def update_asset(request, asset_type, pk):
if request.method == 'GET':
asset = Assets.objects.get(id=pk)
asset_types = Assets.asset_types
asset_status_ = Assets.asset_status_
asset_admins = UserProfile.objects.all()
asset_providers = AssetProvider.objects.all()
asset_idcs = IDC.objects.all()
password = CryptPwd().decrypt_pwd(asset.serverassets.password)
server_assets = ServerAssets.objects.select_related('assets')
return render(request, 'assets/update_asset.html', locals())
elif request.method == 'POST':
if asset_type == 'server':
if request.POST.get('host_vars'):
server_obj = ServerAssets.objects.filter(id=pk)
if request.POST.get('host_vars') == 'null':
server_obj.update(host_vars='')
else:
server_obj.update(host_vars=request.POST.get('host_vars'))
msg = ServerAssets.objects.get(
id=pk).assets.asset_management_ip
return JsonResponse({'code': 200, 'msg': msg})
else:
asset = Assets.objects.get(id=pk)
ServerAssets.objects.filter(id=asset.serverassets.id).update(
username=request.POST.get('username'),
password=CryptPwd().encrypt_pwd(
request.POST.get('password')),
port=request.POST.get('port'),
)
return JsonResponse({'code': 200, 'msg': '修改成功'})
return JsonResponse({'code': 200, 'msg': '修改成功'})
def ssh_terminal(request, pk):
server_obj = ServerAssets.objects.select_related('assets').get(id=pk)
ssh_server_ip = server_obj.assets.asset_management_ip
if request.method == 'GET':
download_file = request.GET.get('download_file')
if download_file:
download_file_path = os.path.join(settings.MEDIA_ROOT, 'admin_files', request.user.username, 'download',
ssh_server_ip)
sftp = SFTP(ssh_server_ip, server_obj.port, server_obj.username,
CryptPwd().decrypt_pwd(server_obj.password))
response = sftp.download_file(download_file, download_file_path)
return response
else:
remote_ip = request.META.get('REMOTE_ADDR')
return render(request, 'assets/ssh_terminal.html', locals())
elif request.method == 'POST':
try:
upload_file = request.FILES.get('upload_file')
upload_file_path = os.path.join(settings.MEDIA_ROOT, 'fort_files', request.user.username, 'upload',
server_obj.assets.asset_management_ip)
sftp = SFTP(ssh_server_ip, server_obj.port, server_obj.username,
CryptPwd().decrypt_pwd(server_obj.password))
sftp.upload_file(upload_file, upload_file_path)
return JsonResponse({'code': 200, 'msg': '上传成功!文件默认放在{}用户家目录下'.format(server_obj.username)})
except Exception as e:
return JsonResponse({'code': 500, 'msg': '上传失败!{}'.format(e)})
def db_edit(request, pk):
db = DBConfig.objects.select_related('db_server').get(id=pk)
if request.method == 'GET':
data = {
'db_server': db.db_server_id,
'db_port': db.db_port,
'db_name': db.db_name,
'db_user': db.db_user,
'db_password': CryptPwd().decrypt_pwd(db.db_password),
'db_group': [group.id for group in db.db_group.all()],
'db_memo': db.db_memo
}
return JsonResponse({'code': 200, 'data': data})
elif request.method == 'POST':
try:
db.db_port = int(request.POST.get('db_port'))
db.db_name = request.POST.get('db_name')
db.db_user = request.POST.get('db_user')
db.db_password = CryptPwd().encrypt_pwd(
request.POST.get('db_password'))
db.db_memo = request.POST.get('db_memo')
db.db_group.set(request.POST.getlist('db_group'))
db.save()
return JsonResponse({'code': 200, 'data': None, 'msg': '数据库更新成功!'})
except Exception as e:
return JsonResponse({
'code': 500,
'data': None,
'msg': '数据库更新失败!{}'.format(e)
})
def login(request):
next_url = request.GET.get('next', None)
crypt = CryptPwd()
if request.method == 'GET':
if request.session.get('username') and request.session.get('lock'):
del request.session['lock']
del request.session['username']
return render(request, 'login.html')
elif request.method == 'POST':
print('这是post请求')
username = request.POST.get('username')
password = request.POST.get('password')
de_password = crypt.de_js_encrypt(password)
login_ip = request.META.get('REMOTE_ADDR')
# code = request.POST.get('code')
remember_me = request.POST.get('remember_me')
# if code.lower() != request.session.get('check_code', 'error').lower():
# return render(request, 'login.html', {"login_error_info": "验证码错误,请重新输入!"})
user = auth.authenticate(username=username, password=de_password)
print(user)
if user and user.is_active:
auth.login(request, user)
request.session['username'] = username
if remember_me:
request.session.set_expiry(60 * 60 * 24 * 7)
else:
request.session.set_expiry(0)
UserProfile.objects.filter(username=username).update(
login_status=0)
# get_login_info.delay(login_user=username, login_ip=login_ip, login_status='登录成功')
print('未知1')
if next_url:
print('未知2')
if next_url == '/' and not user.is_superuser:
return HttpResponseRedirect('/users/user_center/',
locals())
print('未知3')
return HttpResponseRedirect(next_url, locals())
else:
print('未知4')
return HttpResponseRedirect('/users/user_center/', locals())
elif user is None:
get_login_info.delay(login_user=username,
login_ip=login_ip,
login_status='登录失败')
return render(request, 'login.html',
{"login_error_info": "输入的用户名或密码错误!"})
elif not user.is_active:
return render(request, 'login.html',
{"login_error_info": "账户被禁用!"})
else:
return render(request, 'login.html',
{"login_error_info": "未知异常,请联系管理员!"})
def __init__(self, *args, **kwargs):
super(AdminGuacamole, self).__init__(*args, **kwargs)
self.server = ServerAssets.objects.select_related('assets').get(id=self.scope['path'].split('/')[3])
self.ip = self.server.assets.asset_management_ip
self.port = self.server.port
self.username = self.server.username
self.password = CryptPwd().decrypt_pwd(self.server.password)
def connect(self):
self.group_name = self.scope['url_route']['kwargs']['group_name']
path = self.scope['path']
server_id = path.split('/')[3]
host = ServerAssets.objects.select_related('assets').get(id=server_id)
username = host.username
password = CryptPwd().decrypt_pwd(host.password)
self.host_ip = host.assets.asset_management_ip
host_port = int(host.port)
try:
self.ssh = paramiko.SSHClient()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
if self.host_ip.startswith('1'):
self.ssh.connect(self.host_ip, host_port, username='******', key_filename='/root/.ssh/id_rsa')
else:
self.ssh.connect(self.host_ip, host_port, username, password)
# 创建channels group
async_to_sync(self.channel_layer.group_add)(self.group_name, self.channel_name)
except Exception as e:
logging.getLogger().error('用户{}通过webssh连接{}失败!原因:{}'.format(username, self.host_ip, e))
self.chan = self.ssh.invoke_shell(term='xterm', width=150, height=30)
self.chan.settimeout(0)
self.t1 = MyThread(self)
self.t1.setDaemon(True)
self.t1.start()
# 返回给receive方法处理
self.accept()
def db_list(request):
if request.method == 'GET':
dbs = DBConfig.objects.select_related('db_server').all()
services = Service.objects.select_related('project').select_related(
'service_asset').all()
groups = Group.objects.all()
return render(request, 'dbmanager/db_list.html', locals())
elif request.method == 'POST':
try:
db = DBConfig.objects.create(db_server=Service.objects.get(
id=request.POST.get('db_server')),
db_port=int(
request.POST.get('db_port')),
db_name=request.POST.get('db_name'),
db_user=request.POST.get('db_user'),
db_password=CryptPwd().encrypt_pwd(
request.POST.get('db_password')),
db_memo=request.POST.get('db_memo'))
db.db_group.set(request.POST.getlist('db_group'))
return JsonResponse({'code': 200, 'data': None, 'msg': '数据库添加成功!'})
except Exception as e:
return JsonResponse({
'code': 500,
'data': None,
'msg': '数据库添加失败!{}'.format(e)
})
def gen_resource(host_ids, group_ids=None):
host_list = []
for host_id in host_ids:
host = {}
host_obj = ServerAssets.objects.get(id=host_id)
host['ip'] = host_obj.assets.asset_management_ip
host['port'] = int(host_obj.port)
host['username'] = host_obj.username
host['password'] = CryptPwd().decrypt_pwd(host_obj.password)
if host_obj.host_vars:
host_vars = eval(host_obj.host_vars)
for k, v in host_vars.items():
host[k] = v
host_list.append(host)
if group_ids:
resource = {}
group_values = {}
for group_id in group_ids:
group_obj = AnsibleInventory.objects.get(id=group_id)
group_values['hosts'] = host_list
if group_obj.ans_group_vars:
group_values['group_vars'] = eval(group_obj.ans_group_vars)
resource[group_obj.ans_group_name] = group_values
else:
resource = host_list
return resource
def connect(self):
if self.scope["user"].is_anonymous:
self.close(code=1007)
else:
self.accept()
username = self.server.username
try:
self.ssh.load_system_host_keys()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.ssh.connect(self.host_ip,
int(self.server.port),
username,
CryptPwd().decrypt_pwd(self.server.password),
timeout=5)
except Exception as e:
fort_logger.error('用户{}通过webssh连接{}失败!原因:{}'.format(
username, self.host_ip, e))
self.send('用户{}通过webssh连接{}失败!原因:{}'.format(
username, self.host_ip, e))
self.close()
self.chan = self.ssh.invoke_shell(term='xterm',
width=self.width,
height=self.height)
# 设置如果3分钟没有任何输入,就断开连接
self.chan.settimeout(60 * 3)
self.t1.setDaemon(True)
self.t1.start()
def db_exec(request):
if request.method == 'GET':
dbs = DBConfig.objects.prefetch_related('db_group').all()
user_groups = request.user.groups.all()
user_dbs = []
for db in dbs:
if not set(db.db_group.all()).isdisjoint(set(user_groups)):
user_dbs.append(db)
return render(request, 'dbmanager/db_exec.html', {'user_dbs': user_dbs})
elif request.method == 'POST':
pk = request.POST.get('pk')
sql = request.POST.get('sql')
sql_type = request.POST.get('sql_type')
sql_file = request.FILES.get('upload_file')
if sql_file:
sql = ''.join({chunk.decode('utf-8') for chunk in sql_file.chunks(chunk_size=1024)})
sql_file.close()
return JsonResponse({'code': 200, 'data': sql, 'msg': 'sql上传成功!'})
db = DBConfig.objects.select_related('db_server').get(id=pk)
try:
conn = MysqlPool(db.db_server.service_asset.asset_management_ip, db.db_port, db.db_user,
CryptPwd().decrypt_pwd(db.db_password), db.db_name)
if sql == 'show tables':
res = conn.get_tables(sql)
return JsonResponse({'code': 200, 'data': res, 'msg': 'sql执行成功!'})
elif sql_type == 'select':
table_heads, res = conn.exec_select(sql)
if isinstance(table_heads, list):
db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql, db_sql_res=res,
db_sql_res_thead=str(table_heads))
return JsonResponse({'code': 200, 'table_heads': table_heads, 'data': res, 'db_log_id': db_log_id,
'msg': 'sql执行成功!'})
else:
db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql, db_sql_res=res)
return JsonResponse({'code': 507, 'data': res, 'db_log_id': db_log_id, 'msg': 'sql执行失败!'})
elif sql_type == 'sql-one':
res = conn.exec_sql_one(sql)
db_sql_res = '受影响的行数: {}'.format(res) if isinstance(res, int) else str(res)
db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql,
db_sql_res=db_sql_res)
return JsonResponse(
{'code': 200, 'data': db_sql_res, 'db_log_id': db_log_id, 'msg': 'sql执行成功!'})
elif sql_type == 'sql-many':
sql_list = sql.split('args=')
run_sql = sql_list[0].rstrip()
args = eval(sql_list[1])
res = conn.exec_sql_many(run_sql, args)
db_log_id = sql_log(db_config=db, db_login_user=request.user, db_sql_content=sql,
db_sql_res='受影响的行数: {}'.format(res))
return JsonResponse(
{'code': 200, 'data': '受影响的行数: {}'.format(res), 'db_log_id': db_log_id, 'msg': 'sql执行成功!'})
except Exception as e:
return JsonResponse({'code': 500, 'data': None, 'msg': 'sql执行失败!{}'.format(e)})
def update(self, instance, validated_data):
for attr, value in validated_data.items():
if attr == 'server_user_password':
if instance.server_user_password != value:
setattr(instance, attr, CryptPwd().encrypt_pwd(value))
else:
setattr(instance, attr, value)
instance.save()
return instance
def create(self, data):
if data.get('assets'):
assets_data = data.pop('assets')
assets = Assets.objects.create(**assets_data)
else:
assets = Assets()
data['assets'] = assets
data['password'] = CryptPwd().encrypt_pwd(data['password'])
server = ServerAssets.objects.create(**data)
return server
def connect(self):
self.accept('guacamole')
self.client.handshake(protocol='rdp',
hostname=self.server_ip, port=self.server.port,
password=CryptPwd().decrypt_pwd(self.server.password),
username=self.server.username, width=self.width, height=self.height, dpi=self.dpi)
self.send('0.,{0}.{1};'.format(len(self.group_name), self.group_name))
self.guacamole_thread.setDaemon(True)
self.guacamole_thread.start()
def connect(self):
self.accept('guacamole')
self.client.handshake(
protocol='rdp',
hostname=self.fort_server.assets.asset_management_ip,
port=self.fort_server.port,
password=CryptPwd().decrypt_pwd(self.fort_server.password),
username=self.fort_server.username)
self.send('0.,{0}.{1};'.format(len(self.group_name), self.group_name))
self.guacamole_thread.setDaemon(True)
self.guacamole_thread.start()
def lock_screen(request):
crypt = CryptPwd()
if request.method == 'GET':
user = UserProfile.objects.get(username=request.user)
UserProfile.objects.filter(username=request.user).update(
login_status=3
)
request.session['lock'] = 'lock'
if 'lock_screen' not in request.META.get('HTTP_REFERER'):
request.session['referer_url'] = request.META.get('HTTP_REFERER')
public_key = crypt.gen_pri_pub_key
return render(request, 'lockscreen.html', locals())
elif request.method == 'POST':
de_password = crypt.de_js_encrypt(request.POST.get('pwd'))
user = auth.authenticate(username=request.session['username'], password=de_password)
if user:
del request.session['lock']
referer_url = request.session.get('referer_url')
return redirect(referer_url)
return render(request, 'lockscreen.html',
{"login_error_info": "密码错误!请确认输入的密码是否正确!", 'public_key': crypt.gen_pri_pub_key})
def update_pwd(request):
if request.method == 'POST':
pks = request.POST.getlist('pks')
pwd = request.POST.get('pwd')
try:
for pk in pks:
server = Assets.objects.get(id=pk).serverassets
server.password = CryptPwd().encrypt_pwd(pwd)
server.save()
return JsonResponse({'code': 200, 'msg': '更新完毕!'})
except Exception as e:
return JsonResponse({'code': 500, 'msg': '更新失败:{}'.format(e)})
def receive(self, text_data=None, bytes_data=None):
info = json.loads(text_data)
self.host = info['host']
self.port = info['port']
self.username = info['username']
self.password = CryptPwd().decrypt_pwd(info['password'])
self.log_file = info['log_file']
self.cmd = "/usr/bin/sshpass -p {password} /usr/bin/ssh -t -p {port} {user}@{host} /usr/bin/tailf " \
"{log_file}".format(password=self.password, port=self.port, user=self.username, host=self.host,
log_file=self.log_file)
self.t1.setDaemon(True)
self.t1.start()
def get_top_data(request, pk):
server_obj = ServerAssets.objects.select_related('assets').get(id=pk)
resource = [{"ip": server_obj.assets.asset_management_ip, "port": int(server_obj.port),
"username": server_obj.username,
"password": CryptPwd().decrypt_pwd(server_obj.password)}]
ans = ANSRunner(resource, become='yes', become_method='sudo', become_user='******')
ans.run_module(host_list=[server_obj.assets.asset_management_ip], module_name='shell',
module_args='export COLUMNS\=400 && top -bcn 1 && df -h -t ext3 -t ext4 -t xfs')
result = ans.get_module_results[0]
if 'success' in result:
load, tasks, cpu, mem, swap, heads, body, disk = handle_top_data(result)
return JsonResponse({'code': 200, 'data': {'load': load, 'tasks': tasks, 'cpu': cpu, 'mem': mem, 'swap': swap,
'heads': heads, 'body': body, 'disk': disk}, 'msg': '收集成功!'})
else:
return JsonResponse({'code': 500, 'msg': '收集失败!{}'.format(result[result.index('>>') + 1:])})
def connect(self):
self.accept()
username = self.server.username
try:
self.ssh.load_system_host_keys()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.ssh.connect(self.host_ip, int(self.server.port), username,
CryptPwd().decrypt_pwd(self.server.password))
except Exception as e:
logging.getLogger().error('用户{}通过webssh连接{}失败!原因:{}'.format(username, self.host_ip, e))
self.send('用户{}通过webssh连接{}失败!原因:{}'.format(username, self.host_ip, e))
self.chan = self.ssh.invoke_shell(term='xterm', width=150, height=30)
self.chan.settimeout(0)
self.t1.setDaemon(True)
self.t1.start()
def server_facts(request):
if request.method == 'POST':
pk = request.POST.get('pk')
module = request.POST.get('module')
server_obj = ServerAssets.objects.select_related('assets').get(id=pk)
resource = [{"ip": server_obj.assets.asset_management_ip, "port": int(server_obj.port),
"username": server_obj.username,
"password": CryptPwd().decrypt_pwd(server_obj.password)}]
try:
ans = ANSRunner(resource, become='yes', become_method='sudo', become_user='******')
ans.run_module(host_list=[server_obj.assets.asset_management_ip], module_name=module, module_args="")
for data in ans.get_module_results:
if module == 'setup':
if 'success' in data:
server_info, server_model, nks = handle_setup_data(data)
Assets.objects.filter(id=server_obj.assets_id).update(
asset_model=server_model
)
ServerAssets.objects.select_related('assets').filter(id=pk).update(**server_info)
asset = Assets.objects.get(id=server_obj.assets_id)
for nk in nks:
mac = nk.get('network_card_mac')
NetworkCardAssets.objects.select_related('asset').update_or_create(defaults=nk, asset=asset,
network_card_mac=mac)
return JsonResponse({'code': 200, 'msg': '收集完成!'})
else:
return JsonResponse({'code': 500, 'msg': '收集失败!{}'.format(data[data.index('>>') + 1:])})
elif module == 'get_mem':
if 'success' in data:
mem_infos = handle_mem_data(data)
asset = Assets.objects.get(id=server_obj.assets_id)
for mem_info in mem_infos:
ram_slot = mem_info.get('ram_slot')
RamAssets.objects.select_related('asset').update_or_create(defaults=mem_info, asset=asset,
ram_slot=ram_slot)
return JsonResponse({'code': 200, 'msg': '收集完成!'})
else:
return JsonResponse({'code': 500, 'msg': '收集失败!{}'.format(data[data.index('>>') + 1:])})
except Exception as e:
return JsonResponse({'code': 500, 'msg': str(e)})
def gen_host_list(host_ids):
"""
生成格式为:[{"ip": "10.0.0.0", "port": "22", "username": "******", "password": "******"}, ...]
:return:
"""
host_list = []
for host_id in host_ids:
host = {}
host_obj = ServerAssets.objects.get(id=host_id)
host['ip'] = host_obj.assets.asset_management_ip
host['port'] = int(host_obj.port)
host['username'] = host_obj.username
host['password'] = CryptPwd().decrypt_pwd(host_obj.password)
if host_obj.host_vars:
host_vars = eval(host_obj.host_vars)
for k, v in host_vars.items():
host[k] = v
host_list.append(host)
return host_list
def connect(self):
path = self.scope['path']
server_id = path.split('/')[3]
host = ServerAssets.objects.select_related('assets').get(id=server_id)
username = host.username
self.host_ip = host.assets.asset_management_ip
host_port = int(host.port)
password = CryptPwd().decrypt_pwd(host.password)
# 创建channels group, 命名为:用户名,并使用channel_layer写入到redis
async_to_sync(self.channel_layer.group_add)(self.channel_name, self.channel_name)
self.ssh = paramiko.SSHClient()
self.ssh.load_system_host_keys()
self.ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
self.ssh.connect(self.host_ip, host_port, username, password)
self.chan = self.ssh.invoke_shell(term='xterm')
self.chan.settimeout(0)
t1 = MyThread(self)
t1.setDaemon(True)
t1.start()
# 返回给receive方法处理
self.accept()
def import_assets(request):
if request.method == 'POST':
file = request.FILES.get('file')
filename = os.path.join(settings.BASE_DIR, 'upload', file.name)
if not os.path.exists(os.path.dirname(filename)):
os.makedirs(os.path.dirname(filename))
with open(filename, 'wb') as f:
for chunk in file.chunks():
f.write(chunk)
try:
xl_file = xlrd.open_workbook(filename)
sheet_names = xl_file.sheet_names()
data_list = []
for sheet_name in sheet_names:
sheet_obj = xl_file.sheet_by_name(sheet_name)
for i in range(1, sheet_obj.nrows):
data_list.append(sheet_obj.row_values(i))
for data in data_list:
assets = {
'asset_type':
data[0],
'asset_nu':
data[1],
'asset_model':
data[2] if data[2] else None,
'asset_provider':
AssetProvider.objects.get(
id=int(data[3])) if data[3] else None,
'asset_status':
int(data[4]) if data[4] else 0,
'asset_management_ip':
data[5] if data[5] else None,
'asset_admin':
UserProfile.objects.get(id=int(data[6])) if data[6] else
UserProfile.objects.get(username=request.user),
'asset_idc':
IDC.objects.get(id=int(data[7])) if data[7] else None,
'asset_cabinet':
Cabinet.objects.select_related('idc').get(
id=int(data[8])) if data[8] else None,
'asset_purchase_day':
xlrd.xldate_as_datetime(data[9], 0),
'asset_expire_day':
xlrd.xldate_as_datetime(data[10], 0),
'asset_price':
data[11] if data[11] else None,
'asset_memo':
data[12],
}
asset_obj, created = Assets.objects.update_or_create(
asset_nu=data[1], defaults=assets)
if data[0] == 'server':
server_asset = {
'server_type':
int(data[13]),
'username':
data[14],
'password':
CryptPwd().encrypt_pwd(str(data[15]))
if data[15] else None,
'port':
int(data[16]),
'hosted_on':
ServerAssets.objects.select_related('assets').get(
id=int(data[17])) if data[17] else None,
}
ServerAssets.objects.update_or_create(
assets=asset_obj, defaults=server_asset)
elif data[0] == 'network':
NetworkAssets.objects.update_or_create(assets=asset_obj,
network_type=int(
data[13]))
elif data[0] == 'office':
OfficeAssets.objects.update_or_create(assets=asset_obj,
office_type=int(
data[13]))
elif data[0] == 'security':
SecurityAssets.objects.update_or_create(assets=asset_obj,
security_type=int(
data[13]))
elif data[0] == 'storage':
StorageAssets.objects.update_or_create(assets=asset_obj,
storage_type=int(
data[13]))
elif data[0] == 'software':
SoftwareAssets.objects.update_or_create(assets=asset_obj,
software_type=int(
data[13]))
return JsonResponse({'code': 200, 'msg': '导入成功!'})
except Exception as e:
return JsonResponse({'code': 500, 'msg': '导入失败!,{}'.format(e)})
def create(self, validated_data):
validated_data['server_user_password'] = CryptPwd().encrypt_pwd(
validated_data['server_user_password'])
server = PullAssetConf.objects.create(**validated_data)
return server
