PatchCenter - Application web de gestion du patching

Go to file

Admin MPCZ 2b57ca3247 fix(patching/import): comparaison filtres case-insensitive (production == Production) - applyFilters: comparaisons en lowercase pour intervenant et env - rebuildSelectOptions: dedup case-insensitive (Map<lowercase, canonical>) garde la 1re forme rencontree comme label affiche		2026-05-07 19:41:22 +02:00
agents	feat(qualys/search): KPI total/avec-vuln/sans-vuln + filtre vuln_filter	2026-04-24 22:27:55 +00:00
app	fix(patching/import): comparaison filtres case-insensitive (production == Production)	2026-05-07 19:41:22 +02:00
deploy	feat(qualys/tagsv3): mise a jour catalogue YAML aligne sur taxonomie V3 finale (2026-04-22) - regles QQL exactes Asset Inventory + restreint Server, ENV avec exceptions legacy, POS enumeration starts-with, NOM-LEGACY/TAG-EMV/TAG-OBS/TAG-ELS	2026-04-29 14:23:55 +02:00
docs	docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path	2026-04-24 14:12:27 +02:00
scripts	chore: script test_qualys_filter.py pour debug syntaxe filter (V1 vs V2 avec <list>)	2026-05-05 18:50:28 +02:00
tools	docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path	2026-04-24 14:12:27 +02:00
.gitignore	Sync SANEF : audit_service + schema.sql + data deploy + gitignore	2026-04-17 09:20:57 +02:00
cleanup_fqdn_incoherents.sql	chore: script cleanup FQDN incoherents convention SANEF (vr=.sanef-rec.fr, vp=.sanef.groupe) - met NULL les incoherents pour forcer recalcul dynamique	2026-05-05 14:12:21 +02:00
fill_fqdn_from_domain_ltd.sql	chore: script remplit fqdn manquants depuis hostname.domain_ltd (LOWER + strip point initial du domain_ltd)	2026-05-05 15:52:20 +02:00
migrate_applications.sql	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
migrate_correspondance.sql	Patching: exclusions + correspondance prod<->hors-prod + validations	2026-04-12 18:51:30 +02:00
migrate_drop_legacy_servers.sql	feat(servers): drop colonnes legacy (snapshot_required/pre_patch_script/post_patch_script/satellite_host/need_pct) avec migration donnees + recreation views v_servers / v_patchable / v_conformity_todo + adaptation prereq_service et server_detail.html	2026-05-05 15:11:30 +02:00
migrate_etat.sql	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
migrate_missing_tables_20260427.sql	migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent)	2026-04-27 13:44:45 +00:00
migrate_patch_excludes_v2_20260507.sql	feat(excludes): nouvelle liste exclusions par domaine (sdcss-kmod base + Flux Libre minimal + ASM Oracle kernel*)	2026-05-07 08:40:10 +02:00
migrate_patch_excludes_v2_fix_20260507.sql	fix(excludes): ajoute sdcss-kmod a la liste Flux Libre (doit etre exclu partout)	2026-05-07 09:10:17 +02:00
migrate_patch_excludes_wiki.sql	feat(patching): migration excludes alignee sur wiki SANEF (33 patterns base + ASM kernel + HAproxy FL sdcss-kmod) - B3.1+B3.2	2026-05-04 16:43:37 +02:00
migrate_patching_notes_20260507.sql	feat(patching): particularites par serveur (notes wiki SANEF) + skip_first_reboot + reboot_delay cluster	2026-05-07 11:41:05 +02:00
migrate_patching_notes_fix_20260507.sql	fix(migration): redirige FK servers.cluster_id vers server_clusters (etait sur l'ancienne table clusters)	2026-05-07 11:48:15 +02:00
migrate_pct_workflow_20260507.sql	feat(pct): workflow prevenance PCT (auto-detection + gate confirmation + suffixe Teams)	2026-05-07 08:19:19 +02:00
migrate_planning_imports_v2.sql	feat(patching/import): ajout colonnes Resp Domaine DTS, Referent technique, Mode operatoire, Impacts, BDD - support nouveau format S07+ + Date au lieu de Jour	2026-05-04 13:12:09 +02:00
migrate_planning_imports_v3.sql	feat(patching/import): stockage date/heure typés (DATE+TIME) + jour_text fallback texte libre + tri colonne Date par date+heure combinés	2026-05-04 13:57:24 +02:00
migrate_planning_imports_v4.sql	feat(patching/import): actions Reporter/Ajouter au patching + log + colonne Etat (etape A) + placeholder /patching/iexec affichant excludes effectifs (etape B a venir)	2026-05-04 14:57:49 +02:00
migrate_planning_imports.sql	feat(patching): import planning xlsx (etape 1) - tables patch_planning_imports + rows, page upload + selecteur semaine + tableau	2026-05-04 12:57:35 +02:00
migrate_qualys_vuln_dashboard.sql	migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent)	2026-04-27 13:44:45 +00:00
migrate_servers_satellite.sql	feat(check satellite): cascade LAN+DMZ avec fallback automatique + migration servers.satellite_url + override BDD prioritaire	2026-05-05 14:34:47 +02:00
migrate_teams_pct_workflow.sql	feat(patching): migration architecture intervention - tables teams_channels + server_clusters + ALTER contacts/applications/servers/patch_planning_import_rows + FK contacts pour resp/referent/valideur, hooks pre/post patch, cluster ordering, workflow intervention complet	2026-05-05 13:52:01 +02:00
migrate_teams_rules_20260506.sql	feat(teams): mode SharePoint sync (calque .exe Sanef Patch Manager) + rules-based routing	2026-05-06 09:57:42 +02:00
migrate_teams_rules_v2_20260506.sql	feat(teams): fan-out multi-recipient + flag is_database_server + multi-referents	2026-05-06 10:33:12 +02:00
migrate_users.sql	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
populate_zones.sql	chore: script populate_zones - rattache serveurs aux 3 zones SANEF (DMZ deja faite, EMV pour hostname emv, LAN par defaut sur le reste)	2026-05-05 16:09:04 +02:00
README.md	docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path	2026-04-24 14:12:27 +02:00
replace_etat.py	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
requirements.txt	deps: add pyvmomi==8.0.3.0.1 (requis pour snapshot vCenter step B2)	2026-05-04 15:54:18 +02:00
resync_servers_text_fields.sql	fix(servers): bulk + edit synchronisent aussi les colonnes text legacy s.environnement et s.domaine (sinon liste affiche valeur obsolete) + script SQL re-sync des serveurs deja desyncs	2026-05-05 15:29:34 +02:00
run.sh	PatchCenter v2.0 — Initial commit	2026-04-04 03:00:12 +02:00
schema.sql	Sync SANEF : audit_service + schema.sql + data deploy + gitignore	2026-04-17 09:20:57 +02:00
tailwind.config.js	BOC SAP corrigé, stop/start order, patch waves, DMZ zone, préférences patching	2026-04-05 03:52:46 +02:00
update_zone_dmz.sql	chore: script update zone DMZ + satellite_url=vpdsiasat1 sur 51 hosts majoritairement DMZ dans le plan patching 2026	2026-05-05 14:51:08 +02:00

README.md

PatchCenter — SLPM (SANEF Linux Patch Manager)

App web FastAPI/PostgreSQL pour piloter le patching Linux SANEF : plan de patching, historique, users AD/LDAP, intégration iTop, API Qualys.

Source de vérité : VM CT 116 (pc.mpcz.fr, 172.28.199.185 + pct exec 116 -- ...) + repo Gitea adminmpmcz/patchcenter.

Workflow de dev (validé 2026-04-17)

Claude modifie direct sur CT 116 via SSH → git push Gitea
Khalid sur poste SANEF (C:\patchcenter) → git pull → test sur 127.0.0.1:8080
Si OK : Khalid ajoute ses modifs + git push Gitea
Claude sur CT 116 → git pull + systemctl restart patchcenter

Stack

Python 3.11+ / FastAPI / Uvicorn
PostgreSQL (patchcenter)
Jinja2 + Tailwind (templates)
LDAP (AD SANEF) pour auth

Structure

app/ — code FastAPI (auth, models, routers, services)
deploy/ — scripts déploiement + migrations SQL
tools/ — scripts d'import/enrichissement (Qualys, iTop, Ayoub, etc.)
docs/ — DEPLOY.md, SANEF_PATCHING_PROCESS.md
migrate_*.sql — migrations DB manuelles

Lancer en local (poste SANEF, pas la copie locale Claude)

python -m uvicorn app.main:app --host 0.0.0.0 --port 8080

Gitea

Repo : http://172.28.199.202:3000/adminmpmcz/patchcenter
Creds HTTPS : adminmpmcz / Admin@2025

Notes

SECRET_KEY côté VM : sanef-patchcenter-demo-key-change-me (drop-in systemd)
DB échangée via Gitea Releases (attachment .sql), jamais dans le git tree
Après restore DB : ALTER TABLE ... OWNER TO patchcenter pour toutes les tables+sequences