adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
354 Commits 1 Branch 2 Tags 93 MiB
8cf78dfef3
Commit Graph

144 Commits

Author SHA1 Message Date
Admin MPCZ
8cf78dfef3 feat(patching/iexec): terminal live SSE pour dry-run et patch reel - generator yum_stream_lines + endpoint /yum-stream + EventSource cote client + log audit en fin de stream 2026-05-04 17:02:28 +02:00
Admin MPCZ
e29ecff949 feat(patching/iexec B3.4+B3.5): pre-capture services+ports + post-compare avant/apres avec rapport diff (scripts wiki SANEF, push base64) - workflow 3a/3b/3c/3d sequentiel 2026-05-04 16:52:15 +02:00
Admin MPCZ
6c92c71d17 feat(patching/iexec B3): step 3a dry-run (yum update --assumeno) + step 3b real patch (yum update -y) avec excludes effectifs depuis v_servers, validation anti-injection sur excludes, log audit, double confirmation pour patch reel 2026-05-04 16:40:46 +02:00
Admin MPCZ
37e6f0d8f3 chore(snapshot): strip() defensif sur credentials vCenter (copier-coller peut ajouter newline/CR) 2026-05-04 16:29:20 +02:00
Admin MPCZ
a006e3f422 fix(snapshot): message d erreur distingue login KO de VM non trouvee (etait trompeur) 2026-05-04 16:25:10 +02:00
Admin MPCZ
f1baae9c8e fix(snapshot): _find_vm matching tolerant (court + FQDN) + log samples pour debug si VM non trouvee 2026-05-04 16:21:45 +02:00
Admin MPCZ
9996757e4b feat(snapshot): branche prod/hprod via prefixe hostname (vp/sp/lp = prod/metier ; reste = hprod/gestion) + fix matching DR vpsiaavcs1 (etait vpsicavcs1) + tolerance par name 2026-05-04 16:15:46 +02:00
Admin MPCZ
a1476cb3e2 fix(snapshot): fallback secrets vsphere_user/pass (nom Settings UI) en plus de vcenter_user/pass legacy 2026-05-04 16:07:50 +02:00
Admin MPCZ
b07a6816d4 feat(patching/iexec): check espace disque (/ >= 1.5Go, /var/log >= 1Go) + fix detection subscription-manager identity FR/EN via UUID regex 2026-05-04 15:37:12 +02:00
Admin MPCZ
eb2e0dc8ba feat(patching/iexec B1): page wizard step 1 - checks DNS+SSH+Satellite (LAN vpdsiasat2 / DMZ vpdsiasat1 selon domaine), Linux uniquement (Windows skip), sudo -n partout 2026-05-04 15:14:06 +02:00
Admin MPCZ
983552a442 fix(qualys/agents): message d'echec specifique selon cause reelle (DNS/TCP timeout/TCP refused/SSH auth) - plus de 'agent installe? OS supporte?' generique 2026-04-28 02:00:21 +02:00
Admin MPCZ
eecb61c720 fix(qualys/agents): check service multi-format - SysV init francais (en cours d'execution / (pid X)) en plus de systemd active (running) 2026-04-28 01:45:48 +02:00
Admin MPCZ
f0043eb481 ui(qualys/agents): separation RHEL5 (early exit, decom) vs RHEL6 (agent legacy ok, CA bundle a jour) 2026-04-28 01:33:10 +02:00
Admin MPCZ
4db0cf6a56 ui(qualys/agents): si OS EOL (RHEL 5/6) - affiche seule entree 'agent legacy, decom prevu', pas de warnings redondants 2026-04-28 01:31:25 +02:00
Admin MPCZ
b6a602e848 ui(qualys/agents): wording diag prudent (constat/hypothese/proposition vers ticket support, pas affirmer) 2026-04-28 01:27:42 +02:00
Admin MPCZ
67bd3a02d6 ui(qualys/agents): bloc Etat checklist OK/KO en tete (connectivite/disque/service/install) + log systeme 10 lignes 2026-04-28 01:24:57 +02:00
Admin MPCZ
7f8c2c710b ui(qualys/agents): renomme 'Suggestions' en 'Diagnostic' + reformulation orientee constat (pas de cmds shell, oriente vers ticket support) 2026-04-28 01:23:56 +02:00
Admin MPCZ
5abc474805 perf(qualys/agents): combine toutes les cmds en 1 seul channel SSH avec markers - evite Timeout opening channel sur PSMP 2026-04-28 01:18:59 +02:00
Admin MPCZ
d4205fb8f8 fix(qualys/agents): retry avec reconnect SSH si Timeout opening channel (limite channels PSMP) 2026-04-28 01:14:03 +02:00
Admin MPCZ
fc480b4376 ui(qualys/agents): retire bloc Configuration proxy agent (inutile car SANEF prod sort en direct, pas via proxy) 2026-04-28 01:13:18 +02:00
Admin MPCZ
49c700c5d1 fix(qualys/agents): procedure reinstall reelle SANEF (rpm -ivh /root/QualysCloudAgent.rpm) 2026-04-28 00:58:45 +02:00
Admin MPCZ
79cff850d3 feat(qualys/agents): suggestion auto pour install cassee (core dump + package absent RPM/DPKG) 2026-04-28 00:57:06 +02:00
Admin MPCZ
fb448257a1 ui(qualys/agents): connectivite minimale - HTTP code recu = OK, diag detaille seulement si KO 2026-04-28 00:52:17 +02:00
Admin MPCZ
c54ec0ba0c fix(qualys/agents): test connectivite DIRECT vers qagpublic.qg1.apps.qualys.eu (pod EU1 SANEF) - pas de proxy car agent sort en direct 2026-04-28 00:26:29 +02:00
Admin MPCZ
9d312f43a3 feat(qualys/agents): check conf proxy agent (qagent-proxy.conf, drop-in systemd, sysconfig, /etc/environment) + suggestion config proxy 2026-04-28 00:20:56 +02:00
Admin MPCZ
191c167423 fix(qualys/agents): snapshot vCenter (pas LVM) pour rollback avant extend FS 2026-04-28 00:15:12 +02:00
Admin MPCZ
640292c1ce feat(qualys/agents): checks LVM + logrotate + suggestions extend FS / cleanup / fix logrotate avec snapshot LVM obligatoire 2026-04-28 00:11:45 +02:00
Admin MPCZ
b81343d5ca fix(qualys/agents): test connectivite via proxy SANEF (proxy.sanef.fr:8080, fallback IP 10.40.10.225) + suggestion conf agent 2026-04-28 00:06:32 +02:00
Admin MPCZ
a877589cf3 feat(qualys/agents): suggestions auto resolution selon patterns logs (disque sature, crash loop, conn KO, service masked, agent obsolete) 2026-04-28 00:01:14 +02:00
Admin MPCZ
437b1ed172 feat(qualys/agents): ajout checks espace disque + connectivite console Qualys (qualysagent/qualysguard.qualys.eu) 2026-04-27 23:53:15 +02:00
Admin MPCZ
d9be39a037 fix(qualys/agents): sudo -n explicite pour lire logs Qualys (fichiers root-only) + fallback messages 'existe mais non lisible' 2026-04-27 23:39:53 +02:00
Admin MPCZ
cdcb85917d feat(qualys/agents): audit en background thread + page d'attente auto-refresh (fix ERR_CONNECTION_RESET sur audits longs) 2026-04-27 23:25:50 +02:00
Admin MPCZ
26e05d63ac fix(qualys/agents): commandes audit adaptees multi-OS (RHEL5 SysV init, journalctl absent, chemins log Qualys multiples) 2026-04-27 23:15:50 +02:00
Admin MPCZ
03229d4d08 feat(qualys/agents): bouton Check + page audit cible Qualys agent (status + version + logs agent/systeme via SSH) 2026-04-27 23:09:05 +02:00
Admin MPCZ
dc9c197274 fix(qualys/dashboard): timeout 120s->300s + log erreurs sur _fetch_asset_ids_by_tag (manque ENV-PRD/REC sur gros tags) 2026-04-27 23:00:58 +02:00
Admin MPCZ
5ec5271232 perf(qualys/dashboard): parallelise fetch vulns par batch IPs (8 workers, ~18min -> ~3min) 2026-04-27 17:15:44 +02:00
Admin MPCZ
0d4ce6dfc2 feat(qualys/duplicates): scan filtre Linux+Windows Server uniquement (~1200 vs 6244) 2026-04-25 19:56:23 +00:00
Admin MPCZ
6c52d05393 fix(qualys/duplicates): renomme cle items -> groups (conflit Jinja avec dict.items) 2026-04-25 10:49:53 +00:00
Admin MPCZ
e832381b68 feat(qualys/duplicates): filtre serveurs uniquement (exclut Win 10/11/7/8/XP postes) 2026-04-25 10:23:14 +00:00
Admin MPCZ
3d043af194 feat(qualys): page doublons + suppression API Qualys 1-clic 2026-04-25 10:17:40 +00:00
Admin MPCZ
8f406f211d feat(qualys/dashboard): compute v2 - interroge API Qualys par tag (DB locale qualys_asset_tags souvent obsolete) 2026-04-25 00:42:29 +00:00
Admin MPCZ
0ab4f2d8fa fix(qualys/dashboard): vire flag in-memory + safety net thread + flex layout 6 KPI 2026-04-25 00:13:22 +00:00
Admin MPCZ
9a7f446637 fix(qualys/dashboard): insert pending row dans la route avant spawn thread (no race) 2026-04-25 00:07:22 +00:00
Admin MPCZ
8f8e8c4d8f feat(qualys): dashboard vulnerabilites avec KPI + historique 2026-04-24 23:49:46 +00:00
Admin MPCZ
c258d6091a fix(qualys): resync_all_tags HTTP 400 - limitResults 10000 trop grand, capper a 1000 
Qualys QPS API rejette limitResults au-dela de 1000 (HTTP 400 Bad Request).
Aligne sur les autres requetes du service (5, 20, 100, 200, 1000) et sur
qualys_tags_service.list_qualys_tags qui utilise deja 1000.

Reproductible via /qualys/tags > bouton Resync (msg=resync_ko_HTTP+400).
 2026-04-23 12:19:31 +00:00
Admin MPCZ
9a72fa7eb7 Optim: fix N+1 queries itop_service (pre-load batch) + macros Jinja2 badges 2026-04-17 23:23:32 +00:00
Admin MPCZ
a0f90cd719 Optim: logging structure + query_helpers.py + fix exceptions silencieuses routers 2026-04-17 23:19:18 +00:00
MOUTAOUAKIL-ext Khalid
e2fb34f115 Sync SANEF : audit_service + schema.sql + data deploy + gitignore 2026-04-17 09:20:57 +02:00
Admin MPCZ
1c661e2dc5 qualys_tags: respect qualys_bypass_proxy flag 
_get_creds() ignorait le flag bypass_proxy et retournait toujours
qualys_proxy meme si l'utilisateur avait coche bypass en settings.
Comportement desormais aligne avec qualys_service._get_qualys_creds().
 2026-04-17 00:28:57 +02:00
Admin MPCZ
617bf94e31 Qualys agents sync: optims perf majeures (~3-5x plus rapide) 
Refactor _refresh_all_agents_impl() avec 4 optimisations:

1. Pre-chargement des servers en dict Python au debut (hostname + IP)
   -> elimine 2 queries SQL par asset (gain principal)

2. UPSERT 'INSERT ... ON CONFLICT DO UPDATE' + RETURNING (xmax=0)
   -> une seule query au lieu de SELECT + INSERT/UPDATE
   -> compte created/updated via xmax

3. HTTP Session reutilisee (requests.Session)
   -> keep-alive, pas de handshake SSL a chaque page

4. ThreadPoolExecutor(5) pour executer les 5 filtres tagName en parallele
   -> dedup par asset_id pour eviter traitement double

Bonus:
- max_pages 30 -> 500 par filtre (evite syncs incomplets silencieux)
- FQDN backfill cible via cache 'servers_need_fqdn' (pas d'UPDATE inutile)
- Commit unique en fin de traitement (suppression savepoint par asset)
- Retrait age-check redondant en mode diff (deja filtre cote API)
 2026-04-16 23:34:51 +02:00