8e085564ac
Fix audit.html: {% endif %} manquant pour le bloc active_jobs
2026-04-15 00:32:20 +02:00
7480bbf5ac
audit _run: fallback sans sudo si sudoers refuse bash -c (commandes read-only OK sans root)
2026-04-15 00:26:42 +02:00
2a10ec55ab
Page /audit: liste les audits en cours avec bouton Reprendre
2026-04-15 00:22:22 +02:00
3c4244597c
Audit: ThreadPoolExecutor avec parallel borne (evite saturation DB/PSMP)
2026-04-15 00:20:12 +02:00
48efb07b49
Audit exclusion: match par nom ET code (form UI envoie l'un ou l'autre)
2026-04-15 00:14:39 +02:00
ca4f779e48
Fix audit exclusion: NULL domaine = exclu (evite audit de 690 serveurs non-tagges)
2026-04-15 00:05:16 +02:00
69cedff0fe
Fix audit exclusion: match sur servers.domaine OR d.name OR d.code, NULL = non-exclu
...
Les serveurs sans domain_env_id (majorite) etaient exclus a tort car
d.code=NULL et 'NULL NOT IN (...)' = NULL. Utilise COALESCE avec la
colonne plain-text s.domaine en priorite.
2026-04-14 23:59:36 +02:00
596276441b
audit realtime: route via PSMP CyberArk si ssh_method=ssh_psmp
...
Nouvelle fonction _connect_via_psmp avec auth_interactive Vault Password,
lookup ssh_method par hostname avant _connect. Fallback SSH direct si
PSMP echoue.
2026-04-14 23:48:00 +02:00
9b3840bfa6
audit realtime: FQDN base = retour direct (plus de check port 22), boucle suffixes uniquement en fallback
2026-04-14 23:30:47 +02:00
09e92c8b70
Fix export CSV: colonne zone (alias dans SELECT = 'zone' pas 'zone_name')
2026-04-14 23:26:30 +02:00
0be4849ef2
Fix filtres zone/licence perdus lors tri/pagination/export CSV
...
Les macros sort_url et qs + le lien Export CSV ne propageaient pas les
parametres zone/licence ajoutes recemment. Ajout dans:
- servers.html (macros + export link)
- servers.py (endpoint export-csv: signature + filters dict)
2026-04-14 22:25:57 +02:00
e2b984c2c4
Servers: filtre licence (active/obsolete/els/sans licence)
2026-04-14 22:17:09 +02:00
5e9625764a
Dashboard: try/except autour KPIs DMZ/patch_history (resilient si table absente)
2026-04-14 21:47:41 +02:00
6ec1c4575d
Dashboard: KPIs DMZ + patching 2026 depuis patch_history
...
- Stats DMZ (cliquable vers filtre zone)
- Patched 2026, never patched, last week (depuis patch_history Excel)
- Couverture patching = patched / patchable
- KPIs cards cliquables (lien vers /servers filtre pre-applique)
- Fix alias stats.eol -> stats.obsolete
2026-04-14 21:45:36 +02:00
4300eb1210
Fix zone filter: subquery sur zone_id (count query n'a pas le JOIN zones)
2026-04-14 21:17:56 +02:00
3211b81e60
Servers: filtre zone (liste zones + DMZ + Sans zone)
2026-04-14 21:15:49 +02:00
3c6e10944e
Servers list: SELECT s.environnement (colonne iTop) au lieu de e.name legacy
2026-04-14 18:58:24 +02:00
56fc1eaa7c
Servers filters: option (Sans etat)/(Sans env) pour NULL
2026-04-14 18:53:51 +02:00
1c2d0b958e
Etat/Environnement dropdowns alignes strict iTop SANEF
...
Etat: 6 valeurs lifecycle uniquement (Production, Implémentation,
Stock, Obsolète, prêt, tests). Suppression des valeurs condition
(Nouveau, Cassé, En panne, etc.) et de EOL qui n'existent pas
dans iTop SANEF.
Environnement: 7 valeurs iTop (Développement, Intégration, Pré-Prod,
Production, Recette, Test, Formation). Filtre env bascule de
e.code (legacy) vers s.environnement.
tools/import_etat_itop.py:
- CHECK 6 valeurs lifecycle + NULL
- Migration mappe les anciennes condition/EOL -> NULL
- Lit Status en priorite dans le CSV (lifecycle), fallback Etat
- Fix format print pour None
tools/import_sanef_*.py: ITOP_ETATS reduit a 6 valeurs
2026-04-14 18:48:30 +02:00
753d4076c9
Migre etat vers labels iTop verbatim (Production, Nouveau, etc.)
...
Aligne la colonne servers.etat sur les valeurs iTop exactes au lieu
des codes lowercase internes.
Impact:
- servers.etat stocke: Production, Implémentation, Stock, Obsolète,
EOL, prêt, tests, Nouveau, A récupérer, Cassé, Cédé, En panne,
Perdu, Recyclé, Occasion, A détruire, Volé
- Remplace tous les 'production'/'obsolete'/'stock'/'eol'/'implementation'
en WHERE/comparisons par les labels iTop verbatim (~10 fichiers)
- Templates badges/filtres: valeurs + labels iTop
- itop_service: maintient mapping iTop API internal code <-> DB label
- import_sanef_*: norm_etat retourne la valeur iTop verbatim ou None
(plus de fallback silencieux sur 'production')
Ajoute:
- tools/import_etat_itop.py : migration lowercase -> iTop + re-import CSV
- tools/import_environnement.py : fix dry-run pour ADD COLUMN idempotent
Supprime:
- tools/fix_etat_extend.py (obsolete par import_etat_itop.py)
2026-04-14 18:40:56 +02:00
7b87074faa
Qualys page size 100
2026-04-14 16:58:03 +02:00
d15db654d4
Qualys: activation keys lazy (no API on page load if cache empty)
2026-04-14 16:24:45 +02:00
49b1865d13
Qualys page size 250 (lower timeout risk)
2026-04-14 16:19:29 +02:00
67287b8256
Qualys: cancel button for ongoing refresh
2026-04-14 16:12:44 +02:00
69aeb0e77a
Qualys agents page: sync route + drop LOWER (citext is case-insensitive)
2026-04-14 16:09:56 +02:00
1bfdb16bfb
Qualys: actkeys cache 24h + refresh timeout 600s
2026-04-14 16:07:25 +02:00
07775a385f
Qualys activation keys: short timeout (5s)
2026-04-14 16:07:03 +02:00
347ea53c27
Qualys skip threshold: 5 min -> 40 min
2026-04-14 15:56:41 +02:00
ec90a4a9d1
Qualys: reduce refresh page size to 500
2026-04-14 15:55:35 +02:00
6db58952ec
Qualys refresh: early exit if no stale assets (< 5 min)
2026-04-14 15:48:41 +02:00
f66d728d2d
Qualys timeout 300s for bulk hostasset search
2026-04-14 15:37:50 +02:00
d24afa37b2
Qualys refresh: skip assets updated within last 5 minutes
2026-04-14 15:32:01 +02:00
d779426118
Bump Qualys page size back to 1000
2026-04-14 15:21:04 +02:00
71f83d5d4f
Qualys refresh: threading lock + 409 if already running
2026-04-14 15:20:17 +02:00
e3bcf8fcc1
Qualys refresh: sync route so blocking requests run in threadpool
2026-04-14 15:18:16 +02:00
67f123e9f5
Qualys refresh: pagination + per-row savepoint to isolate errors
2026-04-14 15:13:48 +02:00
a422894f83
Sync Qualys FQDN to servers + use fqdn first for DNS resolution
2026-04-14 15:00:40 +02:00
92175992f8
Qualys: tagName + CONTAINS (API field, not UI syntax)
2026-04-14 14:53:54 +02:00
a19281a771
Qualys filter: CONTAINS instead of EQUALS for tag
2026-04-14 14:48:29 +02:00
a331d16a12
Qualys filter: tags.name instead of tagName
2026-04-14 14:47:48 +02:00
053c9a3b59
Add Voir detail button and results route for realtime audit
2026-04-14 13:10:23 +02:00
747e883d22
Smart DNS suffix order based on hostname convention (r=rec, p/i=prod)
2026-04-14 13:02:24 +02:00
53545585f0
Configurable DNS suffixes + 2s socket timeout for faster resolve
2026-04-14 12:58:54 +02:00
da1042fef4
Fix SSH key: read PEM content from settings + ssh_key_default_user
2026-04-14 12:56:09 +02:00
8dba0706b0
Filter Qualys agent refresh on tag name=server
2026-04-14 12:18:43 +02:00
677f621c81
Admin applications + correspondance cleanup + tools presentation DSI
...
- Admin applications: CRUD module (list/add/edit/delete/assign/multi-app)
avec push iTop bidirectionnel (applications.py + 3 templates)
- Correspondance prod<->hors-prod: migration vers server_correspondance
globale, suppression ancien code quickwin, ajout filtre environnement
et solution applicative, colonne environnement dans builder
- Servers page: colonne application_name + equivalent(s) via get_links_bulk,
filtre application_id, push iTop sur changement application
- Patching: bulk_update_application, bulk_update_excludes, validations
- Fix paramiko sftp.put (remote_path -> positional arg)
- Tools: wiki_to_pdf.py (DokuWiki -> PDF) + generate_ppt.py (PPTX 19 slides
DSI patching) + contenu source (processus_patching.txt, script_presentation.txt)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-13 21:11:58 +02:00
caa2be71a4
Misc: servers page (application + equivalent), campagne tweaks
...
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 18:51:36 +02:00
a706e240ca
Patching: exclusions + correspondance prod<->hors-prod + validations
...
- /patching/config-exclusions: exclusions iTop par serveur + bulk + push iTop
- /quickwin/config: liste globale reboot packages (au lieu de per-server)
- /patching/correspondance: builder mark PROD/NON-PROD + bulk change env/app
+ auto-detect par nomenclature + exclut stock/obsolete
- /patching/validations: workflow post-patching (en_attente/OK/KO/force)
validator obligatoire depuis contacts iTop
- /patching/validations/history/{id}: historique par serveur
- Auto creation patch_validation apres status='patched' dans QuickWin
- check_prod_validations: banniere rouge sur quickwin detail si non-prod non valides
- Menu: Correspondance sous Serveurs, Config exclusions+Validations sous Patching
- Colonne Equivalent(s) sur /servers + section Correspondance sur detail
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 18:51:30 +02:00
ba0bff0f6e
Remove: safe-patching (remplace par QuickWin) + audit-full
...
- Safe Patching v1 redondant avec QuickWin, supprime
- audit-full: page supprimee, tables DB preservees
- menu + main.py nettoyes
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 18:51:17 +02:00
3f47fea8e6
Audit: jobs background paralleles + progression live
...
- Audit global/realtime: threads paralleles, job_id retourne immediat
- /audit/realtime/progress/{job_id}: KPIs + barre progression + tableau live
- Polling AJAX toutes les 2s, etapes animees (DNS/SSH/Audit/OK)
- PRETTY_NAME correction: extraction via grep -E 'PRETTY_NAME' + cut
- OS version: normalisation lors de save_audit_to_db (Debian GNU/Linux -> Debian X (Bookworm))
- Mise a jour base: itop sync bidirectionnel avec push OS version
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-12 18:51:05 +02:00
