adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
PatchCenter - Application web de gestion du patching
415 Commits 1 Branch 2 Tags 93 MiB
Python 49.9%
HTML 29.8%
PLpgSQL 19.4%
Shell 0.9%
00998e9320
Go to file
Admin MPCZ 00998e9320 feat(pct): bouton Prevenance PCT + preview avant envoi + CC responsables/referents 
- Service mail_service.py: send_html_mail via SMTP standard (host/port/user/pass/from/use_tls
  depuis Settings > SMTP). Gere SSL_465 et STARTTLS_587. Mode dry_run pour preview.
- Settings: nouvelle section 'smtp' avec smtp_host/port/user/pass/from/use_tls/pct_recipient
  (a configurer pour O365 SMTP submission)
- Router planning_import.py:
  * _build_pct_email(): construit subject + HTML pro/colore (header bleu degrade SANEF,
    cards avec border-left bleu/orange, tableau serveurs, footer)
  * Subject: 'Intervention sur <app>' si app uniforme, sinon liste des serveurs
  * Plage horaire = 20 min × N serveurs (formattee Hh MM)
  * 'Moyen d'exploitation prevu : Rollback en cas de probleme' ajoute en bas
  * _fetch_pct_cc_emails(): query distinct contacts depuis responsable_domaine_contact_id
    + referent_technique_contact_id + server_additional_referents
  * Endpoint POST /patching/import/pct-prevenance/preview retourne {subject, html, to, cc,
    smtp_configured, row_count} sans envoyer
  * Endpoint POST /patching/import/pct-prevenance/send envoie reellement, audit log,
    update pct_mail_sent_at sur les rows
- Template patching_import.html:
  * Bouton 'Prevenance PCT' (violet) a cote des autres actions
  * Modal preview avec iframe sandboxe pour le rendu HTML mail
  * Affiche destinataires, CC, objet, count serveurs
  * Warning rouge si SMTP non configure (envoi desactive, preview seulement)
  * 2 boutons: Annuler / Envoyer (avec confirmation)
2026-05-07 21:44:02 +02:00
agents feat(qualys/search): KPI total/avec-vuln/sans-vuln + filtre vuln_filter 2026-04-24 22:27:55 +00:00
app feat(pct): bouton Prevenance PCT + preview avant envoi + CC responsables/referents 2026-05-07 21:44:02 +02:00
deploy feat(qualys/tagsv3): mise a jour catalogue YAML aligne sur taxonomie V3 finale (2026-04-22) - regles QQL exactes Asset Inventory + restreint Server, ENV avec exceptions legacy, POS enumeration starts-with, NOM-LEGACY/TAG-EMV/TAG-OBS/TAG-ELS 2026-04-29 14:23:55 +02:00
docs docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path 2026-04-24 14:12:27 +02:00
scripts chore: script test_qualys_filter.py pour debug syntaxe filter (V1 vs V2 avec <list>) 2026-05-05 18:50:28 +02:00
tools docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path 2026-04-24 14:12:27 +02:00
.gitignore Sync SANEF : audit_service + schema.sql + data deploy + gitignore 2026-04-17 09:20:57 +02:00
backfill_canonicalize_env_domain_20260507.sql feat(planning_import): canonicalisation env + domaine a l'import (Production/production/PROD -> Production) 2026-05-07 19:48:21 +02:00
cleanup_fqdn_incoherents.sql chore: script cleanup FQDN incoherents convention SANEF (vr*=.sanef-rec.fr, vp*=.sanef.groupe) - met NULL les incoherents pour forcer recalcul dynamique 2026-05-05 14:12:21 +02:00
fill_fqdn_from_domain_ltd.sql chore: script remplit fqdn manquants depuis hostname.domain_ltd (LOWER + strip point initial du domain_ltd) 2026-05-05 15:52:20 +02:00
migrate_applications.sql Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
migrate_correspondance.sql Patching: exclusions + correspondance prod<->hors-prod + validations 2026-04-12 18:51:30 +02:00
migrate_drop_legacy_servers.sql feat(servers): drop colonnes legacy (snapshot_required/pre_patch_script/post_patch_script/satellite_host/need_pct) avec migration donnees + recreation views v_servers / v_patchable / v_conformity_todo + adaptation prereq_service et server_detail.html 2026-05-05 15:11:30 +02:00
migrate_etat.sql Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
migrate_missing_tables_20260427.sql migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent) 2026-04-27 13:44:45 +00:00
migrate_patch_excludes_v2_20260507.sql feat(excludes): nouvelle liste exclusions par domaine (sdcss-kmod base + Flux Libre minimal + ASM Oracle kernel*) 2026-05-07 08:40:10 +02:00
migrate_patch_excludes_v2_fix_20260507.sql fix(excludes): ajoute *sdcss-kmod* a la liste Flux Libre (doit etre exclu partout) 2026-05-07 09:10:17 +02:00
migrate_patch_excludes_wiki.sql feat(patching): migration excludes alignee sur wiki SANEF (33 patterns base + ASM kernel + HAproxy FL sdcss-kmod) - B3.1+B3.2 2026-05-04 16:43:37 +02:00
migrate_patching_notes_20260507.sql feat(patching): particularites par serveur (notes wiki SANEF) + skip_first_reboot + reboot_delay cluster 2026-05-07 11:41:05 +02:00
migrate_patching_notes_fix_20260507.sql fix(migration): redirige FK servers.cluster_id vers server_clusters (etait sur l'ancienne table clusters) 2026-05-07 11:48:15 +02:00
migrate_pct_workflow_20260507.sql feat(pct): workflow prevenance PCT (auto-detection + gate confirmation + suffixe Teams) 2026-05-07 08:19:19 +02:00
migrate_planning_imports_v2.sql feat(patching/import): ajout colonnes Resp Domaine DTS, Referent technique, Mode operatoire, Impacts, BDD - support nouveau format S07+ + Date au lieu de Jour 2026-05-04 13:12:09 +02:00
migrate_planning_imports_v3.sql feat(patching/import): stockage date/heure typés (DATE+TIME) + jour_text fallback texte libre + tri colonne Date par date+heure combinés 2026-05-04 13:57:24 +02:00
migrate_planning_imports_v4.sql feat(patching/import): actions Reporter/Ajouter au patching + log + colonne Etat (etape A) + placeholder /patching/iexec affichant excludes effectifs (etape B a venir) 2026-05-04 14:57:49 +02:00
migrate_planning_imports.sql feat(patching): import planning xlsx (etape 1) - tables patch_planning_imports + rows, page upload + selecteur semaine + tableau 2026-05-04 12:57:35 +02:00
migrate_qualys_vuln_dashboard.sql migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent) 2026-04-27 13:44:45 +00:00
migrate_servers_satellite.sql feat(check satellite): cascade LAN+DMZ avec fallback automatique + migration servers.satellite_url + override BDD prioritaire 2026-05-05 14:34:47 +02:00
migrate_teams_pct_workflow.sql feat(patching): migration architecture intervention - tables teams_channels + server_clusters + ALTER contacts/applications/servers/patch_planning_import_rows + FK contacts pour resp/referent/valideur, hooks pre/post patch, cluster ordering, workflow intervention complet 2026-05-05 13:52:01 +02:00
migrate_teams_rules_20260506.sql feat(teams): mode SharePoint sync (calque .exe Sanef Patch Manager) + rules-based routing 2026-05-06 09:57:42 +02:00
migrate_teams_rules_v2_20260506.sql feat(teams): fan-out multi-recipient + flag is_database_server + multi-referents 2026-05-06 10:33:12 +02:00
migrate_users.sql Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
populate_zones.sql chore: script populate_zones - rattache serveurs aux 3 zones SANEF (DMZ deja faite, EMV pour hostname *emv*, LAN par defaut sur le reste) 2026-05-05 16:09:04 +02:00
README.md docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path 2026-04-24 14:12:27 +02:00
replace_etat.py Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
requirements.txt deps: add pyvmomi==8.0.3.0.1 (requis pour snapshot vCenter step B2) 2026-05-04 15:54:18 +02:00
resync_servers_text_fields.sql fix(servers): bulk + edit synchronisent aussi les colonnes text legacy s.environnement et s.domaine (sinon liste affiche valeur obsolete) + script SQL re-sync des serveurs deja desyncs 2026-05-05 15:29:34 +02:00
run.sh PatchCenter v2.0 — Initial commit 2026-04-04 03:00:12 +02:00
schema.sql Sync SANEF : audit_service + schema.sql + data deploy + gitignore 2026-04-17 09:20:57 +02:00
tailwind.config.js BOC SAP corrigé, stop/start order, patch waves, DMZ zone, préférences patching 2026-04-05 03:52:46 +02:00
update_zone_dmz.sql chore: script update zone DMZ + satellite_url=vpdsiasat1 sur 51 hosts majoritairement DMZ dans le plan patching 2026 2026-05-05 14:51:08 +02:00

README.md

PatchCenter — SLPM (SANEF Linux Patch Manager)

App web FastAPI/PostgreSQL pour piloter le patching Linux SANEF : plan de patching, historique, users AD/LDAP, intégration iTop, API Qualys.

Source de vérité : VM CT 116 (pc.mpcz.fr, 172.28.199.185 + pct exec 116 -- ...) + repo Gitea adminmpmcz/patchcenter.

Workflow de dev (validé 2026-04-17)

  1. Claude modifie direct sur CT 116 via SSH → git push Gitea
  2. Khalid sur poste SANEF (C:\patchcenter) → git pull → test sur 127.0.0.1:8080
  3. Si OK : Khalid ajoute ses modifs + git push Gitea
  4. Claude sur CT 116 → git pull + systemctl restart patchcenter

Stack

  • Python 3.11+ / FastAPI / Uvicorn
  • PostgreSQL (patchcenter)
  • Jinja2 + Tailwind (templates)
  • LDAP (AD SANEF) pour auth

Structure

  • app/ — code FastAPI (auth, models, routers, services)
  • deploy/ — scripts déploiement + migrations SQL
  • tools/ — scripts d'import/enrichissement (Qualys, iTop, Ayoub, etc.)
  • docs/ — DEPLOY.md, SANEF_PATCHING_PROCESS.md
  • migrate_*.sql — migrations DB manuelles

Lancer en local (poste SANEF, pas la copie locale Claude)

python -m uvicorn app.main:app --host 0.0.0.0 --port 8080

Gitea

  • Repo : http://172.28.199.202:3000/adminmpmcz/patchcenter
  • Creds HTTPS : adminmpmcz / Admin@2025

Notes

  • SECRET_KEY côté VM : sanef-patchcenter-demo-key-change-me (drop-in systemd)
  • DB échangée via Gitea Releases (attachment .sql), jamais dans le git tree
  • Après restore DB : ALTER TABLE ... OWNER TO patchcenter pour toutes les tables+sequences