def log_record_save(request):
response = {'error':'', 'success': 'true'}
if request.method == 'GET':
asset_id = request.GET.get('asset_id', '')
log_id = request.GET.get('log_id', '')
asset = Asset.objects.get(id_unique=asset_id)
proxy = asset.proxy
try:
api = APIRequest('{0}/v1.0/loginfo/{1}'.format(proxy.url, log_id), proxy.username, CRYPTOR.decrypt(proxy.password))
result, codes = api.req_get()
if 'data' in result.keys():
log_data = result['data']
username = User.objects.get(id=log_data['user_id']).username
asset_ip = asset.networking.all()[0].ip_address
loginfo = Log()
loginfo.user = username
loginfo.host = asset_ip
loginfo.filename = '' if log_data['filename'] is None else log_data['filename']
loginfo.is_finished = False
loginfo.log_path = log_data['log_path']
loginfo.login_type = log_data['login_type']
loginfo.pid = 0
loginfo.remote_ip = log_data['remote_ip']
loginfo.start_time = log_data['start_time']
loginfo.proxy_log_id = log_id
loginfo.proxy_name = proxy.proxy_name
loginfo.asset_id_unique = asset_id
loginfo.save()
else:
response['error'] = u'从proxy获取日志信息失败'
response['success'] = 'false'
except Exception as e:
logger.error(e)
response['error'] = e
response['success'] = 'false'
else:
time.sleep(3)
try:
asset_id = request.POST.get('asset_id', '')
log_id = request.POST.get('log_id', '')
asset = Asset.objects.get(id_unique=asset_id)
proxy = asset.proxy
api = APIRequest('{0}/v1.0/loginfo/{1}'.format(proxy.url, log_id), proxy.username, CRYPTOR.decrypt(proxy.password))
result, codes = api.req_get()
if 'data' in result.keys():
log_data = result['data']
loginfo = Log.objects.get(proxy_log_id=int(log_id), proxy_name=proxy.proxy_name)
loginfo.is_finished = True if log_data['is_finished'] is None else log_data['is_finished']
loginfo.end_time = log_data['end_time']
loginfo.filename = '' if log_data['filename'] is None else log_data['filename']
loginfo.save()
else:
response['error'] = u'从proxy获取日志信息失败'
response['success'] = 'false'
except Exception as e:
response['error'] = e
response['success'] = 'false'
logger.error(e)
return HttpResponse(json.dumps(response), content_type='application/json')
def asset_operator(asset_list, status, username, proxy=None):
"""
重启,关机,重装系统
"""
g_lock = threading.Lock()
try:
g_lock.acquire()
proxy_asset = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name)
need_delete_asset = set(asset_list) & set(proxy_asset)
systems = [item.name for item in need_delete_asset]
profile = asset_list[0].profile
if status == 'rebuild':
data = {'rebuild': 'true', 'profile': profile, 'systems': systems}
else:
data = {'power': status, 'systems': systems}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/system/action'.format(proxy.url),
proxy.username, CRYPTOR.decrypt(proxy.password))
result, codes = api.req_post(data)
logger.debug(u"操作结果result:%s codes:%s" % (result, codes))
task = Task()
task.task_name = result['task_name']
task.username = username
task.status = result['messege']
task.start_time = datetime.datetime.now()
task.url = '{0}/v1.0/system/action'.format(proxy.url)
task.save()
task_queue.put(
dict(task_name=result['task_name'],
task_user=username,
task_proxy=proxy.proxy_name))
except Exception as e:
raise ServerError(e)
finally:
g_lock.release()
def add_user(self, username, proxy, groups, web_username):
"""
add a host user.
username: 系统用户名
web_username: 网站用户名
"""
self.run_action = 'async'
self.run_type = 'ad-hoc'
if groups.strip():
module_args = 'name=%s shell=/bin/bash groups=%s' % (username,
groups)
else:
module_args = 'name=%s shell=/bin/bash' % username
data = {
'mod_name': 'user',
'resource': self.resource,
'hosts': self.host_list,
'mod_args': module_args,
'role_name': username,
'web_username': web_username,
'run_action': self.run_action,
'run_type': self.run_type, # 标记, 执行ansible ad-hoc命令还是执行playbook
'isTemplate': self.isTemplate
}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username,
CRYPTOR.decrypt(proxy.password))
result, code = api.req_post(data)
return result
def update_asset_info(need_update_asset, name, proxy=None):
"""
更新资产信息
"""
g_lock = threading.Lock()
try:
g_lock.acquire()
proxy_asset = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name)
update_proxy_asset = list(set(proxy_asset) & set(need_update_asset))
host_list = [
asset.networking.all()[0].ip_address
for asset in update_proxy_asset
]
if host_list:
resource = gen_resource(update_proxy_asset)
data = {
'mod_name': 'setup',
'resource': resource,
'hosts': host_list,
'mod_args': '',
'run_action': 'sync',
'run_type': 'ad-hoc'
}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/module'.format(proxy.url),
proxy.username, CRYPTOR.decrypt(proxy.password))
result, code = api.req_post(data)
logger.debug(u'更新操作结果result:%s code:%s' % (result, code))
if code == 200 and result['messege']['success']:
asset_ansible_update(update_proxy_asset, result, name)
except Exception as e:
raise ServerError(e)
finally:
g_lock.release()
def query_event(task_name, username, proxy):
data = {'task_name': task_name, 'username': username}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/permission/event'.format(proxy.url),
proxy.username, CRYPTOR.decrypt(proxy.password))
result, codes = api.req_post(data)
logger.info('推送用户事件查询结果result:%s' % result)
return result
def get_backup_info_from_proxy(backup):
# 调用proxy接口
api = APIRequest('{0}/v1.0/job_task/{1}?limit=1'.format(backup.proxy.url, backup.task_uuid),
backup.proxy.username,
CRYPTOR.decrypt(backup.proxy.password))
result, code = api.req_get()
if code != 200:
# 获取失败,下次继续获取
result = {}
else:
result = result['result']
return result
def get_one_or_all(obj_name, proxy, obj_uuid='all'):
"""
获取所有的对象或者一个id对应的对象
"""
obj_list = []
try:
api = APIRequest(
'{0}/v1.0/permission/{1}/{2}'.format(proxy.url, obj_name,
obj_uuid), proxy.username,
CRYPTOR.decrypt(proxy.password))
result, codes = api.req_get()
obj_list = result['messege']
except Exception as e:
logger.error(e)
return obj_list
def download(request):
if request.method == 'POST':
# 上传到本地目录
res = {'result': False}
try:
path = request.POST.get('path')
proxy = request.POST.get('proxy')
proxy_host = request.POST.get('proxy_host')
params = {'action': 'download_ansible'}
# 通过proxy处理文件
proxy_obj = Proxy.objects.get(id=proxy)
hosts = []
if not proxy_host:
raise RuntimeError("没有可执行主机")
else:
hosts.append(Asset.objects.get(id=int(proxy_host)))
host_list = []
resource = []
params['path'] = path
# 构建inventory 和 构建主机list
for host in hosts:
host_list.append(host.networking.all()[0].ip_address)
tmp_d = dict()
tmp_d['hostname'] = host.networking.all()[0].ip_address
tmp_d['port'] = host.port
tmp_d['username'] = host.username
tmp_d['password'] = CRYPTOR.decrypt(host.password)
# 用于前端确定选择的asset
tmp_d['id'] = host.id
resource.append(tmp_d)
params['host_list'] = host_list
params['resource'] = resource
api = APIRequest(
'{0}/v1.0/download'.format(proxy_obj.url), proxy_obj.username,
CRYPTOR.decrypt(proxy_obj.password))
result, code = api.req_post(json.dumps(params))
if code != 200:
res['message'] = result['message']
else:
res['result'] = True
link = "{0}/v1.0/download?link_id={1}".format(proxy_obj.url, result['link'])
res['link'] = link
logger.info("link => {0}".format(res))
except Exception, e:
logger.info(traceback.format_exc())
res['message'] = '失败'
return HttpResponse(json.dumps(res))
def del_key(self, user, key_path, proxy):
"""
push the ssh authorized key to target.
"""
module_args = 'user="******" key="{{ lookup("file", "%s") }}" state="absent"' % (
user, key_path)
data = {
'mod_name': 'authorized_key',
'resource': self.resource,
'hosts': self.host_list,
'mod_args': module_args,
'role_name': user
}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username,
CRYPTOR(proxy.password))
result, code = api.req_post(data)
return result
def gen_proxy_profiles(proxys):
"""
获取proxy对应的profiles
"""
proxy_profiles = {}
if isinstance(proxys, (list, QuerySet)):
for item in proxys:
profiles = []
try:
api = APIRequest('{0}/v1.0/profile'.format(item.url),
item.username, CRYPTOR.decrypt(item.password))
msg, codes = api.req_get()
if msg:
profiles = msg['profiles']
except Exception as e:
logger.error(e)
proxy_profiles[item.proxy_name] = profiles
logger.info("获取proxy对应的profiles:%s" % proxy_profiles)
return proxy_profiles
def exec_commands_log(request):
log_id = request.POST.get('id', '')
proxy_id = request.POST.get('proxy_id', '')
try:
proxy = Proxy.objects.get(id=int(proxy_id))
if log_id and proxy:
api = APIRequest('{0}/v1.0/execute/commands/loginfos/{1}'.format(proxy.url, log_id), proxy.username, CRYPTOR.decrypt(proxy.password))
result, codes = api.req_get()
log_info = result['data']
exec_log = ExecLog()
exec_log.remote_id = log_id
exec_log.user = request.user.username
exec_log.host = log_info['host']
exec_log.cmd = log_info['cmd']
exec_log.remote_ip = log_info['remote_ip']
exec_log.proxy_host = log_info['proxy_host']
exec_log.result = log_info['result']
exec_log.save()
except Exception as e:
logger.error(e)
def log_history(request):
""" 命令历史记录 """
log_id = request.GET.get('id', 0)
loginfo = Log.objects.get(id=log_id)
proxy_log_id = loginfo.proxy_log_id
if loginfo:
proxy_name = loginfo.proxy_name
proxy = Proxy.objects.get(proxy_name=proxy_name)
api = APIRequest('{0}/v1.0/ttylog?log_id={1}'.format(proxy.url, proxy_log_id), proxy.username, CRYPTOR.decrypt(proxy.password))
result, codes = api.req_get()
if 'data' in result.keys():
tty_proxys = result['data']
tty_logs = sorted(tty_proxys, key=lambda x: x['datetime'])
if tty_logs:
content = ''
for tty_log in tty_logs:
content += '%s: %s\n' % (tty_log['datetime'], tty_log['cmd'])
return HttpResponse(content)
return HttpResponse('无日志记录!')
def del_user_sudo(self, role_uuid, proxy, web_username):
"""
delete a role sudo item
"""
filename = 'role-%s' % role_uuid
module_args = "name=/etc/sudoers.d/%s state=absent" % filename
data = {
'mod_name': 'file',
'resource': self.resource,
'hosts': self.host_list,
'mod_args': module_args,
'web_username': web_username,
'run_action': 'sync',
'run_type': 'ad-hoc'
}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username,
CRYPTOR.decrypt(proxy.password))
result, code = api.req_post(data)
return result
def del_user(self, username, proxy, web_username):
"""
delete a host user.
"""
module_args = 'name=%s groups=' ' state=absent remove=yes move_home=yes force=yes' % username
data = {
'mod_name': 'user',
'resource': self.resource,
'hosts': self.host_list,
'mod_args': module_args,
'role_name': username,
'web_username': web_username,
'run_action': 'sync', # run_action参数表示同步还是异步执行
'run_type': 'ad-hoc'
}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username,
CRYPTOR.decrypt(proxy.password))
result, code = api.req_post(data)
return result
def delete_asset_batch(asset_list, proxy=None):
g_lock = threading.Lock()
try:
g_lock.acquire()
proxy_asset = Asset.objects.filter(proxy__proxy_name=proxy.proxy_name)
need_delete_asset = set(asset_list) & set(proxy_asset)
asset_names = [asset.name for asset in need_delete_asset]
id_uniques = [asset.id_unique for asset in need_delete_asset]
param = {'names': asset_names, 'id_unique': id_uniques}
data = json.dumps(param)
api = APIRequest('{0}/v1.0/system'.format(proxy.url), proxy.username,
CRYPTOR.decrypt(proxy.password))
result, code = api.req_del(data)
logger.info(u'删除多个资产result:%s' % result)
if code == 200:
for item in need_delete_asset:
item.delete()
except Exception as e:
raise ServerError(e)
finally:
g_lock.release()
def log_kill(request):
""" 杀掉connect进程 """
response = {'success':'true', 'error':''}
log_id = request.POST.get('log_id')
log = Log.objects.get(id=log_id)
if log:
proxy_name = log.proxy_name
proxy = Proxy.objects.get(proxy_name=proxy_name)
proxy_log_id = log.proxy_log_id
api = APIRequest('{0}/v1.0/ws/terminal/kill/?id={1}'.format(proxy.url, proxy_log_id), proxy.username, CRYPTOR.decrypt(proxy.password))
result, codes = api.req_get()
if codes == 200:
time.sleep(3)
else:
log.is_finished = 1
log.save()
response['error'] = u'断开[%s]连接成功'%log.host
return HttpResponse(json.dumps(response), content_type='application/json')
else:
response['success'] = 'false'
response['error'] = '没有此进程'
return HttpResponseNotFound(u'没有此进程!')
def push_sudo(self, role, sudo_uuids, proxy, web_username):
"""
use template to render pushed sudoers file
"""
self.run_action = 'async'
self.run_type = 'playbook'
data = {
'resource': self.resource,
'hosts': self.host_list,
'sudo_uuids': sudo_uuids,
'role_name': role.name,
'role_uuid': role.uuid_id,
'web_username': web_username,
'run_action': self.run_action,
'run_type': self.run_type,
'isTemplate': True
}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username,
CRYPTOR.decrypt(proxy.password))
result, code = api.req_post(data)
return result
def save_or_delete(obj_name, data, proxy, obj_uuid=None, action='add'):
"""
保存,更新, 删除数据
obj_name: 'PermRole'
obj_uuid: role.uuid_id
"""
info = ''
try:
api = APIRequest(
'{0}/v1.0/permission/{1}/{2}'.format(proxy.url, obj_name,
obj_uuid), proxy.username,
CRYPTOR.decrypt(proxy.password))
if action == 'add':
result, codes = api.req_post(data)
elif action == 'update':
result, codes = api.req_put(data)
elif action == 'delete':
result, codes = api.req_del(data)
if result is not None:
info = result['messege']
except Exception as e:
info = 'error'
logger.error("[save_or_delete] %s" % e)
return info
def push_key(self, user, key_path, proxy, web_username):
"""
push the ssh authorized key to target.
"""
self.run_action = 'async'
self.run_type = 'ad-hoc'
module_args = 'user="******" key="{{ lookup("file", "%s") }}" state=present' % (
user, key_path)
data = {
'mod_name': 'authorized_key',
'resource': self.resource,
'hosts': self.host_list,
'mod_args': module_args,
'role_name': user,
'web_username': web_username,
'run_action': self.run_action,
'run_type': self.run_type,
'isTemplate': self.isTemplate
}
data = json.dumps(data)
api = APIRequest('{0}/v1.0/module'.format(proxy.url), proxy.username,
CRYPTOR.decrypt(proxy.password))
result, code = api.req_post(data)
return result
def role_proxy_operator(user_name,
obj_name,
data,
proxy=None,
obj_uuid='all',
action='add'):
"""
保存,更新, 删除数据,并把操作结果保存到Task表中
obj_name: PermRole, PermSudo
"""
result = res_info = msg_name = ''
g_lock = threading.Lock() # 线程锁
if obj_name == 'PermRole':
msg_name = u'系统用户'
elif obj_name == 'PermSudo':
msg_name = u'SUDO别名'
g_url = '{0}/v1.0/permission/{1}/{2}'.format(proxy.url, obj_name, obj_uuid)
try:
g_lock.acquire()
# 在每个proxy上(add/update/delete) role/sudo,并返回结果
api = APIRequest(g_url, proxy.username,
CRYPTOR.decrypt(proxy.password))
if action == 'add':
result, codes = api.req_post(data)
pdata = json.loads(data)
res_info = u'添加{0}{1} {2}'.format(msg_name, pdata['name'],
result['messege'])
elif action == 'update':
result, codes = api.req_put(data)
pdata = json.loads(data)
res_info = u'编辑{0}{1} {2}'.format(msg_name, pdata['name'],
result['messege'])
elif action == 'delete':
result, codes = api.req_del(data)
pdata = json.loads(data)
res_info = u'删除{0}{1} {2}'.format(msg_name, pdata['name'],
result['messege'])
logger.info('role_proxy_%s:%s' % (action, result['messege']))
# 生成唯一的事件名称,用于从数据库中查询执行结果
if 'name' not in json.dumps(data):
raise ValueError('role_proxy_operator: data["name"]不存在')
task_name = json.loads(data)['name'] + '_' + uuid.uuid4().hex
# 将事件添加到消息队列中
task_queue.put({'server': task_name, 'username': user_name})
# 将执行结果保存到数据库中
role_task = Task()
role_task.task_name = task_name
role_task.proxy_name = proxy.proxy_name
role_task.role_name = json.loads(data)['name']
role_task.username = user_name
role_task.status = 'complete'
role_task.content = res_info
role_task.url = g_url
role_task.start_time = datetime.datetime.now()
role_task.action = action
role_task.role_uuid = obj_uuid
role_task.role_data = data
role_task.result = result['messege']
role_task.save()
except Exception as e:
logger.error("[role_proxy_operator] %s" % e)
finally:
g_lock.release()
return result
def upload(request):
if request.method == 'POST':
# 上传到本地目录
try:
path = request.POST.get('path')
proxy = request.POST.get('proxy')
proxy_host = request.POST.getlist('proxy_host')
# 上传到本地
f = request.FILES['file']
df = handle_uploaded_file(f)
files = {'file': (f.name, open(df, 'rb'))}
params = {'action': 'upload'}
# 通过proxy处理文件
proxy_obj = Proxy.objects.get(id=proxy)
tnow = datetime.datetime.now()
# 调用proxy接口,上传文件
api = API('{0}/v1.0/upload'.format(proxy_obj.url), proxy_obj.username,
CRYPTOR.decrypt(proxy_obj.password))
result, code = api.req_post(data=params, files=files)
if code != 200:
file = File(path=path, proxy=proxy_obj, create_time=tnow, status='01',
result="上传文件失败")
file.save()
raise ServerError(result['messege'])
# 上传文件成功之后,调用proxy接口,进行文件上传任务
hosts = []
if not proxy_host:
hosts = Asset.objects.all().filter(proxy=proxy_obj)
if not hosts:
# 没有可执行主机
file = File(path=path, proxy=proxy_obj, create_time=tnow, status='01',
result="没有可执行主机")
file.save()
raise RuntimeError("没有可执行主机")
else:
for host_id in proxy_host:
hosts.append(Asset.objects.get(id=host_id))
host_list = []
resource = []
params = {}
trigger_kwargs = {}
trigger_kwargs['year'] = tnow.year
trigger_kwargs['month'] = tnow.month
trigger_kwargs['day'] = tnow.day
trigger_kwargs['hour'] = tnow.hour
trigger_kwargs['minute'] = tnow.minute+1
trigger_kwargs['second'] = tnow.second
params['trigger_kwargs'] = trigger_kwargs
params['task_name'] = 'ansible'
task_kwargs = {}
task_kwargs['module_name'] = 'copy'
task_kwargs['module_args'] = 'src={0} dest={1}'.format(result.get('fp'), path)
# 构建inventory 和 构建主机list
for host in hosts:
host_list.append(host.networking.all()[0].ip_address)
tmp_d = dict()
tmp_d['hostname'] = host.networking.all()[0].ip_address
tmp_d['port'] = host.port
tmp_d['username'] = host.username
tmp_d['password'] = CRYPTOR.decrypt(host.password)
# 用于前端确定选择的asset
tmp_d['id'] = host.id
resource.append(tmp_d)
task_kwargs['host_list'] = host_list
task_kwargs['resource'] = resource
params['task_kwargs'] = task_kwargs
# 调用proxy接口,创建任务
api = APIRequest('{0}/v1.0/job'.format(proxy_obj.url), proxy_obj.username,
CRYPTOR.decrypt(proxy_obj.password))
result, code = api.req_post(json.dumps(params))
if code != 200:
file = File(path=path, proxy=proxy_obj, create_time=tnow,
status='01', result="上传文件失败")
file.save()
else:
file = File(path=path, proxy=proxy_obj, task_uuid=result['job']['job_id'],
create_time=tnow)
file.save()
except Exception, e:
logger.error(traceback.format_exc())
return HttpResponseRedirect(reverse('file_upload'))
