def exec_shell_cmd(cls, cmd, hostname=''):
""" 要使用salt模式,将当前代码部署在master主机上,程序会向salt-api发送请求,有salt-master向minion发送命令 """
# 使用subprocess方式在本地执行salt命令
# import subprocess
# ret = subprocess.getoutput("salt '*' cmd.run {}".format(cmd))
# print(ret)
sa = SaltAPI()
result = sa.remote_execution(tgt=hostname, fun='cmd.run', arg=cmd)
return result[hostname]
def get(self):
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
local_permission_list = [self.handler_permission, self.get_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task_id = self.get_argument('task_id', None)
if not task_id:
ok = False
info = 'Must have task_id'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
task = db_task.get(task_id)
result = sapi.run_script([task['ip']],
'salt://scripts/get_task_log.sh', task_id)
retcode = result[task['ip']]['retcode']
if retcode == 0:
log_info = result[task['ip']]['stdout']
ok = True
info = {'data': log_info}
else:
ok = False
info = 'Get Log info Failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def salt_run_update(self, task):
encode_update_string = encrypt.base64_encode(task['task_id'] + '@' +
task['type'] + "@" +
task['target'] + "@" +
str(task['version']) +
"@" + task['content'])
result = sapi.run_script([task['ip']], 'salt://scripts/update.sh',
encode_update_string)
log.info(result)
def post(self):
post_update_file_permission = '5.2.1'
post_update_db_permission = '5.2.2'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, data = body['action'], body['data']
excutor = self.get_cookie("username")
if action == 'update':
task = db_task.get(data['task_id'])
update_type = task['type']
local_permission_list = [
self.handler_permission, self.post_permission
]
if update_type == 'update_file':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_file_permission
]
if update_type == 'update_db':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_db_permission
]
ok, info, _ = verify.has_permission(self.token,
local_permission_list)
if not ok:
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
if task['status'] is True:
ok = False
info = 'Task has been executed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_status = {
'task_id': task['task_id'],
'status': 1,
'start_time': utils.cur_timestamp(),
'executor': excutor
}
if not db_task.update(task_status):
ok = False
info = 'update task status failed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
tornado.ioloop.IOLoop.instance().add_callback(
self.salt_run_update(task))
ok = True
info = 'Execute update script successful'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'revert':
task = db_task.get(data['task_id'])
update_type = task['type']
local_permission_list = [
self.handler_permission, self.post_permission
]
if update_type == 'update_file':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_file_permission
]
if update_type == 'update_db':
local_permission_list = [
self.handler_permission, self.post_permission,
post_update_db_permission
]
ok, info, is_admin = verify.has_permission(self.token,
local_permission_list)
if not is_admin:
info = "Only admin can revert."
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
task_status = {
'task_id': task['task_id'],
'revert': 1,
'revert_time': utils.cur_timestamp()
}
if not db_task.update(task_status):
ok = False
info = 'update task status failed'
self.finish(
tornado.escape.json_encode({
'ok': ok,
'info': info
}))
return
tornado.ioloop.IOLoop.instance().add_callback(
self.salt_run_revert(task))
ok = True
info = 'Execute revert script successful'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'get_current_version':
target = data['target']
ip = '127.0.0.1'
result = sapi.run_script([ip],
'salt://scripts/get_current_version.sh',
target)
retcode, cur_version = result[ip]['retcode'], result[ip]['stdout']
if retcode == 0:
ok = True
info = cur_version
else:
ok = False
info = u'Get version info failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported update action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def salt_run_revert(self, task):
encode_update_string = encrypt.base64_encode(task['task_id'])
result = sapi.run_script([task['ip']], 'salt://scripts/revert.sh',
encode_update_string)
log.info(result)
def post(self):
post_add_permission = '7.2.1'
post_delete_permission = '7.2.1'
ok, info = check.check_login(self.token)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok, info = check.check_content_type(self.request)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
body = json.loads(self.request.body)
action, ssh_key_data = body['action'], body['data']
if action == 'add':
local_permission_list = [self.handler_permission, self.post_permission, post_add_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ip = ssh_key_data['ip']
ssh_key_string = db_user.get(username=ssh_key_data['username'])['ssh_key']
if ssh_key_string is None:
ok = False
info = "User ssh-key does not exist, please add first"
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
encrypt_ssh_key_info = encrypt.base64_encode(ssh_key_data['system_user'] + '@' +
ssh_key_string + " " + ssh_key_data['username'])
result = sapi.run_script([ip], 'salt://scripts/add_ssh_key.sh', encrypt_ssh_key_info)
retcode = result[ip]['retcode']
if retcode == 0:
if db_ssh_key_info.add(ssh_key_data):
ok = True
info = 'Add ssh-key successful'
else:
ok = False
info = 'Add ssh-key failed'
else:
ok = False
info = 'Add ssh-key failed'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
if action == 'delete':
local_permission_list = [self.handler_permission, self.post_permission, post_delete_permission]
ok, info, _ = verify.has_permission(self.token, local_permission_list)
if not ok:
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
fail_count = 0
for ssh_key_info in ssh_key_data:
ip = ssh_key_info['ip']
encrypt_ssh_key_info = encrypt.base64_encode(ssh_key_info['system_user'] + '@' +
ssh_key_info['username'])
result = sapi.run_script([ip], 'salt://scripts/delete_ssh_key.sh', encrypt_ssh_key_info)
retcode = result[ip]['retcode']
if retcode == 0:
if db_ssh_key_info.delete(ssh_key_info['username'], ssh_key_info['ip'], ssh_key_info['system_user']):
fail_count += 0
else:
fail_count += 1
else:
fail_count += 1
if fail_count == 0:
ok = True
info = 'Delete all ssh-key info failed'
else:
ok = False
info = 'Delete some ssh-key info failed, please retry'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
return
ok = False
info = 'Unsupported ssh-key action'
self.finish(tornado.escape.json_encode({'ok': ok, 'info': info}))
def machine_initialize(self, ip):
result = sapi.run_script([ip], 'salt://scripts/initialize.sh', 'initialize')
log.info(result)
def install_software(self, ip, software):
result = sapi.run_script([ip], 'salt://scripts/install_software.sh', software)
log.info(result)