros - public: 公网 IP - mask: 公网子网掩码 - private: 内网 IP +- domain: 节点域名 +- cert: 证书文件路径 -如果需要添加或修改配置项,从 config.*.bak.csv 文件复制配置项到 config.csv 文件中 +如果需要添加或修改配置项,修改 config.*.bak.csv 文件,并复制配置项到 config.csv 文件中 如果需要修改配置内容,在下面 “配置执行步骤” 部分添加或修改函数调用 """ -threads = [] -failed = [] - # 配置执行步骤 steps = [ - configNet, - configJgAuth, - configJgMixOuts, - configJgScripts, - configJgLogs, + configJgOuts, ] +threads = [] +failed = [] + def main(): # 加载配置文件 @@ -81,7 +79,7 @@ def start(config): try: ctx = ssl.create_default_context() ctx.check_hostname = False - ctx.load_verify_locations(f'certs/{config["cert"]}') + ctx.load_verify_locations(f"certs/{config['cert']}") conn = connect( username="admin", password="wyongk9815", diff --git a/steps.py b/steps.py index 834d54f..17da0ee 100644 --- a/steps.py +++ b/steps.py @@ -120,6 +120,7 @@ def configJhMixOuts(conn: Api, config): except Exception as e: raise RuntimeError("删除 PPP 失败: {}".format(e)) + index = (int(config["index"]) - 1) * 10 for i in range(30): for j in range(10): n = j * 30 + i @@ -127,9 +128,9 @@ def configJhMixOuts(conn: Api, config): ppps.add( **{ - "name": f"l2tp-out{n+1}", + "name": f"l2tp-out{n + 1}", "connect-to": f"192.168.25{k}.25{k}", - "user": f"jdzz{j+11}dt{i+221}", + "user": f"jdzz{j + 1 + index}dt{i + 221}", "password": "123231", "disabled": "no", } @@ -144,8 +145,8 @@ def configJhMixOuts(conn: Api, config): raise RuntimeError("删除路由表失败: {}".format(e)) for i in range(300): - routeName = f"r{i+1}" - routeOut = f"l2tp-out{i+1}" + routeName = f"r{i + 1}" + routeOut = f"l2tp-out{i + 1}" try: routes.add( **{ @@ -355,7 +356,7 @@ def configJhDrop(conn: Api, config): layer7.add( **{ "name": "illegal", - "regexp": f'({"|".join([re.escape(domain) for domain in domains])})[/:]?.*', + "regexp": f"({'|'.join([re.escape(domain) for domain in domains])})[/:]?.*", } ) @@ -425,7 +426,7 @@ def configJgAuth(conn: Api, config): try: l2tp = conn.path("interface", "l2tp-server", "server") - l2tp.update(**{"enabled": "yes", "use-ipsec": "yes", "ipsec-secret": "byjd231"}) + l2tp.update(**{"enabled": "yes", "use-ipsec": "yes", "ipsec-secret": "1234"}) except Exception as e: raise RuntimeError(f"配置 l2tp 服务器失败: {e}") @@ -451,7 +452,8 @@ def configJgOuts(conn: Api, config): """ try: - count = 20 + count = 10 + window = 20 # 配置 ppp try: @@ -468,8 +470,8 @@ def configJgOuts(conn: Api, config): ppps.add( **{ "name": f"l2tp-out{i}", - "connect-to": f"192.168.0.{int(config['gate'])+1}", - "user": f"bydj{config['gate']}api{(int(config['index'])-1) * count + i}", + "connect-to": f"192.168.0.{int(config['gate']) + 1}", + "user": f"byjd{config['gate']}api{(int(config['index']) - 1) * window + i}", "password": "byjd231", "disabled": "no", } @@ -528,8 +530,8 @@ def configJgMixOuts(conn: Api, config): ppps.add( **{ "name": f"l2tp-out{i}", - "connect-to": f"192.168.0.{int(config['gate'])+1}", - "user": f"bydj{config['gate']}api{(int(config['index'])-1) * count + i}", + "connect-to": f"192.168.0.{int(config['gate']) + 1}", + "user": f"byjd{config['gate']}api{(int(config['index']) - 1) * count + i}", "password": "byjd231", "disabled": "no", } @@ -737,3 +739,28 @@ def configJgLogs(conn: Api, config): # ==================== # 临时 # ==================== + + +def temp(conn: Api, config): + ppps = conn.path("interface", "l2tp-client") + + count = 0 + for ppp in ppps: + count += 1 + if ppp["name"].startswith("l2tp-out") and ppp["running"] != True: + break + + if count < 20: + raise RuntimeError(f"有未运行的 PPP,count={count}") + + # file = open(f"outs/{config['code']}.csv", "w", encoding="utf-8") + # file.write("ros,name,connect-to,user,running\n") + # for ppp in ppps: + # file.write("{},{},{},{},{}\n".format( + # config["name"], + # ppp["name"], + # ppp["connect-to"], + # ppp["user"], + # ppp["running"], + # )) + # file.close()