PatchCenter - Application web de gestion du patching

Go to file

Admin MPCZ edec1f7db5 feat(teams): mode SharePoint sync (calque .exe Sanef Patch Manager) + rules-based routing - Migration: ajoute sp_route/mode/is_reboot_channel/is_dynamic_dm sur teams_channels, cree table teams_channel_rules (match resp/domain/env/msg_type/hostname pattern) - Service teams_service.py: format texte plat compatible workflows existants, write_sharepoint_notification (ecrit fichier .txt dans <sp_base>/<sp_route>/), resolve_channel_for_server rules-based avec priorite reboot, send_notification orchestre resolution + envoi - Settings UI: CRUD canaux etendu (mode SP/webhook + flags reboot/dyn_dm), CRUD regles avec match conditions, sharepoint_notif_path en secret app, bouton Test ecrit fichier .txt en mode SP - Mode is_dynamic_dm: prefixe le contenu par 'TO: <email>' pour permettre un workflow PA unique qui dispatch dynamiquement aux responsables - Pas d'OAuth requis: PatchCenter ecrit fichiers, Workflows PA cote SharePoint (deja en place pour le .exe) declenchent et postent sur Teams Mode webhook conserve mais inactif tant qu'OAuth Entra ID pas mis en place chez SANEF		2026-05-06 09:57:42 +02:00
agents	feat(qualys/search): KPI total/avec-vuln/sans-vuln + filtre vuln_filter	2026-04-24 22:27:55 +00:00
app	feat(teams): mode SharePoint sync (calque .exe Sanef Patch Manager) + rules-based routing	2026-05-06 09:57:42 +02:00
deploy	feat(qualys/tagsv3): mise a jour catalogue YAML aligne sur taxonomie V3 finale (2026-04-22) - regles QQL exactes Asset Inventory + restreint Server, ENV avec exceptions legacy, POS enumeration starts-with, NOM-LEGACY/TAG-EMV/TAG-OBS/TAG-ELS	2026-04-29 14:23:55 +02:00
docs	docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path	2026-04-24 14:12:27 +02:00
scripts	chore: script test_qualys_filter.py pour debug syntaxe filter (V1 vs V2 avec <list>)	2026-05-05 18:50:28 +02:00
tools	docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path	2026-04-24 14:12:27 +02:00
.gitignore	Sync SANEF : audit_service + schema.sql + data deploy + gitignore	2026-04-17 09:20:57 +02:00
cleanup_fqdn_incoherents.sql	chore: script cleanup FQDN incoherents convention SANEF (vr=.sanef-rec.fr, vp=.sanef.groupe) - met NULL les incoherents pour forcer recalcul dynamique	2026-05-05 14:12:21 +02:00
fill_fqdn_from_domain_ltd.sql	chore: script remplit fqdn manquants depuis hostname.domain_ltd (LOWER + strip point initial du domain_ltd)	2026-05-05 15:52:20 +02:00
migrate_applications.sql	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
migrate_correspondance.sql	Patching: exclusions + correspondance prod<->hors-prod + validations	2026-04-12 18:51:30 +02:00
migrate_drop_legacy_servers.sql	feat(servers): drop colonnes legacy (snapshot_required/pre_patch_script/post_patch_script/satellite_host/need_pct) avec migration donnees + recreation views v_servers / v_patchable / v_conformity_todo + adaptation prereq_service et server_detail.html	2026-05-05 15:11:30 +02:00
migrate_etat.sql	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
migrate_missing_tables_20260427.sql	migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent)	2026-04-27 13:44:45 +00:00
migrate_patch_excludes_wiki.sql	feat(patching): migration excludes alignee sur wiki SANEF (33 patterns base + ASM kernel + HAproxy FL sdcss-kmod) - B3.1+B3.2	2026-05-04 16:43:37 +02:00
migrate_planning_imports_v2.sql	feat(patching/import): ajout colonnes Resp Domaine DTS, Referent technique, Mode operatoire, Impacts, BDD - support nouveau format S07+ + Date au lieu de Jour	2026-05-04 13:12:09 +02:00
migrate_planning_imports_v3.sql	feat(patching/import): stockage date/heure typés (DATE+TIME) + jour_text fallback texte libre + tri colonne Date par date+heure combinés	2026-05-04 13:57:24 +02:00
migrate_planning_imports_v4.sql	feat(patching/import): actions Reporter/Ajouter au patching + log + colonne Etat (etape A) + placeholder /patching/iexec affichant excludes effectifs (etape B a venir)	2026-05-04 14:57:49 +02:00
migrate_planning_imports.sql	feat(patching): import planning xlsx (etape 1) - tables patch_planning_imports + rows, page upload + selecteur semaine + tableau	2026-05-04 12:57:35 +02:00
migrate_qualys_vuln_dashboard.sql	migrate: ajout GRANT + ALTER DEFAULT PRIVILEGES pour user patchcenter (idempotent)	2026-04-27 13:44:45 +00:00
migrate_servers_satellite.sql	feat(check satellite): cascade LAN+DMZ avec fallback automatique + migration servers.satellite_url + override BDD prioritaire	2026-05-05 14:34:47 +02:00
migrate_teams_pct_workflow.sql	feat(patching): migration architecture intervention - tables teams_channels + server_clusters + ALTER contacts/applications/servers/patch_planning_import_rows + FK contacts pour resp/referent/valideur, hooks pre/post patch, cluster ordering, workflow intervention complet	2026-05-05 13:52:01 +02:00
migrate_teams_rules_20260506.sql	feat(teams): mode SharePoint sync (calque .exe Sanef Patch Manager) + rules-based routing	2026-05-06 09:57:42 +02:00
migrate_users.sql	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
populate_zones.sql	chore: script populate_zones - rattache serveurs aux 3 zones SANEF (DMZ deja faite, EMV pour hostname emv, LAN par defaut sur le reste)	2026-05-05 16:09:04 +02:00
README.md	docs: move DEPLOY/PROCESS to docs/, enrich README, fix generate_ppt.py output path	2026-04-24 14:12:27 +02:00
replace_etat.py	Users/Contacts: workflow profils + LDAP + sync iTop + etat aligne	2026-04-12 18:50:43 +02:00
requirements.txt	deps: add pyvmomi==8.0.3.0.1 (requis pour snapshot vCenter step B2)	2026-05-04 15:54:18 +02:00
resync_servers_text_fields.sql	fix(servers): bulk + edit synchronisent aussi les colonnes text legacy s.environnement et s.domaine (sinon liste affiche valeur obsolete) + script SQL re-sync des serveurs deja desyncs	2026-05-05 15:29:34 +02:00
run.sh	PatchCenter v2.0 — Initial commit	2026-04-04 03:00:12 +02:00
schema.sql	Sync SANEF : audit_service + schema.sql + data deploy + gitignore	2026-04-17 09:20:57 +02:00
tailwind.config.js	BOC SAP corrigé, stop/start order, patch waves, DMZ zone, préférences patching	2026-04-05 03:52:46 +02:00
update_zone_dmz.sql	chore: script update zone DMZ + satellite_url=vpdsiasat1 sur 51 hosts majoritairement DMZ dans le plan patching 2026	2026-05-05 14:51:08 +02:00

README.md

PatchCenter — SLPM (SANEF Linux Patch Manager)

App web FastAPI/PostgreSQL pour piloter le patching Linux SANEF : plan de patching, historique, users AD/LDAP, intégration iTop, API Qualys.

Source de vérité : VM CT 116 (pc.mpcz.fr, 172.28.199.185 + pct exec 116 -- ...) + repo Gitea adminmpmcz/patchcenter.

Workflow de dev (validé 2026-04-17)

Claude modifie direct sur CT 116 via SSH → git push Gitea
Khalid sur poste SANEF (C:\patchcenter) → git pull → test sur 127.0.0.1:8080
Si OK : Khalid ajoute ses modifs + git push Gitea
Claude sur CT 116 → git pull + systemctl restart patchcenter

Stack

Python 3.11+ / FastAPI / Uvicorn
PostgreSQL (patchcenter)
Jinja2 + Tailwind (templates)
LDAP (AD SANEF) pour auth

Structure

app/ — code FastAPI (auth, models, routers, services)
deploy/ — scripts déploiement + migrations SQL
tools/ — scripts d'import/enrichissement (Qualys, iTop, Ayoub, etc.)
docs/ — DEPLOY.md, SANEF_PATCHING_PROCESS.md
migrate_*.sql — migrations DB manuelles

Lancer en local (poste SANEF, pas la copie locale Claude)

python -m uvicorn app.main:app --host 0.0.0.0 --port 8080

Gitea

Repo : http://172.28.199.202:3000/adminmpmcz/patchcenter
Creds HTTPS : adminmpmcz / Admin@2025

Notes

SECRET_KEY côté VM : sanef-patchcenter-demo-key-change-me (drop-in systemd)
DB échangée via Gitea Releases (attachment .sql), jamais dans le git tree
Après restore DB : ALTER TABLE ... OWNER TO patchcenter pour toutes les tables+sequences