def log_record_save(request): response = {'error':'', 'success': 'true'} if request.method == 'GET': asset_id = request.GET.get('asset_id', '') log_id = request.GET.get('log_id', '') asset = Asset.objects.get(id_unique=asset_id) proxy = asset.proxy try: api = APIRequest('{0}/v1.0/loginfo/{1}'.format(proxy.url, log_id), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_get() if 'data' in result.keys(): log_data = result['data'] username = User.objects.get(id=log_data['user_id']).username asset_ip = asset.networking.all()[0].ip_address loginfo = Log() loginfo.user = username loginfo.host = asset_ip loginfo.filename = '' if log_data['filename'] is None else log_data['filename'] loginfo.is_finished = False loginfo.log_path = log_data['log_path'] loginfo.login_type = log_data['login_type'] loginfo.pid = 0 loginfo.remote_ip = log_data['remote_ip'] loginfo.start_time = log_data['start_time'] loginfo.proxy_log_id = log_id loginfo.proxy_name = proxy.proxy_name loginfo.asset_id_unique = asset_id loginfo.save() else: response['error'] = u'从proxy获取日志信息失败' response['success'] = 'false' except Exception as e: logger.error(e) response['error'] = e response['success'] = 'false' else: time.sleep(3) try: asset_id = request.POST.get('asset_id', '') log_id = request.POST.get('log_id', '') asset = Asset.objects.get(id_unique=asset_id) proxy = asset.proxy api = APIRequest('{0}/v1.0/loginfo/{1}'.format(proxy.url, log_id), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_get() if 'data' in result.keys(): log_data = result['data'] loginfo = Log.objects.get(proxy_log_id=int(log_id), proxy_name=proxy.proxy_name) loginfo.is_finished = True if log_data['is_finished'] is None else log_data['is_finished'] loginfo.end_time = log_data['end_time'] loginfo.filename = '' if log_data['filename'] is None else log_data['filename'] loginfo.save() else: response['error'] = u'从proxy获取日志信息失败' response['success'] = 'false' except Exception as e: response['error'] = e response['success'] = 'false' logger.error(e) return HttpResponse(json.dumps(response), content_type='application/json')
def asset_operator(asset_list, status, username, proxy=None): """ 重启,关机,重装系统 """ g_lock = threading.Lock() try: g_lock.acquire() proxy_asset = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name) need_delete_asset = set(asset_list) & set(proxy_asset) systems = [item.name for item in need_delete_asset] profile = asset_list[0].profile if status == 'rebuild': data = {'rebuild': 'true', 'profile': profile, 'systems': systems} else: data = {'power': status, 'systems': systems} data = json.dumps(data) api = APIRequest('{0}/v1.0/system/action'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_post(data) logger.debug(u"操作结果result:%s codes:%s" % (result, codes)) task = Task() task.task_name = result['task_name'] task.username = username task.status = result['messege'] task.start_time = datetime.datetime.now() task.url = '{0}/v1.0/system/action'.format(proxy.url) task.save() task_queue.put( dict(task_name=result['task_name'], task_user=username, task_proxy=proxy.proxy_name)) except Exception as e: raise ServerError(e) finally: g_lock.release()
def add_user(self, username, proxy, groups, web_username): """ add a host user. username: 系统用户名 web_username: 网站用户名 """ self.run_action = 'async' self.run_type = 'ad-hoc' if groups.strip(): module_args = 'name=%s shell=/bin/bash groups=%s' % (username, groups) else: module_args = 'name=%s shell=/bin/bash' % username data = { 'mod_name': 'user', 'resource': self.resource, 'hosts': self.host_list, 'mod_args': module_args, 'role_name': username, 'web_username': web_username, 'run_action': self.run_action, 'run_type': self.run_type, # 标记, 执行ansible ad-hoc命令还是执行playbook 'isTemplate': self.isTemplate } data = json.dumps(data) api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_post(data) return result
def update_asset_info(need_update_asset, name, proxy=None): """ 更新资产信息 """ g_lock = threading.Lock() try: g_lock.acquire() proxy_asset = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name) update_proxy_asset = list(set(proxy_asset) & set(need_update_asset)) host_list = [ asset.networking.all()[0].ip_address for asset in update_proxy_asset ] if host_list: resource = gen_resource(update_proxy_asset) data = { 'mod_name': 'setup', 'resource': resource, 'hosts': host_list, 'mod_args': '', 'run_action': 'sync', 'run_type': 'ad-hoc' } data = json.dumps(data) api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_post(data) logger.debug(u'更新操作结果result:%s code:%s' % (result, code)) if code == 200 and result['messege']['success']: asset_ansible_update(update_proxy_asset, result, name) except Exception as e: raise ServerError(e) finally: g_lock.release()
def query_event(task_name, username, proxy): data = {'task_name': task_name, 'username': username} data = json.dumps(data) api = APIRequest('{0}/v1.0/permission/event'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_post(data) logger.info('推送用户事件查询结果result:%s' % result) return result
def get_backup_info_from_proxy(backup): # 调用proxy接口 api = APIRequest('{0}/v1.0/job_task/{1}?limit=1'.format(backup.proxy.url, backup.task_uuid), backup.proxy.username, CRYPTOR.decrypt(backup.proxy.password)) result, code = api.req_get() if code != 200: # 获取失败,下次继续获取 result = {} else: result = result['result'] return result
def get_one_or_all(obj_name, proxy, obj_uuid='all'): """ 获取所有的对象或者一个id对应的对象 """ obj_list = [] try: api = APIRequest( '{0}/v1.0/permission/{1}/{2}'.format(proxy.url, obj_name, obj_uuid), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_get() obj_list = result['messege'] except Exception as e: logger.error(e) return obj_list
def download(request): if request.method == 'POST': # 上传到本地目录 res = {'result': False} try: path = request.POST.get('path') proxy = request.POST.get('proxy') proxy_host = request.POST.get('proxy_host') params = {'action': 'download_ansible'} # 通过proxy处理文件 proxy_obj = Proxy.objects.get(id=proxy) hosts = [] if not proxy_host: raise RuntimeError("没有可执行主机") else: hosts.append(Asset.objects.get(id=int(proxy_host))) host_list = [] resource = [] params['path'] = path # 构建inventory 和 构建主机list for host in hosts: host_list.append(host.networking.all()[0].ip_address) tmp_d = dict() tmp_d['hostname'] = host.networking.all()[0].ip_address tmp_d['port'] = host.port tmp_d['username'] = host.username tmp_d['password'] = CRYPTOR.decrypt(host.password) # 用于前端确定选择的asset tmp_d['id'] = host.id resource.append(tmp_d) params['host_list'] = host_list params['resource'] = resource api = APIRequest( '{0}/v1.0/download'.format(proxy_obj.url), proxy_obj.username, CRYPTOR.decrypt(proxy_obj.password)) result, code = api.req_post(json.dumps(params)) if code != 200: res['message'] = result['message'] else: res['result'] = True link = "{0}/v1.0/download?link_id={1}".format(proxy_obj.url, result['link']) res['link'] = link logger.info("link => {0}".format(res)) except Exception, e: logger.info(traceback.format_exc()) res['message'] = '失败' return HttpResponse(json.dumps(res))
def del_key(self, user, key_path, proxy): """ push the ssh authorized key to target. """ module_args = 'user="******" key="{{ lookup("file", "%s") }}" state="absent"' % ( user, key_path) data = { 'mod_name': 'authorized_key', 'resource': self.resource, 'hosts': self.host_list, 'mod_args': module_args, 'role_name': user } data = json.dumps(data) api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username, CRYPTOR(proxy.password)) result, code = api.req_post(data) return result
def gen_proxy_profiles(proxys): """ 获取proxy对应的profiles """ proxy_profiles = {} if isinstance(proxys, (list, QuerySet)): for item in proxys: profiles = [] try: api = APIRequest('{0}/v1.0/profile'.format(item.url), item.username, CRYPTOR.decrypt(item.password)) msg, codes = api.req_get() if msg: profiles = msg['profiles'] except Exception as e: logger.error(e) proxy_profiles[item.proxy_name] = profiles logger.info("获取proxy对应的profiles:%s" % proxy_profiles) return proxy_profiles
def exec_commands_log(request): log_id = request.POST.get('id', '') proxy_id = request.POST.get('proxy_id', '') try: proxy = Proxy.objects.get(id=int(proxy_id)) if log_id and proxy: api = APIRequest('{0}/v1.0/execute/commands/loginfos/{1}'.format(proxy.url, log_id), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_get() log_info = result['data'] exec_log = ExecLog() exec_log.remote_id = log_id exec_log.user = request.user.username exec_log.host = log_info['host'] exec_log.cmd = log_info['cmd'] exec_log.remote_ip = log_info['remote_ip'] exec_log.proxy_host = log_info['proxy_host'] exec_log.result = log_info['result'] exec_log.save() except Exception as e: logger.error(e)
def log_history(request): """ 命令历史记录 """ log_id = request.GET.get('id', 0) loginfo = Log.objects.get(id=log_id) proxy_log_id = loginfo.proxy_log_id if loginfo: proxy_name = loginfo.proxy_name proxy = Proxy.objects.get(proxy_name=proxy_name) api = APIRequest('{0}/v1.0/ttylog?log_id={1}'.format(proxy.url, proxy_log_id), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_get() if 'data' in result.keys(): tty_proxys = result['data'] tty_logs = sorted(tty_proxys, key=lambda x: x['datetime']) if tty_logs: content = '' for tty_log in tty_logs: content += '%s: %s\n' % (tty_log['datetime'], tty_log['cmd']) return HttpResponse(content) return HttpResponse('无日志记录!')
def del_user_sudo(self, role_uuid, proxy, web_username): """ delete a role sudo item """ filename = 'role-%s' % role_uuid module_args = "name=/etc/sudoers.d/%s state=absent" % filename data = { 'mod_name': 'file', 'resource': self.resource, 'hosts': self.host_list, 'mod_args': module_args, 'web_username': web_username, 'run_action': 'sync', 'run_type': 'ad-hoc' } data = json.dumps(data) api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_post(data) return result
def del_user(self, username, proxy, web_username): """ delete a host user. """ module_args = 'name=%s groups=' ' state=absent remove=yes move_home=yes force=yes' % username data = { 'mod_name': 'user', 'resource': self.resource, 'hosts': self.host_list, 'mod_args': module_args, 'role_name': username, 'web_username': web_username, 'run_action': 'sync', # run_action参数表示同步还是异步执行 'run_type': 'ad-hoc' } data = json.dumps(data) api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_post(data) return result
def delete_asset_batch(asset_list, proxy=None): g_lock = threading.Lock() try: g_lock.acquire() proxy_asset = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name) need_delete_asset = set(asset_list) & set(proxy_asset) asset_names = [asset.name for asset in need_delete_asset] id_uniques = [asset.id_unique for asset in need_delete_asset] param = {'names': asset_names, 'id_unique': id_uniques} data = json.dumps(param) api = APIRequest('{0}/v1.0/system'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_del(data) logger.info(u'删除多个资产result:%s' % result) if code == 200: for item in need_delete_asset: item.delete() except Exception as e: raise ServerError(e) finally: g_lock.release()
def log_kill(request): """ 杀掉connect进程 """ response = {'success':'true', 'error':''} log_id = request.POST.get('log_id') log = Log.objects.get(id=log_id) if log: proxy_name = log.proxy_name proxy = Proxy.objects.get(proxy_name=proxy_name) proxy_log_id = log.proxy_log_id api = APIRequest('{0}/v1.0/ws/terminal/kill/?id={1}'.format(proxy.url, proxy_log_id), proxy.username, CRYPTOR.decrypt(proxy.password)) result, codes = api.req_get() if codes == 200: time.sleep(3) else: log.is_finished = 1 log.save() response['error'] = u'断开[%s]连接成功'%log.host return HttpResponse(json.dumps(response), content_type='application/json') else: response['success'] = 'false' response['error'] = '没有此进程' return HttpResponseNotFound(u'没有此进程!')
def push_sudo(self, role, sudo_uuids, proxy, web_username): """ use template to render pushed sudoers file """ self.run_action = 'async' self.run_type = 'playbook' data = { 'resource': self.resource, 'hosts': self.host_list, 'sudo_uuids': sudo_uuids, 'role_name': role.name, 'role_uuid': role.uuid_id, 'web_username': web_username, 'run_action': self.run_action, 'run_type': self.run_type, 'isTemplate': True } data = json.dumps(data) api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_post(data) return result
def save_or_delete(obj_name, data, proxy, obj_uuid=None, action='add'): """ 保存,更新, 删除数据 obj_name: 'PermRole' obj_uuid: role.uuid_id """ info = '' try: api = APIRequest( '{0}/v1.0/permission/{1}/{2}'.format(proxy.url, obj_name, obj_uuid), proxy.username, CRYPTOR.decrypt(proxy.password)) if action == 'add': result, codes = api.req_post(data) elif action == 'update': result, codes = api.req_put(data) elif action == 'delete': result, codes = api.req_del(data) if result is not None: info = result['messege'] except Exception as e: info = 'error' logger.error("[save_or_delete] %s" % e) return info
def push_key(self, user, key_path, proxy, web_username): """ push the ssh authorized key to target. """ self.run_action = 'async' self.run_type = 'ad-hoc' module_args = 'user="******" key="{{ lookup("file", "%s") }}" state=present' % ( user, key_path) data = { 'mod_name': 'authorized_key', 'resource': self.resource, 'hosts': self.host_list, 'mod_args': module_args, 'role_name': user, 'web_username': web_username, 'run_action': self.run_action, 'run_type': self.run_type, 'isTemplate': self.isTemplate } data = json.dumps(data) api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username, CRYPTOR.decrypt(proxy.password)) result, code = api.req_post(data) return result
def role_proxy_operator(user_name, obj_name, data, proxy=None, obj_uuid='all', action='add'): """ 保存,更新, 删除数据,并把操作结果保存到Task表中 obj_name: PermRole, PermSudo """ result = res_info = msg_name = '' g_lock = threading.Lock() # 线程锁 if obj_name == 'PermRole': msg_name = u'系统用户' elif obj_name == 'PermSudo': msg_name = u'SUDO别名' g_url = '{0}/v1.0/permission/{1}/{2}'.format(proxy.url, obj_name, obj_uuid) try: g_lock.acquire() # 在每个proxy上(add/update/delete) role/sudo,并返回结果 api = APIRequest(g_url, proxy.username, CRYPTOR.decrypt(proxy.password)) if action == 'add': result, codes = api.req_post(data) pdata = json.loads(data) res_info = u'添加{0}{1} {2}'.format(msg_name, pdata['name'], result['messege']) elif action == 'update': result, codes = api.req_put(data) pdata = json.loads(data) res_info = u'编辑{0}{1} {2}'.format(msg_name, pdata['name'], result['messege']) elif action == 'delete': result, codes = api.req_del(data) pdata = json.loads(data) res_info = u'删除{0}{1} {2}'.format(msg_name, pdata['name'], result['messege']) logger.info('role_proxy_%s:%s' % (action, result['messege'])) # 生成唯一的事件名称,用于从数据库中查询执行结果 if 'name' not in json.dumps(data): raise ValueError('role_proxy_operator: data["name"]不存在') task_name = json.loads(data)['name'] + '_' + uuid.uuid4().hex # 将事件添加到消息队列中 task_queue.put({'server': task_name, 'username': user_name}) # 将执行结果保存到数据库中 role_task = Task() role_task.task_name = task_name role_task.proxy_name = proxy.proxy_name role_task.role_name = json.loads(data)['name'] role_task.username = user_name role_task.status = 'complete' role_task.content = res_info role_task.url = g_url role_task.start_time = datetime.datetime.now() role_task.action = action role_task.role_uuid = obj_uuid role_task.role_data = data role_task.result = result['messege'] role_task.save() except Exception as e: logger.error("[role_proxy_operator] %s" % e) finally: g_lock.release() return result
def upload(request): if request.method == 'POST': # 上传到本地目录 try: path = request.POST.get('path') proxy = request.POST.get('proxy') proxy_host = request.POST.getlist('proxy_host') # 上传到本地 f = request.FILES['file'] df = handle_uploaded_file(f) files = {'file': (f.name, open(df, 'rb'))} params = {'action': 'upload'} # 通过proxy处理文件 proxy_obj = Proxy.objects.get(id=proxy) tnow = datetime.datetime.now() # 调用proxy接口,上传文件 api = API('{0}/v1.0/upload'.format(proxy_obj.url), proxy_obj.username, CRYPTOR.decrypt(proxy_obj.password)) result, code = api.req_post(data=params, files=files) if code != 200: file = File(path=path, proxy=proxy_obj, create_time=tnow, status='01', result="上传文件失败") file.save() raise ServerError(result['messege']) # 上传文件成功之后,调用proxy接口,进行文件上传任务 hosts = [] if not proxy_host: hosts = Asset.objects.all().filter(proxy=proxy_obj) if not hosts: # 没有可执行主机 file = File(path=path, proxy=proxy_obj, create_time=tnow, status='01', result="没有可执行主机") file.save() raise RuntimeError("没有可执行主机") else: for host_id in proxy_host: hosts.append(Asset.objects.get(id=host_id)) host_list = [] resource = [] params = {} trigger_kwargs = {} trigger_kwargs['year'] = tnow.year trigger_kwargs['month'] = tnow.month trigger_kwargs['day'] = tnow.day trigger_kwargs['hour'] = tnow.hour trigger_kwargs['minute'] = tnow.minute+1 trigger_kwargs['second'] = tnow.second params['trigger_kwargs'] = trigger_kwargs params['task_name'] = 'ansible' task_kwargs = {} task_kwargs['module_name'] = 'copy' task_kwargs['module_args'] = 'src={0} dest={1}'.format(result.get('fp'), path) # 构建inventory 和 构建主机list for host in hosts: host_list.append(host.networking.all()[0].ip_address) tmp_d = dict() tmp_d['hostname'] = host.networking.all()[0].ip_address tmp_d['port'] = host.port tmp_d['username'] = host.username tmp_d['password'] = CRYPTOR.decrypt(host.password) # 用于前端确定选择的asset tmp_d['id'] = host.id resource.append(tmp_d) task_kwargs['host_list'] = host_list task_kwargs['resource'] = resource params['task_kwargs'] = task_kwargs # 调用proxy接口,创建任务 api = APIRequest('{0}/v1.0/job'.format(proxy_obj.url), proxy_obj.username, CRYPTOR.decrypt(proxy_obj.password)) result, code = api.req_post(json.dumps(params)) if code != 200: file = File(path=path, proxy=proxy_obj, create_time=tnow, status='01', result="上传文件失败") file.save() else: file = File(path=path, proxy=proxy_obj, task_uuid=result['job']['job_id'], create_time=tnow) file.save() except Exception, e: logger.error(traceback.format_exc()) return HttpResponseRedirect(reverse('file_upload'))