adminmpmcz/patchcenter
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
PatchCenter - Application web de gestion du patching
394 Commits 1 Branch 2 Tags 93 MiB
Python 49.9%
HTML 29.8%
PLpgSQL 19.4%
Shell 0.9%
90444c0c56
Go to file
Admin MPCZ 90444c0c56 feat(patching): particularites par serveur (notes wiki SANEF) + skip_first_reboot + reboot_delay cluster 
Migration migrate_patching_notes_20260507.sql:
- servers.skip_first_reboot boolean (TPV1: vptraatpf1/2 a true)
- servers.patching_notes text (markdown — meme operateur)
- server_clusters.reboot_delay_min_minutes int default 0
- Backfill patching_notes pour 22 cas particuliers du wiki SANEF:
  ASM Oracle (~50 hosts kernel*), TPV1, HAproxy FL, Covoiturage,
  SI Patrimoine (vrpatbsip1 avant vrpataels1, kibana, certs),
  Talend, Scoop (Debian apt-mark hold + CentOS containers Docker),
  DATI (pm2/tomcat post-reboot), COMMVAULT (mode maintenance),
  Masterparc (kmeihm pm2), Splunk (RPM special),
  Site institutionnel (HAproxy backend rotation, no *node*),
  Centreon (1 par 1 + check centengine), Sextan (10min reboot delay),
  OCTAN, PAIPOR (site maintenance), Gaspar, Postgres, Oracle OEM, SMTP relay
- Cluster Sextan cree (10 min entre reboots) + 10 serveurs Sextan rattaches

UI iexec:
- Banner cumule en haut: '⚠ Particularites pour N serveur(s)' si au moins 1 note
- Badges sur la cellule asset_name: ⚠ note (modal markdown au clic),
  ⏭ skip 1st reboot, ⏱ Xmin (cluster reboot delay)
- Modal patching_notes avec rendu pre/markdown, fermeture Escape

UI fiche serveur (server_detail.html):
- Ligne 'Skip 1er reboot' dans bloc Patching
- Bandeau orange particularites avec contenu patching_notes si renseigne

Pas encore implemente cote logique d'execution (Phase 2):
- skip_first_reboot logic dans le step reboot
- enforcement reboot_delay_min_minutes entre membres cluster
- Pour l'instant: notes affichees en mode 'memo operateur' uniquement
2026-05-07 11:41:05 +02:00
agents feat(qualys/search): KPI total/avec-vuln/sans-vuln + filtre vuln_filter 2026-04-24 22:27:55 +00:00
app feat(patching): particularites par serveur (notes wiki SANEF) + skip_first_reboot + reboot_delay cluster 2026-05-07 11:41:05 +02:00
deploy feat(qualys/tagsv3): mise a jour catalogue YAML aligne sur taxonomie V3 finale (2026-04-22) - regles QQL exactes Asset Inventory + restreint Server, ENV avec exceptions legacy, POS enumeration starts-with, NOM-LEGACY/TAG-EMV/TAG-OBS/TAG-ELS 2026-04-29 14:23:55 +02:00
docs docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path 2026-04-24 14:12:27 +02:00
scripts chore: script test_qualys_filter.py pour debug syntaxe filter (V1 vs V2 avec <list>) 2026-05-05 18:50:28 +02:00
tools docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path 2026-04-24 14:12:27 +02:00
.gitignore Sync SANEF : audit_service + schema.sql + data deploy + gitignore 2026-04-17 09:20:57 +02:00
cleanup_fqdn_incoherents.sql chore: script cleanup FQDN incoherents convention SANEF (vr*=.sanef-rec.fr, vp*=.sanef.groupe) - met NULL les incoherents pour forcer recalcul dynamique 2026-05-05 14:12:21 +02:00
fill_fqdn_from_domain_ltd.sql chore: script remplit fqdn manquants depuis hostname.domain_ltd (LOWER + strip point initial du domain_ltd) 2026-05-05 15:52:20 +02:00
migrate_applications.sql Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
migrate_correspondance.sql Patching: exclusions + correspondance prod<->hors-prod + validations 2026-04-12 18:51:30 +02:00
migrate_drop_legacy_servers.sql feat(servers): drop colonnes legacy (snapshot_required/pre_patch_script/post_patch_script/satellite_host/need_pct) avec migration donnees + recreation views v_servers / v_patchable / v_conformity_todo + adaptation prereq_service et server_detail.html 2026-05-05 15:11:30 +02:00
migrate_etat.sql Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
migrate_missing_tables_20260427.sql migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent) 2026-04-27 13:44:45 +00:00
migrate_patch_excludes_v2_20260507.sql feat(excludes): nouvelle liste exclusions par domaine (sdcss-kmod base + Flux Libre minimal + ASM Oracle kernel*) 2026-05-07 08:40:10 +02:00
migrate_patch_excludes_v2_fix_20260507.sql fix(excludes): ajoute *sdcss-kmod* a la liste Flux Libre (doit etre exclu partout) 2026-05-07 09:10:17 +02:00
migrate_patch_excludes_wiki.sql feat(patching): migration excludes alignee sur wiki SANEF (33 patterns base + ASM kernel + HAproxy FL sdcss-kmod) - B3.1+B3.2 2026-05-04 16:43:37 +02:00
migrate_patching_notes_20260507.sql feat(patching): particularites par serveur (notes wiki SANEF) + skip_first_reboot + reboot_delay cluster 2026-05-07 11:41:05 +02:00
migrate_pct_workflow_20260507.sql feat(pct): workflow prevenance PCT (auto-detection + gate confirmation + suffixe Teams) 2026-05-07 08:19:19 +02:00
migrate_planning_imports_v2.sql feat(patching/import): ajout colonnes Resp Domaine DTS, Referent technique, Mode operatoire, Impacts, BDD - support nouveau format S07+ + Date au lieu de Jour 2026-05-04 13:12:09 +02:00
migrate_planning_imports_v3.sql feat(patching/import): stockage date/heure typés (DATE+TIME) + jour_text fallback texte libre + tri colonne Date par date+heure combinés 2026-05-04 13:57:24 +02:00
migrate_planning_imports_v4.sql feat(patching/import): actions Reporter/Ajouter au patching + log + colonne Etat (etape A) + placeholder /patching/iexec affichant excludes effectifs (etape B a venir) 2026-05-04 14:57:49 +02:00
migrate_planning_imports.sql feat(patching): import planning xlsx (etape 1) - tables patch_planning_imports + rows, page upload + selecteur semaine + tableau 2026-05-04 12:57:35 +02:00
migrate_qualys_vuln_dashboard.sql migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent) 2026-04-27 13:44:45 +00:00
migrate_servers_satellite.sql feat(check satellite): cascade LAN+DMZ avec fallback automatique + migration servers.satellite_url + override BDD prioritaire 2026-05-05 14:34:47 +02:00
migrate_teams_pct_workflow.sql feat(patching): migration architecture intervention - tables teams_channels + server_clusters + ALTER contacts/applications/servers/patch_planning_import_rows + FK contacts pour resp/referent/valideur, hooks pre/post patch, cluster ordering, workflow intervention complet 2026-05-05 13:52:01 +02:00
migrate_teams_rules_20260506.sql feat(teams): mode SharePoint sync (calque .exe Sanef Patch Manager) + rules-based routing 2026-05-06 09:57:42 +02:00
migrate_teams_rules_v2_20260506.sql feat(teams): fan-out multi-recipient + flag is_database_server + multi-referents 2026-05-06 10:33:12 +02:00
migrate_users.sql Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
populate_zones.sql chore: script populate_zones - rattache serveurs aux 3 zones SANEF (DMZ deja faite, EMV pour hostname *emv*, LAN par defaut sur le reste) 2026-05-05 16:09:04 +02:00
README.md docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path 2026-04-24 14:12:27 +02:00
replace_etat.py Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne 2026-04-12 18:50:43 +02:00
requirements.txt deps: add pyvmomi==8.0.3.0.1 (requis pour snapshot vCenter step B2) 2026-05-04 15:54:18 +02:00
resync_servers_text_fields.sql fix(servers): bulk + edit synchronisent aussi les colonnes text legacy s.environnement et s.domaine (sinon liste affiche valeur obsolete) + script SQL re-sync des serveurs deja desyncs 2026-05-05 15:29:34 +02:00
run.sh PatchCenter v2.0 — Initial commit 2026-04-04 03:00:12 +02:00
schema.sql Sync SANEF : audit_service + schema.sql + data deploy + gitignore 2026-04-17 09:20:57 +02:00
tailwind.config.js BOC SAP corrigé, stop/start order, patch waves, DMZ zone, préférences patching 2026-04-05 03:52:46 +02:00
update_zone_dmz.sql chore: script update zone DMZ + satellite_url=vpdsiasat1 sur 51 hosts majoritairement DMZ dans le plan patching 2026 2026-05-05 14:51:08 +02:00

README.md

PatchCenter — SLPM (SANEF Linux Patch Manager)

App web FastAPI/PostgreSQL pour piloter le patching Linux SANEF : plan de patching, historique, users AD/LDAP, intégration iTop, API Qualys.

Source de vérité : VM CT 116 (pc.mpcz.fr, 172.28.199.185 + pct exec 116 -- ...) + repo Gitea adminmpmcz/patchcenter.

Workflow de dev (validé 2026-04-17)

  1. Claude modifie direct sur CT 116 via SSH → git push Gitea
  2. Khalid sur poste SANEF (C:\patchcenter) → git pull → test sur 127.0.0.1:8080
  3. Si OK : Khalid ajoute ses modifs + git push Gitea
  4. Claude sur CT 116 → git pull + systemctl restart patchcenter

Stack

  • Python 3.11+ / FastAPI / Uvicorn
  • PostgreSQL (patchcenter)
  • Jinja2 + Tailwind (templates)
  • LDAP (AD SANEF) pour auth

Structure

  • app/ — code FastAPI (auth, models, routers, services)
  • deploy/ — scripts déploiement + migrations SQL
  • tools/ — scripts d'import/enrichissement (Qualys, iTop, Ayoub, etc.)
  • docs/ — DEPLOY.md, SANEF_PATCHING_PROCESS.md
  • migrate_*.sql — migrations DB manuelles

Lancer en local (poste SANEF, pas la copie locale Claude)

python -m uvicorn app.main:app --host 0.0.0.0 --port 8080

Gitea

  • Repo : http://172.28.199.202:3000/adminmpmcz/patchcenter
  • Creds HTTPS : adminmpmcz / Admin@2025

Notes

  • SECRET_KEY côté VM : sanef-patchcenter-demo-key-change-me (drop-in systemd)
  • DB échangée via Gitea Releases (attachment .sql), jamais dans le git tree
  • Après restore DB : ALTER TABLE ... OWNER TO patchcenter pour toutes les tables+sequences