def top_pro_add(request):
if request.method == "POST":
name = request.POST.get('name')
hosts = request.POST.get('servers')
filename = request.POST.get('filename')
rule = request.POST.get('rule')
limit = request.POST.get('limit')
exception = request.POST.get('exception')
globalip = request.POST.get('globalip')
hook = request.POST.get('hook')
remark = request.POST.get('remark')
if dsACL_TopProject.objects.filter(name=name):
return JsonResponse({'code': 1, 'msg': "该项目已存在", 'count': 1})
if hosts:
for i in strIp_to_listIp(hosts):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "目标服务器IP格式错误",
'count': 1
})
if exception:
for i in strIp_to_listIp(exception):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "无限制IP格式错误",
'count': 1
})
if globalip:
for i in strIp_to_listIp(globalip):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "默认添加IP格式错误",
'count': 1
})
if not limit: limit = 0
data = dsACL_TopProject(name=name,
servers=hosts,
filename=filename,
rule=rule,
limit=limit,
exception=exception,
globalip=globalip,
hook=hook,
remark=remark)
data.save()
return JsonResponse({'code': 0, 'msg': "添加成功", 'count': 1})
return render(request, 'allow_list/top_pro_add.html', locals())
def api_white_table_add(request, id):
conf = api_access_authorized_conf.objects.get(pk=id)
if request.method == 'POST':
host = request.POST.get('host')
if not isValidIp(host):
return JsonResponse({
"status": "Failed",
"info": "IP格式错误"
},
safe=False)
List = [
i.host_ip for i in conf.api_access_authorized_table_set.all() if i
]
if conf.api_access_authorized_table_set.filter(host_ip=host):
return JsonResponse({
"status": "Failed",
"info": "IP已存在"
},
safe=False)
key = request.POST.get('key')
memo = request.POST.get('memo')
print memo
print host
print key
api_access_authorized_table.objects.get_or_create(host_key=key,
host_ip=host,
memo=memo,
user=request.user,
apiConf=conf)
return JsonResponse({"status": "OK", "info": "已添加"})
return render(request, 'allow_list/pingtai_api_white_table_add.html',
locals())
def get_host(message):
try:
ip = message.text.split()[1]
if not isValidIp(ip):
text = "IP:%s 格式错误" % ip
bot.sendMessage(chat_id=message.chat.id, text=text)
return 9
except IndexError:
text = "缺少参数!/get_host IP地址"
bot.sendMessage(chat_id=message.chat.id, text=text)
return 9
try:
server = Server.objects.get(ssh_host=ip)
text = 'IP: %s \nUSER: %s \nPORT: %s \n PASSWD: %s \n' % (
ip, server.ssh_user, server.ssh_port, server.ssh_password)
except:
text = "此IP不在CMDB记录中"
bot.sendMessage(chat_id=message.chat.id, text=text)
def iptables(request):
choice_data = [a for a in Business.objects.filter(platform='现金网')]
if request.method == 'POST':
ip = request.POST.get('ipaddr').strip()
comment = request.POST.get('customer').strip()
remark = "only_new"
host_group = u"新平台"
chain = "INPUT"
comment = u"WEB_PORT_%s" % comment
user = request.user
if not isValidIp(ip): return JsonResponse({"res": "falid","info": "IP格式错误"},safe=False)
if Iptables.objects.filter(i_source_ip=ip): return JsonResponse({"res": "falid","info": "此IP已存在"},safe=False)
i = Iptables(i_comment=comment,i_chain=chain,i_source_ip=ip,i_user=user,i_remark=remark,i_tag=host_group)
i.save()
task = "/etc/ansible/insertip.yml"
job = do_ansible.delay(task,ip,remark,comment)
task_id = job.id
return JsonResponse({"res": "OK","info": "已添加成功"},safe=False)
return render(request,'allow_list/iptables.html',locals())
def api_white_conf_edit(request, id):
data = api_access_authorized_conf.objects.get(pk=id)
if request.method == 'POST':
name = request.POST.get('name')
servers = request.POST.get('servers')
file_path = request.POST.get('file_path')
default_ip = request.POST.get('default_ip')
#验证名称是否唯一
if name != data.name:
if api_access_authorized_conf.objects.filter(name=name):
Errors.append("NAME已存在")
return JsonResponse({'status': "Failed", 'info': "NAME已存在!"})
#验证servers是否存在cmdb中
servers = strIp_to_listIp(servers)
for i in servers:
if not Server.objects.filter(ssh_host=i):
Errors.append("CMDB中没有%s的信息" % i)
return JsonResponse({
'status': "Failed",
'info': "CMDB中没有%s的信息" % i
})
#验证default_ip的有效性
if default_ip:
default_ip_list = strIp_to_listIp(default_ip)
for i in default_ip_list:
if not isValidIp(i):
Errors.append("%s格式错误" % i)
return JsonResponse({
'status': "Failed",
'info': "%s格式错误" % i
})
default_ip = " ".join(default_ip_list)
data.name = name
data.servers = " ".join(servers)
data.file_path = file_path
data.default_ip = default_ip
data.save()
return JsonResponse({'status': "OK", 'info': "修改成功"})
return render(request, 'allow_list/pingtai_api_white_conf_edit.html',
locals())
def shell(message):
try:
ip = message.text.split()[1].split('@')[0]
cmd = message.text.split('@')[-1]
if not isValidIp(ip):
text = "IP格式错误"
bot.sendMessage(chat_id=message.chat.id, text=text)
return 9
except IndexError:
text = "缺少参数!/shell IP地址@命令"
bot.sendMessage(chat_id=message.chat.id, text=text)
return 9
path = "[root@localhost ~]# "
try:
Server.objects.get(ssh_host=ip)
except:
text = "此IP:%s 不在CMDB记录中" % ip
bot.sendMessage(chat_id=message.chat.id, text=text)
return 8
try:
res = ssh_cmd(ip, cmd)
print res
res = " ".join(res)
text = path + '\r\n' + res
except:
text = "连接超时!"
num = len(text) / 4096
if num == 0:
bot.sendMessage(chat_id=message.chat.id, text=text)
else:
start = 0
for i in num:
end = start + 4096
bot.sendMessage(chat_id=message.chat.id, text=text[start:end])
start += 4096
if len(text) % 4096 == 0:
pass
else:
end = start + len(text) % 4096
bot.sendMessage(chat_id=message.chat.id, text=text[start:end])
def black_add(request):
#添加现金网后台黑名单
if request.method == 'POST':
ip = request.POST.get('ipaddr').strip()
if not isValidIp(ip): return JsonResponse({"res": "falid","info": "IP格式错误"},safe=False)
classify = request.POST.get('classify')
conf = white_conf.objects.get(name=classify)
if not conf.servers: return JsonResponse({"res": "falid","info": "项目没有配置服务器"},safe=False)
for i in conf.servers.split('\r\n'):
if Server.objects.filter(ssh_host=i).count() != 1: return JsonResponse({"res": "falid","info": "请检查CMDB中服务器配置是否正确!"},safe=False)
obj,created = white_list.objects.get_or_create(host_ip=ip,white_conf=conf,defaults={'host_key':"deny",'user':request.user})
if not created: return JsonResponse({"res": "falid","info": "此IP已存在黑名单中"},safe=False)
if white_list.objects.filter(white_conf=conf,host_ip=ip).count() > 1: return JsonResponse({"res": "OK","info": "已添加成功"},safe=False)
if classify == "MONEY-Black":
template_file="kg_jdc_white.conf"
ips = ""
for i in white_list.objects.filter(white_conf=conf):
ips += i.host_key+" "+i.host_ip+";\n"
nginx_white_copy.delay(conf.servers,template_file,conf.file_path,ips,conf.is_reload)
return JsonResponse({"res": "OK","info": "已添加成功"},safe=False)
return render(request,'allow_list/black_add.html',locals())
def sub_pro_add(request, tid):
toppro = dsACL_TopProject.objects.get(pk=tid)
if request.method == "POST":
name = request.POST.get('name')
useParentConf = request.POST.get('useParentConf')
if useParentConf:
useParentConf = False
else:
useParentConf = True
hosts = request.POST.get('servers')
filename = request.POST.get('filename')
rule = request.POST.get('rule')
hook = request.POST.get('hook')
remark = request.POST.get('remark')
if dsACL_SubProject.objects.filter(parentPro=toppro, name=name):
return JsonResponse({'code': 1, 'msg': "该项目已存在", 'count': 1})
if hosts:
for i in strIp_to_listIp(hosts):
if not isValidIp(i):
return JsonResponse({
'code': 1,
'msg': "目标服务器IP格式错误",
'count': 1
})
data = dsACL_SubProject(name=name,
parentPro=toppro,
useParentConf=useParentConf,
servers=hosts,
filename=filename,
rule=rule,
hook=hook,
remark=remark)
data.save()
return JsonResponse({'code': 0, 'msg': "子项目添加成功", 'count': 1})
return render(request, 'allow_list/sub_pro_add.html', locals())
def white_add(request,uuid):
conf = white_conf.objects.get(pk=uuid)
if conf.name in ["KG-JDC","MONEY-Backend","DT-GFC","MONEY-Black"]:
data = git_deploy.objects.filter(platform="现金网",classify="online",isops=True,islog=True) #根据线上的siteid来添加
newAsiteid=[i for i in data if "a" in i.name ]
for i in data:
if i.name[-1] not in ['a','b','c','d','f']:
newAsiteid.append(i)
data = newAsiteid
elif conf.name in ["MN-JDC","MN-Backend","MN-GFC","MN-Black"]:
data = git_deploy.objects.filter(platform="VUE蛮牛",classify="huidu",isops=True,islog=True) #根据灰度的siteid来添加
if request.method == 'POST':
ip = request.POST.get('ipaddr').strip()
method = request.POST.get('method').strip()
classify = conf.name
uuid = request.POST.get('uuid')
memo = request.POST.get('memo')
deploy = git_deploy.objects.get(id=uuid)
if conf.exception_ip:
exception = conf.exception_ip
else:
exception = ""
if not isValidIp(ip): return JsonResponse({"res": "falid","info": "IP格式错误"},safe=False)
if not conf.servers: return JsonResponse({"res": "falid","info": "项目没有配置服务器"},safe=False)
for i in conf.servers.split('\r\n'):
if Server.objects.filter(ssh_host=i).count() != 1: return JsonResponse({"res": "falid","info": "请检查CMDB中服务器配置是否正确!"},safe=False)
#判断该IP是否添加了5次,如果是特赦IP则不进行判断
if ip not in exception:
if white_list.objects.filter(white_conf=conf,host_ip=ip).count() >= 5: return JsonResponse({"res": "falid","info": "此IP已绑定超过5个网站"},safe=False)
obj,created = white_list.objects.get_or_create(host_ip=ip,git_deploy=deploy,white_conf=conf,memo=memo,defaults={'host_key':method,'user':request.user})
if not created: return JsonResponse({"res": "falid","info": "此项目的IP已存在"},safe=False)
if white_list.objects.filter(white_conf=conf,git_deploy=deploy,host_ip=ip).count() > 1: return JsonResponse({"res": "OK","info": "已添加成功"},safe=False)
ips = ""
if classify in ["KG-JDC","MN-JDC","DT-GFC","MN-GFC"]:
template_file="kg_jdc_white.conf"
for i in white_list.objects.filter(white_conf=conf):
ips += i.host_key+" "+i.host_ip+"; #"+i.git_deploy.name+" \n"
print "添加%s"% classify
job = nginx_white_copy.delay(conf.servers,template_file,conf.file_path,ips,conf.is_reload)
elif classify in ["MONEY-Black","MONEY-Backend","MN-Backend"]:
template_file="kg_jdc_white.conf"
try:
filename = filter(str.isdigit,deploy.name)
except:
filename = filter(unicode.isdigit,deploy.name)
file_path = conf.file_path+"/"+filename+"_white_list"
for i in white_list.objects.filter(white_conf=conf,git_deploy=deploy):
ips += i.host_key+" "+i.host_ip+";\n"
# platform = "VUE蛮牛"
# huidu_deploy = git_deploy.objects.filter(platform=platform,name=deploy.name,classify="huidu",isops=True,islog=True)
# if huidu_deploy:
# for i in white_list.objects.filter(white_conf=conf,git_deploy=huidu_deploy[0]):
# ips += i.host_key+" "+i.host_ip+";\n"
#print "找到灰度后台白名单:\n%s"% ips
job = nginx_white_copy.delay(conf.servers,template_file,file_path,ips,conf.is_reload)
# template_file="mn_backend.conf"
# file_path = conf.file_path+"/"+deploy.name+".conf"
# huidu_deploy = git_deploy.objects.filter(platform=platform,name=deploy.name,classify="huidu",islog=True)
# online_deploy = git_deploy.objects.filter(platform=platform,name=deploy.name,classify="online",islog=True)
# if huidu_deploy:
# for i in white_list.objects.filter(white_conf=conf,git_deploy=huidu_deploy[0]):
# ips += i.host_key+" "+i.host_ip+";\n "
# #print "找到灰度后台白名单:\n%s"% ips
# if online_deploy:
# for i in white_list.objects.filter(white_conf=conf,git_deploy=online_deploy[0]):
# ips += i.host_key+" "+i.host_ip+";\n "
# #print "所有后台白名单:\n%s"% ips
# business = Business.objects.get(nic_name=deploy.name,platform=platform) #蛮牛项目
# front_data = business.domain.filter(use=2,classify="online") #蛮牛线上在用的后台域名对象
# if not front_data:
# front_data = business.domain.filter(use=2,classify="huidu")
# front_domain = " ".join([i.name for i in front_data if i]) #提取域名组成列表
# job = nginx_white_copy.delay(conf.servers,template_file,file_path,ips,conf.is_reload,server_name=front_domain,siteid=deploy.name)
# else:
# platform = "现金网" #现金网后台反代节点nginx配置文件不统一,没法做文件模板覆盖
# template_file="kg_jdc_white.conf"
# file_path = conf.file_path+"/"+deploy.name+"_white_list"
# online_deploy = git_deploy.objects.filter(platform=platform,name=deploy.name,classify="online",isops=True,islog=True)
# for i in white_list.objects.filter(white_conf=conf,git_deploy=online_deploy[0]):
# ips += i.host_key+" "+i.host_ip+";\n"
# # print "所有现金网后台白名单:\n%s"% ips
# job = nginx_white_copy.delay(conf.servers,template_file,file_path,ips,conf.is_reload) #将白名单推到后台反代节点1001_white_list
return JsonResponse({"res": "OK","info": "已添加成功"},safe=False)
return render(request,'allow_list/white_add.html',locals())
def sub_pro_api(request):
action = request.GET.get('action')
sid = request.GET.get('id')
tid = request.GET.get('tid')
project_name = request.GET.get('project_name')
toppro = dsACL_TopProject.objects.get(pk=tid)
value = request.GET.get('value')
res = {'code': 1, 'msg': "错误", 'count': 0}
if action == "get":
page = request.GET.get('page')
limit = request.GET.get('limit')
if page == 1:
start_line = 0
end_line = limit
else:
start_line = int(page) * int(limit) - int(limit)
end_line = int(page) * int(limit)
keyword = request.GET.get('keyword')
if keyword:
data = dsACL_SubProject.objects.filter(parentPro=toppro,
name__contains=keyword)
else:
data = dsACL_SubProject.objects.filter(parentPro=toppro)
count = len(data)
data = data[start_line:end_line]
res = {
'code': 0,
'msg': "",
'count': count,
'data':
[eval(i.toJSON(), {
'true': 1,
'false': 0
}) for i in data if i]
}
elif action == "getAll":
data = dsACL_SubProject.objects.filter(parentPro=toppro)
res = {
'code': 0,
'msg': "所有sub项目",
'count': len(data),
'data':
[eval(i.toJSON(), {
'true': 1,
'false': 0
}) for i in data if i]
}
elif action == "get_All":
line_table = {
"cache_ips": [],
"cow_ips": [],
}
toppros = dsACL_TopProject.objects.filter(
id__in=line_table[project_name])
toppros_id = [top.id for top in toppros if top]
data = dsACL_SubProject.objects.filter(parentPro__in=toppros_id)
res = {
'code': 0,
'msg': "所有sub项目",
'count': len(data),
'data':
[eval(i.toJSON(), {
'true': 1,
'false': 0
}) for i in data if i]
}
elif action == "edit_name":
if dsACL_SubProject.objects.filter(parentPro=toppro, name=value):
return JsonResponse({'code': 1, 'msg': "项目名已存在", 'count': 1})
data = dsACL_SubProject.objects.get(pk=sid)
data.name = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_filename":
data = dsACL_SubProject.objects.get(pk=sid)
data.filename = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_rule":
data = dsACL_SubProject.objects.get(pk=sid)
data.rule = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == 'edit_hook':
data = dsACL_SubProject.objects.get(pk=sid)
data.hook = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == 'edit_remark':
data = dsACL_SubProject.objects.get(pk=sid)
data.remark = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "del":
for delID in eval(sid):
data = dsACL_SubProject.objects.get(pk=delID)
data.delete()
res = {'code': 0, 'msg': "删除sub项目成功", 'count': 1}
elif action == "check_servers":
data = dsACL_SubProject.objects.get(pk=sid)
hosts = data.servers
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
if Server.objects.filter(ssh_host=i):
server_List.append({
"host": i,
"isexists": True,
"status": ssh_check(i)
})
else:
server_List.append({
"host": i,
"isexists": False,
"status": False
})
res = {
'code': 0,
'msg': "目标服务器检测",
'count': len(servers),
'data': server_List
}
elif action == "add_servers":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_SubProject.objects.get(pk=sid)
hosts = []
if data.servers: hosts = strIp_to_listIp(data.servers)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
servers = "\n".join(hosts)
data.servers = servers
data.save()
res = {'code': 0, 'msg': "添加目标服务器成功", 'count': 1}
elif action == "del_servers":
data = dsACL_SubProject.objects.get(pk=sid)
hosts = strIp_to_listIp(data.servers)
hosts = [x for x in hosts if x != value]
if hosts:
servers = "\n".join(hosts)
else:
servers = ""
data.servers = servers
data.save()
res = {'code': 0, 'msg': "删除目标服务器成功", 'count': 1}
elif action == "edit_servers":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_SubProject.objects.get(pk=sid)
servers = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.servers)
])
data.servers = servers
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_useParentConf":
data = dsACL_SubProject.objects.get(pk=sid)
if value == "True":
value = True
print "使用top配置"
else:
value = False
print "使用sub配置"
data.useParentConf = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
return JsonResponse(res)
def top_pro_api(request):
"""
id: id
action: get 获取字段 value为搜索条件keyword,另外有limit和page参数
action: del 删除
action: edit_name 编辑名字
action: edit_servers 编辑服务器信息
action: check_servers 检测服务器状态
action: add_servers 添加
action: del_servers 删除目标服务器
action: edit_filename 编辑文件路径信息
action: edit_rule 编辑匹配规则
action: edit_limit 编辑限制条目
action: edit_exception 编辑特权IP
action: get_exception 获取特权ip
action: add_exception 添加特权ip
action: del_exception 删除特权ip
action: edit_global 编辑默认IP
action: get_global 获取默认ip
action: add_global 添加默认ip
action: del_global 删除默认ip
action: edit_hook 编辑钩子
action: edit_remark 编辑备注
value: 对应值
"""
action = request.GET.get('action')
tid = request.GET.get('id')
value = request.GET.get('value')
if action == "get":
page = request.GET.get('page')
limit = request.GET.get('limit')
if page == 1:
start_line = 0
end_line = limit
else:
start_line = int(page) * int(limit) - int(limit)
end_line = int(page) * int(limit)
keyword = request.GET.get('keyword')
if keyword:
data = dsACL_TopProject.objects.filter(
name__contains=keyword)[start_line:end_line]
count = len(data)
else:
data = dsACL_TopProject.objects.all()[start_line:end_line]
count = dsACL_TopProject.objects.count()
res = {
'code': 0,
'msg': "",
'count': count,
'data': [eval(i.toJSON()) for i in data if i]
}
elif action == "getAll":
data = dsACL_TopProject.objects.all()
res = {
'code': 0,
'msg': "所有top项目",
'count': len(data),
'data': [eval(i.toJSON()) for i in data if i]
}
elif action == "edit_name":
if dsACL_TopProject.objects.filter(name=value):
return JsonResponse({'code': 1, 'msg': "该项目已存在", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
data.name = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_filename":
data = dsACL_TopProject.objects.get(pk=tid)
data.filename = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_rule":
data = dsACL_TopProject.objects.get(pk=tid)
data.rule = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_limit":
if not value: value = 0
data = dsACL_TopProject.objects.get(pk=tid)
data.limit = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_hook":
data = dsACL_TopProject.objects.get(pk=tid)
data.hook = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_remark":
data = dsACL_TopProject.objects.get(pk=tid)
data.remark = value
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_servers":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
servers = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.servers)
])
data.servers = servers
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "edit_exception":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
exception = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.exception)
])
data.exception = exception
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
elif action == "del":
for delID in eval(tid):
data = dsACL_TopProject.objects.get(pk=delID)
data.delete()
res = {'code': 0, 'msg': "删除成功", 'count': 1}
elif action == "check_servers":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = data.servers
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
if Server.objects.filter(ssh_host=i):
server_List.append({
"host": i,
"isexists": True,
"status": ssh_check(i)
})
else:
server_List.append({
"host": i,
"isexists": False,
"status": False
})
res = {
'code': 0,
'msg': "目标服务器检测",
'count': len(servers),
'data': server_List
}
elif action == "add_servers":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
hosts = []
if data.servers: hosts = strIp_to_listIp(data.servers)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
servers = "\n".join(hosts)
data.servers = servers
data.save()
res = {'code': 0, 'msg': "添加目标服务器成功", 'count': 1}
elif action == "del_servers":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = strIp_to_listIp(data.servers)
hosts = [x for x in hosts if x != value]
if hosts:
servers = "\n".join(hosts)
else:
servers = ""
data.servers = servers
data.save()
res = {'code': 0, 'msg': "删除目标服务器成功", 'count': 1}
elif action == "get_exception":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = data.exception
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
server_List.append({"host": i})
res = {
'code': 0,
'msg': "特权IP查看",
'count': len(servers),
'data': server_List
}
elif action == "add_exception":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
hosts = []
if data.exception: hosts = strIp_to_listIp(data.exception)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
exception = "\n".join(hosts)
data.exception = exception
data.save()
res = {'code': 0, 'msg': "添加特权IP成功", 'count': 1}
elif action == "del_exception":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = strIp_to_listIp(data.exception)
hosts = [x for x in hosts if x != value]
if hosts:
exception = "\n".join(hosts)
else:
exception = ""
data.exception = exception
data.save()
res = {'code': 0, 'msg': "删除特权IP成功", 'count': 1}
elif action == "get_global":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = data.globalip
server_List = []
servers = []
if hosts:
servers = strIp_to_listIp(hosts)
for i in servers:
server_List.append({"host": i})
res = {
'code': 0,
'msg': "默认IP查看",
'count': len(servers),
'data': server_List
}
elif action == "add_global":
if not isValidIp(value):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
hosts = []
if data.globalip: hosts = strIp_to_listIp(data.globalip)
if value in hosts:
return JsonResponse({'code': 1, 'msg': "此IP已存在", 'count': 1})
hosts.append(value)
globalip = "\n".join(hosts)
data.globalip = globalip
data.save()
res = {'code': 0, 'msg': "添加全局默认IP成功", 'count': 1}
elif action == "del_global":
data = dsACL_TopProject.objects.get(pk=tid)
hosts = strIp_to_listIp(data.globalip)
hosts = [x for x in hosts if x != value]
if hosts:
globalip = "\n".join(hosts)
else:
globalip = ""
data.globalip = globalip
data.save()
res = {'code': 0, 'msg': "删除默认IP成功", 'count': 1}
elif action == "edit_global":
value = value.split('@')
before_host = value[0]
after_host = value[1]
if not isValidIp(after_host):
return JsonResponse({'code': 1, 'msg': "IP格式错误", 'count': 1})
data = dsACL_TopProject.objects.get(pk=tid)
globalip = "\n".join([
after_host if x == before_host else x
for x in strIp_to_listIp(data.globalip)
])
data.globalip = globalip
data.save()
res = {'code': 0, 'msg': "修改成功", 'count': 1}
return JsonResponse(res)
def nginx_acl_adds(request):
if request.method == 'POST':
host = request.POST.get('host')
host_list = strIp_to_listIp(host)
for ip in host_list:
if not isValidIp(ip):
return JsonResponse({'code': 1, 'msg': 'IP格式错误!', 'count': 0})
tids = request.POST.get('topproject').split("_")
name = request.POST.get('project')
deltask = request.POST.get('delTask')
delDateTime = request.POST.get('delDateTime')
delDateTime = beijing2utc(delDateTime)
remark = request.POST.get('remark')
for tid in tids:
top_obj = dsACL_TopProject.objects.get(pk=tid)
sub_obj = dsACL_SubProject.objects.filter(
parentPro=top_obj).filter(name=name)[0]
# 判断添加限制,特权IP
limit = top_obj.limit
exception = top_obj.exception
if limit != 0:
subps = dsACL_SubProject.objects.filter(parentPro=top_obj)
for ip in host_list:
ipNum = 0
for subpro in subps:
ipNum += dsACL_ngx.objects.filter(project=subpro,
host=ip).count()
if ipNum >= limit and ip not in exception:
return JsonResponse({
'code':
1,
'msg':
'IP: %s 添加次数大于 %s' % (ip, limit),
'count':
0
})
if not deltask:
deltask = False
delDateTime = None
else:
deltask = True
for ipaddr in host_list:
if dsACL_ngx.objects.filter(project=sub_obj, host=ipaddr):
continue
data = dsACL_ngx(host=ipaddr,
zone=get_ip_zone(ipaddr),
project=sub_obj,
user=request.user,
remark=remark,
delTask=deltask,
delDateTime=delDateTime)
data.save()
if deltask:
schedule, _ = ClockedSchedule.objects.get_or_create(
clocked_time=data.delDateTime)
PeriodicTask.objects.create(
name="acl_delIp_%s" % data.host,
task="Allow_list.tasks.nginx_acl_del",
clocked=schedule,
args=json.dumps([data.id]),
one_off=True,
enabled=True)
# 调用异步任务同步文件
nginx_acl_scp.delay(sub_obj.id)
return JsonResponse({'code': 0, 'msg': 'IP添加完成'})
return render(request, 'allow_list/nginx_acl_adds.html', locals())
def acceleration_api(request):
"""api参数
id: 字段id
value: 值
action: change_status 修改字段online
action: change_name 修改字段name
action: change_group 修改字段platfrom
action: change_date 修改字段stop_date
action: change_remark 修改字段remark
action: init 初始化 id为list
action: zabbix 监控 id为list
action: sync 同步 id为list
返回
code: 0成功1失败
rid: 字段id
msg: 信息
data: 数据
count: 数据统计
"""
action = request.GET.get('action')
field_id = request.GET.get('id')
value = request.GET.get('value')
result = {"code": 1, "rid": field_id, "msg": "Error"}
if action == "change_status":
data = accelerated_server_manager.objects.get(pk=field_id)
if value == "True":
value = True
else:
value = False
data.online = value
data.save()
jiasu_conf_rsync() #本地同步配置文件
result = {"code": 0, "rid": field_id, "msg": "状态变更成功"}
elif action == "change_group":
data = accelerated_server_manager.objects.get(pk=field_id)
data.platfrom = value
data.save()
result = {"code": 0, "rid": field_id, "msg": "属组变更成功"}
elif action == "change_name":
data = accelerated_server_manager.objects.get(pk=field_id)
data.name = value
data.save()
result = {"code": 0, "rid": field_id, "msg": "名称已变更为:%s" % value}
elif action == "change_date":
try:
data = accelerated_server_manager.objects.get(pk=field_id)
data.stop_date = value
data.save()
result = {"code": 0, "rid": field_id, "msg": "到期时间已变更为:%s" % value}
except:
result["msg"] = "时间格式错误,请遵循: YYYY-MM-DD 格式"
elif action == "change_remark":
data = accelerated_server_manager.objects.get(pk=field_id)
data.remark = value
data.save()
result = {"code": 0, "rid": field_id, "msg": "备注已变更"}
elif action == "change_master":
if not isValidIp(value):
result["msg"] = "IP格式错误"
return JsonResponse(result)
if accelerated_server_manager.objects.filter(host_master=value):
result["msg"] = "IP地址已存在"
return JsonResponse(result)
data = accelerated_server_manager.objects.get(pk=field_id)
data.host_master = value
data.save()
jiasu_conf_rsync() #本地同步配置文件
result = {"code": 0, "rid": field_id, "msg": "地址一变更为:%s" % value}
elif action == "change_slave":
if not isValidIp(value):
result["msg"] = "IP格式错误"
return JsonResponse(result)
data = accelerated_server_manager.objects.get(pk=field_id)
data.host_slave = value
data.save()
result = {"code": 0, "rid": field_id, "msg": "地址二变更为:%s" % value}
elif action == "init":
ids = eval(field_id)
if ids:
for i in ids:
data = accelerated_server_manager.objects.get(pk=i)
try:
host = Server.objects.get(ssh_host=data.host_master)
jiasu_init_task.delay(host.ssh_host, host.ssh_port,
host.ssh_user, host.ssh_password)
result = {
"code": 1,
"rid": ids,
"msg": "%s 初始化完成!" % data.host_master
}
except:
result = {
"code": 1,
"rid": ids,
"msg": "%s 没有在CMDB中发现,停止初始化!" % data.host_master
}
elif action == "zabbix":
ids = eval(field_id)
if ids:
zbx = zabbixtools(settings.ZABBIX_URL, "zbxuser", "zbxpass")
if zbx.authID == 0:
return JsonResponse({
"code": 1,
"rid": ids,
"msg": "zabbix认证失败!"
})
for i in ids:
data = accelerated_server_manager.objects.get(pk=i)
zbx.jiasu_host_create(
data.host_master,
"%s-加速-%s" % (data.name, data.host_master))
zbx.jiasu_host_create(
data.host_slave, "%s-加速-%s" % (data.name, data.host_slave))
result = {"code": 0, "rid": ids, "msg": "IP已加入zabbix监控列表"}
elif action == "sync":
ids = eval(field_id)
if ids:
for i in ids:
data = accelerated_server_manager.objects.get(pk=i)
data.online = True
data.save()
jiasu_conf_rsync() #本地同步配置文件
result = {"code": 0, "rid": ids, "msg": "IP已加入同步列表"}
else:
pass
return JsonResponse(result)
def dnsname_add_records(request, id):
"""给域名多条记录"""
obj = dnsmanage_name.objects.get(pk=id)
user_obj = obj.user
error_msgs = []
success_msgs = []
domain_type = ['A', 'CNAME', 'MX', 'NS']
if request.method == 'POST':
getrecords = request.POST.get('records', '')
if not getrecords:
error_msgs.append("你没有填写任何数据!")
return render(request, 'business/dnsname_record_add.html',
locals())
records = getrecords.split('\r\n')
records_list = []
if len(records) == 1 and len(records[0].split()) < 3:
error_msgs.append("缺少关键数据!")
return render(request, 'business/dnsname_record_add.html',
locals())
for i in records:
if i.split()[1] == "A":
if not isValidIp(i.split()[2]):
error_msgs.append("IP格式错误:%s" % i.split()[2])
if i.split()[1] not in domain_type:
error_msgs.append("记录类型只能是:A、CNAME、MX、NS,不支持:%s" %
i.split()[1])
records_list.append({
"subdomain": i.split()[0],
"type": i.split()[1],
"value": i.split()[2]
})
if len(error_msgs) > 0:
return render(request, 'business/dnsname_record_add.html',
locals())
status = True
if user_obj.platform_name == "CLOUDXNS":
api_key = user_obj.keyone
secret_key = user_obj.keytwo
dns = Api(api_key=api_key, secret_key=secret_key)
for i in records_list:
result = json.loads(
dns.record_add(obj.name_id, i["subdomain"], i["value"],
i["type"], 55, 600, 1)) #cloudxns添加记录
print result
if result["code"] == 1:
record_id = result["record_id"]
result = {
'retu': "OK",
'info':
"%s --> %s 添加成功!" % (i["subdomain"], i["value"])
}
success_msgs.append(result)
update_record_to_db(record_id[0], i["subdomain"], obj,
i["type"], i["value"], 600,
status) #数据库保存
else:
error_msgs.append(
"%s --> %s 添加失败!原因:%s" %
(i["subdomain"], i["value"], result["message"]))
else:
user_token = user_obj.keyone + "," + user_obj.keytwo
dns = DNSPod(user_obj.user, user_obj.passwd,
user_obj.platform_name, user_token)
for i in records_list:
res = dns.pod_record_add(str(obj.name_id),
i["subdomain"],
i["type"],
i["value"],
ttl='600') #在dnspod上添加记录
print res
if res["status"]["code"] == "1":
if res.has_key('record'):
record_id = res["record"]["id"]
update_record_to_db(record_id, i["subdomain"], obj,
i["type"], i["value"], 600,
status) #数据库保存
result = {
'retu':
"OK",
'info':
"%s --> %s 添加成功!" % (i["subdomain"], i["value"])
}
success_msgs.append(result)
else:
error_msgs.append(
"%s --> %s 添加失败!原因:%s" %
(i["subdomain"], i["value"], res["status"]["message"]))
return render(request, 'business/dnsname_record_add.html', locals())
